diff --git a/CHANGELOG.md b/CHANGELOG.md index efcde151a9..0c611b5185 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -417,7 +417,7 @@ BUG FIXES: DEPRECATIONS/CHANGES: * HSM config parameter requirements: When using Vault with an HSM, a new - paramter is required: `hmac_key_label`. This performs a similar function to + parameter is required: `hmac_key_label`. This performs a similar function to `key_label` but for the HMAC key Vault will use. Vault will generate a suitable key if this value is specified and `generate_key` is set true. * API HTTP client behavior: When calling `NewClient` the API no longer @@ -694,7 +694,7 @@ FEATURES: * **GCP IAM Auth Backend**: There is now an authentication backend that allows using GCP IAM credentials to retrieve Vault tokens. This is available as both a plugin and built-in to Vault. - * **PingID Push Support for Path-Baased MFA (Enterprise)**: PingID Push can + * **PingID Push Support for Path-Based MFA (Enterprise)**: PingID Push can now be used for MFA with the new path-based MFA introduced in Vault Enterprise 0.8. * **Permitted DNS Domains Support in PKI**: The `pki` backend now supports @@ -820,7 +820,7 @@ IMPROVEMENTS: client certificate verification when `tls_require_and_verify_client_cert` is enabled [GH-3034] * storage/cockroachdb: Add CockroachDB storage backend [GH-2713] - * storage/couchdb: Add CouchhDB storage backend [GH-2880] + * storage/couchdb: Add CouchDB storage backend [GH-2880] * storage/mssql: Add `max_parallel` [GH-3026] * storage/postgresql: Add `max_parallel` [GH-3026] * storage/postgresql: Improve listing speed [GH-2945] diff --git a/Makefile b/Makefile index 65a194db79..eeafd65527 100644 --- a/Makefile +++ b/Makefile @@ -15,7 +15,7 @@ GO_VERSION_MIN=1.9 default: dev -# bin generates the releaseable binaries for Vault +# bin generates the releasable binaries for Vault bin: prep @CGO_ENABLED=0 BUILD_TAGS='$(BUILD_TAGS)' sh -c "'$(CURDIR)/scripts/build.sh'" diff --git a/api/logical.go b/api/logical.go index 0d5e7d495a..b19b274684 100644 --- a/api/logical.go +++ b/api/logical.go @@ -178,7 +178,7 @@ func (c *Logical) Unwrap(wrappingToken string) (*Secret, error) { wrappedSecret := new(Secret) buf := bytes.NewBufferString(secret.Data["response"].(string)) if err := jsonutil.DecodeJSONFromReader(buf, wrappedSecret); err != nil { - return nil, fmt.Errorf("error unmarshaling wrapped secret: %s", err) + return nil, fmt.Errorf("error unmarshalling wrapped secret: %s", err) } return wrappedSecret, nil diff --git a/api/secret_test.go b/api/secret_test.go index d990b99d1a..6368e9903a 100644 --- a/api/secret_test.go +++ b/api/secret_test.go @@ -1190,7 +1190,7 @@ func TestSecret_TokenMetadata(t *testing.T) { false, }, { - "real_auth_metdata", + "real_auth_metadata", &api.Secret{ Auth: &api.SecretAuth{ Metadata: map[string]string{"foo": "bar"}, diff --git a/api/sys_auth.go b/api/sys_auth.go index 08ca54cf0d..9e26da39b8 100644 --- a/api/sys_auth.go +++ b/api/sys_auth.go @@ -78,7 +78,7 @@ func (c *Sys) DisableAuth(path string) error { } // Structures for the requests/resposne are all down here. They aren't -// individually documentd because the map almost directly to the raw HTTP API +// individually documented because the map almost directly to the raw HTTP API // documentation. Please refer to that documentation for more details. type EnableAuthOptions struct { diff --git a/builtin/credential/approle/path_role.go b/builtin/credential/approle/path_role.go index 08b3ff4f9d..9c44986a4a 100644 --- a/builtin/credential/approle/path_role.go +++ b/builtin/credential/approle/path_role.go @@ -88,7 +88,7 @@ type roleIDStorageEntry struct { // role//bound-cidr-list - For updating the param // role//period - For updating the param // role//role-id - For fetching the role_id of an role -// role//secret-id - For issuing a secret_id against an role, also to list the secret_id_accessorss +// role//secret-id - For issuing a secret_id against an role, also to list the secret_id_accessors // role//custom-secret-id - For assigning a custom SecretID against an role // role//secret-id/lookup - For reading the properties of a secret_id // role//secret-id/destroy - For deleting a secret_id diff --git a/builtin/credential/approle/validation.go b/builtin/credential/approle/validation.go index 559e14140c..5ec11097d6 100644 --- a/builtin/credential/approle/validation.go +++ b/builtin/credential/approle/validation.go @@ -235,7 +235,7 @@ func (b *backend) validateBindSecretID(ctx context.Context, req *logical.Request } // If there exists a single use left, delete the SecretID entry from - // the storage but do not fail the validation request. Subsequest + // the storage but do not fail the validation request. Subsequent // requests to use the same SecretID will fail. if result.SecretIDNumUses == 1 { // Delete the secret IDs accessor first diff --git a/builtin/credential/aws/backend.go b/builtin/credential/aws/backend.go index dfd217c00d..6e789a2b81 100644 --- a/builtin/credential/aws/backend.go +++ b/builtin/credential/aws/backend.go @@ -46,7 +46,7 @@ type backend struct { // tidy the blacklist and whitelist entries. tidyCooldownPeriod time.Duration - // nextTidyTime holds the time at which the periodic func should initiatite + // nextTidyTime holds the time at which the periodic func should initiate // the tidy operations. This is set by the periodicFunc based on the value // of tidyCooldownPeriod. nextTidyTime time.Time diff --git a/builtin/credential/aws/backend_test.go b/builtin/credential/aws/backend_test.go index bb186df7ec..df0d5b5146 100644 --- a/builtin/credential/aws/backend_test.go +++ b/builtin/credential/aws/backend_test.go @@ -1173,7 +1173,7 @@ func TestBackendAcc_LoginWithInstanceIdentityDocAndWhitelistIdentity(t *testing. t.Fatalf("bad: failed to login: resp:%#v\nerr:%v", resp, err) } - // Attempt to re-login with the identity signture + // Attempt to re-login with the identity signature delete(loginInput, "pkcs7") loginInput["identity"] = identityDoc loginInput["signature"] = identityDocSig diff --git a/builtin/credential/aws/path_config_certificate.go b/builtin/credential/aws/path_config_certificate.go index 8b492cf9c2..3c6f64ab6d 100644 --- a/builtin/credential/aws/path_config_certificate.go +++ b/builtin/credential/aws/path_config_certificate.go @@ -416,14 +416,14 @@ func (b *backend) pathConfigCertificateCreateUpdate(ctx context.Context, req *lo } // Struct awsPublicCert holds the AWS Public Key that is used to verify the PKCS#7 signature -// of the instnace identity document. +// of the instance identity document. type awsPublicCert struct { AWSPublicCert string `json:"aws_public_cert"` Type string `json:"type"` } const pathConfigCertificateSyn = ` -Adds the AWS Public Key that is used to verify the PKCS#7 signature of the identidy document. +Adds the AWS Public Key that is used to verify the PKCS#7 signature of the identity document. ` const pathConfigCertificateDesc = ` diff --git a/builtin/credential/aws/path_login.go b/builtin/credential/aws/path_login.go index 0a78b8b10f..6bd0291799 100644 --- a/builtin/credential/aws/path_login.go +++ b/builtin/credential/aws/path_login.go @@ -841,7 +841,7 @@ func (b *backend) pathLoginUpdateEc2(ctx context.Context, req *logical.Request, // handleRoleTagLogin is used to fetch the role tag of the instance and // verifies it to be correct. Then the policies for the login request will be -// set off of the role tag, if certain creteria satisfies. +// set off of the role tag, if certain criteria satisfies. func (b *backend) handleRoleTagLogin(ctx context.Context, s logical.Storage, roleName string, roleEntry *awsRoleEntry, instance *ec2.Instance) (*roleTagLoginResponse, error) { if roleEntry == nil { return nil, fmt.Errorf("nil role entry") @@ -1467,7 +1467,7 @@ func buildHttpRequest(method, endpoint string, parsedUrl *url.URL, body string, // The use cases we want to support, in order of increasing complexity, are: // 1. All defaults (client assumes sts.amazonaws.com and server has no override) // 2. Alternate STS regions: client wants to go to a specific region, in which case - // Vault must be confiugred with that endpoint as well. The client's signed request + // Vault must be configured with that endpoint as well. The client's signed request // will include a signature over what the client expects the Host header to be, // so we cannot change that and must match. // 3. Alternate STS regions with a proxy that is transparent to Vault's clients. @@ -1477,14 +1477,14 @@ func buildHttpRequest(method, endpoint string, parsedUrl *url.URL, body string, // It's also annoying because: // 1. The AWS Sigv4 algorithm requires the Host header to be defined // 2. Some of the official SDKs (at least botocore and aws-sdk-go) don't actually - // incude an explicit Host header in the HTTP requests they generate, relying on + // include an explicit Host header in the HTTP requests they generate, relying on // the underlying HTTP library to do that for them. // 3. To get a validly signed request, the SDKs check if a Host header has been set // and, if not, add an inferred host header (based on the URI) to the internal // data structure used for calculating the signature, but never actually expose // that to clients. So then they just "hope" that the underlying library actually // adds the right Host header which was included in the signature calculation. - // We could either explicity require all Vault clients to explicitly add the Host header + // We could either explicitly require all Vault clients to explicitly add the Host header // in the encoded request, or we could also implicitly infer it from the URI. // We choose to support both -- allow you to explicitly set a Host header, but if not, // infer one from the URI. @@ -1706,7 +1706,7 @@ implemented based on that inferred type. An EC2 instance is authenticated using the PKCS#7 signature of the instance identity document and a client created nonce. This nonce should be unique and should be used by -the instance for all future logins, unless 'disallow_reauthenitcation' option on the +the instance for all future logins, unless 'disallow_reauthentication' option on the registered role is enabled, in which case client nonce is optional. First login attempt, creates a whitelist entry in Vault associating the instance to the nonce diff --git a/builtin/credential/aws/path_role_tag.go b/builtin/credential/aws/path_role_tag.go index a1cc1df4f8..21bed1ff15 100644 --- a/builtin/credential/aws/path_role_tag.go +++ b/builtin/credential/aws/path_role_tag.go @@ -390,7 +390,7 @@ func createRoleTagNonce() (string, error) { } } -// Struct roleTag represents a role tag in a struc form. +// Struct roleTag represents a role tag in a struct form. type roleTag struct { Version string `json:"version"` InstanceID string `json:"instance_id"` diff --git a/builtin/credential/cert/backend_test.go b/builtin/credential/cert/backend_test.go index 1e23ee0075..e12fca70ba 100644 --- a/builtin/credential/cert/backend_test.go +++ b/builtin/credential/cert/backend_test.go @@ -1444,7 +1444,7 @@ func Test_Renew(t *testing.T) { t.Fatal("expected error") } - // Put the policies back, this shold be okay + // Put the policies back, this should be okay fd.Raw["policies"] = "bar,foo" resp, err = b.pathCertWrite(context.Background(), req, fd) if err != nil { diff --git a/builtin/credential/cert/cli.go b/builtin/credential/cert/cli.go index 3c45b855d1..4a470c8961 100644 --- a/builtin/credential/cert/cli.go +++ b/builtin/credential/cert/cli.go @@ -42,7 +42,7 @@ func (h *CLIHandler) Help() string { help := ` Usage: vault login -method=cert [CONFIG K=V...] - The certificate auth method allows uers to authenticate with a + The certificate auth method allows users to authenticate with a client certificate passed with the request. The -client-cert and -client-key flags are included with the "vault login" command, NOT as configuration to the auth method. diff --git a/builtin/credential/cert/path_login.go b/builtin/credential/cert/path_login.go index 51f7b59fb5..f634761521 100644 --- a/builtin/credential/cert/path_login.go +++ b/builtin/credential/cert/path_login.go @@ -266,7 +266,7 @@ func (b *backend) verifyCredentials(ctx context.Context, req *logical.Request, d func (b *backend) matchesConstraints(clientCert *x509.Certificate, trustedChain []*x509.Certificate, config *ParsedCert) bool { return !b.checkForChainInCRLs(trustedChain) && b.matchesNames(clientCert, config) && - b.matchesCertificateExtenions(clientCert, config) + b.matchesCertificateExtensions(clientCert, config) } // matchesNames verifies that the certificate matches at least one configured @@ -297,9 +297,9 @@ func (b *backend) matchesNames(clientCert *x509.Certificate, config *ParsedCert) return false } -// matchesCertificateExtenions verifies that the certificate matches configured +// matchesCertificateExtensions verifies that the certificate matches configured // required extensions -func (b *backend) matchesCertificateExtenions(clientCert *x509.Certificate, config *ParsedCert) bool { +func (b *backend) matchesCertificateExtensions(clientCert *x509.Certificate, config *ParsedCert) bool { // If no required extensions, nothing to check here if len(config.Entry.RequiredExtensions) == 0 { return true diff --git a/builtin/credential/ldap/backend.go b/builtin/credential/ldap/backend.go index 8a2ea3d331..a94b7ffc2c 100644 --- a/builtin/credential/ldap/backend.go +++ b/builtin/credential/ldap/backend.go @@ -421,5 +421,5 @@ to set of policies. Configuration of the server is done through the "config" and "groups" endpoints by a user with root access. Authentication is then done -by suppying the two fields for "login". +by supplying the two fields for "login". ` diff --git a/builtin/credential/ldap/backend_test.go b/builtin/credential/ldap/backend_test.go index c056b4119f..be4c1e6db3 100644 --- a/builtin/credential/ldap/backend_test.go +++ b/builtin/credential/ldap/backend_test.go @@ -449,7 +449,7 @@ func testAccStepLogin(t *testing.T, user string, pass string) logicaltest.TestSt }, Unauthenticated: true, - // Verifies user tesla maps to groups via local group (engineers) as well as remote group (Scientiests) + // Verifies user tesla maps to groups via local group (engineers) as well as remote group (Scientists) Check: logicaltest.TestCheckAuth([]string{"bar", "default", "foo"}), } } @@ -463,7 +463,7 @@ func testAccStepLoginNoGroupDN(t *testing.T, user string, pass string) logicalte }, Unauthenticated: true, - // Verifies a search without defined GroupDN returns a warnting rather than failing + // Verifies a search without defined GroupDN returns a warning rather than failing Check: func(resp *logical.Response) error { if len(resp.Warnings) != 1 { return fmt.Errorf("expected a warning due to no group dn, got: %#v", resp.Warnings) diff --git a/builtin/credential/okta/backend.go b/builtin/credential/okta/backend.go index 19718ff501..1610e9b1a0 100644 --- a/builtin/credential/okta/backend.go +++ b/builtin/credential/okta/backend.go @@ -106,7 +106,7 @@ func (b *backend) Login(ctx context.Context, req *logical.Request, username stri Data: map[string]interface{}{}, } - // More about Okta's Auth transation state here: + // More about Okta's Auth transaction state here: // https://developer.okta.com/docs/api/resources/authn#transaction-state // If lockout failures are not configured to be hidden, the status needs to @@ -321,5 +321,5 @@ groups are pulled down from Okta. Configuration of the connection is done through the "config" and "policies" endpoints by a user with root access. Authentication is then done -by suppying the two fields for "login". +by supplying the two fields for "login". ` diff --git a/builtin/credential/okta/path_config.go b/builtin/credential/okta/path_config.go index 365af74f4e..58f92571a6 100644 --- a/builtin/credential/okta/path_config.go +++ b/builtin/credential/okta/path_config.go @@ -40,7 +40,7 @@ func pathConfig(b *backend) *framework.Path { }, "base_url": &framework.FieldSchema{ Type: framework.TypeString, - Description: `The base domain to use for the Okta API. When not specified in the configuraiton, "okta.com" is used.