* Add Nomad RA
* Add deployment guide and nav
* Deployment Guide update
* Minor typo fixes
* Update diagrams
* Fixes for review
* Link fixes and typo fix
* Edits following review
- Update image text from "zone" to "datacenter" to match Nomad terminology
- Clean up text based on Preetha's feedback
* Text updates
Based on feedback from Rob
* Update diagrams
* fixing spelling
* Add suggestions from Preetha and Omar
WaitForResult expects body to fail and retries few times before giving
up. Assertions inside the testfn body causes it to terminate abruptly
without retrying.
`currentExpiration` field is accessed in multiple goroutines: Stats and
renewal, so needs locking.
I don't anticipate high contention, so simple mutex suffices.
this allows us to drop a cyclical import, but is subobptimal as it
requires BaseDriver tests to move. This falls firmly into the realm of
being a hack. Alternatives welcome.
This removes a cyclical dependency when importing client/structs from
dependencies of the plugin_loader, specifically, drivers. Due to
client/config also depending on the plugin_loader.
It also better reflects the ownership of fingerprint structs, as they
are fairly internal to the fingerprint manager.
The logging package is used by logmon and the legacy mock_driver. Because the
legacy drivers are going away, I'm moving it here to signify its actual
ownership.
As part of deprecating legacy drivers, we're moving the env package to a
new drivers/shared tree, as it is used by the modern docker and rkt
driver packages, and is useful for 3rd party plugins.
vault: protect against empty Vault secret response
Fixes#4921
Sadly, we don't have proper mechanism to mock Vault client, so not sure how to best test this.
I inspected the Vault client interactions, specially for cases where returned value is nil even if the error is also nil. I believe we covered all correctly now:
* [`v.client.Sys().InitStatus()`](f3853f11da/nomad/vault.go (L427)) - the value is non-nil boolean
* [`v.client.Sys().CapabilitiesSelf(path)`](f3853f11da/nomad/vault.go (L812)): Capabilities handles empty bodies in [`hasCapability`](f3853f11da/vendor/github.com/hashicorp/vault/api/sys_capabilities.go (L43-L45)) - also the `nil` array is handled with proper fail-safe default.
* [`v.client.Logical().Read(fmt.Sprintf("auth/token/roles/%s", role))`](f3853f11da/nomad/vault.go (L834-L840)) handles when `rsecret` is nil
Mahmood Ali