Spelling (#4119)
This commit is contained in:
parent
396ccd8699
commit
73b1fde82f
|
@ -417,7 +417,7 @@ BUG FIXES:
|
|||
DEPRECATIONS/CHANGES:
|
||||
|
||||
* HSM config parameter requirements: When using Vault with an HSM, a new
|
||||
paramter is required: `hmac_key_label`. This performs a similar function to
|
||||
parameter is required: `hmac_key_label`. This performs a similar function to
|
||||
`key_label` but for the HMAC key Vault will use. Vault will generate a
|
||||
suitable key if this value is specified and `generate_key` is set true.
|
||||
* API HTTP client behavior: When calling `NewClient` the API no longer
|
||||
|
@ -694,7 +694,7 @@ FEATURES:
|
|||
* **GCP IAM Auth Backend**: There is now an authentication backend that allows
|
||||
using GCP IAM credentials to retrieve Vault tokens. This is available as
|
||||
both a plugin and built-in to Vault.
|
||||
* **PingID Push Support for Path-Baased MFA (Enterprise)**: PingID Push can
|
||||
* **PingID Push Support for Path-Based MFA (Enterprise)**: PingID Push can
|
||||
now be used for MFA with the new path-based MFA introduced in Vault
|
||||
Enterprise 0.8.
|
||||
* **Permitted DNS Domains Support in PKI**: The `pki` backend now supports
|
||||
|
@ -820,7 +820,7 @@ IMPROVEMENTS:
|
|||
client certificate verification when `tls_require_and_verify_client_cert` is
|
||||
enabled [GH-3034]
|
||||
* storage/cockroachdb: Add CockroachDB storage backend [GH-2713]
|
||||
* storage/couchdb: Add CouchhDB storage backend [GH-2880]
|
||||
* storage/couchdb: Add CouchDB storage backend [GH-2880]
|
||||
* storage/mssql: Add `max_parallel` [GH-3026]
|
||||
* storage/postgresql: Add `max_parallel` [GH-3026]
|
||||
* storage/postgresql: Improve listing speed [GH-2945]
|
||||
|
|
2
Makefile
2
Makefile
|
@ -15,7 +15,7 @@ GO_VERSION_MIN=1.9
|
|||
|
||||
default: dev
|
||||
|
||||
# bin generates the releaseable binaries for Vault
|
||||
# bin generates the releasable binaries for Vault
|
||||
bin: prep
|
||||
@CGO_ENABLED=0 BUILD_TAGS='$(BUILD_TAGS)' sh -c "'$(CURDIR)/scripts/build.sh'"
|
||||
|
||||
|
|
|
@ -178,7 +178,7 @@ func (c *Logical) Unwrap(wrappingToken string) (*Secret, error) {
|
|||
wrappedSecret := new(Secret)
|
||||
buf := bytes.NewBufferString(secret.Data["response"].(string))
|
||||
if err := jsonutil.DecodeJSONFromReader(buf, wrappedSecret); err != nil {
|
||||
return nil, fmt.Errorf("error unmarshaling wrapped secret: %s", err)
|
||||
return nil, fmt.Errorf("error unmarshalling wrapped secret: %s", err)
|
||||
}
|
||||
|
||||
return wrappedSecret, nil
|
||||
|
|
|
@ -1190,7 +1190,7 @@ func TestSecret_TokenMetadata(t *testing.T) {
|
|||
false,
|
||||
},
|
||||
{
|
||||
"real_auth_metdata",
|
||||
"real_auth_metadata",
|
||||
&api.Secret{
|
||||
Auth: &api.SecretAuth{
|
||||
Metadata: map[string]string{"foo": "bar"},
|
||||
|
|
|
@ -78,7 +78,7 @@ func (c *Sys) DisableAuth(path string) error {
|
|||
}
|
||||
|
||||
// Structures for the requests/resposne are all down here. They aren't
|
||||
// individually documentd because the map almost directly to the raw HTTP API
|
||||
// individually documented because the map almost directly to the raw HTTP API
|
||||
// documentation. Please refer to that documentation for more details.
|
||||
|
||||
type EnableAuthOptions struct {
|
||||
|
|
|
@ -88,7 +88,7 @@ type roleIDStorageEntry struct {
|
|||
// role/<role_name>/bound-cidr-list - For updating the param
|
||||
// role/<role_name>/period - For updating the param
|
||||
// role/<role_name>/role-id - For fetching the role_id of an role
|
||||
// role/<role_name>/secret-id - For issuing a secret_id against an role, also to list the secret_id_accessorss
|
||||
// role/<role_name>/secret-id - For issuing a secret_id against an role, also to list the secret_id_accessors
|
||||
// role/<role_name>/custom-secret-id - For assigning a custom SecretID against an role
|
||||
// role/<role_name>/secret-id/lookup - For reading the properties of a secret_id
|
||||
// role/<role_name>/secret-id/destroy - For deleting a secret_id
|
||||
|
|
|
@ -235,7 +235,7 @@ func (b *backend) validateBindSecretID(ctx context.Context, req *logical.Request
|
|||
}
|
||||
|
||||
// If there exists a single use left, delete the SecretID entry from
|
||||
// the storage but do not fail the validation request. Subsequest
|
||||
// the storage but do not fail the validation request. Subsequent
|
||||
// requests to use the same SecretID will fail.
|
||||
if result.SecretIDNumUses == 1 {
|
||||
// Delete the secret IDs accessor first
|
||||
|
|
|
@ -46,7 +46,7 @@ type backend struct {
|
|||
// tidy the blacklist and whitelist entries.
|
||||
tidyCooldownPeriod time.Duration
|
||||
|
||||
// nextTidyTime holds the time at which the periodic func should initiatite
|
||||
// nextTidyTime holds the time at which the periodic func should initiate
|
||||
// the tidy operations. This is set by the periodicFunc based on the value
|
||||
// of tidyCooldownPeriod.
|
||||
nextTidyTime time.Time
|
||||
|
|
|
@ -1173,7 +1173,7 @@ func TestBackendAcc_LoginWithInstanceIdentityDocAndWhitelistIdentity(t *testing.
|
|||
t.Fatalf("bad: failed to login: resp:%#v\nerr:%v", resp, err)
|
||||
}
|
||||
|
||||
// Attempt to re-login with the identity signture
|
||||
// Attempt to re-login with the identity signature
|
||||
delete(loginInput, "pkcs7")
|
||||
loginInput["identity"] = identityDoc
|
||||
loginInput["signature"] = identityDocSig
|
||||
|
|
|
@ -416,14 +416,14 @@ func (b *backend) pathConfigCertificateCreateUpdate(ctx context.Context, req *lo
|
|||
}
|
||||
|
||||
// Struct awsPublicCert holds the AWS Public Key that is used to verify the PKCS#7 signature
|
||||
// of the instnace identity document.
|
||||
// of the instance identity document.
|
||||
type awsPublicCert struct {
|
||||
AWSPublicCert string `json:"aws_public_cert"`
|
||||
Type string `json:"type"`
|
||||
}
|
||||
|
||||
const pathConfigCertificateSyn = `
|
||||
Adds the AWS Public Key that is used to verify the PKCS#7 signature of the identidy document.
|
||||
Adds the AWS Public Key that is used to verify the PKCS#7 signature of the identity document.
|
||||
`
|
||||
|
||||
const pathConfigCertificateDesc = `
|
||||
|
|
|
@ -841,7 +841,7 @@ func (b *backend) pathLoginUpdateEc2(ctx context.Context, req *logical.Request,
|
|||
|
||||
// handleRoleTagLogin is used to fetch the role tag of the instance and
|
||||
// verifies it to be correct. Then the policies for the login request will be
|
||||
// set off of the role tag, if certain creteria satisfies.
|
||||
// set off of the role tag, if certain criteria satisfies.
|
||||
func (b *backend) handleRoleTagLogin(ctx context.Context, s logical.Storage, roleName string, roleEntry *awsRoleEntry, instance *ec2.Instance) (*roleTagLoginResponse, error) {
|
||||
if roleEntry == nil {
|
||||
return nil, fmt.Errorf("nil role entry")
|
||||
|
@ -1467,7 +1467,7 @@ func buildHttpRequest(method, endpoint string, parsedUrl *url.URL, body string,
|
|||
// The use cases we want to support, in order of increasing complexity, are:
|
||||
// 1. All defaults (client assumes sts.amazonaws.com and server has no override)
|
||||
// 2. Alternate STS regions: client wants to go to a specific region, in which case
|
||||
// Vault must be confiugred with that endpoint as well. The client's signed request
|
||||
// Vault must be configured with that endpoint as well. The client's signed request
|
||||
// will include a signature over what the client expects the Host header to be,
|
||||
// so we cannot change that and must match.
|
||||
// 3. Alternate STS regions with a proxy that is transparent to Vault's clients.
|
||||
|
@ -1477,14 +1477,14 @@ func buildHttpRequest(method, endpoint string, parsedUrl *url.URL, body string,
|
|||
// It's also annoying because:
|
||||
// 1. The AWS Sigv4 algorithm requires the Host header to be defined
|
||||
// 2. Some of the official SDKs (at least botocore and aws-sdk-go) don't actually
|
||||
// incude an explicit Host header in the HTTP requests they generate, relying on
|
||||
// include an explicit Host header in the HTTP requests they generate, relying on
|
||||
// the underlying HTTP library to do that for them.
|
||||
// 3. To get a validly signed request, the SDKs check if a Host header has been set
|
||||
// and, if not, add an inferred host header (based on the URI) to the internal
|
||||
// data structure used for calculating the signature, but never actually expose
|
||||
// that to clients. So then they just "hope" that the underlying library actually
|
||||
// adds the right Host header which was included in the signature calculation.
|
||||
// We could either explicity require all Vault clients to explicitly add the Host header
|
||||
// We could either explicitly require all Vault clients to explicitly add the Host header
|
||||
// in the encoded request, or we could also implicitly infer it from the URI.
|
||||
// We choose to support both -- allow you to explicitly set a Host header, but if not,
|
||||
// infer one from the URI.
|
||||
|
@ -1706,7 +1706,7 @@ implemented based on that inferred type.
|
|||
|
||||
An EC2 instance is authenticated using the PKCS#7 signature of the instance identity
|
||||
document and a client created nonce. This nonce should be unique and should be used by
|
||||
the instance for all future logins, unless 'disallow_reauthenitcation' option on the
|
||||
the instance for all future logins, unless 'disallow_reauthentication' option on the
|
||||
registered role is enabled, in which case client nonce is optional.
