luxolus
/
open-vault
2
0
Fork 0
Code Issues 1 Pull Requests Releases Activity

Introduce Logical Unrecoverable Error, Use it in Expiration Manager (#11477) 

* build out zombie lease system

* add typo for CI

* undo test CI commit

* time equality test isn't working on CI, so let's see what this does...

* add unrecoverable proto error, make proto, go mod vendor

* zombify leases if unrecoverable error, tests

* test fix: somehow pointer in pointer rx is null after pointer rx called

* tweaks based on roy feedback

* improve zombie errors

* update which errors are unrecoverable

* combine zombie logic

* keep subset of zombie lease in memory
This commit is contained in:
swayne275 2021-05-03 17:56:06 -06:00 committed by GitHub
parent c57bdc9016
commit 335e4c3711
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
25 changed files with 369 additions and 200 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
helper/forwarding/types.pb.go
View File

@ -1,7 +1,7 @@
// Code generated by protoc-gen-go. DO NOT EDIT.
// versions:
// protoc-gen-go v1.23.0
// protoc v3.13.0
// protoc-gen-go v1.25.0
// protoc v3.15.8
// source: helper/forwarding/types.proto
package forwarding

4
helper/identity/mfa/types.pb.go
View File

@ -1,7 +1,7 @@
// Code generated by protoc-gen-go. DO NOT EDIT.
// versions:
// protoc-gen-go v1.23.0
// protoc v3.13.0
// protoc-gen-go v1.25.0
// protoc v3.15.8
// source: helper/identity/mfa/types.proto
package mfa

90
helper/identity/types.pb.go
View File

@ -1,17 +1,17 @@
// Code generated by protoc-gen-go. DO NOT EDIT.
// versions:
// protoc-gen-go v1.23.0
// protoc v3.13.0
// protoc-gen-go v1.25.0
// protoc v3.15.8
// source: helper/identity/types.proto
package identity
import (
proto "github.com/golang/protobuf/proto"
timestamp "github.com/golang/protobuf/ptypes/timestamp"
mfa "github.com/hashicorp/vault/helper/identity/mfa"
protoreflect "google.golang.org/protobuf/reflect/protoreflect"
protoimpl "google.golang.org/protobuf/runtime/protoimpl"
timestamppb "google.golang.org/protobuf/types/known/timestamppb"
reflect "reflect"
sync "sync"
)
@ -49,9 +49,9 @@ type Group struct {
// Metadata represents the custom data tied with this group
Metadata map[string]string `sentinel:"" protobuf:"bytes,6,rep,name=metadata,proto3" json:"metadata,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
// CreationTime is the time at which this group was created
CreationTime *timestamp.Timestamp `sentinel:"" protobuf:"bytes,7,opt,name=creation_time,json=creationTime,proto3" json:"creation_time,omitempty"`
CreationTime *timestamppb.Timestamp `sentinel:"" protobuf:"bytes,7,opt,name=creation_time,json=creationTime,proto3" json:"creation_time,omitempty"`
// LastUpdateTime is the time at which this group was last modified
LastUpdateTime *timestamp.Timestamp `sentinel:"" protobuf:"bytes,8,opt,name=last_update_time,json=lastUpdateTime,proto3" json:"last_update_time,omitempty"`
LastUpdateTime *timestamppb.Timestamp `sentinel:"" protobuf:"bytes,8,opt,name=last_update_time,json=lastUpdateTime,proto3" json:"last_update_time,omitempty"`
// ModifyIndex tracks the number of updates to the group. It is useful to detect
// updates to the groups.
ModifyIndex uint64 `sentinel:"" protobuf:"varint,9,opt,name=modify_index,json=modifyIndex,proto3" json:"modify_index,omitempty"`
@ -147,14 +147,14 @@ func (x *Group) GetMetadata() map[string]string {
return nil
}
func (x *Group) GetCreationTime() *timestamp.Timestamp {
func (x *Group) GetCreationTime() *timestamppb.Timestamp {
if x != nil {
return x.CreationTime
}
return nil
}
func (x *Group) GetLastUpdateTime() *timestamp.Timestamp {
func (x *Group) GetLastUpdateTime() *timestamppb.Timestamp {
if x != nil {
return x.LastUpdateTime
}
@ -223,11 +223,11 @@ type Entity struct {
// based on its metadata.
Metadata map[string]string `sentinel:"" protobuf:"bytes,4,rep,name=metadata,proto3" json:"metadata,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
// CreationTime is the time at which this entity is first created.
CreationTime *timestamp.Timestamp `sentinel:"" protobuf:"bytes,5,opt,name=creation_time,json=creationTime,proto3" json:"creation_time,omitempty"`
CreationTime *timestamppb.Timestamp `sentinel:"" protobuf:"bytes,5,opt,name=creation_time,json=creationTime,proto3" json:"creation_time,omitempty"`
// LastUpdateTime is the most recent time at which the properties of this
// entity got modified. This is helpful in filtering out entities based on
// its age and to take action on them, if desired.
LastUpdateTime *timestamp.Timestamp `sentinel:"" protobuf:"bytes,6,opt,name=last_update_time,json=lastUpdateTime,proto3" json:"last_update_time,omitempty"`
LastUpdateTime *timestamppb.Timestamp `sentinel:"" protobuf:"bytes,6,opt,name=last_update_time,json=lastUpdateTime,proto3" json:"last_update_time,omitempty"`
// MergedEntityIDs are the entities which got merged to this one. Entities
// will be indexed based on all the entities that got merged into it. This
// helps to apply the actions on this entity on the tokens that are merged
@ -311,14 +311,14 @@ func (x *Entity) GetMetadata() map[string]string {
return nil
}
func (x *Entity) GetCreationTime() *timestamp.Timestamp {
func (x *Entity) GetCreationTime() *timestamppb.Timestamp {
if x != nil {
return x.CreationTime
}
return nil
}
func (x *Entity) GetLastUpdateTime() *timestamp.Timestamp {
func (x *Entity) GetLastUpdateTime() *timestamppb.Timestamp {
if x != nil {
return x.LastUpdateTime
}
@ -400,11 +400,11 @@ type Alias struct {
// factor.
Name string `sentinel:"" protobuf:"bytes,7,opt,name=name,proto3" json:"name,omitempty"`
// CreationTime is the time at which this alias was first created
CreationTime *timestamp.Timestamp `sentinel:"" protobuf:"bytes,8,opt,name=creation_time,json=creationTime,proto3" json:"creation_time,omitempty"`
CreationTime *timestamppb.Timestamp `sentinel:"" protobuf:"bytes,8,opt,name=creation_time,json=creationTime,proto3" json:"creation_time,omitempty"`
// LastUpdateTime is the most recent time at which the properties of this
// alias got modified. This is helpful in filtering out aliases based
// on its age and to take action on them, if desired.
LastUpdateTime *timestamp.Timestamp `sentinel:"" protobuf:"bytes,9,opt,name=last_update_time,json=lastUpdateTime,proto3" json:"last_update_time,omitempty"`
LastUpdateTime *timestamppb.Timestamp `sentinel:"" protobuf:"bytes,9,opt,name=last_update_time,json=lastUpdateTime,proto3" json:"last_update_time,omitempty"`
// MergedFromCanonicalIDs is the FIFO history of merging activity
MergedFromCanonicalIDs []string `sentinel:"" protobuf:"bytes,10,rep,name=merged_from_canonical_ids,json=mergedFromCanonicalIds,proto3" json:"merged_from_canonical_ids,omitempty"`
// NamespaceID is the identifier of the namespace to which this alias
@ -493,14 +493,14 @@ func (x *Alias) GetName() string {
return ""
}
func (x *Alias) GetCreationTime() *timestamp.Timestamp {
func (x *Alias) GetCreationTime() *timestamppb.Timestamp {
if x != nil {
return x.CreationTime
}
return nil
}
func (x *Alias) GetLastUpdateTime() *timestamp.Timestamp {
func (x *Alias) GetLastUpdateTime() *timestamppb.Timestamp {
if x != nil {
return x.LastUpdateTime
}
@ -531,8 +531,8 @@ type EntityStorageEntry struct {
ID string `sentinel:"" protobuf:"bytes,2,opt,name=id,proto3" json:"id,omitempty"`
Name string `sentinel:"" protobuf:"bytes,3,opt,name=name,proto3" json:"name,omitempty"`
Metadata map[string]string `sentinel:"" protobuf:"bytes,4,rep,name=metadata,proto3" json:"metadata,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
CreationTime *timestamp.Timestamp `sentinel:"" protobuf:"bytes,5,opt,name=creation_time,json=creationTime,proto3" json:"creation_time,omitempty"`
LastUpdateTime *timestamp.Timestamp `sentinel:"" protobuf:"bytes,6,opt,name=last_update_time,json=lastUpdateTime,proto3" json:"last_update_time,omitempty"`
CreationTime *timestamppb.Timestamp `sentinel:"" protobuf:"bytes,5,opt,name=creation_time,json=creationTime,proto3" json:"creation_time,omitempty"`
LastUpdateTime *timestamppb.Timestamp `sentinel:"" protobuf:"bytes,6,opt,name=last_update_time,json=lastUpdateTime,proto3" json:"last_update_time,omitempty"`
MergedEntityIDs []string `sentinel:"" protobuf:"bytes,7,rep,name=merged_entity_ids,json=mergedEntityIDs,proto3" json:"merged_entity_ids,omitempty"`
Policies []string `sentinel:"" protobuf:"bytes,8,rep,name=policies,proto3" json:"policies,omitempty"`
BucketKeyHash string `sentinel:"" protobuf:"bytes,9,opt,name=bucket_key_hash,json=bucketKeyHash,proto3" json:"bucket_key_hash,omitempty"`
@ -599,14 +599,14 @@ func (x *EntityStorageEntry) GetMetadata() map[string]string {
return nil
}
func (x *EntityStorageEntry) GetCreationTime() *timestamp.Timestamp {
func (x *EntityStorageEntry) GetCreationTime() *timestamppb.Timestamp {
if x != nil {
return x.CreationTime
}
return nil
}
func (x *EntityStorageEntry) GetLastUpdateTime() *timestamp.Timestamp {
func (x *EntityStorageEntry) GetLastUpdateTime() *timestamppb.Timestamp {
if x != nil {
return x.LastUpdateTime
}
@ -647,16 +647,16 @@ type PersonaIndexEntry struct {
sizeCache protoimpl.SizeCache
unknownFields protoimpl.UnknownFields
ID string `sentinel:"" protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
EntityID string `sentinel:"" protobuf:"bytes,2,opt,name=entity_id,json=entityId,proto3" json:"entity_id,omitempty"`
MountType string `sentinel:"" protobuf:"bytes,3,opt,name=mount_type,json=mountType,proto3" json:"mount_type,omitempty"`
MountAccessor string `sentinel:"" protobuf:"bytes,4,opt,name=mount_accessor,json=mountAccessor,proto3" json:"mount_accessor,omitempty"`
MountPath string `sentinel:"" protobuf:"bytes,5,opt,name=mount_path,json=mountPath,proto3" json:"mount_path,omitempty"`
Metadata map[string]string `sentinel:"" protobuf:"bytes,6,rep,name=metadata,proto3" json:"metadata,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
Name string `sentinel:"" protobuf:"bytes,7,opt,name=name,proto3" json:"name,omitempty"`
CreationTime *timestamp.Timestamp `sentinel:"" protobuf:"bytes,8,opt,name=creation_time,json=creationTime,proto3" json:"creation_time,omitempty"`
LastUpdateTime *timestamp.Timestamp `sentinel:"" protobuf:"bytes,9,opt,name=last_update_time,json=lastUpdateTime,proto3" json:"last_update_time,omitempty"`
MergedFromEntityIDs []string `sentinel:"" protobuf:"bytes,10,rep,name=merged_from_entity_ids,json=mergedFromEntityIDs,proto3" json:"merged_from_entity_ids,omitempty"`
ID string `sentinel:"" protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
EntityID string `sentinel:"" protobuf:"bytes,2,opt,name=entity_id,json=entityId,proto3" json:"entity_id,omitempty"`
MountType string `sentinel:"" protobuf:"bytes,3,opt,name=mount_type,json=mountType,proto3" json:"mount_type,omitempty"`
MountAccessor string `sentinel:"" protobuf:"bytes,4,opt,name=mount_accessor,json=mountAccessor,proto3" json:"mount_accessor,omitempty"`
MountPath string `sentinel:"" protobuf:"bytes,5,opt,name=mount_path,json=mountPath,proto3" json:"mount_path,omitempty"`
Metadata map[string]string `sentinel:"" protobuf:"bytes,6,rep,name=metadata,proto3" json:"metadata,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
Name string `sentinel:"" protobuf:"bytes,7,opt,name=name,proto3" json:"name,omitempty"`
CreationTime *timestamppb.Timestamp `sentinel:"" protobuf:"bytes,8,opt,name=creation_time,json=creationTime,proto3" json:"creation_time,omitempty"`
LastUpdateTime *timestamppb.Timestamp `sentinel:"" protobuf:"bytes,9,opt,name=last_update_time,json=lastUpdateTime,proto3" json:"last_update_time,omitempty"`
MergedFromEntityIDs []string `sentinel:"" protobuf:"bytes,10,rep,name=merged_from_entity_ids,json=mergedFromEntityIDs,proto3" json:"merged_from_entity_ids,omitempty"`
}
func (x *PersonaIndexEntry) Reset() {
@ -740,14 +740,14 @@ func (x *PersonaIndexEntry) GetName() string {
return ""
}
func (x *PersonaIndexEntry) GetCreationTime() *timestamp.Timestamp {
func (x *PersonaIndexEntry) GetCreationTime() *timestamppb.Timestamp {
if x != nil {
return x.CreationTime
}
return nil
}
func (x *PersonaIndexEntry) GetLastUpdateTime() *timestamp.Timestamp {
func (x *PersonaIndexEntry) GetLastUpdateTime() *timestamppb.Timestamp {
if x != nil {
return x.LastUpdateTime
}
@ -973,20 +973,20 @@ func file_helper_identity_types_proto_rawDescGZIP() []byte {
var file_helper_identity_types_proto_msgTypes = make([]protoimpl.MessageInfo, 12)
var file_helper_identity_types_proto_goTypes = []interface{}{
(*Group)(nil), // 0: identity.Group
(*Entity)(nil), // 1: identity.Entity
(*Alias)(nil), // 2: identity.Alias
(*EntityStorageEntry)(nil), // 3: identity.EntityStorageEntry
(*PersonaIndexEntry)(nil), // 4: identity.PersonaIndexEntry
nil, // 5: identity.Group.MetadataEntry
nil, // 6: identity.Entity.MetadataEntry
nil, // 7: identity.Entity.MFASecretsEntry
nil, // 8: identity.Alias.MetadataEntry
nil, // 9: identity.EntityStorageEntry.MetadataEntry
nil, // 10: identity.EntityStorageEntry.MFASecretsEntry
nil, // 11: identity.PersonaIndexEntry.MetadataEntry
(*timestamp.Timestamp)(nil), // 12: google.protobuf.Timestamp
(*mfa.Secret)(nil), // 13: mfa.Secret
(*Group)(nil), // 0: identity.Group
(*Entity)(nil), // 1: identity.Entity
(*Alias)(nil), // 2: identity.Alias
(*EntityStorageEntry)(nil), // 3: identity.EntityStorageEntry
(*PersonaIndexEntry)(nil), // 4: identity.PersonaIndexEntry
nil, // 5: identity.Group.MetadataEntry
nil, // 6: identity.Entity.MetadataEntry
nil, // 7: identity.Entity.MFASecretsEntry
nil, // 8: identity.Alias.MetadataEntry
nil, // 9: identity.EntityStorageEntry.MetadataEntry
nil, // 10: identity.EntityStorageEntry.MFASecretsEntry
nil, // 11: identity.PersonaIndexEntry.MetadataEntry
(*timestamppb.Timestamp)(nil), // 12: google.protobuf.Timestamp
(*mfa.Secret)(nil), // 13: mfa.Secret
}
var file_helper_identity_types_proto_depIDxs = []int32{
5, // 0: identity.Group.metadata:type_name -> identity.Group.MetadataEntry

