Skip to content

Commit

Permalink
add OSS noop check for valid ent storage (#15894)
Browse files Browse the repository at this point in the history
  • Loading branch information
ccapurso authored Jun 8, 2022
1 parent 12bce35 commit 3ab0052
Show file tree
Hide file tree
Showing 2 changed files with 34 additions and 5 deletions.
30 changes: 26 additions & 4 deletions command/server.go
Original file line number Diff line number Diff line change
Expand Up @@ -42,6 +42,7 @@ import (
"github.com/hashicorp/vault/internalshared/listenerutil"
"github.com/hashicorp/vault/sdk/helper/jsonutil"
"github.com/hashicorp/vault/sdk/helper/logging"
"github.com/hashicorp/vault/sdk/helper/strutil"
"github.com/hashicorp/vault/sdk/helper/useragent"
"github.com/hashicorp/vault/sdk/logical"
"github.com/hashicorp/vault/sdk/physical"
Expand Down Expand Up @@ -75,8 +76,9 @@ const (

// Even though there are more types than the ones below, the following consts
// are declared internally for value comparison and reusability.
storageTypeRaft = "raft"
storageTypeConsul = "consul"
storageTypeRaft = "raft"
storageTypeConsul = "consul"
disableStorageTypeCheckEnv = "VAULT_DISABLE_SUPPORTED_STORAGE_CHECK"
)

type ServerCommand struct {
Expand Down Expand Up @@ -1324,6 +1326,24 @@ func (c *ServerCommand) Run(args []string) int {
// Apply any enterprise configuration onto the coreConfig.
adjustCoreConfigForEnt(config, &coreConfig)

if !c.flagDev && os.Getenv(disableStorageTypeCheckEnv) == "" {
inMemStorageTypes := []string{
"inmem", "inmem_ha", "inmem_transactional", "inmem_transactional_ha",
}

if strutil.StrListContains(inMemStorageTypes, coreConfig.StorageType) {
c.UI.Warn("")
c.UI.Warn(wrapAtLength(fmt.Sprintf("WARNING: storage configured to use %q which should NOT be used in production", coreConfig.StorageType)))
c.UI.Warn("")
} else {
err = checkStorageTypeForEnt(&coreConfig)
if err != nil {
c.UI.Error(fmt.Sprintf("Invalid storage type: %s", err))
return 1
}
}
}

// Initialize the core
core, newCoreError := vault.NewCore(&coreConfig)
if newCoreError != nil {
Expand Down Expand Up @@ -2061,7 +2081,8 @@ func (c *ServerCommand) addPlugin(path, token string, core *vault.Core) error {

// detectRedirect is used to attempt redirect address detection
func (c *ServerCommand) detectRedirect(detect physical.RedirectDetect,
config *server.Config) (string, error) {
config *server.Config,
) (string, error) {
// Get the hostname
host, err := detect.DetectHostAddr()
if err != nil {
Expand Down Expand Up @@ -2506,7 +2527,8 @@ func runUnseal(c *ServerCommand, core *vault.Core, ctx context.Context) {
}

func createCoreConfig(c *ServerCommand, config *server.Config, backend physical.Backend, configSR sr.ServiceRegistration, barrierSeal, unwrapSeal vault.Seal,
metricsHelper *metricsutil.MetricsHelper, metricSink *metricsutil.ClusterMetricSink, secureRandomReader io.Reader) vault.CoreConfig {
metricsHelper *metricsutil.MetricsHelper, metricSink *metricsutil.ClusterMetricSink, secureRandomReader io.Reader,
) vault.CoreConfig {
coreConfig := &vault.CoreConfig{
RawConfig: config,
Physical: backend,
Expand Down
9 changes: 8 additions & 1 deletion command/server_util.go
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,10 @@ import (
"github.com/hashicorp/vault/vault"
)

var adjustCoreConfigForEnt = adjustCoreConfigForEntNoop
var (
adjustCoreConfigForEnt = adjustCoreConfigForEntNoop
checkStorageTypeForEnt = checkStorageTypeForEntNoop
)

func adjustCoreConfigForEntNoop(config *server.Config, coreConfig *vault.CoreConfig) {
}
Expand All @@ -15,3 +18,7 @@ var getFIPSInfoKey = getFIPSInfoKeyNoop
func getFIPSInfoKeyNoop() string {
return ""
}

func checkStorageTypeForEntNoop(coreConfig *vault.CoreConfig) error {
return nil
}

0 comments on commit 3ab0052

Please sign in to comment.