|
||||
|
||||
First login attempt, creates a whitelist entry in Vault associating the instance to the nonce
|
||||
|
|
|
@ -390,7 +390,7 @@ func createRoleTagNonce() (string, error) {
|
|||
}
|
||||
}
|
||||
|
||||
// Struct roleTag represents a role tag in a struc form.
|
||||
// Struct roleTag represents a role tag in a struct form.
|
||||
type roleTag struct {
|
||||
Version string `json:"version"`
|
||||
InstanceID string `json:"instance_id"`
|
||||
|
|
|
@ -1444,7 +1444,7 @@ func Test_Renew(t *testing.T) {
|
|||
t.Fatal("expected error")
|
||||
}
|
||||
|
||||
// Put the policies back, this shold be okay
|
||||
// Put the policies back, this should be okay
|
||||
fd.Raw["policies"] = "bar,foo"
|
||||
resp, err = b.pathCertWrite(context.Background(), req, fd)
|
||||
if err != nil {
|
||||
|
|
|
@ -42,7 +42,7 @@ func (h *CLIHandler) Help() string {
|
|||
help := `
|
||||
Usage: vault login -method=cert [CONFIG K=V...]
|
||||
|
||||
The certificate auth method allows uers to authenticate with a
|
||||
The certificate auth method allows users to authenticate with a
|
||||
client certificate passed with the request. The -client-cert and -client-key
|
||||
flags are included with the "vault login" command, NOT as configuration to the
|
||||
auth method.
|
||||
|
|
|
@ -266,7 +266,7 @@ func (b *backend) verifyCredentials(ctx context.Context, req *logical.Request, d
|
|||
func (b *backend) matchesConstraints(clientCert *x509.Certificate, trustedChain []*x509.Certificate, config *ParsedCert) bool {
|
||||
return !b.checkForChainInCRLs(trustedChain) &&
|
||||
b.matchesNames(clientCert, config) &&
|
||||
b.matchesCertificateExtenions(clientCert, config)
|
||||
b.matchesCertificateExtensions(clientCert, config)
|
||||
}
|
||||
|
||||
// matchesNames verifies that the certificate matches at least one configured
|
||||
|
@ -297,9 +297,9 @@ func (b *backend) matchesNames(clientCert *x509.Certificate, config *ParsedCert)
|
|||
return false
|
||||
}
|
||||
|
||||
// matchesCertificateExtenions verifies that the certificate matches configured
|
||||
// matchesCertificateExtensions verifies that the certificate matches configured
|
||||
// required extensions
|
||||
func (b *backend) matchesCertificateExtenions(clientCert *x509.Certificate, config *ParsedCert) bool {
|
||||
func (b *backend) matchesCertificateExtensions(clientCert *x509.Certificate, config *ParsedCert) bool {
|
||||
// If no required extensions, nothing to check here
|
||||
if len(config.Entry.RequiredExtensions) == 0 {
|
||||
return true
|
||||
|
|
|
@ -421,5 +421,5 @@ to set of policies.
|
|||
|
||||
Configuration of the server is done through the "config" and "groups"
|
||||
endpoints by a user with root access. Authentication is then done
|
||||
by suppying the two fields for "login".
|
||||
by supplying the two fields for "login".
|
||||
`
|
||||
|
|
|
@ -449,7 +449,7 @@ func testAccStepLogin(t *testing.T, user string, pass string) logicaltest.TestSt
|
|||
},
|
||||
Unauthenticated: true,
|
||||
|
||||
// Verifies user tesla maps to groups via local group (engineers) as well as remote group (Scientiests)
|
||||
// Verifies user tesla maps to groups via local group (engineers) as well as remote group (Scientists)
|
||||
Check: logicaltest.TestCheckAuth([]string{"bar", "default", "foo"}),
|
||||
}
|
||||
}
|
||||
|
@ -463,7 +463,7 @@ func testAccStepLoginNoGroupDN(t *testing.T, user string, pass string) logicalte
|
|||
},
|
||||
Unauthenticated: true,
|
||||
|
||||
// Verifies a search without defined GroupDN returns a warnting rather than failing
|
||||
// Verifies a search without defined GroupDN returns a warning rather than failing
|
||||
Check: func(resp *logical.Response) error {
|
||||
if len(resp.Warnings) != 1 {
|
||||
return fmt.Errorf("expected a warning due to no group dn, got: %#v", resp.Warnings)
|
||||
|
|
|
@ -106,7 +106,7 @@ func (b *backend) Login(ctx context.Context, req *logical.Request, username stri
|
|||
Data: map[string]interface{}{},
|
||||
}
|
||||
|
||||
// More about Okta's Auth transation state here:
|
||||
// More about Okta's Auth transaction state here:
|
||||
// https://developer.okta.com/docs/api/resources/authn#transaction-state
|
||||
|
||||
// If lockout failures are not configured to be hidden, the status needs to
|
||||
|
@ -321,5 +321,5 @@ groups are pulled down from Okta.
|
|||
|
||||
Configuration of the connection is done through the "config" and "policies"
|
||||
endpoints by a user with root access. Authentication is then done
|
||||
by suppying the two fields for "login".
|
||||
by supplying the two fields for "login".
|
||||
`
|
||||
|
|
|
@ -40,7 +40,7 @@ func pathConfig(b *backend) *framework.Path {
|
|||
},
|
||||
"base_url": &framework.FieldSchema{
|
||||
Type: framework.TypeString,
|
||||
Description: `The base domain to use for the Okta API. When not specified in the configuraiton, "okta.com" is used.`,
|
||||
Description: `The base domain to use for the Okta API. When not specified in the configuration, "okta.com" is used.`,
|
||||
},
|
||||
"production": &framework.FieldSchema{
|
||||
Type: framework.TypeBool,
|
||||
|
|
|
@ -59,8 +59,8 @@ a RADIUS server, checking username and associating users
|
|||
to set of policies.
|
||||
|
||||
Configuration of the server is done through the "config" and "users"
|
||||
endpoints by a user with approriate access mandated by policy.
|
||||
Authentication is then done by suppying the two fields for "login".
|
||||
endpoints by a user with appropriate access mandated by policy.
|
||||
Authentication is then done by supplying the two fields for "login".
|
||||
|
||||
The backend optionally allows to grant a set of policies to any
|
||||
user that successfully authenticates against the RADIUS server,
|
||||
|
|
|
@ -56,5 +56,5 @@ are supported.
|
|||
|
||||
The username/password combination is configured using the "users/"
|
||||
endpoints by a user with root access. Authentication is then done
|
||||
by suppying the two fields for "login".
|
||||
by supplying the two fields for "login".
|
||||
`
|
||||
|
|
|
@ -91,6 +91,6 @@ Configure the root credentials that are used to manage IAM.
|
|||
const pathConfigRootHelpDesc = `
|
||||
Before doing anything, the AWS backend needs credentials that are able
|
||||
to manage IAM policies, users, access keys, etc. This endpoint is used
|
||||
to configure those credentials. They don't necessarilly need to be root
|
||||
to configure those credentials. They don't necessarily need to be root
|
||||
keys as long as they have permission to manage IAM.
|
||||
`
|
||||
|
|
|
@ -213,7 +213,7 @@ Configure the connection information to talk to Cassandra.
|
|||
const pathConfigConnectionHelpDesc = `
|
||||
This path configures the connection information used to connect to Cassandra.
|
||||
|
||||
"hosts" is a comma-deliniated list of hostnames in the Cassandra cluster.
|
||||
"hosts" is a comma-delimited list of hostnames in the Cassandra cluster.
|
||||
|
||||
"username" and "password" are self-explanatory, although the given user
|
||||
must have superuser access within Cassandra. Note that since this backend
|
||||
|
|
|
@ -186,7 +186,7 @@ If no "creation_cql" parameter is given, a default will be used:
|
|||
This default should be suitable for Cassandra installations using the password
|
||||
authenticator but not configured to use authorization.
|
||||
|
||||
Similarly, the "rollback_cql" is used if user creation fails, in the absense of
|
||||
Similarly, the "rollback_cql" is used if user creation fails, in the absence of
|
||||
Cassandra transactions. The default should be suitable for almost any
|
||||
instance of Cassandra:
|
||||
|
||||
|
|
|
@ -250,7 +250,7 @@ commit_failure_policy: stop
|
|||
#
|
||||
# Valid values are either "auto" (omitting the value) or a value greater 0.
|
||||
#
|
||||
# Note that specifying a too large value will result in long running GCs and possbily
|
||||
# Note that specifying a too large value will result in long running GCs and possibly
|
||||
# out-of-memory errors. Keep the value at a small fraction of the heap.
|
||||
#
|
||||
# If you constantly see "prepared statements discarded in the last minute because
|
||||
|
@ -259,7 +259,7 @@ commit_failure_policy: stop
|
|||
# i.e. use bind markers for variable parts.
|
||||
#
|
||||
# Do only change the default value, if you really have more prepared statements than
|
||||
# fit in the cache. In most cases it is not neccessary to change this value.
|
||||
# fit in the cache. In most cases it is not necessary to change this value.
|
||||
# Constantly re-preparing statements is a performance penalty.
|
||||
#
|
||||
# Default value ("auto") is 1/256th of the heap or 10MB, whichever is greater
|
||||
|
@ -1021,7 +1021,7 @@ client_encryption_options:
|
|||
keystore: conf/.keystore
|
||||
keystore_password: cassandra
|
||||
# require_client_auth: false
|
||||
# Set trustore and truststore_password if require_client_auth is true
|
||||
# Set truststore and truststore_password if require_client_auth is true
|
||||
# truststore: conf/.truststore
|
||||
# truststore_password: cassandra
|
||||
# More advanced defaults below:
|
||||
|
@ -1080,7 +1080,7 @@ windows_timer_interval: 1
|
|||
|
||||
# Enables encrypting data at-rest (on disk). Different key providers can be plugged in, but the default reads from
|
||||
# a JCE-style keystore. A single keystore can hold multiple keys, but the one referenced by
|
||||
# the "key_alias" is the only key that will be used for encrypt opertaions; previously used keys
|
||||
# the "key_alias" is the only key that will be used for encrypt operations; previously used keys
|
||||
# can still (and should!) be in the keystore and will be used on decrypt operations
|
||||
# (to handle the case of key rotation).
|
||||
#
|
||||
|
@ -1114,7 +1114,7 @@ transparent_data_encryption_options:
