diff --git a/command/server.go b/command/server.go index ad9d2573e0..8376146bec 100644 --- a/command/server.go +++ b/command/server.go @@ -86,6 +86,7 @@ type ServerCommand struct { flagDevLeasedKV bool flagDevSkipInit bool flagDevThreeNode bool + flagDevFourCluster bool flagDevTransactional bool flagTestVerifyOnly bool } @@ -237,6 +238,13 @@ func (c *ServerCommand) Flags() *FlagSets { Hidden: true, }) + f.BoolVar(&BoolVar{ + Name: "dev-four-cluster", + Target: &c.flagDevFourCluster, + Default: false, + Hidden: true, + }) + // TODO: should this be a public flag? f.BoolVar(&BoolVar{ Name: "test-verify-only", @@ -295,7 +303,7 @@ func (c *ServerCommand) Run(args []string) int { } switch strings.ToLower(logFormat) { case "vault", "vault_json", "vault-json", "vaultjson", "json", "": - if c.flagDevThreeNode { + if c.flagDevThreeNode || c.flagDevFourCluster { c.logger = logbridge.NewLogger(hclog.New(&hclog.LoggerOptions{ Mutex: &sync.Mutex{}, Output: c.logGate, @@ -313,7 +321,7 @@ func (c *ServerCommand) Run(args []string) int { }) // Automatically enable dev mode if other dev flags are provided. - if c.flagDevHA || c.flagDevTransactional || c.flagDevLeasedKV || c.flagDevThreeNode { + if c.flagDevHA || c.flagDevTransactional || c.flagDevLeasedKV || c.flagDevThreeNode || c.flagDevFourCluster { c.flagDev = true } diff --git a/vault/testing.go b/vault/testing.go index 8ccc0f5697..7d1c19722f 100644 --- a/vault/testing.go +++ b/vault/testing.go @@ -875,6 +875,8 @@ type TestClusterOptions struct { SealFunc func() Seal RawLogger interface{} TempDir string + CACert []byte + CAKey *ecdsa.PrivateKey } var DefaultNumCores = 3 @@ -896,6 +898,8 @@ type certInfo struct { // shared among cores. NewCore's default behavior is to generate a new DefaultSeal if the // provided Seal in coreConfig (i.e. base.Seal) is nil. func NewTestCluster(t testing.T, base *CoreConfig, opts *TestClusterOptions) *TestCluster { + var err error + var numCores int if opts == nil || opts.NumCores == 0 { numCores = DefaultNumCores @@ -909,7 +913,6 @@ func NewTestCluster(t testing.T, base *CoreConfig, opts *TestClusterOptions) *Te } var baseAddr *net.TCPAddr if opts != nil && opts.BaseListenAddress != "" { - var err error baseAddr, err = net.ResolveTCPAddr("tcp", opts.BaseListenAddress) if err != nil { t.Fatal("could not parse given base IP") @@ -933,27 +936,37 @@ func NewTestCluster(t testing.T, base *CoreConfig, opts *TestClusterOptions) *Te testCluster.TempDir = tempDir } - caKey, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) - if err != nil { - t.Fatal(err) + var caKey *ecdsa.PrivateKey + if opts != nil && opts.CAKey != nil { + caKey = opts.CAKey + } else { + caKey, err = ecdsa.GenerateKey(elliptic.P256(), rand.Reader) + if err != nil { + t.Fatal(err) + } } testCluster.CAKey = caKey - caCertTemplate := &x509.Certificate{ - Subject: pkix.Name{ - CommonName: "localhost", - }, - DNSNames: []string{"localhost"}, - IPAddresses: certIPs, - KeyUsage: x509.KeyUsage(x509.KeyUsageCertSign | x509.KeyUsageCRLSign), - SerialNumber: big.NewInt(mathrand.Int63()), - NotBefore: time.Now().Add(-30 * time.Second), - NotAfter: time.Now().Add(262980 * time.Hour), - BasicConstraintsValid: true, - IsCA: true, - } - caBytes, err := x509.CreateCertificate(rand.Reader, caCertTemplate, caCertTemplate, caKey.Public(), caKey) - if err != nil { - t.Fatal(err) + var caBytes []byte + if opts != nil && len(opts.CACert) > 0 { + caBytes = opts.CACert + } else { + caCertTemplate := &x509.Certificate{ + Subject: pkix.Name{ + CommonName: "localhost", + }, + DNSNames: []string{"localhost"}, + IPAddresses: certIPs, + KeyUsage: x509.KeyUsage(x509.KeyUsageCertSign | x509.KeyUsageCRLSign), + SerialNumber: big.NewInt(mathrand.Int63()), + NotBefore: time.Now().Add(-30 * time.Second), + NotAfter: time.Now().Add(262980 * time.Hour), + BasicConstraintsValid: true, + IsCA: true, + } + caBytes, err = x509.CreateCertificate(rand.Reader, caCertTemplate, caCertTemplate, caKey.Public(), caKey) + if err != nil { + t.Fatal(err) + } } caCert, err := x509.ParseCertificate(caBytes) if err != nil {