scottk/vault
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/vault.git synced 2025-10-30 18:17:55 +00:00
Code Issues Packages Projects Releases Wiki Activity

add max_entry_size to sanitized config output (#20044)

Browse Source 
* add max_entry_size to sanitized config output

* add changelog entry

* add test parallelism

* add inmem test case

* use named struct fields for TestSysConfigState_Sanitized cases
This commit is contained in:
Chris Capurso
2023-04-14 09:52:23 -04:00
committed by GitHub
parent c6fc0033ee
commit ca702745e8
3 changed files with 202 additions and 59 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
changelog/20044.txt Normal file
View File

@@ -0,0 +1,4 @@
```release-note:improvement
core: Add a `raft` sub-field to the `storage` and `ha_storage` details provided by the
`/sys/config/state/sanitized` endpoint in order to include the `max_entry_size`.
```

20
command/server/config.go
View File

@@ -1133,23 +1133,39 @@ func (c *Config) Sanitized() map[string]interface{} {
// Sanitize storage stanza // Sanitize storage stanza
if c.Storage != nil { if c.Storage != nil {
storageType := c.Storage.Type
sanitizedStorage := map[string]interface{}{ sanitizedStorage := map[string]interface{}{
"type": c.Storage.Type, "type": storageType,
"redirect_addr": c.Storage.RedirectAddr, "redirect_addr": c.Storage.RedirectAddr,
"cluster_addr": c.Storage.ClusterAddr, "cluster_addr": c.Storage.ClusterAddr,
"disable_clustering": c.Storage.DisableClustering, "disable_clustering": c.Storage.DisableClustering,
} }
if storageType == "raft" {
sanitizedStorage["raft"] = map[string]interface{}{
"max_entry_size": c.Storage.Config["max_entry_size"],
}
}
result["storage"] = sanitizedStorage result["storage"] = sanitizedStorage
} }
// Sanitize HA storage stanza // Sanitize HA storage stanza
if c.HAStorage != nil { if c.HAStorage != nil {
haStorageType := c.HAStorage.Type
sanitizedHAStorage := map[string]interface{}{ sanitizedHAStorage := map[string]interface{}{
"type": c.HAStorage.Type, "type": haStorageType,
"redirect_addr": c.HAStorage.RedirectAddr, "redirect_addr": c.HAStorage.RedirectAddr,
"cluster_addr": c.HAStorage.ClusterAddr, "cluster_addr": c.HAStorage.ClusterAddr,
"disable_clustering": c.HAStorage.DisableClustering, "disable_clustering": c.HAStorage.DisableClustering,
} }
if haStorageType == "raft" {
sanitizedHAStorage["raft"] = map[string]interface{}{
"max_entry_size": c.HAStorage.Config["max_entry_size"],
}
}
result["ha_storage"] = sanitizedHAStorage result["ha_storage"] = sanitizedHAStorage
} }

