From 53ce086df73736044430d1120d4c7ce6097a90ff Mon Sep 17 00:00:00 2001 From: Calvin Leung Huang Date: Thu, 21 Nov 2019 10:23:08 -0800 Subject: [PATCH 1/3] agent: add -exit-after-auth flag --- command/agent.go | 25 +++++++++++++++++++++---- command/agent_test.go | 26 +++++++++++++++++++++++--- sdk/go.mod | 1 + 3 files changed, 45 insertions(+), 7 deletions(-) diff --git a/command/agent.go b/command/agent.go index 4d7bc201a60b..111345b4d865 100644 --- a/command/agent.go +++ b/command/agent.go @@ -61,8 +61,9 @@ type AgentCommand struct { startedCh chan (struct{}) // for tests - flagConfigs []string - flagLogLevel string + flagConfigs []string + flagLogLevel string + flagExitAfterAuth bool flagTestVerifyOnly bool flagCombineLogs bool @@ -115,6 +116,15 @@ func (c *AgentCommand) Flags() *FlagSets { "\"trace\", \"debug\", \"info\", \"warn\", and \"err\".", }) + f.BoolVar(&BoolVar{ + Name: "exit-after-auth", + Target: &c.flagExitAfterAuth, + Default: false, + Usage: "If set to true, the agent will exit with code 0 after a single " + + "successful auth, where success means that a token was retrieved and " + + "all sinks successfully wrote it", + }) + // Internal-only flags to follow. // // Why hello there little source code reader! Welcome to the Vault source @@ -223,6 +233,13 @@ func (c *AgentCommand) Run(args []string) int { config.Vault = new(agentConfig.Vault) } + exitAfterAuth := config.ExitAfterAuth + f.Visit(func(fl *flag.Flag) { + if fl.Name == "exit-after-auth" { + exitAfterAuth = c.flagExitAfterAuth + } + }) + c.setStringFlag(f, config.Vault.Address, &StringVar{ Name: flagNameAddress, Target: &c.flagAddress, @@ -524,7 +541,7 @@ func (c *AgentCommand) Run(args []string) int { ss := sink.NewSinkServer(&sink.SinkServerConfig{ Logger: c.logger.Named("sink.server"), Client: client, - ExitAfterAuth: config.ExitAfterAuth, + ExitAfterAuth: exitAfterAuth, }) ssDoneCh = ss.DoneCh @@ -534,7 +551,7 @@ func (c *AgentCommand) Run(args []string) int { LogWriter: c.logWriter, VaultConf: config.Vault, Namespace: namespace, - ExitAfterAuth: config.ExitAfterAuth, + ExitAfterAuth: exitAfterAuth, }) tsDoneCh = ts.DoneCh diff --git a/command/agent_test.go b/command/agent_test.go index d8dbd5cf26e9..f0542fff52f9 100644 --- a/command/agent_test.go +++ b/command/agent_test.go @@ -225,6 +225,16 @@ cache { */ func TestAgent_ExitAfterAuth(t *testing.T) { + t.Run("via_config", func(t *testing.T) { + testAgentExitAfterAuth(t, false) + }) + + t.Run("via_flag", func(t *testing.T) { + testAgentExitAfterAuth(t, true) + }) +} + +func testAgentExitAfterAuth(t *testing.T, viaFlag bool) { logger := logging.NewVaultLogger(hclog.Trace) coreConfig := &vault.CoreConfig{ Logger: logger, @@ -313,8 +323,13 @@ func TestAgent_ExitAfterAuth(t *testing.T) { logger.Trace("wrote test jwt", "path", in) } + exitAfterAuthTemplText := "exit_after_auth = true" + if viaFlag { + exitAfterAuthTemplText = "" + } + config := ` -exit_after_auth = true +%s auto_auth { method { @@ -340,7 +355,7 @@ auto_auth { } ` - config = fmt.Sprintf(config, in, sink1, sink2) + config = fmt.Sprintf(config, exitAfterAuthTemplText, in, sink1, sink2) if err := ioutil.WriteFile(conf, []byte(config), 0600); err != nil { t.Fatal(err) } else { @@ -352,7 +367,12 @@ auto_auth { ui, cmd := testAgentCommand(t, logger) cmd.client = client - code := cmd.Run([]string{"-config", conf}) + args := []string{"-config", conf} + if viaFlag { + args = append(args, "-exit-after-auth") + } + + code := cmd.Run(args) if code != 0 { t.Errorf("expected %d to be %d", code, 0) t.Logf("output from agent:\n%s", ui.OutputWriter.String()) diff --git a/sdk/go.mod b/sdk/go.mod index 6435da7b741a..129bfc4003ff 100644 --- a/sdk/go.mod +++ b/sdk/go.mod @@ -30,6 +30,7 @@ require ( golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3 // indirect golang.org/x/sys v0.0.0-20190403152447-81d4e9dc473e golang.org/x/text v0.3.1-0.20181227161524-e6919f6577db // indirect + google.golang.org/appengine v1.4.0 // indirect google.golang.org/genproto v0.0.0-20190404172233-64821d5d2107 // indirect google.golang.org/grpc v1.22.0 ) From a071b5d329708d0900435befab19a9b4ccec41a7 Mon Sep 17 00:00:00 2001 From: Calvin Leung Huang Date: Thu, 21 Nov 2019 13:57:15 -0800 Subject: [PATCH 2/3] use short timeout for tests to prevent long test runs on error --- command/agent_test.go | 35 ++++++++++++++++++++++------------- 1 file changed, 22 insertions(+), 13 deletions(-) diff --git a/command/agent_test.go b/command/agent_test.go index f0542fff52f9..8b8a3de27874 100644 --- a/command/agent_test.go +++ b/command/agent_test.go @@ -362,21 +362,30 @@ auto_auth { logger.Trace("wrote test config", "path", conf) } - // If this hangs forever until the test times out, exit-after-auth isn't - // working - ui, cmd := testAgentCommand(t, logger) - cmd.client = client + doneCh := make(chan struct{}) + go func() { + ui, cmd := testAgentCommand(t, logger) + cmd.client = client - args := []string{"-config", conf} - if viaFlag { - args = append(args, "-exit-after-auth") - } + args := []string{"-config", conf} + if viaFlag { + args = append(args, "-exit-after-auth") + } - code := cmd.Run(args) - if code != 0 { - t.Errorf("expected %d to be %d", code, 0) - t.Logf("output from agent:\n%s", ui.OutputWriter.String()) - t.Logf("error from agent:\n%s", ui.ErrorWriter.String()) + code := cmd.Run(args) + if code != 0 { + t.Errorf("expected %d to be %d", code, 0) + t.Logf("output from agent:\n%s", ui.OutputWriter.String()) + t.Logf("error from agent:\n%s", ui.ErrorWriter.String()) + } + close(doneCh) + }() + + select { + case <-doneCh: + break + case <-time.After(1 * time.Minute): + t.Fatal("timeout reached while waiting for agent to exit") } sink1Bytes, err := ioutil.ReadFile(sink1) From 5c67d13301aa8d360f35765ce62883d1dec6739e Mon Sep 17 00:00:00 2001 From: Calvin Leung Huang Date: Thu, 21 Nov 2019 13:58:43 -0800 Subject: [PATCH 3/3] revert sdk/go.mod --- sdk/go.mod | 1 - 1 file changed, 1 deletion(-) diff --git a/sdk/go.mod b/sdk/go.mod index 129bfc4003ff..6435da7b741a 100644 --- a/sdk/go.mod +++ b/sdk/go.mod @@ -30,7 +30,6 @@ require ( golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3 // indirect golang.org/x/sys v0.0.0-20190403152447-81d4e9dc473e golang.org/x/text v0.3.1-0.20181227161524-e6919f6577db // indirect - google.golang.org/appengine v1.4.0 // indirect google.golang.org/genproto v0.0.0-20190404172233-64821d5d2107 // indirect google.golang.org/grpc v1.22.0 )