* Add trace logging to context creation during log req/resp. Improve context sensitivity of sink nodes (file, socket), update eventlogger to include context info in error
* changelog
* Queue for the lock but check context immediately
* fix race in test
* VAULT-29583: Modernize default distributions in enos scenarios
Our scenarios have been running the last gen of distributions in CI.
This updates our default distributions as follows:
- Amazon: 2023
- Leap: 15.6
- RHEL: 8.10, 9.4
- SLES: 15.6
- Ubuntu: 20.04, 24.04
With these changes we also unlock a few new variants combinations:
- `distro:amzn seal:pkcs11`
- `arch:arm64 distro:leap`
We also normalize our distro key for Amazon Linux to `amzn`, which
matches the uname output on both versions that we've supported.
Signed-off-by: Ryan Cragun <me@ryan.ec>
Sometimes the replication scenario will race with other steps and
attempt to check the `v1/sys/version-history` API before the cluster is
ready. Eventually when it gets retried some of the original nodes are
down so it will fail. This makes the verification happen later, only
after we've ensured the cluster is unsealed and have gotten leader and
cluster IP addresses. We also make dependent steps require the version
verification so that if it does fail for some reason it will retry
before doing the rest of the scenario.
Signed-off-by: Ryan Cragun <me@ryan.ec>
* add inline cert auth to postres db plugin
* handle both sslinline and new TLS plugin fields
* refactor PrepareTestContainerWithSSL
* add tests for postgres inline TLS fields
* changelog
* revert back to errwrap since the middleware sanitizing depends on it
* enable only setting sslrootcert
* initial changes
* test selector and duplicate tests clean up
* check for flashDanger
* rename to make it easier to parse
* clean up selector names
* clean up
* add component test coverage
* remove true
* Edit alias_name_source explanation
We wanted to clarify the difference between the two options and the implications.
* Add missing backticks
* Add comma
* Update website/content/api-docs/auth/kubernetes.mdx
Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com>
---------
Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com>
* Update 1_15-auto-upgrade.mdx
* Update known issue version numbers for AP issue
---------
Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com>
* Replace getNewModel with hydrateModel when model exists
* Update getNewModel to only handle nonexistant model types
* Update test
* clarify test
* Fix auth-config models which need hydration not generation
* rename file to match service name
* cleanup + tests
* Add comment about helpUrl method
* move files around
* move fetches to config to the configuration.index route
* working... for aws, lots of clean up left
* move error handling to parent route
* standarize configModel param
* add test coverage
* welp a miss for non configurable engines
* pr comments
* remove mirage interrupts and test actual api
* update configuration details test to test for template only things
* api error coverage
I wanted to make the list of API endpoints with restricted namespace access easier to find.
I considered adding the partial directly here, but thought the explanation in the link would have been helpful.
- Avoid this error for now
zlint_test.go:149: got unexpected error from test e_subj_orgunit_in_ca_cert: map[details:The OU attribute in the Subject is prohibited in Root and TLS CA certificates result:error]
Amazon Linux 2 uses an ancient version of Systemd/systemctl so instead
of using -P when determining the unit file we use the less convenient
-p.
Signed-off-by: Ryan Cragun <me@ryan.ec>
When verifying the Vault version, in addition to verifying the CLI
version we also check that the `/sys/version-history` contains the
expected version.
As part of this we also fix a bug where when doing an in-place upgrade
with a Debian or Redhat package we also remove the self-managed
`vault.service` systemd unit to ensure that correctly start up using the
new version of Vault.
Signed-off-by: Ryan Cragun <me@ryan.ec>
Corrected Docs at: [vault/docs/auth/approle **Via the CLI**](https://developer.hashicorp.com/vault/docs/auth/approle#via-the-cli-1) which results in the error message below on versions near to Vault 1.17.x.
```
Error writing data to auth/approle/role/my-role: Error making API request.
URL: PUT https://.../v1/auth/approle/role/my-role
Code: 400. Errors:
* 'token_type' cannot be 'batch' or 'default_batch' when set to generate tokens with limited use count
```
Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>
