* VAULT-19239 create disable static secret caching config
* VAULT-19239 missed file
* VAULT-19239 didn't finish a log line
* VAULT-19239 adjust test to use new option
* Fix typo
Co-authored-by: Kuba Wieczorek <kuba.wieczorek@hashicorp.com>
---------
Co-authored-by: Kuba Wieczorek <kuba.wieczorek@hashicorp.com>
* VAULT-19255 first pass at structure for event updater
* VAULT-19255 some more work, committign before rebase
* VAULT-19255 Mostly finish event updating scaffolding
* VAULT-19255 some additional coverage, clean-up, etc
* VAULT-19255 some clean-up
* VAULT-19255 fix tests
* VAULT-19255 more WIP event system integration
* VAULT-19255 More WIP
* VAULT-19255 more discovery
* VAULT-19255 add new test, some clean up
* VAULT-19255 fix bug, extra clean-up
* VAULT-19255 fix bugs, and clean up
* VAULT-19255 clean imports, add more godocs
* VAULT-19255 add config for test
* VAULT-19255 typo
* VAULT-19255 don't do the kv refactor in this PR
* VAULT-19255 update docs
* VAULT-19255 PR feedback
* VAULT-19255 More specific error messages
* VAULT-19237 Add mount_type to secret response
* VAULT-19237 changelog
* VAULT-19237 make MountType generic
* VAULT-19237 clean up comment
* VAULT-19237 update changelog
* VAULT-19237 update test, remove mounttype from wrapped responses
* VAULT-19237 fix a lot of tests
* VAULT-19237 standby test
* ensure -log-level is added to core config (#23017)
* Feature/document tls servername (#22714)
* Add Raft TLS Helm examples
Co-authored-by: Pascal Reeb <pascal.reeb@adfinis.com>
---------
* Clean up unused CRL entries when issuer is removed (#23007)
* Clean up unused CRL entries when issuer is removed
When a issuer is removed, the space utilized by its CRL was not freed,
both from the CRL config mapping issuer IDs to CRL IDs and from the
CRL storage entry. We thus implement a two step cleanup, wherein
orphaned CRL IDs are removed from the config and any remaining full
CRL entries are removed from disk.
This relates to a Consul<->Vault interop issue (#22980), wherein Consul
creates a new issuer on every leadership election, causing this config
to grow. Deleting issuers manually does not entirely solve this problem
as the config does not fully reclaim space used in this entry.
Notably, an observation that when deleting issuers, the CRL was rebuilt
on secondary clusters (due to the invalidation not caring about type of
the operation); for consistency and to clean up the unified CRLs, we
also need to run the rebuild on the active primary cluster that deleted
the issuer as well.
This approach does allow cleanup on existing impacted clusters by simply
rebuilding the CRL.
Co-authored-by: Steven Clark <steven.clark@hashicorp.com>
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
* Add test case on CRL removal
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
* Add changelog entry
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
---------
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
Co-authored-by: Steven Clark <steven.clark@hashicorp.com>
* UI: Handle control group error on SSH (#23025)
* Handle control group error on SSH
* Add changelog
* Fix enterprise failure of TestCRLIssuerRemoval (#23038)
This fixes the enterprise failure of the test
```
=== FAIL: builtin/logical/pki TestCRLIssuerRemoval (0.00s)
crl_test.go:1456:
Error Trace: /home/runner/actions-runner/_work/vault-enterprise/vault-enterprise/builtin/logical/pki/crl_test.go:1456
Error: Received unexpected error:
Global, cross-cluster revocation queue cannot be enabled when auto rebuilding is disabled as the local cluster may not have the certificate entry!
Test: TestCRLIssuerRemoval
Messages: failed enabling unified CRLs on enterprise
```
* fix LDAP auto auth changelog (#23027)
* VAULT-19233 First part of caching static secrets work
* VAULT-19233 update godoc
* VAULT-19233 invalidate cache on non-GET
* VAULT-19233 add locking to proxy cache writes
* VAULT-19233 add caching of capabilities map, and some additional test coverage
* VAULT-19233 Additional testing
* VAULT-19233 namespaces for cache ids
* VAULT-19233 cache-clear testing and implementation
* VAULT-19233 adjust format, add more tests
* VAULT-19233 some more docs
* VAULT-19233 Add RLock holding for map access
* VAULT-19233 PR comments
* VAULT-19233 Different table for capabilities indexes
* VAULT-19233 keep unique for request path
* VAULT-19233 passthrough for non-v1 requests
* VAULT-19233 some renames/PR comment updates
* VAULT-19233 remove type from capabilities index
* VAULT-19233 remove obsolete capabilities
* VAULT-19233 remove erroneous capabilities
* VAULT-19233 woops, missed a test
* VAULT-19233 typo
* VAULT-19233 add custom error for cachememdb
* VAULT-19233 fix cachememdb test
---------
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
Co-authored-by: Chris Capurso <1036769+ccapurso@users.noreply.github.com>
Co-authored-by: Andreas Gruhler <andreas.gruhler@adfinis.com>
Co-authored-by: Alexander Scheel <alex.scheel@hashicorp.com>
Co-authored-by: Steven Clark <steven.clark@hashicorp.com>
Co-authored-by: Chelsea Shaw <82459713+hashishaw@users.noreply.github.com>
* Adding explicit MPL license for sub-package.
This directory and its subdirectories (packages) contain files licensed with the MPLv2 `LICENSE` file in this directory and are intentionally licensed separately from the BSL `LICENSE` file at the root of this repository.
* Adding explicit MPL license for sub-package.
This directory and its subdirectories (packages) contain files licensed with the MPLv2 `LICENSE` file in this directory and are intentionally licensed separately from the BSL `LICENSE` file at the root of this repository.
* Updating the license from MPL to Business Source License.
Going forward, this project will be licensed under the Business Source License v1.1. Please see our blog post for more details at https://hashi.co/bsl-blog, FAQ at www.hashicorp.com/licensing-faq, and details of the license at www.hashicorp.com/bsl.
* add missing license headers
* Update copyright file headers to BUS-1.1
* Fix test that expected exact offset on hcl file
---------
Co-authored-by: hashicorp-copywrite[bot] <110428419+hashicorp-copywrite[bot]@users.noreply.github.com>
Co-authored-by: Sarah Thompson <sthompson@hashicorp.com>
Co-authored-by: Brian Kassouf <bkassouf@hashicorp.com>
* VAULT-15547 First pass at agent/proxy decoupling
* VAULT-15547 Fix some imports
* VAULT-15547 cases instead of string.Title
* VAULT-15547 changelog
* VAULT-15547 Fix some imports
* VAULT-15547 some more dependency updates
* VAULT-15547 More dependency paths
* VAULT-15547 godocs for tests
* VAULT-15547 godocs for tests
* VAULT-15547 test package updates
* VAULT-15547 test packages
* VAULT-15547 add proxy to test packages
* VAULT-15547 gitignore
* VAULT-15547 address comments
* VAULT-15547 Some typos and small fixes
