Skip to content

Commit

Permalink
work on transit join
Browse files Browse the repository at this point in the history
  • Loading branch information
mjarmy committed Jun 12, 2020
1 parent f3039df commit 3066b51
Show file tree
Hide file tree
Showing 4 changed files with 64 additions and 11 deletions.
60 changes: 57 additions & 3 deletions helper/testhelpers/testhelpers.go
Original file line number Diff line number Diff line change
Expand Up @@ -426,11 +426,14 @@ func RaftClusterJoinNodes(t testing.T, cluster *vault.TestCluster) {
vault.TestWaitActive(t, leader.Core)
}

leaderInfo := &raft.LeaderJoinInfo{
LeaderAPIAddr: leader.Client.Address(),
TLSConfig: leader.TLSConfig,
leaderInfos := []*raft.LeaderJoinInfo{
&raft.LeaderJoinInfo{
LeaderAPIAddr: leader.Client.Address(),
TLSConfig: leader.TLSConfig,
},
}

// Join followers
for i := 1; i < len(cluster.Cores); i++ {
core := cluster.Cores[i]
core.UnderlyingRawStorage.(*raft.RaftBackend).SetServerAddressProvider(addressProvider)
Expand All @@ -453,8 +456,59 @@ func RaftClusterJoinNodes(t testing.T, cluster *vault.TestCluster) {

func RaftClusterJoinNodesWithStoredKeys(t testing.T, cluster *vault.TestCluster) {

addressProvider := &TestRaftServerAddressProvider{Cluster: cluster}
atomic.StoreUint32(&vault.UpdateClusterAddrForTests, 1)

leader := cluster.Cores[0]

// Seal the leader so we can install an address provider
{
EnsureCoreSealed(t, leader)
leader.UnderlyingRawStorage.(*raft.RaftBackend).SetServerAddressProvider(addressProvider)
if err := leader.UnsealWithStoredKeys(context.Background()); err != nil {
t.Fatal(err)
}
vault.TestWaitActive(t, leader.Core)
}

leaderInfo := &raft.LeaderJoinInfo{
LeaderAPIAddr: leader.Client.Address(),
TLSConfig: leader.TLSConfig,
}

for i := 1; i < len(cluster.Cores); i++ {
core := cluster.Cores[i]
core.UnderlyingRawStorage.(*raft.RaftBackend).SetServerAddressProvider(addressProvider)
leaderInfos := []*raft.LeaderJoinInfo{
leaderInfo,
}
_, err := core.JoinRaftCluster(namespace.RootContext(context.Background()), leaderInfos, false)
if err != nil {
t.Fatal(err)
}

// The raft backend is not initialized right away after the join. We
// need to wait briefly before we can unseal.
timeout := time.Now().Add(30 * time.Second)
for {
if time.Now().After(timeout) {
t.Fatal("timeout waiting for core to unseal")
}
err := core.UnsealWithStoredKeys(context.Background())
if err == nil {
return
}
core.Logger().Warn("failed to unseal core", "error", err)
time.Sleep(time.Second)
}
}

debugRaftConfiguration(t, leader)
for i, c := range cluster.Cores {
fmt.Printf(">>> core sealed %d %t\n", i, c.Core.Sealed())
}

WaitForNCoresUnsealed(t, cluster, len(cluster.Cores))
}

// HardcodedServerAddressProvider is a ServerAddressProvider that uses
Expand Down
3 changes: 2 additions & 1 deletion vault/external_tests/seal_migration/seal_migration_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -257,8 +257,9 @@ func initializeTransit(
//if err := testhelpers.VerifyRaftConfiguration(leader, numTestCores); err != nil {
// t.Fatal(err)
//}
} else {
testhelpers.WaitForNCoresUnsealed(t, cluster, numTestCores)
}
testhelpers.WaitForNCoresUnsealed(t, cluster, numTestCores)

// Write a secret that we will read back out later.
_, err := client.Logical().Write(
Expand Down
5 changes: 5 additions & 0 deletions vault/init.go
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@ import (
"errors"
"fmt"
"net/url"
"runtime/debug"
"sync/atomic"

wrapping "github.com/hashicorp/go-kms-wrapping"
Expand Down Expand Up @@ -416,6 +417,10 @@ func (c *Core) UnsealWithStoredKeys(ctx context.Context) error {
c.unsealWithStoredKeysLock.Lock()
defer c.unsealWithStoredKeysLock.Unlock()

fmt.Printf("--------------------------------------------------------------------------\n")
fmt.Printf("Core.UnsealWithStoredKeys\n")
debug.PrintStack()

if c.seal.BarrierType() == wrapping.Shamir {
return nil
}
Expand Down
7 changes: 0 additions & 7 deletions vault/testing.go
Original file line number Diff line number Diff line change
Expand Up @@ -816,13 +816,6 @@ func (c *TestCluster) UnsealCore(t testing.T, core *TestClusterCore) {
}
}

func (c *TestCluster) UnsealCoreWithStoredKeys(t testing.T, core *TestClusterCore) {
err := core.UnsealWithStoredKeys(context.Background())
if err != nil {
t.Fatal(err)
}
}

func (c *TestCluster) EnsureCoresSealed(t testing.T) {
t.Helper()
if err := c.ensureCoresSealed(); err != nil {
Expand Down

0 comments on commit 3066b51

Please sign in to comment.