luxolus
/
open-vault
2
0
Fork 0
Code Issues 1 Pull Requests Releases Activity

OSS parts of ent PR #1857: license autoloading init changes. (#11623)

This commit is contained in:
Nick Cabatoff 2021-05-17 14:10:26 -04:00 committed by GitHub
parent d02a20bd2b
commit e212ec5d8e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 33 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
command/server_test.go
View File

@ -1,4 +1,4 @@
// +build !race,!hsm // +build !race,!hsm,!enterprise
// NOTE: we can't use this with HSM. We can't set testing mode on and it's not // NOTE: we can't use this with HSM. We can't set testing mode on and it's not
// safe to use env vars since that provides an attack vector in the real world. // safe to use env vars since that provides an attack vector in the real world.

10
vault/core.go
View File

@ -120,6 +120,7 @@ var (
LastRemoteWAL = lastRemoteWALImpl LastRemoteWAL = lastRemoteWALImpl
LastRemoteUpstreamWAL = lastRemoteUpstreamWALImpl LastRemoteUpstreamWAL = lastRemoteUpstreamWALImpl
WaitUntilWALShipped = waitUntilWALShippedImpl WaitUntilWALShipped = waitUntilWALShippedImpl
storedLicenseCheck = storedLicenseCheckImpl
) )
// NonFatalError is an error that can be returned during NewCore that should be // NonFatalError is an error that can be returned during NewCore that should be
@ -651,8 +652,6 @@ type CoreConfig struct {
License string License string
LicensePath string LicensePath string
LicensingConfig *LicensingConfig LicensingConfig *LicensingConfig
// Don't set this unless in dev mode, ideally only when using inmem
DevLicenseDuration time.Duration
DisablePerformanceStandby bool DisablePerformanceStandby bool
DisableIndexing bool DisableIndexing bool
@ -923,6 +922,9 @@ func NewCore(conf *CoreConfig) (*Core, error) {
return nil, fmt.Errorf("barrier setup failed: %w", err) return nil, fmt.Errorf("barrier setup failed: %w", err)
} }
if err := storedLicenseCheck(c, conf); err != nil {
return nil, err
}
// We create the funcs here, then populate the given config with it so that // We create the funcs here, then populate the given config with it so that
// the caller can share state // the caller can share state
conf.ReloadFuncsLock = &c.reloadFuncsLock conf.ReloadFuncsLock = &c.reloadFuncsLock
@ -2862,3 +2864,7 @@ func ParseRequiredState(raw string, hmacKey []byte) (*logical.WALState, error) {
ReplicatedIndex: replicatedIndex, ReplicatedIndex: replicatedIndex,
}, nil }, nil
} }
func storedLicenseCheckImpl(c *Core, conf *CoreConfig) error {
return nil
}

