Remove the Seal HA beta feature flag (#23820)

2025-10-30 18:17:55 +00:00 · 2023-10-27 09:13:06 -04:00
parent a76f71cc60
commit 40e9fcde49
7 changed files with 181 additions and 971 deletions
--- a/command/operator_diagnose_test.go
+++ b/command/operator_diagnose_test.go
@@ -13,6 +13,8 @@ import (
 	"strings"
 	"testing"

+	"github.com/hashicorp/vault/command/server"
+
 	"github.com/hashicorp/vault/vault/diagnose"
 	"github.com/mitchellh/cli"
 )
@@ -172,6 +174,138 @@ func TestOperatorDiagnoseCommand_Run(t *testing.T) {
 				},
 			},
 		},
+		{
+			"diagnose_ok_multiseal",
+			[]string{
+				"-config", "./server/test-fixtures/config_diagnose_ok.hcl",
+			},
+			[]*diagnose.Result{
+				{
+					Name:   "Parse Configuration",
+					Status: diagnose.OkStatus,
+				},
+				{
+					Name:   "Start Listeners",
+					Status: diagnose.WarningStatus,
+					Children: []*diagnose.Result{
+						{
+							Name:   "Create Listeners",
+							Status: diagnose.OkStatus,
+						},
+						{
+							Name:   "Check Listener TLS",
+							Status: diagnose.WarningStatus,
+							Warnings: []string{
+								"TLS is disabled in a listener config stanza.",
+							},
+						},
+					},
+				},
+				{
+					Name:   "Check Storage",
+					Status: diagnose.OkStatus,
+					Children: []*diagnose.Result{
+						{
+							Name:   "Create Storage Backend",
+							Status: diagnose.OkStatus,
+						},
+						{
+							Name:   "Check Consul TLS",
+							Status: diagnose.SkippedStatus,
+						},
+						{
+							Name:   "Check Consul Direct Storage Access",
+							Status: diagnose.OkStatus,
+						},
+					},
+				},
+				{
+					Name:   "Check Service Discovery",
+					Status: diagnose.OkStatus,
+					Children: []*diagnose.Result{
+						{
+							Name:   "Check Consul Service Discovery TLS",
+							Status: diagnose.SkippedStatus,
+						},
+						{
+							Name:   "Check Consul Direct Service Discovery",
+							Status: diagnose.OkStatus,
+						},
+					},
+				},
+				{
+					Name: "Create Vault Server Configuration Seals",
+					// We can't load from storage the existing seal generation info during the test, so we expect an error.
+					Status: diagnose.ErrorStatus,
+				},
+				{
+					Name:   "Create Core Configuration",
+					Status: diagnose.OkStatus,
+					Children: []*diagnose.Result{
+						{
+							Name:   "Initialize Randomness for Core",
+							Status: diagnose.OkStatus,
+						},
+					},
+				},
+				{
+					Name:   "HA Storage",
+					Status: diagnose.OkStatus,
+					Children: []*diagnose.Result{
+						{
+							Name:   "Create HA Storage Backend",
+							Status: diagnose.OkStatus,
+						},
+						{
+							Name:   "Check HA Consul Direct Storage Access",
+							Status: diagnose.OkStatus,
+						},
+						{
+							Name:   "Check Consul TLS",
+							Status: diagnose.SkippedStatus,
+						},
+					},
+				},
+				{
+					Name:   "Determine Redirect Address",
+					Status: diagnose.OkStatus,
+				},
+				{
+					Name:   "Check Cluster Address",
+					Status: diagnose.OkStatus,
+				},
+				{
+					Name:   "Check Core Creation",
+					Status: diagnose.OkStatus,
+				},
+				{
+					Name:   "Start Listeners",
+					Status: diagnose.WarningStatus,
+					Children: []*diagnose.Result{
+						{
+							Name:   "Create Listeners",
+							Status: diagnose.OkStatus,
+						},
+						{
+							Name:   "Check Listener TLS",
+							Status: diagnose.WarningStatus,
+							Warnings: []string{
+								"TLS is disabled in a listener config stanza.",
+							},
+						},
+					},
+				},
+				{
+					Name:    "Check Autounseal Encryption",
+					Status:  diagnose.ErrorStatus,
+					Message: "Diagnose could not create a barrier seal object.",
+				},
+				{
+					Name:   "Check Server Before Runtime",
+					Status: diagnose.OkStatus,
+				},
+			},
+		},
 		{
 			"diagnose_raft_problems",
 			[]string{
@@ -478,17 +612,23 @@ func TestOperatorDiagnoseCommand_Run(t *testing.T) {
 		for _, tc := range cases {
 			tc := tc
 			t.Run(tc.name, func(t *testing.T) {
-				t.Parallel()
-				client, closer := testVaultServer(t)
-				defer closer()
-				cmd := testOperatorDiagnoseCommand(t)
-				cmd.client = client
+				if tc.name == "diagnose_ok" && server.IsMultisealSupported() {
+					t.Skip("Test not valid in ENT")
+				} else if tc.name == "diagnose_ok_multiseal" && !server.IsMultisealSupported() {
+					t.Skip("Test not valid in community edition")
+				} else {
+					t.Parallel()
+					client, closer := testVaultServer(t)
+					defer closer()
+					cmd := testOperatorDiagnoseCommand(t)
+					cmd.client = client

-				cmd.Run(tc.args)
-				result := cmd.diagnose.Finalize(context.Background())
+					cmd.Run(tc.args)
+					result := cmd.diagnose.Finalize(context.Background())

-				if err := compareResults(tc.expected, result.Children); err != nil {
-					t.Fatalf("Did not find expected test results: %v", err)
+					if err := compareResults(tc.expected, result.Children); err != nil {
+						t.Fatalf("Did not find expected test results: %v", err)
+					}
 				}
 			})
 		}