testcluster

package
v0.10.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Sep 5, 2023 License: MPL-2.0 Imports: 27 Imported by: 1

Documentation

Index

Constants

View Source 
const (
	// EnvVaultLicenseCI is the name of an environment variable that contains
	// a signed license string used for Vault Enterprise binary-based tests.
	// The binary will be run with the env var VAULT_LICENSE set to this value.
	EnvVaultLicenseCI = "VAULT_LICENSE_CI"

	// DefaultCAFile is the path to the CA file. This is a docker-specific
	// constant. TODO: needs to be moved to a more relevant place
	DefaultCAFile = "/vault/config/ca.pem"
)

Variables

This section is empty.

Functions

func DemoteDRPrimary 

func DemoteDRPrimary(client *api.Client) error

func EnableDRSecondaryNoWait 

func EnableDRSecondaryNoWait(ctx context.Context, sec VaultCluster, drToken string) error

func EnableDrPrimary 

func EnableDrPrimary(ctx context.Context, pri VaultCluster) error

func EnableDrSecondary 

func EnableDrSecondary(ctx context.Context, pri, sec VaultCluster, drToken string) error

func EnablePerfPrimary 

func EnablePerfPrimary(ctx context.Context, pri VaultCluster) error

func EnablePerformanceSecondary 

func EnablePerformanceSecondary(ctx context.Context, perfToken string, pri, sec VaultCluster, updatePrimary, skipPoisonPill bool) (string, error)

func EnablePerformanceSecondaryNoWait 

func EnablePerformanceSecondaryNoWait(ctx context.Context, perfToken string, pri, sec VaultCluster, updatePrimary bool) error

func EnsureCoreIsPerfStandby 

func EnsureCoreIsPerfStandby(ctx context.Context, client *api.Client) error

func GenerateDRActivationToken 

func GenerateDRActivationToken(pri VaultCluster, id, secondaryPublicKey string) (string, error)

func GenerateRoot 

func GenerateRoot(cluster VaultCluster, kind GenerateRootKind) (string, error)

func GetActiveAndStandbys 

func GetActiveAndStandbys(ctx context.Context, cluster VaultCluster) (VaultClusterNode, []VaultClusterNode, error)

func GetPerformanceToken 

func GetPerformanceToken(pri VaultCluster, id, secondaryPublicKey string) (string, error)

func JSONLogNoTimestamp 

func JSONLogNoTimestamp(outlog hclog.Logger, text string)

func LeaderNode 

func LeaderNode(ctx context.Context, cluster VaultCluster) (int, error)

func NodeHealthy 

func NodeHealthy(ctx context.Context, cluster VaultCluster, nodeIdx int) error

func NodeSealed 

func NodeSealed(ctx context.Context, cluster VaultCluster, nodeIdx int) error

func PassiveWaitForActiveNodeAndPerfStandbys 

func PassiveWaitForActiveNodeAndPerfStandbys(ctx context.Context, pri VaultCluster) (VaultClusterNode, []VaultClusterNode, error)

PassiveWaitForActiveNodeAndPerfStandbys should be used instead of WaitForActiveNodeAndPerfStandbys when you don't want to do any writes as a side-effect. This returns perfStandby nodes in the cluster and an error.

func PromoteDRSecondary 

func PromoteDRSecondary(ctx context.Context, sec VaultCluster) error

PromoteDRSecondary generates a DR operation token on the secondary using unseal/recovery keys. Therefore, the primary cluster could potentially be out of service.

func PromoteDRSecondaryWithBatchToken 

func PromoteDRSecondaryWithBatchToken(ctx context.Context, pri, sec VaultCluster) error

PromoteDRSecondaryWithBatchToken creates a batch token for DR promotion before promotion, it demotes the primary cluster. The primary cluster needs to be functional for the generation of the batch token

func SealAllNodes 

func SealAllNodes(ctx context.Context, cluster VaultCluster) error

func SealNode 

func SealNode(ctx context.Context, cluster VaultCluster, nodeIdx int) error

Note that OSS standbys will not accept seal requests. And ent perf standbys may fail it as well if they haven't yet been able to get "elected" as perf standbys.

