Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

VAULT-33008: ipv6: always display RFC-5952 §4 conformant addresses #29228

Open
wants to merge 12 commits into
base: main
Choose a base branch
from
3 changes: 3 additions & 0 deletions changelog/29228.txt
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
```release-note:change
server/config: Configuration values which include IPv6 addresses as described in RFC-4241 will be automatically translated and displayed conformant to RFC-5952 §4.
```
25 changes: 13 additions & 12 deletions command/operator_migrate_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@ import (
"time"

"github.com/go-test/deep"

log "github.com/hashicorp/go-hclog"
"github.com/hashicorp/go-secure-stdlib/base62"
"github.com/hashicorp/vault/command/server"
Expand Down Expand Up @@ -190,23 +191,23 @@ func TestMigration(t *testing.T) {
cmd := new(OperatorMigrateCommand)
cfgName := filepath.Join(t.TempDir(), "migrator")
os.WriteFile(cfgName, []byte(`
storage_source "src_type" {
storage_source "consul" {
path = "src_path"
}

storage_destination "dest_type" {
storage_destination "raft" {
path = "dest_path"
}`), 0o644)

expCfg := &migratorConfig{
StorageSource: &server.Storage{
Type: "src_type",
Type: "consul",
Config: map[string]string{
"path": "src_path",
},
},
StorageDestination: &server.Storage{
Type: "dest_type",
Type: "raft",
Config: map[string]string{
"path": "dest_path",
},
Expand All @@ -230,41 +231,41 @@ storage_destination "dest_type" {

// missing source
verifyBad(`
storage_destination "dest_type" {
storage_destination "raft" {
path = "dest_path"
}`)

// missing destination
verifyBad(`
storage_source "src_type" {
storage_source "consul" {
path = "src_path"
}`)

// duplicate source
verifyBad(`
storage_source "src_type" {
storage_source "consul" {
path = "src_path"
}

storage_source "src_type2" {
storage_source "raft" {
path = "src_path"
}

storage_destination "dest_type" {
storage_destination "raft" {
path = "dest_path"
}`)

// duplicate destination
verifyBad(`
storage_source "src_type" {
storage_source "consul" {
path = "src_path"
}

storage_destination "dest_type" {
storage_destination "raft" {
path = "dest_path"
}

storage_destination "dest_type2" {
storage_destination "consul" {
path = "dest_path"
}`)
})
Expand Down
33 changes: 17 additions & 16 deletions command/server.go
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,12 @@ import (

systemd "github.com/coreos/go-systemd/daemon"
"github.com/google/go-cmp/cmp"
"github.com/posener/complete"
"github.com/sasha-s/go-deadlock"
"go.uber.org/atomic"
"golang.org/x/net/http/httpproxy"
"google.golang.org/grpc/grpclog"

"github.com/hashicorp/cli"
"github.com/hashicorp/errwrap"
"github.com/hashicorp/go-hclog"
Expand Down Expand Up @@ -62,11 +68,6 @@ import (
"github.com/hashicorp/vault/vault/plugincatalog"
vaultseal "github.com/hashicorp/vault/vault/seal"
"github.com/hashicorp/vault/version"
"github.com/posener/complete"
"github.com/sasha-s/go-deadlock"
"go.uber.org/atomic"
"golang.org/x/net/http/httpproxy"
"google.golang.org/grpc/grpclog"
)

var (
Expand Down Expand Up @@ -514,7 +515,7 @@ func (c *ServerCommand) runRecoveryMode() int {
}
if config.Storage.Type == storageTypeRaft || (config.HAStorage != nil && config.HAStorage.Type == storageTypeRaft) {
if envCA := os.Getenv("VAULT_CLUSTER_ADDR"); envCA != "" {
config.ClusterAddr = envCA
config.ClusterAddr = configutil.NormalizeAddr(envCA)
}

if len(config.ClusterAddr) == 0 {
Expand Down Expand Up @@ -742,9 +743,9 @@ func (c *ServerCommand) runRecoveryMode() int {
func logProxyEnvironmentVariables(logger hclog.Logger) {
proxyCfg := httpproxy.FromEnvironment()
cfgMap := map[string]string{
"http_proxy": proxyCfg.HTTPProxy,
"https_proxy": proxyCfg.HTTPSProxy,
"no_proxy": proxyCfg.NoProxy,
"http_proxy": configutil.NormalizeAddr(proxyCfg.HTTPProxy),
"https_proxy": configutil.NormalizeAddr(proxyCfg.HTTPSProxy),
"no_proxy": configutil.NormalizeAddr(proxyCfg.NoProxy),
}
for k, v := range cfgMap {
u, err := url.Parse(v)
Expand Down Expand Up @@ -2243,7 +2244,7 @@ func (c *ServerCommand) detectRedirect(detect physical.RedirectDetect,
}

// Return the URL string
return url.String(), nil
return configutil.NormalizeAddr(url.String()), nil
}

func (c *ServerCommand) Reload(lock *sync.RWMutex, reloadFuncs *map[string][]reloadutil.ReloadFunc, configPath []string, core *vault.Core) error {
Expand Down Expand Up @@ -2749,11 +2750,11 @@ func initHaBackend(c *ServerCommand, config *server.Config, coreConfig *vault.Co
func determineRedirectAddr(c *ServerCommand, coreConfig *vault.CoreConfig, config *server.Config) error {
var retErr error
if envRA := os.Getenv("VAULT_API_ADDR"); envRA != "" {
coreConfig.RedirectAddr = envRA
coreConfig.RedirectAddr = configutil.NormalizeAddr(envRA)
} else if envRA := os.Getenv("VAULT_REDIRECT_ADDR"); envRA != "" {
coreConfig.RedirectAddr = envRA
coreConfig.RedirectAddr = configutil.NormalizeAddr(envRA)
} else if envAA := os.Getenv("VAULT_ADVERTISE_ADDR"); envAA != "" {
coreConfig.RedirectAddr = envAA
coreConfig.RedirectAddr = configutil.NormalizeAddr(envAA)
}

// Attempt to detect the redirect address, if possible
Expand Down Expand Up @@ -2785,7 +2786,7 @@ func determineRedirectAddr(c *ServerCommand, coreConfig *vault.CoreConfig, confi
if c.flagDevTLS {
protocol = "https"
}
coreConfig.RedirectAddr = fmt.Sprintf("%s://%s", protocol, config.Listeners[0].Address)
coreConfig.RedirectAddr = configutil.NormalizeAddr(fmt.Sprintf("%s://%s", protocol, config.Listeners[0].Address))
}
return retErr
}
Expand All @@ -2794,7 +2795,7 @@ func findClusterAddress(c *ServerCommand, coreConfig *vault.CoreConfig, config *
if disableClustering {
coreConfig.ClusterAddr = ""
} else if envCA := os.Getenv("VAULT_CLUSTER_ADDR"); envCA != "" {
coreConfig.ClusterAddr = envCA
coreConfig.ClusterAddr = configutil.NormalizeAddr(envCA)
} else {
var addrToUse string
switch {
Expand Down Expand Up @@ -2826,7 +2827,7 @@ func findClusterAddress(c *ServerCommand, coreConfig *vault.CoreConfig, config *
u.Host = net.JoinHostPort(host, strconv.Itoa(nPort+1))
// Will always be TLS-secured
u.Scheme = "https"
coreConfig.ClusterAddr = u.String()
coreConfig.ClusterAddr = configutil.NormalizeAddr(u.String())
}

CLUSTER_SYNTHESIS_COMPLETE:
Expand Down
Loading
Loading