Commit Graph

2921 Commits

Author SHA1 Message Date
hc-github-team-secure-vault-core f5fedb026f
backport of commit c329ed8d3b02b92dfded30065317c82648d3cae3 (#24260)
Co-authored-by: Steven Clark <steven.clark@hashicorp.com>
2023-11-27 16:21:51 -05:00
hc-github-team-secure-vault-core de1275adad
backport of commit 0ab8cfdff681dc42753e080481ae3e9dca6e4031 (#24138)
Co-authored-by: davidadeleon <56207066+davidadeleon@users.noreply.github.com>
2023-11-15 09:38:03 -05:00
hc-github-team-secure-vault-core 86d4f98ddc
Backport of fix `log_requests_level` misconfiguration into release/1.14.x (#24058)
* backport of commit 0f5f648c1c9505e975ea2d479aa5e9f27bb1d935

* changelog

---------

Co-authored-by: Peter Wilson <peter.wilson@hashicorp.com>
2023-11-08 10:01:32 +00:00
hc-github-team-secure-vault-core 1014555b27
backport of commit 7ec3867eea2ad3c405f15f9ab5447618685739cf (#24031)
Co-authored-by: Nick Cabatoff <ncabatoff@hashicorp.com>
2023-11-06 15:48:43 +00:00
hc-github-team-secure-vault-core 2bf61de125
backport of commit b19562db9a8c1b65ea660ed0d51aaf9498a9887d (#24025)
Co-authored-by: Kuba Wieczorek <kuba.wieczorek@hashicorp.com>
2023-11-06 13:51:52 +00:00
Hamid Ghaf 22553906fb
Revert "Automatically track subloggers in allLoggers (#22038)" (#24005)
This reverts commit 4c8cc87794ed2d989f515cd30c1c1b953d092ef3.
2023-11-03 14:40:17 -07:00
hc-github-team-secure-vault-core 0b1ceb8943
backport of commit 9b1120b0830060b3656977b4ce0d357fda2e5036 (#23917)
Co-authored-by: davidadeleon <56207066+davidadeleon@users.noreply.github.com>
2023-10-31 10:49:28 -04:00
hc-github-team-secure-vault-core a5cd06dc04
Backport of core: fix bug where deadlock detection was always on for expiration and quotas into release/1.14.x (#23904)
* backport of commit 66494c8129cddf33eb0cf435b6cb2f76bc47416f

* Remove slices package

* remove slices

---------

Co-authored-by: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com>
2023-10-30 17:21:47 +00:00
hc-github-team-secure-vault-core f752283c08
backport of commit 26bae559979bb6cc9f086d26f9c6450aa5173e95 (#23900)
Co-authored-by: Hamid Ghaf <83242695+hghaf099@users.noreply.github.com>
2023-10-30 08:47:45 -07:00
hc-github-team-secure-vault-core bc19a6d305
api/seal-status: fix deadlock when namespace is set on seal-status calls (#23861) (#23879)
* api/seal-status: fix deadlock when namespace is set on seal-status calls

* changelog

Co-authored-by: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com>
2023-10-27 14:47:12 +00:00
hc-github-team-secure-vault-core 0ca886beaf
backport of commit fb97a459ece4420cdb1237836affbfb40c24ad92 (#23876)
Co-authored-by: miagilepner <mia.epner@hashicorp.com>
2023-10-27 14:28:07 +00:00
hc-github-team-secure-vault-core 3fd8659fe8
Fix segments fragments loss (#23781) (#23841)
* add ent changes

* add changelog

* make fmt

Co-authored-by: akshya96 <87045294+akshya96@users.noreply.github.com>
2023-10-25 21:55:45 +00:00
hc-github-team-secure-vault-core 9c14ea8114
Revert "Implement user lockout log (#23140)" (#23741) (#23765)
This reverts commit 92fcfda8ad30a539be67b7fb7abff539bf93a098.

