agent/token: persist token as agent_recovery on-disk

hashicorp · Dec 6, 2021 · a876f52 · a876f52
1 parent 1693b25
commit a876f52
Show file tree

Hide file tree

Showing 2 changed files with 33 additions and 9 deletions.
diff --git a/agent/token/persistence.go b/agent/token/persistence.go
@@ -70,7 +70,7 @@ func (t *Store) WithPersistenceLock(f func() error) error {
 
 type persistedTokens struct {
 	Replication   string `json:"replication,omitempty"`
-	AgentRecovery string `json:"agent_master,omitempty"`
+	AgentRecovery string `json:"agent_recovery,omitempty"`
 	Default       string `json:"default,omitempty"`
 	Agent         string `json:"agent,omitempty"`
 }
@@ -134,22 +134,32 @@ func loadTokens(s *Store, cfg Config, tokens persistedTokens, logger Logger) {
 }
 
 func readPersistedFromFile(filename string) (persistedTokens, error) {
-	tokens := persistedTokens{}
+	var tokens struct {
+		persistedTokens
+
+		// Support reading tokens persisted by versions <1.11, where agent_master was
+		// renamed to agent_recovery.
+		LegacyAgentMaster string `json:"agent_master"`
+	}
 
 	buf, err := ioutil.ReadFile(filename)
 	switch {
 	case os.IsNotExist(err):
 		// non-existence is not an error we care about
-		return tokens, nil
+		return tokens.persistedTokens, nil
 	case err != nil:
-		return tokens, fmt.Errorf("failed reading tokens file %q: %w", filename, err)
+		return tokens.persistedTokens, fmt.Errorf("failed reading tokens file %q: %w", filename, err)
 	}
 
 	if err := json.Unmarshal(buf, &tokens); err != nil {
-		return tokens, fmt.Errorf("failed to decode tokens file %q: %w", filename, err)
+		return tokens.persistedTokens, fmt.Errorf("failed to decode tokens file %q: %w", filename, err)
+	}
+
+	if tokens.AgentRecovery == "" {
+		tokens.AgentRecovery = tokens.LegacyAgentMaster
 	}
 
-	return tokens, nil
+	return tokens.persistedTokens, nil
 }
 
 func (p *fileStore) withPersistenceLock(s *Store, f func() error) error {

diff --git a/agent/token/persistence_test.go b/agent/token/persistence_test.go
@@ -58,7 +58,7 @@ func TestStore_Load(t *testing.T) {
 
 		tokens := `{
 			"agent" : "india",
-			"agent_master" : "juliett",
+			"agent_recovery" : "juliett",
 			"default": "kilo",
 			"replication" : "lima"
 		}`
@@ -84,10 +84,24 @@ func TestStore_Load(t *testing.T) {
 		require.NotNil(t, store.persistence)
 	})
 
+	t.Run("persisted tokens include pre-1.11 agent_master naming", func(t *testing.T) {
+		cfg := Config{
+			EnablePersistence:     true,
+			DataDir:               dataDir,
+			ACLAgentRecoveryToken: "golf",
+		}
+
+		tokens := `{"agent_master": "juliett"}`
+		require.NoError(t, ioutil.WriteFile(tokenFile, []byte(tokens), 0600))
+		require.NoError(t, store.Load(cfg, logger))
+
+		require.Equal(t, "juliett", store.AgentRecoveryToken())
+	})
+
 	t.Run("with persisted tokens, persisted tokens override config", func(t *testing.T) {
 		tokens := `{
 			"agent" : "mike",
-			"agent_master" : "november",
+			"agent_recovery" : "november",
 			"default": "oscar",
 			"replication" : "papa"
 		}`
@@ -113,7 +127,7 @@ func TestStore_Load(t *testing.T) {
 	t.Run("with some persisted tokens", func(t *testing.T) {
 		tokens := `{
 			"agent" : "uniform",
-			"agent_master" : "victor"
+			"agent_recovery" : "victor"
 		}`
 
 		cfg := Config{