diff --git a/helper/testhelpers/replication/testcluster.go b/helper/testhelpers/replication/testcluster.go new file mode 100644 index 0000000000..32297c1b7b --- /dev/null +++ b/helper/testhelpers/replication/testcluster.go @@ -0,0 +1,55 @@ +// Copyright (c) HashiCorp, Inc. +// SPDX-License-Identifier: BUSL-1.1 + +package replication + +import ( + "context" + "testing" + + "github.com/hashicorp/go-hclog" + "github.com/hashicorp/vault/helper/testhelpers/teststorage" + "github.com/hashicorp/vault/sdk/helper/logging" + "github.com/hashicorp/vault/sdk/helper/testcluster" + "github.com/hashicorp/vault/vault" + "github.com/stretchr/testify/require" +) + +// SetCorePerf returns a ReplicationSet using NewTestCluster, +// i.e. core-based rather than subprocess- or docker-based clusters. +// The set will contain two clusters A and C connected using perf replication. +func SetCorePerf(t *testing.T, conf *vault.CoreConfig, opts *vault.TestClusterOptions) *testcluster.ReplicationSet { + r := NewReplicationSetCore(t, conf, opts, teststorage.InmemBackendSetup) + t.Cleanup(r.Cleanup) + + // By default NewTestCluster will mount a kv under secret/. This isn't + // done by docker-based clusters, so remove this to make us more like that. + require.Nil(t, r.Clusters["A"].Nodes()[0].APIClient().Sys().Unmount("secret")) + + err := r.StandardPerfReplication(context.Background()) + if err != nil { + t.Fatal(err) + } + return r +} + +func NewReplicationSetCore(t *testing.T, conf *vault.CoreConfig, opts *vault.TestClusterOptions, setup teststorage.ClusterSetupMutator) *testcluster.ReplicationSet { + r := &testcluster.ReplicationSet{ + Clusters: map[string]testcluster.VaultCluster{}, + Logger: logging.NewVaultLogger(hclog.Trace).Named(t.Name()), + } + + r.Builder = func(ctx context.Context, name string, baseLogger hclog.Logger) (testcluster.VaultCluster, error) { + conf, opts := teststorage.ClusterSetup(conf, opts, setup) + opts.Logger = baseLogger.Named(name) + return vault.NewTestCluster(t, conf, opts), nil + } + + a, err := r.Builder(context.TODO(), "A", r.Logger) + if err != nil { + t.Fatal(err) + } + r.Clusters["A"] = a + + return r +} diff --git a/sdk/helper/testcluster/docker/environment.go b/sdk/helper/testcluster/docker/environment.go index 259ba5e123..84dedbda7a 100644 --- a/sdk/helper/testcluster/docker/environment.go +++ b/sdk/helper/testcluster/docker/environment.go @@ -133,7 +133,7 @@ func (dc *DockerCluster) SetRecoveryKeys(keys [][]byte) { } func (dc *DockerCluster) GetCACertPEMFile() string { - return dc.CACertPEMFile + return testcluster.DefaultCAFile } func (dc *DockerCluster) Cleanup() { diff --git a/sdk/helper/testcluster/replication.go b/sdk/helper/testcluster/replication.go index 388abf872d..1ab4485c50 100644 --- a/sdk/helper/testcluster/replication.go +++ b/sdk/helper/testcluster/replication.go @@ -72,7 +72,7 @@ func WaitForPerfReplicationState(ctx context.Context, cluster VaultCluster, stat func EnablePerformanceSecondaryNoWait(ctx context.Context, perfToken string, pri, sec VaultCluster, updatePrimary bool) error { postData := map[string]interface{}{ "token": perfToken, - "ca_file": DefaultCAFile, + "ca_file": pri.GetCACertPEMFile(), } path := "sys/replication/performance/secondary/enable" if updatePrimary { @@ -466,7 +466,7 @@ func WaitForDRSecondary(ctx context.Context, pri, sec VaultCluster, skipPoisonPi func EnableDRSecondaryNoWait(ctx context.Context, sec VaultCluster, drToken string) error { postData := map[string]interface{}{ "token": drToken, - "ca_file": DefaultCAFile, + "ca_file": sec.GetCACertPEMFile(), } _, err := sec.Nodes()[0].APIClient().Logical().Write("sys/replication/dr/secondary/enable", postData) @@ -734,7 +734,7 @@ func UpdatePrimary(ctx context.Context, pri, sec VaultCluster) error { resp, err := secClient.Logical().Write("sys/replication/dr/secondary/update-primary", map[string]interface{}{ "dr_operation_token": rootToken, "token": drToken, - "ca_file": DefaultCAFile, + "ca_file": sec.GetCACertPEMFile(), }) if err != nil { return err