diff --git a/CHANGELOG.md b/CHANGELOG.md index cb0f56faf2..758f0cbfed 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -411,7 +411,7 @@ IMPROVEMENTS: provides a concatenated PEM bundle of returned values [GH-1008] * logical/pki: Add 30 seconds of slack to the validity start period to accommodate some clock skew in machines [GH-1036] - * logical/postgres: Add `max_idle_connections` paramter [GH-950] + * logical/postgres: Add `max_idle_connections` parameter [GH-950] * logical/postgres: Add list support for roles path * logical/ssh: Add list support for roles path [GH-983] * logical/transit: Keys are archived and only keys between the latest version @@ -644,7 +644,7 @@ ahead of time on the "vault-tool" mailing list. already switched to using "ttl" and others will follow in upcoming releases. In particular, the "token", "generic", and "pki" backends accept both "ttl" and "lease" but in 0.4 only "ttl" will be accepted. [GH-528] - * **Downgrade Not Supported**: Due to enhancements in the storage subsytem, + * **Downgrade Not Supported**: Due to enhancements in the storage subsystem, values written by Vault 0.3+ will not be able to be read by prior versions of Vault. There are no expected upgrade issues, however, as with all critical infrastructure it is recommended to back up Vault's physical @@ -887,7 +887,7 @@ IMPROVEMENTS: * core: Very verbose error if mlock fails [GH-59] * command/*: On error with TLS oversized record, show more human-friendly error message. [GH-123] - * command/read: `lease_renewable` is now outputed along with the secret to + * command/read: `lease_renewable` is now outputted along with the secret to show whether it is renewable or not * command/server: Add configuration option to disable mlock * command/server: Disable mlock for dev mode so it works on more systems diff --git a/audit/audit.go b/audit/audit.go index ddcf6426bd..3f1d5edfc5 100644 --- a/audit/audit.go +++ b/audit/audit.go @@ -10,13 +10,13 @@ import ( // sink information to different backends such as logs, file, databases, // or other external services. type Backend interface { - // LogRequest is used to syncronously log a request. This is done after the + // LogRequest is used to synchronously log a request. This is done after the // request is authorized but before the request is executed. The arguments // MUST not be modified in anyway. They should be deep copied if this is // a possibility. LogRequest(*logical.Auth, *logical.Request, error) error - // LogResponse is used to syncronously log a response. This is done after + // LogResponse is used to synchronously log a response. This is done after // the request is processed but before the response is sent. The arguments // MUST not be modified in anyway. They should be deep copied if this is // a possibility. diff --git a/builtin/credential/userpass/path_users.go b/builtin/credential/userpass/path_users.go index a67f25b6ae..8b6e9a535e 100644 --- a/builtin/credential/userpass/path_users.go +++ b/builtin/credential/userpass/path_users.go @@ -195,7 +195,7 @@ func (b *backend) pathUserWrite( type UserEntry struct { // Password is deprecated in Vault 0.2 in favor of - // PasswordHash, but is retained for backwards compatibilty. + // PasswordHash, but is retained for backwards compatibility. Password string // PasswordHash is a bcrypt hash of the password. This is diff --git a/builtin/logical/ssh/communicator.go b/builtin/logical/ssh/communicator.go index 7ec113519b..43dbb13458 100644 --- a/builtin/logical/ssh/communicator.go +++ b/builtin/logical/ssh/communicator.go @@ -72,7 +72,7 @@ func (c *comm) Upload(path string, input io.Reader, fi *os.FileInfo) error { target_dir := filepath.Dir(path) target_file := filepath.Base(path) - // On windows, filepath.Dir uses backslash seperators (ie. "\tmp"). + // On windows, filepath.Dir uses backslash separators (ie. "\tmp"). // This does not work when the target host is unix. Switch to forward slash // which works for unix and windows target_dir = filepath.ToSlash(target_dir) diff --git a/command/ssh.go b/command/ssh.go index 7dbf999c04..696b41298c 100644 --- a/command/ssh.go +++ b/command/ssh.go @@ -83,7 +83,7 @@ func (c *SSHCommand) Run(args []string) int { } // Resolving domain names to IP address on the client side. - // Vault only deals with IP addressess. + // Vault only deals with IP addresses. ip, err := net.ResolveIPAddr("ip", ipAddr) if err != nil { c.Ui.Error(fmt.Sprintf("Error resolving IP Address: %s", err)) @@ -187,7 +187,7 @@ func (c *SSHCommand) Run(args []string) int { // If the session established was longer than the lease expiry, the secret // might have been revoked already. If not, then revoke it. Since the key // file is deleted and since user doesn't know the credential anymore, there - // is not point in Vault maintaining this secret anymore. Everytime the command + // is not point in Vault maintaining this secret anymore. Every time the command // is run, a fresh credential is generated anyways. err = client.Sys().Revoke(keySecret.LeaseID) if err != nil { diff --git a/helper/kdf/kdf.go b/helper/kdf/kdf.go index 20fd03105e..50090749fd 100644 --- a/helper/kdf/kdf.go +++ b/helper/kdf/kdf.go @@ -11,7 +11,7 @@ import ( "fmt" ) -// PRF is a psuedo-random function that takes a key or seed, +// PRF is a pseudo-random function that takes a key or seed, // as well as additional binary data and generates output that is // indistinguishable from random. Examples are cryptographic hash // functions or block ciphers. @@ -19,7 +19,7 @@ type PRF func([]byte, []byte) ([]byte, error) // CounterMode implements the counter mode KDF that uses a psuedo-random-function (PRF) // along with a counter to generate derived keys. The KDF takes a base key -// a derivation context, and the requried number of output bits. +// a derivation context, and the required number of output bits. func CounterMode(prf PRF, prfLen uint32, key []byte, context []byte, bits uint32) ([]byte, error) { // Ensure the PRF is byte aligned if prfLen%8 != 0 { diff --git a/logical/framework/path.go b/logical/framework/path.go index fb427ce51c..717afab954 100644 --- a/logical/framework/path.go +++ b/logical/framework/path.go @@ -46,7 +46,7 @@ type Path struct { // priority. // // Note that only named capture fields are available in every operation, - // whereas all fields are avaiable in the Write operation. + // whereas all fields are available in the Write operation. Fields map[string]*FieldSchema // Callbacks are the set of callbacks that are called for a given diff --git a/logical/framework/wal.go b/logical/framework/wal.go index 00734c6944..6e6b234bce 100644 --- a/logical/framework/wal.go +++ b/logical/framework/wal.go @@ -76,7 +76,7 @@ func GetWAL(s logical.Storage, id string) (*WALEntry, error) { return &raw, nil } -// DeleteWAL commits the WAL entry with the given ID. Once comitted, +// DeleteWAL commits the WAL entry with the given ID. Once committed, // it is assumed that the operation was a success and doesn't need to // be rolled back. func DeleteWAL(s logical.Storage, id string) error { diff --git a/logical/testing/testing.go b/logical/testing/testing.go index b54d6eb588..6b2ef36675 100644 --- a/logical/testing/testing.go +++ b/logical/testing/testing.go @@ -71,7 +71,7 @@ type TestStep struct { Check TestCheckFunc // PreFlight is called directly before execution of the request, allowing - // modification of the request paramters (e.g. Path) with dynamic values. + // modification of the request parameters (e.g. Path) with dynamic values. PreFlight PreFlightFunc // ErrorOk, if true, will let erroneous responses through to the check diff --git a/meta/meta.go b/meta/meta.go index 8627919046..c3f78294bc 100644 --- a/meta/meta.go +++ b/meta/meta.go @@ -165,7 +165,7 @@ func (m *Meta) FlagSet(n string, fs FlagSetFlags) *flag.FlagSet { return f } -// GeneralOptionsUsage returns the usage documenation for commonly +// GeneralOptionsUsage returns the usage documentation for commonly // available options func GeneralOptionsUsage() string { general := ` diff --git a/physical/dynamodb.go b/physical/dynamodb.go index 9b6a28bdcb..685b23dcb3 100644 --- a/physical/dynamodb.go +++ b/physical/dynamodb.go @@ -25,17 +25,17 @@ import ( const ( // DefaultDynamoDBRegion is used when no region is configured - // explicitely. + // explicitly. DefaultDynamoDBRegion = "us-east-1" // DefaultDynamoDBTableName is used when no table name - // is configured explicitely. + // is configured explicitly. DefaultDynamoDBTableName = "vault-dynamodb-backend" // DefaultDynamoDBReadCapacity is the default read capacity - // that is used when none is configured explicitely. + // that is used when none is configured explicitly. DefaultDynamoDBReadCapacity = 5 // DefaultDynamoDBWriteCapacity is the default write capacity - // that is used when none is configured explicitely. + // that is used when none is configured explicitly. DefaultDynamoDBWriteCapacity = 5 // DynamoDBEmptyPath is the string that is used instead of