22
helper/storagepacker/types.pb.go
View File

@ -1,16 +1,16 @@
// Code generated by protoc-gen-go. DO NOT EDIT.
// versions:
// protoc-gen-go v1.23.0
// protoc v3.13.0
// protoc-gen-go v1.25.0
// protoc v3.15.8
// source: helper/storagepacker/types.proto
package storagepacker
import (
proto "github.com/golang/protobuf/proto"
any "github.com/golang/protobuf/ptypes/any"
protoreflect "google.golang.org/protobuf/reflect/protoreflect"
protoimpl "google.golang.org/protobuf/runtime/protoimpl"
anypb "google.golang.org/protobuf/types/known/anypb"
reflect "reflect"
sync "sync"
)
@ -39,7 +39,7 @@ type Item struct {
// consistent with what they passed in.
ID string `sentinel:"" protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
// message is the contents of the item
Message *any.Any `sentinel:"" protobuf:"bytes,2,opt,name=message,proto3" json:"message,omitempty"`
Message *anypb.Any `sentinel:"" protobuf:"bytes,2,opt,name=message,proto3" json:"message,omitempty"`
}
func (x *Item) Reset() {
@ -81,7 +81,7 @@ func (x *Item) GetID() string {
return ""
}
func (x *Item) GetMessage() *any.Any {
func (x *Item) GetMessage() *anypb.Any {
if x != nil {
return x.Message
}
@ -104,7 +104,7 @@ type Bucket struct {
// Items holds the items contained within this bucket. Used by v1.
Items []*Item `sentinel:"" protobuf:"bytes,2,rep,name=items,proto3" json:"items,omitempty"`
// ItemMap stores a mapping of item ID to message. Used by v2.
ItemMap map[string]*any.Any `sentinel:"" protobuf:"bytes,3,rep,name=item_map,json=itemMap,proto3" json:"item_map,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
ItemMap map[string]*anypb.Any `sentinel:"" protobuf:"bytes,3,rep,name=item_map,json=itemMap,proto3" json:"item_map,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
}
func (x *Bucket) Reset() {
@ -153,7 +153,7 @@ func (x *Bucket) GetItems() []*Item {
return nil
}
func (x *Bucket) GetItemMap() map[string]*any.Any {
func (x *Bucket) GetItemMap() map[string]*anypb.Any {
if x != nil {
return x.ItemMap
}
@ -206,10 +206,10 @@ func file_helper_storagepacker_types_proto_rawDescGZIP() []byte {
var file_helper_storagepacker_types_proto_msgTypes = make([]protoimpl.MessageInfo, 3)
var file_helper_storagepacker_types_proto_goTypes = []interface{}{
(*Item)(nil), // 0: storagepacker.Item
(*Bucket)(nil), // 1: storagepacker.Bucket
nil, // 2: storagepacker.Bucket.ItemMapEntry
(*any.Any)(nil), // 3: google.protobuf.Any
(*Item)(nil), // 0: storagepacker.Item
(*Bucket)(nil), // 1: storagepacker.Bucket
nil, // 2: storagepacker.Bucket.ItemMapEntry
(*anypb.Any)(nil), // 3: google.protobuf.Any
}
var file_helper_storagepacker_types_proto_depIDxs = []int32{
3, // 0: storagepacker.Item.message:type_name -> google.protobuf.Any

