From 3ab00523a9469170c881d98e7cef81b7db41cc7b Mon Sep 17 00:00:00 2001 From: Chris Capurso <1036769+ccapurso@users.noreply.github.com> Date: Wed, 8 Jun 2022 17:15:28 -0400 Subject: [PATCH] add OSS noop check for valid ent storage (#15894) --- command/server.go | 30 ++++++++++++++++++++++++++---- command/server_util.go | 9 ++++++++- 2 files changed, 34 insertions(+), 5 deletions(-) diff --git a/command/server.go b/command/server.go index ec5209d35064..4ba9a783e463 100644 --- a/command/server.go +++ b/command/server.go @@ -42,6 +42,7 @@ import ( "github.com/hashicorp/vault/internalshared/listenerutil" "github.com/hashicorp/vault/sdk/helper/jsonutil" "github.com/hashicorp/vault/sdk/helper/logging" + "github.com/hashicorp/vault/sdk/helper/strutil" "github.com/hashicorp/vault/sdk/helper/useragent" "github.com/hashicorp/vault/sdk/logical" "github.com/hashicorp/vault/sdk/physical" @@ -75,8 +76,9 @@ const ( // Even though there are more types than the ones below, the following consts // are declared internally for value comparison and reusability. - storageTypeRaft = "raft" - storageTypeConsul = "consul" + storageTypeRaft = "raft" + storageTypeConsul = "consul" + disableStorageTypeCheckEnv = "VAULT_DISABLE_SUPPORTED_STORAGE_CHECK" ) type ServerCommand struct { @@ -1324,6 +1326,24 @@ func (c *ServerCommand) Run(args []string) int { // Apply any enterprise configuration onto the coreConfig. adjustCoreConfigForEnt(config, &coreConfig) + if !c.flagDev && os.Getenv(disableStorageTypeCheckEnv) == "" { + inMemStorageTypes := []string{ + "inmem", "inmem_ha", "inmem_transactional", "inmem_transactional_ha", + } + + if strutil.StrListContains(inMemStorageTypes, coreConfig.StorageType) { + c.UI.Warn("") + c.UI.Warn(wrapAtLength(fmt.Sprintf("WARNING: storage configured to use %q which should NOT be used in production", coreConfig.StorageType))) + c.UI.Warn("") + } else { + err = checkStorageTypeForEnt(&coreConfig) + if err != nil { + c.UI.Error(fmt.Sprintf("Invalid storage type: %s", err)) + return 1 + } + } + } + // Initialize the core core, newCoreError := vault.NewCore(&coreConfig) if newCoreError != nil { @@ -2061,7 +2081,8 @@ func (c *ServerCommand) addPlugin(path, token string, core *vault.Core) error { // detectRedirect is used to attempt redirect address detection func (c *ServerCommand) detectRedirect(detect physical.RedirectDetect, - config *server.Config) (string, error) { + config *server.Config, +) (string, error) { // Get the hostname host, err := detect.DetectHostAddr() if err != nil { @@ -2506,7 +2527,8 @@ func runUnseal(c *ServerCommand, core *vault.Core, ctx context.Context) { } func createCoreConfig(c *ServerCommand, config *server.Config, backend physical.Backend, configSR sr.ServiceRegistration, barrierSeal, unwrapSeal vault.Seal, - metricsHelper *metricsutil.MetricsHelper, metricSink *metricsutil.ClusterMetricSink, secureRandomReader io.Reader) vault.CoreConfig { + metricsHelper *metricsutil.MetricsHelper, metricSink *metricsutil.ClusterMetricSink, secureRandomReader io.Reader, +) vault.CoreConfig { coreConfig := &vault.CoreConfig{ RawConfig: config, Physical: backend, diff --git a/command/server_util.go b/command/server_util.go index 4054693be1e4..1959f1766256 100644 --- a/command/server_util.go +++ b/command/server_util.go @@ -5,7 +5,10 @@ import ( "github.com/hashicorp/vault/vault" ) -var adjustCoreConfigForEnt = adjustCoreConfigForEntNoop +var ( + adjustCoreConfigForEnt = adjustCoreConfigForEntNoop + checkStorageTypeForEnt = checkStorageTypeForEntNoop +) func adjustCoreConfigForEntNoop(config *server.Config, coreConfig *vault.CoreConfig) { } @@ -15,3 +18,7 @@ var getFIPSInfoKey = getFIPSInfoKeyNoop func getFIPSInfoKeyNoop() string { return "" } + +func checkStorageTypeForEntNoop(coreConfig *vault.CoreConfig) error { + return nil +}