35
vault/testing.go
View File

@ -783,10 +783,10 @@ type TestCluster struct {
CleanupFunc func() CleanupFunc func()
SetupFunc func() SetupFunc func()
cleanupFuncs []func() cleanupFuncs []func()
base *CoreConfig base *CoreConfig
pubKey interface{} LicensePublicKey ed25519.PublicKey
priKey interface{} LicensePrivateKey ed25519.PrivateKey
} }
func (c *TestCluster) Start() { func (c *TestCluster) Start() {
@ -1093,6 +1093,8 @@ type TestClusterOptions struct {
CoreMetricSinkProvider func(clusterName string) (*metricsutil.ClusterMetricSink, *metricsutil.MetricsHelper) CoreMetricSinkProvider func(clusterName string) (*metricsutil.ClusterMetricSink, *metricsutil.MetricsHelper)
PhysicalFactoryConfig map[string]interface{} PhysicalFactoryConfig map[string]interface{}
LicensePublicKey ed25519.PublicKey
LicensePrivateKey ed25519.PrivateKey
} }
var DefaultNumCores = 3 var DefaultNumCores = 3
@ -1450,7 +1452,6 @@ func NewTestCluster(t testing.T, base *CoreConfig, opts *TestClusterOptions) *Te
coreConfig.DevToken = base.DevToken coreConfig.DevToken = base.DevToken
coreConfig.EnableRaw = base.EnableRaw coreConfig.EnableRaw = base.EnableRaw
coreConfig.DisableSealWrap = base.DisableSealWrap coreConfig.DisableSealWrap = base.DisableSealWrap
coreConfig.DevLicenseDuration = base.DevLicenseDuration
coreConfig.DisableCache = base.DisableCache coreConfig.DisableCache = base.DisableCache
coreConfig.LicensingConfig = base.LicensingConfig coreConfig.LicensingConfig = base.LicensingConfig
coreConfig.DisablePerformanceStandby = base.DisablePerformanceStandby coreConfig.DisablePerformanceStandby = base.DisablePerformanceStandby
@ -1557,12 +1558,14 @@ func NewTestCluster(t testing.T, base *CoreConfig, opts *TestClusterOptions) *Te
coreConfig.HAPhysical = haPhys.(physical.HABackend) coreConfig.HAPhysical = haPhys.(physical.HABackend)
} }
pubKey, priKey, err := testGenerateCoreKeys() if testCluster.LicensePublicKey == nil {
if err != nil { pubKey, priKey, err := testGenerateCoreKeys()
t.Fatalf("err: %v", err) if err != nil {
t.Fatalf("err: %v", err)
}
testCluster.LicensePublicKey = pubKey
testCluster.LicensePrivateKey = priKey
} }
testCluster.pubKey = pubKey
testCluster.priKey = priKey
if opts != nil && opts.InmemClusterLayers { if opts != nil && opts.InmemClusterLayers {
if opts.ClusterLayers != nil { if opts.ClusterLayers != nil {
@ -1581,7 +1584,7 @@ func NewTestCluster(t testing.T, base *CoreConfig, opts *TestClusterOptions) *Te
coreConfigs := []*CoreConfig{} coreConfigs := []*CoreConfig{}
for i := 0; i < numCores; i++ { for i := 0; i < numCores; i++ {
cleanup, c, localConfig, handler := testCluster.newCore(t, i, coreConfig, opts, listeners[i], pubKey) cleanup, c, localConfig, handler := testCluster.newCore(t, i, coreConfig, opts, listeners[i], testCluster.LicensePublicKey)
testCluster.cleanupFuncs = append(testCluster.cleanupFuncs, cleanup) testCluster.cleanupFuncs = append(testCluster.cleanupFuncs, cleanup)
cores = append(cores, c) cores = append(cores, c)
@ -1644,7 +1647,7 @@ func NewTestCluster(t testing.T, base *CoreConfig, opts *TestClusterOptions) *Te
// Extra Setup // Extra Setup
for _, tcc := range testCluster.Cores { for _, tcc := range testCluster.Cores {
testExtraTestCoreSetup(t, priKey, tcc) testExtraTestCoreSetup(t, testCluster.LicensePrivateKey, tcc)
} }
// Cleanup // Cleanup
@ -1722,7 +1725,7 @@ func (cluster *TestCluster) StartCore(t testing.T, idx int, opts *TestClusterOpt
} }
// Create a new Core // Create a new Core
cleanup, newCore, localConfig, coreHandler := cluster.newCore(t, idx, tcc.CoreConfig, opts, tcc.Listeners, cluster.pubKey) cleanup, newCore, localConfig, coreHandler := cluster.newCore(t, idx, tcc.CoreConfig, opts, tcc.Listeners, cluster.LicensePublicKey)
if coreHandler != nil { if coreHandler != nil {
tcc.Handler = coreHandler tcc.Handler = coreHandler
tcc.Server.Handler = coreHandler tcc.Server.Handler = coreHandler
@ -1740,7 +1743,7 @@ func (cluster *TestCluster) StartCore(t testing.T, idx int, opts *TestClusterOpt
tcc.Client = cluster.getAPIClient(t, opts, tcc.Listeners[0].Address.Port, tcc.TLSConfig) tcc.Client = cluster.getAPIClient(t, opts, tcc.Listeners[0].Address.Port, tcc.TLSConfig)
testAdjustUnderlyingStorage(tcc) testAdjustUnderlyingStorage(tcc)
testExtraTestCoreSetup(t, cluster.priKey, tcc) testExtraTestCoreSetup(t, cluster.LicensePrivateKey, tcc)
// Start listeners // Start listeners
for _, ln := range tcc.Listeners { for _, ln := range tcc.Listeners {
@ -1751,7 +1754,7 @@ func (cluster *TestCluster) StartCore(t testing.T, idx int, opts *TestClusterOpt
tcc.Logger().Info("restarted test core", "core", idx) tcc.Logger().Info("restarted test core", "core", idx)
} }
func (testCluster *TestCluster) newCore(t testing.T, idx int, coreConfig *CoreConfig, opts *TestClusterOptions, listeners []*TestListener, pubKey interface{}) (func(), *Core, CoreConfig, http.Handler) { func (testCluster *TestCluster) newCore(t testing.T, idx int, coreConfig *CoreConfig, opts *TestClusterOptions, listeners []*TestListener, pubKey ed25519.PublicKey) (func(), *Core, CoreConfig, http.Handler) {
localConfig := *coreConfig localConfig := *coreConfig
cleanupFunc := func() {} cleanupFunc := func() {}
var handler http.Handler var handler http.Handler
@ -1818,7 +1821,7 @@ func (testCluster *TestCluster) newCore(t testing.T, idx int, coreConfig *CoreCo
switch { switch {
case localConfig.LicensingConfig != nil: case localConfig.LicensingConfig != nil:
if pubKey != nil { if pubKey != nil {
localConfig.LicensingConfig.AdditionalPublicKeys = append(localConfig.LicensingConfig.AdditionalPublicKeys, pubKey.(ed25519.PublicKey)) localConfig.LicensingConfig.AdditionalPublicKeys = append(localConfig.LicensingConfig.AdditionalPublicKeys, pubKey)
} }
default: default:
localConfig.LicensingConfig = testGetLicensingConfig(pubKey) localConfig.LicensingConfig = testGetLicensingConfig(pubKey)

8
vault/testing_util.go
View File

@ -3,12 +3,14 @@
package vault package vault
import ( import (
"crypto/ed25519"
testing "github.com/mitchellh/go-testing-interface" testing "github.com/mitchellh/go-testing-interface"
) )
func testGenerateCoreKeys() (interface{}, interface{}, error) { return nil, nil, nil } func testGenerateCoreKeys() (ed25519.PublicKey, ed25519.PrivateKey, error) { return nil, nil, nil }
func testGetLicensingConfig(interface{}) *LicensingConfig { return &LicensingConfig{} } func testGetLicensingConfig(key ed25519.PublicKey) *LicensingConfig { return &LicensingConfig{} }
func testExtraTestCoreSetup(testing.T, interface{}, *TestClusterCore) {} func testExtraTestCoreSetup(testing.T, ed25519.PrivateKey, *TestClusterCore) {}
func testAdjustUnderlyingStorage(tcc *TestClusterCore) { func testAdjustUnderlyingStorage(tcc *TestClusterCore) {
tcc.UnderlyingStorage = tcc.physical tcc.UnderlyingStorage = tcc.physical
} }