4
physical/raft/types.pb.go
View File

@ -1,7 +1,7 @@
// Code generated by protoc-gen-go. DO NOT EDIT.
// versions:
// protoc-gen-go v1.23.0
// protoc v3.13.0
// protoc-gen-go v1.25.0
// protoc v3.15.8
// source: physical/raft/types.proto
package raft

24
sdk/database/dbplugin/database.pb.go
View File

@ -1,7 +1,7 @@
// Code generated by protoc-gen-go. DO NOT EDIT.
// versions:
// protoc-gen-go v1.23.0
// protoc v3.13.0
// protoc-gen-go v1.25.0
// protoc v3.15.8
// source: sdk/database/dbplugin/database.proto
package dbplugin
@ -9,12 +9,12 @@ package dbplugin
import (
context "context"
proto "github.com/golang/protobuf/proto"
timestamp "github.com/golang/protobuf/ptypes/timestamp"
grpc "google.golang.org/grpc"
codes "google.golang.org/grpc/codes"
status "google.golang.org/grpc/status"
protoreflect "google.golang.org/protobuf/reflect/protoreflect"
protoimpl "google.golang.org/protobuf/runtime/protoimpl"
timestamppb "google.golang.org/protobuf/types/known/timestamppb"
reflect "reflect"
sync "sync"
)
@ -146,9 +146,9 @@ type CreateUserRequest struct {
sizeCache protoimpl.SizeCache
unknownFields protoimpl.UnknownFields
Statements *Statements `protobuf:"bytes,1,opt,name=statements,proto3" json:"statements,omitempty"`
UsernameConfig *UsernameConfig `protobuf:"bytes,2,opt,name=username_config,json=usernameConfig,proto3" json:"username_config,omitempty"`
Expiration *timestamp.Timestamp `protobuf:"bytes,3,opt,name=expiration,proto3" json:"expiration,omitempty"`
Statements *Statements `protobuf:"bytes,1,opt,name=statements,proto3" json:"statements,omitempty"`
UsernameConfig *UsernameConfig `protobuf:"bytes,2,opt,name=username_config,json=usernameConfig,proto3" json:"username_config,omitempty"`
Expiration *timestamppb.Timestamp `protobuf:"bytes,3,opt,name=expiration,proto3" json:"expiration,omitempty"`
}
func (x *CreateUserRequest) Reset() {
@ -197,7 +197,7 @@ func (x *CreateUserRequest) GetUsernameConfig() *UsernameConfig {
return nil
}
func (x *CreateUserRequest) GetExpiration() *timestamp.Timestamp {
func (x *CreateUserRequest) GetExpiration() *timestamppb.Timestamp {
if x != nil {
return x.Expiration
}
@ -209,9 +209,9 @@ type RenewUserRequest struct {
sizeCache protoimpl.SizeCache
unknownFields protoimpl.UnknownFields
Statements *Statements `protobuf:"bytes,1,opt,name=statements,proto3" json:"statements,omitempty"`
Username string `protobuf:"bytes,2,opt,name=username,proto3" json:"username,omitempty"`
Expiration *timestamp.Timestamp `protobuf:"bytes,3,opt,name=expiration,proto3" json:"expiration,omitempty"`
Statements *Statements `protobuf:"bytes,1,opt,name=statements,proto3" json:"statements,omitempty"`
Username string `protobuf:"bytes,2,opt,name=username,proto3" json:"username,omitempty"`
Expiration *timestamppb.Timestamp `protobuf:"bytes,3,opt,name=expiration,proto3" json:"expiration,omitempty"`
}
func (x *RenewUserRequest) Reset() {
@ -260,7 +260,7 @@ func (x *RenewUserRequest) GetUsername() string {
return ""
}
func (x *RenewUserRequest) GetExpiration() *timestamp.Timestamp {
func (x *RenewUserRequest) GetExpiration() *timestamppb.Timestamp {
if x != nil {
return x.Expiration
}
@ -1204,7 +1204,7 @@ var file_sdk_database_dbplugin_database_proto_goTypes = []interface{}{
(*StaticUserConfig)(nil), // 14: dbplugin.StaticUserConfig
(*SetCredentialsRequest)(nil), // 15: dbplugin.SetCredentialsRequest
(*SetCredentialsResponse)(nil), // 16: dbplugin.SetCredentialsResponse
(*timestamp.Timestamp)(nil), // 17: google.protobuf.Timestamp
(*timestamppb.Timestamp)(nil), // 17: google.protobuf.Timestamp
}
var file_sdk_database_dbplugin_database_proto_depIdxs = []int32{
6, // 0: dbplugin.CreateUserRequest.statements:type_name -> dbplugin.Statements

