Do not blindly store computed seal configuration information during unsealing. Instead, read any
configuration already stored and determine whether the computed configuration during startup is
newer (has a newer generation number), whether the in-memory re-wrapped status needs to be
updated (if the generation numbers match), or whether the in-memory seal configuration is
outdated (the stored seal generation is newer).
* remove partial references from release-notes that link to upgrade guides, and change link in partial to anchor
* Clarify leak is memory consumption
There is no leak of information.
* update references in table
* update table to include range for affected versions
---------
Co-authored-by: Meggie Ladlow <meggie@hashicorp.com>
* update known issue
* update known issue partial
* fix links
* Update website/content/partials/known-issues/ephemeral-loggers-memory-leak.mdx
Co-authored-by: Mike Palmiotto <mike.palmiotto@hashicorp.com>
* standardize on sub-loggers
* update known issue
* update versions
* update messaging to include reference to previous known issue
---------
Co-authored-by: Mike Palmiotto <mike.palmiotto@hashicorp.com>
* VAULT-19278 First draft of static secret caching docs
* VAULT-19278 Add warning to Agent docs, fix capitalization
* VAULT-19278 typos/formatting
* VAULT-19278 changelog
* VAULT-19278 update based on PR feedback
* VAULT-19278 review feedback
* VAULT-19278 Update based on review
* VAULT-19278 update based on PR feedback
* VAULT-19278 incorporate a lot of PR feedback
* VAULT-19278 Rest of the suggestions
* VAULT-19278 I missed a suggestion
* VAULT-19278 More updates
* VAULT-19278 add docs for disable dynamic secret caching
* VAULT-19278 update changelog
* VAULT-19278 update based on comments
* add vault operator inspect command
* tidy
* add tests
* add changelog
* Update command/operator_raft_snapshot_inspect.go
Co-authored-by: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com>
* Update command/operator_raft_snapshot_inspect.go
Co-authored-by: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com>
* Update command/operator_raft_snapshot_inspect.go
Co-authored-by: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com>
* Update command/operator_raft_snapshot_inspect.go
Co-authored-by: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com>
* Update command/operator_raft_snapshot_inspect.go
Co-authored-by: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com>
* remove test.snapshot file and create snapshot during test
* fix help text and add custom format flag
* Update changelog/23457.txt
Co-authored-by: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com>
* add check that kvdepth is not less than zero
* remove kvprefix from flag names
* set details flag to default to true
* remove total size, we don't use it
* fix test that referenced old flag names
* add size calculations
* return all keys if depth set to 0
* Update command/operator_raft_snapshot_inspect.go
Co-authored-by: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com>
* Update command/operator_raft_snapshot_inspect.go
Co-authored-by: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com>
* Update command/operator_raft_snapshot_inspect.go
* revert go.mod
* update comment on temp file
* update comment on closing writer
* remove temporary file, and process state.bin in memory
* return metadata like info
* remove unnused function
* remove ReadSnapshot func, and unnecessary goroutine
* remove handler, and zero values
* move defer, and return error instead of logging
* add subcommand doc
* remove -format flag
* remove comments
* change copy to copyN
* remove formatters
* remove formatters
* remove duplicate check
* fix error checks
* remove unused consts
---------
Co-authored-by: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com>
Test HA seal migration in the `seal_ha` by removing the primary seal,
ensuring seal rewrap has completed, and verifying that data written
through the primary seal is available in the new primary seal.
We also add a verification for the seal type at various stages of the scenario.
* Allow configuring the seal alias and priority in the `start_vault`
module.
* Add seal migration to `seal_ha` scenario.
* Verify the data written through the original primary seal after the
seal migration.
* [QT-629] Verify the seal type at various stages in `seal_ha`.
Signed-off-by: Ryan Cragun <me@ryan.ec>
