luxolus/open-vault
2
0
Fork 0
Code Issues 1 Pull requests Releases Activity
open-vault/vault/external_tests/misc/kvv2_upgrade_test.go
Vishal Nayak 0d077d7945
Recovery Mode (#7559) 
* Initial work

* rework

* s/dr/recovery

* Add sys/raw support to recovery mode (#7577)

* Factor the raw paths out so they can be run with a SystemBackend.

# Conflicts:
#	vault/logical_system.go

* Add handleLogicalRecovery which is like handleLogical but is only
sufficient for use with the sys-raw endpoint in recovery mode.  No
authentication is done yet.

* Integrate with recovery-mode.  We now handle unauthenticated sys/raw
requests, albeit on path v1/raw instead v1/sys/raw.

* Use sys/raw instead raw during recovery.

* Don't bother persisting the recovery token.  Authenticate sys/raw
requests with it.

* RecoveryMode: Support generate-root for autounseals (#7591)

* Recovery: Abstract config creation and log settings

* Recovery mode integration test. (#7600)

* Recovery: Touch up (#7607)

* Recovery: Touch up

* revert the raw backend creation changes

* Added recovery operation token prefix

* Move RawBackend to its own file

* Update API path and hit it using CLI flag on generate-root

* Fix a panic triggered when handling a request that yields a nil response. (#7618)

* Improve integ test to actually make changes while in recovery mode and
verify they're still there after coming back in regular mode.

* Refuse to allow a second recovery token to be generated.

* Resize raft cluster to size 1 and start as leader (#7626)

* RecoveryMode: Setup raft cluster post unseal (#7635)

* Setup raft cluster post unseal in recovery mode

* Remove marking as unsealed as its not needed

* Address review comments

* Accept only one seal config in recovery mode as there is no scope for migration
2019-10-15 00:55:31 -04:00

105 lines
2.5 KiB
Go
Raw Blame History

package misc
import (
"bytes"
"context"
"strings"
"sync"
"testing"
"time"
"github.com/hashicorp/go-hclog"
logicalKv "github.com/hashicorp/vault-plugin-secrets-kv"
"github.com/hashicorp/vault/api"
"github.com/hashicorp/vault/helper/testhelpers"
vaulthttp "github.com/hashicorp/vault/http"
"github.com/hashicorp/vault/sdk/logical"
"github.com/hashicorp/vault/sdk/physical"
"github.com/hashicorp/vault/vault"
"github.com/kr/pretty"
)
// Tests the regression in
// https://github.com/hashicorp/vault-plugin-secrets-kv/pull/31
func TestKVv2_UpgradePaths(t *testing.T) {
m := new(sync.Mutex)
logOut := new(bytes.Buffer)
logger := hclog.New(&hclog.LoggerOptions{
Output: logOut,
Mutex: m,
})
coreConfig := &vault.CoreConfig{
LogicalBackends: map[string]logical.Factory{
"kv": logicalKv.Factory,
},
EnableRaw: true,
Logger: logger,
}
cluster := vault.NewTestCluster(t, coreConfig, &vault.TestClusterOptions{
HandlerFunc: vaulthttp.Handler,
})
cluster.Start()
defer cluster.Cleanup()
core := cluster.Cores[0]
vault.TestWaitActive(t, core.Core)
client := core.Client
// Enable KVv2
err := client.Sys().Mount("kv", &api.MountInput{
Type: "kv-v2",
})
if err != nil {
t.Fatal(err)
}
cluster.EnsureCoresSealed(t)
ctx := context.Background()
// Delete the policy from storage, to trigger the clean slate necessary for
// the error
mounts, err := core.UnderlyingStorage.List(ctx, "logical/")
if err != nil {
t.Fatal(err)
}
kvMount := mounts[0]
basePaths, err := core.UnderlyingStorage.List(ctx, "logical/"+kvMount)
if err != nil {
t.Fatal(err)
}
basePath := basePaths[0]
beforeList, err := core.UnderlyingStorage.List(ctx, "logical/"+kvMount+basePath)
if err != nil {
t.Fatal(err)
}
t.Log(pretty.Sprint(beforeList))
// Delete policy/archive
if err = logical.ClearView(ctx, physical.NewView(core.UnderlyingStorage, "logical/"+kvMount+basePath+"policy/")); err != nil {
t.Fatal(err)
}
if err = logical.ClearView(ctx, physical.NewView(core.UnderlyingStorage, "logical/"+kvMount+basePath+"archive/")); err != nil {
t.Fatal(err)
}
afterList, err := core.UnderlyingStorage.List(ctx, "logical/"+kvMount+basePath)
if err != nil {
t.Fatal(err)
}
t.Log(pretty.Sprint(afterList))
testhelpers.EnsureCoresUnsealed(t, cluster)
// Need to give it time to actually set up
time.Sleep(10 * time.Second)
m.Lock()
defer m.Unlock()
if strings.Contains(logOut.String(), "cannot write to storage during setup") {
t.Fatal("got a cannot write to storage during setup error")
}
}
Reference in a new issue View git blame Copy permalink