68
sdk/database/dbplugin/v5/proto/database.pb.go
View File

@ -1,7 +1,7 @@
// Code generated by protoc-gen-go. DO NOT EDIT.
// versions:
// protoc-gen-go v1.23.0
// protoc v3.13.0
// protoc-gen-go v1.25.0
// protoc v3.15.8
// source: sdk/database/dbplugin/v5/proto/database.proto
package proto
@ -9,13 +9,13 @@ package proto
import (
context "context"
proto "github.com/golang/protobuf/proto"
_struct "github.com/golang/protobuf/ptypes/struct"
timestamp "github.com/golang/protobuf/ptypes/timestamp"
grpc "google.golang.org/grpc"
codes "google.golang.org/grpc/codes"
status "google.golang.org/grpc/status"
protoreflect "google.golang.org/protobuf/reflect/protoreflect"
protoimpl "google.golang.org/protobuf/runtime/protoimpl"
structpb "google.golang.org/protobuf/types/known/structpb"
timestamppb "google.golang.org/protobuf/types/known/timestamppb"
reflect "reflect"
sync "sync"
)
@ -39,8 +39,8 @@ type InitializeRequest struct {
sizeCache protoimpl.SizeCache
unknownFields protoimpl.UnknownFields
ConfigData *_struct.Struct `protobuf:"bytes,1,opt,name=config_data,json=configData,proto3" json:"config_data,omitempty"`
VerifyConnection bool `protobuf:"varint,2,opt,name=verify_connection,json=verifyConnection,proto3" json:"verify_connection,omitempty"`
ConfigData *structpb.Struct `protobuf:"bytes,1,opt,name=config_data,json=configData,proto3" json:"config_data,omitempty"`
VerifyConnection bool `protobuf:"varint,2,opt,name=verify_connection,json=verifyConnection,proto3" json:"verify_connection,omitempty"`
}
func (x *InitializeRequest) Reset() {
@ -75,7 +75,7 @@ func (*InitializeRequest) Descriptor() ([]byte, []int) {
return file_sdk_database_dbplugin_v5_proto_database_proto_rawDescGZIP(), []int{0}
}
func (x *InitializeRequest) GetConfigData() *_struct.Struct {
func (x *InitializeRequest) GetConfigData() *structpb.Struct {
if x != nil {
return x.ConfigData
}
@ -94,7 +94,7 @@ type InitializeResponse struct {
sizeCache protoimpl.SizeCache
unknownFields protoimpl.UnknownFields
ConfigData *_struct.Struct `protobuf:"bytes,1,opt,name=config_data,json=configData,proto3" json:"config_data,omitempty"`
ConfigData *structpb.Struct `protobuf:"bytes,1,opt,name=config_data,json=configData,proto3" json:"config_data,omitempty"`
}
func (x *InitializeResponse) Reset() {
@ -129,7 +129,7 @@ func (*InitializeResponse) Descriptor() ([]byte, []int) {
return file_sdk_database_dbplugin_v5_proto_database_proto_rawDescGZIP(), []int{1}
}
func (x *InitializeResponse) GetConfigData() *_struct.Struct {
func (x *InitializeResponse) GetConfigData() *structpb.Struct {
if x != nil {
return x.ConfigData
}
@ -141,11 +141,11 @@ type NewUserRequest struct {
sizeCache protoimpl.SizeCache
unknownFields protoimpl.UnknownFields
UsernameConfig *UsernameConfig `protobuf:"bytes,1,opt,name=username_config,json=usernameConfig,proto3" json:"username_config,omitempty"`
Password string `protobuf:"bytes,2,opt,name=password,proto3" json:"password,omitempty"`
Expiration *timestamp.Timestamp `protobuf:"bytes,3,opt,name=expiration,proto3" json:"expiration,omitempty"`
Statements *Statements `protobuf:"bytes,4,opt,name=statements,proto3" json:"statements,omitempty"`
RollbackStatements *Statements `protobuf:"bytes,5,opt,name=rollback_statements,json=rollbackStatements,proto3" json:"rollback_statements,omitempty"`
UsernameConfig *UsernameConfig `protobuf:"bytes,1,opt,name=username_config,json=usernameConfig,proto3" json:"username_config,omitempty"`
Password string `protobuf:"bytes,2,opt,name=password,proto3" json:"password,omitempty"`
Expiration *timestamppb.Timestamp `protobuf:"bytes,3,opt,name=expiration,proto3" json:"expiration,omitempty"`
Statements *Statements `protobuf:"bytes,4,opt,name=statements,proto3" json:"statements,omitempty"`
RollbackStatements *Statements `protobuf:"bytes,5,opt,name=rollback_statements,json=rollbackStatements,proto3" json:"rollback_statements,omitempty"`
}
func (x *NewUserRequest) Reset() {
@ -194,7 +194,7 @@ func (x *NewUserRequest) GetPassword() string {
return ""
}
func (x *NewUserRequest) GetExpiration() *timestamp.Timestamp {
func (x *NewUserRequest) GetExpiration() *timestamppb.Timestamp {
if x != nil {
return x.Expiration
}
@ -443,8 +443,8 @@ type ChangeExpiration struct {
sizeCache protoimpl.SizeCache
unknownFields protoimpl.UnknownFields
NewExpiration *timestamp.Timestamp `protobuf:"bytes,1,opt,name=new_expiration,json=newExpiration,proto3" json:"new_expiration,omitempty"`
Statements *Statements `protobuf:"bytes,2,opt,name=statements,proto3" json:"statements,omitempty"`
NewExpiration *timestamppb.Timestamp `protobuf:"bytes,1,opt,name=new_expiration,json=newExpiration,proto3" json:"new_expiration,omitempty"`
Statements *Statements `protobuf:"bytes,2,opt,name=statements,proto3" json:"statements,omitempty"`
}
func (x *ChangeExpiration) Reset() {
@ -479,7 +479,7 @@ func (*ChangeExpiration) Descriptor() ([]byte, []int) {
return file_sdk_database_dbplugin_v5_proto_database_proto_rawDescGZIP(), []int{7}
}
func (x *ChangeExpiration) GetNewExpiration() *timestamp.Timestamp {
func (x *ChangeExpiration) GetNewExpiration() *timestamppb.Timestamp {
if x != nil {
return x.NewExpiration
}
@ -904,22 +904,22 @@ func file_sdk_database_dbplugin_v5_proto_database_proto_rawDescGZIP() []byte {
var file_sdk_database_dbplugin_v5_proto_database_proto_msgTypes = make([]protoimpl.MessageInfo, 14)
var file_sdk_database_dbplugin_v5_proto_database_proto_goTypes = []interface{}{
(*InitializeRequest)(nil), // 0: dbplugin.v5.InitializeRequest
(*InitializeResponse)(nil), // 1: dbplugin.v5.InitializeResponse
(*NewUserRequest)(nil), // 2: dbplugin.v5.NewUserRequest
(*UsernameConfig)(nil), // 3: dbplugin.v5.UsernameConfig
(*NewUserResponse)(nil), // 4: dbplugin.v5.NewUserResponse
(*UpdateUserRequest)(nil), // 5: dbplugin.v5.UpdateUserRequest
(*ChangePassword)(nil), // 6: dbplugin.v5.ChangePassword
(*ChangeExpiration)(nil), // 7: dbplugin.v5.ChangeExpiration
(*UpdateUserResponse)(nil), // 8: dbplugin.v5.UpdateUserResponse
(*DeleteUserRequest)(nil), // 9: dbplugin.v5.DeleteUserRequest
(*DeleteUserResponse)(nil), // 10: dbplugin.v5.DeleteUserResponse
(*TypeResponse)(nil), // 11: dbplugin.v5.TypeResponse
(*Statements)(nil), // 12: dbplugin.v5.Statements
(*Empty)(nil), // 13: dbplugin.v5.Empty
(*_struct.Struct)(nil), // 14: google.protobuf.Struct
(*timestamp.Timestamp)(nil), // 15: google.protobuf.Timestamp
(*InitializeRequest)(nil), // 0: dbplugin.v5.InitializeRequest
(*InitializeResponse)(nil), // 1: dbplugin.v5.InitializeResponse
(*NewUserRequest)(nil), // 2: dbplugin.v5.NewUserRequest
(*UsernameConfig)(nil), // 3: dbplugin.v5.UsernameConfig
(*NewUserResponse)(nil), // 4: dbplugin.v5.NewUserResponse
(*UpdateUserRequest)(nil), // 5: dbplugin.v5.UpdateUserRequest
(*ChangePassword)(nil), // 6: dbplugin.v5.ChangePassword
(*ChangeExpiration)(nil), // 7: dbplugin.v5.ChangeExpiration
(*UpdateUserResponse)(nil), // 8: dbplugin.v5.UpdateUserResponse
(*DeleteUserRequest)(nil), // 9: dbplugin.v5.DeleteUserRequest
(*DeleteUserResponse)(nil), // 10: dbplugin.v5.DeleteUserResponse
(*TypeResponse)(nil), // 11: dbplugin.v5.TypeResponse
(*Statements)(nil), // 12: dbplugin.v5.Statements
(*Empty)(nil), // 13: dbplugin.v5.Empty
(*structpb.Struct)(nil), // 14: google.protobuf.Struct
(*timestamppb.Timestamp)(nil), // 15: google.protobuf.Timestamp
}
var file_sdk_database_dbplugin_v5_proto_database_proto_depIdxs = []int32{
14, // 0: dbplugin.v5.InitializeRequest.config_data:type_name -> google.protobuf.Struct

6
sdk/logical/error.go
View File

@ -36,6 +36,12 @@ var (
// ErrRateLimitQuotaExceeded is returned when a request is rejected due to a
// rate limit quota being exceeded.
ErrRateLimitQuotaExceeded = errors.New("rate limit quota exceeded")
// ErrUnrecoverable is returned when a request fails due to something that
// is likely to require manual intervention. This is a generic form of an
// unrecoverable error.
// e.g.: misconfigured or disconnected storage backend.
ErrUnrecoverable = errors.New("unrecoverable error")
)
type HTTPCodedError interface {

4
sdk/logical/identity.pb.go
View File

@ -1,7 +1,7 @@
// Code generated by protoc-gen-go. DO NOT EDIT.
// versions:
// protoc-gen-go v1.23.0
// protoc v3.13.0
// protoc-gen-go v1.25.0
// protoc v3.15.8
// source: sdk/logical/identity.proto
package logical

4
sdk/logical/plugin.pb.go
View File

@ -1,7 +1,7 @@
// Code generated by protoc-gen-go. DO NOT EDIT.
// versions:
// protoc-gen-go v1.23.0
// protoc v3.13.0
// protoc-gen-go v1.25.0
// protoc v3.15.8
// source: sdk/logical/plugin.proto
package logical