Co-authored-by: davidadeleon <56207066+davidadeleon@users.noreply.github.com>
2023-10-25 15:38:58 +00:00
hc-github-team-secure-vault-core 8cd78f723e
backport of commit 3d37a2507bc1e54e2dc5e95c7cd099790543b3d1 (#23810)
Co-authored-by: Peter Wilson <peter.wilson@hashicorp.com>
2023-10-24 22:07:54 +00:00
hc-github-team-secure-vault-core d8052ce112
backport of commit 9739270d7b780e02b68d1f0c0fbb1bce31278e50 (#23756)
Co-authored-by: Peter Wilson <peter.wilson@hashicorp.com>
2023-10-20 12:53:59 +00:00
hc-github-team-secure-vault-core ea40c49f6a
backport of commit 4e3b91d91f379b6368e778849c044fadfa7e67e5 (#23691)
* backport of commit 4e3b91d91f379b6368e778849c044fadfa7e67e5

* workerpool implementation

* rollback tests

* website documentation

* add changelog

* fix failing test

* backport of commit de043d673692e91bdb82f0decb5dfa316dcbc48a

* fix flaky rollback test

* better fix

* switch to defer

* add comment

---------

Co-authored-by: miagilepner <mia.epner@hashicorp.com>
2023-10-17 14:33:54 +02:00
hc-github-team-secure-vault-core 325e822e8a
VAULT-20476: vault.NewCore refactor. (#23644) (#23659)
* NewCore tech debt refactoring

* addExtraCredentialBackends

* singletonMounts => mountTypeToken instead of 'token'

* NewCore tests support ent backend addition

* PR feedback

* reorder method calls

* mounthPath___ standardization

* Try to be more explicit about the min number of backends

* Include cluster listener

* explicit declaration of events before assignment

* Removed nil checking

* resolve conflicts

Co-authored-by: Peter Wilson <peter.wilson@hashicorp.com>
2023-10-16 11:38:11 +00:00
davidadeleon ca247609c7
Backport of Implement user lockout log into release/1.14.x (#23630)
* Implement user lockout log (#23140)

* implement user lockout logger

* formatting

* make user lockout log interval configurable

* create func to get locked user count, and fix potential deadlock

* fix test

* fix test

* add changelog

* fix panic when unlocking unlocked user (#23611)
2023-10-12 11:24:52 -04:00
hc-github-team-secure-vault-core a4604006e3
backport of commit 1f1ead0dc72e24ecaf5abe3784aac79cfbd5124b (#23615)
Co-authored-by: Josh Black <raskchanky@gmail.com>
2023-10-11 18:14:21 +00:00
hc-github-team-secure-vault-core f4453384cb
events: Ignore send context (#23500) (#23538)
When sending an event asynchronously, the original context used for
whatever generated the event (probably a synchronous, quick HTTP
context) is probably not what is wanted for sending the event, which
could face delays if a consumer is backed up.

I will admit myself to sometimes having "context blindness", where
I just take whatever context is incoming in a function and thread it
out to all calls. Normally this is the right thing to do when, say,
tying downstream API calls to an upstream HTTP timeout.

When making KV events, for example, we used the HTTP context for
`SendEvent()`, and this can cause the events to be dropped if they
aren't taken from the channel before the HTTP request finishes.

In retrospect, it was probably unnecessary to include a context in
the `SendEvent` interface.

We keep the context in place for backwards compability, but also in
case we want to use it for purposes other than timeouts and
cancellations in the future.

Co-authored-by: Christopher Swenson <christopher.swenson@hashicorp.com>
2023-10-05 21:35:10 +00:00
hc-github-team-secure-vault-core 4d910a3b43
backport of commit 5123ea933a1d8e4df0af2aefb049c3556f843b72 (#23505)
Co-authored-by: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com>
2023-10-04 15:19:12 -04:00
hc-github-team-secure-vault-core 28f2585da3
backport of commit 0fa36a36ae1b4842d96623eef0d20af5dea557c0 (#23443)
Co-authored-by: Paul Banks <pbanks@hashicorp.com>
2023-10-02 09:49:05 -07:00
hc-github-team-secure-vault-core d8d5e440fe
backport of commit 547bff752e056ff81d4359267e0f8afa4629f505 (#23321) 2023-09-27 16:03:53 -04:00
hc-github-team-secure-vault-core 693ba0eddc
backport of commit c73eacbaf6ae6b5860e1ad9a3b6ce930c093a105 (#23174)
Co-authored-by: akshya96 <87045294+akshya96@users.noreply.github.com>
2023-09-19 19:54:42 +00:00
hc-github-team-secure-vault-core 2970f245c5
backport of commit 37215ae
[VAULT-14497] Ensure Role Governing Policies are only applied down the namespace hierarchy (#23090)