|
|||
# tombstones seen in memory so we can return them to the coordinator, which
|
||||
# will use them to make sure other replicas also know about the deleted rows.
|
||||
# With workloads that generate a lot of tombstones, this can cause performance
|
||||
# problems and even exaust the server heap.
|
||||
# problems and even exhaust the server heap.
|
||||
# (http://www.datastax.com/dev/blog/cassandra-anti-patterns-queues-and-queue-like-datasets)
|
||||
# Adjust the thresholds here if you understand the dangers and want to
|
||||
# scan more tombstones anyway. These thresholds may also be adjusted at runtime
|
||||
|
|
|
@ -614,7 +614,7 @@ func TestBackend_roleCrud(t *testing.T) {
|
|||
}
|
||||
|
||||
if !reflect.DeepEqual(expected, actual) {
|
||||
t.Fatalf("Statements did not match, exepected %#v, got %#v", expected, actual)
|
||||
t.Fatalf("Statements did not match, expected %#v, got %#v", expected, actual)
|
||||
}
|
||||
|
||||
// Delete the role
|
||||
|
|
|
@ -67,7 +67,7 @@ func newPluginClient(ctx context.Context, sys pluginutil.RunnerUtil, pluginRunne
|
|||
return nil, errors.New("unsupported client type")
|
||||
}
|
||||
|
||||
// Wrap RPC implimentation in DatabasePluginClient
|
||||
// Wrap RPC implementation in DatabasePluginClient
|
||||
return &DatabasePluginClient{
|
||||
client: client,
|
||||
Database: db,
|
||||
|
|
|
@ -46,7 +46,7 @@ func PluginFactory(ctx context.Context, pluginName string, sys pluginutil.LookRu
|
|||
var ok bool
|
||||
db, ok = dbRaw.(Database)
|
||||
if !ok {
|
||||
return nil, fmt.Errorf("unsuported database type: %s", pluginName)
|
||||
return nil, fmt.Errorf("unsupported database type: %s", pluginName)
|
||||
}
|
||||
|
||||
transport = "builtin"
|
||||
|
|
|
@ -258,7 +258,7 @@ func TestPlugin_RevokeUser(t *testing.T) {
|
|||
t.Fatalf("err: %s", err)
|
||||
}
|
||||
|
||||
// Test default revoke statememts
|
||||
// Test default revoke statements
|
||||
err = db.RevokeUser(context.Background(), dbplugin.Statements{}, us)
|
||||
if err != nil {
|
||||
t.Fatalf("err: %s", err)
|
||||
|
@ -398,7 +398,7 @@ func TestPlugin_NetRPC_RevokeUser(t *testing.T) {
|
|||
t.Fatalf("err: %s", err)
|
||||
}
|
||||
|
||||
// Test default revoke statememts
|
||||
// Test default revoke statements
|
||||
err = db.RevokeUser(context.Background(), dbplugin.Statements{}, us)
|
||||
if err != nil {
|
||||
t.Fatalf("err: %s", err)
|
||||
|
|
|
@ -70,7 +70,7 @@ func (b *databaseBackend) pathCredsCreateRead() framework.OperationFunc {
|
|||
db, err = b.createDBObj(ctx, req.Storage, role.DBName)
|
||||
if err != nil {
|
||||
unlockFunc()
|
||||
return nil, fmt.Errorf("cound not retrieve db with name: %s, got error: %s", role.DBName, err)
|
||||
return nil, fmt.Errorf("could not retrieve db with name: %s, got error: %s", role.DBName, err)
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -64,7 +64,7 @@ func (b *databaseBackend) secretCredsRenew() framework.OperationFunc {
|
|||
db, err = b.createDBObj(ctx, req.Storage, role.DBName)
|
||||
if err != nil {
|
||||
unlockFunc()
|
||||
return nil, fmt.Errorf("cound not retrieve db with name: %s, got error: %s", role.DBName, err)
|
||||
return nil, fmt.Errorf("could not retrieve db with name: %s, got error: %s", role.DBName, err)
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -123,7 +123,7 @@ func (b *databaseBackend) secretCredsRevoke() framework.OperationFunc {
|
|||
db, err = b.createDBObj(ctx, req.Storage, role.DBName)
|
||||
if err != nil {
|
||||
unlockFunc()
|
||||
return nil, fmt.Errorf("cound not retrieve db with name: %s, got error: %s", role.DBName, err)
|
||||
return nil, fmt.Errorf("could not retrieve db with name: %s, got error: %s", role.DBName, err)
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -141,7 +141,7 @@ func (b *backend) secretCredsRevoke(ctx context.Context, req *logical.Request, d
|
|||
|
||||
// can't drop if not all database users are dropped
|
||||
if rows.Err() != nil {
|
||||
return nil, fmt.Errorf("cound not generate sql statements for all rows: %s", rows.Err())
|
||||
return nil, fmt.Errorf("could not generate sql statements for all rows: %s", rows.Err())
|
||||
}
|
||||
if lastStmtError != nil {
|
||||
return nil, fmt.Errorf("could not perform all sql statements: %s", lastStmtError)
|
||||
|
|
|
@ -59,8 +59,8 @@ func (b *backend) pathRoleCreateRead(ctx context.Context, req *logical.Request,
|
|||
// - the token display name, truncated to role.displaynameLength (default 4)
|
||||
// - a UUID
|
||||
//
|
||||
// the entire contactenated string is then truncated to role.usernameLength,
|
||||
// which by default is 16 due to limitations in older but still-prevalant
|
||||
// the entire concatenated string is then truncated to role.usernameLength,
|
||||
// which by default is 16 due to limitations in older but still-prevalent
|
||||
// versions of MySQL.
|
||||
roleName := name
|
||||
if len(roleName) > role.RolenameLength {
|
||||
|
|
|
@ -212,7 +212,7 @@ func TestBackend_renew_revoke(t *testing.T) {
|
|||
if err := mapstructure.Decode(resp.Data, &d); err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
t.Logf("[WARN] Generated token: %s with accesor %s", d.Token, d.Accessor)
|
||||
t.Logf("[WARN] Generated token: %s with accessor %s", d.Token, d.Accessor)
|
||||
|
||||
// Build a client and verify that the credentials work
|
||||
nomadapiConfig := nomadapi.DefaultConfig()
|
||||
|
|
|
@ -56,7 +56,7 @@ func (b *backend) pathTokenRead(ctx context.Context, req *logical.Request, d *fr
|
|||
// Generate a name for the token
|
||||
tokenName := fmt.Sprintf("vault-%s-%s-%d", name, req.DisplayName, time.Now().UnixNano())
|
||||
|
||||
// Handling nomad maximum token lenght
|
||||
// Handling nomad maximum token length
|
||||
// https://github.com/hashicorp/nomad/blob/d9276e22b3b74674996fb548cdb6bc4c70d5b0e4/nomad/structs/structs.go#L115
|
||||
if len(tokenName) > 64 {
|
||||
tokenName = tokenName[0:63]
|
||||
|
|
|
@ -592,7 +592,7 @@ func generateURLSteps(t *testing.T, caCert, caKey string, intdata, reqdata map[s
|
|||
return fmt.Errorf("expected an error response but did not get one")
|
||||
}
|
||||
if !strings.Contains(resp.Data["error"].(string), "2048") {
|
||||
return fmt.Errorf("recieved an error but not about a 1024-bit key, error was: %s", resp.Data["error"].(string))
|
||||
return fmt.Errorf("received an error but not about a 1024-bit key, error was: %s", resp.Data["error"].(string))
|
||||
}
|
||||
|
||||
return nil
|
||||
|
@ -2445,7 +2445,7 @@ func TestBackend_SignVerbatim(t *testing.T) {
|
|||
}
|
||||
}
|
||||
|
||||
func TestBackend_Root_Idempotentcy(t *testing.T) {
|
||||
func TestBackend_Root_Idempotency(t *testing.T) {
|
||||
coreConfig := &vault.CoreConfig{
|
||||
LogicalBackends: map[string]logical.Factory{
|
||||
"pki": Factory,
|
||||
|
|
|
@ -385,7 +385,7 @@ func validateNames(data *dataBundle, names []string) string {
|
|||
splitDisplay := strings.Split(data.req.DisplayName, "@")
|
||||
if len(splitDisplay) == 2 {
|
||||
// Compare the sanitized name against the hostname
|
||||
// portion of the email address in the roken
|
||||
// portion of the email address in the broken
|
||||
// display name
|
||||
if strings.HasSuffix(sanitizedName, "."+splitDisplay[1]) {
|
||||
continue
|
||||
|
@ -515,7 +515,7 @@ func generateCert(ctx context.Context,
|
|||
return nil, err
|
||||
}
|
||||
if data.params == nil {
|
||||
return nil, errutil.InternalError{Err: "nil paramaters received from parameter bundle generation"}
|
||||
return nil, errutil.InternalError{Err: "nil parameters received from parameter bundle generation"}
|
||||
}
|
||||
|
||||
if isCA {
|
||||
|
@ -562,7 +562,7 @@ func generateIntermediateCSR(b *backend, data *dataBundle) (*certutil.ParsedCSRB
|
|||
return nil, err
|
||||
}
|
||||
if data.params == nil {
|
||||
return nil, errutil.InternalError{Err: "nil paramaters received from parameter bundle generation"}
|
||||
return nil, errutil.InternalError{Err: "nil parameters received from parameter bundle generation"}
|
||||
}
|
||||
|
||||
parsedBundle, err := createCSR(data)
|
||||
|
@ -668,7 +668,7 @@ func signCert(b *backend,
|
|||
return nil, err
|
||||
}
|
||||
if data.params == nil {
|
||||
return nil, errutil.InternalError{Err: "nil paramaters received from parameter bundle generation"}
|
||||
return nil, errutil.InternalError{Err: "nil parameters received from parameter bundle generation"}
|
||||
}
|
||||
|
||||
data.params.IsCA = isCA
|
||||
|
@ -966,7 +966,7 @@ func generateCreationBundle(b *backend, data *dataBundle) error {
|
|||
return nil
|
||||
}
|
||||
|
||||
// addKeyUsages adds approrpiate key usages to the template given the creation
|
||||
// addKeyUsages adds appropriate key usages to the template given the creation
|
||||
// information
|
||||
func addKeyUsages(data *dataBundle, certTemplate *x509.Certificate) {
|
||||
if data.params.IsCA {
|
||||
|
|
|
@ -246,7 +246,7 @@ func TestPki_RoleOUOrganizationUpgrade(t *testing.T) {
|
|||
}
|
||||
organization := resp.Data["organization"].([]string)
|
||||
if len(organization) != 2 {
|
||||
t.Fatalf("organziation should have 2 values")
|
||||
t.Fatalf("organization should have 2 values")
|
||||
}
|
||||
|
||||
// Check that old key usage value is nil
|
||||
|
|
|
@ -164,7 +164,7 @@ seconds or a string duration like "72h".