25
sdk/plugin/pb/backend.pb.go
View File

@ -1,7 +1,7 @@
// Code generated by protoc-gen-go. DO NOT EDIT.
// versions:
// protoc-gen-go v1.23.0
// protoc v3.13.0
// protoc-gen-go v1.25.0
// protoc v3.15.8
// source: sdk/plugin/pb/backend.proto
package pb
@ -9,13 +9,13 @@ package pb
import (
context "context"
proto "github.com/golang/protobuf/proto"
timestamp "github.com/golang/protobuf/ptypes/timestamp"
logical "github.com/hashicorp/vault/sdk/logical"
grpc "google.golang.org/grpc"
codes "google.golang.org/grpc/codes"
status "google.golang.org/grpc/status"
protoreflect "google.golang.org/protobuf/reflect/protoreflect"
protoimpl "google.golang.org/protobuf/runtime/protoimpl"
timestamppb "google.golang.org/protobuf/types/known/timestamppb"
reflect "reflect"
sync "sync"
)
@ -132,6 +132,7 @@ type ProtoError struct {
// ErrTypeInvalidRequest
// ErrTypePermissionDenied
// ErrTypeMultiAuthzPending
// ErrTypeUnrecoverable
ErrType uint32 `sentinel:"" protobuf:"varint,1,opt,name=err_type,json=errType,proto3" json:"err_type,omitempty"`
ErrMsg string `sentinel:"" protobuf:"bytes,2,opt,name=err_msg,json=errMsg,proto3" json:"err_msg,omitempty"`
ErrCode int64 `sentinel:"" protobuf:"varint,3,opt,name=err_code,json=errCode,proto3" json:"err_code,omitempty"`
@ -927,11 +928,11 @@ type LeaseOptions struct {
sizeCache protoimpl.SizeCache
unknownFields protoimpl.UnknownFields
TTL int64 `sentinel:"" protobuf:"varint,1,opt,name=TTL,proto3" json:"TTL,omitempty"`
Renewable bool `sentinel:"" protobuf:"varint,2,opt,name=renewable,proto3" json:"renewable,omitempty"`
Increment int64 `sentinel:"" protobuf:"varint,3,opt,name=increment,proto3" json:"increment,omitempty"`
IssueTime *timestamp.Timestamp `sentinel:"" protobuf:"bytes,4,opt,name=issue_time,json=issueTime,proto3" json:"issue_time,omitempty"`
MaxTTL int64 `sentinel:"" protobuf:"varint,5,opt,name=MaxTTL,proto3" json:"MaxTTL,omitempty"`
TTL int64 `sentinel:"" protobuf:"varint,1,opt,name=TTL,proto3" json:"TTL,omitempty"`
Renewable bool `sentinel:"" protobuf:"varint,2,opt,name=renewable,proto3" json:"renewable,omitempty"`
Increment int64 `sentinel:"" protobuf:"varint,3,opt,name=increment,proto3" json:"increment,omitempty"`
IssueTime *timestamppb.Timestamp `sentinel:"" protobuf:"bytes,4,opt,name=issue_time,json=issueTime,proto3" json:"issue_time,omitempty"`
MaxTTL int64 `sentinel:"" protobuf:"varint,5,opt,name=MaxTTL,proto3" json:"MaxTTL,omitempty"`
}
func (x *LeaseOptions) Reset() {
@ -987,7 +988,7 @@ func (x *LeaseOptions) GetIncrement() int64 {
return 0
}
func (x *LeaseOptions) GetIssueTime() *timestamp.Timestamp {
func (x *LeaseOptions) GetIssueTime() *timestamppb.Timestamp {
if x != nil {
return x.IssueTime
}
@ -1196,7 +1197,7 @@ type ResponseWrapInfo struct {
Accessor string `sentinel:"" protobuf:"bytes,3,opt,name=accessor,proto3" json:"accessor,omitempty"`
// The creation time. This can be used with the TTL to figure out an
// expected expiration.
CreationTime *timestamp.Timestamp `sentinel:"" protobuf:"bytes,4,opt,name=creation_time,json=creationTime,proto3" json:"creation_time,omitempty"`
CreationTime *timestamppb.Timestamp `sentinel:"" protobuf:"bytes,4,opt,name=creation_time,json=creationTime,proto3" json:"creation_time,omitempty"`
// If the contained response is the output of a token creation call, the
// created token's accessor will be accessible here
WrappedAccessor string `sentinel:"" protobuf:"bytes,5,opt,name=wrapped_accessor,json=wrappedAccessor,proto3" json:"wrapped_accessor,omitempty"`
@ -1265,7 +1266,7 @@ func (x *ResponseWrapInfo) GetAccessor() string {
return ""
}
func (x *ResponseWrapInfo) GetCreationTime() *timestamp.Timestamp {
func (x *ResponseWrapInfo) GetCreationTime() *timestamppb.Timestamp {
if x != nil {
return x.CreationTime
}
@ -3684,7 +3685,7 @@ var file_sdk_plugin_pb_backend_proto_goTypes = []interface{}{
nil, // 50: pb.Response.HeadersEntry
nil, // 51: pb.SetupArgs.ConfigEntry
(*logical.Alias)(nil), // 52: logical.Alias
(*timestamp.Timestamp)(nil), // 53: google.protobuf.Timestamp
(*timestamppb.Timestamp)(nil), // 53: google.protobuf.Timestamp
(*logical.Entity)(nil), // 54: logical.Entity
(*logical.Group)(nil), // 55: logical.Group
(*logical.PluginEnvironment)(nil), // 56: logical.PluginEnvironment

1
sdk/plugin/pb/backend.proto
View File

@ -25,6 +25,7 @@ message ProtoError {
// ErrTypeInvalidRequest
// ErrTypePermissionDenied
// ErrTypeMultiAuthzPending
// ErrTypeUnrecoverable
uint32 err_type = 1;
string err_msg = 2;
int64 err_code = 3;

5
sdk/plugin/pb/translation.go
View File

@ -23,6 +23,7 @@ const (
ErrTypeInvalidRequest
ErrTypePermissionDenied
ErrTypeMultiAuthzPending
ErrTypeUnrecoverable
)
func ProtoErrToErr(e *ProtoError) error {
@ -52,6 +53,8 @@ func ProtoErrToErr(e *ProtoError) error {
err = logical.ErrPermissionDenied
case ErrTypeMultiAuthzPending:
err = logical.ErrMultiAuthzPending
case ErrTypeUnrecoverable:
err = logical.ErrUnrecoverable
}
return err
@ -89,6 +92,8 @@ func ErrToProtoErr(e error) *ProtoError {
pbErr.ErrType = ErrTypePermissionDenied
case e == logical.ErrMultiAuthzPending:
pbErr.ErrType = ErrTypeMultiAuthzPending
case e == logical.ErrUnrecoverable:
pbErr.ErrType = ErrTypeUnrecoverable
}
return pbErr

4
vault/activity/activity_log.pb.go
View File

@ -1,7 +1,7 @@
// Code generated by protoc-gen-go. DO NOT EDIT.
// versions:
// protoc-gen-go v1.23.0
// protoc v3.13.0
// protoc-gen-go v1.25.0
// protoc v3.15.8
// source: vault/activity/activity_log.proto
package activity

55
vault/expiration.go
View File

@ -69,6 +69,12 @@ const (
// limit zombie error messages to 240 characters to be respectful of storage
// requirements
maxZombieErrorLength = 240
genericZombieErrorMessage = "no error message given"
)
var (
errOutOfRetries = errors.New("out of retries")
)
type pendingInfo struct {
@ -103,7 +109,8 @@ type ExpirationManager struct {
// Track expired leases that have been determined to be irrevocable (without
// manual intervention). These irrevocable leases are referred to as
// "zombies" or "zombie leases"
// "zombies" or "zombie leases", and we retain a subset of the lease info
// in memory
zombies sync.Map
// The uniquePolicies map holds policy sets, so they can
@ -169,6 +176,20 @@ func newRevocationJob(nsCtx context.Context, leaseID string, ns *namespace.Names
}, nil
}
// errIsUnrecoverable returns true if the logical error is unlikely to resolve
// automatically or with additional retries
func errIsUnrecoverable(err error) bool {
switch {
case errors.Is(err, logical.ErrUnrecoverable),
errors.Is(err, logical.ErrUnsupportedOperation),
errors.Is(err, logical.ErrUnsupportedPath),
errors.Is(err, logical.ErrInvalidRequest):
return true
}
return false
}
func (r *revocationJob) Execute() error {
r.m.core.metricSink.IncrCounterWithLabels([]string{"expire", "lease_expiration"}, 1, []metrics.Label{metricsutil.NamespaceLabel(r.ns)})
r.m.core.metricSink.MeasureSinceWithLabels([]string{"expire", "lease_expiration", "time_in_queue"}, r.startTime, []metrics.Label{metricsutil.NamespaceLabel(r.ns)})
@ -216,16 +237,24 @@ func (r *revocationJob) OnFailure(err error) {
pending := pendingRaw.(pendingInfo)
pending.revokesAttempted++
if pending.revokesAttempted >= maxRevokeAttempts || errIsUnrecoverable(err) {
r.m.logger.Trace("marking lease as zombie", "lease_id", r.leaseID, "error", err)
if pending.revokesAttempted >= maxRevokeAttempts {
r.m.logger.Trace("lease has consumed all retry attempts", "lease_id", r.leaseID)
err = fmt.Errorf("%v: %w", errOutOfRetries.Error(), err)
}
if pending.revokesAttempted >= maxRevokeAttempts {
r.m.logger.Trace("lease has consumed all retry attempts", "lease_id", r.leaseID)
le, loadErr := r.m.loadEntry(r.nsCtx, r.leaseID)
if loadErr != nil {
r.m.logger.Warn("failed to mark lease as zombie - failed to load", "lease_id", r.leaseID, "err", loadErr)
return
}
if le == nil {
r.m.logger.Warn("failed to mark lease as zombie - nil lease", "lease_id", r.leaseID)
return
}
r.m.markLeaseAsZombie(r.nsCtx, le, errors.New("lease has consumed all retry attempts"))
r.m.markLeaseAsZombie(r.nsCtx, le, err)
return
}
@ -1658,6 +1687,9 @@ func (m *ExpirationManager) inMemoryLeaseInfo(le *leaseEntry) *leaseEntry {
}
ret.Path = le.Path
}
if le.isZombie() {
ret.RevokeErr = le.RevokeErr
}
return ret
}
@ -1780,7 +1812,7 @@ func (m *ExpirationManager) revokeEntry(ctx context.Context, le *leaseEntry) err
// Handle standard revocation via backends
resp, err := m.router.Route(nsCtx, logical.RevokeRequest(le.Path, le.Secret, le.Data))
if err != nil || (resp != nil && resp.IsError()) {
return errwrap.Wrapf(fmt.Sprintf("failed to revoke entry: resp: %#v err: {{err}}", resp), err)
return fmt.Errorf("failed to revoke entry: resp: %#v err: %w", resp, err)
}
return nil
}
@ -1884,7 +1916,7 @@ func (m *ExpirationManager) loadEntryInternal(ctx context.Context, leaseID strin
le.namespace = ns
if le.isZombie() {
m.zombies.Store(le.LeaseID, le)
m.zombies.Store(le.LeaseID, m.inMemoryLeaseInfo(le))
return le, nil
}
@ -2345,9 +2377,12 @@ func (m *ExpirationManager) markLeaseAsZombie(ctx context.Context, le *leaseEntr
return
}
errStr := err.Error()
var errStr string
if err != nil {
errStr = err.Error()
}
if len(errStr) == 0 {
errStr = "no error message given"
errStr = genericZombieErrorMessage
}
if len(errStr) > maxZombieErrorLength {
errStr = errStr[:maxZombieErrorLength]
@ -2356,7 +2391,7 @@ func (m *ExpirationManager) markLeaseAsZombie(ctx context.Context, le *leaseEntr
le.RevokeErr = errStr
m.persistEntry(ctx, le)
m.zombies.Store(le.LeaseID, le)
m.zombies.Store(le.LeaseID, m.inMemoryLeaseInfo(le))
m.removeFromPending(ctx, le.LeaseID)
m.nonexpiring.Delete(le.LeaseID)
}
@ -2401,7 +2436,7 @@ func (le *leaseEntry) renewable() (bool, error) {
return false, fmt.Errorf("lease not found")
case le.isZombie():
return false, fmt.Errorf("lease is not renewable and has failed previous revocation attempts")
return false, fmt.Errorf("lease is expired and has failed previous revocation attempts")
case le.ExpireTime.IsZero():
return false, fmt.Errorf("lease is not renewable")

