Add four cluster flag

2025-11-01 19:17:58 +00:00 · 2018-02-22 00:23:37 -05:00
parent cfa758c80b
commit a7cde35285
2 changed files with 43 additions and 22 deletions
--- a/command/server.go
+++ b/command/server.go
@@ -86,6 +86,7 @@ type ServerCommand struct {
 	flagDevLeasedKV      bool
 	flagDevSkipInit      bool
 	flagDevThreeNode     bool
+	flagDevFourCluster   bool
 	flagDevTransactional bool
 	flagTestVerifyOnly   bool
 }
@@ -237,6 +238,13 @@ func (c *ServerCommand) Flags() *FlagSets {
 		Hidden:  true,
 	})

+	f.BoolVar(&BoolVar{
+		Name:    "dev-four-cluster",
+		Target:  &c.flagDevFourCluster,
+		Default: false,
+		Hidden:  true,
+	})
+
 	// TODO: should this be a public flag?
 	f.BoolVar(&BoolVar{
 		Name:    "test-verify-only",
@@ -295,7 +303,7 @@ func (c *ServerCommand) Run(args []string) int {
 	}
 	switch strings.ToLower(logFormat) {
 	case "vault", "vault_json", "vault-json", "vaultjson", "json", "":
-		if c.flagDevThreeNode {
+		if c.flagDevThreeNode || c.flagDevFourCluster {
 			c.logger = logbridge.NewLogger(hclog.New(&hclog.LoggerOptions{
 				Mutex:  &sync.Mutex{},
 				Output: c.logGate,
@@ -313,7 +321,7 @@ func (c *ServerCommand) Run(args []string) int {
 	})

 	// Automatically enable dev mode if other dev flags are provided.
-	if c.flagDevHA || c.flagDevTransactional || c.flagDevLeasedKV || c.flagDevThreeNode {
+	if c.flagDevHA || c.flagDevTransactional || c.flagDevLeasedKV || c.flagDevThreeNode || c.flagDevFourCluster {
 		c.flagDev = true
 	}

--- a/vault/testing.go
+++ b/vault/testing.go
@@ -875,6 +875,8 @@ type TestClusterOptions struct {
 	SealFunc           func() Seal
 	RawLogger          interface{}
 	TempDir            string
+	CACert             []byte
+	CAKey              *ecdsa.PrivateKey
 }

 var DefaultNumCores = 3
@@ -896,6 +898,8 @@ type certInfo struct {
 // shared among cores. NewCore's default behavior is to generate a new DefaultSeal if the
 // provided Seal in coreConfig (i.e. base.Seal) is nil.
 func NewTestCluster(t testing.T, base *CoreConfig, opts *TestClusterOptions) *TestCluster {
+	var err error
+
 	var numCores int
 	if opts == nil || opts.NumCores == 0 {
 		numCores = DefaultNumCores
@@ -909,7 +913,6 @@ func NewTestCluster(t testing.T, base *CoreConfig, opts *TestClusterOptions) *Te
 	}
 	var baseAddr *net.TCPAddr
 	if opts != nil && opts.BaseListenAddress != "" {
-		var err error
 		baseAddr, err = net.ResolveTCPAddr("tcp", opts.BaseListenAddress)
 		if err != nil {
 			t.Fatal("could not parse given base IP")
@@ -933,27 +936,37 @@ func NewTestCluster(t testing.T, base *CoreConfig, opts *TestClusterOptions) *Te
 		testCluster.TempDir = tempDir
 	}

-	caKey, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
-	if err != nil {
-		t.Fatal(err)
+	var caKey *ecdsa.PrivateKey
+	if opts != nil && opts.CAKey != nil {
+		caKey = opts.CAKey
+	} else {
+		caKey, err = ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
+		if err != nil {
+			t.Fatal(err)
+		}
 	}
 	testCluster.CAKey = caKey
-	caCertTemplate := &x509.Certificate{
-		Subject: pkix.Name{
-			CommonName: "localhost",
-		},
-		DNSNames:              []string{"localhost"},
-		IPAddresses:           certIPs,
-		KeyUsage:              x509.KeyUsage(x509.KeyUsageCertSign | x509.KeyUsageCRLSign),
-		SerialNumber:          big.NewInt(mathrand.Int63()),
-		NotBefore:             time.Now().Add(-30 * time.Second),
-		NotAfter:              time.Now().Add(262980 * time.Hour),
-		BasicConstraintsValid: true,
-		IsCA: true,
-	}
-	caBytes, err := x509.CreateCertificate(rand.Reader, caCertTemplate, caCertTemplate, caKey.Public(), caKey)
-	if err != nil {
-		t.Fatal(err)
+	var caBytes []byte
+	if opts != nil && len(opts.CACert) > 0 {
+		caBytes = opts.CACert
+	} else {
+		caCertTemplate := &x509.Certificate{
+			Subject: pkix.Name{
+				CommonName: "localhost",
+			},
+			DNSNames:              []string{"localhost"},
+			IPAddresses:           certIPs,
+			KeyUsage:              x509.KeyUsage(x509.KeyUsageCertSign | x509.KeyUsageCRLSign),
+			SerialNumber:          big.NewInt(mathrand.Int63()),
+			NotBefore:             time.Now().Add(-30 * time.Second),
+			NotAfter:              time.Now().Add(262980 * time.Hour),
+			BasicConstraintsValid: true,
+			IsCA: true,
+		}
+		caBytes, err = x509.CreateCertificate(rand.Reader, caCertTemplate, caCertTemplate, caKey.Public(), caKey)
+		if err != nil {
+			t.Fatal(err)
+		}
 	}
 	caCert, err := x509.ParseCertificate(caBytes)
 	if err != nil {