From a19311c8c4babda8310daa0060047fc74716b6bc Mon Sep 17 00:00:00 2001 From: Chris Capurso <1036769+ccapurso@users.noreply.github.com> Date: Fri, 7 Apr 2023 11:01:38 -0400 Subject: [PATCH 1/5] add max_entry_size to sanitized config output --- command/server/config.go | 20 +++- http/sys_config_state_test.go | 212 +++++++++++++++++++++++++--------- 2 files changed, 176 insertions(+), 56 deletions(-) diff --git a/command/server/config.go b/command/server/config.go index ebeb7753386d..d1a69fdee94f 100644 --- a/command/server/config.go +++ b/command/server/config.go @@ -1133,23 +1133,39 @@ func (c *Config) Sanitized() map[string]interface{} { // Sanitize storage stanza if c.Storage != nil { + storageType := c.Storage.Type sanitizedStorage := map[string]interface{}{ - "type": c.Storage.Type, + "type": storageType, "redirect_addr": c.Storage.RedirectAddr, "cluster_addr": c.Storage.ClusterAddr, "disable_clustering": c.Storage.DisableClustering, } + + if storageType == "raft" { + sanitizedStorage["raft"] = map[string]interface{}{ + "max_entry_size": c.Storage.Config["max_entry_size"], + } + } + result["storage"] = sanitizedStorage } // Sanitize HA storage stanza if c.HAStorage != nil { + haStorageType := c.HAStorage.Type sanitizedHAStorage := map[string]interface{}{ - "type": c.HAStorage.Type, + "type": haStorageType, "redirect_addr": c.HAStorage.RedirectAddr, "cluster_addr": c.HAStorage.ClusterAddr, "disable_clustering": c.HAStorage.DisableClustering, } + + if haStorageType == "raft" { + sanitizedHAStorage["raft"] = map[string]interface{}{ + "max_entry_size": c.HAStorage.Config["max_entry_size"], + } + } + result["ha_storage"] = sanitizedHAStorage } diff --git a/http/sys_config_state_test.go b/http/sys_config_state_test.go index 889121837e27..d257cbe07f33 100644 --- a/http/sys_config_state_test.go +++ b/http/sys_config_state_test.go @@ -9,70 +9,174 @@ import ( "testing" "github.com/go-test/deep" + "github.com/hashicorp/vault/command/server" + "github.com/hashicorp/vault/internalshared/configutil" "github.com/hashicorp/vault/vault" ) func TestSysConfigState_Sanitized(t *testing.T) { - var resp *http.Response + cases := []struct { + name string + storageConfig *server.Storage + haStorageConfig *server.Storage + expectedStorageOutput map[string]interface{} + expectedHAStorageOutput map[string]interface{} + }{ + { + "raft storage", + &server.Storage{ + Type: "raft", + RedirectAddr: "http://127.0.0.1:8200", + ClusterAddr: "http://127.0.0.1:8201", + DisableClustering: false, + Config: map[string]string{ + "path": "/storage/path/raft", + "node_id": "raft1", + "max_entry_size": "2097152", + }, + }, + nil, + map[string]interface{}{ + "type": "raft", + "redirect_addr": "http://127.0.0.1:8200", + "cluster_addr": "http://127.0.0.1:8201", + "disable_clustering": false, + "raft": map[string]interface{}{ + "max_entry_size": "2097152", + }, + }, + nil, + }, + { + "inmem storage, raft HA storage", + &server.Storage{ + Type: "inmem", + RedirectAddr: "http://127.0.0.1:8200", + ClusterAddr: "http://127.0.0.1:8201", + DisableClustering: false, + }, + &server.Storage{ + Type: "raft", + RedirectAddr: "http://127.0.0.1:8200", + ClusterAddr: "http://127.0.0.1:8201", + DisableClustering: false, + Config: map[string]string{ + "path": "/storage/path/raft", + "node_id": "raft1", + "max_entry_size": "2097152", + }, + }, + map[string]interface{}{ + "type": "inmem", + "redirect_addr": "http://127.0.0.1:8200", + "cluster_addr": "http://127.0.0.1:8201", + "disable_clustering": false, + }, + map[string]interface{}{ + "type": "raft", + "redirect_addr": "http://127.0.0.1:8200", + "cluster_addr": "http://127.0.0.1:8201", + "disable_clustering": false, + "raft": map[string]interface{}{ + "max_entry_size": "2097152", + }, + }, + }, + } - core, _, token := vault.TestCoreUnsealed(t) - ln, addr := TestServer(t, core) - defer ln.Close() - TestServerAuth(t, addr, token) + for _, tc := range cases { + tc := tc - resp = testHttpGet(t, token, addr+"/v1/sys/config/state/sanitized") - testResponseStatus(t, resp, 200) + t.Run(tc.name, func(t *testing.T) { + var resp *http.Response + confRaw := &server.Config{ + Storage: tc.storageConfig, + HAStorage: tc.haStorageConfig, + SharedConfig: &configutil.SharedConfig{ + Listeners: []*configutil.Listener{ + { + Type: "tcp", + Address: "127.0.0.1", + }, + }, + }, + } - var actual map[string]interface{} - var expected map[string]interface{} + conf := &vault.CoreConfig{ + RawConfig: confRaw, + } - configResp := map[string]interface{}{ - "api_addr": "", - "cache_size": json.Number("0"), - "cluster_addr": "", - "cluster_cipher_suites": "", - "cluster_name": "", - "default_lease_ttl": json.Number("0"), - "default_max_request_duration": json.Number("0"), - "disable_cache": false, - "disable_clustering": false, - "disable_indexing": false, - "disable_mlock": false, - "disable_performance_standby": false, - "disable_printable_check": false, - "disable_sealwrap": false, - "experiments": nil, - "raw_storage_endpoint": false, - "detect_deadlocks": "", - "introspection_endpoint": false, - "disable_sentinel_trace": false, - "enable_ui": false, - "log_format": "", - "log_level": "", - "max_lease_ttl": json.Number("0"), - "pid_file": "", - "plugin_directory": "", - "plugin_file_uid": json.Number("0"), - "plugin_file_permissions": json.Number("0"), - "enable_response_header_hostname": false, - "enable_response_header_raft_node_id": false, - "log_requests_level": "", - } + core, _, token := vault.TestCoreUnsealedWithConfig(t, conf) + ln, addr := TestServer(t, core) + defer ln.Close() + TestServerAuth(t, addr, token) - expected = map[string]interface{}{ - "lease_id": "", - "renewable": false, - "lease_duration": json.Number("0"), - "wrap_info": nil, - "warnings": nil, - "auth": nil, - "data": configResp, - } + resp = testHttpGet(t, token, addr+"/v1/sys/config/state/sanitized") + testResponseStatus(t, resp, 200) + + var actual map[string]interface{} + var expected map[string]interface{} + + configResp := map[string]interface{}{ + "api_addr": "", + "cache_size": json.Number("0"), + "cluster_addr": "", + "cluster_cipher_suites": "", + "cluster_name": "", + "default_lease_ttl": json.Number("0"), + "default_max_request_duration": json.Number("0"), + "disable_cache": false, + "disable_clustering": false, + "disable_indexing": false, + "disable_mlock": false, + "disable_performance_standby": false, + "disable_printable_check": false, + "disable_sealwrap": false, + "experiments": nil, + "raw_storage_endpoint": false, + "detect_deadlocks": "", + "introspection_endpoint": false, + "disable_sentinel_trace": false, + "enable_ui": false, + "log_format": "", + "log_level": "", + "max_lease_ttl": json.Number("0"), + "pid_file": "", + "plugin_directory": "", + "plugin_file_uid": json.Number("0"), + "plugin_file_permissions": json.Number("0"), + "enable_response_header_hostname": false, + "enable_response_header_raft_node_id": false, + "log_requests_level": "", + "listeners": []interface{}{ + map[string]interface{}{ + "config": nil, + "type": "tcp", + }, + }, + "storage": tc.expectedStorageOutput, + } + + if tc.expectedHAStorageOutput != nil { + configResp["ha_storage"] = tc.expectedHAStorageOutput + } + + expected = map[string]interface{}{ + "lease_id": "", + "renewable": false, + "lease_duration": json.Number("0"), + "wrap_info": nil, + "warnings": nil, + "auth": nil, + "data": configResp, + } - testResponseBody(t, resp, &actual) - expected["request_id"] = actual["request_id"] + testResponseBody(t, resp, &actual) + expected["request_id"] = actual["request_id"] - if diff := deep.Equal(actual, expected); len(diff) > 0 { - t.Fatalf("bad mismatch response body: diff: %v", diff) + if diff := deep.Equal(actual, expected); len(diff) > 0 { + t.Fatalf("bad mismatch response body: diff: %v", diff) + } + }) } } From 3e1167bb3d2f447e0a9c38e2c6f5208a22645bb4 Mon Sep 17 00:00:00 2001 From: Chris Capurso <1036769+ccapurso@users.noreply.github.com> Date: Fri, 7 Apr 2023 11:07:58 -0400 Subject: [PATCH 2/5] add changelog entry --- changelog/20044.txt | 4 ++++ 1 file changed, 4 insertions(+) create mode 100644 changelog/20044.txt diff --git a/changelog/20044.txt b/changelog/20044.txt new file mode 100644 index 000000000000..014e61b46743 --- /dev/null +++ b/changelog/20044.txt @@ -0,0 +1,4 @@ +```release-note:improvement +core: Add a `raft` sub-field to the `storage` and `ha_storage` details provided by the +`/sys/config/state/sanitized` endpoint in order to include the `max_entry_size`. +``` From cc23ded1e23226d163c4a40b9a241c18f8f7787c Mon Sep 17 00:00:00 2001 From: Chris