Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Remove old workaround for a rollback error #4206

Merged
merged 1 commit into from
Mar 27, 2018
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 0 additions & 5 deletions vault/auth.go
Original file line number Diff line number Diff line change
Expand Up @@ -448,11 +448,6 @@ func (c *Core) setupCredentials(ctx context.Context) error {

for _, entry := range c.auth.Entries {
var backend logical.Backend
// Work around some problematic code that existed in master for a while
if strings.HasPrefix(entry.Path, credentialRoutePrefix) {
entry.Path = strings.TrimPrefix(entry.Path, credentialRoutePrefix)
persistNeeded = true
}

// Create a barrier view using the UUID
viewPath := credentialBarrierPrefix + entry.UUID + "/"
Expand Down
52 changes: 52 additions & 0 deletions vault/router_ext_test.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,52 @@
package vault_test

import (
"testing"

"github.com/hashicorp/vault/api"
"github.com/hashicorp/vault/builtin/credential/userpass"
vaulthttp "github.com/hashicorp/vault/http"
"github.com/hashicorp/vault/logical"
"github.com/hashicorp/vault/vault"
)

func TestRouter_MountSubpath_Checks(t *testing.T) {
testRouter_MountSubpath(t, []string{"auth/abcd/123", "abcd/123"})
testRouter_MountSubpath(t, []string{"abcd/123", "auth/abcd/123"})
testRouter_MountSubpath(t, []string{"auth/abcd/123", "abcd/123"})
}

func testRouter_MountSubpath(t *testing.T, mountPoints []string) {
coreConfig := &vault.CoreConfig{
CredentialBackends: map[string]logical.Factory{
"userpass": userpass.Factory,
},
}
cluster := vault.NewTestCluster(t, coreConfig, &vault.TestClusterOptions{
HandlerFunc: vaulthttp.Handler,
})
cluster.Start()
defer cluster.Cleanup()

vault.TestWaitActive(t, cluster.Cores[0].Core)
client := cluster.Cores[0].Client

authInput := &api.EnableAuthOptions{
Type: "userpass",
}

for _, mp := range mountPoints {
t.Logf("mounting %s", mp)
var err error
err = client.Sys().EnableAuthWithOptions(mp, authInput)
if err != nil {
t.Fatalf("err: %v", err)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You could remove t.Logf() above and print out the mount in which this error occurred in here.

}
}

cluster.EnsureCoresSealed(t)

cluster.UnsealCores(t)

t.Logf("Done: %#v", mountPoints)
}
47 changes: 47 additions & 0 deletions vault/testing.go
Original file line number Diff line number Diff line change
Expand Up @@ -768,6 +768,53 @@ func (c *TestCluster) Start() {
}
}

// UnsealCores uses the cluster barrier keys to unseal the test cluster cores
func (c *TestCluster) UnsealCores(t testing.T) {
numCores := len(c.Cores)

// Unseal first core
for _, key := range c.BarrierKeys {
if _, err := c.Cores[0].Unseal(TestKeyCopy(key)); err != nil {
t.Fatalf("unseal err: %s", err)
}
}

// Verify unsealed
sealed, err := c.Cores[0].Sealed()
if err != nil {
t.Fatalf("err checking seal status: %s", err)
}
if sealed {
t.Fatal("should not be sealed")
}

TestWaitActive(t, c.Cores[0].Core)

// Unseal other cores
for i := 1; i < numCores; i++ {
for _, key := range c.BarrierKeys {
if _, err := c.Cores[i].Core.Unseal(TestKeyCopy(key)); err != nil {
t.Fatalf("unseal err: %s", err)
}
}
}

// Let them come fully up to standby
time.Sleep(2 * time.Second)

// Ensure cluster connection info is populated.
// Other cores should not come up as leaders.
for i := 1; i < numCores; i++ {
isLeader, _, _, err := c.Cores[i].Leader()
if err != nil {
t.Fatal(err)
}
if isLeader {
t.Fatalf("core[%d] should not be leader", i)
}
}
}

func (c *TestCluster) EnsureCoresSealed(t testing.T) {
t.Helper()
if err := c.ensureCoresSealed(); err != nil {
Expand Down