* Path globbing
* Add glob support at the beginning
* Ensure when evaluating an ACL that our path never has a leading slash. This already happens in the normal request path but not in tests; putting it here provides it for tests and extra safety in case the request path changes
* Simplify the algorithm, we don't really need to validate the prefix first as glob won't apply if it doesn't
* Add path segment wildcarding
* Disable path globbing for now
* Remove now-unneeded test
* Remove commented out globbing bits
* Remove more holdover glob bits
* Rename k var to something more clear
* Port over OSS cluster port refactor components
* Start forwarding
* Cleanup a bit
* Fix copy error
* Return error from perf standby creation
* Add some more comments
* Fix copy/paste error
* vault-agent-cache: squashed 250+ commits
* Add proper token revocation validations to the tests
* Add more test cases
* Avoid leaking by not closing request/response bodies; add comments
* Fix revoke orphan use case; update tests
* Add CLI test for making request over unix socket
* agent/cache: remove namespace-related tests
* Strip-off the auto-auth token from the lookup response
* Output listener details along with configuration
* Add scheme to API address output
* leasecache: use IndexNameLease for prefix lease revocations
* Make CLI accept the fully qualified unix address
* export VAULT_AGENT_ADDR=unix://path/to/socket
* unix:/ to unix://
* initial commit for prometheus and sys/metrics support
* Throw an error if prometheusRetentionTime is 0,add prometheus in devmode
* return when format=prometheus is used and prom is disable
* parse prometheus_retention_time from string instead of int
* Initialize config.Telemetry if nil
* address PR issues
* add sys/metrics framework.Path in a factory
* Apply requiredMountTable entries's MountConfig to existing core table
* address pr comments
* enable prometheus sink by default
* Move Metric-related code in a separate metricsutil helper
* fix default rendering of svg and allow plugins access to mount tune form
* add auth-jwt component
* add callback route, and allow it to be navigated to on load
* add jwt as a supported auth method
* use auth-jwt component and implement intial oidc flow
* allow wrapping un-authed requests
* pass redirect_url and properly redirect with the wrapped token
* popup for login
* center popup window and move to localStorage events for cross window communication because of IE11
* access window via a getter on the auth-form component
* show OIDC provider name on the button
* fetch default role on render of the auth-jwt component
* simplify auth-form template
* style callback page
* refetch auth_url when path changes for auth-jwt component
* fix glimmer error on alias metadata, and add back popup-metadata component
* fix link in metadata page
* add logo-edition component and remove use of partial for logo svg
* render oidc callback template on the loading page if we're going there
* add docs icon and change timeout on the auth form
* move OIDC auth specific things to auth-jwt component
* start to add branded buttons for OIDC providers
* add google button
* finish branded buttons
* update glyph for error messages
* update tests for auth screen not showing tabs, add adapter tests and new auth jwt tests
* start auth-jwt tests
* simplify auth-jwt
* remove negative top margin on AlertInline
* only preventDefault if there's an event
* fill out tests
* sort out some naming
* feedback on templates and styles
* clear error when starting OIDC auth and call for new auth_url
* also allow 'oidc' as the auth method type
* handle namespaces with OIDC auth
* review feedback
* use new getters in popup-metadata
* Fixes a regression in forwarding from #6115
Although removing the authentication header is good defense in depth,
for forwarding mechanisms that use the raw request, we never add it
back. This caused perf standby tests to throw errors. Instead, once
we're past the point at which we would do any raw forwarding, but before
routing the request, remove the header.
To speed this up, a flag is set in the logical.Request to indicate where
the token is sourced from. That way we don't iterate through maps
unnecessarily.
* Merge entities during unseal only on the primary
* Add another guard check
* Add perf standby to the check
* Make primary to not differ from case-insensitivity status w.r.t secondaries
* Ensure mutual exclusivity between loading and invalidations
* Both primary and secondaries won't persist during startup and invalidations
* Allow primary to persist when loading case sensitively
* Using core.perfStandby
* Add a tweak in core for testing
* Address review feedback
* update memdb but not storage in secondaries
* Wire all the things directly do mergeEntity
* Fix persist behavior
* Address review feedback