add max_entry_size to sanitized config output (#20044)

* add max_entry_size to sanitized config output

* add changelog entry

* add test parallelism

* add inmem test case

* use named struct fields for TestSysConfigState_Sanitized cases

changelog/20044.txt

@@ -0,0 +1,4 @@
+```release-note:improvement
+core: Add a `raft` sub-field to the `storage` and `ha_storage` details provided by the
+`/sys/config/state/sanitized` endpoint in order to include the `max_entry_size`.
+```

command/server/config.go

@@ -1133,23 +1133,39 @@ func (c *Config) Sanitized() map[string]interface{} {
 
 	// Sanitize storage stanza
 	if c.Storage != nil {
+		storageType := c.Storage.Type
 		sanitizedStorage := map[string]interface{}{
-			"type":               c.Storage.Type,
+			"type":               storageType,
 			"redirect_addr":      c.Storage.RedirectAddr,
 			"cluster_addr":       c.Storage.ClusterAddr,
 			"disable_clustering": c.Storage.DisableClustering,
 		}
+
+		if storageType == "raft" {
+			sanitizedStorage["raft"] = map[string]interface{}{
+				"max_entry_size": c.Storage.Config["max_entry_size"],
+			}
+		}
+
 		result["storage"] = sanitizedStorage
 	}
 
 	// Sanitize HA storage stanza
 	if c.HAStorage != nil {
+		haStorageType := c.HAStorage.Type
 		sanitizedHAStorage := map[string]interface{}{
-			"type":               c.HAStorage.Type,
+			"type":               haStorageType,
 			"redirect_addr":      c.HAStorage.RedirectAddr,
 			"cluster_addr":       c.HAStorage.ClusterAddr,
 			"disable_clustering": c.HAStorage.DisableClustering,
 		}
+
+		if haStorageType == "raft" {
+			sanitizedHAStorage["raft"] = map[string]interface{}{
+				"max_entry_size": c.HAStorage.Config["max_entry_size"],
+			}
+		}
+
 		result["ha_storage"] = sanitizedHAStorage
 	}
 

http/sys_config_state_test.go

@@ -9,13 +9,123 @@ import (
 	"testing"
 
 	"github.com/go-test/deep"
+	"github.com/hashicorp/vault/command/server"
+	"github.com/hashicorp/vault/internalshared/configutil"
 	"github.com/hashicorp/vault/vault"
 )
 
 func TestSysConfigState_Sanitized(t *testing.T) {
-	var resp *http.Response
+	cases := []struct {
+		name                    string
+		storageConfig           *server.Storage
+		haStorageConfig         *server.Storage
+		expectedStorageOutput   map[string]interface{}
+		expectedHAStorageOutput map[string]interface{}
+	}{
+		{
+			name: "raft storage",
+			storageConfig: &server.Storage{
+				Type:              "raft",
+				RedirectAddr:      "http://127.0.0.1:8200",
+				ClusterAddr:       "http://127.0.0.1:8201",
+				DisableClustering: false,
+				Config: map[string]string{
+					"path":           "/storage/path/raft",
+					"node_id":        "raft1",
+					"max_entry_size": "2097152",
+				},
+			},
+			haStorageConfig: nil,
+			expectedStorageOutput: map[string]interface{}{
+				"type":               "raft",
+				"redirect_addr":      "http://127.0.0.1:8200",
+				"cluster_addr":       "http://127.0.0.1:8201",
+				"disable_clustering": false,
+				"raft": map[string]interface{}{
+					"max_entry_size": "2097152",
+				},
+			},
+			expectedHAStorageOutput: nil,
+		},
+		{
+			name: "inmem storage, no HA storage",
+			storageConfig: &server.Storage{
+				Type:              "inmem",
+				RedirectAddr:      "http://127.0.0.1:8200",
+				ClusterAddr:       "http://127.0.0.1:8201",
+				DisableClustering: false,
+			},
+			haStorageConfig: nil,
+			expectedStorageOutput: map[string]interface{}{
+				"type":               "inmem",
+				"redirect_addr":      "http://127.0.0.1:8200",
+				"cluster_addr":       "http://127.0.0.1:8201",
+				"disable_clustering": false,
+			},
+			expectedHAStorageOutput: nil,
+		},
+		{
+			name: "inmem storage, raft HA storage",
+			storageConfig: &server.Storage{
+				Type:              "inmem",
+				RedirectAddr:      "http://127.0.0.1:8200",
+				ClusterAddr:       "http://127.0.0.1:8201",
+				DisableClustering: false,
+			},
+			haStorageConfig: &server.Storage{
+				Type:              "raft",
+				RedirectAddr:      "http://127.0.0.1:8200",
+				ClusterAddr:       "http://127.0.0.1:8201",
+				DisableClustering: false,
+				Config: map[string]string{
+					"path":           "/storage/path/raft",
+					"node_id":        "raft1",
+					"max_entry_size": "2097152",
+				},
+			},
+			expectedStorageOutput: map[string]interface{}{
+				"type":               "inmem",
+				"redirect_addr":      "http://127.0.0.1:8200",
+				"cluster_addr":       "http://127.0.0.1:8201",
+				"disable_clustering": false,
+			},
+			expectedHAStorageOutput: map[string]interface{}{
+				"type":               "raft",
+				"redirect_addr":      "http://127.0.0.1:8200",
+				"cluster_addr":       "http://127.0.0.1:8201",
+				"disable_clustering": false,
+				"raft": map[string]interface{}{
+					"max_entry_size": "2097152",
+				},
+			},
+		},
+	}
 
-	core, _, token := vault.TestCoreUnsealed(t)
+	for _, tc := range cases {
+		tc := tc
+
+		t.Run(tc.name, func(t *testing.T) {
+			t.Parallel()
+
+			var resp *http.Response
+			confRaw := &server.Config{
+				Storage:   tc.storageConfig,
+				HAStorage: tc.haStorageConfig,
+				SharedConfig: &configutil.SharedConfig{
+					Listeners: []*configutil.Listener{
+						{
+							Type:    "tcp",
+							Address: "127.0.0.1",
+						},
+					},
+				},
+			}
+
+			conf := &vault.CoreConfig{
+				RawConfig: confRaw,
+			}
+
+			core, _, token := vault.TestCoreUnsealedWithConfig(t, conf)
 			ln, addr := TestServer(t, core)
 			defer ln.Close()
 			TestServerAuth(t, addr, token)
@@ -57,6 +167,17 @@ func TestSysConfigState_Sanitized(t *testing.T) {
 				"enable_response_header_hostname":     false,
 				"enable_response_header_raft_node_id": false,
 				"log_requests_level":                  "",
+				"listeners": []interface{}{
+					map[string]interface{}{
+						"config": nil,
+						"type":   "tcp",
+					},
+				},
+				"storage": tc.expectedStorageOutput,
+			}
+
+			if tc.expectedHAStorageOutput != nil {
+				configResp["ha_storage"] = tc.expectedHAStorageOutput
 			}
 
 			expected = map[string]interface{}{
@@ -75,4 +196,6 @@ func TestSysConfigState_Sanitized(t *testing.T) {
 			if diff := deep.Equal(actual, expected); len(diff) > 0 {
 				t.Fatalf("bad mismatch response body: diff: %v", diff)
 			}
+		})
+	}
 }