108
vault/expiration_test.go
View File

@ -2664,3 +2664,111 @@ func TestExpiration_StopClearsZombieCache(t *testing.T) {
t.Error("expiration manager zombies cache should be cleared on stop")
}
}
func TestExpiration_errorIsUnrecoverable(t *testing.T) {
testCases := []struct {
err error
isUnrecoverable bool
}{
{
err: logical.ErrUnrecoverable,
isUnrecoverable: true,
},
{
err: logical.ErrUnsupportedOperation,
isUnrecoverable: true,
},
{
err: logical.ErrUnsupportedPath,
isUnrecoverable: true,
},
{
err: logical.ErrInvalidRequest,
isUnrecoverable: true,
},
{
err: logical.ErrPermissionDenied,
isUnrecoverable: false,
},
{
err: logical.ErrMultiAuthzPending,
isUnrecoverable: false,
},
{
err: fmt.Errorf("some other error"),
isUnrecoverable: false,
},
}
for _, tc := range testCases {
out := errIsUnrecoverable(tc.err)
if out != tc.isUnrecoverable {
t.Errorf("wrong answer: expected %t, got %t", tc.isUnrecoverable, out)
}
}
}
func TestExpiration_unrecoverableErrorMakesZombie(t *testing.T) {
exp := mockExpiration(t)
ctx := namespace.RootContext(nil)
makeJob := func() *revocationJob {
leaseID := registerOneLease(t, ctx, exp)
job, err := newRevocationJob(ctx, leaseID, namespace.RootNamespace, exp)
if err != nil {
t.Fatalf("err making revocation job: %v", err)
}
return job
}
testCases := []struct {
err error
job *revocationJob
shouldBeZombie bool
}{
{
err: logical.ErrUnrecoverable,
job: makeJob(),
shouldBeZombie: true,
},
{
err: logical.ErrInvalidRequest,
job: makeJob(),
shouldBeZombie: true,
},
{
err: logical.ErrPermissionDenied,
job: makeJob(),
shouldBeZombie: false,
},
{
err: logical.ErrRateLimitQuotaExceeded,
job: makeJob(),
shouldBeZombie: false,
},
{
err: fmt.Errorf("some random recoverable error"),
job: makeJob(),
shouldBeZombie: false,
},
}
for _, tc := range testCases {
tc.job.OnFailure(tc.err)
le, err := exp.loadEntry(ctx, tc.job.leaseID)
if err != nil {
t.Fatalf("could not load leaseID %q: %v", tc.job.leaseID, err)
}
if le == nil {
t.Fatalf("nil lease for leaseID: %q", tc.job.leaseID)
}
isZombie := le.isZombie()
if isZombie != tc.shouldBeZombie {
t.Errorf("expected zombie: %t, got zombie: %t", tc.shouldBeZombie, isZombie)
}
}
}

4
vault/request_forwarding_service.pb.go
View File

@ -1,7 +1,7 @@
// Code generated by protoc-gen-go. DO NOT EDIT.
// versions:
// protoc-gen-go v1.23.0
// protoc v3.13.0
// protoc-gen-go v1.25.0
// protoc v3.15.8
// source: vault/request_forwarding_service.proto
package vault

24
vendor/github.com/hashicorp/vault/sdk/database/dbplugin/database.pb.go generated vendored
View File

@ -1,7 +1,7 @@
// Code generated by protoc-gen-go. DO NOT EDIT.
// versions:
// protoc-gen-go v1.23.0
// protoc v3.13.0
// protoc-gen-go v1.25.0
// protoc v3.15.8
// source: sdk/database/dbplugin/database.proto
package dbplugin
@ -9,12 +9,12 @@ package dbplugin
import (
context "context"
proto "github.com/golang/protobuf/proto"
timestamp "github.com/golang/protobuf/ptypes/timestamp"
grpc "google.golang.org/grpc"
codes "google.golang.org/grpc/codes"
status "google.golang.org/grpc/status"
protoreflect "google.golang.org/protobuf/reflect/protoreflect"
protoimpl "google.golang.org/protobuf/runtime/protoimpl"
timestamppb "google.golang.org/protobuf/types/known/timestamppb"
reflect "reflect"
sync "sync"
)
@ -146,9 +146,9 @@ type CreateUserRequest struct {
sizeCache protoimpl.SizeCache
unknownFields protoimpl.UnknownFields
Statements *Statements `protobuf:"bytes,1,opt,name=statements,proto3" json:"statements,omitempty"`
UsernameConfig *UsernameConfig `protobuf:"bytes,2,opt,name=username_config,json=usernameConfig,proto3" json:"username_config,omitempty"`
Expiration *timestamp.Timestamp `protobuf:"bytes,3,opt,name=expiration,proto3" json:"expiration,omitempty"`
Statements *Statements `protobuf:"bytes,1,opt,name=statements,proto3" json:"statements,omitempty"`
UsernameConfig *UsernameConfig `protobuf:"bytes,2,opt,name=username_config,json=usernameConfig,proto3" json:"username_config,omitempty"`
Expiration *timestamppb.Timestamp `protobuf:"bytes,3,opt,name=expiration,proto3" json:"expiration,omitempty"`
}
func (x *CreateUserRequest) Reset() {
@ -197,7 +197,7 @@ func (x *CreateUserRequest) GetUsernameConfig() *UsernameConfig {
return nil
}
func (x *CreateUserRequest) GetExpiration() *timestamp.Timestamp {
func (x *CreateUserRequest) GetExpiration() *timestamppb.Timestamp {
if x != nil {
return x.Expiration
}
@ -209,9 +209,9 @@ type RenewUserRequest struct {
sizeCache protoimpl.SizeCache
unknownFields protoimpl.UnknownFields
Statements *Statements `protobuf:"bytes,1,opt,name=statements,proto3" json:"statements,omitempty"`
Username string `protobuf:"bytes,2,opt,name=username,proto3" json:"username,omitempty"`
Expiration *timestamp.Timestamp `protobuf:"bytes,3,opt,name=expiration,proto3" json:"expiration,omitempty"`
Statements *Statements `protobuf:"bytes,1,opt,name=statements,proto3" json:"statements,omitempty"`
Username string `protobuf:"bytes,2,opt,name=username,proto3" json:"username,omitempty"`
Expiration *timestamppb.Timestamp `protobuf:"bytes,3,opt,name=expiration,proto3" json:"expiration,omitempty"`
}
func (x *RenewUserRequest) Reset() {
@ -260,7 +260,7 @@ func (x *RenewUserRequest) GetUsername() string {
return ""
}
func (x *RenewUserRequest) GetExpiration() *timestamp.Timestamp {
func (x *RenewUserRequest) GetExpiration() *timestamppb.Timestamp {
if x != nil {
return x.Expiration
}
@ -1204,7 +1204,7 @@ var file_sdk_database_dbplugin_database_proto_goTypes = []interface{}{
(*StaticUserConfig)(nil), // 14: dbplugin.StaticUserConfig
(*SetCredentialsRequest)(nil), // 15: dbplugin.SetCredentialsRequest
(*SetCredentialsResponse)(nil), // 16: dbplugin.SetCredentialsResponse
(*timestamp.Timestamp)(nil), // 17: google.protobuf.Timestamp
(*timestamppb.Timestamp)(nil), // 17: google.protobuf.Timestamp
}
var file_sdk_database_dbplugin_database_proto_depIdxs = []int32{
6, // 0: dbplugin.CreateUserRequest.statements:type_name -> dbplugin.Statements

