scottk/vault
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/vault.git synced 2025-10-30 18:17:55 +00:00
Code Issues Packages Projects Releases Wiki Activity

Check if storage should be updated during invalidation (#28059)

Browse Source 
* check if storage should be updated during invalidation

* add changelog

* add other tests and fix for auth move

* fix changelog

* fix comment

* remove ent tests

---------

Co-authored-by: davidadeleon <56207066+davidadeleon@users.noreply.github.com>
This commit is contained in:
Ellie
2024-08-22 16:00:55 -05:00
committed by GitHub
parent 1488f0956d
commit 6558df47b4
4 changed files with 40 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
changelog/28059.txt Normal file
View File

@@ -0,0 +1,3 @@
```release-note:bug
command: The `vault secrets move` and `vault auth move` command will no longer attempt to write to storage on performance standby nodes.
```

18
vault/auth.go
View File

@@ -485,15 +485,17 @@ func (c *Core) remountCredential(ctx context.Context, src, dst namespace.MountPa
srcMatch.Path = strings.TrimPrefix(dst.MountPath, credentialRoutePrefix) srcMatch.Path = strings.TrimPrefix(dst.MountPath, credentialRoutePrefix)
// Update the mount table // Update the mount table
if err := c.persistAuth(ctx, c.auth, &srcMatch.Local); err != nil { if updateStorage {
srcMatch.Path = srcPath if err := c.persistAuth(ctx, c.auth, &srcMatch.Local); err != nil {
srcMatch.Tainted = true srcMatch.Path = srcPath
c.authLock.Unlock() srcMatch.Tainted = true
if err == logical.ErrReadOnly && c.perfStandby { c.authLock.Unlock()
return err if err == logical.ErrReadOnly && c.perfStandby {
} return err
}
return fmt.Errorf("failed to update auth table with error %+v", err) return fmt.Errorf("failed to update auth table with error %+v", err)
}
} }
// Remount the backend, setting the existing route entry // Remount the backend, setting the existing route entry

18
vault/mount.go
View File

@@ -1189,15 +1189,17 @@ func (c *Core) remountSecretsEngine(ctx context.Context, src, dst namespace.Moun
srcMatch.Path = dst.MountPath srcMatch.Path = dst.MountPath
// Update the mount table // Update the mount table
if err := c.persistMounts(ctx, c.mounts, &srcMatch.Local); err != nil { if updateStorage {
srcMatch.Path = srcPath if err := c.persistMounts(ctx, c.mounts, &srcMatch.Local); err != nil {
srcMatch.Tainted = true srcMatch.Path = srcPath
c.mountsLock.Unlock() srcMatch.Tainted = true
if err == logical.ErrReadOnly && c.perfStandby { c.mountsLock.Unlock()
return err if err == logical.ErrReadOnly && c.perfStandby {
} return err
}
return fmt.Errorf("failed to update mount table with error %+v", err) return fmt.Errorf("failed to update mount table with error %+v", err)
}
} }
// Remount the backend // Remount the backend

17
vault/testing.go
View File

@@ -652,6 +652,23 @@ func GenerateRandBytes(length int) ([]byte, error) {
return buf, nil return buf, nil
} }
func TestWaitPerfStandby(t testing.TB, core *Core) {
t.Helper()
start := time.Now()
var perfStandby bool
for time.Now().Sub(start) < 30*time.Second {
perfStandby = core.PerfStandby()
if perfStandby {
break
}
}
if !perfStandby {
err := errors.New("core not in perf standby mode")
t.Fatal(err)
}
}
func TestWaitActive(t testing.TB, core *Core) { func TestWaitActive(t testing.TB, core *Core) {
t.Helper() t.Helper()
if err := TestWaitActiveWithError(core); err != nil { if err := TestWaitActiveWithError(core); err != nil {