* add gosimport to make fmt and run it
* move installation to tools.sh
* correct weird spacing issue
* Update Makefile
Co-authored-by: Nick Cabatoff <ncabatoff@hashicorp.com>
* fix a weird issue
---------
Co-authored-by: Nick Cabatoff <ncabatoff@hashicorp.com>
@mitchellh suggested we fork `cli` and switch to that.
Since we primarily use the interfaces in `cli`, and the new
fork has not changed those, this is (mostly) a drop-in replacement.
A small fix will be necessary for Vault Enterprise, I believe.
* Adding explicit MPL license for sub-package.
This directory and its subdirectories (packages) contain files licensed with the MPLv2 `LICENSE` file in this directory and are intentionally licensed separately from the BSL `LICENSE` file at the root of this repository.
* Adding explicit MPL license for sub-package.
This directory and its subdirectories (packages) contain files licensed with the MPLv2 `LICENSE` file in this directory and are intentionally licensed separately from the BSL `LICENSE` file at the root of this repository.
* Updating the license from MPL to Business Source License.
Going forward, this project will be licensed under the Business Source License v1.1. Please see our blog post for more details at https://hashi.co/bsl-blog, FAQ at www.hashicorp.com/licensing-faq, and details of the license at www.hashicorp.com/bsl.
* add missing license headers
* Update copyright file headers to BUS-1.1
* Fix test that expected exact offset on hcl file
---------
Co-authored-by: hashicorp-copywrite[bot] <110428419+hashicorp-copywrite[bot]@users.noreply.github.com>
Co-authored-by: Sarah Thompson <sthompson@hashicorp.com>
Co-authored-by: Brian Kassouf <bkassouf@hashicorp.com>
* Revert "Don't execute the seal recovery tests on ENT. (#18841)"
This reverts commit 990d3bacc2.
* Revert "Add the ability to unseal using recovery keys via an explicit seal option. (#18683)"
This reverts commit 2ffe49aab0.
* wip
* wip
* Got it 'working', but not happy about cleanliness yet
* Switch to a dedicated defaultSeal with recovery keys
This is simpler than trying to hijack SealAccess as before. Instead, if the operator
has requested recovery unseal mode (via a flag in the seal stanza), we new up a shamir
seal with the recovery unseal key path instead of the auto seal. Then everything proceeds
as if you had a shamir seal to begin with.
* Handle recovery rekeying
* changelog
* Revert go.mod redirect
* revert multi-blob info
* Dumb nil unmarshal target
* More comments
* Update vault/seal.go
Co-authored-by: Nick Cabatoff <ncabatoff@hashicorp.com>
* Update changelog/18683.txt
Co-authored-by: Nick Cabatoff <ncabatoff@hashicorp.com>
* pr feedback
* Fix recovery rekey, which needs to fetch root keys and restore them under the new recovery split
* Better comment on recovery seal during adjustSealMigration
* Make it possible to migrate from an auto-seal in recovery mode to shamir
* Fix sealMigrated to account for a recovery seal
* comments
* Update changelog/18683.txt
Co-authored-by: Nick Cabatoff <ncabatoff@hashicorp.com>
* Address PR feedback
* Refactor duplicated migration code into helpers, using UnsealRecoveryKey/RecoveryKey where appropriate
* Don't shortcut the reast of seal migration
* get rid of redundant transit server cleanup
Co-authored-by: Nick Cabatoff <ncabatoff@hashicorp.com>
* See what it looks like to replace "master key" with "root key". There are two places that would require more challenging code changes: the storage path `core/master`, and its contents (the JSON-serialized EncodedKeyringtructure.)
* Restore accidentally deleted line
* Add changelog
* Update root->recovery
* Fix test
Co-authored-by: Nick Cabatoff <ncabatoff@hashicorp.com>
* Added warning when init command uses auto unseal and -key-shares and -key-threshold was set
* Reworked
* Update command/operator_init.go
Co-Authored-By: michelvocks <michelvocks@gmail.com>
* Use Colored UI if stdout is a tty
* Add format options to operator unseal
* Add format test on operator unseal
* Add -no-color output flag, and use BasicUi if no-color flag is provided
* Move seal status formatting logic to OutputSealStatus
* Apply no-color to warnings from DeprecatedCommands as well
* Add OutputWithFormat to support arbitrary data, add format option to auth list
* Add ability to output arbitrary list data on TableFormatter
* Clear up switch logic on format
* Add format option for list-related commands
* Add format option to rest of commands that returns a client API response
* Remove initOutputYAML and initOutputJSON, and use OutputWithFormat instead
* Remove outputAsYAML and outputAsJSON, and use OutputWithFormat instead
* Remove -no-color flag, use env var exclusively to toggle colored output
* Fix compile
* Remove -no-color flag in main.go
* Add missing FlagSetOutputFormat
* Fix generate-root/decode test
* Migrate init functions to main.go
* Add no-color flag back as hidden
* Handle non-supported data types for TableFormatter.OutputList
* Pull formatting much further up to remove the need to use c.flagFormat (#3950)
* Pull formatting much further up to remove the need to use c.flagFormat
Also remove OutputWithFormat as the logic can cause issues.
* Use const for env var
* Minor updates
* Remove unnecessary check
* Fix SSH output and some tests
* Fix tests
* Make race detector not run on generate root since it kills Travis these days
* Update docs
* Update docs
* Address review feedback
* Handle --format as well as -format
