hashicorp · VioletHynes · Jul 4, 2024 · Jun 24, 2024 · Jun 24, 2024 · Jun 24, 2024
@@ -0,0 +1,3 @@
+```release-note:change
+cli: The undocumented `-dev-three-node` and `-dev-four-cluster` CLI options have been removed.
+```
@@ -16,11 +16,6 @@ import (
 func entInitCommands(ui, serverCmdUi cli.Ui, runOpts *RunOptions, commands map[string]cli.CommandFactory) {
 }
 
-func entEnableFourClusterDev(c *ServerCommand, base *vault.CoreConfig, info map[string]string, infoKeys []string, tempDir string) int {
-	c.logger.Error("-dev-four-cluster only supported in enterprise Vault")
-	return 1
-}
-
 func entAdjustCoreConfig(config *server.Config, coreConfig *vault.CoreConfig) {
 }
 

@@ -21,7 +21,6 @@ import (
 	"github.com/hashicorp/vault/builtin/logical/pki"
 	"github.com/hashicorp/vault/builtin/logical/ssh"
 	"github.com/hashicorp/vault/builtin/logical/transit"
-	"github.com/hashicorp/vault/helper/benchhelpers"
 	"github.com/hashicorp/vault/helper/builtinplugins"
 	vaulthttp "github.com/hashicorp/vault/http"
 	"github.com/hashicorp/vault/sdk/logical"
@@ -190,12 +189,12 @@ func testVaultServerCoreConfig(tb testing.TB, coreConfig *vault.CoreConfig) (*ap
 func testVaultServerCoreConfigWithOpts(tb testing.TB, coreConfig *vault.CoreConfig, opts *vault.TestClusterOptions) (*api.Client, []string, func()) {
 	tb.Helper()
 
-	cluster := vault.NewTestCluster(benchhelpers.TBtoT(tb), coreConfig, opts)
+	cluster := vault.NewTestCluster(tb, coreConfig, opts)
 	cluster.Start()
 
 	// Make it easy to get access to the active
 	core := cluster.Cores[0].Core
-	vault.TestWaitActive(benchhelpers.TBtoT(tb), core)
+	vault.TestWaitActive(tb, core)
 
 	// Get the client already setup for us!
 	client := cluster.Cores[0].Client

@@ -11,7 +11,6 @@ import (
 	"errors"
 	"fmt"
 	"io"
-	"io/ioutil"
 	"net"
 	"net/http"
 	"net/url"
@@ -47,7 +46,6 @@ import (
 	loghelper "github.com/hashicorp/vault/helper/logging"
 	"github.com/hashicorp/vault/helper/metricsutil"
 	"github.com/hashicorp/vault/helper/namespace"
-	"github.com/hashicorp/vault/helper/testhelpers/teststorage"
 	"github.com/hashicorp/vault/helper/useragent"
 	vaulthttp "github.com/hashicorp/vault/http"
 	"github.com/hashicorp/vault/internalshared/configutil"
@@ -64,7 +62,6 @@ import (
 	"github.com/hashicorp/vault/vault/plugincatalog"
 	vaultseal "github.com/hashicorp/vault/vault/seal"
 	"github.com/hashicorp/vault/version"
-	"github.com/mitchellh/go-testing-interface"
 	"github.com/posener/complete"
 	"github.com/sasha-s/go-deadlock"
 	"go.uber.org/atomic"
@@ -138,8 +135,6 @@ type ServerCommand struct {
 	flagDevNoKV            bool
 	flagDevKVV1            bool
 	flagDevSkipInit        bool
-	flagDevThreeNode       bool
-	flagDevFourCluster     bool
 	flagDevTransactional   bool
 	flagDevAutoSeal        bool
 	flagDevClusterJson     string
@@ -374,20 +369,6 @@ func (c *ServerCommand) Flags() *FlagSets {
 		Hidden:  true,
 	})
 