`, + Description: `The base domain to use for the Okta API. When not specified in the configuration, "okta.com" is used.`, }, "production": &framework.FieldSchema{ Type: framework.TypeBool, diff --git a/builtin/credential/radius/backend.go b/builtin/credential/radius/backend.go index 77fa8f5cf7..2681f3d5f4 100644 --- a/builtin/credential/radius/backend.go +++ b/builtin/credential/radius/backend.go @@ -59,8 +59,8 @@ a RADIUS server, checking username and associating users to set of policies. Configuration of the server is done through the "config" and "users" -endpoints by a user with approriate access mandated by policy. -Authentication is then done by suppying the two fields for "login". +endpoints by a user with appropriate access mandated by policy. +Authentication is then done by supplying the two fields for "login". The backend optionally allows to grant a set of policies to any user that successfully authenticates against the RADIUS server, diff --git a/builtin/credential/userpass/backend.go b/builtin/credential/userpass/backend.go index 1c07701e65..19e62cf7a6 100644 --- a/builtin/credential/userpass/backend.go +++ b/builtin/credential/userpass/backend.go @@ -56,5 +56,5 @@ are supported. The username/password combination is configured using the "users/" endpoints by a user with root access. Authentication is then done -by suppying the two fields for "login". +by supplying the two fields for "login". ` diff --git a/builtin/logical/aws/path_config_root.go b/builtin/logical/aws/path_config_root.go index 12d8142928..d3503410a5 100644 --- a/builtin/logical/aws/path_config_root.go +++ b/builtin/logical/aws/path_config_root.go @@ -91,6 +91,6 @@ Configure the root credentials that are used to manage IAM. const pathConfigRootHelpDesc = ` Before doing anything, the AWS backend needs credentials that are able to manage IAM policies, users, access keys, etc. This endpoint is used -to configure those credentials. They don't necessarilly need to be root +to configure those credentials. They don't necessarily need to be root keys as long as they have permission to manage IAM. ` diff --git a/builtin/logical/cassandra/path_config_connection.go b/builtin/logical/cassandra/path_config_connection.go index ef37ead2c7..5251f3369a 100644 --- a/builtin/logical/cassandra/path_config_connection.go +++ b/builtin/logical/cassandra/path_config_connection.go @@ -213,7 +213,7 @@ Configure the connection information to talk to Cassandra. const pathConfigConnectionHelpDesc = ` This path configures the connection information used to connect to Cassandra. -"hosts" is a comma-deliniated list of hostnames in the Cassandra cluster. +"hosts" is a comma-delimited list of hostnames in the Cassandra cluster. "username" and "password" are self-explanatory, although the given user must have superuser access within Cassandra. Note that since this backend diff --git a/builtin/logical/cassandra/path_roles.go b/builtin/logical/cassandra/path_roles.go index 9e37dd6013..9e7c8c1b11 100644 --- a/builtin/logical/cassandra/path_roles.go +++ b/builtin/logical/cassandra/path_roles.go @@ -186,7 +186,7 @@ If no "creation_cql" parameter is given, a default will be used: This default should be suitable for Cassandra installations using the password authenticator but not configured to use authorization. -Similarly, the "rollback_cql" is used if user creation fails, in the absense of +Similarly, the "rollback_cql" is used if user creation fails, in the absence of Cassandra transactions. The default should be suitable for almost any instance of Cassandra: diff --git a/builtin/logical/cassandra/test-fixtures/cassandra.yaml b/builtin/logical/cassandra/test-fixtures/cassandra.yaml index 004c04e68c..e8535107c8 100644 --- a/builtin/logical/cassandra/test-fixtures/cassandra.yaml +++ b/builtin/logical/cassandra/test-fixtures/cassandra.yaml @@ -250,7 +250,7 @@ commit_failure_policy: stop # # Valid values are either "auto" (omitting the value) or a value greater 0. # -# Note that specifying a too large value will result in long running GCs and possbily +# Note that specifying a too large value will result in long running GCs and possibly # out-of-memory errors. Keep the value at a small fraction of the heap. # # If you constantly see "prepared statements discarded in the last minute because @@ -259,7 +259,7 @@ commit_failure_policy: stop # i.e. use bind markers for variable parts. # # Do only change the default value, if you really have more prepared statements than -# fit in the cache. In most cases it is not neccessary to change this value. +# fit in the cache. In most cases it is not necessary to change this value. # Constantly re-preparing statements is a performance penalty. # # Default value ("auto") is 1/256th of the heap or 10MB, whichever is greater @@ -1021,7 +1021,7 @@ client_encryption_options: keystore: conf/.keystore keystore_password: cassandra # require_client_auth: false - # Set trustore and truststore_password if require_client_auth is true + # Set truststore and truststore_password if require_client_auth is true # truststore: conf/.truststore # truststore_password: cassandra # More advanced defaults below: @@ -1080,7 +1080,7 @@ windows_timer_interval: 1 # Enables encrypting data at-rest (on disk). Different key providers can be plugged in, but the default reads from # a JCE-style keystore. A single keystore can hold multiple keys, but the one referenced by -# the "key_alias" is the only key that will be used for encrypt opertaions; previously used keys +# the "key_alias" is the only key that will be used for encrypt operations; previously used keys # can still (and should!) be in the keystore and will be used on decrypt operations # (to handle the case of key rotation). # @@ -1114,7 +1114,7 @@ transparent_data_encryption_options: # tombstones seen in memory so we can return them to the coordinator, which # will use them to make sure other replicas also know about the deleted rows. # With workloads that generate a lot of tombstones, this can cause performance -# problems and even exaust the server heap. +# problems and even exhaust the server heap. # (http://www.datastax.com/dev/blog/cassandra-anti-patterns-queues-and-queue-like-datasets) # Adjust the thresholds here if you understand the dangers and want to # scan more tombstones anyway. These thresholds may also be adjusted at runtime diff --git a/builtin/logical/database/backend_test.go b/builtin/logical/database/backend_test.go index ba7185ba63..07e462069c 100644 --- a/builtin/logical/database/backend_test.go +++ b/builtin/logical/database/backend_test.go @@ -614,7 +614,7 @@ func TestBackend_roleCrud(t *testing.T) { } if !reflect.DeepEqual(expected, actual) { - t.Fatalf("Statements did not match, exepected %#v, got %#v", expected, actual) + t.Fatalf("Statements did not match, expected %#v, got %#v", expected, actual) } // Delete the role diff --git a/builtin/logical/database/dbplugin/client.go b/builtin/logical/database/dbplugin/client.go index cc09be075d..31c5efbc0f 100644 --- a/builtin/logical/database/dbplugin/client.go +++ b/builtin/logical/database/dbplugin/client.go @@ -67,7 +67,7 @@ func newPluginClient(ctx context.Context, sys pluginutil.RunnerUtil, pluginRunne return nil, errors.New("unsupported client type") } - // Wrap RPC implimentation in DatabasePluginClient + // Wrap RPC implementation in DatabasePluginClient return &DatabasePluginClient{ client: client, Database: db, diff --git a/builtin/logical/database/dbplugin/plugin.go b/builtin/logical/database/dbplugin/plugin.go index 184791a1cf..f776049a6b 100644 --- a/builtin/logical/database/dbplugin/plugin.go +++ b/builtin/logical/database/dbplugin/plugin.go @@ -46,7 +46,7 @@ func PluginFactory(ctx context.Context, pluginName string, sys pluginutil.LookRu var ok bool db, ok = dbRaw.(Database) if !ok { - return nil, fmt.Errorf("unsuported database type: %s", pluginName) + return nil, fmt.Errorf("unsupported database type: %s", pluginName) } transport = "builtin" diff --git a/builtin/logical/database/dbplugin/plugin_test.go b/builtin/logical/database/dbplugin/plugin_test.go index 438e7aaf7b..1547fcf908 100644 --- a/builtin/logical/database/dbplugin/plugin_test.go +++ b/builtin/logical/database/dbplugin/plugin_test.go @@ -258,7 +258,7 @@ func TestPlugin_RevokeUser(t *testing.T) { t.Fatalf("err: %s", err) } - // Test default revoke statememts + // Test default revoke statements err = db.RevokeUser(context.Background(), dbplugin.Statements{}, us) if err != nil { t.Fatalf("err: %s", err) @@ -398,7 +398,7 @@ func TestPlugin_NetRPC_RevokeUser(t *testing.T) { t.Fatalf("err: %s", err) } - // Test default revoke statememts + // Test default revoke statements err = db.RevokeUser(context.Background(), dbplugin.Statements{}, us) if err != nil { t.Fatalf("err: %s", err) diff --git a/builtin/logical/database/path_creds_create.go b/builtin/logical/database/path_creds_create.go index aaab1b7666..b32929348a 100644 --- a/builtin/logical/database/path_creds_create.go +++ b/builtin/logical/database/path_creds_create.go @@ -70,7 +70,7 @@ func (b *databaseBackend) pathCredsCreateRead() framework.OperationFunc { db, err = b.createDBObj(ctx, req.Storage, role.DBName) if err != nil { unlockFunc() - return nil, fmt.Errorf("cound not retrieve db with name: %s, got error: %s", role.DBName, err) + return nil, fmt.Errorf("could not retrieve db with name: %s, got error: %s", role.DBName, err) } } diff --git a/builtin/logical/database/secret_creds.go b/builtin/logical/database/secret_creds.go index e1eea2dffd..55f6220be1 100644 --- a/builtin/logical/database/secret_creds.go +++ b/builtin/logical/database/secret_creds.go @@ -64,7 +64,7 @@ func (b *databaseBackend) secretCredsRenew() framework.OperationFunc { db, err = b.createDBObj(ctx, req.Storage, role.DBName) if err != nil { unlockFunc() - return nil, fmt.Errorf("cound not retrieve db with name: %s, got error: %s", role.DBName, err) + return nil, fmt.Errorf("could not retrieve db with name: %s, got error: %s", role.DBName, err) } } @@ -123,7 +123,7 @@ func (b *databaseBackend) secretCredsRevoke() framework.OperationFunc { db, err = b.createDBObj(ctx, req.Storage, role.DBName) if err != nil { unlockFunc() - return nil, fmt.Errorf("cound not retrieve db with name: %s, got error: %s", role.DBName, err) + return nil, fmt.Errorf("could not retrieve db with name: %s, got error: %s", role.DBName, err) } } diff --git a/builtin/logical/mssql/secret_creds.go b/builtin/logical/mssql/secret_creds.go index 5573218ee8..4731c0751a 100644 --- a/builtin/logical/mssql/secret_creds.go +++ b/builtin/logical/mssql/secret_creds.go @@ -141,7 +141,7 @@ func (b *backend) secretCredsRevoke(ctx context.Context, req *logical.Request, d // can't drop if not all database users are dropped if rows.Err() != nil { - return nil, fmt.Errorf("cound not generate sql statements for all rows: %s", rows.Err()) + return nil, fmt.Errorf("could not generate sql statements for all rows: %s", rows.Err()) } if lastStmtError != nil { return nil, fmt.Errorf("could not perform all sql statements: %s", lastStmtError) diff --git a/builtin/logical/mysql/path_role_create.go b/builtin/logical/mysql/path_role_create.go index 523c3d78af..2b216ccf8c 100644 --- a/builtin/logical/mysql/path_role_create.go +++ b/builtin/logical/mysql/path_role_create.go @@ -59,8 +59,8 @@ func (b *backend) pathRoleCreateRead(ctx context.Context, req *logical.Request, // - the token display name, truncated to role.displaynameLength (default 4) // - a UUID // - // the entire contactenated string is then truncated to role.usernameLength, - // which by default is 16 due to limitations in older but still-prevalant + // the entire concatenated string is then truncated to role.usernameLength, + // which by default is 16 due to limitations in older but still-prevalent // versions of MySQL. roleName := name if len(roleName) > role.RolenameLength { diff --git a/builtin/logical/nomad/backend_test.go b/builtin/logical/nomad/backend_test.go index dd4eb4e0c0..0eb45853d3 100644 --- a/builtin/logical/nomad/backend_test.go +++ b/builtin/logical/nomad/backend_test.go @@ -212,7 +212,7 @@ func TestBackend_renew_revoke(t *testing.T) { if err := mapstructure.Decode(resp.Data, &d); err != nil { t.Fatal(err) } - t.Logf("[WARN] Generated token: %s with accesor %s", d.Token, d.Accessor) + t.Logf("[WARN] Generated token: %s with accessor %s", d.Token, d.Accessor) // Build a client and verify that the credentials work nomadapiConfig := nomadapi.DefaultConfig() diff --git a/builtin/logical/nomad/path_creds_create.go b/builtin/logical/nomad/path_creds_create.go index cb5930c75c..4d68f017fb 100644 --- a/builtin/logical/nomad/path_creds_create.go +++ b/builtin/logical/nomad/path_creds_create.go @@ -56,7 +56,7 @@ func (b *backend) pathTokenRead(ctx context.Context, req *logical.Request, d *fr // Generate a name for the token tokenName := fmt.Sprintf("vault-%s-%s-%d", name, req.DisplayName, time.Now().UnixNano()) - // Handling nomad maximum token lenght + // Handling nomad maximum token length // https://github.com/hashicorp/nomad/blob/d9276e22b3b74674996fb548cdb6bc4c70d5b0e4/nomad/structs/structs.go#L115 if len(tokenName) > 64 { tokenName = tokenName[0:63] diff --git a/builtin/logical/pki/backend_test.go b/builtin/logical/pki/backend_test.go index ab250f1c2c..b7113ae775 100644 --- a/builtin/logical/pki/backend_test.go +++ b/builtin/logical/pki/backend_test.go @@ -592,7 +592,7 @@ func generateURLSteps(t *testing.T, caCert, caKey string, intdata, reqdata map[s return fmt.Errorf("expected an error response but did not get one") } if !strings.Contains(resp.Data["error"].(string), "2048") { - return fmt.Errorf("recieved an error but not about a 1024-bit key, error was: %s", resp.Data["error"].(string)) + return fmt.Errorf("received an error but not about a 1024-bit key, error was: %s", resp.Data["error"].(string)) } return nil @@ -2445,7 +2445,7 @@ func TestBackend_SignVerbatim(t *testing.T) { } } -func TestBackend_Root_Idempotentcy(t *testing.T) { +func TestBackend_Root_Idempotency(t *testing.T) { coreConfig := &vault.CoreConfig{ LogicalBackends: map[string]logical.Factory{ "pki": Factory, diff --git a/builtin/logical/pki/cert_util.go b/builtin/logical/pki/cert_util.go index 4fc77555a5..ce00f96cf5 100644 --- a/builtin/logical/pki/cert_util.go +++ b/builtin/logical/pki/cert_util.go @@ -385,7 +385,7 @@ func validateNames(data *dataBundle, names []string) string { splitDisplay := strings.Split(data.req.DisplayName, "@") if len(splitDisplay) == 2 { // Compare the sanitized name against the hostname - // portion of the email address in the roken + // portion of the email address in the broken // display name if strings.HasSuffix(sanitizedName, "."