68
vendor/github.com/hashicorp/vault/sdk/database/dbplugin/v5/proto/database.pb.go generated vendored
View File

@ -1,7 +1,7 @@
// Code generated by protoc-gen-go. DO NOT EDIT.
// versions:
// protoc-gen-go v1.23.0
// protoc v3.13.0
// protoc-gen-go v1.25.0
// protoc v3.15.8
// source: sdk/database/dbplugin/v5/proto/database.proto
package proto
@ -9,13 +9,13 @@ package proto
import (
context "context"
proto "github.com/golang/protobuf/proto"
_struct "github.com/golang/protobuf/ptypes/struct"
timestamp "github.com/golang/protobuf/ptypes/timestamp"
grpc "google.golang.org/grpc"
codes "google.golang.org/grpc/codes"
status "google.golang.org/grpc/status"
protoreflect "google.golang.org/protobuf/reflect/protoreflect"
protoimpl "google.golang.org/protobuf/runtime/protoimpl"
structpb "google.golang.org/protobuf/types/known/structpb"
timestamppb "google.golang.org/protobuf/types/known/timestamppb"
reflect "reflect"
sync "sync"
)
@ -39,8 +39,8 @@ type InitializeRequest struct {
sizeCache protoimpl.SizeCache
unknownFields protoimpl.UnknownFields
ConfigData *_struct.Struct `protobuf:"bytes,1,opt,name=config_data,json=configData,proto3" json:"config_data,omitempty"`
VerifyConnection bool `protobuf:"varint,2,opt,name=verify_connection,json=verifyConnection,proto3" json:"verify_connection,omitempty"`
ConfigData *structpb.Struct `protobuf:"bytes,1,opt,name=config_data,json=configData,proto3" json:"config_data,omitempty"`
VerifyConnection bool `protobuf:"varint,2,opt,name=verify_connection,json=verifyConnection,proto3" json:"verify_connection,omitempty"`
}
func (x *InitializeRequest) Reset() {
@ -75,7 +75,7 @@ func (*InitializeRequest) Descriptor() ([]byte, []int) {
return file_sdk_database_dbplugin_v5_proto_database_proto_rawDescGZIP(), []int{0}
}
func (x *InitializeRequest) GetConfigData() *_struct.Struct {
func (x *InitializeRequest) GetConfigData() *structpb.Struct {
if x != nil {
return x.ConfigData
}
@ -94,7 +94,7 @@ type InitializeResponse struct {
sizeCache protoimpl.SizeCache
unknownFields protoimpl.UnknownFields
ConfigData *_struct.Struct `protobuf:"bytes,1,opt,name=config_data,json=configData,proto3" json:"config_data,omitempty"`
ConfigData *structpb.Struct `protobuf:"bytes,1,opt,name=config_data,json=configData,proto3" json:"config_data,omitempty"`
}
func (x *InitializeResponse) Reset() {
@ -129,7 +129,7 @@ func (*InitializeResponse) Descriptor() ([]byte, []int) {
return file_sdk_database_dbplugin_v5_proto_database_proto_rawDescGZIP(), []int{1}
}
func (x *InitializeResponse) GetConfigData() *_struct.Struct {
func (x *InitializeResponse) GetConfigData() *structpb.Struct {
if x != nil {
return x.ConfigData
}
@ -141,11 +141,11 @@ type NewUserRequest struct {
sizeCache protoimpl.SizeCache
unknownFields protoimpl.UnknownFields
UsernameConfig *UsernameConfig `protobuf:"bytes,1,opt,name=username_config,json=usernameConfig,proto3" json:"username_config,omitempty"`
Password string `protobuf:"bytes,2,opt,name=password,proto3" json:"password,omitempty"`
Expiration *timestamp.Timestamp `protobuf:"bytes,3,opt,name=expiration,proto3" json:"expiration,omitempty"`
Statements *Statements `protobuf:"bytes,4,opt,name=statements,proto3" json:"statements,omitempty"`
RollbackStatements *Statements `protobuf:"bytes,5,opt,name=rollback_statements,json=rollbackStatements,proto3" json:"rollback_statements,omitempty"`
UsernameConfig *UsernameConfig `protobuf:"bytes,1,opt,name=username_config,json=usernameConfig,proto3" json:"username_config,omitempty"`
Password string `protobuf:"bytes,2,opt,name=password,proto3" json:"password,omitempty"`
Expiration *timestamppb.Timestamp `protobuf:"bytes,3,opt,name=expiration,proto3" json:"expiration,omitempty"`
Statements *Statements `protobuf:"bytes,4,opt,name=statements,proto3" json:"statements,omitempty"`
RollbackStatements *Statements `protobuf:"bytes,5,opt,name=rollback_statements,json=rollbackStatements,proto3" json:"rollback_statements,omitempty"`
}
func (x *NewUserRequest) Reset() {
@ -194,7 +194,7 @@ func (x *NewUserRequest) GetPassword() string {
return ""
}
func (x *NewUserRequest) GetExpiration() *timestamp.Timestamp {
func (x *NewUserRequest) GetExpiration() *timestamppb.Timestamp {
if x != nil {
return x.Expiration
}
@ -443,8 +443,8 @@ type ChangeExpiration struct {
sizeCache protoimpl.SizeCache
unknownFields protoimpl.UnknownFields
NewExpiration *timestamp.Timestamp `protobuf:"bytes,1,opt,name=new_expiration,json=newExpiration,proto3" json:"new_expiration,omitempty"`
Statements *Statements `protobuf:"bytes,2,opt,name=statements,proto3" json:"statements,omitempty"`
NewExpiration *timestamppb.Timestamp `protobuf:"bytes,1,opt,name=new_expiration,json=newExpiration,proto3" json:"new_expiration,omitempty"`
Statements *Statements `protobuf:"bytes,2,opt,name=statements,proto3" json:"statements,omitempty"`
}
func (x *ChangeExpiration) Reset() {
@ -479,7 +479,7 @@ func (*ChangeExpiration) Descriptor() ([]byte, []int) {
return file_sdk_database_dbplugin_v5_proto_database_proto_rawDescGZIP(), []int{7}
}
func (x *ChangeExpiration) GetNewExpiration() *timestamp.Timestamp {
func (x *ChangeExpiration) GetNewExpiration() *timestamppb.Timestamp {
if x != nil {
return x.NewExpiration
}
@ -904,22 +904,22 @@ func file_sdk_database_dbplugin_v5_proto_database_proto_rawDescGZIP() []byte {
var file_sdk_database_dbplugin_v5_proto_database_proto_msgTypes = make([]protoimpl.MessageInfo, 14)
var file_sdk_database_dbplugin_v5_proto_database_proto_goTypes = []interface{}{
(*InitializeRequest)(nil), // 0: dbplugin.v5.InitializeRequest
(*InitializeResponse)(nil), // 1: dbplugin.v5.InitializeResponse
(*NewUserRequest)(nil), // 2: dbplugin.v5.NewUserRequest
(*UsernameConfig)(nil), // 3: dbplugin.v5.UsernameConfig
(*NewUserResponse)(nil), // 4: dbplugin.v5.NewUserResponse
(*UpdateUserRequest)(nil), // 5: dbplugin.v5.UpdateUserRequest
(*ChangePassword)(nil), // 6: dbplugin.v5.ChangePassword
(*ChangeExpiration)(nil), // 7: dbplugin.v5.ChangeExpiration
(*UpdateUserResponse)(nil), // 8: dbplugin.v5.UpdateUserResponse
(*DeleteUserRequest)(nil), // 9: dbplugin.v5.DeleteUserRequest
(*DeleteUserResponse)(nil), // 10: dbplugin.v5.DeleteUserResponse
(*TypeResponse)(nil), // 11: dbplugin.v5.TypeResponse
(*Statements)(nil), // 12: dbplugin.v5.Statements
(*Empty)(nil), // 13: dbplugin.v5.Empty
(*_struct.Struct)(nil), // 14: google.protobuf.Struct
(*timestamp.Timestamp)(nil), // 15: google.protobuf.Timestamp
(*InitializeRequest)(nil), // 0: dbplugin.v5.InitializeRequest
(*InitializeResponse)(nil), // 1: dbplugin.v5.InitializeResponse
(*NewUserRequest)(nil), // 2: dbplugin.v5.NewUserRequest
(*UsernameConfig)(nil), // 3: dbplugin.v5.UsernameConfig
(*NewUserResponse)(nil), // 4: dbplugin.v5.NewUserResponse
(*UpdateUserRequest)(nil), // 5: dbplugin.v5.UpdateUserRequest
(*ChangePassword)(nil), // 6: dbplugin.v5.ChangePassword
(*ChangeExpiration)(nil), // 7: dbplugin.v5.ChangeExpiration
(*UpdateUserResponse)(nil), // 8: dbplugin.v5.UpdateUserResponse
(*DeleteUserRequest)(nil), // 9: dbplugin.v5.DeleteUserRequest
(*DeleteUserResponse)(nil), // 10: dbplugin.v5.DeleteUserResponse
(*TypeResponse)(nil), // 11: dbplugin.v5.TypeResponse
(*Statements)(nil), // 12: dbplugin.v5.Statements
(*Empty)(nil), // 13: dbplugin.v5.Empty
(*structpb.Struct)(nil), // 14: google.protobuf.Struct
(*timestamppb.Timestamp)(nil), // 15: google.protobuf.Timestamp
}
var file_sdk_database_dbplugin_v5_proto_database_proto_depIdxs = []int32{
14, // 0: dbplugin.v5.InitializeRequest.config_data:type_name -> google.protobuf.Struct