-	f.BoolVar(&BoolVar{
-		Name:    "dev-three-node",
-		Target:  &c.flagDevThreeNode,
-		Default: false,
-		Hidden:  true,
-	})
-
-	f.BoolVar(&BoolVar{
-		Name:    "dev-four-cluster",
-		Target:  &c.flagDevFourCluster,
-		Default: false,
-		Hidden:  true,
-	})
-
 	f.BoolVar(&BoolVar{
 		Name:    "dev-consul",
 		Target:  &c.flagDevConsul,
@@ -1039,7 +1020,7 @@ func (c *ServerCommand) Run(args []string) int {
 	}
 
 	// Automatically enable dev mode if other dev flags are provided.
-	if c.flagDevConsul || c.flagDevHA || c.flagDevTransactional || c.flagDevLeasedKV || c.flagDevThreeNode || c.flagDevFourCluster || c.flagDevAutoSeal || c.flagDevKVV1 || c.flagDevNoKV || c.flagDevTLS {
+	if c.flagDevConsul || c.flagDevHA || c.flagDevTransactional || c.flagDevLeasedKV || c.flagDevAutoSeal || c.flagDevKVV1 || c.flagDevNoKV || c.flagDevTLS {
 		c.flagDev = true
 	}
 
@@ -1103,11 +1084,6 @@ func (c *ServerCommand) Run(args []string) int {
 
 	f.applyLogConfigOverrides(config.SharedConfig)
 
-	// Set 'trace' log level for the following 'dev' clusters
-	if c.flagDevThreeNode || c.flagDevFourCluster {
-		config.LogLevel = "trace"
-	}
-
 	l, err := c.configureLogging(config)
 	if err != nil {
 		c.UI.Error(err.Error())
@@ -1275,13 +1251,6 @@ func (c *ServerCommand) Run(args []string) int {
 	}()
 
 	coreConfig := createCoreConfig(c, config, backend, configSR, setSealResponse.barrierSeal, setSealResponse.unwrapSeal, metricsHelper, metricSink, secureRandomReader)
-	if c.flagDevThreeNode {
-		return c.enableThreeNodeDevCluster(&coreConfig, info, infoKeys, c.flagDevListenAddr, os.Getenv("VAULT_DEV_TEMP_DIR"))
-	}
-
-	if c.flagDevFourCluster {
-		return entEnableFourClusterDev(c, &coreConfig, info, infoKeys, os.Getenv("VAULT_DEV_TEMP_DIR"))
-	}
 
 	if allowPendingRemoval := os.Getenv(consts.EnvVaultAllowPendingRemovalMounts); allowPendingRemoval != "" {
 		var err error
@@ -1599,7 +1568,7 @@ func (c *ServerCommand) Run(args []string) int {
 			clusterJson.CACertPath = fmt.Sprintf("%s/%s", certDir, server.VaultDevCAFilename)
 		}
 
-		if c.flagDevClusterJson != "" && !c.flagDevThreeNode {
+		if c.flagDevClusterJson != "" {
 			b, err := jsonutil.EncodeJSON(clusterJson)
 			if err != nil {
 				c.UI.Error(fmt.Sprintf("Error encoding cluster.json: %s", err))
@@ -2115,245 +2084,6 @@ func (c *ServerCommand) enableDev(core *vault.Core, coreConfig *vault.CoreConfig
 	return init, nil
 }
 
