Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

AWS upgrade role entries #7025

Merged
merged 58 commits into from
Jul 5, 2019
Merged
Changes from 1 commit
Commits
Show all changes
58 commits
Select commit Hold shift + click to select a range
981f708
upgrade aws roles
mjarmy Jun 30, 2019
1ead348
test upgrade aws roles
mjarmy Jun 30, 2019
cccb56e
Initialize aws credential backend at mount time
mjarmy Jun 30, 2019
ce1dbe0
add a TODO
mjarmy Jun 30, 2019
593048f
create end-to-end test for builtin/credential/aws
mjarmy Jun 30, 2019
7e900b6
fix bug in initializer
mjarmy Jun 30, 2019
add4b06
improve comments
mjarmy Jun 30, 2019
24a10f5
add Initialize() to logical.Backend
mjarmy Jun 30, 2019
6abe0ee
use Initialize() in Core.enableCredentialInternal()
mjarmy Jun 30, 2019
a3d10a5
use InitializeRequest to call Initialize()
mjarmy Jul 1, 2019
ae25817
improve unit testing for framework.Backend
mjarmy Jul 1, 2019
274ed9d
call logical.Backend.Initialize() from all of the places that it need…
mjarmy Jul 1, 2019
397dd6f
implement backend.proto changes for logical.Backend.Initialize()
mjarmy Jul 1, 2019
e38ffab
persist current role storage version when upgrading aws roles
mjarmy Jul 1, 2019
f68254b
format comments correctly
mjarmy Jul 1, 2019
07e4722
improve comments
mjarmy Jul 1, 2019
7bca471
use postUnseal funcs to initialize backends
mjarmy Jul 1, 2019
bffa3f5
simplify test suite
mjarmy Jul 1, 2019
851610c
improve test suite
mjarmy Jul 1, 2019
67ac41c
merge from master
mjarmy Jul 2, 2019
4f36e95
simplify logic in aws role upgrade
mjarmy Jul 2, 2019
ccb86b5
simplify aws credential initialization logic
mjarmy Jul 2, 2019
1f95d4b
simplify logic in aws role upgrade
mjarmy Jul 2, 2019
bdef021
use the core's activeContext for initialization
mjarmy Jul 2, 2019
65df479
refactor builtin/plugin/Backend
mjarmy Jul 2, 2019
ce5e3cf
use a goroutine to upgrade the aws roles
mjarmy Jul 2, 2019
5401e63
misc improvements and cleanup
mjarmy Jul 2, 2019
e67f828
do not run AWS role upgrade on DR Secondary
mjarmy Jul 2, 2019
e574a14
always call logical.Backend.Initialize() when loading a plugin.
mjarmy Jul 2, 2019
dc7db93
improve comments
mjarmy Jul 2, 2019
9e74fb3
on standbys and DR secondaries we do not want to run any kind of upgr…
mjarmy Jul 2, 2019
208eb8d
merge from master
mjarmy Jul 3, 2019
11dbf68
fix awsVersion struct
mjarmy Jul 3, 2019
034791b
merge from master
mjarmy Jul 3, 2019
f95bb32
merge fixes to aws version
mjarmy Jul 3, 2019
5187bd2
clarify aws version upgrade
mjarmy Jul 3, 2019
c5e63e4
make the upgrade logic for aws auth more explicit
mjarmy Jul 3, 2019
c652d55
aws upgrade is now called from a switch
mjarmy Jul 3, 2019
0344a87
fix fallthrough bug
mjarmy Jul 3, 2019
52dae95
simplify logic
mjarmy Jul 3, 2019
c3bdfac
simplify logic
mjarmy Jul 3, 2019
94e707b
rename things
mjarmy Jul 3, 2019
d5de690
introduce currentAwsVersion const to track aws version
mjarmy Jul 3, 2019
4aea057
improve comments
mjarmy Jul 3, 2019
e868585
rearrange things once more
mjarmy Jul 4, 2019
d38f38b
conglomerate things into one function
mjarmy Jul 4, 2019
0e1150a
stub out aws auth initialize e2e test
mjarmy Jul 3, 2019
e8da5e5
improve aws auth initialize e2e test
mjarmy Jul 3, 2019
8e3e3f9
finish aws auth initialize e2e test
mjarmy Jul 4, 2019
b1603a3
tinker with aws auth initialize e2e test
mjarmy Jul 4, 2019
9a13a44
tinker with aws auth initialize e2e test
mjarmy Jul 4, 2019
7a2044e
tinker with aws auth initialize e2e test
mjarmy Jul 5, 2019
840aa89
fix typo in test suite
mjarmy Jul 5, 2019
9d2275c
simplify logic a tad
mjarmy Jul 5, 2019
fcdae78
rearrange assignment
mjarmy Jul 5, 2019
a8afc74
Fix a few lifecycle related issues in #7025 (#7075)
briankassouf Jul 5, 2019
d59209f
Merge branch 'master' into aws-upgrade-role-entries-v2
briankassouf Jul 5, 2019
f50bf2f
Fix panic when plugin fails to load
Jul 5, 2019
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
aws upgrade is now called from a switch
mjarmy committed Jul 3, 2019
commit c652d554b96156a34edb33b24a9a89851668ece5
85 changes: 41 additions & 44 deletions builtin/credential/aws/path_role.go
Original file line number Diff line number Diff line change
@@ -367,82 +367,79 @@ type awsVersion struct {
RoleVersion int `json:"role_verison"`
}