func SetupFourClusterReplication 

func SetupFourClusterReplication(ctx context.Context, pri, sec, pridr, secdr VaultCluster) error

func SetupTwoClusterDRReplication 

func SetupTwoClusterDRReplication(ctx context.Context, pri, sec VaultCluster) error

func SetupTwoClusterPerfReplication 

func SetupTwoClusterPerfReplication(ctx context.Context, pri, sec VaultCluster) error

func UnsealAllNodes 

func UnsealAllNodes(ctx context.Context, cluster VaultCluster) error

func UnsealNode 

func UnsealNode(ctx context.Context, cluster VaultCluster, nodeIdx int) error

func UpdatePrimary 

func UpdatePrimary(ctx context.Context, pri, sec VaultCluster) error

func WaitForActiveNode 

func WaitForActiveNode(ctx context.Context, cluster VaultCluster) (int, error)

func WaitForActiveNodeAndPerfStandbys 

func WaitForActiveNodeAndPerfStandbys(ctx context.Context, cluster VaultCluster) error

func WaitForDRReplicationState 

func WaitForDRReplicationState(ctx context.Context, cluster VaultCluster, state consts.ReplicationState) error

func WaitForDRReplicationWorking 

func WaitForDRReplicationWorking(ctx context.Context, pri, sec VaultCluster) error

func WaitForDRSecondary 

func WaitForDRSecondary(ctx context.Context, pri, sec VaultCluster, skipPoisonPill bool) error

func WaitForMatchingMerkleRoots 

func WaitForMatchingMerkleRoots(ctx context.Context, endpoint string, pri, sec VaultCluster) error

func WaitForNCoresSealed 

func WaitForNCoresSealed(ctx context.Context, cluster VaultCluster, n int) error

func WaitForPerfReplicationConnectionStatus 

func WaitForPerfReplicationConnectionStatus(ctx context.Context, client *api.Client) error

func WaitForPerfReplicationState 

func WaitForPerfReplicationState(ctx context.Context, cluster VaultCluster, state consts.ReplicationState) error

func WaitForPerfReplicationStatus 

func WaitForPerfReplicationStatus(ctx context.Context, client *api.Client, accept func(map[string]interface{}) error) error

func WaitForPerfReplicationWorking 

func WaitForPerfReplicationWorking(ctx context.Context, pri, sec VaultCluster) error

func WaitForPerformanceSecondary 

func WaitForPerformanceSecondary(ctx context.Context, pri, sec VaultCluster, skipPoisonPill bool) (string, error)

func WaitForPerformanceWAL 

func WaitForPerformanceWAL(ctx context.Context, pri, sec VaultCluster) error

func WaitForReplicationStatus 

func WaitForReplicationStatus(ctx context.Context, client *api.Client, dr bool, accept func(map[string]interface{}) error) error

Types

type CA 

type CA struct {
	CACert        *x509.Certificate
	CACertBytes   []byte
	CACertPEM     []byte
	CACertPEMFile string
	CAKey         *ecdsa.PrivateKey
	CAKeyPEM      []byte
}

type ClusterBuilder 

type ClusterBuilder func(ctx context.Context, name string, logger hclog.Logger) (VaultCluster, error)

type ClusterJson 

type ClusterJson struct {
	Nodes      []ClusterNode `json:"nodes"`
	CACertPath string        `json:"ca_cert_path"`
	RootToken  string        `json:"root_token"`
}

type ClusterNode 

type ClusterNode struct {
	APIAddress string `json:"api_address"`
}

type ClusterOptions 

type ClusterOptions struct {
	ClusterName                 string
	KeepStandbysSealed          bool
	SkipInit                    bool
	CACert                      []byte
	NumCores                    int
	TmpDir                      string
	Logger                      hclog.Logger
	VaultNodeConfig             *VaultNodeConfig
	VaultLicense                string
	AdministrativeNamespacePath string
}

type ExecDevCluster 

type ExecDevCluster struct {
	ID            string
	ClusterName   string
	ClusterNodes  []*execDevClusterNode
	CACertPEMFile string

	Logger log.Logger
	// contains filtered or unexported fields
}

func NewExecDevCluster 

func NewExecDevCluster(ctx context.Context, opts *ExecDevClusterOptions) (*ExecDevCluster, error)

func NewTestExecDevCluster 

func NewTestExecDevCluster(t *testing.T, opts *ExecDevClusterOptions) *ExecDevCluster

func (*ExecDevCluster) Cleanup 

func (dc *ExecDevCluster) Cleanup()

func (*ExecDevCluster) ClusterID 

func (dc *ExecDevCluster) ClusterID() string

func (*ExecDevCluster) GetBarrierKeys 

func (dc *ExecDevCluster) GetBarrierKeys() [][]byte

func (*ExecDevCluster) GetBarrierOrRecoveryKeys 

func (dc *ExecDevCluster) GetBarrierOrRecoveryKeys() [][]byte

func (*ExecDevCluster) GetCACertPEMFile 

func (dc *ExecDevCluster) GetCACertPEMFile() string

func (*ExecDevCluster) GetRecoveryKeys 

func (dc *ExecDevCluster) GetRecoveryKeys() [][]byte

func (*ExecDevCluster) GetRootToken 

func (dc *ExecDevCluster) GetRootToken() string

GetRootToken returns the root token of the cluster, if set

func (*ExecDevCluster) NamedLogger 

func (dc *ExecDevCluster) NamedLogger(s string) log.Logger

func (*ExecDevCluster) Nodes 

func (dc *ExecDevCluster) Nodes() []VaultClusterNode

func (*ExecDevCluster) SetBarrierKeys 

func (dc *ExecDevCluster) SetBarrierKeys(keys [][]byte)

