* VAULT-19278 First draft of static secret caching docs
* VAULT-19278 Add warning to Agent docs, fix capitalization
* VAULT-19278 typos/formatting
* VAULT-19278 changelog
* VAULT-19278 update based on PR feedback
* VAULT-19278 review feedback
* VAULT-19278 Update based on review
* VAULT-19278 update based on PR feedback
* VAULT-19278 incorporate a lot of PR feedback
* VAULT-19278 Rest of the suggestions
* VAULT-19278 I missed a suggestion
* VAULT-19278 More updates
* VAULT-19278 add docs for disable dynamic secret caching
* VAULT-19278 update changelog
* VAULT-19278 update based on comments
* add vault operator inspect command
* tidy
* add tests
* add changelog
* Update command/operator_raft_snapshot_inspect.go
Co-authored-by: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com>
* Update command/operator_raft_snapshot_inspect.go
Co-authored-by: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com>
* Update command/operator_raft_snapshot_inspect.go
Co-authored-by: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com>
* Update command/operator_raft_snapshot_inspect.go
Co-authored-by: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com>
* Update command/operator_raft_snapshot_inspect.go
Co-authored-by: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com>
* remove test.snapshot file and create snapshot during test
* fix help text and add custom format flag
* Update changelog/23457.txt
Co-authored-by: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com>
* add check that kvdepth is not less than zero
* remove kvprefix from flag names
* set details flag to default to true
* remove total size, we don't use it
* fix test that referenced old flag names
* add size calculations
* return all keys if depth set to 0
* Update command/operator_raft_snapshot_inspect.go
Co-authored-by: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com>
* Update command/operator_raft_snapshot_inspect.go
Co-authored-by: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com>
* Update command/operator_raft_snapshot_inspect.go
* revert go.mod
* update comment on temp file
* update comment on closing writer
* remove temporary file, and process state.bin in memory
* return metadata like info
* remove unnused function
* remove ReadSnapshot func, and unnecessary goroutine
* remove handler, and zero values
* move defer, and return error instead of logging
* add subcommand doc
* remove -format flag
* remove comments
* change copy to copyN
* remove formatters
* remove formatters
* remove duplicate check
* fix error checks
* remove unused consts
---------
Co-authored-by: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com>
Test HA seal migration in the `seal_ha` by removing the primary seal,
ensuring seal rewrap has completed, and verifying that data written
through the primary seal is available in the new primary seal.
We also add a verification for the seal type at various stages of the scenario.
* Allow configuring the seal alias and priority in the `start_vault`
module.
* Add seal migration to `seal_ha` scenario.
* Verify the data written through the original primary seal after the
seal migration.
* [QT-629] Verify the seal type at various stages in `seal_ha`.
Signed-off-by: Ryan Cragun <me@ryan.ec>
* Fix for undelete for mount paths
* Pulled in a fix from kv_delete.go that adds partialPath to
the mountPath to support paths that are multiple levels deep.
* Added undelete tests to validate that KV secrets can be successfully
undeleted when mounted at a multi-level mount path.
* Added changelog txt file
* Update changelog to specify KV impact
---------
Co-authored-by: Violet Hynes <violet.hynes@hashicorp.com>
* server: fix bug where deadlock detection was on for expiration and quotas
* trim spaces
* Add tests
* Use trimspace and lower
* Update test
* changelog
* fix config parsing
* Revert "attempts to fix flaky namespace test (#23867)"
This reverts commit 0e36973825.
* skips flaky namespace test
* fixes typo in comment
* adds comment as to why test is being skipped
Add support for testing Vault Enterprise with HA seal support by adding
a new `seal_ha` scenario that configures more than one seal type for a
Vault cluster. We also extend existing scenarios to support testing
with or without the Seal HA code path enabled.
* Extract starting vault into a separate enos module to allow for better
handling of complex clusters that need to be started more than once.
* Extract seal key creation into a separate module and provide it to
target modules. This allows us to create more than one seal key and
associate it with instances. This also allows us to forego creating
keys when using shamir seals.
* [QT-615] Add support for configuring more that one seal type to
`vault_cluster` module.
* [QT-616] Add `seal_ha` scenario
* [QT-625] Add `seal_ha_beta` variant to existing scenarios to test with
both code paths.
* Unpin action-setup-terraform
* Add `kms:TagResource` to service user IAM profile
Signed-off-by: Ryan Cragun <me@ryan.ec>
* add sys/internal/ui/version path
* add read capability for sys/internal/ui/version in default policy
* add changelog file
* doc: add api-docs page for sys/internal/ui/version
* add godoc for pathInternalUIVersion function
* add tests for functions in version package
* remove unreachable code
* use closure to restore version at end of test function
* use an example version in sample response
* Update website/content/api-docs/system/internal-ui-version.mdx
Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com>
* Apply suggestions from code review
Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com>
* Update website/content/api-docs/system/internal-ui-version.mdx
Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com>
* add copyright header to version_test.go
---------
Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com>
