From e212ec5d8e76695c85dbb45f68580984aecd5136 Mon Sep 17 00:00:00 2001 From: Nick Cabatoff Date: Mon, 17 May 2021 14:10:26 -0400 Subject: [PATCH] OSS parts of ent PR #1857: license autoloading init changes. (#11623) --- command/server_test.go | 2 +- vault/core.go | 10 ++++++++-- vault/testing.go | 35 +++++++++++++++++++---------------- vault/testing_util.go | 8 +++++--- 4 files changed, 33 insertions(+), 22 deletions(-) diff --git a/command/server_test.go b/command/server_test.go index 8d6683105..ba0f1d5f2 100644 --- a/command/server_test.go +++ b/command/server_test.go @@ -1,4 +1,4 @@ -// +build !race,!hsm +// +build !race,!hsm,!enterprise // NOTE: we can't use this with HSM. We can't set testing mode on and it's not // safe to use env vars since that provides an attack vector in the real world. diff --git a/vault/core.go b/vault/core.go index 770f0f8c3..8e0512d24 100644 --- a/vault/core.go +++ b/vault/core.go @@ -120,6 +120,7 @@ var ( LastRemoteWAL = lastRemoteWALImpl LastRemoteUpstreamWAL = lastRemoteUpstreamWALImpl WaitUntilWALShipped = waitUntilWALShippedImpl + storedLicenseCheck = storedLicenseCheckImpl ) // NonFatalError is an error that can be returned during NewCore that should be @@ -651,8 +652,6 @@ type CoreConfig struct { License string LicensePath string LicensingConfig *LicensingConfig - // Don't set this unless in dev mode, ideally only when using inmem - DevLicenseDuration time.Duration DisablePerformanceStandby bool DisableIndexing bool @@ -923,6 +922,9 @@ func NewCore(conf *CoreConfig) (*Core, error) { return nil, fmt.Errorf("barrier setup failed: %w", err) } + if err := storedLicenseCheck(c, conf); err != nil { + return nil, err + } // We create the funcs here, then populate the given config with it so that // the caller can share state conf.ReloadFuncsLock = &c.reloadFuncsLock @@ -2862,3 +2864,7 @@ func ParseRequiredState(raw string, hmacKey []byte) (*logical.WALState, error) { ReplicatedIndex: replicatedIndex, }, nil } + +func storedLicenseCheckImpl(c *Core, conf *CoreConfig) error { + return nil +} diff --git a/vault/testing.go b/vault/testing.go index f9f0b21bd..855cb5906 100644 --- a/vault/testing.go +++ b/vault/testing.go @@ -783,10 +783,10 @@ type TestCluster struct { CleanupFunc func() SetupFunc func() - cleanupFuncs []func() - base *CoreConfig - pubKey interface{} - priKey interface{} + cleanupFuncs []func() + base *CoreConfig + LicensePublicKey ed25519.PublicKey + LicensePrivateKey ed25519.PrivateKey } func (c *TestCluster) Start() { @@ -1093,6 +1093,8 @@ type TestClusterOptions struct { CoreMetricSinkProvider func(clusterName string) (*metricsutil.ClusterMetricSink, *metricsutil.MetricsHelper) PhysicalFactoryConfig map[string]interface{} + LicensePublicKey ed25519.PublicKey + LicensePrivateKey ed25519.PrivateKey } var DefaultNumCores = 3 @@ -1450,7 +1452,6 @@ func NewTestCluster(t testing.T, base *CoreConfig, opts *TestClusterOptions) *Te coreConfig.DevToken = base.DevToken coreConfig.EnableRaw = base.EnableRaw coreConfig.DisableSealWrap = base.DisableSealWrap - coreConfig.DevLicenseDuration = base.DevLicenseDuration coreConfig.DisableCache = base.DisableCache coreConfig.LicensingConfig = base.LicensingConfig coreConfig.DisablePerformanceStandby = base.DisablePerformanceStandby @@ -1557,12 +1558,14 @@ func NewTestCluster(t testing.T, base *CoreConfig, opts *TestClusterOptions) *Te coreConfig.HAPhysical = haPhys.