-func (c *ServerCommand) enableThreeNodeDevCluster(base *vault.CoreConfig, info map[string]string, infoKeys []string, devListenAddress, tempDir string) int {
-	conf, opts := teststorage.ClusterSetup(base, &vault.TestClusterOptions{
-		HandlerFunc:       vaulthttp.Handler,
-		BaseListenAddress: c.flagDevListenAddr,
-		Logger:            c.logger,
-		TempDir:           tempDir,
-		DefaultHandlerProperties: vault.HandlerProperties{
-			ListenerConfig: &configutil.Listener{
-				Profiling: configutil.ListenerProfiling{
-					UnauthenticatedPProfAccess: true,
-				},
-				Telemetry: configutil.ListenerTelemetry{
-					UnauthenticatedMetricsAccess: true,
-				},
-			},
-		},
-	}, nil)
-	testCluster := vault.NewTestCluster(&testing.RuntimeT{}, conf, opts)
-	defer c.cleanupGuard.Do(testCluster.Cleanup)
-
-	if constants.IsEnterprise {
-		err := testcluster.WaitForActiveNodeAndPerfStandbys(context.Background(), testCluster)
-		if err != nil {
-			c.UI.Error(fmt.Sprintf("perf standbys didn't become ready: %v", err))
-			return 1
-		}
-	}
-
-	info["cluster parameters path"] = testCluster.TempDir
-	infoKeys = append(infoKeys, "cluster parameters path")
-
-	for i, core := range testCluster.Cores {
-		info[fmt.Sprintf("node %d api address", i)] = fmt.Sprintf("https://%s", core.Listeners[0].Address.String())
-		infoKeys = append(infoKeys, fmt.Sprintf("node %d api address", i))
-	}
-
-	infoKeys = append(infoKeys, "version")
-	verInfo := version.GetVersion()
-	info["version"] = verInfo.FullVersionNumber(false)
-	if verInfo.Revision != "" {
-		info["version sha"] = strings.Trim(verInfo.Revision, "'")
-		infoKeys = append(infoKeys, "version sha")
-	}
-
-	infoKeys = append(infoKeys, "cgo")
-	info["cgo"] = "disabled"
-	if version.CgoEnabled {
-		info["cgo"] = "enabled"
-	}
-
-	infoKeys = append(infoKeys, "go version")
-	info["go version"] = runtime.Version()
-
-	fipsStatus := entGetFIPSInfoKey()
-	if fipsStatus != "" {
-		infoKeys = append(infoKeys, "fips")
-		info["fips"] = fipsStatus
-	}
-
-	// Server configuration output
-	padding := 24
-
-	sort.Strings(infoKeys)
-	c.UI.Output("==> Vault server configuration:\n")
-
-	for _, k := range infoKeys {
-		c.UI.Output(fmt.Sprintf(
-			"%s%s: %s",
-			strings.Repeat(" ", padding-len(k)),
-			strings.Title(k),
-			info[k]))
-	}
-
-	c.UI.Output("")
-
-	for _, core := range testCluster.Cores {
-		core.Server.Handler = vaulthttp.Handler.Handler(&vault.HandlerProperties{
-			Core:           core.Core,
-			ListenerConfig: &configutil.Listener{},
-		})
-		core.SetClusterHandler(core.Server.Handler)
-	}
-
-	testCluster.Start()
-
-	ctx := namespace.ContextWithNamespace(context.Background(), namespace.RootNamespace)
-
-	if base.DevToken != "" {
-		req := &logical.Request{
-			ID:          "dev-gen-root",
-			Operation:   logical.UpdateOperation,
-			ClientToken: testCluster.RootToken,
-			Path:        "auth/token/create",
-			Data: map[string]interface{}{
-				"id":                base.DevToken,
-				"policies":          []string{"root"},
-				"no_parent":         true,
-				"no_default_policy": true,
-			},
-		}
-		resp, err := testCluster.Cores[0].HandleRequest(ctx, req)
-		if err != nil {
-			c.UI.Error(fmt.Sprintf("failed to create root token with ID %s: %s", base.DevToken, err))
-			return 1
-		}
-		if resp == nil {
-			c.UI.Error(fmt.Sprintf("nil response when creating root token with ID %s", base.DevToken))
-			return 1
-		}
-		if resp.Auth == nil {
-			c.UI.Error(fmt.Sprintf("nil auth when creating root token with ID %s", base.DevToken))
-			return 1
-		}
-
-		testCluster.RootToken = resp.Auth.ClientToken
-
-		req.ID = "dev-revoke-init-root"
