Add CA config set to fsm operations

2018-04-06 17:58:45 -07:00 · 2018-04-06 17:58:45 -07:00 · 1787f88618
parent 6b3416e480
commit 1787f88618
2 changed files with 81 additions and 2 deletions
--- a/agent/consul/fsm/commands_oss.go
+++ b/agent/consul/fsm/commands_oss.go
@ -283,7 +283,18 @@ func (c *FSM) applyConnectCAOperation(buf []byte, index uint64) interface{} {
 	defer metrics.MeasureSinceWithLabels([]string{"fsm", "ca"}, time.Now(),
 		[]metrics.Label{{Name: "op", Value: string(req.Op)}})
 	switch req.Op {
-	case structs.CAOpSet:
+	case structs.CAOpSetConfig:
+		if req.Config.ModifyIndex != 0 {
+			act, err := c.state.CACheckAndSetConfig(index, req.Config.ModifyIndex, req.Config)
+			if err != nil {
+				return err
+			}
+
+			return act
+		}
+
+		return c.state.CASetConfig(index, req.Config)
+	case structs.CAOpSetRoots:
 		act, err := c.state.CARootSetCAS(index, req.Index, req.Roots)
 		if err != nil {
 			return err
--- a/agent/consul/fsm/commands_oss_test.go
+++ b/agent/consul/fsm/commands_oss_test.go
@ -15,6 +15,7 @@ import (
 	"github.com/hashicorp/consul/types"
 	"github.com/hashicorp/go-uuid"
 	"github.com/hashicorp/serf/coordinate"
+	"github.com/mitchellh/mapstructure"
 	"github.com/pascaldekloe/goe/verify"
 	"github.com/stretchr/testify/assert"
 )
@ -1219,6 +1220,73 @@ func TestFSM_Intention_CRUD(t *testing.T) {
 	}
 }

+func TestFSM_CAConfig(t *testing.T) {
+	t.Parallel()
+
+	assert := assert.New(t)
+	fsm, err := New(nil, os.Stderr)
+	assert.Nil(err)
+
+	// Set the autopilot config using a request.
+	req := structs.CARequest{
+		Op: structs.CAOpSetConfig,
+		Config: &structs.CAConfiguration{
+			Provider: "consul",
+			Config: map[string]interface{}{
+				"PrivateKey":     "asdf",
+				"RootCert":       "qwer",
+				"RotationPeriod": 90 * 24 * time.Hour,
+			},
+		},
+	}
+	buf, err := structs.Encode(structs.ConnectCARequestType, req)
+	assert.Nil(err)
+	resp := fsm.Apply(makeLog(buf))
+	if _, ok := resp.(error); ok {
+		t.Fatalf("bad: %v", resp)
+	}
+
+	// Verify key is set directly in the state store.
+	_, config, err := fsm.state.CAConfig()
+	if err != nil {
+		t.Fatalf("err: %v", err)
+	}
+	var conf *connect.ConsulCAProviderConfig
+	if err := mapstructure.WeakDecode(config.Config, &conf); err != nil {
+		t.Fatalf("error decoding config: %s, %v", err, config.Config)
+	}
+	if got, want := config.Provider, req.Config.Provider; got != want {
+		t.Fatalf("got %v, want %v", got, want)
+	}
+	if got, want := conf.PrivateKey, "asdf"; got != want {
+		t.Fatalf("got %v, want %v", got, want)
+	}
+	if got, want := conf.RootCert, "qwer"; got != want {
+		t.Fatalf("got %v, want %v", got, want)
+	}
+	if got, want := conf.RotationPeriod, 90*24*time.Hour; got != want {
+		t.Fatalf("got %v, want %v", got, want)
+	}
+
+	// Now use CAS and provide an old index
+	req.Config.Provider = "static"
+	req.Config.ModifyIndex = config.ModifyIndex - 1
+	buf, err = structs.Encode(structs.ConnectCARequestType, req)
+	if err != nil {
+		t.Fatalf("err: %v", err)
+	}
+	resp = fsm.Apply(makeLog(buf))
+	if _, ok := resp.(error); ok {
+		t.Fatalf("bad: %v", resp)
+	}
+
+	_, config, err = fsm.state.CAConfig()
+	assert.Nil(err)
+	if config.Provider != "static" {
+		t.Fatalf("bad: %v", config.Provider)
+	}
+}
+
 func TestFSM_CARoots(t *testing.T) {
 	t.Parallel()

@ -1233,7 +1301,7 @@ func TestFSM_CARoots(t *testing.T) {

 	// Create a new request.
 	req := structs.CARequest{
-		Op:    structs.CAOpSet,
+		Op:    structs.CAOpSetRoots,
 		Roots: []*structs.CARoot{ca1, ca2},
 	}