+splitDisplay[1]) { continue @@ -515,7 +515,7 @@ func generateCert(ctx context.Context, return nil, err } if data.params == nil { - return nil, errutil.InternalError{Err: "nil paramaters received from parameter bundle generation"} + return nil, errutil.InternalError{Err: "nil parameters received from parameter bundle generation"} } if isCA { @@ -562,7 +562,7 @@ func generateIntermediateCSR(b *backend, data *dataBundle) (*certutil.ParsedCSRB return nil, err } if data.params == nil { - return nil, errutil.InternalError{Err: "nil paramaters received from parameter bundle generation"} + return nil, errutil.InternalError{Err: "nil parameters received from parameter bundle generation"} } parsedBundle, err := createCSR(data) @@ -668,7 +668,7 @@ func signCert(b *backend, return nil, err } if data.params == nil { - return nil, errutil.InternalError{Err: "nil paramaters received from parameter bundle generation"} + return nil, errutil.InternalError{Err: "nil parameters received from parameter bundle generation"} } data.params.IsCA = isCA @@ -966,7 +966,7 @@ func generateCreationBundle(b *backend, data *dataBundle) error { return nil } -// addKeyUsages adds approrpiate key usages to the template given the creation +// addKeyUsages adds appropriate key usages to the template given the creation // information func addKeyUsages(data *dataBundle, certTemplate *x509.Certificate) { if data.params.IsCA { diff --git a/builtin/logical/pki/path_roles_test.go b/builtin/logical/pki/path_roles_test.go index ed101fd0ca..999f3f670b 100644 --- a/builtin/logical/pki/path_roles_test.go +++ b/builtin/logical/pki/path_roles_test.go @@ -246,7 +246,7 @@ func TestPki_RoleOUOrganizationUpgrade(t *testing.T) { } organization := resp.Data["organization"].([]string) if len(organization) != 2 { - t.Fatalf("organziation should have 2 values") + t.Fatalf("organization should have 2 values") } // Check that old key usage value is nil diff --git a/builtin/logical/pki/path_tidy.go b/builtin/logical/pki/path_tidy.go index f2e0de5c5d..43cb5bd08a 100644 --- a/builtin/logical/pki/path_tidy.go +++ b/builtin/logical/pki/path_tidy.go @@ -164,7 +164,7 @@ seconds or a string duration like "72h". All certificates and/or revocation information currently stored in the backend will be checked when this endpoint is hit. The expiration of the certificate/revocation information of each certificate being held in -certificate storage or in revocation infomation will then be checked. If the +certificate storage or in revocation information will then be checked. If the current time, minus the value of 'safety_buffer', is greater than the expiration, it will be removed. ` diff --git a/builtin/logical/postgresql/backend.go b/builtin/logical/postgresql/backend.go index 22e547a509..225a4921a1 100644 --- a/builtin/logical/postgresql/backend.go +++ b/builtin/logical/postgresql/backend.go @@ -100,7 +100,7 @@ func (b *backend) DB(ctx context.Context, s logical.Storage) (*sql.DB, error) { conn = connConfig.ConnectionString } - // Ensure timezone is set to UTC for all the conenctions + // Ensure timezone is set to UTC for all the connections if strings.HasPrefix(conn, "postgres://") || strings.HasPrefix(conn, "postgresql://") { if strings.Contains(conn, "?") { conn += "&timezone=utc" diff --git a/builtin/logical/rabbitmq/backend.go b/builtin/logical/rabbitmq/backend.go index bbe25fb035..8543297768 100644 --- a/builtin/logical/rabbitmq/backend.go +++ b/builtin/logical/rabbitmq/backend.go @@ -89,7 +89,7 @@ func (b *backend) Client(ctx context.Context, s logical.Storage) (*rabbithole.Cl b.lock.Lock() defer b.lock.Unlock() - // If the client was creted during the lock switch, return it + // If the client was created during the lock switch, return it if b.client != nil { return b.client, nil } diff --git a/builtin/logical/ssh/path_roles.go b/builtin/logical/ssh/path_roles.go index 44954a91e2..6ab5c337ee 100644 --- a/builtin/logical/ssh/path_roles.go +++ b/builtin/logical/ssh/path_roles.go @@ -273,7 +273,7 @@ func pathRoles(b *backend) *framework.Path { Description: ` [Not applicable for Dynamic type] [Not applicable for OTP type] [Optional for CA type] When supplied, this value specifies a custom format for the key id of a signed certificate. - The following variables are availble for use: '{{token_display_name}}' - The display name of + The following variables are available for use: '{{token_display_name}}' - The display name of the token used to make the request. '{{role_name}}' - The name of the role signing the request. '{{public_key_hash}}' - A SHA256 checksum of the public key that is being signed. `, @@ -490,7 +490,7 @@ func (b *backend) getRole(ctx context.Context, s logical.Storage, n string) (*ss } // parseRole converts a sshRole object into its map[string]interface representation, -// with appropriate values for each KeyType. If the KeyType is invalid, it will retun +// with appropriate values for each KeyType. If the KeyType is invalid, it will return // an error. func (b *backend) parseRole(role *sshRole) (map[string]interface{}, error) { var result map[string]interface{} diff --git a/builtin/logical/ssh/path_verify.go b/builtin/logical/ssh/path_verify.go index d15d2ec6cb..da9bb4e6d3 100644 --- a/builtin/logical/ssh/path_verify.go +++ b/builtin/logical/ssh/path_verify.go @@ -95,7 +95,7 @@ Validate the OTP provided by Vault SSH Agent. ` const pathVerifyHelpDesc = ` -This path will be used by Vault SSH Agent runnin in the remote hosts. The OTP +This path will be used by Vault SSH Agent running in the remote hosts. The OTP provided by the client is sent to Vault for validation by the agent. If Vault finds an entry for the OTP, it responds with the username and IP it is associated with. Agent uses this information to authenticate the client. Vault deletes the diff --git a/builtin/logical/transit/path_config.go b/builtin/logical/transit/path_config.go index d5e906678e..8a13db22fe 100644 --- a/builtin/logical/transit/path_config.go +++ b/builtin/logical/transit/path_config.go @@ -180,5 +180,5 @@ const pathConfigHelpSyn = `Configure a named encryption key` const pathConfigHelpDesc = ` This path is used to configure the named key. Currently, this supports adjusting the minimum version of the key allowed to -be used for decryption via the min_decryption_version paramter. +be used for decryption via the min_decryption_version parameter. ` diff --git a/builtin/logical/transit/path_encrypt.go b/builtin/logical/transit/path_encrypt.go index 17a6427b46..812e2a02b2 100644 --- a/builtin/logical/transit/path_encrypt.go +++ b/builtin/logical/transit/path_encrypt.go @@ -43,7 +43,7 @@ type BatchResponseItem struct { // request item Ciphertext string `json:"ciphertext,omitempty" structs:"ciphertext" mapstructure:"ciphertext"` - // Plaintext for the ciphertext present in the corresponsding batch + // Plaintext for the ciphertext present in the corresponding batch // request item Plaintext string `json:"plaintext,omitempty" structs:"plaintext" mapstructure:"plaintext"` diff --git a/builtin/logical/transit/path_export.go b/builtin/logical/transit/path_export.go index 98832c263f..6ecb6c9f77 100644 --- a/builtin/logical/transit/path_export.go +++ b/builtin/logical/transit/path_export.go @@ -114,7 +114,7 @@ func (b *backend) pathPolicyExportRead(ctx context.Context, req *logical.Request } if versionValue < p.MinDecryptionVersion { - return logical.ErrorResponse("version for export is below minimun decryption version"), logical.ErrInvalidRequest + return logical.ErrorResponse("version for export is below minimum decryption version"), logical.ErrInvalidRequest } key, ok := p.Keys[strconv.Itoa(versionValue)] if !ok { diff --git a/builtin/logical/transit/path_export_test.go b/builtin/logical/transit/path_export_test.go index 3230593908..269196de51 100644 --- a/builtin/logical/transit/path_export_test.go +++ b/builtin/logical/transit/path_export_test.go @@ -258,7 +258,7 @@ func TestTransit_Export_KeysNotMarkedExportable_ReturnsError(t *testing.T) { t.Fatal(err) } if !rsp.IsError() { - t.Fatal("Key not marked as exportble but was exported.") + t.Fatal("Key not marked as exportable but was exported.") } } @@ -407,7 +407,7 @@ func TestTransit_Export_EncryptionKey_DoesNotExportHMACKey(t *testing.T) { t.Error("could not cast to keys object") } if len(hmacKeys) != len(encryptionKeys) { - t.Errorf("hmac (%d) and encyryption (%d) key count don't match", + t.Errorf("hmac (%d) and encryption (%d) key count don't match", len(hmacKeys), len(encryptionKeys)) } diff --git a/builtin/logical/transit/path_random_test.go b/builtin/logical/transit/path_random_test.go index af431e2827..c857c1f9ea 100644 --- a/builtin/logical/transit/path_random_test.go +++ b/builtin/logical/transit/path_random_test.go @@ -73,7 +73,7 @@ func TestTransit_Random(t *testing.T) { } rand2 := getResponse() if len(rand1) != numBytes || len(rand2) != numBytes { - t.Fatal("length of output random bytes not what is exepcted") + t.Fatal("length of output random bytes not what is expected") } if reflect.DeepEqual(rand1, rand2) { t.Fatal("found identical ouputs") diff --git a/builtin/plugin/backend_test.go b/builtin/plugin/backend_test.go index 51848737cc..ee761fc19d 100644 --- a/builtin/plugin/backend_test.go +++ b/builtin/plugin/backend_test.go @@ -42,7 +42,7 @@ func TestBackend_Factory(t *testing.T) { func TestBackend_PluginMain(t *testing.T) { args := []string{} - if os.Getenv(pluginutil.PluginUnwrapTokenEnv) == "" && os.Getenv(pluginutil.PluginMetadaModeEnv) != "true" { + if os.Getenv(pluginutil.PluginUnwrapTokenEnv) == "" && os.Getenv(pluginutil.PluginMetadataModeEnv) != "true" { return } diff --git a/command/auth.go b/command/auth.go index 431ded7308..c1d7fd6a90 100644 --- a/command/auth.go +++ b/command/auth.go @@ -81,7 +81,7 @@ func (c *AuthCommand) Run(args []string) int { "WARNING! The -method-help flag is deprecated. Please use "+ "\"vault auth help\" instead. This flag will be removed in "+ "Vault 0.11 (or later).") + "\n") - // Parse the args to pull out the method, surpressing any errors because + // Parse the args to pull out the method, suppressing any errors because // there could be other flags that we don't care about. f := flag.NewFlagSet("", flag.ContinueOnError) f.Usage = func() {} diff --git a/command/base.go b/command/base.go index 9bef198a32..45169e4baf 100644 --- a/command/base.go +++ b/command/base.go @@ -192,7 +192,7 @@ func (c *BaseCommand) flagSet(bit FlagSetBit) *FlagSets { Completion: complete.PredictFiles("*"), Usage: "Path on the local disk to a single PEM-encoded CA " + "certificate to verify the Vault server's SSL certificate. This " + - "takes precendence over -ca-path.", + "takes precedence over -ca-path.", }) f.StringVar(&StringVar{ diff --git a/command/base_helpers.go b/command/base_helpers.go index 75c0e80998..ef629f8d3b 100644 --- a/command/base_helpers.go +++ b/command/base_helpers.go @@ -151,14 +151,14 @@ func parseArgsDataString(stdin io.Reader, args []string) (map[string]string, err return result, nil } -// truncateToSeconds truncates the given duaration to the number of seconds. If +// truncateToSeconds truncates the given duration to the number of seconds. If // the duration is less than 1s, it is returned as 0. The integer represents // the whole number unit of seconds for the duration. func truncateToSeconds(d time.Duration) int { d = d.Truncate(1 * time.Second) // Handle the case where someone requested a ridiculously short increment - - // incremenents must be larger than a second. + // increments must be larger than a second. if d < 1*time.Second { return 0 } diff --git a/command/base_predict.go b/command/base_predict.go index 8f53c0444a..f71c255c8e 100644 --- a/command/base_predict.go +++ b/command/base_predict.go @@ -67,7 +67,7 @@ func PredictClient() *api.Client { } // PredictVaultAvailableMounts returns a predictor for the available mounts in -// Vault. For now, there is no way to programatically get this list. If, in the +// Vault. For now, there is no way to programmatically get this list. If, in the // future, such a list exists, we can adapt it here. Until then, it's // hard-coded. func (b *BaseCommand) PredictVaultAvailableMounts() complete.Predictor { @@ -88,7 +88,7 @@ func (b *BaseCommand) PredictVaultAvailableMounts() complete.Predictor { } // PredictVaultAvailableAuths returns a predictor for the available auths in -// Vault. For now, there is no way to programatically get this list. If, in the +// Vault. For now, there is no way to programmatically get this list. If, in the // future, such a list exists, we can adapt it here. Until then, it's // hard-coded. func (b *BaseCommand) PredictVaultAvailableAuths() complete.Predictor { diff --git a/command/login.go b/command/login.go index cd3e261243..ae8d2fe708 100644 --- a/command/login.go +++ b/command/login.go @@ -222,7 +222,7 @@ func (c *LoginCommand) Run(args []string) int { stdin = c.testStdin } - // If the user provided a token, pass it along to the auth provier. + // If the user provided a token, pass it along to the auth provider. if authMethod == "token" && len(args) > 0 && !strings.Contains(args[0], "=") { args = append([]string{"token=" + args[0]}, args[1:]...) } @@ -349,7 +349,7 @@ func (c *LoginCommand) Run(args []string) int { // extractToken extracts the token from the given secret, automatically // unwrapping responses and handling error conditions if unwrap is true. The -// result also returns whether it was a wrapped resonse that was not unwrapped. +// result also returns whether it was a wrapped response that was not unwrapped. func (c *LoginCommand) extractToken(client *api.Client, secret *api.Secret, unwrap bool) (*api.Secret, bool, error) { switch { case secret == nil: diff --git a/command/login_test.go b/command/login_test.go index 3776e2873f..c1752c507a 100644 --- a/command/login_test.go +++ b/command/login_test.go @@ -211,7 +211,7 @@ func TestLoginCommand_Run(t *testing.T) { // Verify the token was not stored if storedToken, err := tokenHelper.Get(); err != nil || storedToken != "" { - t.Fatalf("expted token to not be stored: %s: %q", err, storedToken) + t.Fatalf("expected token to not be stored: %s: %q", err, storedToken) } }) diff --git a/command/main.go b/command/main.go index de6278756a..358d360643 100644 --- a/command/main.go +++ b/command/main.go @@ -138,7 +138,7 @@ func RunCustom(args []string, runOpts *RunOptions) int { return 1 } - // Only use colored UI if stdoout is a tty, and not disabled + // Only use colored UI if stdout is a tty, and not disabled if isTerminal && color && format == "table" { ui.Ui = &cli.ColoredUi{ ErrorColor: cli.UiColorRed, diff --git a/command/operator_init.go b/command/operator_init.go index 213702a1a4..fb49607117 100644 --- a/command/operator_init.go +++ b/command/operator_init.go @@ -383,7 +383,7 @@ func (c *OperatorInitCommand) consulAuto(client *api.Client, req *api.InitReques // Update the client to connect to this Vault server client.SetAddress(vaultAddr) - // Let the client know that initialization is perfomed on the + // Let the client know that initialization is performed on the // discovered node. c.UI.Output(wrapAtLength(fmt.Sprintf( "Discovered an initialized Vault node at %q with Consul service name "+ diff --git a/command/server.go b/command/server.go index 3ec3714830..a51c9dfc9d 100644 --- a/command/server.go +++ b/command/server.go @@ -900,7 +900,7 @@ CLUSTER_SYNTHESIS_COMPLETE: case <-c.ShutdownCh: c.UI.Output("==> Vault shutdown triggered") - // Stop the listners so that we don't process further client requests. + // Stop the listeners so that we don't process further client requests. c.cleanupGuard.Do(listenerCloseFunc) // Shutdown will wait until after Vault is sealed, which means the @@ -1196,7 +1196,7 @@ func (c *ServerCommand) enableThreeNodeDevCluster(base *vault.CoreConfig, info m case <-c.ShutdownCh: c.UI.Output("==> Vault shutdown triggered") - // Stop the listners so that we don't process further client requests. + // Stop the listeners so that we don't process further client requests. c.cleanupGuard.Do(testCluster.Cleanup) // Shutdown will wait until after Vault is sealed, which means the diff --git a/command/server/config.go