Merge pull request #10029 from hashicorp/dnephin/backport-auth-methods-fix-1.8.x

[1.8.x] backport snapshot of ACL Auth Methods bug fix
This commit is contained in:
Daniel Nephin 2021-04-14 17:49:20 -04:00 committed by GitHub
commit 685c09ef78
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 19 additions and 6 deletions

3
.changelog/10025.txt Normal file
View File

@ -0,0 +1,3 @@
```release-note:bug
snapshot: fixes a bug that would cause snapshots to be missing all but the first ACL Auth Method.
```

View File

@ -1,11 +1,12 @@
package fsm package fsm
import ( import (
"github.com/hashicorp/go-msgpack/codec"
"github.com/hashicorp/raft"
"github.com/hashicorp/consul/agent/consul/autopilot" "github.com/hashicorp/consul/agent/consul/autopilot"
"github.com/hashicorp/consul/agent/consul/state" "github.com/hashicorp/consul/agent/consul/state"
"github.com/hashicorp/consul/agent/structs" "github.com/hashicorp/consul/agent/structs"
"github.com/hashicorp/go-msgpack/codec"
"github.com/hashicorp/raft"
) )
func init() { func init() {
@ -244,7 +245,7 @@ func (s *snapshot) persistACLs(sink raft.SnapshotSink,
return err return err
} }
for method := methods.Next(); method != nil; method = rules.Next() { for method := methods.Next(); method != nil; method = methods.Next() {
if _, err := sink.Write([]byte{byte(structs.ACLAuthMethodSetRequestType)}); err != nil { if _, err := sink.Write([]byte{byte(structs.ACLAuthMethodSetRequestType)}); err != nil {
return err return err
} }

View File

@ -125,6 +125,13 @@ func TestFSM_SnapshotRestore_OSS(t *testing.T) {
} }
require.NoError(t, fsm.state.ACLAuthMethodSet(1, method)) require.NoError(t, fsm.state.ACLAuthMethodSet(1, method))
method = &structs.ACLAuthMethod{
Name: "some-method2",
Type: "testing",
Description: "test snapshot auth method",
}
require.NoError(t, fsm.state.ACLAuthMethodSet(1, method))
bindingRule := &structs.ACLBindingRule{ bindingRule := &structs.ACLBindingRule{
ID: "85184c52-5997-4a84-9817-5945f2632a17", ID: "85184c52-5997-4a84-9817-5945f2632a17",
Description: "test snapshot binding rule", Description: "test snapshot binding rule",
@ -519,10 +526,12 @@ func TestFSM_SnapshotRestore_OSS(t *testing.T) {
require.NoError(t, err) require.NoError(t, err)
require.Equal(t, bindingRule, bindingRule2) require.Equal(t, bindingRule, bindingRule2)
// Verify ACL Auth Method is restored // Verify ACL Auth Methods are restored
_, method2, err := fsm2.state.ACLAuthMethodGetByName(nil, method.Name, nil) _, authMethods, err := fsm2.state.ACLAuthMethodList(nil, nil)
require.NoError(t, err) require.NoError(t, err)
require.Equal(t, method, method2) require.Len(t, authMethods, 2)
require.Equal(t, "some-method", authMethods[0].Name)
require.Equal(t, "some-method2", authMethods[1].Name)
// Verify ACL Token is restored // Verify ACL Token is restored
_, rtoken, err := fsm2.state.ACLTokenGetByAccessor(nil, token.AccessorID, nil) _, rtoken, err := fsm2.state.ACLTokenGetByAccessor(nil, token.AccessorID, nil)