-
Notifications
You must be signed in to change notification settings - Fork 4.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
VAULT-12833 Update prompts for the rekey command #18892
Conversation
9ffd602
to
8565c00
Compare
// the function returns a client, the recovery keys, and a closer function | ||
func testVaultServerAutoUnseal(tb testing.TB) (*api.Client, []string, func()) { | ||
testSeal := seal.NewTestSeal(nil) | ||
autoSeal, err := vault.NewAutoSeal(testSeal) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm not sure if there's a better way to set up auto-unseal for testing
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Depends on what you're trying to do. I think you made the right choice here. If we were actually exercising seal related more directly, I might point you at something that doesn't use a NewTestSeal, which is kind of a fake.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good. I've made some minor improvement suggestions, take 'em or leave 'em as you see fit.
// the function returns a client, the recovery keys, and a closer function | ||
func testVaultServerAutoUnseal(tb testing.TB) (*api.Client, []string, func()) { | ||
testSeal := seal.NewTestSeal(nil) | ||
autoSeal, err := vault.NewAutoSeal(testSeal) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Depends on what you're trying to do. I think you made the right choice here. If we were actually exercising seal related more directly, I might point you at something that doesn't use a NewTestSeal, which is kind of a fake.
All the prompts for the rekey command currently assume that the
-target
flag is set to its default value ofbarrier
. If the-target=recovery
option is set, then the prompts should instead describe recovery keys. I updated the language and added some tests around recovery keys.