b/command/server/config.go index 814fff4db8..2bb1ddbfa3 100644 --- a/command/server/config.go +++ b/command/server/config.go @@ -173,11 +173,11 @@ type Telemetry struct { CirconusCheckID string `hcl:"circonus_check_id"` // CirconusCheckForceMetricActivation will force enabling metrics, as they are encountered, // if the metric already exists and is NOT active. If check management is enabled, the default - // behavior is to add new metrics as they are encoutered. If the metric already exists in the + // behavior is to add new metrics as they are encountered. If the metric already exists in the // check, it will *NOT* be activated. This setting overrides that behavior. // Default: "false" CirconusCheckForceMetricActivation string `hcl:"circonus_check_force_metric_activation"` - // CirconusCheckInstanceID serves to uniquely identify the metrics comming from this "instance". + // CirconusCheckInstanceID serves to uniquely identify the metrics coming from this "instance". // It can be used to maintain metric continuity with transient or ephemeral instances as // they move around within an infrastructure. // Default: hostname:app diff --git a/command/unwrap_test.go b/command/unwrap_test.go index 9da77a5026..4a06418b02 100644 --- a/command/unwrap_test.go +++ b/command/unwrap_test.go @@ -139,7 +139,7 @@ func TestUnwrapCommand_Run(t *testing.T) { cmd.client = client cmd.client.SetToken(wrappedToken) - // Intentionally don't pass the token here - it shoudl use the local token + // Intentionally don't pass the token here - it should use the local token code := cmd.Run([]string{}) if exp := 0; code != exp { t.Errorf("expected %d to be %d", code, exp) diff --git a/helper/certutil/types.go b/helper/certutil/types.go index f91d373901..39773c7918 100644 --- a/helper/certutil/types.go +++ b/helper/certutil/types.go @@ -211,7 +211,7 @@ func (c *CertBundle) ToParsedCertBundle() (*ParsedCertBundle, error) { result.CAChain = append(result.CAChain, certBlock) } - // For backwards compabitibility + // For backwards compatibility case len(c.IssuingCA) > 0: pemBlock, _ = pem.Decode([]byte(c.IssuingCA)) if pemBlock == nil { @@ -523,7 +523,7 @@ func (p *ParsedCSRBundle) SetParsedPrivateKey(privateKey crypto.Signer, privateK } // GetTLSConfig returns a TLS config generally suitable for client -// authentiation. The returned TLS config can be modified slightly +// authentication. The returned TLS config can be modified slightly // to be made suitable for a server requiring client authentication; // specifically, you should set the value of ClientAuth in the returned // config to match your needs. diff --git a/helper/compressutil/compress.go b/helper/compressutil/compress.go index 31a2dcd61e..4acebe31ca 100644 --- a/helper/compressutil/compress.go +++ b/helper/compressutil/compress.go @@ -33,7 +33,7 @@ const ( ) // SnappyReadCloser embeds the snappy reader which implements the io.Reader -// interface. The decompress procedure in this utility expectes an +// interface. The decompress procedure in this utility expects an // io.ReadCloser. This type implements the io.Closer interface to retain the // generic way of decompression. type SnappyReadCloser struct { diff --git a/helper/compressutil/compress_test.go b/helper/compressutil/compress_test.go index 5eeeea8cd1..9625208902 100644 --- a/helper/compressutil/compress_test.go +++ b/helper/compressutil/compress_test.go @@ -82,7 +82,7 @@ func TestCompressUtil_CompressDecompress(t *testing.T) { if len(compressedJSONBytes) == 0 { t.Fatal("failed to compress data in lzw format") } - // Check the presense of the canary + // Check the presence of the canary if compressedJSONBytes[0] != CompressionCanaryLzw { t.Fatalf("bad: compression canary: expected: %d actual: %d", CompressionCanaryLzw, compressedJSONBytes[0]) } @@ -113,7 +113,7 @@ func TestCompressUtil_CompressDecompress(t *testing.T) { if len(compressedJSONBytes) == 0 { t.Fatal("failed to compress data in lzw format") } - // Check the presense of the canary + // Check the presence of the canary if compressedJSONBytes[0] != CompressionCanaryGzip { t.Fatalf("bad: compression canary: expected: %d actual: %d", CompressionCanaryGzip, compressedJSONBytes[0]) } @@ -145,7 +145,7 @@ func TestCompressUtil_CompressDecompress(t *testing.T) { if len(compressedJSONBytes) == 0 { t.Fatal("failed to compress data in lzw format") } - // Check the presense of the canary + // Check the presence of the canary if compressedJSONBytes[0] != CompressionCanaryGzip { t.Fatalf("bad: compression canary: expected: %d actual: %d", CompressionCanaryGzip, compressedJSONBytes[0]) } @@ -177,7 +177,7 @@ func TestCompressUtil_CompressDecompress(t *testing.T) { if len(compressedJSONBytes) == 0 { t.Fatal("failed to compress data in lzw format") } - // Check the presense of the canary + // Check the presence of the canary if compressedJSONBytes[0] != CompressionCanaryGzip { t.Fatalf("bad: compression canary: expected: %d actual: %d", CompressionCanaryGzip, compressedJSONBytes[0]) } @@ -209,7 +209,7 @@ func TestCompressUtil_CompressDecompress(t *testing.T) { if len(compressedJSONBytes) == 0 { t.Fatal("failed to compress data in lzw format") } - // Check the presense of the canary + // Check the presence of the canary if compressedJSONBytes[0] != CompressionCanaryGzip { t.Fatalf("bad: compression canary: expected: %d actual: %d", CompressionCanaryGzip, compressedJSONBytes[0]) diff --git a/helper/consts/consts.go b/helper/consts/consts.go index 2ec952b2b9..eee59d9c99 100644 --- a/helper/consts/consts.go +++ b/helper/consts/consts.go @@ -1,7 +1,7 @@ package consts const ( - // ExpirationRestoreWorkerCount specifies the numer of workers to use while + // ExpirationRestoreWorkerCount specifies the number of workers to use while // restoring leases into the expiration manager ExpirationRestoreWorkerCount = 64 ) diff --git a/helper/jsonutil/json.go b/helper/jsonutil/json.go index a96745be8f..b560279bdc 100644 --- a/helper/jsonutil/json.go +++ b/helper/jsonutil/json.go @@ -91,7 +91,7 @@ func DecodeJSONFromReader(r io.Reader, out interface{}) error { dec := json.NewDecoder(r) - // While decoding JSON values, intepret the integer values as `json.Number`s instead of `float64`. + // While decoding JSON values, interpret the integer values as `json.Number`s instead of `float64`. dec.UseNumber() // Since 'out' is an interface representing a pointer, pass it to the decoder without an '&' diff --git a/helper/keysutil/lock_manager.go b/helper/keysutil/lock_manager.go index 778c28cbcb..a5350cc873 100644 --- a/helper/keysutil/lock_manager.go +++ b/helper/keysutil/lock_manager.go @@ -162,7 +162,7 @@ func (lm *LockManager) GetPolicyShared(ctx context.Context, storage logical.Stor return p, lock, err } - // Try again while asking for an exlusive lock + // Try again while asking for an exclusive lock p, lock, _, err = lm.getPolicyCommon(ctx, PolicyRequest{ Storage: storage, Name: name, @@ -201,7 +201,7 @@ func (lm *LockManager) GetPolicyUpsert(ctx context.Context, req PolicyRequest) ( return p, lock, false, err } - // Try again while asking for an exlusive lock + // Try again while asking for an exclusive lock p, lock, upserted, err := lm.getPolicyCommon(ctx, req, exclusive) if err != nil || p == nil || lock == nil { return p, lock, upserted, err diff --git a/helper/keysutil/policy.go b/helper/keysutil/policy.go index 759d083773..540092922a 100644 --- a/helper/keysutil/policy.go +++ b/helper/keysutil/policy.go @@ -185,7 +185,7 @@ func (kem deprecatedKeyEntryMap) MarshalJSON() ([]byte, error) { return json.Marshal(&intermediate) } -// MarshalJSON implements JSON unmarshaling +// MarshalJSON implements JSON unmarshalling func (kem deprecatedKeyEntryMap) UnmarshalJSON(data []byte) error { intermediate := map[string]KeyEntry{} if err := jsonutil.DecodeJSON(data, &intermediate); err != nil { diff --git a/helper/kv-builder/builder_test.go b/helper/kv-builder/builder_test.go index aa31784921..46b4d05b05 100644 --- a/helper/kv-builder/builder_test.go +++ b/helper/kv-builder/builder_test.go @@ -119,7 +119,7 @@ func TestBuilder_sameKeyMultipleTimes(t *testing.T) { } } -func TestBuilder_specialCharacteresInKey(t *testing.T) { +func TestBuilder_specialCharactersInKey(t *testing.T) { var b Builder b.Stdin = bytes.NewBufferString("{\"foo\": \"bay\"}") err := b.Add("@foo=bar", "-foo=baz", "-") diff --git a/helper/locksutil/locks.go b/helper/locksutil/locks.go index 8561318dfb..e0c2fcdd8b 100644 --- a/helper/locksutil/locks.go +++ b/helper/locksutil/locks.go @@ -13,11 +13,11 @@ type LockEntry struct { sync.RWMutex } -// CreateLocks returns an array so that the locks can be itterated over in +// CreateLocks returns an array so that the locks can be iterated over in // order. // // This is only threadsafe if a process is using a single lock, or iterating -// over the entire lock slice in order. Using a consistant order avoids +// over the entire lock slice in order. Using a consistent order avoids // deadlocks because you can never have the following: // // Lock A, Lock B diff --git a/helper/password/password_windows.go b/helper/password/password_windows.go index 1cd7dc71ef..7325698f8d 100644 --- a/helper/password/password_windows.go +++ b/helper/password/password_windows.go @@ -12,7 +12,7 @@ var ( setConsoleModeProc = kernel32.MustFindProc("SetConsoleMode") ) -// Magic constant from MSDN to control whether charactesr read are +// Magic constant from MSDN to control whether characters read are // repeated back on the console. // // http://msdn.microsoft.com/en-us/library/windows/desktop/ms686033(v=vs.85).aspx diff --git a/helper/pluginutil/runner.go b/helper/pluginutil/runner.go index f6544586e5..7d76202797 100644 --- a/helper/pluginutil/runner.go +++ b/helper/pluginutil/runner.go @@ -17,15 +17,15 @@ import ( ) // Looker defines the plugin Lookup function that looks into the plugin catalog -// for availible plugins and returns a PluginRunner +// for available plugins and returns a PluginRunner type Looker interface { LookupPlugin(context.Context, string) (*PluginRunner, error) } // Wrapper interface defines the functions needed by the runner to wrap the // metadata needed to run a plugin process. This includes looking up Mlock -// configuration and wrapping data in a respose wrapped token. -// logical.SystemView implementataions satisfy this interface. +// configuration and wrapping data in a response wrapped token. +// logical.SystemView implementations satisfy this interface. type RunnerUtil interface { ResponseWrapData(ctx context.Context, data map[string]interface{}, ttl time.Duration, jwt bool) (*wrapping.ResponseWrapInfo, error) MlockEnabled() bool @@ -48,7 +48,7 @@ type PluginRunner struct { BuiltinFactory func() (interface{}, error) `json:"-" structs:"-"` } -// Run takes a wrapper RunnerUtil instance along with the go-plugin paramaters and +// Run takes a wrapper RunnerUtil instance along with the go-plugin parameters and // returns a configured plugin.Client with TLS Configured and a wrapping token set // on PluginUnwrapTokenEnv for plugin process consumption. func (r *PluginRunner) Run(ctx context.Context, wrapper RunnerUtil, pluginMap map[string]plugin.Plugin, hs plugin.HandshakeConfig, env []string, logger log.Logger) (*plugin.Client, error) { @@ -56,7 +56,7 @@ func (r *PluginRunner) Run(ctx context.Context, wrapper RunnerUtil, pluginMap ma } // RunMetadataMode returns a configured plugin.Client that will dispense a plugin -// in metadata mode. The PluginMetadaModeEnv is passed in as part of the Cmd to +// in metadata mode. The PluginMetadataModeEnv is passed in as part of the Cmd to // plugin.Client, and consumed by the plugin process on pluginutil.VaultPluginTLSProvider. func (r *PluginRunner) RunMetadataMode(ctx context.Context, wrapper RunnerUtil, pluginMap map[string]plugin.Plugin, hs plugin.HandshakeConfig, env []string, logger log.Logger) (*plugin.Client, error) { return r.runCommon(ctx, wrapper, pluginMap, hs, env, logger, true) @@ -82,7 +82,7 @@ func (r *PluginRunner) runCommon(ctx context.Context, wrapper RunnerUtil, plugin var clientTLSConfig *tls.Config if !isMetadataMode { // Add the metadata mode ENV and set it to false - cmd.Env = append(cmd.Env, fmt.Sprintf("%s=%s", PluginMetadaModeEnv, "false")) + cmd.Env = append(cmd.Env, fmt.Sprintf("%s=%s", PluginMetadataModeEnv, "false")) // Get a CA TLS Certificate certBytes, key, err := generateCert() @@ -107,7 +107,7 @@ func (r *PluginRunner) runCommon(ctx context.Context, wrapper RunnerUtil, plugin cmd.Env = append(cmd.Env, fmt.Sprintf("%s=%s", PluginUnwrapTokenEnv, wrapToken)) } else { namedLogger = clogger.ResetNamed("plugin.metadata") - cmd.Env = append(cmd.Env, fmt.Sprintf("%s=%s", PluginMetadaModeEnv, "true")) + cmd.Env = append(cmd.Env, fmt.Sprintf("%s=%s", PluginMetadataModeEnv, "true")) } secureConfig := &plugin.SecureConfig{ diff --git a/helper/pluginutil/tls.go b/helper/pluginutil/tls.go index 6c90f42991..93372c2f94 100644 --- a/helper/pluginutil/tls.go +++ b/helper/pluginutil/tls.go @@ -31,9 +31,9 @@ var ( // string. Used for testing. PluginCACertPEMEnv = "VAULT_TESTING_PLUGIN_CA_PEM" - // PluginMetadaModeEnv is an ENV name used to disable TLS communication + // PluginMetadataModeEnv is an ENV name used to disable TLS communication // to bootstrap mounting plugins. - PluginMetadaModeEnv = "VAULT_PLUGIN_METADATA_MODE" + PluginMetadataModeEnv = "VAULT_PLUGIN_METADATA_MODE" ) // generateCert is used internally to create certificates for the plugin @@ -128,10 +128,10 @@ func wrapServerConfig(ctx context.Context, sys RunnerUtil, certBytes []byte, key return wrapInfo.Token, nil } -// VaultPluginTLSProvider is run inside a plugin and retrives the response +// VaultPluginTLSProvider is run inside a plugin and retrieves the response // wrapped TLS certificate from vault. It returns a configured TLS Config. func VaultPluginTLSProvider(apiTLSConfig *api.TLSConfig) func() (*tls.Config, error) { - if os.Getenv(PluginMetadaModeEnv) == "true" { + if os.Getenv(PluginMetadataModeEnv) == "true" { return nil } diff --git a/helper/strutil/strutil.go b/helper/strutil/strutil.go index eba4164d6e..ec6166cc7c 100644 --- a/helper/strutil/strutil.go +++ b/helper/strutil/strutil.go @@ -104,7 +104,7 @@ func ParseKeyValues(input string, out map[string]string, sep string) error { // * Base64 encoded string containing comma separated list of // `=` pairs // -// Input will be parsed into the output paramater, which should +// Input will be parsed into the output parameter, which should // be a non-nil map[string]string. func ParseArbitraryKeyValues(input string, out map[string]string, sep string) error { input = strings.TrimSpace(input) @@ -167,7 +167,7 @@ func ParseStringSlice(input string, sep string) []string { // * JSON string // * Base64 encoded JSON string // * `sep` separated list of values -// * Base64-encoded string containting a `sep` separated list of values +// * Base64-encoded string containing a `sep` separated list of values // // Note that the separator is ignored if the input is found to already be in a // structured format (e.g., JSON) @@ -282,7 +282,7 @@ func EquivalentSlices(a, b []string) bool { return true } -// StrListDelete removes the first occurance of the given item from the slice +// StrListDelete removes the first occurrence of the given item from the slice // of strings if the item exists. func StrListDelete(s []string, d string) []string { if s == nil { diff --git a/http/sys_init_test.go b/http/sys_init_test.go index 9dfa776393..bb666e9139 100644 --- a/http/sys_init_test.go +++ b/http/sys_init_test.go @@ -62,7 +62,7 @@ func TestSysInit_pgpKeysEntries(t *testing.T) { resp := testHttpPut(t, "", addr+"/v1/sys/init", map[string]interface{}{ "secret_shares": 5, - "secret_threhold": 3, + "secret_threshold": 3, "pgp_keys": []string{"pgpkey1"}, }) testResponseStatus(t, resp, 400) diff --git a/http/sys_wrapping_test.go b/http/sys_wrapping_test.go index 37afbafd3a..b88504e38f 100644 --- a/http/sys_wrapping_test.go +++ b/http/sys_wrapping_test.go @@ -119,10 +119,10 @@ func TestHTTP_Wrapping(t *testing.T) { } creationTTL, _ := secret.Data["creation_ttl"].