From b51d76f46922bc234419b51af5706971fb8beea6 Mon Sep 17 00:00:00 2001 From: Kyle Havlovitz Date: Thu, 16 Aug 2018 11:58:50 -0700 Subject: [PATCH] fsm: add missing CA config to snapshot/restore logic --- agent/consul/fsm/fsm.go | 4 +++- agent/consul/fsm/snapshot_oss.go | 32 +++++++++++++++++++++++++++ agent/consul/fsm/snapshot_oss_test.go | 17 ++++++++++++++ agent/structs/structs.go | 1 + 4 files changed, 53 insertions(+), 1 deletion(-) diff --git a/agent/consul/fsm/fsm.go b/agent/consul/fsm/fsm.go index 87824b8723..58c126b22f 100644 --- a/agent/consul/fsm/fsm.go +++ b/agent/consul/fsm/fsm.go @@ -14,7 +14,9 @@ import ( ) // msgpackHandle is a shared handle for encoding/decoding msgpack payloads -var msgpackHandle = &codec.MsgpackHandle{} +var msgpackHandle = &codec.MsgpackHandle{ + RawToString: true, +} // command is a command method on the FSM. type command func(buf []byte, index uint64) interface{} diff --git a/agent/consul/fsm/snapshot_oss.go b/agent/consul/fsm/snapshot_oss.go index f9eb18cc89..ce9b4c9af8 100644 --- a/agent/consul/fsm/snapshot_oss.go +++ b/agent/consul/fsm/snapshot_oss.go @@ -23,6 +23,7 @@ func init() { registerRestorer(structs.IntentionRequestType, restoreIntention) registerRestorer(structs.ConnectCARequestType, restoreConnectCA) registerRestorer(structs.ConnectCAProviderStateType, restoreConnectCAProviderState) + registerRestorer(structs.ConnectCAConfigType, restoreConnectCAConfig) } func persistOSS(s *snapshot, sink raft.SnapshotSink, encoder *codec.Encoder) error { @@ -56,6 +57,9 @@ func persistOSS(s *snapshot, sink raft.SnapshotSink, encoder *codec.Encoder) err if err := s.persistConnectCAProviderState(sink, encoder); err != nil { return err } + if err := s.persistConnectCAConfig(sink, encoder); err != nil { + return err + } return nil } @@ -285,6 +289,23 @@ func (s *snapshot) persistConnectCA(sink raft.SnapshotSink, return err } } + + return nil +} + +func (s *snapshot) persistConnectCAConfig(sink raft.SnapshotSink, + encoder *codec.Encoder) error { + config, err := s.state.CAConfig() + if err != nil { + return err + } + + if _, err := sink.Write([]byte{byte(structs.ConnectCAConfigType)}); err != nil { + return err + } + if err := encoder.Encode(config); err != nil { + return err + } return nil } @@ -463,3 +484,14 @@ func restoreConnectCAProviderState(header *snapshotHeader, restore *state.Restor } return nil } + +func restoreConnectCAConfig(header *snapshotHeader, restore *state.Restore, decoder *codec.Decoder) error { + var req structs.CAConfiguration + if err := decoder.Decode(&req); err != nil { + return err + } + if err := restore.CAConfig(&req); err != nil { + return err + } + return nil +} diff --git a/agent/consul/fsm/snapshot_oss_test.go b/agent/consul/fsm/snapshot_oss_test.go index 9a6f3a3555..0c8811a07b 100644 --- a/agent/consul/fsm/snapshot_oss_test.go +++ b/agent/consul/fsm/snapshot_oss_test.go @@ -131,6 +131,18 @@ func TestFSM_SnapshotRestore_OSS(t *testing.T) { assert.Nil(err) assert.True(ok) + // CA Config + caConfig := &structs.CAConfiguration{ + ClusterID: "foo", + Provider: "consul", + Config: map[string]interface{}{ + "foo": "asdf", + "bar": 6.5, + }, + } + err = fsm.state.CASetConfig(17, caConfig) + assert.Nil(err) + // Snapshot snap, err := fsm.Snapshot() if err != nil { @@ -310,6 +322,11 @@ func TestFSM_SnapshotRestore_OSS(t *testing.T) { assert.Equal("foo", state.PrivateKey) assert.Equal("bar", state.RootCert) + // Verify CA configuration is restored. + _, caConf, err := fsm2.state.CAConfig() + assert.Nil(err) + assert.Equal(caConfig, caConf) + // Snapshot snap, err = fsm2.Snapshot() if err != nil { diff --git a/agent/structs/structs.go b/agent/structs/structs.go index f5308b351e..e22e06e085 100644 --- a/agent/structs/structs.go +++ b/agent/structs/structs.go @@ -46,6 +46,7 @@ const ( IntentionRequestType = 12 ConnectCARequestType = 13 ConnectCAProviderStateType = 14 + ConnectCAConfigType = 15 // FSM snapshots only. ) const (