-		req.Path = "auth/token/revoke-self"
-		req.Data = nil
-		_, err = testCluster.Cores[0].HandleRequest(ctx, req)
-		if err != nil {
-			c.UI.Output(fmt.Sprintf("failed to revoke initial root token: %s", err))
-			return 1
-		}
-	}
-
-	// Set the token
-	tokenHelper, err := c.TokenHelper()
-	if err != nil {
-		c.UI.Error(fmt.Sprintf("Error getting token helper: %s", err))
-		return 1
-	}
-	if err := tokenHelper.Store(testCluster.RootToken); err != nil {
-		c.UI.Error(fmt.Sprintf("Error storing in token helper: %s", err))
-		return 1
-	}
-
-	if err := ioutil.WriteFile(filepath.Join(testCluster.TempDir, "root_token"), []byte(testCluster.RootToken), 0o600); err != nil {
-		c.UI.Error(fmt.Sprintf("Error writing token to tempfile: %s", err))
-		return 1
-	}
-
-	c.UI.Output(fmt.Sprintf(
-		"==> Three node dev mode is enabled\n\n" +
-			"The unseal key and root token are reproduced below in case you\n" +
-			"want to seal/unseal the Vault or play with authentication.\n",
-	))
-
-	for i, key := range testCluster.BarrierKeys {
-		c.UI.Output(fmt.Sprintf(
-			"Unseal Key %d: %s",
-			i+1, base64.StdEncoding.EncodeToString(key),
-		))
-	}
-
-	c.UI.Output(fmt.Sprintf(
-		"\nRoot Token: %s\n", testCluster.RootToken,
-	))
-
-	c.UI.Output(fmt.Sprintf(
-		"\nUseful env vars:\n"+
-			"VAULT_TOKEN=%s\n"+
-			"VAULT_ADDR=%s\n"+
-			"VAULT_CACERT=%s/ca_cert.pem\n",
-		testCluster.RootToken,
-		testCluster.Cores[0].Client.Address(),
-		testCluster.TempDir,
-	))
-
-	if c.flagDevClusterJson != "" {
-		clusterJson := testcluster.ClusterJson{
-			Nodes:      []testcluster.ClusterNode{},
-			CACertPath: filepath.Join(testCluster.TempDir, "ca_cert.pem"),
-			RootToken:  testCluster.RootToken,
-		}
-		for _, core := range testCluster.Cores {
-			clusterJson.Nodes = append(clusterJson.Nodes, testcluster.ClusterNode{
-				APIAddress: core.Client.Address(),
-			})
-		}
-		b, err := jsonutil.EncodeJSON(clusterJson)
-		if err != nil {
-			c.UI.Error(fmt.Sprintf("Error encoding cluster.json: %s", err))
-			return 1
-		}
-		err = os.WriteFile(c.flagDevClusterJson, b, 0o600)
-		if err != nil {
-			c.UI.Error(fmt.Sprintf("Error writing cluster.json %q: %s", c.flagDevClusterJson, err))
-			return 1
-		}
-	}
-
-	// Output the header that the server has started
-	c.UI.Output("==> Vault server started! Log data will stream in below:\n")
-
-	// Inform any tests that the server is ready
-	select {
-	case c.startedCh <- struct{}{}:
-	default:
-	}
-
-	// Release the log gate.
-	c.flushLog()
-
-	// Wait for shutdown
-	shutdownTriggered := false
-
-	for !shutdownTriggered {
-		select {
-		case <-c.ShutdownCh:
-			c.UI.Output("==> Vault shutdown triggered")
-
-			// Stop the listeners so that we don't process further client requests.
-			c.cleanupGuard.Do(testCluster.Cleanup)
-
-			// Finalize will wait until after Vault is sealed, which means the
-			// request forwarding listeners will also be closed (and also
-			// waited for).
-			for _, core := range testCluster.Cores {
-				if err := core.Shutdown(); err != nil {
-					c.UI.Error(fmt.Sprintf("Error with core shutdown: %s", err))
-				}
-			}
-
-			shutdownTriggered = true
-
-		case <-c.SighupCh:
-			c.UI.Output("==> Vault reload triggered")
-			for _, core := range testCluster.Cores {
-				if err := c.Reload(core.ReloadFuncsLock, core.ReloadFuncs, nil, core.Core); err != nil {
-					c.UI.Error(fmt.Sprintf("Error(s) were encountered during reload: %s", err))
-				}
-			}
-		}
-	}
-
-	return 0
-}
-
 // addPlugin adds any plugins to the catalog
 func (c *ServerCommand) addPlugin(path, token string, core *vault.Core) error {
 	// Get the sha256 of the file at the given path.