diff --git a/physical/etcd.go b/physical/etcd.go index 310877c4ed..4bb368aac8 100644 --- a/physical/etcd.go +++ b/physical/etcd.go @@ -37,7 +37,7 @@ const ( // The amount of time to wait between the semaphore key renewals EtcdLockRenewInterval = 5 * time.Second - // The ammount of time to wait if a watch fails before trying again. + // The amount of time to wait if a watch fails before trying again. EtcdWatchRetryInterval = time.Second // The number of times to re-try a failed watch before signaling that leadership is lost. @@ -316,7 +316,7 @@ type EtcdLock struct { lock sync.Mutex } -// addSemaphoreKey aquires a new ordered semaphore key. +// addSemaphoreKey acquires a new ordered semaphore key. func (c *EtcdLock) addSemaphoreKey() (string, uint64, error) { // CreateInOrder is an atomic operation that can be used to enqueue a // request onto a semaphore. In the rest of the comments, we refer to the @@ -345,7 +345,7 @@ func (c *EtcdLock) renewSemaphoreKey() (string, uint64, error) { return response.Node.Key, response.Index, nil } -// getSemaphoreKey determines which semaphore key holder has aquired the lock +// getSemaphoreKey determines which semaphore key holder has acquired the lock // and its value. func (c *EtcdLock) getSemaphoreKey() (string, string, uint64, error) { // Get the list of waiters in order to see if we are next. @@ -465,9 +465,9 @@ func (c *EtcdLock) watchForKeyRemoval(key string, etcdIndex uint64, closeCh chan close(closeCh) } -// Lock attempts to aquire the lock by waiting for a new semaphore key in etcd +// Lock attempts to acquire the lock by waiting for a new semaphore key in etcd // to become the first in the queue and will block until it is successful or -// it recieves a signal on the provided channel. The returned channel will be +// it receives a signal on the provided channel. The returned channel will be // closed when the lock is lost, either by an explicit call to Unlock or by // the associated semaphore key in etcd otherwise being deleted or expiring. // @@ -526,7 +526,7 @@ func (c *EtcdLock) Lock(stopCh <-chan struct{}) (doneCh <-chan struct{}, retErr // If the error is not an etcd error, we can assume it's a notification // of the stop channel having closed. In this scenario, we also want to - // remove our semaphore key as we are no longer waiting to aquire the + // remove our semaphore key as we are no longer waiting to acquire the // lock. if _, ok := err.(*client.Error); !ok { delOpts := &client.DeleteOptions{ diff --git a/physical/physical.go b/physical/physical.go index 51b331685b..bdd53c2069 100644 --- a/physical/physical.go +++ b/physical/physical.go @@ -31,7 +31,7 @@ type Backend interface { List(prefix string) ([]string, error) } -// HABackend is an extentions to the standard physical +// HABackend is an extensions to the standard physical // backend to support high-availability. Vault only expects to // use mutual exclusion to allow multiple instances to act as a // hot standby for a leader that services all requests. diff --git a/vault/acl.go b/vault/acl.go index ead38089d4..badf3f4bc6 100644 --- a/vault/acl.go +++ b/vault/acl.go @@ -168,7 +168,7 @@ CHECK: case logical.CreateOperation: allowed = capabilities&CreateCapabilityInt > 0 - // These three re-use UpdateCapabilityInt since that's the most appropraite capability/operation mapping + // These three re-use UpdateCapabilityInt since that's the most appropriate capability/operation mapping case logical.RevokeOperation, logical.RenewOperation, logical.RollbackOperation: allowed = capabilities&UpdateCapabilityInt > 0 diff --git a/vault/barrier_aes_gcm.go b/vault/barrier_aes_gcm.go index 45995ac81c..94fd3a401d 100644 --- a/vault/barrier_aes_gcm.go +++ b/vault/barrier_aes_gcm.go @@ -281,7 +281,7 @@ func (b *AESGCMBarrier) ReloadMasterKey() error { return fmt.Errorf("failed to read master key path: %v", err) } - // The masterKeyPath could be missing (backwards incompatable), + // The masterKeyPath could be missing (backwards incompatible), // we can ignore this and attempt to make progress with the current // master key. if out == nil { @@ -377,7 +377,7 @@ func (b *AESGCMBarrier) Unseal(key []byte) error { return fmt.Errorf("failed to unmarshal barrier init file") } - // Setup a new keyring, this is for backwards compatability + // Setup a new keyring, this is for backwards compatibility keyring := NewKeyring() keyring = keyring.SetMasterKey(key) keyring, err = keyring.AddKey(&Key{ diff --git a/vault/init.go b/vault/init.go