From b742c7b21cef7c360de27cb265f1ed62bb270eaa Mon Sep 17 00:00:00 2001 From: Jeff Mitchell Date: Tue, 27 Mar 2018 14:50:07 -0400 Subject: [PATCH] Remove old workaround for a rollback error It can now cause problems in other situations --- vault/auth.go | 5 ---- vault/router_ext_test.go | 52 ++++++++++++++++++++++++++++++++++++++++ vault/testing.go | 47 ++++++++++++++++++++++++++++++++++++ 3 files changed, 99 insertions(+), 5 deletions(-) create mode 100644 vault/router_ext_test.go diff --git a/vault/auth.go b/vault/auth.go index 487b94230ada..38eee3326999 100644 --- a/vault/auth.go +++ b/vault/auth.go @@ -448,11 +448,6 @@ func (c *Core) setupCredentials(ctx context.Context) error { for _, entry := range c.auth.Entries { var backend logical.Backend - // Work around some problematic code that existed in master for a while - if strings.HasPrefix(entry.Path, credentialRoutePrefix) { - entry.Path = strings.TrimPrefix(entry.Path, credentialRoutePrefix) - persistNeeded = true - } // Create a barrier view using the UUID viewPath := credentialBarrierPrefix + entry.UUID + "/" diff --git a/vault/router_ext_test.go b/vault/router_ext_test.go new file mode 100644 index 000000000000..78aa76e38833 --- /dev/null +++ b/vault/router_ext_test.go @@ -0,0 +1,52 @@ +package vault_test + +import ( + "testing" + + "github.com/hashicorp/vault/api" + "github.com/hashicorp/vault/builtin/credential/userpass" + vaulthttp "github.com/hashicorp/vault/http" + "github.com/hashicorp/vault/logical" + "github.com/hashicorp/vault/vault" +) + +func TestRouter_MountSubpath_Checks(t *testing.T) { + testRouter_MountSubpath(t, []string{"auth/abcd/123", "abcd/123"}) + testRouter_MountSubpath(t, []string{"abcd/123", "auth/abcd/123"}) + testRouter_MountSubpath(t, []string{"auth/abcd/123", "abcd/123"}) +} + +func testRouter_MountSubpath(t *testing.T, mountPoints []string) { + coreConfig := &vault.CoreConfig{ + CredentialBackends: map[string]logical.Factory{ + "userpass": userpass.Factory, + }, + } + cluster := vault.NewTestCluster(t, coreConfig, &vault.TestClusterOptions{ + HandlerFunc: vaulthttp.Handler, + }) + cluster.Start() + defer cluster.Cleanup() + + vault.TestWaitActive(t, cluster.Cores[0].Core) + client := cluster.Cores[0].Client + + authInput := &api.EnableAuthOptions{ + Type: "userpass", + } + + for _, mp := range mountPoints { + t.Logf("mounting %s", mp) + var err error + err = client.Sys().EnableAuthWithOptions(mp, authInput) + if err != nil { + t.Fatalf("err: %v", err) + } + } + + cluster.EnsureCoresSealed(t) + + cluster.UnsealCores(t) + + t.Logf("Done: %#v", mountPoints) +} diff --git a/vault/testing.go b/vault/testing.go index 2bbd91950bc8..79799e6251c1 100644 --- a/vault/testing.go +++ b/vault/testing.go @@ -768,6 +768,53 @@ func (c *TestCluster) Start() { } } +// UnsealCores uses the cluster barrier keys to unseal the test cluster cores +func (c *TestCluster) UnsealCores(t testing.T) { + numCores := len(c.Cores) + + // Unseal first core + for _, key := range c.BarrierKeys { + if _, err := c.Cores[0].Unseal(TestKeyCopy(key)); err != nil { + t.Fatalf("unseal err: %s", err) + } + } + + // Verify unsealed + sealed, err := c.Cores[0].Sealed() + if err != nil { + t.Fatalf("err checking seal status: %s", err) + } + if sealed { + t.Fatal("should not be sealed") + } + + TestWaitActive(t, c.Cores[0].Core) + + // Unseal other cores + for i := 1; i < numCores; i++ { + for _, key := range c.BarrierKeys { + if _, err := c.Cores[i].Core.Unseal(TestKeyCopy(key)); err != nil { + t.Fatalf("unseal err: %s", err) + } + } + } + + // Let them come fully up to standby + time.Sleep(2 * time.Second) + + // Ensure cluster connection info is populated. + // Other cores should not come up as leaders. + for i := 1; i < numCores; i++ { + isLeader, _, _, err := c.Cores[i].Leader() + if err != nil { + t.Fatal(err) + } + if isLeader { + t.Fatalf("core[%d] should not be leader", i) + } + } +} + func (c *TestCluster) EnsureCoresSealed(t testing.T) { t.Helper() if err := c.ensureCoresSealed(); err != nil {