---------

Co-authored-by: Kuba Wieczorek <kuba.wieczorek@hashicorp.com>
2023-09-14 19:27:30 +00:00
hc-github-team-secure-vault-core d52cf3c46d
backport of commit 4c8cc87794ed2d989f515cd30c1c1b953d092ef3 (#22247)
Co-authored-by: Mike Palmiotto <mike.palmiotto@hashicorp.com>
2023-09-01 13:02:28 -04:00
hc-github-team-secure-vault-core cb0784b87f
Add config value that gives users options to skip calculating role for each lease (#22651) (#22730)
* Add config value that gives users options to skip calculating role for each lease

* add changelog

* change name

* add config for testing

* Update changelog/22651.txt



* update tests, docs and reorder logic in conditional

* fix comment

* update comment

* fix comment again

* Update comments and change if order

* change comment again

* add other comment

* fix tests

* add documentation

* edit docs

* Update http/util.go



* Update vault/core.go

* Update vault/core.go

* update var name

* udpate docs

* Update vault/request_handling.go



* 1 more docs change

---------

Co-authored-by: Ellie <ellie.sterner@hashicorp.com>
Co-authored-by: Violet Hynes <violet.hynes@hashicorp.com>
Co-authored-by: Mike Palmiotto <mike.palmiotto@hashicorp.com>
2023-09-01 08:07:47 -05:00
hc-github-team-secure-vault-core 4eb71df565
backport of commit 727c73cbd1ff3341ea7a19420f36dc8bd0dd8848 (#22684)
Co-authored-by: Luis (LT) Carbonell <lt.carbonell@hashicorp.com>
2023-08-31 13:18:25 +00:00
hc-github-team-secure-vault-core 238f5be13c
backport of commit c4a8b23d933fcbd65647ffabfcb0b4c1809a57e9 (#22637)
Co-authored-by: Mike Palmiotto <mike.palmiotto@hashicorp.com>
2023-08-30 15:28:32 +00:00
hc-github-team-secure-vault-core f279de6704
Only track role in login path (#22620) (#22626)
Co-authored-by: Mike Palmiotto <mike.palmiotto@hashicorp.com>
2023-08-29 21:52:08 +00:00
hc-github-team-secure-vault-core 1ca272a127
backport of commit 9b78fd64ac3e3244bffe6f153b056b52dfdafd2c (#22623)
Co-authored-by: Ellie <ellie.sterner@hashicorp.com>
2023-08-29 13:55:08 -07:00
hc-github-team-secure-vault-core d13671c155
backport of commit cccfdb088f218f5631195e8b653c07a77cfac2b5 (#22596)
Co-authored-by: Ellie <ellie.sterner@hashicorp.com>
2023-08-28 18:16:57 -05:00
hc-github-team-secure-vault-core eb7de7129a
backport of commit 135240d6378c74dfe5894f6d0c2ae314b762eb3d (#22573)
Co-authored-by: Mike Palmiotto <mike.palmiotto@hashicorp.com>
2023-08-25 17:46:34 -04:00
hc-github-team-secure-vault-core 2e131c1459
backport of commit 35a5fbfc6002e0440c708e722dc8aabbcb7a81b2 (#22507)
Co-authored-by: Max Bowsher <maxbowsher@gmail.com>
2023-08-22 18:48:14 +00:00
hc-github-team-secure-vault-core 4a08ff8c48
backport of commit d50bd4eb05994781ba64974cc16fdf3409c82935 (#22486)
Co-authored-by: Josh Black <raskchanky@gmail.com>
2023-08-21 22:24:30 +00:00
hc-github-team-secure-vault-core 386d78180c
backport of commit 4654c15248013edeb36fdeae28ab3631bebe0a8e (#21188) 2023-08-18 09:09:32 -04:00
hc-github-team-secure-vault-core e98cd02fa0
backport of commit c2ba113defbd98a6cd749dcd13f734b911241c98 (#22423)
Co-authored-by: akshya96 <87045294+akshya96@users.noreply.github.com>
2023-08-17 14:41:15 -07:00
hc-github-team-secure-vault-core b82a26bb49
backport of commit abaf1d68743dd65af8919f56687061eb29c4bdbe (#22379) 2023-08-16 20:27:19 +00:00
hc-github-team-secure-vault-core b30f78f66a
Ignore errors from rollback manager invocations (#22235) (#22238)
* Ignore errors from rollback manager invocations