|
|||
All certificates and/or revocation information currently stored in the backend
|
||||
will be checked when this endpoint is hit. The expiration of the
|
||||
certificate/revocation information of each certificate being held in
|
||||
certificate storage or in revocation infomation will then be checked. If the
|
||||
certificate storage or in revocation information will then be checked. If the
|
||||
current time, minus the value of 'safety_buffer', is greater than the
|
||||
expiration, it will be removed.
|
||||
`
|
||||
|
|
|
@ -100,7 +100,7 @@ func (b *backend) DB(ctx context.Context, s logical.Storage) (*sql.DB, error) {
|
|||
conn = connConfig.ConnectionString
|
||||
}
|
||||
|
||||
// Ensure timezone is set to UTC for all the conenctions
|
||||
// Ensure timezone is set to UTC for all the connections
|
||||
if strings.HasPrefix(conn, "postgres://") || strings.HasPrefix(conn, "postgresql://") {
|
||||
if strings.Contains(conn, "?") {
|
||||
conn += "&timezone=utc"
|
||||
|
|
|
@ -89,7 +89,7 @@ func (b *backend) Client(ctx context.Context, s logical.Storage) (*rabbithole.Cl
|
|||
b.lock.Lock()
|
||||
defer b.lock.Unlock()
|
||||
|
||||
// If the client was creted during the lock switch, return it
|
||||
// If the client was created during the lock switch, return it
|
||||
if b.client != nil {
|
||||
return b.client, nil
|
||||
}
|
||||
|
|
|
@ -273,7 +273,7 @@ func pathRoles(b *backend) *framework.Path {
|
|||
Description: `
|
||||
[Not applicable for Dynamic type] [Not applicable for OTP type] [Optional for CA type]
|
||||
When supplied, this value specifies a custom format for the key id of a signed certificate.
|
||||
The following variables are availble for use: '{{token_display_name}}' - The display name of
|
||||
The following variables are available for use: '{{token_display_name}}' - The display name of
|
||||
the token used to make the request. '{{role_name}}' - The name of the role signing the request.
|
||||
'{{public_key_hash}}' - A SHA256 checksum of the public key that is being signed.
|
||||
`,
|
||||
|
@ -490,7 +490,7 @@ func (b *backend) getRole(ctx context.Context, s logical.Storage, n string) (*ss
|
|||
}
|
||||
|
||||
// parseRole converts a sshRole object into its map[string]interface representation,
|
||||
// with appropriate values for each KeyType. If the KeyType is invalid, it will retun
|
||||
// with appropriate values for each KeyType. If the KeyType is invalid, it will return
|
||||
// an error.
|
||||
func (b *backend) parseRole(role *sshRole) (map[string]interface{}, error) {
|
||||
var result map[string]interface{}
|
||||
|
|
|
@ -95,7 +95,7 @@ Validate the OTP provided by Vault SSH Agent.
|
|||
`
|
||||
|
||||
const pathVerifyHelpDesc = `
|
||||
This path will be used by Vault SSH Agent runnin in the remote hosts. The OTP
|
||||
This path will be used by Vault SSH Agent running in the remote hosts. The OTP
|
||||
provided by the client is sent to Vault for validation by the agent. If Vault
|
||||
finds an entry for the OTP, it responds with the username and IP it is associated
|
||||
with. Agent uses this information to authenticate the client. Vault deletes the
|
||||
|
|
|
@ -180,5 +180,5 @@ const pathConfigHelpSyn = `Configure a named encryption key`
|
|||
const pathConfigHelpDesc = `
|
||||
This path is used to configure the named key. Currently, this
|
||||
supports adjusting the minimum version of the key allowed to
|
||||
be used for decryption via the min_decryption_version paramter.
|
||||
be used for decryption via the min_decryption_version parameter.
|
||||
`
|
||||
|
|
|
@ -43,7 +43,7 @@ type BatchResponseItem struct {
|
|||
// request item
|
||||
Ciphertext string `json:"ciphertext,omitempty" structs:"ciphertext" mapstructure:"ciphertext"`
|
||||
|
||||
// Plaintext for the ciphertext present in the corresponsding batch
|
||||
// Plaintext for the ciphertext present in the corresponding batch
|
||||
// request item
|
||||
Plaintext string `json:"plaintext,omitempty" structs:"plaintext" mapstructure:"plaintext"`
|
||||
|
||||
|
|
|
@ -114,7 +114,7 @@ func (b *backend) pathPolicyExportRead(ctx context.Context, req *logical.Request
|
|||
}
|
||||
|
||||
if versionValue < p.MinDecryptionVersion {
|
||||
return logical.ErrorResponse("version for export is below minimun decryption version"), logical.ErrInvalidRequest
|
||||
return logical.ErrorResponse("version for export is below minimum decryption version"), logical.ErrInvalidRequest
|
||||
}
|
||||
key, ok := p.Keys[strconv.Itoa(versionValue)]
|
||||
if !ok {
|
||||
|
|
|
@ -258,7 +258,7 @@ func TestTransit_Export_KeysNotMarkedExportable_ReturnsError(t *testing.T) {
|
|||
t.Fatal(err)
|
||||
}
|
||||
if !rsp.IsError() {
|
||||
t.Fatal("Key not marked as exportble but was exported.")
|
||||
t.Fatal("Key not marked as exportable but was exported.")
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -407,7 +407,7 @@ func TestTransit_Export_EncryptionKey_DoesNotExportHMACKey(t *testing.T) {
|
|||
t.Error("could not cast to keys object")
|
||||
}
|
||||
if len(hmacKeys) != len(encryptionKeys) {
|
||||
t.Errorf("hmac (%d) and encyryption (%d) key count don't match",
|
||||
t.Errorf("hmac (%d) and encryption (%d) key count don't match",
|
||||
len(hmacKeys), len(encryptionKeys))
|
||||
}
|
||||
|
||||
|
|
|
@ -73,7 +73,7 @@ func TestTransit_Random(t *testing.T) {
|
|||
}
|
||||
rand2 := getResponse()
|
||||
if len(rand1) != numBytes || len(rand2) != numBytes {
|
||||
t.Fatal("length of output random bytes not what is exepcted")
|
||||
t.Fatal("length of output random bytes not what is expected")
|
||||
}
|
||||
if reflect.DeepEqual(rand1, rand2) {
|
||||
t.Fatal("found identical ouputs")
|
||||
|
|
|
@ -42,7 +42,7 @@ func TestBackend_Factory(t *testing.T) {
|
|||
|
||||
func TestBackend_PluginMain(t *testing.T) {
|
||||
args := []string{}
|
||||
if os.Getenv(pluginutil.PluginUnwrapTokenEnv) == "" && os.Getenv(pluginutil.PluginMetadaModeEnv) != "true" {
|
||||
if os.Getenv(pluginutil.PluginUnwrapTokenEnv) == "" && os.Getenv(pluginutil.PluginMetadataModeEnv) != "true" {
|
||||
return
|
||||
}
|
||||
|
||||
|
|
|
@ -81,7 +81,7 @@ func (c *AuthCommand) Run(args []string) int {
|
|||
"WARNING! The -method-help flag is deprecated. Please use "+
|
||||
"\"vault auth help\" instead. This flag will be removed in "+
|
||||
"Vault 0.11 (or later).") + "\n")
|
||||
// Parse the args to pull out the method, surpressing any errors because
|
||||
// Parse the args to pull out the method, suppressing any errors because
|
||||
// there could be other flags that we don't care about.
|
||||
f := flag.NewFlagSet("", flag.ContinueOnError)
|
||||
f.Usage = func() {}
|
||||
|
|
|
@ -192,7 +192,7 @@ func (c *BaseCommand) flagSet(bit FlagSetBit) *FlagSets {
|
|||
Completion: complete.PredictFiles("*"),
|
||||
Usage: "Path on the local disk to a single PEM-encoded CA " +
|
||||
"certificate to verify the Vault server's SSL certificate. This " +
|
||||
"takes precendence over -ca-path.",
|
||||
"takes precedence over -ca-path.",
|
||||
})
|
||||
|
||||
f.StringVar(&StringVar{
|
||||
|
|
|
@ -151,14 +151,14 @@ func parseArgsDataString(stdin io.Reader, args []string) (map[string]string, err
|
|||
return result, nil
|
||||
}
|
||||
|
||||
// truncateToSeconds truncates the given duaration to the number of seconds. If
|
||||
// truncateToSeconds truncates the given duration to the number of seconds. If
|
||||
// the duration is less than 1s, it is returned as 0. The integer represents
|
||||
// the whole number unit of seconds for the duration.
|
||||
func truncateToSeconds(d time.Duration) int {
|
||||
d = d.Truncate(1 * time.Second)
|
||||
|
||||
// Handle the case where someone requested a ridiculously short increment -
|
||||
// incremenents must be larger than a second.
|
||||
// increments must be larger than a second.
|
||||
if d < 1*time.Second {
|
||||
return 0
|
||||
}
|
||||
|
|
|
@ -67,7 +67,7 @@ func PredictClient() *api.Client {
|
|||
}
|
||||
|
||||
// PredictVaultAvailableMounts returns a predictor for the available mounts in
|
||||
// Vault. For now, there is no way to programatically get this list. If, in the
|
||||
// Vault. For now, there is no way to programmatically get this list. If, in the
|
||||
// future, such a list exists, we can adapt it here. Until then, it's
|
||||
// hard-coded.
|
||||
func (b *BaseCommand) PredictVaultAvailableMounts() complete.Predictor {
|
||||
|
@ -88,7 +88,7 @@ func (b *BaseCommand) PredictVaultAvailableMounts() complete.Predictor {
|
|||
}
|
||||
|
||||
// PredictVaultAvailableAuths returns a predictor for the available auths in
|
||||
// Vault. For now, there is no way to programatically get this list. If, in the
|
||||
// Vault. For now, there is no way to programmatically get this list. If, in the
|
||||
// future, such a list exists, we can adapt it here. Until then, it's
|
||||
// hard-coded.
|
||||
func (b *BaseCommand) PredictVaultAvailableAuths() complete.Predictor {
|
||||
|
|
|
@ -222,7 +222,7 @@ func (c *LoginCommand) Run(args []string) int {
|
|||
stdin = c.testStdin
|
||||
}
|
||||
|
||||
// If the user provided a token, pass it along to the auth provier.
|
||||
// If the user provided a token, pass it along to the auth provider.
|
||||
if authMethod == "token" && len(args) > 0 && !strings.Contains(args[0], "=") {
|
||||
args = append([]string{"token=" + args[0]}, args[1:]...)
