OSS parts of sys/config/reload/license (#11695)

2021-06-03 10:30:30 -07:00 · 2021-06-03 10:30:30 -07:00 · c6c0424a8e
parent 9db384e0f7
commit c6c0424a8e
7 changed files with 77 additions and 5 deletions
--- a/vault/logical_system.go
+++ b/vault/logical_system.go
@ -228,6 +228,18 @@ func (b *SystemBackend) handleConfigStateSanitized(ctx context.Context, req *log
 	return resp, nil
 }

+// handleConfigReload handles reloading specific pieces of the configuration.
+func (b *SystemBackend) handleConfigReload(ctx context.Context, req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
+	subsystem := data.Get("subsystem").(string)
+
+	switch subsystem {
+	case "license":
+		return handleLicenseReload(b)(ctx, req, data)
+	}
+
+	return nil, logical.ErrUnsupportedPath
+}
+
 // handleCORSRead returns the current CORS configuration
 func (b *SystemBackend) handleCORSRead(ctx context.Context, req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
 	corsConf := b.Core.corsConfig
--- a/vault/logical_system_helpers.go
+++ b/vault/logical_system_helpers.go
@ -78,7 +78,11 @@ var (
 	handleSetupPluginReload = func(*Core) error {
 		return nil
 	}
-
+	handleLicenseReload = func(b *SystemBackend) framework.OperationFunc {
+		return func(ctx context.Context, req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
+			return nil, nil
+		}
+	}
 	checkRaw = func(b *SystemBackend, path string) error { return nil }
 )

--- a/vault/logical_system_paths.go
+++ b/vault/logical_system_paths.go
@ -59,6 +59,23 @@ func (b *SystemBackend) configPaths() []*framework.Path {
 			},
 		},

+		{
+			Pattern: "config/reload/(?P<subsystem>.+)",
+			Fields: map[string]*framework.FieldSchema{
+				"subsystem": {
+					Type:        framework.TypeString,
+					Description: strings.TrimSpace(sysHelp["config/reload"][0]),
+				},
+			},
+			Operations: map[logical.Operation]framework.OperationHandler{
+				logical.UpdateOperation: &framework.PathOperation{
+					Callback:    b.handleConfigReload,
+					Summary:     "Reload the given subsystem",
+					Description: "",
+				},
+			},
+		},
+
 		{
 			Pattern: "config/ui/headers/" + framework.GenericNameRegex("header"),

--- a/vault/testing.go
+++ b/vault/testing.go
@ -1461,6 +1461,8 @@ func NewTestCluster(t testing.T, base *CoreConfig, opts *TestClusterOptions) *Te
 		coreConfig.DisableSealWrap = base.DisableSealWrap
 		coreConfig.DisableCache = base.DisableCache
 		coreConfig.LicensingConfig = base.LicensingConfig
+		coreConfig.License = base.License
+		coreConfig.LicensePath = base.LicensePath
 		coreConfig.DisablePerformanceStandby = base.DisablePerformanceStandby
 		coreConfig.MetricsHelper = base.MetricsHelper
 		coreConfig.MetricSink = base.MetricSink
@ -1566,7 +1568,7 @@ func NewTestCluster(t testing.T, base *CoreConfig, opts *TestClusterOptions) *Te
 	}

 	if testCluster.LicensePublicKey == nil {
-		pubKey, priKey, err := testGenerateCoreKeys()
+		pubKey, priKey, err := GenerateTestLicenseKeys()
 		if err != nil {
 			t.Fatalf("err: %v", err)
 		}
--- a/vault/testing_util.go
+++ b/vault/testing_util.go
@ -8,9 +8,9 @@ import (
 	testing "github.com/mitchellh/go-testing-interface"
 )

-func testGenerateCoreKeys() (ed25519.PublicKey, ed25519.PrivateKey, error)   { return nil, nil, nil }
-func testGetLicensingConfig(key ed25519.PublicKey) *LicensingConfig          { return &LicensingConfig{} }
-func testExtraTestCoreSetup(testing.T, ed25519.PrivateKey, *TestClusterCore) {}
+func GenerateTestLicenseKeys() (ed25519.PublicKey, ed25519.PrivateKey, error) { return nil, nil, nil }
+func testGetLicensingConfig(key ed25519.PublicKey) *LicensingConfig           { return &LicensingConfig{} }
+func testExtraTestCoreSetup(testing.T, ed25519.PrivateKey, *TestClusterCore)  {}
 func testAdjustUnderlyingStorage(tcc *TestClusterCore) {
 	tcc.UnderlyingStorage = tcc.physical
 }
--- a/website/content/api-docs/system/config-reload.mdx
+++ b/website/content/api-docs/system/config-reload.mdx
@ -0,0 +1,33 @@
+---
+layout: api
+page_title: /sys/config/reload - HTTP API
+description: The '/sys/config/reload' endpoint is used to reload specific parts of Vault's configuration.
+---
+
+# `/sys/config/reload`
+
+The `sys/config/reload` endpoint allows reloading specific parts of Vault's configuration.
+Currently, it only supports reloading license information from files on disk.
+
+| Method | Path                          |
+| :----- | :---------------------------- |
+| `PUT`  | `/sys/config/reload/:subsystem` |
+
+### Parameters
+
+- `subsystem` `(string: <required>)` - Specifies the subsystem for Vault to reload. This is part of the request URL.
+
+## Reload License File
+
+When the `:subsystem` URL parameter is specified as `license`, Vault re-reads the license file pointed to by the `license_path` configuration option and applies the license
+to Vault. Vault may enable or disable various features when this happens, depending on if the features of the given
+license have changed from the license Vault is currently using.
+
+### Sample Request
+
+```shell-session
+$ curl \
+  -X PUT \
+  --header "X-Vault-Token: ..." \
+    'http://127.0.0.1:8200/v1/sys/config/reload/license'
+```
--- a/website/data/api-docs-nav-data.json
+++ b/website/data/api-docs-nav-data.json
@ -356,6 +356,10 @@
        "title": "<code>/sys/config/cors</code>",
        "path": "system/config-cors"
      },
+      {
+        "title": "<code>/sys/config/reload</code>",
+        "path": "system/config-reload"
+      },
      {
        "title": "<code>/sys/config/state</code>",
        "path": "system/config-state"