(physical.HABackend) } - pubKey, priKey, err := testGenerateCoreKeys() - if err != nil { - t.Fatalf("err: %v", err) + if testCluster.LicensePublicKey == nil { + pubKey, priKey, err := testGenerateCoreKeys() + if err != nil { + t.Fatalf("err: %v", err) + } + testCluster.LicensePublicKey = pubKey + testCluster.LicensePrivateKey = priKey } - testCluster.pubKey = pubKey - testCluster.priKey = priKey if opts != nil && opts.InmemClusterLayers { if opts.ClusterLayers != nil { @@ -1581,7 +1584,7 @@ func NewTestCluster(t testing.T, base *CoreConfig, opts *TestClusterOptions) *Te coreConfigs := []*CoreConfig{} for i := 0; i < numCores; i++ { - cleanup, c, localConfig, handler := testCluster.newCore(t, i, coreConfig, opts, listeners[i], pubKey) + cleanup, c, localConfig, handler := testCluster.newCore(t, i, coreConfig, opts, listeners[i], testCluster.LicensePublicKey) testCluster.cleanupFuncs = append(testCluster.cleanupFuncs, cleanup) cores = append(cores, c) @@ -1644,7 +1647,7 @@ func NewTestCluster(t testing.T, base *CoreConfig, opts *TestClusterOptions) *Te // Extra Setup for _, tcc := range testCluster.Cores { - testExtraTestCoreSetup(t, priKey, tcc) + testExtraTestCoreSetup(t, testCluster.LicensePrivateKey, tcc) } // Cleanup @@ -1722,7 +1725,7 @@ func (cluster *TestCluster) StartCore(t testing.T, idx int, opts *TestClusterOpt } // Create a new Core - cleanup, newCore, localConfig, coreHandler := cluster.newCore(t, idx, tcc.CoreConfig, opts, tcc.Listeners, cluster.pubKey) + cleanup, newCore, localConfig, coreHandler := cluster.newCore(t, idx, tcc.CoreConfig, opts, tcc.Listeners, cluster.LicensePublicKey) if coreHandler != nil { tcc.Handler = coreHandler tcc.Server.Handler = coreHandler @@ -1740,7 +1743,7 @@ func (cluster *TestCluster) StartCore(t testing.T, idx int, opts *TestClusterOpt tcc.Client = cluster.getAPIClient(t, opts, tcc.Listeners[0].Address.Port, tcc.TLSConfig) testAdjustUnderlyingStorage(tcc) - testExtraTestCoreSetup(t, cluster.priKey, tcc) + testExtraTestCoreSetup(t, cluster.LicensePrivateKey, tcc) // Start listeners for _, ln := range tcc.Listeners { @@ -1751,7 +1754,7 @@ func (cluster *TestCluster) StartCore(t testing.T, idx int, opts *TestClusterOpt tcc.Logger().Info("restarted test core", "core", idx) } -func (testCluster *TestCluster) newCore(t testing.T, idx int, coreConfig *CoreConfig, opts *TestClusterOptions, listeners []*TestListener, pubKey interface{}) (func(), *Core, CoreConfig, http.Handler) { +func (testCluster *TestCluster) newCore(t testing.T, idx int, coreConfig *CoreConfig, opts *TestClusterOptions, listeners []*TestListener, pubKey ed25519.PublicKey) (func(), *Core, CoreConfig, http.Handler) { localConfig := *coreConfig cleanupFunc := func() {} var handler http.Handler @@ -1818,7 +1821,7 @@ func (testCluster *TestCluster) newCore(t testing.T, idx int, coreConfig *CoreCo switch { case localConfig.LicensingConfig != nil: if pubKey != nil { - localConfig.LicensingConfig.AdditionalPublicKeys = append(localConfig.LicensingConfig.AdditionalPublicKeys, pubKey.(ed25519.PublicKey)) + localConfig.LicensingConfig.AdditionalPublicKeys = append(localConfig.LicensingConfig.AdditionalPublicKeys, pubKey) } default: localConfig.LicensingConfig = testGetLicensingConfig(pubKey) diff --git a/vault/testing_util.go b/vault/testing_util.go index 61584d7e0..99eb631f4 100644 --- a/vault/testing_util.go +++ b/vault/testing_util.go @@ -3,12 +3,14 @@ package vault import ( + "crypto/ed25519" + testing "github.com/mitchellh/go-testing-interface" ) -func testGenerateCoreKeys() (interface{}, interface{}, error) { return nil, nil, nil } -func testGetLicensingConfig(interface{}) *LicensingConfig { return &LicensingConfig{} } -func testExtraTestCoreSetup(testing.T, interface{}, *TestClusterCore) {} +func testGenerateCoreKeys() (ed25519.PublicKey, ed25519.PrivateKey, error) { return nil, nil, nil } +func testGetLicensingConfig(key ed25519.PublicKey) *LicensingConfig { return &LicensingConfig{} } +func testExtraTestCoreSetup(testing.T, ed25519.PrivateKey, *TestClusterCore) {} func testAdjustUnderlyingStorage(tcc *TestClusterCore) { tcc.UnderlyingStorage = tcc.physical }