|
||||
}
|
||||
|
@ -349,7 +349,7 @@ func (c *LoginCommand) Run(args []string) int {
|
|||
|
||||
// extractToken extracts the token from the given secret, automatically
|
||||
// unwrapping responses and handling error conditions if unwrap is true. The
|
||||
// result also returns whether it was a wrapped resonse that was not unwrapped.
|
||||
// result also returns whether it was a wrapped response that was not unwrapped.
|
||||
func (c *LoginCommand) extractToken(client *api.Client, secret *api.Secret, unwrap bool) (*api.Secret, bool, error) {
|
||||
switch {
|
||||
case secret == nil:
|
||||
|
|
|
@ -211,7 +211,7 @@ func TestLoginCommand_Run(t *testing.T) {
|
|||
|
||||
// Verify the token was not stored
|
||||
if storedToken, err := tokenHelper.Get(); err != nil || storedToken != "" {
|
||||
t.Fatalf("expted token to not be stored: %s: %q", err, storedToken)
|
||||
t.Fatalf("expected token to not be stored: %s: %q", err, storedToken)
|
||||
}
|
||||
})
|
||||
|
||||
|
|
|
@ -138,7 +138,7 @@ func RunCustom(args []string, runOpts *RunOptions) int {
|
|||
return 1
|
||||
}
|
||||
|
||||
// Only use colored UI if stdoout is a tty, and not disabled
|
||||
// Only use colored UI if stdout is a tty, and not disabled
|
||||
if isTerminal && color && format == "table" {
|
||||
ui.Ui = &cli.ColoredUi{
|
||||
ErrorColor: cli.UiColorRed,
|
||||
|
|
|
@ -383,7 +383,7 @@ func (c *OperatorInitCommand) consulAuto(client *api.Client, req *api.InitReques
|
|||
// Update the client to connect to this Vault server
|
||||
client.SetAddress(vaultAddr)
|
||||
|
||||
// Let the client know that initialization is perfomed on the
|
||||
// Let the client know that initialization is performed on the
|
||||
// discovered node.
|
||||
c.UI.Output(wrapAtLength(fmt.Sprintf(
|
||||
"Discovered an initialized Vault node at %q with Consul service name "+
|
||||
|
|
|
@ -900,7 +900,7 @@ CLUSTER_SYNTHESIS_COMPLETE:
|
|||
case <-c.ShutdownCh:
|
||||
c.UI.Output("==> Vault shutdown triggered")
|
||||
|
||||
// Stop the listners so that we don't process further client requests.
|
||||
// Stop the listeners so that we don't process further client requests.
|
||||
c.cleanupGuard.Do(listenerCloseFunc)
|
||||
|
||||
// Shutdown will wait until after Vault is sealed, which means the
|
||||
|
@ -1196,7 +1196,7 @@ func (c *ServerCommand) enableThreeNodeDevCluster(base *vault.CoreConfig, info m
|
|||
case <-c.ShutdownCh:
|
||||
c.UI.Output("==> Vault shutdown triggered")
|
||||
|
||||
// Stop the listners so that we don't process further client requests.
|
||||
// Stop the listeners so that we don't process further client requests.
|
||||
c.cleanupGuard.Do(testCluster.Cleanup)
|
||||
|
||||
// Shutdown will wait until after Vault is sealed, which means the
|
||||
|
|
|
@ -173,11 +173,11 @@ type Telemetry struct {
|
|||
CirconusCheckID string `hcl:"circonus_check_id"`
|
||||
// CirconusCheckForceMetricActivation will force enabling metrics, as they are encountered,
|
||||
// if the metric already exists and is NOT active. If check management is enabled, the default
|
||||
// behavior is to add new metrics as they are encoutered. If the metric already exists in the
|
||||
// behavior is to add new metrics as they are encountered. If the metric already exists in the
|
||||
// check, it will *NOT* be activated. This setting overrides that behavior.
|
||||
// Default: "false"
|
||||
CirconusCheckForceMetricActivation string `hcl:"circonus_check_force_metric_activation"`
|
||||
// CirconusCheckInstanceID serves to uniquely identify the metrics comming from this "instance".
|
||||
// CirconusCheckInstanceID serves to uniquely identify the metrics coming from this "instance".
|
||||
// It can be used to maintain metric continuity with transient or ephemeral instances as
|
||||
// they move around within an infrastructure.
|
||||
// Default: hostname:app
|
||||
|
|
|
@ -139,7 +139,7 @@ func TestUnwrapCommand_Run(t *testing.T) {
|
|||
cmd.client = client
|
||||
cmd.client.SetToken(wrappedToken)
|
||||
|
||||
// Intentionally don't pass the token here - it shoudl use the local token
|
||||
// Intentionally don't pass the token here - it should use the local token
|
||||
code := cmd.Run([]string{})
|
||||
if exp := 0; code != exp {
|
||||
t.Errorf("expected %d to be %d", code, exp)
|
||||
|
|
|
@ -211,7 +211,7 @@ func (c *CertBundle) ToParsedCertBundle() (*ParsedCertBundle, error) {
|
|||
result.CAChain = append(result.CAChain, certBlock)
|
||||
}
|
||||
|
||||
// For backwards compabitibility
|
||||
// For backwards compatibility
|
||||
case len(c.IssuingCA) > 0:
|
||||
pemBlock, _ = pem.Decode([]byte(c.IssuingCA))
|
||||
if pemBlock == nil {
|
||||
|
@ -523,7 +523,7 @@ func (p *ParsedCSRBundle) SetParsedPrivateKey(privateKey crypto.Signer, privateK
|
|||
}
|
||||
|
||||
// GetTLSConfig returns a TLS config generally suitable for client
|
||||
// authentiation. The returned TLS config can be modified slightly
|
||||
// authentication. The returned TLS config can be modified slightly
|
||||
// to be made suitable for a server requiring client authentication;
|
||||
// specifically, you should set the value of ClientAuth in the returned
|
||||
// config to match your needs.
|
||||
|
|
|
@ -33,7 +33,7 @@ const (
|
|||
)
|
||||
|
||||
// SnappyReadCloser embeds the snappy reader which implements the io.Reader
|
||||
// interface. The decompress procedure in this utility expectes an
|
||||
// interface. The decompress procedure in this utility expects an
|
||||
// io.ReadCloser. This type implements the io.Closer interface to retain the
|
||||
// generic way of decompression.
|
||||
type SnappyReadCloser struct {
|
||||
|
|
|
@ -82,7 +82,7 @@ func TestCompressUtil_CompressDecompress(t *testing.T) {
|
|||
if len(compressedJSONBytes) == 0 {
|
||||
t.Fatal("failed to compress data in lzw format")
|
||||
}
|
||||
// Check the presense of the canary
|
||||
// Check the presence of the canary
|
||||
if compressedJSONBytes[0] != CompressionCanaryLzw {
|
||||
t.Fatalf("bad: compression canary: expected: %d actual: %d", CompressionCanaryLzw, compressedJSONBytes[0])
|
||||
}
|
||||
|
@ -113,7 +113,7 @@ func TestCompressUtil_CompressDecompress(t *testing.T) {
|
|||
if len(compressedJSONBytes) == 0 {
|
||||
t.Fatal("failed to compress data in lzw format")
|
||||
}
|
||||
// Check the presense of the canary
|
||||
// Check the presence of the canary
|
||||
if compressedJSONBytes[0] != CompressionCanaryGzip {
|
||||
t.Fatalf("bad: compression canary: expected: %d actual: %d", CompressionCanaryGzip, compressedJSONBytes[0])
|
||||
}
|
||||
|
@ -145,7 +145,7 @@ func TestCompressUtil_CompressDecompress(t *testing.T) {
|
|||
if len(compressedJSONBytes) == 0 {
|
||||
t.Fatal("failed to compress data in lzw format")
|
||||
}
|
||||
// Check the presense of the canary
|
||||
// Check the presence of the canary
|
||||
if compressedJSONBytes[0] != CompressionCanaryGzip {
|
||||
t.Fatalf("bad: compression canary: expected: %d actual: %d", CompressionCanaryGzip, compressedJSONBytes[0])
|
||||
}
|
||||
|
@ -177,7 +177,7 @@ func TestCompressUtil_CompressDecompress(t *testing.T) {
|
|||
if len(compressedJSONBytes) == 0 {
|
||||
t.Fatal("failed to compress data in lzw format")
|
||||
}
|
||||
// Check the presense of the canary
|
||||
// Check the presence of the canary
|
||||
if compressedJSONBytes[0] != CompressionCanaryGzip {
|
||||
t.Fatalf("bad: compression canary: expected: %d actual: %d", CompressionCanaryGzip, compressedJSONBytes[0])
|
||||
}
|
||||
|
@ -209,7 +209,7 @@ func TestCompressUtil_CompressDecompress(t *testing.T) {
|
|||
if len(compressedJSONBytes) == 0 {
|
||||
t.Fatal("failed to compress data in lzw format")
|
||||
}
|
||||
// Check the presense of the canary
|
||||
// Check the presence of the canary
|
||||
if compressedJSONBytes[0] != CompressionCanaryGzip {
|
||||
t.Fatalf("bad: compression canary: expected: %d actual: %d",
|
||||
CompressionCanaryGzip, compressedJSONBytes[0])
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
package consts
|
||||
|
||||
const (
|
||||
// ExpirationRestoreWorkerCount specifies the numer of workers to use while
|
||||
// ExpirationRestoreWorkerCount specifies the number of workers to use while
|
||||
// restoring leases into the expiration manager
|
||||
ExpirationRestoreWorkerCount = 64
|
||||
)
|
||||
|
|
|
@ -91,7 +91,7 @@ func DecodeJSONFromReader(r io.Reader, out interface{}) error {
|
|||
|
||||
dec := json.NewDecoder(r)
|
||||
|
||||
// While decoding JSON values, intepret the integer values as `json.Number`s instead of `float64`.
|
||||
// While decoding JSON values, interpret the integer values as `json.Number`s instead of `float64`.
