From 0242dcc5d2ac29679370e35150e68536932dfa9e Mon Sep 17 00:00:00 2001 From: Matt Keeler Date: Mon, 21 Jun 2021 15:00:46 -0400 Subject: [PATCH] Add ability to load a license from the configuration/environment (#10441) This is mainly for forward compatibility with 1.10 where licensing requirements are changing. For older releases we are adding the ability to load the license from a configuration/environment to facilitate a smoother upgrade process. For servers, we will allow the configuration to be set but it will not be used (a warning log is emitted saying as much). For client agents it will actually cause the license to be used in place of the auto-retrieval process. Unlike with 1.10, client agents will not be able to update the license loaded via config with a reload. It is expected that this configuration is only used while on the path to upgrading to 1.10 and therefore the ability to reload the license should not be necessary. --- .changelog/10441.txt | 4 ++++ agent/config/builder_oss.go | 4 ++++ agent/config/builder_oss_test.go | 9 +++++++++ agent/config/config.go | 1 + agent/config/runtime_oss_test.go | 1 + agent/config/runtime_test.go | 2 ++ 6 files changed, 21 insertions(+) create mode 100644 .changelog/10441.txt diff --git a/.changelog/10441.txt b/.changelog/10441.txt new file mode 100644 index 0000000000..2e8e7ac7dd --- /dev/null +++ b/.changelog/10441.txt @@ -0,0 +1,4 @@ +```release-note:improvement +licensing: **(Enterprise Only)** In order to have forward compatibility with Consul Enterprise v1.10, the ability to parse licenses from the configuration or environment has been added. This can be specified with the `license_path` configuration, the `CONSUL_LICENSE` environment variable or the `CONSUL_LICENSE_PATH` environment variable. On server agents this configuration will be ignored. Client agents and the snapshot agent will use the configured license instead of automatically retrieving one. +``` + diff --git a/agent/config/builder_oss.go b/agent/config/builder_oss.go index 9e68a54609..66400c3f39 100644 --- a/agent/config/builder_oss.go +++ b/agent/config/builder_oss.go @@ -50,6 +50,10 @@ func validateEnterpriseConfigKeys(config *Config) []error { add("audit") config.Audit = nil } + if config.LicensePath != nil { + add("license_path") + config.LicensePath = nil + } return result } diff --git a/agent/config/builder_oss_test.go b/agent/config/builder_oss_test.go index d03ef165b6..3d2b7ba308 100644 --- a/agent/config/builder_oss_test.go +++ b/agent/config/builder_oss_test.go @@ -97,6 +97,15 @@ func TestValidateEnterpriseConfigKeys(t *testing.T) { require.Nil(t, c.ACL.Tokens.ManagedServiceProvider) }, }, + "license_path": { + config: Config{ + LicensePath: &stringVal, + }, + badKeys: []string{"license_path"}, + check: func(t *testing.T, c *Config) { + require.Empty(t, c.LicensePath) + }, + }, "multi": { config: Config{ ReadReplica: &boolVal, diff --git a/agent/config/config.go b/agent/config/config.go index d23dae32fe..045a023854 100644 --- a/agent/config/config.go +++ b/agent/config/config.go @@ -187,6 +187,7 @@ type Config struct { HTTPConfig HTTPConfig `mapstructure:"http_config"` KeyFile *string `mapstructure:"key_file"` LeaveOnTerm *bool `mapstructure:"leave_on_terminate"` + LicensePath *string `mapstructure:"license_path"` Limits Limits `mapstructure:"limits"` LogLevel *string `mapstructure:"log_level"` LogJSON *bool `mapstructure:"log_json"` diff --git a/agent/config/runtime_oss_test.go b/agent/config/runtime_oss_test.go index 794c04e789..31a4d5eb6c 100644 --- a/agent/config/runtime_oss_test.go +++ b/agent/config/runtime_oss_test.go @@ -9,6 +9,7 @@ func entFullRuntimeConfig(rt *RuntimeConfig) {} var enterpriseReadReplicaWarnings = []string{enterpriseConfigKeyError{key: "read_replica (or the deprecated non_voting_server)"}.Error()} var enterpriseConfigKeyWarnings = []string{ + enterpriseConfigKeyError{key: "license_path"}.Error(), enterpriseConfigKeyError{key: "read_replica (or the deprecated non_voting_server)"}.Error(), enterpriseConfigKeyError{key: "segment"}.Error(), enterpriseConfigKeyError{key: "segments"}.Error(), diff --git a/agent/config/runtime_test.go b/agent/config/runtime_test.go index 36a1a4a821..20707ccde7 100644 --- a/agent/config/runtime_test.go +++ b/agent/config/runtime_test.go @@ -5301,6 +5301,7 @@ func TestFullConfig(t *testing.T) { }, "key_file": "IEkkwgIA", "leave_on_terminate": true, + "license_path": "/path/to/license.lic", "limits": { "http_max_conns_per_client": 100, "https_handshake_timeout": "2391ms", @@ -5990,6 +5991,7 @@ func TestFullConfig(t *testing.T) { } key_file = "IEkkwgIA" leave_on_terminate = true + license_path = "/path/to/license.lic" limits { http_max_conns_per_client = 100 https_handshake_timeout = "2391ms"