Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Diagnoses Consul Direct Access Check #11505

Merged
merged 32 commits into from
May 2, 2021
Merged

Diagnoses Consul Direct Access Check #11505

Changes from 1 commit
Commits
Show all changes
32 commits
Select commit Hold shift + click to select a range
ac1cb11
Create helpers which integrate with OpenTelemetry for diagnose collec…
sgmiller Apr 23, 2021
9ecc19a
Go mod vendor
sgmiller Apr 23, 2021
b0bdaca
consul tls checks
Apr 26, 2021
2d65d6c
fix merge conflicts
Apr 26, 2021
5f32206
draft for storage end to end check
Apr 26, 2021
11224d9
Comments
sgmiller Apr 26, 2021
5a3570e
Update vault/diagnose/helpers.go
sgmiller Apr 26, 2021
112f217
Add unit test/example
sgmiller Apr 26, 2021
e0c3a86
Merge branch 'diagnose-otel-integration' of github.com:/hashicorp/vau…
sgmiller Apr 26, 2021
29be762
tweak output
sgmiller Apr 26, 2021
8d5122d
More comments
sgmiller Apr 26, 2021
b2c1f7f
add spot check concept
sgmiller Apr 26, 2021
76dc535
Get unit tests working on Result structs
sgmiller Apr 28, 2021
bc10247
Fix unit test
sgmiller Apr 28, 2021
f1fea38
Merge remote-tracking branch 'origin/master' into diagnose-otel-integ…
sgmiller Apr 28, 2021
4a6bc9e
Get unit tests working, and make diagnose sessions local rather than …
sgmiller Apr 28, 2021
0682a4f
Comments
sgmiller Apr 28, 2021
14abc7f
Last comments
sgmiller Apr 28, 2021
3286135
No need for init
sgmiller Apr 28, 2021
4d26609
:|
sgmiller Apr 28, 2021
5063844
Fix helpers_test
sgmiller Apr 28, 2021
e6f7c6c
merge master
Apr 29, 2021
7d5e722
merge with otel integration branch
Apr 29, 2021
412a01c
cleaned up chan logic. Tests next.
Apr 29, 2021
f68f7dd
fix tests
Apr 29, 2021
357b192
merge master
Apr 29, 2021
45201c4
remove a comment
Apr 29, 2021
70835e6
tests
Apr 30, 2021
dd15e1e
remove a comment
Apr 30, 2021
ec94304
run direct access checks in diagnose command
Apr 30, 2021
6562cf4
merge master
May 2, 2021
4c0c565
review comments
May 2, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
cleaned up chan logic. Tests next.
  • Loading branch information
HridoyRoy committed Apr 29, 2021
commit 412a01c25aadbdde0f05baf5f647706e9a72b1ea
83 changes: 62 additions & 21 deletions command/operator_diagnose.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -234,44 +234,85 @@ func (c *OperatorDiagnoseCommand) offlineDiagnostics(ctx context.Context) error
return err
}

if config.Storage != nil && config.Storage.Type == storageTypeConsul {
err = physconsul.SetupSecureTLS(api.DefaultConfig(), config.Storage.Config, server.logger, true)
if err != nil {
return err
}
}

if config.HAStorage != nil && config.HAStorage.Type == storageTypeConsul {
err = physconsul.SetupSecureTLS(api.DefaultConfig(), config.HAStorage.Config, server.logger, true)
if err != nil {
return err
}
}

success := "success"
secretKey := "diagnose"
secretVal := "diagnoseSecret"

// Attempt to use storage backend
// Note: Just checking read, write, and delete for root. It's a very basic check,
// but I don't think we can necessarily do any more than that. We could check list,
// but I don't think List is ever going to break in isolation.
c2 := make(chan string, 1)
go func() {
b.Put(context.Background(), &physical.Entry{Key: "diagnose", Value: []byte("diagnose")})
c2 <- "success"
}()
select {
case _ = <-c2:
val, err := b.Get(context.Background(), "diagnose")
err := b.Put(context.Background(), &physical.Entry{Key: secretKey, Value: []byte(secretVal)})
if err != nil {
return err
c2 <- err.Error()
} else {
if val.Key != "diagnose" && string(val.Value) != "diagnose" {
return fmt.Errorf("Storage get and put gave wrong values: expecting diagnose, but got %s, %s", val.Key, val.Value)
} else {
err = b.Delete(context.Background(), "diagnose")
if err != nil {
return err
}
}
c2 <- success
}
}()
select {
case errString := <-c2:
if errString != success {
return fmt.Errorf(errString)
}
case <-time.After(20 * time.Second):
return fmt.Errorf("storage get timed out after 20 seconds")
}

if config.Storage != nil && config.Storage.Type == storageTypeConsul {
err = physconsul.SetupSecureTLS(api.DefaultConfig(), config.Storage.Config, server.logger, true)
c3 := make(chan *physical.Entry)
c4 := make(chan error)
go func() {
val, err := b.Get(context.Background(), "diagnose")
if err != nil {
return err
c4 <- err
} else {
c3 <- val
}
}()
select {
case err := <-c4:
return err
case val := <-c3:
if val.Key != "diagnose" && string(val.Value) != "diagnose" {
return fmt.Errorf("Storage get and put gave wrong values: expecting diagnose, but got %s, %s", val.Key, val.Value)
}
case <-time.After(20 * time.Second):
return fmt.Errorf("storage get timed out after 20 seconds")
}

if config.HAStorage != nil && config.HAStorage.Type == storageTypeConsul {
err = physconsul.SetupSecureTLS(api.DefaultConfig(), config.HAStorage.Config, server.logger, true)
c5 := make(chan string, 1)
go func() {
err := b.Delete(context.Background(), "diagnose")
if err != nil {
return err
c5 <- err.Error()
} else {
c5 <- success
}
}()
select {
case errString := <-c5:
if errString != success {
return fmt.Errorf(errString)
}
case <-time.After(20 * time.Second):
return fmt.Errorf("storage get timed out after 20 seconds")
}

return nil
}); err != nil {
return err
Expand Down