(json.Number).Int64() if int(creationTTL) != wrapInfo.TTL { - t.Fatalf("mistmatched ttls: %d vs %d", creationTTL, wrapInfo.TTL) + t.Fatalf("mismatched ttls: %d vs %d", creationTTL, wrapInfo.TTL) } if secret.Data["creation_time"].(string) != wrapInfo.CreationTime.Format(time.RFC3339Nano) { - t.Fatalf("mistmatched creation times: %q vs %q", secret.Data["creation_time"].(string), wrapInfo.CreationTime.Format(time.RFC3339Nano)) + t.Fatalf("mismatched creation times: %q vs %q", secret.Data["creation_time"].(string), wrapInfo.CreationTime.Format(time.RFC3339Nano)) } } diff --git a/logical/framework/backend.go b/logical/framework/backend.go index 08f58c6d74..b9bf3eb87e 100644 --- a/logical/framework/backend.go +++ b/logical/framework/backend.go @@ -95,7 +95,7 @@ type periodicFunc func(context.Context, *logical.Request) error // OperationFunc is the callback called for an operation on a path. type OperationFunc func(context.Context, *logical.Request, *FieldData) (*logical.Response, error) -// ExistenceFunc is the callback called for an existenc check on a path. +// ExistenceFunc is the callback called for an existence check on a path. type ExistenceFunc func(context.Context, *logical.Request, *FieldData) (bool, error) // WALRollbackFunc is the callback for rollbacks. diff --git a/logical/framework/field_data_test.go b/logical/framework/field_data_test.go index 5dc38beca2..e47104c1b5 100644 --- a/logical/framework/field_data_test.go +++ b/logical/framework/field_data_test.go @@ -224,7 +224,7 @@ func TestFieldDataGet(t *testing.T) { []string{}, }, - "commma string slice type, string slice with one value": { + "comma string slice type, string slice with one value": { map[string]*FieldSchema{ "foo": &FieldSchema{Type: TypeCommaStringSlice}, }, @@ -301,7 +301,7 @@ func TestFieldDataGet(t *testing.T) { []int{}, }, - "commma int slice type, int slice with one value": { + "comma int slice type, int slice with one value": { map[string]*FieldSchema{ "foo": &FieldSchema{Type: TypeCommaIntSlice}, }, diff --git a/logical/plugin/backend_server.go b/logical/plugin/backend_server.go index 92c0b10e90..e2cff35d03 100644 --- a/logical/plugin/backend_server.go +++ b/logical/plugin/backend_server.go @@ -28,7 +28,7 @@ type backendPluginServer struct { } func inMetadataMode() bool { - return os.Getenv(pluginutil.PluginMetadaModeEnv) == "true" + return os.Getenv(pluginutil.PluginMetadataModeEnv) == "true" } func (b *backendPluginServer) HandleRequest(args *HandleRequestArgs, reply *HandleRequestReply) error { diff --git a/logical/plugin/pb/backend.proto b/logical/plugin/pb/backend.proto index b94da727ac..533b0f7ba1 100644 --- a/logical/plugin/pb/backend.proto +++ b/logical/plugin/pb/backend.proto @@ -356,7 +356,7 @@ message InvalidateKeyArgs { // Backend is the interface that plugins must satisfy. The plugin should // implement the server for this service. Requests will first run the -// HandleExistanceCheck rpc then run the HandleRequests rpc. +// HandleExistenceCheck rpc then run the HandleRequests rpc. service Backend { // HandleRequest is used to handle a request and generate a response. // The plugins must check the operation type and handle appropriately. diff --git a/logical/plugin/plugin.go b/logical/plugin/plugin.go index 3188891a8b..7b4f957cb0 100644 --- a/logical/plugin/plugin.go +++ b/logical/plugin/plugin.go @@ -79,7 +79,7 @@ func NewBackend(ctx context.Context, pluginName string, sys pluginutil.LookRunne var ok bool backend, ok = backendRaw.(logical.Backend) if !ok { - return nil, fmt.Errorf("unsuported backend type: %s", pluginName) + return nil, fmt.Errorf("unsupported backend type: %s", pluginName) } } else { diff --git a/logical/plugin/serve.go b/logical/plugin/serve.go index 583b74d617..97afe0cd42 100644 --- a/logical/plugin/serve.go +++ b/logical/plugin/serve.go @@ -14,11 +14,11 @@ import ( // dispensed rom the plugin server. const BackendPluginName = "backend" -type TLSProdiverFunc func() (*tls.Config, error) +type TLSProviderFunc func() (*tls.Config, error) type ServeOpts struct { BackendFactoryFunc logical.Factory - TLSProviderFunc TLSProdiverFunc + TLSProviderFunc TLSProviderFunc Logger hclog.Logger } diff --git a/logical/testing/testing.go b/logical/testing/testing.go index 9d623ea75f..2939069f94 100644 --- a/logical/testing/testing.go +++ b/logical/testing/testing.go @@ -83,7 +83,7 @@ type TestStep struct { // RemoteAddr, if set, will set the remote addr on the request. RemoteAddr string - // ConnState, if set, will set the tls conneciton state + // ConnState, if set, will set the tls connection state ConnState *tls.ConnectionState } diff --git a/make.bat b/make.bat index c5b6baf0f6..d636b5b03b 100644 --- a/make.bat +++ b/make.bat @@ -13,7 +13,7 @@ REM Run target. for %%a in (%_TARGETS%) do (if x%1==x%%a goto %%a) goto usage -REM bin generates the releaseable binaries for Vault +REM bin generates the releasable binaries for Vault :bin call :generate call .\scripts\windows\build.bat "%CD%" diff --git a/physical/etcd/etcd.go b/physical/etcd/etcd.go index 5d9c26da96..04b28be6ef 100644 --- a/physical/etcd/etcd.go +++ b/physical/etcd/etcd.go @@ -22,7 +22,7 @@ var ( EtcdSemaphoreKeysEmptyError = errors.New("lock queue is empty") EtcdLockHeldError = errors.New("lock already held") EtcdLockNotHeldError = errors.New("lock not held") - EtcdSemaphoreKeyRemovedError = errors.New("semaphore key removed before lock aquisition") + EtcdSemaphoreKeyRemovedError = errors.New("semaphore key removed before lock acquisition") EtcdVersionUnknown = errors.New("etcd: unknown API version") ) diff --git a/physical/etcd/etcd2.go b/physical/etcd/etcd2.go index 893f8de667..de3acd0f09 100644 --- a/physical/etcd/etcd2.go +++ b/physical/etcd/etcd2.go @@ -20,12 +20,12 @@ import ( const ( // Ideally, this prefix would match the "_" used in the file backend, but - // that prefix has special meaining in etcd. Specifically, it excludes those + // that prefix has special meaning in etcd. Specifically, it excludes those // entries from directory listings. Etcd2NodeFilePrefix = "." // The lock prefix can (and probably should) cause an entry to be excluded - // from diretory listings, so "_" works here. + // from directory listings, so "_" works here. Etcd2NodeLockPrefix = "_" // The delimiter is the same as the `-C` flag of etcdctl. @@ -290,7 +290,7 @@ func (b *Etcd2Backend) nodePathDir(key string) string { } // nodePathLock returns an etcd directory path used specifically for semaphore -// indicies based on the given key. +// indices based on the given key. func (b *Etcd2Backend) nodePathLock(key string) string { return filepath.Join(b.path, filepath.Dir(key), Etcd2NodeLockPrefix+filepath.Base(key)+"/") } @@ -310,7 +310,7 @@ func (e *Etcd2Backend) HAEnabled() bool { return e.haEnabled } -// Etcd2Lock emplements a lock using and Etcd2 backend. +// Etcd2Lock implements a lock using and Etcd2 backend. type Etcd2Lock struct { kAPI client.KeysAPI value, semaphoreDirKey, semaphoreKey string @@ -372,7 +372,7 @@ func (c *Etcd2Lock) isHeld() (bool, error) { return false, nil } - // Get the key of the curren holder of the lock. + // Get the key of the current holder of the lock. currentSemaphoreKey, _, _, err := c.getSemaphoreKey() if err != nil { return false, err diff --git a/physical/etcd/etcd3.go b/physical/etcd/etcd3.go index cd244ce8ae..ad5edf90c0 100644 --- a/physical/etcd/etcd3.go +++ b/physical/etcd/etcd3.go @@ -242,7 +242,7 @@ func (e *EtcdBackend) HAEnabled() bool { return e.haEnabled } -// EtcdLock emplements a lock using and etcd backend. +// EtcdLock implements a lock using and etcd backend. type EtcdLock struct { lock sync.Mutex held bool diff --git a/physical/file/file.go b/physical/file/file.go index b739913cf0..e30a4927b6 100644 --- a/physical/file/file.go +++ b/physical/file/file.go @@ -106,7 +106,7 @@ func (b *FileBackend) DeleteInternal(ctx context.Context, path string) error { return err } -// cleanupLogicalPath is used to remove all empty nodes, begining with deepest +// cleanupLogicalPath is used to remove all empty nodes, beginning with deepest // one, aborting on first non-empty one, up to top-level node. func (b *FileBackend) cleanupLogicalPath(path string) error { nodes := strings.Split(path, fmt.Sprintf("%c", os.PathSeparator)) diff --git a/physical/gcs/gcs.go b/physical/gcs/gcs.go index 85656d899e..77a29a7e75 100644 --- a/physical/gcs/gcs.go +++ b/physical/gcs/gcs.go @@ -55,7 +55,7 @@ func NewGCSBackend(conf map[string]string, logger log.Logger) (physical.Backend, ctx := context.Background() client, err := newGCSClient(ctx, conf, logger) if err != nil { - return nil, errwrap.Wrapf("error establishing strorage client: {{err}}", err) + return nil, errwrap.Wrapf("error establishing storage client: {{err}}", err) } // check client connectivity by getting bucket attributes diff --git a/physical/gcs/gcs_test.go b/physical/gcs/gcs_test.go index dda6eeddce..3a84685afb 100644 --- a/physical/gcs/gcs_test.go +++ b/physical/gcs/gcs_test.go @@ -61,7 +61,7 @@ func TestGCSBackend(t *testing.T) { } // ignore errors in deleting a single object, we only care about deleting the bucket - // occassionally we get "storage: object doesn't exist" which is fine + // occasionally we get "storage: object doesn't exist" which is fine bucket.Object(objAttrs.Name).Delete(context.Background()) } diff --git a/physical/mysql/mysql.go b/physical/mysql/mysql.go index 818303042a..fd55117ced 100644 --- a/physical/mysql/mysql.go +++ b/physical/mysql/mysql.go @@ -264,7 +264,7 @@ func (m *MySQLBackend) List(ctx context.Context, prefix string) ([]string, error } // Establish a TLS connection with a given CA certificate -// Register a tsl.Config associted with the same key as the dns param from sql.Open +// Register a tsl.Config associated with the same key as the dns param from sql.Open // foo:bar@tcp(127.0.0.1:3306)/dbname?tls=default func setupMySQLTLSConfig(tlsCaFile string) error { rootCertPool := x509.NewCertPool() diff --git a/physical/spanner/spanner_ha.go b/physical/spanner/spanner_ha.go index 5a1a9207d9..288b6e10e2 100644 --- a/physical/spanner/spanner_ha.go +++ b/physical/spanner/spanner_ha.go @@ -313,7 +313,7 @@ func (l *Lock) watchLock() { } } -// writeLock writes the given lock using the following algorith: +// writeLock writes the given lock using the following algorithm: // // - lock does not exist // - write the lock diff --git a/physical/zookeeper/zookeeper.go b/physical/zookeeper/zookeeper.go index cf52999519..f4cd8850af 100644 --- a/physical/zookeeper/zookeeper.go +++ b/physical/zookeeper/zookeeper.go @@ -96,7 +96,7 @@ func NewZooKeeperBackend(conf map[string]string, logger log.Logger) (physical.Ba }, } - // Authnetication info + // Authentication info var schemaAndUser string var useAddAuth bool schemaAndUser, useAddAuth = conf["auth_info"] @@ -172,7 +172,7 @@ func (c *ZooKeeperBackend) ensurePath(path string, value []byte) error { return nil } -// cleanupLogicalPath is used to remove all empty nodes, begining with deepest one, +// cleanupLogicalPath is used to remove all empty nodes, beginning with deepest one, // aborting on first non-empty one, up to top-level node. func (c *ZooKeeperBackend) cleanupLogicalPath(path string) error { nodes := strings.Split(path, "/") @@ -312,7 +312,7 @@ func (c *ZooKeeperBackend) List(ctx context.Context, prefix string) ([]string, e } } else if stat.DataLength == 0 { // No, we cannot differentiate here on number of children as node - // can have all it leafs remoed, and it still is a node. + // can have all it leafs removed, and it still is a node. children = append(children, key+"/") } else { children = append(children, key[1:]) diff --git a/plugins/database/cassandra/cassandra_test.go b/plugins/database/cassandra/cassandra_test.go index c31139de75..0409f22441 100644 --- a/plugins/database/cassandra/cassandra_test.go +++ b/plugins/database/cassandra/cassandra_test.go @@ -246,7 +246,7 @@ func TestCassandra_RevokeUser(t *testing.T) { t.Fatalf("Could not connect with new credentials: %s", err) } - // Test default revoke statememts + // Test default revoke statements err = db.RevokeUser(context.Background(), statements, username) if err != nil { t.Fatalf("err: %s", err) diff --git a/plugins/database/cassandra/test-fixtures/cassandra.yaml b/plugins/database/cassandra/test-fixtures/cassandra.yaml index 7c28d846a6..82aa35dd4d 100644 --- a/plugins/database/cassandra/test-fixtures/cassandra.yaml +++ b/plugins/database/cassandra/test-fixtures/cassandra.yaml @@ -250,7 +250,7 @@ commit_failure_policy: stop # # Valid values are either "auto" (omitting the value) or a value greater 0. # -# Note that specifying a too large value will result in long running GCs and possbily +# Note that specifying a too large value will result in long running GCs and possibly # out-of-memory errors. Keep the value at a small fraction of the heap. # # If you constantly see "prepared statements discarded in the last minute because @@ -259,7 +259,7 @@ commit_failure_policy: stop # i.e. use bind markers for variable parts. # # Do only change the default value, if you really have more prepared statements than -# fit in the cache. In most cases it is not neccessary to change this value. +# fit in the cache. In most cases it is not necessary to change this value. # Constantly re-preparing statements is a performance penalty. # # Default value ("auto") is 1/256th of the heap or 10MB, whichever is greater @@ -1021,7 +1021,7 @@ client_encryption_options: keystore: conf/.keystore keystore_password: cassandra # require_client_auth: false - # Set trustore and truststore_password if require_client_auth is true + # Set truststore and truststore_password if require_client_auth is true # truststore: conf/.truststore # truststore_password: cassandra # More advanced defaults below: @@ -1080,7 +1080,7 @@ windows_timer_interval: 1 # Enables encrypting data at-rest (on disk). Different key providers can be plugged in, but the default reads from # a JCE-style keystore. A single keystore can hold multiple keys, but the one referenced by -# the "key_alias" is the only key that will be used for encrypt opertaions; previously used keys +# the "key_alias" is the only key that will be used for encrypt operations; previously used keys # can still (and should!) be in the keystore and will be used on decrypt operations # (to handle the case of key rotation). # @@ -1114,7 +1114,7 @@ transparent_data_encryption_options: # tombstones seen in memory so we can return them to the coordinator, which # will use them to make sure other replicas also know about the deleted rows. # With workloads that generate a lot of tombstones, this can cause performance -# problems and even exaust the server heap. +# problems and even exhaust the server heap. # (http://www.datastax.com/dev/blog/cassandra-anti-patterns-queues-and-queue-like-datasets) # Adjust the thresholds here if you understand the dangers and want to # scan more tombstones anyway. These thresholds may also be adjusted at runtime diff --git a/plugins/database/hana/hana_test.go b/plugins/database/hana/hana_test.go index 8845fa3b8e..01b5194776 100644 --- a/plugins/database/hana/hana_test.go +++ b/plugins/database/hana/hana_test.go @@ -66,7 +66,7 @@ func TestHANA_CreateUser(t *testing.T) { RoleName: "test-test", } - // Test with no configured Creation Statememt + // Test with no configured Creation Statement _, _, err = db.CreateUser(context.Background(), dbplugin.Statements{}, usernameConfig, time.Now().Add(time.Hour)) if err == nil { t.Fatal("Expected error when no creation statement is provided") @@ -113,7 +113,7 @@ func TestHANA_RevokeUser(t *testing.T) { RoleName: "test-test", } - // Test default revoke statememts + // Test default revoke statements username, password, err := db.CreateUser(context.Background(), statements, usernameConfig, time.Now().Add(time.Hour)) if err != nil { t.Fatalf("err: %s", err) @@ -130,7 +130,7 @@ func TestHANA_RevokeUser(t *testing.T) { t.Fatal("Credentials were not revoked") } - // Test custom revoke statememt + // Test custom revoke statement username, password, err = db.CreateUser(context.Background(), statements, usernameConfig, time.Now().Add(time.Hour)) if err != nil { t.Fatalf("err: %s", err) diff --git a/plugins/database/mongodb/connection_producer.go b/plugins/database/mongodb/connection_producer.go index 5c8eae64fa..88d14e6e04 100644 --- a/plugins/database/mongodb/connection_producer.go +++ b/plugins/database/mongodb/connection_producer.go @@ -88,7 +88,7 @@ func (c *mongoDBConnectionProducer) Initialize(ctx context.Context, conf map[str return nil } -// Connection creates or returns an exisitng a database connection. If the session fails +// Connection creates or returns an existing a database connection. If the session fails // on a ping check, the session will be closed and then re-created. func (c *mongoDBConnectionProducer) Connection(_ context.Context) (interface{}, error) { if !c.Initialized { diff --git a/plugins/database/mongodb/mongodb.go b/plugins/database/mongodb/mongodb.go index 0a48d3ab01..b0e0a26208 100644 --- a/plugins/database/mongodb/mongodb.go +++ b/plugins/database/mongodb/mongodb.go @@ -155,7 +155,7 @@ func (m *MongoDB) RenewUser(ctx context.Context, statements dbplugin.Statements, return nil } -// RevokeUser drops the specified user from the authentication databse. If none is provided +// RevokeUser drops the specified user from the authentication database. If none is provided // in the revocation statement, the default "admin" authentication database will be assumed. func (m *MongoDB) RevokeUser(ctx context.Context, statements dbplugin.Statements, username string) error { session, err := m.getConnection(ctx) diff --git a/plugins/database/mongodb/mongodb_test.go b/plugins/database/mongodb/mongodb_test.go index cd948af81f..a6895e1814 100644 --- a/plugins/database/mongodb/mongodb_test.go +++ b/plugins/database/mongodb/mongodb_test.go @@ -206,7 +206,7 @@ func TestMongoDB_RevokeUser(t *testing.T) { t.Fatalf("Could not connect with new credentials: %s", err) } - // Test default revocation statememt + // Test default revocation statement err = db.RevokeUser(context.Background(), statements, username) if err != nil { t.Fatalf("err: %s", err) diff --git a/plugins/database/mssql/mssql.go b/plugins/database/mssql/mssql.go index 27b36a0d06..c0de592de5 100644 --- a/plugins/database/mssql/mssql.go +++ b/plugins/database/mssql/mssql.go @@ -283,7 +283,7 @@ func (m *MSSQL) revokeUserDefault(ctx context.Context, username string) error { // can't drop if not all database users are dropped if rows.Err() != nil { - return fmt.Errorf("cound not generate sql statements for all rows: %s", rows.Err()) + return fmt.Errorf("could not generate sql statements for all rows: %s", rows.Err()) } if lastStmtError != nil { return fmt.Errorf("could not perform all sql statements: %s", lastStmtError) diff --git a/plugins/database/mssql/mssql_test.go b/plugins/database/mssql/mssql_test.go index 7d2571c3d9..a1610810f2 100644 --- a/plugins/database/mssql/mssql_test.go +++ b/plugins/database/mssql/mssql_test.go @@ -80,7 +80,7 @@ func TestMSSQL_CreateUser(t *testing.T) { RoleName: "test", } - // Test with no configured Creation Statememt + // Test with no configured Creation Statement _, _, err = db.CreateUser(context.Background(), dbplugin.Statements{}, usernameConfig, time.Now().Add(time.Minute)) if err == nil { t.Fatal("Expected error when no creation statement is provided") @@ -135,7 +135,7 @@ func TestMSSQL_RevokeUser(t *testing.T) { t.Fatalf("Could not connect with new credentials: %s", err) } - // Test default revoke statememts + // Test default revoke statements err = db.RevokeUser(context.Background(), statements, username) if err != nil { t.Fatalf("err: %s", err) @@ -154,7 +154,7 @@ func TestMSSQL_RevokeUser(t *testing.T) { t.Fatalf("Could not connect with new credentials: %s", err) } - // Test custom revoke statememt + // Test custom revoke statement statements.RevocationStatements = testMSSQLDrop err = db.RevokeUser(context.Background(), statements, username) if err != nil { diff --git a/plugins/database/mysql/mysql_test.go b/plugins/database/mysql/mysql_test.go index fbbc870080..e92a0ebdc7 100644 --- a/plugins/database/mysql/mysql_test.go +++ b/plugins/database/mysql/mysql_test.go @@ -157,7 +157,7 @@ func TestMySQL_CreateUser(t *testing.T) { RoleName: "test-long-rolename", } - // Test with no configured Creation Statememt + // Test with no configured Creation Statement _, _, err = db.CreateUser(context.Background(), dbplugin.Statements{}, usernameConfig, time.Now().Add(time.Minute)) if err == nil { t.Fatal("Expected error when no creation statement is provided") @@ -186,7 +186,7 @@ func TestMySQL_CreateUser(t *testing.T) { t.Fatalf("Could not connect with new credentials: %s", err) } - // Test with a manualy prepare statement + // Test with a manually prepare statement statements.CreationStatements = testMySQLRolePreparedStmt username, password, err = db.CreateUser(context.Background(), statements, usernameConfig, time.Now().Add(time.Minute)) @@ -222,7 +222,7 @@ func TestMySQL_CreateUser_Legacy(t *testing.T) { RoleName: "test-long-rolename", } - // Test with no configured Creation Statememt + // Test with no configured Creation Statement _, _, err = db.CreateUser(context.Background(), dbplugin.Statements{}, usernameConfig, time.Now().Add(time.Minute)) if err == nil { t.Fatal("Expected error when no creation statement is provided") @@ -287,7 +287,7 @@ func TestMySQL_RevokeUser(t *testing.T) { t.Fatalf("Could not connect with new credentials: %s", err) } - // Test default revoke statememts + // Test default revoke statements err = db.RevokeUser(context.Background(), statements, username) if err != nil { t.Fatalf("err: %s", err) diff --git a/plugins/database/postgresql/postgresql_test.go b/plugins/database/postgresql/postgresql_test.go index 8f4ebb67a6..97ff926753 100644 --- a/plugins/database/postgresql/postgresql_test.go +++ b/plugins/database/postgresql/postgresql_test.go @@ -120,7 +120,7 @@ func TestPostgreSQL_CreateUser(t *testing.T) { RoleName: "test", } - // Test with no configured Creation Statememt + // Test with no configured Creation Statement _, _, err = db.CreateUser(context.Background(), dbplugin.Statements{}, usernameConfig, time.Now().Add(time.Minute)) if err == nil { t.Fatal("Expected error when no creation statement is provided") @@ -254,7 +254,7 @@ func TestPostgreSQL_RevokeUser(t *testing.T) { t.Fatalf("Could not connect with new credentials: %s", err) } - // Test default revoke statememts + // Test default revoke statements err = db.RevokeUser(context.Background(), statements, username) if err != nil { t.Fatalf("err: %s", err) diff --git a/plugins/helper/database/connutil/sql.go b/plugins/helper/database/connutil/sql.go index 2e34065d03..ec351381bd 100644 --- a/plugins/helper/database/connutil/sql.go +++ b/plugins/helper/database/connutil/sql.go @@ -99,7 +99,7 @@ func (c *SQLConnectionProducer) Connection(ctx context.Context) (interface{}, er // Otherwise, attempt to make connection conn := c.ConnectionURL - // Ensure timezone is set to UTC for all the conenctions + // Ensure timezone is set to UTC for all the connections if strings.HasPrefix(conn, "postgres://") || strings.HasPrefix(conn, "postgresql://") { if strings.Contains(conn, "?") { conn += "&timezone=utc" diff --git a/plugins/serve.go b/plugins/serve.go index a40fc5b14f..0bc3bc4e81 100644 --- a/plugins/serve.go +++ b/plugins/serve.go @@ -10,7 +10,7 @@ import ( // Serve is used to start a plugin's RPC server. It takes an interface that must // implement a known plugin interface to vault and an optional api.TLSConfig for -// use during the inital unwrap request to vault. The api config is particulary +// use during the inital unwrap request to vault. The api config is particularly // useful when vault is setup to require client cert checking. func Serve(plugin interface{}, tlsConfig *api.TLSConfig) { tlsProvider := pluginutil.VaultPluginTLSProvider(tlsConfig) diff --git a/shamir/shamir.go b/shamir/shamir.go index d6f5137e5b..7b8fdc3661 100644 --- a/shamir/shamir.go +++ b/shamir/shamir.go @@ -250,7 +250,7 @@ func Combine(parts [][]byte) ([]byte, error) { y_samples[i] = part[idx] } - // Interpolte the polynomial and compute the value at 0 + // Interpolate the polynomial and compute the value at 0 val := interpolatePolynomial(x_samples, y_samples, 0) // Evaluate the 0th value to get the intercept diff --git a/vault/acl.go b/vault/acl.go index 23bb02c559..e5ab0aecfc 100644 --- a/vault/acl.go +++ b/vault/acl.go @@ -357,7 +357,7 @@ CHECK: } for parameter, value := range req.Data { - // Check if parameter has been explictly denied + // Check if parameter has been explicitly denied if valueSlice, ok := permissions.DeniedParameters[strings.ToLower(parameter)]; ok { // If the value exists in denied values slice, deny if valueInParameterList(value, valueSlice) { diff --git a/vault/acl_test.go b/vault/acl_test.go index 09dfbcd6b8..519fe8772f 100644 --- a/vault/acl_test.go +++ b/vault/acl_test.go @@ -259,13 +259,13 @@ func TestACL_PolicyMerge(t *testing.T) { p := raw.(*ACLPermissions) if !reflect.DeepEqual(tc.allowed, p.AllowedParameters) { - t.Fatalf("Allowed paramaters did not match, Expected: %#v, Got: %#v", tc.allowed, p.AllowedParameters) + t.Fatalf("Allowed parameters did not match, Expected: %#v, Got: %#v", tc.allowed, p.AllowedParameters) } if !reflect.DeepEqual(tc.denied, p.DeniedParameters) { - t.Fatalf("Denied paramaters did not match, Expected: %#v, Got: %#v", tc.denied, p.DeniedParameters) + t.Fatalf("Denied parameters did not match, Expected: %#v, Got: %#v", tc.denied, p.DeniedParameters) } if !reflect.DeepEqual(tc.required, p.RequiredParameters) { - t.Fatalf("Required paramaters did not match, Expected: %#v, Got: %#v", tc.required, p.RequiredParameters) + t.Fatalf("Required parameters did not match, Expected: %#v, Got: %#v", tc.required, p.RequiredParameters) } if tc.minWrappingTTL != nil && *tc.minWrappingTTL != p.MinWrappingTTL { t.Fatalf("Min wrapping TTL did not match, Expected: %#v, Got: %#v", tc.minWrappingTTL, p.MinWrappingTTL) diff --git a/vault/audit_test.go b/vault/audit_test.go index 820766b894..b40bba9878 100644 --- a/vault/audit_test.go +++ b/vault/audit_test.go @@ -551,7 +551,7 @@ func TestAuditBroker_LogResponse(t *testing.T) { } respErr := fmt.Errorf("permission denied") - // Copy so we can verify nothing canged + // Copy so we can verify nothing changed authCopyRaw, err := copystructure.Copy(auth) if err != nil { t.Fatal(err) @@ -650,7 +650,7 @@ func TestAuditBroker_AuditHeaders(t *testing.T) { } respErr := fmt.Errorf("permission denied") - // Copy so we can verify nothing canged + // Copy so we can verify nothing changed reqCopyRaw, err := copystructure.Copy(req) if err != nil { t.Fatal(err) diff --git a/vault/audited_headers.go b/vault/audited_headers.go index ce5c2b1b3d..3dc90e005f 100644 --- a/vault/audited_headers.go +++ b/vault/audited_headers.go @@ -126,7 +126,7 @@ func (a *AuditedHeadersConfig) ApplyConfig(ctx context.Context, headers map[stri return result, nil } -// Initalize the headers config by loading from the barrier view +// Initialize the headers config by loading from the barrier view func (c *Core) setupAuditedHeadersConfig(ctx context.Context) error { // Create a sub-view view := c.systemBarrierView.SubView(auditedHeadersSubPath) diff --git a/vault/barrier.go b/vault/barrier.go index 4a3ba2420a..7f8a31381f 100644 --- a/vault/barrier.go +++ b/vault/barrier.go @@ -89,7 +89,7 @@ type SecurityBarrier interface { VerifyMaster(key []byte) error // SetMasterKey is used to directly set a new master key. This is used in - // repliated scenarios due to the chicken and egg problem of reloading the + // replicated scenarios due to the chicken and egg problem of reloading the // keyring from disk before we have the master key to decrypt it. SetMasterKey(key []byte) error diff --git a/vault/barrier_aes_gcm_test.go b/vault/barrier_aes_gcm_test.go index e9eb6ebe22..410e5b47de 100644 --- a/vault/barrier_aes_gcm_test.go +++ b/vault/barrier_aes_gcm_test.go @@ -157,7 +157,7 @@ func TestAESGCMBarrier_BackwardsCompatible(t *testing.T) { t.Fatalf("err: %v", err) } - // Check for migraiton + // Check for migration out, err := inm.Get(context.Background(), barrierInitPath) if err != nil { t.Fatalf("err: %v", err) @@ -208,7 +208,7 @@ func TestAESGCMBarrier_Confidential(t *testing.T) { t.Fatalf("err: %v", err) } - // Check the physcial entry + // Check the physical entry pe, err := inm.Get(context.Background(), "test") if err != nil { t.Fatalf("err: %v", err) diff --git a/vault/core.go b/vault/core.go index 3e97c0de17..d255e6f6c3 100644 --- a/vault/core.go +++ b/vault/core.go @@ -830,7 +830,7 @@ func (c *Core) checkToken(ctx context.Context, req *logical.Request, unauth bool switch { case checkExists == false: - // No existence check, so always treate it as an update operation, which is how it is pre 0.5 + // No existence check, so always treat it as an update operation, which is how it is pre 0.5 req.Operation = logical.UpdateOperation case resourceExists == true: // It exists, so force an update operation @@ -1177,7 +1177,7 @@ func (c *Core) unsealPart(ctx context.Context, config *SealConfig, key []byte, u // Get stored keys and shamir combine into single master key. Unsealing with // recovery keys currently does not support: 1) mixed stored and non-stored // keys setup, nor 2) seals that support recovery keys but not stored keys. - // If insuffiencient shares are provided, shamir.Combine will error, and if + // If insufficient shares are provided, shamir.Combine will error, and if // no stored keys are found it will return masterKey as nil. var masterKey []byte if c.seal.StoredKeysSupported() { @@ -2227,7 +2227,7 @@ func (c *Core) clearLeader(uuid string) error { return err } -// emitMetrics is used to periodically expose metrics while runnig +// emitMetrics is used to periodically expose metrics while running func (c *Core) emitMetrics(stopCh chan struct{}) { for { select { diff --git a/vault/core_test.go b/vault/core_test.go index e59ff3e8d4..b46ccb1af1 100644 --- a/vault/core_test.go +++ b/vault/core_test.go @@ -2025,7 +2025,7 @@ func TestCore_RenewToken_SingleRegister(t *testing.T) { t.Fatalf("err: %v", err) } - // Verify our token is still valid (e.g. we did not get invalided by the revoke) + // Verify our token is still valid (e.g. we did not get invalidated by the revoke) req = logical.TestRequest(t, logical.UpdateOperation, "auth/token/lookup") req.Data = map[string]interface{}{ "token": newClient, diff --git a/vault/cors.go b/vault/cors.go index dbb063031e..a842db8254 100644 --- a/vault/cors.go +++ b/vault/cors.go @@ -85,7 +85,7 @@ func (c *Core) loadCORSConfig(ctx context.Context) error { return nil } -// Enable takes either a '*' or a comma-seprated list of URLs that can make +// Enable takes either a '*' or a comma-separated list of URLs that can make // cross-origin requests to Vault. func (c *CORSConfig) Enable(ctx context.Context, urls []string, headers []string) error { if len(urls) == 0 { diff --git a/vault/generate_root.go b/vault/generate_root.go index 5b5939ce38..e611b21bf2 100644 --- a/vault/generate_root.go +++ b/vault/generate_root.go @@ -230,7 +230,7 @@ func (c *Core) GenerateRootUpdate(ctx context.Context, key []byte, nonce string, } if strategy != c.generateRootConfig.Strategy { - return nil, fmt.Errorf("incorrect stategy supplied; a generate root operation of another type is already in progress") + return nil, fmt.Errorf("incorrect strategy supplied; a generate root operation of another type is already in progress") } // Check if we already have this piece diff --git a/vault/identity_lookup.go b/vault/identity_lookup.go index af06118ea1..20d7ea0b62 100644 --- a/vault/identity_lookup.go +++ b/vault/identity_lookup.go @@ -29,7 +29,7 @@ func lookupPaths(i *IdentityStore) []*framework.Path { }, "alias_name": { Type: framework.TypeString, - Description: "Name of the alias. This should be supplied in conjuction with 'alias_mount_accessor'.", + Description: "Name of the alias. This should be supplied in conjunction with 'alias_mount_accessor'.", }, "alias_mount_accessor": { Type: framework.TypeString, @@ -60,7 +60,7 @@ func lookupPaths(i *IdentityStore) []*framework.Path { }, "alias_name": { Type: framework.TypeString, - Description: "Name of the alias. This should be supplied in conjuction with 'alias_mount_accessor'.", + Description: "Name of the alias. This should be supplied in conjunction with 'alias_mount_accessor'.", }, "alias_mount_accessor": { Type: framework.TypeString, diff --git a/vault/identity_store_aliases_test.go b/vault/identity_store_aliases_test.go index c2244f4ace..afbdf90322 100644 --- a/vault/identity_store_aliases_test.go +++ b/vault/identity_store_aliases_test.go @@ -61,7 +61,7 @@ func TestIdentityStore_ListAlias(t *testing.T) { keys := resp.Data["keys"].