oss part of license diagnose (hashicorp#11939)

jartek · Sep 11, 2021 · 5b117c7 · 5b117c7
1 parent c29b7ca
commit 5b117c7
Show file tree

Hide file tree

Showing 6 changed files with 53 additions and 5 deletions.
diff --git a/command/operator_diagnose.go b/command/operator_diagnose.go
@@ -12,6 +12,8 @@ import (
 
 	"golang.org/x/term"
 
+	"github.com/hashicorp/vault/helper/constants"
+
 	"github.com/docker/docker/pkg/ioutils"
 	"github.com/hashicorp/consul/api"
 	log "github.com/hashicorp/go-hclog"
@@ -531,6 +533,8 @@ SEALFAIL:
 	}
 	diagnose.SpotOk(ctx, "find-cluster-addr", "")
 
+	var vaultCore *vault.Core
+
 	// Run all the checks that are utilized when initializing a core object
 	// without actually calling core.Init. These are in the init-core section
 	// as they are runtime checks.
@@ -539,18 +543,41 @@ SEALFAIL:
 		if coreConfig.RawConfig == nil {
 			return fmt.Errorf(CoreConfigUninitializedErr)
 		}
-		_, newCoreError = vault.CreateCore(&coreConfig)
+		core, newCoreError := vault.CreateCore(&coreConfig)
 		if newCoreError != nil {
 			if vault.IsFatalError(newCoreError) {
 				return fmt.Errorf("Error initializing core: %s", newCoreError)
 			}
 			diagnose.Warn(ctx, wrapAtLength(
 				"WARNING! A non-fatal error occurred during initialization. Please "+
 					"check the logs for more information."))
+		} else {
+			vaultCore = core
 		}
 		return nil
 	})
 
+	if vaultCore == nil {
+		return fmt.Errorf("Diagnose could not initialize the vault core from the vault server configuration.")
+	}
+
+	licenseCtx, licenseSpan := diagnose.StartSpan(ctx, "autoloaded license")
+	// If we are not in enterprise, return from the check
+	if !constants.IsEnterprise {
+		diagnose.Skipped(licenseCtx, "License check will not run on OSS Vault.")
+	} else {
+		// Load License from environment variables. These take precedence over the
+		// configured license.
+		if envLicensePath := os.Getenv(EnvVaultLicensePath); envLicensePath != "" {
+			coreConfig.LicensePath = envLicensePath
+		}
+		if envLicense := os.Getenv(EnvVaultLicense); envLicense != "" {
+			coreConfig.License = envLicense
+		}
+		vault.DiagnoseCheckLicense(licenseCtx, vaultCore, coreConfig)
+	}
+	licenseSpan.End()
+
 	var lns []listenerutil.Listener
 	diagnose.Test(ctx, "init-listeners", func(ctx context.Context) error {
 		disableClustering := config.HAStorage != nil && config.HAStorage.DisableClustering

diff --git a/helper/constants/constants_oss.go b/helper/constants/constants_oss.go
@@ -0,0 +1,5 @@
+// +build !enterprise
+
+package constants
+
+var IsEnterprise = false
diff --git a/helper/testhelpers/testhelpers_oss.go b/helper/testhelpers/testhelpers_oss.go
@@ -7,8 +7,6 @@ import (
 	"github.com/mitchellh/go-testing-interface"
 )
 
-var IsEnterprise = false
-
 // WaitForActiveNodeAndStandbys does nothing more than wait for the active node
 // on OSS. On enterprise it waits for perf standbys to be healthy too.
 func WaitForActiveNodeAndStandbys(t testing.T, cluster *vault.TestCluster) {

diff --git a/vault/core_util.go b/vault/core_util.go
@@ -180,3 +180,7 @@ func (c *Core) AllowForwardingViaHeader() bool {
 func (c *Core) MissingRequiredState(raw []string, perfStandby bool) bool {
 	return false
 }
+
+func DiagnoseCheckLicense(ctx context.Context, vaultCore *Core, coreConfig CoreConfig) (bool, []string) {
+	return false, nil
+}
diff --git a/vault/diagnose/constants.go b/vault/diagnose/constants.go
@@ -0,0 +1,13 @@
+package diagnose
+
+const (
+	AutoLoadedLicenseValidatorError    = "Autoloaded license could not be validated: "
+	AutoloadedLicenseValidationError   = "Autoloaded license validation failed due to error: "
+	LicenseAutoloadingError            = "license could not be autoloaded: "
+	StoredLicenseNoAutoloadingWarning  = "Vault is using a stored license, which is deprecated! Vault should use autoloaded licenses instead."
+	NoStoredOrAutoloadedLicenseWarning = "No autoloaded or stored license could be detected. If the binary is not a pro/prem binary, this means Vault does not have access to a license at all."
+	LicenseExpiredError                = "Autoloaded license is expired."
+	LicenseExpiryThresholdWarning      = "Autoloaded license will expire "
+	LicenseTerminatedError             = "Autoloaded license is terminated."
+	LicenseTerminationThresholdWarning = "Autoloaded license will be terminated "
+)
diff --git a/vault/external_tests/raft/raft_test.go b/vault/external_tests/raft/raft_test.go
@@ -16,6 +16,7 @@ import (
 	"github.com/hashicorp/go-uuid"
 	"github.com/hashicorp/vault/api"
 	credUserpass "github.com/hashicorp/vault/builtin/credential/userpass"
+	"github.com/hashicorp/vault/helper/constants"
 	"github.com/hashicorp/vault/helper/namespace"
 	"github.com/hashicorp/vault/helper/testhelpers"
 	"github.com/hashicorp/vault/helper/testhelpers/teststorage"
@@ -570,7 +571,7 @@ func TestRaft_SnapshotAPI_RekeyRotate_Backward(t *testing.T) {
 		},
 	}
 
-	if testhelpers.IsEnterprise {
+	if constants.IsEnterprise {
 		tCases = append(tCases, []testCase{
 			{
 				Name:               "rekey-with-perf-standby",
@@ -764,7 +765,7 @@ func TestRaft_SnapshotAPI_RekeyRotate_Forward(t *testing.T) {
 		},
 	}
 
-	if testhelpers.IsEnterprise {
+	if constants.IsEnterprise {
 		tCases = append(tCases, []testCase{
 			{
 				Name:               "rekey-with-perf-standby",