index df8089b65a..1494f2a148 100644 --- a/vault/init.go +++ b/vault/init.go @@ -89,14 +89,14 @@ func (c *Core) Initialize(barrierConfig, recoveryConfig *SealConfig) (*InitResul return nil, fmt.Errorf("recovery configuration must specify a positive number of shares") } - // Check if the seal configuraiton is valid + // Check if the seal configuration is valid if err := recoveryConfig.Validate(); err != nil { c.logger.Printf("[ERR] core: invalid recovery configuration: %v", err) return nil, fmt.Errorf("invalid recovery configuration: %v", err) } } - // Check if the seal configuraiton is valid + // Check if the seal configuration is valid if err := barrierConfig.Validate(); err != nil { c.logger.Printf("[ERR] core: invalid seal configuration: %v", err) return nil, fmt.Errorf("invalid seal configuration: %v", err) diff --git a/vault/rekey.go b/vault/rekey.go index e8eca53f05..86ee78ba1d 100644 --- a/vault/rekey.go +++ b/vault/rekey.go @@ -136,7 +136,7 @@ func (c *Core) BarrierRekeyInit(config *SealConfig) error { } } - // Check if the seal configuraiton is valid + // Check if the seal configuration is valid if err := config.Validate(); err != nil { c.logger.Printf("[ERR] core: invalid rekey seal configuration: %v", err) return fmt.Errorf("invalid rekey seal configuration: %v", err) @@ -181,7 +181,7 @@ func (c *Core) RecoveryRekeyInit(config *SealConfig) error { return fmt.Errorf("stored shares not supported by recovery key") } - // Check if the seal configuraiton is valid + // Check if the seal configuration is valid if err := config.Validate(); err != nil { c.logger.Printf("[ERR] core: invalid recovery configuration: %v", err) return fmt.Errorf("invalid recovery configuration: %v", err) diff --git a/vault/router.go b/vault/router.go index 3b6ca39b1e..64f63bc3fd 100644 --- a/vault/router.go +++ b/vault/router.go @@ -37,7 +37,7 @@ type routeEntry struct { loginPaths *radix.Tree } -// SaltID is used to apply a salt and hash to an ID to make sure its not reversable +// SaltID is used to apply a salt and hash to an ID to make sure its not reversible func (re *routeEntry) SaltID(id string) string { return salt.SaltID(re.mountEntry.UUID, id, salt.SHA1Hash) } diff --git a/vault/token_store.go b/vault/token_store.go index 48791d274e..6a5f951ad3 100644 --- a/vault/token_store.go +++ b/vault/token_store.go @@ -446,7 +446,7 @@ func (ts *TokenStore) SetExpirationManager(exp *ExpirationManager) { ts.expiration = exp } -// SaltID is used to apply a salt and hash to an ID to make sure its not reversable +// SaltID is used to apply a salt and hash to an ID to make sure its not reversible func (ts *TokenStore) SaltID(id string) string { return ts.salt.SaltID(id) } diff --git a/website/source/assets/javascripts/demo/views/demo.js b/website/source/assets/javascripts/demo/views/demo.js index da010e0b5c..6d25a6d59a 100644 --- a/website/source/assets/javascripts/demo/views/demo.js +++ b/website/source/assets/javascripts/demo/views/demo.js @@ -11,7 +11,7 @@ Demo.DemoView = Ember.View.extend({ var element = this.$(); - // Record scoll position + // Record scroll position var x = element.scrollX, y = element.scrollY; // Focus element.find('input.shell')[0].focus(); diff --git a/website/source/docs/internals/rotation.html.md b/website/source/docs/internals/rotation.html.md index 953ccd0448..aeaf8f7e8d 100644 --- a/website/source/docs/internals/rotation.html.md +++ b/website/source/docs/internals/rotation.html.md @@ -22,7 +22,7 @@ data written to the storage backend. ![Keys](/assets/images/keys.png) To support key rotation, we need to support changing the unseal keys, master key, and the -backend encryption key. We split this into two seperate operations, `rekey` and `rotate`. +backend encryption key. We split this into two separate operations, `rekey` and `rotate`. The `rekey` operation is used to generate a new master key. When this is being done, it is possible to change the parameters of the key splitting, so that the number of shares diff --git a/website/source/docs/secrets/ssh/index.html.md b/website/source/docs/secrets/ssh/index.html.md index 4f5d386493..df47cec3ea 100644 --- a/website/source/docs/secrets/ssh/index.html.md +++ b/website/source/docs/secrets/ssh/index.html.md @@ -105,7 +105,7 @@ username@ip:~$ ### Automate it! A single CLI command can be used to create a new OTP and invoke SSH with the -correct paramters to connect to the host. +correct parameters to connect to the host. ```text $ vault ssh -role otp_key_role username@x.x.x.x