During reload and mount move operations, we want to ensure that errors
created by the final Rollback are not fatal (which risk failing
replication in Enterprise when the core/mounts table gets invalidated).
This mirrors the behavior of the periodic rollback manager, which
only logs the error.

This updates the noop backend to allow failing just rollback operations,
which we can use in tests to verify this behavior and ensure the core
operations (plugin reload, plugin move, and seal/unseal) are not broken
by this. Note that most of these operations were asynchronous from the
client's PoV and thus did not fail anyways prior to this change.



* Add changelog entry



* Update vault/external_tests/router/router_ext_test.go



---------

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
Co-authored-by: Alexander Scheel <alex.scheel@hashicorp.com>
Co-authored-by: Nick Cabatoff <ncabatoff@hashicorp.com>
2023-08-16 17:34:37 +00:00
hc-github-team-secure-vault-core f8cc240ab5
backport of commit 5a60c98a464af99c44a1eb62655ede2af3c85ff5 (#22370)
Co-authored-by: Nick Cabatoff <ncabatoff@hashicorp.com>
2023-08-16 10:48:12 -04:00
hc-github-team-secure-vault-core 0624fb4113
backport of commit f3a4c01ba9e05850e255406f5bf4bc7f052c3985 (#22140)
Co-authored-by: akshya96 <87045294+akshya96@users.noreply.github.com>
2023-07-31 14:54:29 -07:00
hc-github-team-secure-vault-core 3fb1a15a4f
backport of commit c040f901e57d2d04772827b52f7b052757986897 (#22135)
Co-authored-by: Chris Capurso <1036769+ccapurso@users.noreply.github.com>
2023-07-31 13:57:29 -04:00
hc-github-team-secure-vault-core 8a911f6fee
backport of commit fdc257d3a0a13d6bc98f84ecf1b4faa6291125e3 (#22121)
Co-authored-by: Max Bowsher <maxbowsher@gmail.com>
2023-07-28 17:38:08 +00:00
hc-github-team-secure-vault-core a08da20b50
backport of commit d407078766e14c883978d496895aa4a068c87c68 (#22058)
Co-authored-by: Josh Black <raskchanky@gmail.com>
2023-07-26 00:27:13 +00:00
hc-github-team-secure-vault-core cbff440925
backport of commit da5d0ca498677d6fe0a8e7033217245ebbfd81d4 (#20994)
Co-authored-by: Nick Cabatoff <ncabatoff@hashicorp.com>
2023-07-24 19:10:44 +00:00
hc-github-team-secure-vault-core af5132f100
backport of commit 215687795d6b9ad2b3a3e2c7dbb70b01cc470e44 (#21954)
Co-authored-by: Hamid Ghaf <83242695+hghaf099@users.noreply.github.com>
2023-07-19 18:32:53 +00:00
hc-github-team-secure-vault-core 5041048f4d
backport of commit a9977fab8008a53d052b6f89f41eb65fb83bdaa8 (#21910)
Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com>
2023-07-18 13:01:39 +00:00
hc-github-team-secure-vault-core f5bb678c98
backport of commit e1a9d85a18858bccf4de71ddc0ce7592170ab894 (#21879)
Co-authored-by: akshya96 <87045294+akshya96@users.noreply.github.com>
2023-07-17 09:46:00 -07:00
hc-github-team-secure-vault-core 9c43e232d2
backport of commit 5d97159f05e581c0e5f14be9e2e3f8ac3b733091 (#21886)
Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com>
2023-07-17 13:01:25 +00:00
hc-github-team-secure-vault-core a0dca58c44
backport of commit 0b0b15f968bb243b29544d6a7f2652137e07d632 (#21839)
Co-authored-by: Hamid Ghaf <83242695+hghaf099@users.noreply.github.com>
2023-07-13 15:26:01 -07:00