|
||||
dec.UseNumber()
|
||||
|
||||
// Since 'out' is an interface representing a pointer, pass it to the decoder without an '&'
|
||||
|
|
|
@ -162,7 +162,7 @@ func (lm *LockManager) GetPolicyShared(ctx context.Context, storage logical.Stor
|
|||
return p, lock, err
|
||||
}
|
||||
|
||||
// Try again while asking for an exlusive lock
|
||||
// Try again while asking for an exclusive lock
|
||||
p, lock, _, err = lm.getPolicyCommon(ctx, PolicyRequest{
|
||||
Storage: storage,
|
||||
Name: name,
|
||||
|
@ -201,7 +201,7 @@ func (lm *LockManager) GetPolicyUpsert(ctx context.Context, req PolicyRequest) (
|
|||
return p, lock, false, err
|
||||
}
|
||||
|
||||
// Try again while asking for an exlusive lock
|
||||
// Try again while asking for an exclusive lock
|
||||
p, lock, upserted, err := lm.getPolicyCommon(ctx, req, exclusive)
|
||||
if err != nil || p == nil || lock == nil {
|
||||
return p, lock, upserted, err
|
||||
|
|
|
@ -185,7 +185,7 @@ func (kem deprecatedKeyEntryMap) MarshalJSON() ([]byte, error) {
|
|||
return json.Marshal(&intermediate)
|
||||
}
|
||||
|
||||
// MarshalJSON implements JSON unmarshaling
|
||||
// MarshalJSON implements JSON unmarshalling
|
||||
func (kem deprecatedKeyEntryMap) UnmarshalJSON(data []byte) error {
|
||||
intermediate := map[string]KeyEntry{}
|
||||
if err := jsonutil.DecodeJSON(data, &intermediate); err != nil {
|
||||
|
|
|
@ -119,7 +119,7 @@ func TestBuilder_sameKeyMultipleTimes(t *testing.T) {
|
|||
}
|
||||
}
|
||||
|
||||
func TestBuilder_specialCharacteresInKey(t *testing.T) {
|
||||
func TestBuilder_specialCharactersInKey(t *testing.T) {
|
||||
var b Builder
|
||||
b.Stdin = bytes.NewBufferString("{\"foo\": \"bay\"}")
|
||||
err := b.Add("@foo=bar", "-foo=baz", "-")
|
||||
|
|
|
@ -13,11 +13,11 @@ type LockEntry struct {
|
|||
sync.RWMutex
|
||||
}
|
||||
|
||||
// CreateLocks returns an array so that the locks can be itterated over in
|
||||
// CreateLocks returns an array so that the locks can be iterated over in
|
||||
// order.
|
||||
//
|
||||
// This is only threadsafe if a process is using a single lock, or iterating
|
||||
// over the entire lock slice in order. Using a consistant order avoids
|
||||
// over the entire lock slice in order. Using a consistent order avoids
|
||||
// deadlocks because you can never have the following:
|
||||
//
|
||||
// Lock A, Lock B
|
||||
|
|
|
@ -12,7 +12,7 @@ var (
|
|||
setConsoleModeProc = kernel32.MustFindProc("SetConsoleMode")
|
||||
)
|
||||
|
||||
// Magic constant from MSDN to control whether charactesr read are
|
||||
// Magic constant from MSDN to control whether characters read are
|
||||
// repeated back on the console.
|
||||
//
|
||||
// http://msdn.microsoft.com/en-us/library/windows/desktop/ms686033(v=vs.85).aspx
|
||||
|
|
|
@ -17,15 +17,15 @@ import (
|
|||
)
|
||||
|
||||
// Looker defines the plugin Lookup function that looks into the plugin catalog
|
||||
// for availible plugins and returns a PluginRunner
|
||||
// for available plugins and returns a PluginRunner
|
||||
type Looker interface {
|
||||
LookupPlugin(context.Context, string) (*PluginRunner, error)
|
||||
}
|
||||
|
||||
// Wrapper interface defines the functions needed by the runner to wrap the
|
||||
// metadata needed to run a plugin process. This includes looking up Mlock
|
||||
// configuration and wrapping data in a respose wrapped token.
|
||||
// logical.SystemView implementataions satisfy this interface.
|
||||
// configuration and wrapping data in a response wrapped token.
|
||||
// logical.SystemView implementations satisfy this interface.
|
||||
type RunnerUtil interface {
|
||||
ResponseWrapData(ctx context.Context, data map[string]interface{}, ttl time.Duration, jwt bool) (*wrapping.ResponseWrapInfo, error)
|
||||
MlockEnabled() bool
|
||||
|
@ -48,7 +48,7 @@ type PluginRunner struct {
|
|||
BuiltinFactory func() (interface{}, error) `json:"-" structs:"-"`
|
||||
}
|
||||
|
||||
// Run takes a wrapper RunnerUtil instance along with the go-plugin paramaters and
|
||||
// Run takes a wrapper RunnerUtil instance along with the go-plugin parameters and
|
||||
// returns a configured plugin.Client with TLS Configured and a wrapping token set
|
||||
// on PluginUnwrapTokenEnv for plugin process consumption.
|
||||
func (r *PluginRunner) Run(ctx context.Context, wrapper RunnerUtil, pluginMap map[string]plugin.Plugin, hs plugin.HandshakeConfig, env []string, logger log.Logger) (*plugin.Client, error) {
|
||||
|
@ -56,7 +56,7 @@ func (r *PluginRunner) Run(ctx context.Context, wrapper RunnerUtil, pluginMap ma
|
|||
}
|
||||
|
||||
// RunMetadataMode returns a configured plugin.Client that will dispense a plugin
|
||||
// in metadata mode. The PluginMetadaModeEnv is passed in as part of the Cmd to
|
||||
// in metadata mode. The PluginMetadataModeEnv is passed in as part of the Cmd to
|
||||
// plugin.Client, and consumed by the plugin process on pluginutil.VaultPluginTLSProvider.
|
||||
func (r *PluginRunner) RunMetadataMode(ctx context.Context, wrapper RunnerUtil, pluginMap map[string]plugin.Plugin, hs plugin.HandshakeConfig, env []string, logger log.Logger) (*plugin.Client, error) {
|
||||
return r.runCommon(ctx, wrapper, pluginMap, hs, env, logger, true)
|
||||
|
@ -82,7 +82,7 @@ func (r *PluginRunner) runCommon(ctx context.Context, wrapper RunnerUtil, plugin
|
|||
var clientTLSConfig *tls.Config
|
||||
if !isMetadataMode {
|
||||
// Add the metadata mode ENV and set it to false
|
||||
cmd.Env = append(cmd.Env, fmt.Sprintf("%s=%s", PluginMetadaModeEnv, "false"))
|
||||
cmd.Env = append(cmd.Env, fmt.Sprintf("%s=%s", PluginMetadataModeEnv, "false"))
|
||||
|
||||
// Get a CA TLS Certificate
|
||||
certBytes, key, err := generateCert()
|
||||
|
@ -107,7 +107,7 @@ func (r *PluginRunner) runCommon(ctx context.Context, wrapper RunnerUtil, plugin
|
|||
cmd.Env = append(cmd.Env, fmt.Sprintf("%s=%s", PluginUnwrapTokenEnv, wrapToken))
|
||||
} else {
|
||||
namedLogger = clogger.ResetNamed("plugin.metadata")
|
||||
cmd.Env = append(cmd.Env, fmt.Sprintf("%s=%s", PluginMetadaModeEnv, "true"))
|
||||
cmd.Env = append(cmd.Env, fmt.Sprintf("%s=%s", PluginMetadataModeEnv, "true"))
|
||||
}
|
||||
|
||||
secureConfig := &plugin.SecureConfig{
|
||||
|
|
|
@ -31,9 +31,9 @@ var (
|
|||
// string. Used for testing.
|
||||
PluginCACertPEMEnv = "VAULT_TESTING_PLUGIN_CA_PEM"
|
||||
|
||||
// PluginMetadaModeEnv is an ENV name used to disable TLS communication
|
||||
// PluginMetadataModeEnv is an ENV name used to disable TLS communication
|
||||
// to bootstrap mounting plugins.
|
||||
PluginMetadaModeEnv = "VAULT_PLUGIN_METADATA_MODE"
|
||||
PluginMetadataModeEnv = "VAULT_PLUGIN_METADATA_MODE"
|
||||
)
|
||||
|
||||
// generateCert is used internally to create certificates for the plugin
|
||||
|
@ -128,10 +128,10 @@ func wrapServerConfig(ctx context.Context, sys RunnerUtil, certBytes []byte, key
|
|||
return wrapInfo.Token, nil
|
||||
}
|
||||
|
||||
// VaultPluginTLSProvider is run inside a plugin and retrives the response
|
||||
// VaultPluginTLSProvider is run inside a plugin and retrieves the response
|
||||
// wrapped TLS certificate from vault. It returns a configured TLS Config.
|
||||
func VaultPluginTLSProvider(apiTLSConfig *api.TLSConfig) func() (*tls.Config, error) {
|
||||
if os.Getenv(PluginMetadaModeEnv) == "true" {
|
||||
if os.Getenv(PluginMetadataModeEnv) == "true" {
|
||||
return nil
|
||||
}
|
||||
|
||||
|
|
|
@ -104,7 +104,7 @@ func ParseKeyValues(input string, out map[string]string, sep string) error {
|
|||
// * Base64 encoded string containing comma separated list of
|
||||
// `<key>=<value>` pairs
|
||||
//
|
||||
// Input will be parsed into the output paramater, which should
|
||||
// Input will be parsed into the output parameter, which should
|
||||
// be a non-nil map[string]string.
|
||||
func ParseArbitraryKeyValues(input string, out map[string]string, sep string) error {
|
||||
input = strings.TrimSpace(input)
|
||||
|
@ -167,7 +167,7 @@ func ParseStringSlice(input string, sep string) []string {
|
|||
// * JSON string
|
||||
// * Base64 encoded JSON string
|
||||
// * `sep` separated list of values
|
||||
// * Base64-encoded string containting a `sep` separated list of values
|
||||
// * Base64-encoded string containing a `sep` separated list of values
|
||||
//
|
||||
// Note that the separator is ignored if the input is found to already be in a
|
||||
// structured format (e.g., JSON)
|
||||
|
@ -282,7 +282,7 @@ func EquivalentSlices(a, b []string) bool {
|
|||
return true
|
||||
}
|
||||
|
||||
// StrListDelete removes the first occurance of the given item from the slice
|
||||
// StrListDelete removes the first occurrence of the given item from the slice
|
||||
// of strings if the item exists.
