VAULT-15668: fix windows issues with -dev-tls flag (#20257)

* fix -dev-tls flag on windows * changelog * fix only hcl config * fix import * fmt
hashicorp · Apr 21, 2023 · 715f0ee · 715f0ee
1 parent 112c315
commit 715f0ee
Show file tree

Hide file tree

Showing 4 changed files with 48 additions and 2 deletions.
diff --git a/changelog/20257.txt b/changelog/20257.txt
@@ -0,0 +1,3 @@
+```release-note:bug
+command/server: Fix incorrect paths in generated config for `-dev-tls` flag on Windows 
+```
diff --git a/command/server/config.go b/command/server/config.go
@@ -179,7 +179,10 @@ func DevTLSConfig(storageType, certDir string) (*Config, error) {
 	if err := os.WriteFile(fmt.Sprintf("%s/%s", certDir, VaultDevKeyFilename), []byte(key), 0o400); err != nil {
 		return nil, err
 	}
+	return parseDevTLSConfig(storageType, certDir)
+}
 
+func parseDevTLSConfig(storageType, certDir string) (*Config, error) {
 	hclStr := `
 disable_mlock = true
 
@@ -202,8 +205,8 @@ storage "%s" {
 
 ui = true
 `
-
-	hclStr = fmt.Sprintf(hclStr, certDir, certDir, storageType)
+	certDirEscaped := strings.Replace(certDir, "\\", "\\\\", -1)
+	hclStr = fmt.Sprintf(hclStr, certDirEscaped, certDirEscaped, storageType)
 	parsed, err := ParseConfig(hclStr, "")
 	if err != nil {
 		return nil, err

diff --git a/command/server/config_test.go b/command/server/config_test.go
@@ -1,7 +1,10 @@
 package server
 
 import (
+	"fmt"
 	"testing"
+
+	"github.com/stretchr/testify/require"
 )
 
 func TestLoadConfigFile(t *testing.T) {
@@ -67,3 +70,29 @@ func TestUnknownFieldValidationHcl(t *testing.T) {
 func TestUnknownFieldValidationListenerAndStorage(t *testing.T) {
 	testUnknownFieldValidationStorageAndListener(t)
 }
+
+// Test_parseDevTLSConfig verifies that both Windows and Unix directories are correctly escaped when creating a dev TLS
+// configuration in HCL
+func Test_parseDevTLSConfig(t *testing.T) {
+	tests := []struct {
+		name          string
+		certDirectory string
+	}{
+		{
+			name:          "windows path",
+			certDirectory: `C:\Users\ADMINI~1\AppData\Local\Temp\2\vault-tls4169358130`,
+		},
+		{
+			name:          "unix path",
+			certDirectory: "/tmp/vault-tls4169358130",
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			cfg, err := parseDevTLSConfig("file", tt.certDirectory)
+			require.NoError(t, err)
+			require.Equal(t, fmt.Sprintf("%s/%s", tt.certDirectory, VaultDevCertFilename), cfg.Listeners[0].TLSCertFile)
+			require.Equal(t, fmt.Sprintf("%s/%s", tt.certDirectory, VaultDevKeyFilename), cfg.Listeners[0].TLSKeyFile)
+		})
+	}
+}
diff --git a/command/server_test.go b/command/server_test.go
@@ -21,6 +21,7 @@ import (
 	"github.com/hashicorp/vault/sdk/physical"
 	physInmem "github.com/hashicorp/vault/sdk/physical/inmem"
 	"github.com/mitchellh/cli"
+	"github.com/stretchr/testify/require"
 )
 
 func init() {
@@ -300,3 +301,13 @@ func TestServer(t *testing.T) {
 		})
 	}
 }
+
+// TestServer_DevTLS verifies that a vault server starts up correctly with the -dev-tls flag
+func TestServer_DevTLS(t *testing.T) {
+	ui, cmd := testServerCommand(t)
+	args := []string{"-dev-tls", "-dev-listen-address=127.0.0.1:0", "-test-server-config"}
+	retCode := cmd.Run(args)
+	output := ui.ErrorWriter.String() + ui.OutputWriter.String()
+	require.Equal(t, 0, retCode, output)
+	require.Contains(t, output, `tls: "enabled"`)
+}