// upgrade aws version
// upgrade does an upgrade, if necessary
func (b *backend) upgrade(ctx context.Context, s logical.Storage) (bool, error) {

// check if we should upgrade
needToUpgrade, err := b.shouldUprade(ctx, s)
entry, err := s.Get(ctx, "config/version")
if err != nil {
return false, err
}
if !needToUpgrade {

// if there is no persisted version, we need to upgrade
if entry == nil {
err = b.upgradeRoles(ctx, s)
mjarmy marked this conversation as resolved.
Show resolved Hide resolved
if err != nil {
return false, err
}
return true, nil
}

var version awsVersion
err = entry.DecodeJSON(&version)
if err != nil {
return false, err
}

// upgrade if persisted roleVersion is out of date
switch version.RoleVersion {
mjarmy marked this conversation as resolved.
Show resolved Hide resolved
case 0:
mjarmy marked this conversation as resolved.
Show resolved Hide resolved
case 1:
case 2:
err = b.upgradeRoles(ctx, s)
mjarmy marked this conversation as resolved.
Show resolved Hide resolved
if err != nil {
return false, err
}

case currentRoleStorageVersion:
return false, nil

}
return false, fmt.Errorf("unrecognized role version: %q", version.RoleVersion)
}

// upgradeRoles upgrades the various aws roles
func (b *backend) upgradeRoles(ctx context.Context, s logical.Storage) error {
mjarmy marked this conversation as resolved.
Show resolved Hide resolved

// Read all the role names.
roleNames, err := s.List(ctx, "role/")
if err != nil {
return false, err
return err
}

// Upgrade the roles as necessary.
mjarmy marked this conversation as resolved.
Show resolved Hide resolved
for _, roleName := range roleNames {
// make sure the context hasn't been canceled
if ctx.Err() != nil {
return false, err
return err
}
_, err := b.roleInternal(ctx, s, roleName)
if err != nil {
return false, err
return err
}
}

// save the current version
rsv := awsVersion{RoleVersion: currentRoleStorageVersion}
entry, err := logical.StorageEntryJSON("config/version", &rsv)
if err != nil {
return false, err
return err
}
err = s.Put(ctx, entry)
if err != nil {
return false, err
}

return true, nil
}

// shouldUprade checks if we need to upgrade
func (b *backend) shouldUprade(ctx context.Context, s logical.Storage) (bool, error) {

entry, err := s.Get(ctx, "config/version")
if err != nil {
return false, err
}

// if there is no persisted version, we need to upgrade
if entry == nil {
return true, nil
}

var version awsVersion
err = entry.DecodeJSON(&version)
if err != nil {
return false, err
return err
}

// for now, we only need to upgrade if the role version has been
// superseded. This may change in the future.
switch version.RoleVersion {
case 0:
case 1:
case 2:
return true, nil

case currentRoleStorageVersion:
return false, nil

}
return false, fmt.Errorf("unrecognized role version: %q", version.RoleVersion)
return nil
}

// If needed, updates the role entry and returns a bool indicating if it was updated