* api/seal-status: fix deadlock when namespace is set on seal-status calls (#23861)
* api/seal-status: fix deadlock when namespace is set on seal-status calls
* changelog
* oops
* Fix seal type
---------
Co-authored-by: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com>
* implement user lockout logger
* formatting
* make user lockout log interval configurable
* create func to get locked user count, and fix potential deadlock
* fix test
* fix test
* add changelog
Co-authored-by: davidadeleon <56207066+davidadeleon@users.noreply.github.com>
* fix panic: Fail in goroutine after TestProxy_Config_ReloadTls has completed
* fix proxy test
* feedback
* track the command output code and stdout/err
* Add config value that gives users options to skip calculating role for each lease (#22651)
* Add config value that gives users options to skip calculating role for each lease
* add changelog
* change name
* add config for testing
* Update changelog/22651.txt
Co-authored-by: Violet Hynes <violet.hynes@hashicorp.com>
* update tests, docs and reorder logic in conditional
* fix comment
* update comment
* fix comment again
* Update comments and change if order
* change comment again
* add other comment
* fix tests
* add documentation
* edit docs
* Update http/util.go
Co-authored-by: Mike Palmiotto <mike.palmiotto@hashicorp.com>
* Update vault/core.go
* Update vault/core.go
* update var name
* udpate docs
* Update vault/request_handling.go
Co-authored-by: Mike Palmiotto <mike.palmiotto@hashicorp.com>
* 1 more docs change
---------
Co-authored-by: Violet Hynes <violet.hynes@hashicorp.com>
Co-authored-by: Mike Palmiotto <mike.palmiotto@hashicorp.com>
* remove wrong part of cherry-pick
---------
Co-authored-by: Ellie <ellie.sterner@hashicorp.com>
Co-authored-by: Violet Hynes <violet.hynes@hashicorp.com>
Co-authored-by: Mike Palmiotto <mike.palmiotto@hashicorp.com>
* backport all gha migration changes to release/1.13.x
* remove the .circleci directory
* remove references to circleci configuration from pre-commit hook
* remove reference to .circleci in Makefile
* port change to how gofumpt is executed in Makefile
* add gotestsum to tools/tools.go
* remove postgresql/scram package from generate-test-package-lists.sh since it didn't exist in release 1.13 or earlier
* blank out environment variables to allow test to properly function
* use go:embed to load files into test
---------
Co-authored-by: Kuba Wieczorek <kuba.wieczorek@hashicorp.com>
* Rename files to match test suite and existing pattern
* Factor out issuer loading into a dedicated function
- Add a little more checks/validation when loading the a PKI issuer
- Factor out the issuer loading into a dedicated function
- Leverage existing health check code to parse issuer certificates
* Read parent issuer once instead of reloading it for every child
- Read in our parent issuer once instead of running it for every child
we want to compare against
- Provides clearer error message that we have failed reading from which
path to the end user
* PR Feedback
- Rename a variable for clarity
- Use readIssuer in the validation of the parent issuer within
pkiIssuer
- Add some missing return 1 statements in error handlers that had been
missed
Co-authored-by: Steven Clark <steven.clark@hashicorp.com>
Also updates the event receieved to include a timestamp.
Websockets support both JSON and protobuf binary formats.
This can be used by either `wscat` or the new
`vault events subscribe`:
e.g.,
```sh
$ wscat -H "X-Vault-Token: $(vault print token)" --connect ws://127.0.0.1:8200/v1/sys/events/subscribe/abc?json=true
{"event":{"id":"5c5c8c83-bf43-7da5-fe88-fc3cac814b2e", "note":"testing"}, "eventType":"abc", "timestamp":"2023-02-07T18:40:50.598408Z"}
...
```
and
```sh
$ vault events subscribe abc
{"event":{"id":"5c5c8c83-bf43-7da5-fe88-fc3cac814b2e", "note":"testing"}, "eventType":"abc", "timestamp":"2023-02-07T18:40:50.598408Z"}
...
```
Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com>
- Match the existing vault kv capitalization scheme for Synopsis help of each sub-command.
- A few small tweaks as well to the messages text in a few cases
* Revert "Don't execute the seal recovery tests on ENT. (#18841)"
This reverts commit 990d3bacc2.
* Revert "Add the ability to unseal using recovery keys via an explicit seal option. (#18683)"
This reverts commit 2ffe49aab0.
