Sync over some stuff

api/sys_health.go

@@ -11,6 +11,7 @@ func (c *Sys) Health() (*HealthResponse, error) {
 	r.Params.Add("sealedcode", "299")
 	r.Params.Add("standbycode", "299")
 	r.Params.Add("drsecondarycode", "299")
+	r.Params.Add("performancestandbycode", "299")
 
 	ctx, cancelFunc := context.WithCancel(context.Background())
 	defer cancelFunc()

command/namespace_create.go

@@ -25,7 +25,7 @@ func (c *NamespaceCreateCommand) Help() string {
 Usage: vault namespace create [options] PATH
 
   Create a child namespace. The namespace created will be relative to the
-  namespace provided in either VAULT_NAMESPACE environemnt variable or
+  namespace provided in either the VAULT_NAMESPACE environment variable or
   -namespace CLI flag.
 
   Create a child namespace (e.g. ns1/):

command/namespace_delete.go

@@ -25,7 +25,7 @@ func (c *NamespaceDeleteCommand) Help() string {
 Usage: vault namespace delete [options] PATH
 
   Delete an existing namespace. The namespace deleted will be relative to the
-  namespace provided in either VAULT_NAMESPACE environemnt variable or
+  namespace provided in either the VAULT_NAMESPACE environment variable or
   -namespace CLI flag.
 
   Delete a namespace (e.g. ns1/):

command/namespace_lookup.go

@@ -24,7 +24,7 @@ func (c *NamespaceLookupCommand) Help() string {
 Usage: vault namespace create [options] PATH
 
   Create a child namespace. The namespace created will be relative to the
-  namespace provided in either VAULT_NAMESPACE environemnt variable or
+  namespace provided in either the VAULT_NAMESPACE environment variable or
   -namespace CLI flag.
 
   Get information about the namespace of the locally authenticated token:

command/server/config.go

@@ -62,6 +62,9 @@ type Config struct {
 	DisableClustering    bool        `hcl:"-"`
 	DisableClusteringRaw interface{} `hcl:"disable_clustering"`
 
+	DisablePerformanceStandby    bool        `hcl:"-"`
+	DisablePerformanceStandbyRaw interface{} `hcl:"disable_performance_standby"`
+
 	DisableSealWrap    bool        `hcl:"-"`
 	DisableSealWrapRaw interface{} `hcl:"disable_sealwrap"`
 }
@@ -326,6 +329,11 @@ func (c *Config) Merge(c2 *Config) *Config {
 		result.PidFile = c2.PidFile
 	}
 
+	result.DisablePerformanceStandby = c.DisablePerformanceStandby
+	if c2.DisablePerformanceStandby {
+		result.DisablePerformanceStandby = c2.DisablePerformanceStandby
+	}
+
 	result.DisableSealWrap = c.DisableSealWrap
 	if c2.DisableSealWrap {
 		result.DisableSealWrap = c2.DisableSealWrap
@@ -424,6 +432,12 @@ func ParseConfig(d string, logger log.Logger) (*Config, error) {
 		}
 	}
 
+	if result.DisablePerformanceStandbyRaw != nil {
+		if result.DisablePerformanceStandby, err = parseutil.ParseBool(result.DisablePerformanceStandbyRaw); err != nil {
+			return nil, err
+		}
+	}
+
 	if result.DisableSealWrapRaw != nil {
 		if result.DisableSealWrap, err = parseutil.ParseBool(result.DisableSealWrapRaw); err != nil {
 			return nil, err

command/server/config_test.go

@@ -67,6 +67,9 @@ func TestLoadConfigFile(t *testing.T) {
 		EnableRawEndpoint:    true,
 		EnableRawEndpointRaw: true,
 
+		DisableSealWrap:    true,
+		DisableSealWrapRaw: true,
+
 		MaxLeaseTTL:        10 * time.Hour,
 		MaxLeaseTTLRaw:     "10h",
 		DefaultLeaseTTL:    10 * time.Hour,
@@ -135,6 +138,9 @@ func TestLoadConfigFile_topLevel(t *testing.T) {
 		EnableRawEndpoint:    true,
 		EnableRawEndpointRaw: true,
 
+		DisableSealWrap:    true,
+		DisableSealWrapRaw: true,
+
 		MaxLeaseTTL:        10 * time.Hour,
 		MaxLeaseTTLRaw:     "10h",
 		DefaultLeaseTTL:    10 * time.Hour,
@@ -210,6 +216,8 @@ func TestLoadConfigFile_json(t *testing.T) {
 		PidFile:              "./pidfile",
 		EnableRawEndpoint:    true,
 		EnableRawEndpointRaw: true,
+		DisableSealWrap:      true,
+		DisableSealWrapRaw:   true,
 	}
 	if !reflect.DeepEqual(config, expected) {
 		t.Fatalf("expected \n\n%#v\n\n to be \n\n%#v\n\n", config, expected)
@@ -261,6 +269,8 @@ func TestLoadConfigFile_json2(t *testing.T) {
 
 		EnableRawEndpoint: true,
 
+		DisableSealWrap: true,
+
 		Telemetry: &Telemetry{
 			StatsiteAddr:                       "foo",
 			StatsdAddr:                         "bar",

command/server/test-fixtures/config.hcl

@@ -30,4 +30,5 @@ default_lease_ttl = "10h"
 cluster_name = "testcluster"
 pid_file = "./pidfile"
 raw_storage_endpoint = true
+disable_sealwrap = true
 disable_printable_check = true

command/server/test-fixtures/config.hcl.json

@@ -19,5 +19,6 @@
 	"cluster_name":"testcluster",
 	"ui":true,
 	"pid_file":"./pidfile",
-	"raw_storage_endpoint":true
+	"raw_storage_endpoint":true,
+	"disable_sealwrap":true
 }

command/server/test-fixtures/config2.hcl

@@ -33,3 +33,4 @@ default_lease_ttl = "10h"
 cluster_name = "testcluster"
 pid_file = "./pidfile"
 raw_storage_endpoint = true
+disable_sealwrap = true

command/server/test-fixtures/config2.hcl.json

@@ -1,6 +1,7 @@
 {
   "ui":true,
   "raw_storage_endpoint":true,
+  "disable_sealwrap":true,
   "listener":[
     {
       "tcp":{

command/server_test.go

@@ -1,4 +1,8 @@
-// +build !race
+// +build !race,!hsm
+
+// NOTE: we can't use this with HSM. We can't set testing mode on and it's not
+// safe to use env vars since that provides an attack vector in the real world.
+//
 // The server tests have a go-metrics/exp manager race condition :(.
 
 package command

helper/consts/replication.go

@@ -1,7 +1,11 @@
 package consts
 
+import "time"
+
 type ReplicationState uint32
 
+var ReplicationStaleReadTimeout = 2 * time.Second
+
 const (
 	_ ReplicationState = iota
 	OldReplicationPrimary
@@ -21,6 +25,7 @@ const (
 	ReplicationDRBootstrapping
 	ReplicationPerformanceDisabled
 	ReplicationDRDisabled
+	ReplicationPerformanceStandby
 )
 
 func (r ReplicationState) string() string {