Capurso <1036769+ccapurso@users.noreply.github.com> Date: Wed, 12 Apr 2023 15:48:34 -0400 Subject: [PATCH 3/5] add test parallelism --- http/sys_config_state_test.go | 2 ++ 1 file changed, 2 insertions(+) diff --git a/http/sys_config_state_test.go b/http/sys_config_state_test.go index d257cbe07f33..b3825a720bd2 100644 --- a/http/sys_config_state_test.go +++ b/http/sys_config_state_test.go @@ -88,6 +88,8 @@ func TestSysConfigState_Sanitized(t *testing.T) { tc := tc t.Run(tc.name, func(t *testing.T) { + t.Parallel() + var resp *http.Response confRaw := &server.Config{ Storage: tc.storageConfig, From 8a9cfb26a947ff86ca27441fea476276dbf9cae7 Mon Sep 17 00:00:00 2001 From: Chris Capurso <1036769+ccapurso@users.noreply.github.com> Date: Wed, 12 Apr 2023 15:48:43 -0400 Subject: [PATCH 4/5] add inmem test case --- http/sys_config_state_test.go | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/http/sys_config_state_test.go b/http/sys_config_state_test.go index b3825a720bd2..2484ca384c3d 100644 --- a/http/sys_config_state_test.go +++ b/http/sys_config_state_test.go @@ -47,6 +47,23 @@ func TestSysConfigState_Sanitized(t *testing.T) { }, nil, }, + { + "inmem storage, no HA storage", + &server.Storage{ + Type: "inmem", + RedirectAddr: "http://127.0.0.1:8200", + ClusterAddr: "http://127.0.0.1:8201", + DisableClustering: false, + }, + nil, + map[string]interface{}{ + "type": "inmem", + "redirect_addr": "http://127.0.0.1:8200", + "cluster_addr": "http://127.0.0.1:8201", + "disable_clustering": false, + }, + nil, + }, { "inmem storage, raft HA storage", &server.Storage{ From ca3949122187c7d8926f5345243e366e778acb2e Mon Sep 17 00:00:00 2001 From: Chris Capurso <1036769+ccapurso@users.noreply.github.com> Date: Thu, 13 Apr 2023 09:42:07 -0400 Subject: [PATCH 5/5] use named struct fields for TestSysConfigState_Sanitized cases --- http/sys_config_state_test.go | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/http/sys_config_state_test.go b/http/sys_config_state_test.go index 2484ca384c3d..c8f6c402bddb 100644 --- a/http/sys_config_state_test.go +++ b/http/sys_config_state_test.go @@ -23,8 +23,8 @@ func TestSysConfigState_Sanitized(t *testing.T) { expectedHAStorageOutput map[string]interface{} }{ { - "raft storage", - &server.Storage{ + name: "raft storage", + storageConfig: &server.Storage{ Type: "raft", RedirectAddr: "http://127.0.0.1:8200", ClusterAddr: "http://127.0.0.1:8201", @@ -35,8 +35,8 @@ func TestSysConfigState_Sanitized(t *testing.T) { "max_entry_size": "2097152", }, }, - nil, - map[string]interface{}{ + haStorageConfig: nil, + expectedStorageOutput: map[string]interface{}{ "type": "raft", "redirect_addr": "http://127.0.0.1:8200", "cluster_addr": "http://127.0.0.1:8201", @@ -45,34 +45,34 @@ func TestSysConfigState_Sanitized(t *testing.T) { "max_entry_size": "2097152", }, }, - nil, + expectedHAStorageOutput: nil, }, { - "inmem storage, no HA storage", - &server.Storage{ + name: "inmem storage, no HA storage", + storageConfig: &server.Storage{ Type: "inmem", RedirectAddr: "http://127.0.0.1:8200", ClusterAddr: "http://127.0.0.1:8201", DisableClustering: false, }, - nil, - map[string]interface{}{ + haStorageConfig: nil, + expectedStorageOutput: map[string]interface{}{ "type": "inmem", "redirect_addr": "http://127.0.0.1:8200", "cluster_addr": "http://127.0.0.1:8201", "disable_clustering": false, }, - nil, + expectedHAStorageOutput: nil, }, { - "inmem storage, raft HA storage", - &server.Storage{ + name: "inmem storage, raft HA storage", + storageConfig: &server.Storage{ Type: "inmem", RedirectAddr: "http://127.0.0.1:8200", ClusterAddr: "http://127.0.0.1:8201", DisableClustering: false, }, - &server.Storage{ + haStorageConfig: &server.Storage{ Type: "raft", RedirectAddr: "http://127.0.0.1:8200", ClusterAddr: "http://127.0.0.1:8201", @@ -83,13 +83,13 @@ func TestSysConfigState_Sanitized(t *testing.T) { "max_entry_size": "2097152", }, }, - map[string]interface{}{ + expectedStorageOutput: map[string]interface{}{ "type": "inmem", "redirect_addr": "http://127.0.0.1:8200", "cluster_addr": "http://127.0.0.1:8201", "disable_clustering": false, }, - map[string]interface{}{ + expectedHAStorageOutput: map[string]interface{}{ "type": "raft", "redirect_addr": "http://127.0.0.1:8200", "cluster_addr": "http://127.0.0.1:8201",