scottk/vault
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/vault.git synced 2025-11-01 11:08:10 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add experiment system + events experiment (#18682)

Browse Source
This commit is contained in:
Tom Proctor
2023-01-16 16:07:18 +00:00
committed by GitHub
parent 2a5a07e390
commit e36690e067
16 changed files with 394 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
command/server.go
View File

@@ -36,6 +36,7 @@ import (
"github.com/hashicorp/vault/command/server"
"github.com/hashicorp/vault/helper/builtinplugins"
"github.com/hashicorp/vault/helper/constants"
"github.com/hashicorp/vault/helper/experiments"
loghelper "github.com/hashicorp/vault/helper/logging"
"github.com/hashicorp/vault/helper/metricsutil"
"github.com/hashicorp/vault/helper/namespace"
@@ -116,6 +117,7 @@ type ServerCommand struct {
flagConfigs []string
flagRecovery bool
flagExperiments []string
flagDev bool
flagDevTLS bool
flagDevTLSCertDir string
@@ -204,6 +206,17 @@ func (c *ServerCommand) Flags() *FlagSets {
"Using a recovery operation token, \"sys/raw\" API can be used to manipulate the storage.",
})
f.StringSliceVar(&StringSliceVar{
Name: "experiment",
Target: &c.flagExperiments,
Completion: complete.PredictSet(experiments.ValidExperiments()...),
Usage: "Name of an experiment to enable. Experiments should NOT be used in production, and " +
"the associated APIs may have backwards incompatible changes between releases. This " +
"flag can be specified multiple times to specify multiple experiments. This can also be " +
fmt.Sprintf("specified via the %s environment variable as a comma-separated list. ", EnvVaultExperiments) +
"Valid experiments are: " + strings.Join(experiments.ValidExperiments(), ", "),
})
f = set.NewFlagSet("Dev Options")
f.BoolVar(&BoolVar{
@@ -1105,6 +1118,11 @@ func (c *ServerCommand) Run(args []string) int {
}
}
if err := server.ExperimentsFromEnvAndCLI(config, EnvVaultExperiments, c.flagExperiments); err != nil {
c.UI.Error(err.Error())
return 1
}
// If mlockall(2) isn't supported, show a warning. We disable this in dev
// because it is quite scary to see when first using Vault. We also disable
// this if the user has explicitly disabled mlock in configuration.
@@ -1173,6 +1191,12 @@ func (c *ServerCommand) Run(args []string) int {
info[key] = strings.Join(envVarKeys, ", ")
infoKeys = append(infoKeys, key)
if len(config.Experiments) != 0 {
expKey := "experiments"
info[expKey] = strings.Join(config.Experiments, ", ")
infoKeys = append(infoKeys, expKey)
}
barrierSeal, barrierWrapper, unwrapSeal, seals, sealConfigError, err := setSeal(c, config, infoKeys, info)
// Check error here
if err != nil {
@@ -2637,6 +2661,7 @@ func createCoreConfig(c *ServerCommand, config *server.Config, backend physical.
License: config.License,
LicensePath: config.LicensePath,
DisableSSCTokens: config.DisableSSCTokens,
Experiments: config.Experiments,
}
if c.flagDev {