* do not swallow ControlGroupErrors when viewing or editing kvv2 secrets
* test kv v2 control group workflow
* do not manually clearModelCache when logging out since this already happens when leaving the logout route
* remove pauseTest
* update comments
* wip - looking into why restricted user can see the control group protected secret after it has already been unwrapped once
* strip version from query params so we can unwrap a secret after it is authorized
* use attachCapabilities instead of lazyCapabilities to ensure models are cleaned up properly
* remove comment
* make ControlGroupError extend AdapterError
* fix broken redirect_to test
* one day i will remember to remove my debugger statements; today is not that day
* no need to check for a ControlGroupError since it extends an AdapterError
* see if using EmberError instead of AdapterError fixes the browserstack tests
* Revert "see if using EmberError instead of AdapterError fixes the browserstack tests"
This reverts commit 14ddd67cacbf1ccecb8cc2d1f59a2c273866da72.
Seal keys can be rotated. When this happens, the barrier and recovery
keys should be re-encrypted with the new seal key. This change
automatically re-encrypts the barrier and recovery keys with the latest
seal key on the active node during the 'postUnseal' phase.
* sys: add host-info endpoint, add client API method
* remove old commented handler
* add http tests, fix bugs
* query all partitions for disk usage
* fix Timestamp decoding
* add comments for clarification
* dont append a nil entry on disk usage query error
* remove HostInfo from the sdk api
We can use Logical().Read(...) to query this endpoint since the payload is contained with the data object. All warnings are preserved under Secret.Warnings.
* ensure that we're testing failure case against a standby node
* add and use TestWaitStandby to ensure core is on standby
* remove TestWaitStandby
* respond with local-only error
* move HostInfo into its own helper package
* fix imports; use new no-forward handler
* add cpu times to collection
* emit clearer multierrors/warnings by collection type
* add comments on HostInfo fields
The OIDC Discovery standard requires the response_types_supported field
to be returned in the .well-known/openid-configuration response.
Also, the AWS IAM OIDC consumer won't accept Vault as an identity
provider without this field.
Based on examples in the OIDC Core documentation, it appears Vault
supports only the `id_token` flow, and thus that is the only value that
makes sense to be set in this field. See:
https://openid.net/specs/openid-connect-core-1_0.html#AuthorizationExamples
* default to token auth method
* pass in selectedValue to the AuthForm
* adjust when and if tasks are called so there's no race condition with wrapped_token query param
* add some tests for wrapped_token
* adjust redirect_to behavior so that it also works with the logout route and the wrapped_token query param
* fix linting
