Port some replicated cluster changes from ent (#4037)

hashicorp · Feb 23, 2018 · a46b996 · a46b996
1 parent 2769b9f
commit a46b996
Show file tree

Hide file tree

Showing 3 changed files with 11 additions and 7 deletions.
diff --git a/vault/cluster.go b/vault/cluster.go
@@ -38,6 +38,10 @@ var (
 	ErrCannotForward = errors.New("cannot forward request; no connection or address not known")
 )
 
+// This is used for enterprise replication information
+type ReplicatedClusters struct {
+}
+
 // This can be one of a few key types so the different params may or may not be filled
 type clusterKeyParams struct {
 	Type string   `json:"type" structs:"type" mapstructure:"type"`
@@ -338,7 +342,7 @@ func (c *Core) stopClusterListener() {
 
 // ClusterTLSConfig generates a TLS configuration based on the local/replicated
 // cluster key and cert.
-func (c *Core) ClusterTLSConfig(ctx context.Context) (*tls.Config, error) {
+func (c *Core) ClusterTLSConfig(ctx context.Context, repClusters *ReplicatedClusters) (*tls.Config, error) {
 	// Using lookup functions allows just-in-time lookup of the current state
 	// of clustering as connections come and go
 

diff --git a/vault/cluster_test.go b/vault/cluster_test.go
@@ -108,7 +108,7 @@ func TestCluster_ListenForRequests(t *testing.T) {
 	// Use this to have a valid config after sealing since ClusterTLSConfig returns nil
 	var lastTLSConfig *tls.Config
 	checkListenersFunc := func(expectFail bool) {
-		tlsConfig, err := cores[0].ClusterTLSConfig(context.Background())
+		tlsConfig, err := cores[0].ClusterTLSConfig(context.Background(), nil)
 		if err != nil {
 			if err.Error() != consts.ErrSealed.Error() {
 				t.Fatal(err)
@@ -395,7 +395,7 @@ func TestCluster_CustomCipherSuites(t *testing.T) {
 	// Wait for core to become active
 	TestWaitActive(t, core.Core)
 
-	tlsConf, err := core.Core.ClusterTLSConfig(context.Background())
+	tlsConf, err := core.Core.ClusterTLSConfig(context.Background(), nil)
 	if err != nil {
 		t.Fatal(err)
 	}

diff --git a/vault/request_forwarding.go b/vault/request_forwarding.go
@@ -45,7 +45,7 @@ func (c *Core) startForwarding(ctx context.Context) error {
 	ha := c.ha != nil
 
 	// Get our TLS config
-	tlsConfig, err := c.ClusterTLSConfig(ctx)
+	tlsConfig, err := c.ClusterTLSConfig(ctx, nil)
 	if err != nil {
 		c.logger.Error("core: failed to get tls configuration when starting forwarding", "error", err)
 		return err
@@ -260,7 +260,7 @@ func (c *Core) refreshRequestForwardingConnection(ctx context.Context, clusterAd
 	// the TLS state.
 	dctx, cancelFunc := context.WithCancel(ctx)
 	c.rpcClientConn, err = grpc.DialContext(dctx, clusterURL.Host,
-		grpc.WithDialer(c.getGRPCDialer(ctx, requestForwardingALPN, "", nil)),
+		grpc.WithDialer(c.getGRPCDialer(ctx, requestForwardingALPN, "", nil, nil)),
 		grpc.WithInsecure(), // it's not, we handle it in the dialer
 		grpc.WithKeepaliveParams(keepalive.ClientParameters{
 			Time: 2 * HeartbeatInterval,
@@ -343,9 +343,9 @@ func (c *Core) ForwardRequest(req *http.Request) (int, http.Header, []byte, erro
 // getGRPCDialer is used to return a dialer that has the correct TLS
 // configuration. Otherwise gRPC tries to be helpful and stomps all over our
 // NextProtos.
-func (c *Core) getGRPCDialer(ctx context.Context, alpnProto, serverName string, caCert *x509.Certificate) func(string, time.Duration) (net.Conn, error) {
+func (c *Core) getGRPCDialer(ctx context.Context, alpnProto, serverName string, caCert *x509.Certificate, repClusters *ReplicatedClusters) func(string, time.Duration) (net.Conn, error) {
 	return func(addr string, timeout time.Duration) (net.Conn, error) {
-		tlsConfig, err := c.ClusterTLSConfig(ctx)
+		tlsConfig, err := c.ClusterTLSConfig(ctx, repClusters)
 		if err != nil {
 			c.logger.Error("core: failed to get tls configuration", "error", err)
 			return nil, err