From a46b996496e6885f68787467ab13558fcff010b7 Mon Sep 17 00:00:00 2001 From: Brian Kassouf Date: Fri, 23 Feb 2018 11:01:15 -0800 Subject: [PATCH] Port some replicated cluster changes from ent (#4037) --- vault/cluster.go | 6 +++++- vault/cluster_test.go | 4 ++-- vault/request_forwarding.go | 8 ++++---- 3 files changed, 11 insertions(+), 7 deletions(-) diff --git a/vault/cluster.go b/vault/cluster.go index c29bcaf84b7e..5139ac59fbc2 100644 --- a/vault/cluster.go +++ b/vault/cluster.go @@ -38,6 +38,10 @@ var ( ErrCannotForward = errors.New("cannot forward request; no connection or address not known") ) +// This is used for enterprise replication information +type ReplicatedClusters struct { +} + // This can be one of a few key types so the different params may or may not be filled type clusterKeyParams struct { Type string `json:"type" structs:"type" mapstructure:"type"` @@ -338,7 +342,7 @@ func (c *Core) stopClusterListener() { // ClusterTLSConfig generates a TLS configuration based on the local/replicated // cluster key and cert. -func (c *Core) ClusterTLSConfig(ctx context.Context) (*tls.Config, error) { +func (c *Core) ClusterTLSConfig(ctx context.Context, repClusters *ReplicatedClusters) (*tls.Config, error) { // Using lookup functions allows just-in-time lookup of the current state // of clustering as connections come and go diff --git a/vault/cluster_test.go b/vault/cluster_test.go index 17aad7bd5c8d..40048a3abc8d 100644 --- a/vault/cluster_test.go +++ b/vault/cluster_test.go @@ -108,7 +108,7 @@ func TestCluster_ListenForRequests(t *testing.T) { // Use this to have a valid config after sealing since ClusterTLSConfig returns nil var lastTLSConfig *tls.Config checkListenersFunc := func(expectFail bool) { - tlsConfig, err := cores[0].ClusterTLSConfig(context.Background()) + tlsConfig, err := cores[0].ClusterTLSConfig(context.Background(), nil) if err != nil { if err.Error() != consts.ErrSealed.Error() { t.Fatal(err) @@ -395,7 +395,7 @@ func TestCluster_CustomCipherSuites(t *testing.T) { // Wait for core to become active TestWaitActive(t, core.Core) - tlsConf, err := core.Core.ClusterTLSConfig(context.Background()) + tlsConf, err := core.Core.ClusterTLSConfig(context.Background(), nil) if err != nil { t.Fatal(err) } diff --git a/vault/request_forwarding.go b/vault/request_forwarding.go index 687e647763ea..f0f6a4c4bcb3 100644 --- a/vault/request_forwarding.go +++ b/vault/request_forwarding.go @@ -45,7 +45,7 @@ func (c *Core) startForwarding(ctx context.Context) error { ha := c.ha != nil // Get our TLS config - tlsConfig, err := c.ClusterTLSConfig(ctx) + tlsConfig, err := c.ClusterTLSConfig(ctx, nil) if err != nil { c.logger.Error("core: failed to get tls configuration when starting forwarding", "error", err) return err @@ -260,7 +260,7 @@ func (c *Core) refreshRequestForwardingConnection(ctx context.Context, clusterAd // the TLS state. dctx, cancelFunc := context.WithCancel(ctx) c.rpcClientConn, err = grpc.DialContext(dctx, clusterURL.Host, - grpc.WithDialer(c.getGRPCDialer(ctx, requestForwardingALPN, "", nil)), + grpc.WithDialer(c.getGRPCDialer(ctx, requestForwardingALPN, "", nil, nil)), grpc.WithInsecure(), // it's not, we handle it in the dialer grpc.WithKeepaliveParams(keepalive.ClientParameters{ Time: 2 * HeartbeatInterval, @@ -343,9 +343,9 @@ func (c *Core) ForwardRequest(req *http.Request) (int, http.Header, []byte, erro // getGRPCDialer is used to return a dialer that has the correct TLS // configuration. Otherwise gRPC tries to be helpful and stomps all over our // NextProtos. -func (c *Core) getGRPCDialer(ctx context.Context, alpnProto, serverName string, caCert *x509.Certificate) func(string, time.Duration) (net.Conn, error) { +func (c *Core) getGRPCDialer(ctx context.Context, alpnProto, serverName string, caCert *x509.Certificate, repClusters *ReplicatedClusters) func(string, time.Duration) (net.Conn, error) { return func(addr string, timeout time.Duration) (net.Conn, error) { - tlsConfig, err := c.ClusterTLSConfig(ctx) + tlsConfig, err := c.ClusterTLSConfig(ctx, repClusters) if err != nil { c.logger.Error("core: failed to get tls configuration", "error", err) return nil, err