([]string) if len(keys) != 2 { - t.Fatalf("bad: lengh of alias IDs listed; expected: 2, actual: %d", len(keys)) + t.Fatalf("bad: length of alias IDs listed; expected: 2, actual: %d", len(keys)) } } diff --git a/vault/identity_store_structs.go b/vault/identity_store_structs.go index bc0f07af18..067fdcdf9d 100644 --- a/vault/identity_store_structs.go +++ b/vault/identity_store_structs.go @@ -52,7 +52,7 @@ type IdentityStore struct { // to enable richer queries based on multiple indexes. db *memdb.MemDB - // validateMountAccessorFunc is a utility from router which returnes the + // validateMountAccessorFunc is a utility from router which returns the // properties of the mount given the mount accessor. validateMountAccessorFunc func(string) *validateMountResponse diff --git a/vault/identity_store_util.go b/vault/identity_store_util.go index 2e0e7fea88..fe3f9d9b91 100644 --- a/vault/identity_store_util.go +++ b/vault/identity_store_util.go @@ -146,7 +146,7 @@ func (i *IdentityStore) loadEntities(ctx context.Context) error { defer wg.Done() for j, bucketKey := range existing { if j%500 == 0 { - i.logger.Trace("identity: enities loading", "progress", j) + i.logger.Trace("identity: entities loading", "progress", j) } select { diff --git a/vault/keyring_test.go b/vault/keyring_test.go index 60e3925ac0..aaac35b619 100644 --- a/vault/keyring_test.go +++ b/vault/keyring_test.go @@ -51,7 +51,7 @@ func TestKeyring(t *testing.T) { t.Fatalf("err: %v", err) } - // Should not allow conficting set + // Should not allow conflicting set testConflict := []byte("nope") key1Conf := &Key{Term: 1, Version: 1, Value: testConflict, InstallTime: time.Now()} _, err = k.AddKey(key1Conf) diff --git a/vault/logical_cubbyhole.go b/vault/logical_cubbyhole.go index bcff82c3db..493d63ede2 100644 --- a/vault/logical_cubbyhole.go +++ b/vault/logical_cubbyhole.go @@ -38,7 +38,7 @@ func CubbyholeBackendFactory(ctx context.Context, conf *logical.BackendConfig) ( } if conf == nil { - return nil, fmt.Errorf("Configuation passed into backend is nil") + return nil, fmt.Errorf("Configuration passed into backend is nil") } b.Backend.Setup(ctx, conf) diff --git a/vault/logical_passthrough.go b/vault/logical_passthrough.go index 60f078e1c5..8a3cff4bb0 100644 --- a/vault/logical_passthrough.go +++ b/vault/logical_passthrough.go @@ -69,7 +69,7 @@ func LeaseSwitchedPassthroughBackend(ctx context.Context, conf *logical.BackendC } if conf == nil { - return nil, fmt.Errorf("Configuation passed into backend is nil") + return nil, fmt.Errorf("Configuration passed into backend is nil") } b.Backend.Setup(ctx, conf) diff --git a/vault/logical_system.go b/vault/logical_system.go index 8c62fc0e11..7b000153f8 100644 --- a/vault/logical_system.go +++ b/vault/logical_system.go @@ -1154,7 +1154,7 @@ func (b *SystemBackend) handlePluginCatalogUpdate(ctx context.Context, req *logi if len(parts) <= 0 { return logical.ErrorResponse("missing command value"), nil } else if len(parts) > 1 && len(args) > 0 { - return logical.ErrorResponse("must not speficy args in command and args field"), nil + return logical.ErrorResponse("must not specify args in command and args field"), nil } else if len(parts) > 1 { args = parts[1:] } @@ -1262,7 +1262,7 @@ func (b *SystemBackend) handleAuditedHeaderUpdate(ctx context.Context, req *logi return nil, nil } -// handleAudtedHeaderDelete deletes the header with the given name +// handleAuditedHeaderDelete deletes the header with the given name func (b *SystemBackend) handleAuditedHeaderDelete(ctx context.Context, req *logical.Request, d *framework.FieldData) (*logical.Response, error) { header := d.Get("header").(string) if header == "" { @@ -1310,7 +1310,7 @@ func (b *SystemBackend) handleAuditedHeadersRead(ctx context.Context, req *logic } // handleCapabilitiesAccessor returns the ACL capabilities of the -// token associted with the given accessor for a given path. +// token associated with the given accessor for a given path. func (b *SystemBackend) handleCapabilitiesAccessor(ctx context.Context, req *logical.Request, d *framework.FieldData) (*logical.Response, error) { accessor := d.Get("accessor").(string) if accessor == "" { @@ -3470,7 +3470,7 @@ Example: you might have an OAuth backend for GitHub, and one for Google Apps. }, "auth_desc": { - `User-friendly description for this crential backend.`, + `User-friendly description for this credential backend.`, "", }, diff --git a/vault/logical_system_integ_test.go b/vault/logical_system_integ_test.go index f6993b8c38..3584335544 100644 --- a/vault/logical_system_integ_test.go +++ b/vault/logical_system_integ_test.go @@ -249,7 +249,7 @@ func testPlugin_continueOnError(t *testing.T, btype logical.BackendType, mismatc t.Fatal("invalid command") } - // Trigger a sha256 mistmatch or missing plugin error + // Trigger a sha256 mismatch or missing plugin error if mismatch { req = logical.TestRequest(t, logical.UpdateOperation, "sys/plugins/catalog/mock-plugin") req.Data = map[string]interface{}{ @@ -549,7 +549,7 @@ func testSystemBackendMock(t *testing.T, numCores, numMounts int, backendType lo func TestBackend_PluginMainLogical(t *testing.T) { args := []string{} - if os.Getenv(pluginutil.PluginUnwrapTokenEnv) == "" && os.Getenv(pluginutil.PluginMetadaModeEnv) != "true" { + if os.Getenv(pluginutil.PluginUnwrapTokenEnv) == "" && os.Getenv(pluginutil.PluginMetadataModeEnv) != "true" { return } @@ -578,7 +578,7 @@ func TestBackend_PluginMainLogical(t *testing.T) { func TestBackend_PluginMainCredentials(t *testing.T) { args := []string{} - if os.Getenv(pluginutil.PluginUnwrapTokenEnv) == "" && os.Getenv(pluginutil.PluginMetadaModeEnv) != "true" { + if os.Getenv(pluginutil.PluginUnwrapTokenEnv) == "" && os.Getenv(pluginutil.PluginMetadataModeEnv) != "true" { return } diff --git a/vault/logical_system_test.go b/vault/logical_system_test.go index 0056883343..5a53b9f4fa 100644 --- a/vault/logical_system_test.go +++ b/vault/logical_system_test.go @@ -1998,7 +1998,7 @@ func TestSystemBackend_PluginCatalog_CRUD(t *testing.T) { if err != nil { t.Fatalf("err: %v", err) } - if resp.Error().Error() != "must not speficy args in command and args field" { + if resp.Error().Error() != "must not specify args in command and args field" { t.Fatalf("err: %v", resp.Error()) } @@ -2169,7 +2169,7 @@ func TestSystemBackend_ToolsRandom(t *testing.T) { } rand2 := getResponse() if len(rand1) != numBytes || len(rand2) != numBytes { - t.Fatal("length of output random bytes not what is exepcted") + t.Fatal("length of output random bytes not what is expected") } if reflect.DeepEqual(rand1, rand2) { t.Fatal("found identical ouputs") diff --git a/vault/plugin_catalog.go b/vault/plugin_catalog.go index 0b638707f9..fc8e8ca200 100644 --- a/vault/plugin_catalog.go +++ b/vault/plugin_catalog.go @@ -181,7 +181,7 @@ func (c *PluginCatalog) List(ctx context.Context) ([]string, error) { retList[i] = k i++ } - // sort for consistent ordering of builtin pluings + // sort for consistent ordering of builtin plugins sort.Strings(retList) return retList, nil diff --git a/vault/plugin_catalog_test.go b/vault/plugin_catalog_test.go index 3756e3df7c..a99cac8c97 100644 --- a/vault/plugin_catalog_test.go +++ b/vault/plugin_catalog_test.go @@ -167,7 +167,7 @@ func TestPluginCatalog_List(t *testing.T) { t.Fatalf("expected did not match actual, got %#v\n expected %#v\n", plugins[0], "aaaaaaa") } - // verify the builtin pluings are correct + // verify the builtin plugins are correct for i, p := range builtinKeys { if !reflect.DeepEqual(plugins[i+1], p) { t.Fatalf("expected did not match actual, got %#v\n expected %#v\n", plugins[i+1], p) diff --git a/vault/rekey.go b/vault/rekey.go index 62c4955b30..6fbb8abaf5 100644 --- a/vault/rekey.go +++ b/vault/rekey.go @@ -16,12 +16,12 @@ import ( ) const ( - // coreUnsealKeysBackupPath is the path used to back upencrypted unseal + // coreUnsealKeysBackupPath is the path used to backup encrypted unseal // keys if specified during a rekey operation. This is outside of the // barrier. coreBarrierUnsealKeysBackupPath = "core/unseal-keys-backup" - // coreRecoveryUnsealKeysBackupPath is the path used to back upencrypted + // coreRecoveryUnsealKeysBackupPath is the path used to backup encrypted // recovery keys if specified during a rekey operation. This is outside of // the barrier. coreRecoveryUnsealKeysBackupPath = "core/recovery-keys-backup" diff --git a/vault/token_store.go b/vault/token_store.go index 1cf84092ce..69a6b288b3 100644 --- a/vault/token_store.go +++ b/vault/token_store.go @@ -1178,7 +1178,7 @@ func (ts *TokenStore) revokeSalted(ctx context.Context, saltedId string) (ret er return nil } -// RevokeTree is used to invalide a given token and all +// RevokeTree is used to invalidate a given token and all // child tokens. func (ts *TokenStore) RevokeTree(ctx context.Context, id string) error { defer metrics.MeasureSince([]string{"token", "revoke-tree"}, time.Now()) @@ -2536,7 +2536,7 @@ no effect on the token being renewed.` renewable or not according to this value. Defaults to "true".` tokenListAccessorsHelp = `List token accessors, which can then be -be used to iterate and discover their properities +be used to iterate and discover their properties or revoke them. Because this can be used to cause a denial of service, this endpoint requires 'sudo' capability in addition to diff --git a/vault/token_store_test.go b/vault/token_store_test.go index c2396a2fd5..57444dfd94 100644 --- a/vault/token_store_test.go +++ b/vault/token_store_test.go @@ -604,7 +604,7 @@ func TestTokenStore_UseToken(t *testing.T) { t.Fatalf("bad: ent:%#v ent2:%#v", ent, ent2) } - // Create a retstricted token + // Create a restricted token ent = &TokenEntry{Path: "test", Policies: []string{"dev", "ops"}, NumUses: 2} if err := ts.create(context.Background(), ent); err != nil { t.Fatalf("err: %v", err) diff --git a/website/source/api/auth/approle/index.html.md b/website/source/api/auth/approle/index.html.md index ee7f8ef41f..c89ed8032e 100644 --- a/website/source/api/auth/approle/index.html.md +++ b/website/source/api/auth/approle/index.html.md @@ -512,7 +512,7 @@ Assigns a "custom" SecretID against an existing AppRole. This is used in the metadata will be set on tokens issued with this SecretID, and is logged in audit logs _in plaintext_. - `cidr_list` `(array: [])` - Comma separated string or list of CIDR blocks - enforcing secret IDs to be used from ppecific set of IP addresses. If + enforcing secret IDs to be used from specific set of IP addresses. If `bound_cidr_list` is set on the role, then the list of CIDR blocks listed here should be a subset of the CIDR blocks listed on the role. diff --git a/website/source/api/auth/aws/index.html.md b/website/source/api/auth/aws/index.html.md index 667c390df1..187bb19d19 100644 --- a/website/source/api/auth/aws/index.html.md +++ b/website/source/api/auth/aws/index.html.md @@ -479,7 +479,7 @@ $ curl \ https://vault.rocks/v1/auth/aws/config/tidy/roletag-blacklist ``` -## Read Role Tag Blackist Tidy Settings +## Read Role Tag Blacklist Tidy Settings Returns the previously configured periodic blacklist tidying settings. @@ -506,7 +506,7 @@ $ curl \ } ``` -## Delete Role Tag Blackist Tidy Settings +## Delete Role Tag Blacklist Tidy Settings Deletes the previously configured periodic blacklist tidying settings. @@ -527,7 +527,7 @@ $ curl \ Registers a role in the method. Only those instances or principals which are using the role registered using this endpoint, will be able to perform -the login operation. Contraints can be specified on the role, that are +the login operation. Constraints can be specified on the role, that are applied on the instances or principals attempting to login. At least one constraint must be specified on the role. The available constraints you can choose are dependent on the `auth_type` of the role and, if the @@ -605,7 +605,7 @@ list in order to satisfy that constraint. end of the ARN, e.g., "arn:aws:iam::123456789012:\*" will match any IAM principal in the AWS account 123456789012. When `resolve_aws_unique_ids` is `false` and you are binding to IAM roles (as opposed to users) and you are not - using a wildcard at the end, then you must specify the ARN by ommitting any + using a wildcard at the end, then you must specify the ARN by omitting any path component; see the documentation for `resolve_aws_unique_ids` below. This constraint is only checked by the iam auth method. Wildcards are supported at the end of the ARN, e.g., diff --git a/website/source/api/auth/okta/index.html.md b/website/source/api/auth/okta/index.html.md index 408c87e436..bf64eb491e 100644 --- a/website/source/api/auth/okta/index.html.md +++ b/website/source/api/auth/okta/index.html.md @@ -362,7 +362,7 @@ Login with the username and password. ### Parameters - `username` `(string: )` - Username for this user. -- `password` `(string: )` - Password for the autheticating user. +- `password` `(string: )` - Password for the authenticating user. ### Sample Payload diff --git a/website/source/api/auth/radius/index.html.md b/website/source/api/auth/radius/index.html.md index 72023d7eb8..255dc8bfe2 100644 --- a/website/source/api/auth/radius/index.html.md +++ b/website/source/api/auth/radius/index.html.md @@ -194,7 +194,7 @@ Login with the username and password. ### Parameters - `username` `(string: )` - Username for this user. -- `password` `(string: )` - Password for the autheticating user. +- `password` `(string: )` - Password for the authenticating user. ### Sample Payload diff --git a/website/source/api/secret/databases/cassandra.html.md b/website/source/api/secret/databases/cassandra.html.md index ddf4b7f6d8..08515e6b1d 100644 --- a/website/source/api/secret/databases/cassandra.html.md +++ b/website/source/api/secret/databases/cassandra.html.md @@ -101,7 +101,7 @@ $ curl \ ## Statements Statements are configured during role creation and are used by the plugin to -determine what is sent to the datatabse on user creation, renewing, and +determine what is sent to the database on user creation, renewing, and revocation. For more information on configuring roles see the [Role API](/api/secret/databases/index.html#create-role) in the database secrets engine docs. diff --git a/website/source/api/secret/databases/hanadb.html.md b/website/source/api/secret/databases/hanadb.html.md index 51dfd856d2..43ae3059ef 100644 --- a/website/source/api/secret/databases/hanadb.html.md +++ b/website/source/api/secret/databases/hanadb.html.md @@ -61,7 +61,7 @@ $ curl \ ## Statements Statements are configured during role creation and are used by the plugin to -determine what is sent to the datatabse on user creation, renewing, and +determine what is sent to the database on user creation, renewing, and revocation. For more information on configuring roles see the [Role API](/api/secret/databases/index.html#create-role) in the database secrets engine docs. diff --git a/website/source/api/secret/databases/mongodb.html.md b/website/source/api/secret/databases/mongodb.html.md index 1975e0ecd8..50953ed217 100644 --- a/website/source/api/secret/databases/mongodb.html.md +++ b/website/source/api/secret/databases/mongodb.html.md @@ -56,7 +56,7 @@ $ curl \ ## Statements Statements are configured during role creation and are used by the plugin to -determine what is sent to the datatabse on user creation, renewing, and +determine what is sent to the database on user creation, renewing, and revocation. For more information on configuring roles see the [Role API](/api/secret/databases/index.html#create-role) in the database secrets engine docs. diff --git a/website/source/api/secret/databases/mssql.html.md b/website/source/api/secret/databases/mssql.html.md index 15c16b3c0e..0a30e34e83 100644 --- a/website/source/api/secret/databases/mssql.html.md +++ b/website/source/api/secret/databases/mssql.html.md @@ -61,7 +61,7 @@ $ curl \ ## Statements Statements are configured during role creation and are used by the plugin to -determine what is sent to the datatabse on user creation, renewing, and +determine what is sent to the database on user creation, renewing, and revocation. For more information on configuring roles see the [Role API](/api/secret/databases/index.html#create-role) in the database secrets engine docs. diff --git a/website/source/api/secret/databases/mysql-maria.html.md b/website/source/api/secret/databases/mysql-maria.html.md index f39d9be139..2e14c7332e 100644 --- a/website/source/api/secret/databases/mysql-maria.html.md +++ b/website/source/api/secret/databases/mysql-maria.html.md @@ -61,7 +61,7 @@ $ curl \ ## Statements Statements are configured during role creation and are used by the plugin to -determine what is sent to the datatabse on user creation, renewing, and +determine what is sent to the database on user creation, renewing, and revocation. For more information on configuring roles see the [Role API](/api/secret/databases/index.html#create-role) in the database secrets engine docs. diff --git a/website/source/api/secret/databases/oracle.html.md b/website/source/api/secret/databases/oracle.html.md index 31938f0cbb..24436f2ef8 100644 --- a/website/source/api/secret/databases/oracle.html.md +++ b/website/source/api/secret/databases/oracle.html.md @@ -61,7 +61,7 @@ $ curl \ ## Statements Statements are configured during role creation and are used by the plugin to -determine what is sent to the datatabse on user creation, renewing, and +determine what is sent to the database on user creation, renewing, and revocation. For more information on configuring roles see the [Role API](/api/secret/databases/index.html#create-role) in the database secrets engine docs. diff --git a/website/source/api/system/mfa-duo.html.md b/website/source/api/system/mfa-duo.html.md index e0057042dd..0e9283dffe 100644 --- a/website/source/api/system/mfa-duo.html.md +++ b/website/source/api/system/mfa-duo.html.md @@ -24,7 +24,7 @@ This endpoint defines a MFA method of type Duo. - alias.name: The name returned by the mount configured via the `mount_accessor` parameter - entity.name: The name configured for the Entity - alias.metadata.``: The value of the Alias's metadata parameter - - entity.metadata.``: The value of the Entity's metadata paramater + - entity.metadata.``: The value of the Entity's metadata parameter - `secret_key` `(string)` - Secret key for Duo. diff --git a/website/source/api/system/mfa-okta.html.md b/website/source/api/system/mfa-okta.html.md index d115965f5e..1772b8646b 100644 --- a/website/source/api/system/mfa-okta.html.md +++ b/website/source/api/system/mfa-okta.html.md @@ -24,7 +24,7 @@ This endpoint defines a MFA method of type Okta. - alias.name: The name returned by the mount configured via the `mount_accessor` parameter - entity.name: The name configured for the Entity - alias.metadata.``: The value of the Alias's metadata parameter - - entity.metadata.``: The value of the Entity's metadata paramater + - entity.metadata.``: The value of the Entity's metadata parameter - `org_name` `(string)` - Name of the organization to be used in the Okta API. diff --git a/website/source/api/system/mfa-pingid.html.md b/website/source/api/system/mfa-pingid.html.md index b73e4a4964..649b9a9644 100644 --- a/website/source/api/system/mfa-pingid.html.md +++ b/website/source/api/system/mfa-pingid.html.md @@ -24,7 +24,7 @@ This endpoint defines a MFA method of type PingID. - alias.name: The name returned by the mount configured via the `mount_accessor` parameter - entity.name: The name configured for the Entity - alias.metadata.``: The value of the Alias's metadata parameter - - entity.metadata.``: The value of the Entity's metadata paramater + - entity.metadata.``: The value of the Entity's metadata parameter - `settings_file_base64` `(string)` - A base64-encoded third-party settings file retrieved from PingID's configuration page. diff --git a/website/source/api/system/rekey.html.md b/website/source/api/system/rekey.html.md index 1899bb217a..5d300e216a 100644 --- a/website/source/api/system/rekey.html.md +++ b/website/source/api/system/rekey.html.md @@ -12,7 +12,7 @@ The `/sys/rekey` endpoints are used to rekey the unseal keys for Vault. On seals that support stored keys (e.g. HSM PKCS11), the recovery key share(s) can be provided to rekey the master key since no unseal keys are available. The -secret shares, secret threshold, and stored shares parameteres must be set to 1. +secret shares, secret threshold, and stored shares parameters must be set to 1. Upon successful rekey, no split unseal key shares are returned. ## Read Rekey Progress diff --git a/website/source/docs/auth/aws.html.md b/website/source/docs/auth/aws.html.md index 6152d1a846..48198ccefe 100644 --- a/website/source/docs/auth/aws.html.md +++ b/website/source/docs/auth/aws.html.md @@ -115,7 +115,7 @@ method and associated with a specific authentication type that cannot be changed once the role has been created. Roles can also be associated with various optional restrictions, such as the set of allowed policies and max TTLs on the generated tokens. Each role can be specified with the constraints that -are to be met during the login. Many of these contraints accept lists of +are to be met during the login. Many of these constraints accept lists of required values. For any constraint which accepts a list of values, that constraint will be considered satisfied if any one of the values is matched during the login process. For example, one such constraint that is diff --git a/website/source/docs/configuration/seal/pkcs11.html.md b/website/source/docs/configuration/seal/pkcs11.html.md index cdc6966c8b..971f6503c6 100644 --- a/website/source/docs/configuration/seal/pkcs11.html.md +++ b/website/source/docs/configuration/seal/pkcs11.html.md @@ -110,7 +110,7 @@ These parameters apply to the `seal` stanza in the Vault configuration file: specified by the `VAULT_HSM_REGENERATE_KEY` environment variable. ~> **Note:** Although the configuration file allows you to pass in -`VAULT_HSM_PIN` as part of the seal's parameters, it is *strongly* reccommended +`VAULT_HSM_PIN` as part of the seal's parameters, it is *strongly* recommended to set this value via environment variables. ## `pkcs11` Environment Variables diff --git a/website/source/docs/configuration/storage/filesystem.html.md b/website/source/docs/configuration/storage/filesystem.html.md index d08c9211e3..ebf5840e77 100644 --- a/website/source/docs/configuration/storage/filesystem.html.md +++ b/website/source/docs/configuration/storage/filesystem.html.md @@ -37,7 +37,7 @@ measures to secure access to the filesystem. ## `file` Examples -This example shows the Filesytem storage backend being mounted at +This example shows the Filesystem storage backend being mounted at `/mnt/vault/data`. ```hcl diff --git a/website/source/docs/configuration/storage/swift.html.md b/website/source/docs/configuration/storage/swift.html.md index 5848bf0025..f512bd9472 100644 --- a/website/source/docs/configuration/storage/swift.html.md +++ b/website/source/docs/configuration/storage/swift.html.md @@ -60,7 +60,7 @@ This example shows a default configuration for Swift. ```hcl storage "swift" { - auth_url = "https://os.initernal/v1/auth" + auth_url = "https://os.internal/v1/auth" container = "container-239" username = "user1234" diff --git a/website/source/docs/enterprise/control-groups/index.html.md b/website/source/docs/enterprise/control-groups/index.html.md index 484c398378..651d9be88f 100644 --- a/website/source/docs/enterprise/control-groups/index.html.md +++ b/website/source/docs/enterprise/control-groups/index.html.md @@ -15,7 +15,7 @@ add additional authorization factors to be required before satisfying a request. When a Control Group is required for a request, a limited duration response wrapping token is returned to the user instead of the requested data. The accessor of the response wrapping token can be passed to the authorizers -required by the control group policy. Once all authorizations are satisified, +required by the control group policy. Once all authorizations are satisfied, the wrapping token can be used to unwrap and process the original request. ## Control Group Factors diff --git a/website/source/docs/secrets/databases/custom.html.md b/website/source/docs/secrets/databases/custom.html.md index 7bd5316e30..6314721e41 100644 --- a/website/source/docs/secrets/databases/custom.html.md +++ b/website/source/docs/secrets/databases/custom.html.md @@ -56,7 +56,7 @@ type Statements struct { ``` It is up to your plugin to replace the `{{name}}`, `{{password}}`, and -`{{expiration}}` in these statements with the proper vaules. +`{{expiration}}` in these statements with the proper values. The `Initialize` function is passed a map of keys to values, this data is what the user specified as the configuration for the plugin. Your plugin should use this diff --git a/website/source/docs/secrets/nomad/index.html.md b/website/source/docs/secrets/nomad/index.html.md index 542aa67a68..c949add401 100644 --- a/website/source/docs/secrets/nomad/index.html.md +++ b/website/source/docs/secrets/nomad/index.html.md @@ -96,7 +96,7 @@ secret_id b31fb56c-0936-5428-8c5f-ed010431aba9 ``` Here we can see that Vault has generated a new Nomad ACL token for us. -We can test this token out, by reading it in Nomad (by it's accesor): +We can test this token out, by reading it in Nomad (by it's accessor): ``` $ nomad acl token info a715994d-f5fd-1194-73df-ae9dad616307 diff --git a/website/source/guides/identity/policies.html.md b/website/source/guides/identity/policies.html.md index 6bbf01cdc9..07fdc6c00a 100644 --- a/website/source/guides/identity/policies.html.md +++ b/website/source/guides/identity/policies.html.md @@ -341,7 +341,7 @@ $ curl --header "X-Vault-Token: " \ ``` Where `` is your valid token, and `` includes the policy name and -stringfied policy. +stringified policy. **Example:** diff --git a/website/source/guides/secret-mgmt/cubbyhole.html.md b/website/source/guides/secret-mgmt/cubbyhole.html.md index 5ae4290327..dd9b2d1f21 100644 --- a/website/source/guides/secret-mgmt/cubbyhole.html.md +++ b/website/source/guides/secret-mgmt/cubbyhole.html.md @@ -194,7 +194,7 @@ $ curl --header "X-Vault-Token: " \ ``` Where `` is your valid token, and `` includes policy name and -stringfied policy. +stringified policy. **Example:** diff --git a/website/source/guides/secret-mgmt/static-secrets.html.md b/website/source/guides/secret-mgmt/static-secrets.html.md index f304db7827..0b69128ee1 100644 --- a/website/source/guides/secret-mgmt/static-secrets.html.md +++ b/website/source/guides/secret-mgmt/static-secrets.html.md @@ -123,7 +123,7 @@ You will perform the following: ![Personas Introduction](/assets/images/vault-static-secrets.png) -Step 1 through 3 are performed by `devops` psersona. Step 4 describes the +Step 1 through 3 are performed by `devops` persona. Step 4 describes the commands that `apps` persona runs to read secrets from Vault. ### Step 1: Store the Google API key @@ -136,7 +136,7 @@ strongly discouraged because it can lead to unexpected client-side behavior. Let's assume that the path convention in your organization is **`secret//apikey/`** for API keys. To store the Google API key used -by the engineering team, the path would be `secret/eng/apikey/Googl`. If you +by the engineering team, the path would be `secret/eng/apikey/Google`. If you have an API key for New Relic owned by the DevOps team, the path would look like `secret/devops/apikey/New_Relic`. diff --git a/website/source/guides/upgrading/upgrade-to-0.9.0.html.md b/website/source/guides/upgrading/upgrade-to-0.9.0.html.md index 36f8bc4cb2..299fd9d906 100644 --- a/website/source/guides/upgrading/upgrade-to-0.9.0.html.md +++ b/website/source/guides/upgrading/upgrade-to-0.9.0.html.md @@ -73,7 +73,7 @@ To better reflect its actual use, the `generic` backend is now `kv`. Using ### HSM Users Need to Specify New Config Options (In 0.9) -When using Vault with an HSM, a new paramter is required: `hmac_key_label`. +When using Vault with an HSM, a new parameter is required: `hmac_key_label`. This performs a similar function to `key_label` but for the HMAC key Vault will use. Vault will generate a suitable key if this value is specified and `generate_key` is set true. See [the seal configuration page][pkcs11-seal] for diff --git a/website/source/guides/upgrading/upgrade-to-0.9.2.html.md b/website/source/guides/upgrading/upgrade-to-0.9.2.html.md index 088242532a..e5cf40ec9c 100644 --- a/website/source/guides/upgrading/upgrade-to-0.9.2.html.md +++ b/website/source/guides/upgrading/upgrade-to-0.9.2.html.md @@ -16,7 +16,7 @@ for Vault 0.9.2 compared to 0.9.1. Please read it carefully. This upgrade guide is typically reserved for breaking changes, however it is worth calling out that the CLI interface to Vault has been completely -revamped while maintaining backwards compatbitility. This could lead to +revamped while maintaining backwards compatibility. This could lead to potential confusion while browsing the latest version of the Vault documentation on vaultproject.io. diff --git a/website/source/layouts/guides.erb b/website/source/layouts/guides.erb index 656d0ef42a..e51ba35c4b 100644 --- a/website/source/layouts/guides.erb +++ b/website/source/layouts/guides.erb @@ -52,7 +52,7 @@ > Static Secrets - > + > Secret as a Service >