6
vendor/github.com/hashicorp/vault/sdk/logical/error.go generated vendored
View File

@ -36,6 +36,12 @@ var (
// ErrRateLimitQuotaExceeded is returned when a request is rejected due to a
// rate limit quota being exceeded.
ErrRateLimitQuotaExceeded = errors.New("rate limit quota exceeded")
// ErrUnrecoverable is returned when a request fails due to something that
// is likely to require manual intervention. This is a generic form of an
// unrecoverable error.
// e.g.: misconfigured or disconnected storage backend.
ErrUnrecoverable = errors.New("unrecoverable error")
)
type HTTPCodedError interface {

4
vendor/github.com/hashicorp/vault/sdk/logical/identity.pb.go generated vendored
View File

@ -1,7 +1,7 @@
// Code generated by protoc-gen-go. DO NOT EDIT.
// versions:
// protoc-gen-go v1.23.0
// protoc v3.13.0
// protoc-gen-go v1.25.0
// protoc v3.15.8
// source: sdk/logical/identity.proto
package logical

4
vendor/github.com/hashicorp/vault/sdk/logical/plugin.pb.go generated vendored
View File

@ -1,7 +1,7 @@
// Code generated by protoc-gen-go. DO NOT EDIT.
// versions:
// protoc-gen-go v1.23.0
// protoc v3.13.0
// protoc-gen-go v1.25.0
// protoc v3.15.8
// source: sdk/logical/plugin.proto
package logical

25
vendor/github.com/hashicorp/vault/sdk/plugin/pb/backend.pb.go generated vendored
View File

@ -1,7 +1,7 @@
// Code generated by protoc-gen-go. DO NOT EDIT.
// versions:
// protoc-gen-go v1.23.0
// protoc v3.13.0
// protoc-gen-go v1.25.0
// protoc v3.15.8
// source: sdk/plugin/pb/backend.proto
package pb
@ -9,13 +9,13 @@ package pb
import (
context "context"
proto "github.com/golang/protobuf/proto"
timestamp "github.com/golang/protobuf/ptypes/timestamp"
logical "github.com/hashicorp/vault/sdk/logical"
grpc "google.golang.org/grpc"
codes "google.golang.org/grpc/codes"
status "google.golang.org/grpc/status"
protoreflect "google.golang.org/protobuf/reflect/protoreflect"
protoimpl "google.golang.org/protobuf/runtime/protoimpl"
timestamppb "google.golang.org/protobuf/types/known/timestamppb"
reflect "reflect"
sync "sync"
)
@ -132,6 +132,7 @@ type ProtoError struct {
// ErrTypeInvalidRequest
// ErrTypePermissionDenied
// ErrTypeMultiAuthzPending
// ErrTypeUnrecoverable
ErrType uint32 `sentinel:"" protobuf:"varint,1,opt,name=err_type,json=errType,proto3" json:"err_type,omitempty"`
ErrMsg string `sentinel:"" protobuf:"bytes,2,opt,name=err_msg,json=errMsg,proto3" json:"err_msg,omitempty"`
ErrCode int64 `sentinel:"" protobuf:"varint,3,opt,name=err_code,json=errCode,proto3" json:"err_code,omitempty"`
@ -927,11 +928,11 @@ type LeaseOptions struct {
sizeCache protoimpl.SizeCache
unknownFields protoimpl.UnknownFields
TTL int64 `sentinel:"" protobuf:"varint,1,opt,name=TTL,proto3" json:"TTL,omitempty"`
Renewable bool `sentinel:"" protobuf:"varint,2,opt,name=renewable,proto3" json:"renewable,omitempty"`
Increment int64 `sentinel:"" protobuf:"varint,3,opt,name=increment,proto3" json:"increment,omitempty"`
IssueTime *timestamp.Timestamp `sentinel:"" protobuf:"bytes,4,opt,name=issue_time,json=issueTime,proto3" json:"issue_time,omitempty"`
MaxTTL int64 `sentinel:"" protobuf:"varint,5,opt,name=MaxTTL,proto3" json:"MaxTTL,omitempty"`
TTL int64 `sentinel:"" protobuf:"varint,1,opt,name=TTL,proto3" json:"TTL,omitempty"`
Renewable bool `sentinel:"" protobuf:"varint,2,opt,name=renewable,proto3" json:"renewable,omitempty"`
Increment int64 `sentinel:"" protobuf:"varint,3,opt,name=increment,proto3" json:"increment,omitempty"`
IssueTime *timestamppb.Timestamp `sentinel:"" protobuf:"bytes,4,opt,name=issue_time,json=issueTime,proto3" json:"issue_time,omitempty"`
MaxTTL int64 `sentinel:"" protobuf:"varint,5,opt,name=MaxTTL,proto3" json:"MaxTTL,omitempty"`
}
func (x *LeaseOptions) Reset() {
@ -987,7 +988,7 @@ func (x *LeaseOptions) GetIncrement() int64 {
return 0
}
func (x *LeaseOptions) GetIssueTime() *timestamp.Timestamp {
func (x *LeaseOptions) GetIssueTime() *timestamppb.Timestamp {
if x != nil {
return x.IssueTime
}
@ -1196,7 +1197,7 @@ type ResponseWrapInfo struct {
Accessor string `sentinel:"" protobuf:"bytes,3,opt,name=accessor,proto3" json:"accessor,omitempty"`
// The creation time. This can be used with the TTL to figure out an
// expected expiration.
CreationTime *timestamp.Timestamp `sentinel:"" protobuf:"bytes,4,opt,name=creation_time,json=creationTime,proto3" json:"creation_time,omitempty"`
CreationTime *timestamppb.Timestamp `sentinel:"" protobuf:"bytes,4,opt,name=creation_time,json=creationTime,proto3" json:"creation_time,omitempty"`
// If the contained response is the output of a token creation call, the
// created token's accessor will be accessible here
WrappedAccessor string `sentinel:"" protobuf:"bytes,5,opt,name=wrapped_accessor,json=wrappedAccessor,proto3" json:"wrapped_accessor,omitempty"`
@ -1265,7 +1266,7 @@ func (x *ResponseWrapInfo) GetAccessor() string {
return ""
}
func (x *ResponseWrapInfo) GetCreationTime() *timestamp.Timestamp {
func (x *ResponseWrapInfo) GetCreationTime() *timestamppb.Timestamp {
if x != nil {
return x.CreationTime
}
@ -3684,7 +3685,7 @@ var file_sdk_plugin_pb_backend_proto_goTypes = []interface{}{
nil, // 50: pb.Response.HeadersEntry
nil, // 51: pb.SetupArgs.ConfigEntry
(*logical.Alias)(nil), // 52: logical.Alias
(*timestamp.Timestamp)(nil), // 53: google.protobuf.Timestamp
(*timestamppb.Timestamp)(nil), // 53: google.protobuf.Timestamp
(*logical.Entity)(nil), // 54: logical.Entity
(*logical.Group)(nil), // 55: logical.Group
(*logical.PluginEnvironment)(nil), // 56: logical.PluginEnvironment

1
vendor/github.com/hashicorp/vault/sdk/plugin/pb/backend.proto generated vendored
View File

@ -25,6 +25,7 @@ message ProtoError {
// ErrTypeInvalidRequest
// ErrTypePermissionDenied
// ErrTypeMultiAuthzPending
// ErrTypeUnrecoverable
uint32 err_type = 1;
string err_msg = 2;
int64 err_code = 3;

5
vendor/github.com/hashicorp/vault/sdk/plugin/pb/translation.go generated vendored
View File

@ -23,6 +23,7 @@ const (
ErrTypeInvalidRequest
ErrTypePermissionDenied
ErrTypeMultiAuthzPending
ErrTypeUnrecoverable
)
func ProtoErrToErr(e *ProtoError) error {
@ -52,6 +53,8 @@ func ProtoErrToErr(e *ProtoError) error {
err = logical.ErrPermissionDenied
case ErrTypeMultiAuthzPending:
err = logical.ErrMultiAuthzPending
case ErrTypeUnrecoverable:
err = logical.ErrUnrecoverable
}
return err
@ -89,6 +92,8 @@ func ErrToProtoErr(e error) *ProtoError {
pbErr.ErrType = ErrTypePermissionDenied
case e == logical.ErrMultiAuthzPending:
pbErr.ErrType = ErrTypeMultiAuthzPending
case e == logical.ErrUnrecoverable:
pbErr.ErrType = ErrTypeUnrecoverable
}
return pbErr