237
http/sys_config_state_test.go
View File

@@ -9,70 +9,193 @@ import (
"testing" "testing"
"github.com/go-test/deep" "github.com/go-test/deep"
"github.com/hashicorp/vault/command/server"
"github.com/hashicorp/vault/internalshared/configutil"
"github.com/hashicorp/vault/vault" "github.com/hashicorp/vault/vault"
) )
func TestSysConfigState_Sanitized(t *testing.T) { func TestSysConfigState_Sanitized(t *testing.T) {
var resp *http.Response cases := []struct {
name string
core, _, token := vault.TestCoreUnsealed(t) storageConfig *server.Storage
ln, addr := TestServer(t, core) haStorageConfig *server.Storage
defer ln.Close() expectedStorageOutput map[string]interface{}
TestServerAuth(t, addr, token) expectedHAStorageOutput map[string]interface{}
}{
resp = testHttpGet(t, token, addr+"/v1/sys/config/state/sanitized") {
testResponseStatus(t, resp, 200) name: "raft storage",
storageConfig: &server.Storage{
var actual map[string]interface{} Type: "raft",
var expected map[string]interface{} RedirectAddr: "http://127.0.0.1:8200",
ClusterAddr: "http://127.0.0.1:8201",
configResp := map[string]interface{}{ DisableClustering: false,
"api_addr": "", Config: map[string]string{
"cache_size": json.Number("0"), "path": "/storage/path/raft",
"cluster_addr": "", "node_id": "raft1",
"cluster_cipher_suites": "", "max_entry_size": "2097152",
"cluster_name": "", },
"default_lease_ttl": json.Number("0"), },
"default_max_request_duration": json.Number("0"), haStorageConfig: nil,
"disable_cache": false, expectedStorageOutput: map[string]interface{}{
"disable_clustering": false, "type": "raft",
"disable_indexing": false, "redirect_addr": "http://127.0.0.1:8200",
"disable_mlock": false, "cluster_addr": "http://127.0.0.1:8201",
"disable_performance_standby": false, "disable_clustering": false,
"disable_printable_check": false, "raft": map[string]interface{}{
"disable_sealwrap": false, "max_entry_size": "2097152",
"experiments": nil, },
"raw_storage_endpoint": false, },
"detect_deadlocks": "", expectedHAStorageOutput: nil,
"introspection_endpoint": false, },
"disable_sentinel_trace": false, {
"enable_ui": false, name: "inmem storage, no HA storage",
"log_format": "", storageConfig: &server.Storage{
"log_level": "", Type: "inmem",
"max_lease_ttl": json.Number("0"), RedirectAddr: "http://127.0.0.1:8200",
"pid_file": "", ClusterAddr: "http://127.0.0.1:8201",
"plugin_directory": "", DisableClustering: false,
"plugin_file_uid": json.Number("0"), },
"plugin_file_permissions": json.Number("0"), haStorageConfig: nil,
"enable_response_header_hostname": false, expectedStorageOutput: map[string]interface{}{
"enable_response_header_raft_node_id": false, "type": "inmem",
"log_requests_level": "", "redirect_addr": "http://127.0.0.1:8200",
"cluster_addr": "http://127.0.0.1:8201",
"disable_clustering": false,
},
expectedHAStorageOutput: nil,
},
{
name: "inmem storage, raft HA storage",
storageConfig: &server.Storage{
Type: "inmem",
RedirectAddr: "http://127.0.0.1:8200",
ClusterAddr: "http://127.0.0.1:8201",
DisableClustering: false,
},
haStorageConfig: &server.Storage{
Type: "raft",
RedirectAddr: "http://127.0.0.1:8200",
ClusterAddr: "http://127.0.0.1:8201",
DisableClustering: false,
Config: map[string]string{
"path": "/storage/path/raft",
"node_id": "raft1",
"max_entry_size": "2097152",
},
},
expectedStorageOutput: map[string]interface{}{
"type": "inmem",
"redirect_addr": "http://127.0.0.1:8200",
"cluster_addr": "http://127.0.0.1:8201",
"disable_clustering": false,
},
expectedHAStorageOutput: map[string]interface{}{
"type": "raft",
"redirect_addr": "http://127.0.0.1:8200",
"cluster_addr": "http://127.0.0.1:8201",
"disable_clustering": false,
"raft": map[string]interface{}{
"max_entry_size": "2097152",
},
},
},
} }
expected = map[string]interface{}{ for _, tc := range cases {
"lease_id": "", tc := tc
"renewable": false,
"lease_duration": json.Number("0"),
"wrap_info": nil,
"warnings": nil,
"auth": nil,
"data": configResp,
}
testResponseBody(t, resp, &actual) t.Run(tc.name, func(t *testing.T) {
expected["request_id"] = actual["request_id"] t.Parallel()
if diff := deep.Equal(actual, expected); len(diff) > 0 { var resp *http.Response
t.Fatalf("bad mismatch response body: diff: %v", diff) confRaw := &server.Config{
Storage: tc.storageConfig,
HAStorage: tc.haStorageConfig,
SharedConfig: &configutil.SharedConfig{
Listeners: []*configutil.Listener{
{
Type: "tcp",
Address: "127.0.0.1",
},
},
},
}
conf := &vault.CoreConfig{
RawConfig: confRaw,
}
core, _, token := vault.TestCoreUnsealedWithConfig(t, conf)
ln, addr := TestServer(t, core)
defer ln.Close()
TestServerAuth(t, addr, token)
resp = testHttpGet(t, token, addr+"/v1/sys/config/state/sanitized")
testResponseStatus(t, resp, 200)
var actual map[string]interface{}
var expected map[string]interface{}
configResp := map[string]interface{}{
"api_addr": "",
"cache_size": json.Number("0"),
"cluster_addr": "",
"cluster_cipher_suites": "",
"cluster_name": "",
"default_lease_ttl": json.Number("0"),
"default_max_request_duration": json.Number("0"),
"disable_cache": false,
"disable_clustering": false,
"disable_indexing": false,
"disable_mlock": false,
"disable_performance_standby": false,
"disable_printable_check": false,
"disable_sealwrap": false,
"experiments": nil,
"raw_storage_endpoint": false,
"detect_deadlocks": "",
"introspection_endpoint": false,
"disable_sentinel_trace": false,
"enable_ui": false,
"log_format": "",
"log_level": "",
"max_lease_ttl": json.Number("0"),
"pid_file": "",
"plugin_directory": "",
"plugin_file_uid": json.Number("0"),
"plugin_file_permissions": json.Number("0"),
"enable_response_header_hostname": false,
"enable_response_header_raft_node_id": false,
"log_requests_level": "",
"listeners": []interface{}{
map[string]interface{}{
"config": nil,
"type": "tcp",
},
},
"storage": tc.expectedStorageOutput,
}
if tc.expectedHAStorageOutput != nil {
configResp["ha_storage"] = tc.expectedHAStorageOutput
}
expected = map[string]interface{}{
"lease_id": "",
"renewable": false,
"lease_duration": json.Number("0"),
"wrap_info": nil,
"warnings": nil,
"auth": nil,
"data": configResp,
}
testResponseBody(t, resp, &actual)
expected["request_id"] = actual["request_id"]
if diff := deep.Equal(actual, expected); len(diff) > 0 {
t.Fatalf("bad mismatch response body: diff: %v", diff)
}
})
} }
} }