mirror of
https://github.com/hashicorp/vault.git
synced 2025-08-22 23:21:08 +02:00
08c5a52b02
* require explicit value for disable_mlock * set disable_mlock back to true for all docker tests * fix build error * update test config files * change explicit mlock check to apply to integrated storage only. * formatting and typo fixes * added test for raft * remove erroneous test * remove unecessary doc line * remove unecessary var * pr suggestions * test compile fix * add mlock config value to enos tests * enos lint * update enos tests to pass disable_mlock value * move mlock error to runtime to check for env var * fixed mlock config detection logic * call out mlock on/off tradeoffs to docs * rewording production hardening section on mlock for clarity * update error message when missing disable_mlock value to help customers with the previous default * fix config doc error and update production-hardening doc to align with existing recommendations. * remove extra check for mlock config value * fix docker recovery test * Update changelog/29974.txt Explicitly call out that Vault will not start without disable_mlock included in the config. Co-authored-by: Kuba Wieczorek <kuba.wieczorek@hashicorp.com> * more docker test experimentation. * passing disable_mlock into test cluster * add VAULT_DISABLE_MLOCK envvar to docker tests and pass through the value * add missing envvar for docker env test * upate additional docker test disable_mlock values * Apply suggestions from code review Use active voice. Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com> --------- Co-authored-by: Kuba Wieczorek <kuba.wieczorek@hashicorp.com> Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com>
73 lines
2.0 KiB
Go
73 lines
2.0 KiB
Go
// Copyright (c) HashiCorp, Inc.
|
|
// SPDX-License-Identifier: MPL-2.0
|
|
|
|
package docker
|
|
|
|
import (
|
|
"context"
|
|
"fmt"
|
|
"os"
|
|
"strings"
|
|
"testing"
|
|
|
|
"github.com/hashicorp/go-hclog"
|
|
"github.com/hashicorp/vault/sdk/helper/logging"
|
|
"github.com/hashicorp/vault/sdk/helper/testcluster"
|
|
)
|
|
|
|
func DefaultOptions(t *testing.T) *DockerClusterOptions {
|
|
return &DockerClusterOptions{
|
|
ImageRepo: "hashicorp/vault",
|
|
ImageTag: "latest",
|
|
VaultBinary: os.Getenv("VAULT_BINARY"),
|
|
ClusterOptions: testcluster.ClusterOptions{
|
|
NumCores: 3,
|
|
ClusterName: strings.ReplaceAll(t.Name(), "/", "-"),
|
|
VaultNodeConfig: &testcluster.VaultNodeConfig{
|
|
LogLevel: "TRACE",
|
|
},
|
|
},
|
|
DisableMlock: true,
|
|
}
|
|
}
|
|
|
|
func NewReplicationSetDocker(t *testing.T, opts *DockerClusterOptions) (*testcluster.ReplicationSet, error) {
|
|
binary := os.Getenv("VAULT_BINARY")
|
|
if binary == "" {
|
|
t.Skip("only running docker test when $VAULT_BINARY present")
|
|
}
|
|
|
|
r := &testcluster.ReplicationSet{
|
|
Clusters: map[string]testcluster.VaultCluster{},
|
|
Logger: logging.NewVaultLogger(hclog.Trace).Named(t.Name()),
|
|
}
|
|
|
|
// clusterName is used for container name as well.
|
|
// A container name should not exceed 64 chars.
|
|
// There are additional chars that are added to the name as well
|
|
// like "-A-core0". So, setting a max limit for a cluster name.
|
|
if len(opts.ClusterName) > MaxClusterNameLength {
|
|
return nil, fmt.Errorf("cluster name length exceeded the maximum allowed length of %v", MaxClusterNameLength)
|
|
}
|
|
|
|
r.Builder = func(ctx context.Context, name string, baseLogger hclog.Logger) (testcluster.VaultCluster, error) {
|
|
myOpts := *opts
|
|
myOpts.Logger = baseLogger.Named(name)
|
|
if myOpts.ClusterName == "" {
|
|
myOpts.ClusterName = strings.ReplaceAll(t.Name(), "/", "-")
|
|
}
|
|
myOpts.ClusterName += "-" + strings.ReplaceAll(name, "/", "-")
|
|
myOpts.CA = r.CA
|
|
return NewTestDockerCluster(t, &myOpts), nil
|
|
}
|
|
|
|
a, err := r.Builder(context.TODO(), "A", r.Logger)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
r.Clusters["A"] = a
|
|
r.CA = a.(*DockerCluster).CA
|
|
|
|
return r, err
|
|
}
|