|
||||
func StrListDelete(s []string, d string) []string {
|
||||
if s == nil {
|
||||
|
|
|
@ -62,7 +62,7 @@ func TestSysInit_pgpKeysEntries(t *testing.T) {
|
|||
|
||||
resp := testHttpPut(t, "", addr+"/v1/sys/init", map[string]interface{}{
|
||||
"secret_shares": 5,
|
||||
"secret_threhold": 3,
|
||||
"secret_threshold": 3,
|
||||
"pgp_keys": []string{"pgpkey1"},
|
||||
})
|
||||
testResponseStatus(t, resp, 400)
|
||||
|
|
|
@ -119,10 +119,10 @@ func TestHTTP_Wrapping(t *testing.T) {
|
|||
}
|
||||
creationTTL, _ := secret.Data["creation_ttl"].(json.Number).Int64()
|
||||
if int(creationTTL) != wrapInfo.TTL {
|
||||
t.Fatalf("mistmatched ttls: %d vs %d", creationTTL, wrapInfo.TTL)
|
||||
t.Fatalf("mismatched ttls: %d vs %d", creationTTL, wrapInfo.TTL)
|
||||
}
|
||||
if secret.Data["creation_time"].(string) != wrapInfo.CreationTime.Format(time.RFC3339Nano) {
|
||||
t.Fatalf("mistmatched creation times: %q vs %q", secret.Data["creation_time"].(string), wrapInfo.CreationTime.Format(time.RFC3339Nano))
|
||||
t.Fatalf("mismatched creation times: %q vs %q", secret.Data["creation_time"].(string), wrapInfo.CreationTime.Format(time.RFC3339Nano))
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -95,7 +95,7 @@ type periodicFunc func(context.Context, *logical.Request) error
|
|||
// OperationFunc is the callback called for an operation on a path.
|
||||
type OperationFunc func(context.Context, *logical.Request, *FieldData) (*logical.Response, error)
|
||||
|
||||
// ExistenceFunc is the callback called for an existenc check on a path.
|
||||
// ExistenceFunc is the callback called for an existence check on a path.
|
||||
type ExistenceFunc func(context.Context, *logical.Request, *FieldData) (bool, error)
|
||||
|
||||
// WALRollbackFunc is the callback for rollbacks.
|
||||
|
|
|
@ -224,7 +224,7 @@ func TestFieldDataGet(t *testing.T) {
|
|||
[]string{},
|
||||
},
|
||||
|
||||
"commma string slice type, string slice with one value": {
|
||||
"comma string slice type, string slice with one value": {
|
||||
map[string]*FieldSchema{
|
||||
"foo": &FieldSchema{Type: TypeCommaStringSlice},
|
||||
},
|
||||
|
@ -301,7 +301,7 @@ func TestFieldDataGet(t *testing.T) {
|
|||
[]int{},
|
||||
},
|
||||
|
||||
"commma int slice type, int slice with one value": {
|
||||
"comma int slice type, int slice with one value": {
|
||||
map[string]*FieldSchema{
|
||||
"foo": &FieldSchema{Type: TypeCommaIntSlice},
|
||||
},
|
||||
|
|
|
@ -28,7 +28,7 @@ type backendPluginServer struct {
|
|||
}
|
||||
|
||||
func inMetadataMode() bool {
|
||||
return os.Getenv(pluginutil.PluginMetadaModeEnv) == "true"
|
||||
return os.Getenv(pluginutil.PluginMetadataModeEnv) == "true"
|
||||
}
|
||||
|
||||
func (b *backendPluginServer) HandleRequest(args *HandleRequestArgs, reply *HandleRequestReply) error {
|
||||
|
|
|
@ -356,7 +356,7 @@ message InvalidateKeyArgs {
|
|||
|
||||
// Backend is the interface that plugins must satisfy. The plugin should
|
||||
// implement the server for this service. Requests will first run the
|
||||
// HandleExistanceCheck rpc then run the HandleRequests rpc.
|
||||
// HandleExistenceCheck rpc then run the HandleRequests rpc.
|
||||
service Backend {
|
||||
// HandleRequest is used to handle a request and generate a response.
|
||||
// The plugins must check the operation type and handle appropriately.
|
||||
|
|
|
@ -79,7 +79,7 @@ func NewBackend(ctx context.Context, pluginName string, sys pluginutil.LookRunne
|
|||
var ok bool
|
||||
backend, ok = backendRaw.(logical.Backend)
|
||||
if !ok {
|
||||
return nil, fmt.Errorf("unsuported backend type: %s", pluginName)
|
||||
return nil, fmt.Errorf("unsupported backend type: %s", pluginName)
|
||||
}
|
||||
|
||||
} else {
|
||||
|
|
|
@ -14,11 +14,11 @@ import (
|
|||
// dispensed rom the plugin server.
|
||||
const BackendPluginName = "backend"
|
||||
|
||||
type TLSProdiverFunc func() (*tls.Config, error)
|
||||
type TLSProviderFunc func() (*tls.Config, error)
|
||||
|
||||
type ServeOpts struct {
|
||||
BackendFactoryFunc logical.Factory
|
||||
TLSProviderFunc TLSProdiverFunc
|
||||
TLSProviderFunc TLSProviderFunc
|
||||
Logger hclog.Logger
|
||||
}
|
||||
|
||||
|
|
|
@ -83,7 +83,7 @@ type TestStep struct {
|
|||
// RemoteAddr, if set, will set the remote addr on the request.
|
||||
RemoteAddr string
|
||||
|
||||
// ConnState, if set, will set the tls conneciton state
|
||||
// ConnState, if set, will set the tls connection state
|
||||
ConnState *tls.ConnectionState
|
||||
}
|
||||
|
||||
|
|
2
make.bat
2
make.bat
|
@ -13,7 +13,7 @@ REM Run target.
|
|||
for %%a in (%_TARGETS%) do (if x%1==x%%a goto %%a)
|
||||
goto usage
|
||||
|
||||
REM bin generates the releaseable binaries for Vault
|
||||
REM bin generates the releasable binaries for Vault
|
||||
:bin
|
||||
call :generate
|
||||
call .\scripts\windows\build.bat "%CD%"
|
||||
|
|
|
@ -22,7 +22,7 @@ var (
|
|||
EtcdSemaphoreKeysEmptyError = errors.New("lock queue is empty")
|
||||
EtcdLockHeldError = errors.New("lock already held")
|
||||
EtcdLockNotHeldError = errors.New("lock not held")
|
||||
EtcdSemaphoreKeyRemovedError = errors.New("semaphore key removed before lock aquisition")
|
||||
EtcdSemaphoreKeyRemovedError = errors.New("semaphore key removed before lock acquisition")
|
||||
EtcdVersionUnknown = errors.New("etcd: unknown API version")
|
||||
)
|
||||
|
||||
|
|
|
@ -20,12 +20,12 @@ import (
|
|||
|
||||
const (
|
||||
// Ideally, this prefix would match the "_" used in the file backend, but
|
||||
// that prefix has special meaining in etcd. Specifically, it excludes those
|
||||
// that prefix has special meaning in etcd. Specifically, it excludes those
|
||||
// entries from directory listings.
|
||||
Etcd2NodeFilePrefix = "."
|
||||
|
||||
// The lock prefix can (and probably should) cause an entry to be excluded
|
||||
// from diretory listings, so "_" works here.
|
||||
// from directory listings, so "_" works here.
|
||||
Etcd2NodeLockPrefix = "_"
|
||||
|
||||
// The delimiter is the same as the `-C` flag of etcdctl.
|
||||
|
@ -290,7 +290,7 @@ func (b *Etcd2Backend) nodePathDir(key string) string {
|
|||
}
|
||||
|
||||
// nodePathLock returns an etcd directory path used specifically for semaphore
|
||||
// indicies based on the given key.
|
||||
// indices based on the given key.
|
||||
func (b *Etcd2Backend) nodePathLock(key string) string {
|
||||
return filepath.Join(b.path, filepath.Dir(key), Etcd2NodeLockPrefix+filepath.Base(key)+"/")
|
||||
}
|
||||
|
@ -310,7 +310,7 @@ func (e *Etcd2Backend) HAEnabled() bool {
|
|||
return e.haEnabled
|
||||
}
|
||||
|
||||
// Etcd2Lock emplements a lock using and Etcd2 backend.
|
||||
// Etcd2Lock implements a lock using and Etcd2 backend.
|
||||
type Etcd2Lock struct {
|
||||
kAPI client.KeysAPI
|
||||
value, semaphoreDirKey, semaphoreKey string
|
||||
|
@ -372,7 +372,7 @@ func (c *Etcd2Lock) isHeld() (bool, error) {
|
|||
return false, nil
|
||||
}
|
||||
|
||||
// Get the key of the curren holder of the lock.
|
||||
// Get the key of the current holder of the lock.
|
||||
currentSemaphoreKey, _, _, err := c.getSemaphoreKey()
|
||||
if err != nil {
|
||||
return false, err
|
||||
|
|
|
@ -242,7 +242,7 @@ func (e *EtcdBackend) HAEnabled() bool {
|
|||
return e.haEnabled
|
||||
}
|
||||
|
||||
// EtcdLock emplements a lock using and etcd backend.
|
||||
// EtcdLock implements a lock using and etcd backend.
|
||||
type EtcdLock struct {
|
||||
lock sync.Mutex
|
||||
held bool
|
||||
|
|
|
@ -106,7 +106,7 @@ func (b *FileBackend) DeleteInternal(ctx context.Context, path string) error {
|
|||
return err
|
||||
}
|
||||
|
||||
// cleanupLogicalPath is used to remove all empty nodes, begining with deepest
|
||||
// cleanupLogicalPath is used to remove all empty nodes, beginning with deepest
|
||||
// one, aborting on first non-empty one, up to top-level node.
|
||||
func (b *FileBackend) cleanupLogicalPath(path string) error {
|
||||
nodes := strings.Split(path, fmt.Sprintf("%c", os.PathSeparator))
|
||||
|
|
|
@ -55,7 +55,7 @@ func NewGCSBackend(conf map[string]string, logger log.Logger) (physical.Backend,
|
|||
ctx := context.Background()
|
||||
client, err := newGCSClient(ctx, conf, logger)
|
||||
if err != nil {
|
||||
return nil, errwrap.Wrapf("error establishing strorage client: {{err}}", err)
|
||||
return nil, errwrap.Wrapf("error establishing storage client: {{err}}", err)
|
||||
}
|
||||
|
||||
// check client connectivity by getting bucket attributes
|
||||
|
|
|
@ -61,7 +61,7 @@ func TestGCSBackend(t *testing.T) {
|
|||
}
|
||||
|
||||
// ignore errors in deleting a single object, we only care about deleting the bucket
|
||||
// occassionally we get "storage: object doesn't exist" which is fine
|
||||
// occasionally we get "storage: object doesn't exist" which is fine
|
||||
bucket.Object(objAttrs.Name).Delete(context.Background())
|
||||
}
|
||||
|
||||
|
|
|
@ -264,7 +264,7 @@ func (m *MySQLBackend) List(ctx context.Context, prefix string) ([]string, error
|
|||
}
|
||||
|
||||
// Establish a TLS connection with a given CA certificate
|
||||
// Register a tsl.Config associted with the same key as the dns param from sql.Open
|
||||
// Register a tsl.Config associated with the same key as the dns param from sql.Open
|
||||
// foo:bar@tcp(127.0.0.1:3306)/dbname?tls=default
|
||||
func setupMySQLTLSConfig(tlsCaFile string) error {
|
||||
rootCertPool := x509.NewCertPool()
|
||||
|
|
|
@ -313,7 +313,7 @@ func (l *Lock) watchLock() {
|
|||
}
|
||||
}
|
||||
|
||||
// writeLock writes the given lock using the following algorith:
|
||||
// writeLock writes the given lock using the following algorithm:
|
||||
//
|
||||
// - lock does not exist
|
||||
// - write the lock
|
||||
|
|
|
@ -96,7 +96,7 @@ func NewZooKeeperBackend(conf map[string]string, logger log.Logger) (physical.Ba
|
|||
},
|
||||
}
|
||||
|
||||
// Authnetication info
|
||||
// Authentication info
|
||||
var schemaAndUser string
|
||||
var useAddAuth bool
|
||||
schemaAndUser, useAddAuth = conf["auth_info"]
|
||||
|
@ -172,7 +172,7 @@ func (c *ZooKeeperBackend) ensurePath(path string, value []byte) error {
|
|||
return nil
|
||||
}
|
||||
|
||||
// cleanupLogicalPath is used to remove all empty nodes, begining with deepest one,
|
||||
// cleanupLogicalPath is used to remove all empty nodes, beginning with deepest one,
|
||||
// aborting on first non-empty one, up to top-level node.
