* Support trimming trailing slashes via a mount tuneable to support CMPv2
* changelog/
* Perform trimming in handleLoginRequest too
* Eagerly fetch the mount entry so we only test this once
* Add a mount match function that gets path and entry
* Update vault/request_handling.go
Co-authored-by: Steven Clark <steven.clark@hashicorp.com>
* more docs
* Some patches (from ENT) didnt apply
* patch fail
* Update vault/router.go
Co-authored-by: Steven Clark <steven.clark@hashicorp.com>
* PR feedback
* dupe
* another dupe
* Add support for enabling trim_request_trailing_slashes on mount creation
* Fix read mount api returning configuration for trim_request_trailing_slashes
* Fix test assertion
* Switch enable and tune arguments to BoolPtrVal to allow end-users to specify false flag
* Add trim-request-trailing-slashes to the auth enable API and CLI
---------
Co-authored-by: Steven Clark <steven.clark@hashicorp.com>
This PR adds the CE plumbing and stubs for forcing agent instantiation
whenever the Vault license changes.
Resolves: VAULT-28583
Enterprise PR: hashicorp/vault-enterprise#6168
* timeout 'testListenerConnFn' waiting on the server connection after 3 secs
* return the invalid upstream error so the library knows not to stop listening/serving
* update go-proxyproto to use fork/tag
* test that fails before library and code update, but passes afterwards
* VAULT-28192 fix Agent and Proxy consuming large amounts of CPU for auto-auth self-healing
* Changelog
* Update changelog
* drain incoming if we get invalid token
---------
Co-authored-by: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com>
* Add option for not mounting the KV mount in --dev
* Fix whitespace I messed up during merge conflict resolution
* Feature -> Improvement
* Fix formatting for real
---------
Co-authored-by: Violet Hynes <violet.hynes@hashicorp.com>
* VAULT-25848 update product code to remove mholt/archiver dependency
* VAULT-25848 replace tests, still WIP while I figure out if there's a bug caught by TestDebugCommand_PartialPermissions
* VAULT-25848 actually remove the dep
* VAULT-25848 add headers for directories, improve test
* Comment cleanup
* Typo
* Use %w
* Typo
* add reloading service configuration
* add changelog entry
* add tests
* fix typo
* check if config.ServiceRegistration is nil before signaling
* add changes for deregistering service on nil config with failing tests
* fix tests by decreasing reconcile_timeout + setting consul agent tokens
* fix races
* add comments in test
---------
Co-authored-by: Marc Boudreau <marc.boudreau@hashicorp.com>
* VAULT-25341 Address issue where having no permissions to renew caused Agent and Proxy auth to attempt to renew with no backoff
* Fiddle with go.mod changes that shouldn't have happened
* VAULT-25341 small cleanup and extra test
* VAULT-25341 backoff only in error case
* VAULT-25341 godocs
* VAULT-25342 changelog
* Update command/agent_test.go
Co-authored-by: divyaac <divya.chandrasekaran@hashicorp.com>
* VAULT-25341 rename file audit
---------
Co-authored-by: divyaac <divya.chandrasekaran@hashicorp.com>
* Add missing delegated_auth_accessors config field to /sys/mounts/<path> response
- The field hadn't been properly populated in the JSON struct being returned
through the API response, but had been properly set in the stored structs
in the backend.
- Add missing update to the command tune docs for the -delegated-auth-accessors
option that existed
- Add -delegated-auth-accessors to the secret enable vault command along with
a docs update
* Add cl
* Fix documentation, using a comma separated list does not work
* Apply suggestions from code review
Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com>
* Drop plural on doc update
---------
Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com>
This PR adds inmem_transactional to the map of available physical
backends for TestServerCommand. This is harmless, as tests need to opt
into the backend.
This is required to test AOP configuration on enterprise.
