status-im
/
consul
mirror of https://github.com/status-im/consul.git
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

Add ability to load a license from the configuration/environment (#10442) 

This is mainly for forwards compatibility with 1.10 and should not be relied on for a cluster staying on a 1.8.x/1.9.x version.
This commit is contained in:
Matt Keeler 2021-06-21 16:38:21 -04:00 committed by GitHub
parent 3609d903af
commit 116b0ebc46
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
7 changed files with 27 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
.changelog/10442.txt Normal file
View File

@ -0,0 +1,3 @@
```release-note:improvement
licensing: **(Enterprise Only)** In order to have forward compatibility with Consul Enterprise v1.10, the ability to parse licenses from the configuration or environment has been added. This can be specified with the `license_path` configuration, the `CONSUL_LICENSE` environment variable or the `CONSUL_LICENSE_PATH` environment variable. On server agents this configuration will be ignored. Client agents and the snapshot agent will use the configured license instead of automatically retrieving one.
```

3
agent/config/builder_oss.go
View File

@ -40,6 +40,9 @@ var (
"audit": func(c *Config) { "audit": func(c *Config) {
c.Audit = nil c.Audit = nil
}, },
"license_path": func(c *Config) {
c.LicensePath = nil
},
} }
) )

10
agent/config/builder_oss_test.go
View File

@ -116,6 +116,16 @@ func TestBuilder_validateEnterpriseConfigKeys(t *testing.T) {
require.Nil(t, c.ACL.Tokens.ManagedServiceProvider) require.Nil(t, c.ACL.Tokens.ManagedServiceProvider)
}, },
}, },
"license_path": {
config: Config{
LicensePath: &stringVal,
},
keys: []string{"license_path"},
badKeys: []string{"license_path"},
check: func(t *testing.T, c *Config) {
require.Empty(t, c.LicensePath)
},
},
"multi": { "multi": {
config: Config{ config: Config{
NonVotingServer: &boolVal, NonVotingServer: &boolVal,

1
agent/config/config.go
View File

@ -191,6 +191,7 @@ type Config struct {
HTTPConfig HTTPConfig `json:"http_config,omitempty" hcl:"http_config" mapstructure:"http_config"` HTTPConfig HTTPConfig `json:"http_config,omitempty" hcl:"http_config" mapstructure:"http_config"`
KeyFile *string `json:"key_file,omitempty" hcl:"key_file" mapstructure:"key_file"` KeyFile *string `json:"key_file,omitempty" hcl:"key_file" mapstructure:"key_file"`
LeaveOnTerm *bool `json:"leave_on_terminate,omitempty" hcl:"leave_on_terminate" mapstructure:"leave_on_terminate"` LeaveOnTerm *bool `json:"leave_on_terminate,omitempty" hcl:"leave_on_terminate" mapstructure:"leave_on_terminate"`
LicensePath *string `json:"license_path,omitempty" hcl:"license_path" mapstructure:"license_path"`
Limits Limits `json:"limits,omitempty" hcl:"limits" mapstructure:"limits"` Limits Limits `json:"limits,omitempty" hcl:"limits" mapstructure:"limits"`
LogLevel *string `json:"log_level,omitempty" hcl:"log_level" mapstructure:"log_level"` LogLevel *string `json:"log_level,omitempty" hcl:"log_level" mapstructure:"log_level"`
LogJSON *bool `json:"log_json,omitempty" hcl:"log_json" mapstructure:"log_json"` LogJSON *bool `json:"log_json,omitempty" hcl:"log_json" mapstructure:"log_json"`

2
agent/config/runtime_oss_test.go
View File

@ -4,6 +4,8 @@ package config
var entMetaJSON = `{}` var entMetaJSON = `{}`
var entAuthMethodFieldsJSON = `{}`
var entRuntimeConfigSanitize = `{}` var entRuntimeConfigSanitize = `{}`
var entFullDNSJSONConfig = `` var entFullDNSJSONConfig = ``

6
agent/config/runtime_test.go
View File

@ -4707,6 +4707,7 @@ func TestFullConfig(t *testing.T) {
}, },
"key_file": "IEkkwgIA", "key_file": "IEkkwgIA",
"leave_on_terminate": true, "leave_on_terminate": true,
"license_path": "/path/to/license.lic",
"limits": { "limits": {
"http_max_conns_per_client": 100, "http_max_conns_per_client": 100,
"https_handshake_timeout": "2391ms", "https_handshake_timeout": "2391ms",
@ -5372,6 +5373,7 @@ func TestFullConfig(t *testing.T) {
} }
key_file = "IEkkwgIA" key_file = "IEkkwgIA"
leave_on_terminate = true leave_on_terminate = true
license_path = "/path/to/license.lic"
limits { limits {
http_max_conns_per_client = 100 http_max_conns_per_client = 100
https_handshake_timeout = "2391ms" https_handshake_timeout = "2391ms"
@ -7194,11 +7196,11 @@ func TestSanitize(t *testing.T) {
"Enabled": false, "Enabled": false,
"AllowReuse": false, "AllowReuse": false,
"AuthMethod": { "AuthMethod": {
"ACLAuthMethodEnterpriseFields": {}, "ACLAuthMethodEnterpriseFields": ` + entAuthMethodFieldsJSON + `,
"Config": {}, "Config": {},
"Description": "", "Description": "",
"DisplayName": "", "DisplayName": "",
"EnterpriseMeta": {}, "EnterpriseMeta": ` + entMetaJSON + `,
"MaxTokenTTL": "0s", "MaxTokenTTL": "0s",
"Name": "", "Name": "",
"RaftIndex": { "RaftIndex": {

5
agent/consul/client_test.go
View File

@ -9,6 +9,7 @@ import (
"time" "time"
"github.com/hashicorp/consul/agent/structs" "github.com/hashicorp/consul/agent/structs"
"github.com/hashicorp/consul/agent/token"
"github.com/hashicorp/consul/sdk/freeport" "github.com/hashicorp/consul/sdk/freeport"
"github.com/hashicorp/consul/sdk/testutil" "github.com/hashicorp/consul/sdk/testutil"
"github.com/hashicorp/consul/sdk/testutil/retry" "github.com/hashicorp/consul/sdk/testutil/retry"
@ -78,7 +79,9 @@ func testClientWithConfigWithErr(t *testing.T, cb func(c *Config)) (string, *Cli
t.Fatalf("err: %v", err) t.Fatalf("err: %v", err)
} }
client, err := NewClient(config, WithLogger(logger), WithTLSConfigurator(tlsConf)) store := &token.Store{}
client, err := NewClient(config, WithLogger(logger), WithTLSConfigurator(tlsConf), WithTokenStore(store))
return dir, client, err return dir, client, err
} }