|
||||
func (c *ZooKeeperBackend) cleanupLogicalPath(path string) error {
|
||||
nodes := strings.Split(path, "/")
|
||||
|
@ -312,7 +312,7 @@ func (c *ZooKeeperBackend) List(ctx context.Context, prefix string) ([]string, e
|
|||
}
|
||||
} else if stat.DataLength == 0 {
|
||||
// No, we cannot differentiate here on number of children as node
|
||||
// can have all it leafs remoed, and it still is a node.
|
||||
// can have all it leafs removed, and it still is a node.
|
||||
children = append(children, key+"/")
|
||||
} else {
|
||||
children = append(children, key[1:])
|
||||
|
|
|
@ -246,7 +246,7 @@ func TestCassandra_RevokeUser(t *testing.T) {
|
|||
t.Fatalf("Could not connect with new credentials: %s", err)
|
||||
}
|
||||
|
||||
// Test default revoke statememts
|
||||
// Test default revoke statements
|
||||
err = db.RevokeUser(context.Background(), statements, username)
|
||||
if err != nil {
|
||||
t.Fatalf("err: %s", err)
|
||||
|
|
|
@ -250,7 +250,7 @@ commit_failure_policy: stop
|
|||
#
|
||||
# Valid values are either "auto" (omitting the value) or a value greater 0.
|
||||
#
|
||||
# Note that specifying a too large value will result in long running GCs and possbily
|
||||
# Note that specifying a too large value will result in long running GCs and possibly
|
||||
# out-of-memory errors. Keep the value at a small fraction of the heap.
|
||||
#
|
||||
# If you constantly see "prepared statements discarded in the last minute because
|
||||
|
@ -259,7 +259,7 @@ commit_failure_policy: stop
|
|||
# i.e. use bind markers for variable parts.
|
||||
#
|
||||
# Do only change the default value, if you really have more prepared statements than
|
||||
# fit in the cache. In most cases it is not neccessary to change this value.
|
||||
# fit in the cache. In most cases it is not necessary to change this value.
|
||||
# Constantly re-preparing statements is a performance penalty.
|
||||
#
|
||||
# Default value ("auto") is 1/256th of the heap or 10MB, whichever is greater
|
||||
|
@ -1021,7 +1021,7 @@ client_encryption_options:
|
|||
keystore: conf/.keystore
|
||||
keystore_password: cassandra
|
||||
# require_client_auth: false
|
||||
# Set trustore and truststore_password if require_client_auth is true
|
||||
# Set truststore and truststore_password if require_client_auth is true
|
||||
# truststore: conf/.truststore
|
||||
# truststore_password: cassandra
|
||||
# More advanced defaults below:
|
||||
|
@ -1080,7 +1080,7 @@ windows_timer_interval: 1
|
|||
|
||||
# Enables encrypting data at-rest (on disk). Different key providers can be plugged in, but the default reads from
|
||||
# a JCE-style keystore. A single keystore can hold multiple keys, but the one referenced by
|
||||
# the "key_alias" is the only key that will be used for encrypt opertaions; previously used keys
|
||||
# the "key_alias" is the only key that will be used for encrypt operations; previously used keys
|
||||
# can still (and should!) be in the keystore and will be used on decrypt operations
|
||||
# (to handle the case of key rotation).
|
||||
#
|
||||
|
@ -1114,7 +1114,7 @@ transparent_data_encryption_options:
|
|||
# tombstones seen in memory so we can return them to the coordinator, which
|
||||
# will use them to make sure other replicas also know about the deleted rows.
|
||||
# With workloads that generate a lot of tombstones, this can cause performance
|
||||
# problems and even exaust the server heap.
|
||||
# problems and even exhaust the server heap.
|
||||
# (http://www.datastax.com/dev/blog/cassandra-anti-patterns-queues-and-queue-like-datasets)
|
||||
# Adjust the thresholds here if you understand the dangers and want to
|
||||
# scan more tombstones anyway. These thresholds may also be adjusted at runtime
|
||||
|
|
|
@ -66,7 +66,7 @@ func TestHANA_CreateUser(t *testing.T) {
|
|||
RoleName: "test-test",
|
||||
}
|
||||
|
||||
// Test with no configured Creation Statememt
|
||||
// Test with no configured Creation Statement
|
||||
_, _, err = db.CreateUser(context.Background(), dbplugin.Statements{}, usernameConfig, time.Now().Add(time.Hour))
|
||||
if err == nil {
|
||||
t.Fatal("Expected error when no creation statement is provided")
|
||||
|
@ -113,7 +113,7 @@ func TestHANA_RevokeUser(t *testing.T) {
|
|||
RoleName: "test-test",
|
||||
}
|
||||
|
||||
// Test default revoke statememts
|
||||
// Test default revoke statements
|
||||
username, password, err := db.CreateUser(context.Background(), statements, usernameConfig, time.Now().Add(time.Hour))
|
||||
if err != nil {
|
||||
t.Fatalf("err: %s", err)
|
||||
|
@ -130,7 +130,7 @@ func TestHANA_RevokeUser(t *testing.T) {
|
|||
t.Fatal("Credentials were not revoked")
|
||||
}
|
||||
|
||||
// Test custom revoke statememt
|
||||
// Test custom revoke statement
|
||||
username, password, err = db.CreateUser(context.Background(), statements, usernameConfig, time.Now().Add(time.Hour))
|
||||
if err != nil {
|
||||
t.Fatalf("err: %s", err)
|
||||
|
|
|
@ -88,7 +88,7 @@ func (c *mongoDBConnectionProducer) Initialize(ctx context.Context, conf map[str
|
|||
return nil
|
||||
}
|
||||
|
||||
// Connection creates or returns an exisitng a database connection. If the session fails
|
||||
// Connection creates or returns an existing a database connection. If the session fails
|
||||
// on a ping check, the session will be closed and then re-created.
|
||||
func (c *mongoDBConnectionProducer) Connection(_ context.Context) (interface{}, error) {
|
||||
if !c.Initialized {
|
||||
|
|
|
@ -155,7 +155,7 @@ func (m *MongoDB) RenewUser(ctx context.Context, statements dbplugin.Statements,
|
|||
return nil
|
||||
}
|
||||
|
||||
// RevokeUser drops the specified user from the authentication databse. If none is provided
|
||||
// RevokeUser drops the specified user from the authentication database. If none is provided
|
||||
// in the revocation statement, the default "admin" authentication database will be assumed.
|
||||
func (m *MongoDB) RevokeUser(ctx context.Context, statements dbplugin.Statements, username string) error {
|
||||
session, err := m.getConnection(ctx)
|
||||
|
|
|
@ -206,7 +206,7 @@ func TestMongoDB_RevokeUser(t *testing.T) {
|
|||
t.Fatalf("Could not connect with new credentials: %s", err)
|
||||
}
|
||||
|
||||
// Test default revocation statememt
|
||||
// Test default revocation statement
|
||||
err = db.RevokeUser(context.Background(), statements, username)
|
||||
if err != nil {
|
||||
t.Fatalf("err: %s", err)
|
||||
|
|
|
@ -283,7 +283,7 @@ func (m *MSSQL) revokeUserDefault(ctx context.Context, username string) error {
|
|||
|
||||
// can't drop if not all database users are dropped
|
||||
if rows.Err() != nil {
|
||||
return fmt.Errorf("cound not generate sql statements for all rows: %s", rows.Err())
|
||||
return fmt.Errorf("could not generate sql statements for all rows: %s", rows.Err())
|
||||
}
|
||||
if lastStmtError != nil {
|
||||
return fmt.Errorf("could not perform all sql statements: %s", lastStmtError)
|
||||
|
|
|
@ -80,7 +80,7 @@ func TestMSSQL_CreateUser(t *testing.T) {
|
|||
RoleName: "test",
|
||||
}
|
||||
|
||||
// Test with no configured Creation Statememt
|
||||
// Test with no configured Creation Statement
|
||||
_, _, err = db.CreateUser(context.Background(), dbplugin.Statements{}, usernameConfig, time.Now().Add(time.Minute))
|
||||
if err == nil {
|
||||
t.Fatal("Expected error when no creation statement is provided")
|
||||
|
@ -135,7 +135,7 @@ func TestMSSQL_RevokeUser(t *testing.T) {
|
|||
t.Fatalf("Could not connect with new credentials: %s", err)
|
||||
}
|
||||
|
||||
// Test default revoke statememts
|
||||
// Test default revoke statements
|
||||
err = db.RevokeUser(context.Background(), statements, username)
|
||||
if err != nil {
|
||||
t.Fatalf("err: %s", err)
|
||||
|
@ -154,7 +154,7 @@ func TestMSSQL_RevokeUser(t *testing.T) {
|
|||
t.Fatalf("Could not connect with new credentials: %s", err)
|
||||
}
|
||||
|
||||
// Test custom revoke statememt
|
||||
// Test custom revoke statement
|
||||
statements.RevocationStatements = testMSSQLDrop
|
||||
err = db.RevokeUser(context.Background(), statements, username)
|
||||
if err != nil {
|
||||
|
|
Some files were not shown because too many files have changed in this diff Show more
Loading…
Reference in a new issue