func (*ExecDevCluster) SetRecoveryKeys 

func (dc *ExecDevCluster) SetRecoveryKeys(keys [][]byte)

func (*ExecDevCluster) SetRootToken 

func (dc *ExecDevCluster) SetRootToken(token string)

type ExecDevClusterOptions 

type ExecDevClusterOptions struct {
	ClusterOptions
	BinaryPath string
	// this is -dev-listen-address, defaults to "127.0.0.1:8200"
	BaseListenAddress string
}

type GenerateRootKind 

type GenerateRootKind int
const (
	GenerateRootRegular GenerateRootKind = iota
	GenerateRootDR
	GenerateRecovery
)

type ReplicationSet 

type ReplicationSet struct {
	// By convention, we recommend the following naming scheme for
	// clusters in this map:
	// A: perf primary
	// B: primary's DR
	// C: first perf secondary of A
	// D: C's DR
	// E: second perf secondary of A
	// F: E's DR
	// ... etc.
	//
	// We use generic names rather than role-specific names because
	// that's less confusing when promotions take place that result in role
	// changes. In other words, if D gets promoted to replace C as a perf
	// secondary, and C gets demoted and updated to become D's DR secondary,
	// they should maintain their initial names of D and C throughout.
	Clusters map[string]VaultCluster
	Builder  ClusterBuilder
	Logger   hclog.Logger
	CA       *CA
}

func NewReplicationSet 

func NewReplicationSet(b ClusterBuilder) (*ReplicationSet, error)

func (*ReplicationSet) Cleanup 

func (r *ReplicationSet) Cleanup()

func (*ReplicationSet) GetFourReplicationCluster 

func (r *ReplicationSet) GetFourReplicationCluster(ctx context.Context) error

func (*ReplicationSet) StandardDRReplication 

func (r *ReplicationSet) StandardDRReplication(ctx context.Context) error

func (*ReplicationSet) StandardPerfReplication 

func (r *ReplicationSet) StandardPerfReplication(ctx context.Context) error

type VaultCluster 

type VaultCluster interface {
	Nodes() []VaultClusterNode
	GetBarrierKeys() [][]byte
	GetRecoveryKeys() [][]byte
	GetBarrierOrRecoveryKeys() [][]byte
	SetBarrierKeys([][]byte)
	SetRecoveryKeys([][]byte)
	GetCACertPEMFile() string
	Cleanup()
	ClusterID() string
	NamedLogger(string) hclog.Logger
	SetRootToken(token string)
	GetRootToken() string
}

type VaultClusterNode 

type VaultClusterNode interface {
	APIClient() *api.Client
	TLSConfig() *tls.Config
}

type VaultNodeConfig 

type VaultNodeConfig struct {
	StorageOptions      map[string]string
	AdditionalListeners []VaultNodeListenerConfig

	DefaultMaxRequestDuration      time.Duration `json:"default_max_request_duration"`
	LogFormat                      string        `json:"log_format"`
	LogLevel                       string        `json:"log_level"`
	CacheSize                      int           `json:"cache_size"`
	DisableCache                   bool          `json:"disable_cache"`
	DisablePrintableCheck          bool          `json:"disable_printable_check"`
	EnableUI                       bool          `json:"ui"`
	MaxLeaseTTL                    time.Duration `json:"max_lease_ttl"`
	DefaultLeaseTTL                time.Duration `json:"default_lease_ttl"`
	ClusterCipherSuites            string        `json:"cluster_cipher_suites"`
	PluginFileUid                  int           `json:"plugin_file_uid"`
	PluginFilePermissions          int           `json:"plugin_file_permissions"`
	EnableRawEndpoint              bool          `json:"raw_storage_endpoint"`
	DisableClustering              bool          `json:"disable_clustering"`
	DisablePerformanceStandby      bool          `json:"disable_performance_standby"`
	DisableSealWrap                bool          `json:"disable_sealwrap"`
	DisableIndexing                bool          `json:"disable_indexing"`
	DisableSentinelTrace           bool          `json:"disable_sentinel"`
	EnableResponseHeaderHostname   bool          `json:"enable_response_header_hostname"`
	LogRequestsLevel               string        `json:"log_requests_level"`
	EnableResponseHeaderRaftNodeID bool          `json:"enable_response_header_raft_node_id"`
	LicensePath                    string        `json:"license_path"`
}

type VaultNodeListenerConfig added in v0.10.0 

type VaultNodeListenerConfig struct {
	Port            int
	ChrootNamespace string
}

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.