* Sync up Agent and API's renewers.
This introduces a new type, LifetimeWatcher, which can handle both
renewable and non-renewable secrets, modeled after the version in Agent.
It allows the user to select behavior, with the new style being the
default when calling Start(), and old style if using the legacy Renew()
call.
No tests have been modified (except for reflect issues) and no other
code has been modified to make sure the changes are backwards
compatible.
Once this is accepted I'll pull the Agent version out.
* Move compat flags to NewRenewer
* Port agent to shared lifetime watcher lib
Don't just use the presence of it to indicate behavior.
Fixes#7323
Also, fixes a bug where if an error was returned along with a status
code, the status code was being ignored.
* Handpick cluster cipher suites when they're not user-set
There is an undocumented way for users to choose cluster cipher suites
but for the most part this is to paper over the fact that there are
undesirable suites in TLS 1.2.
If not explicitly set, have the set of cipher suites for the cluster
port come from a hand-picked list; either the allowed TLS 1.3 set (for
forwards compatibility) or the three identical ones for TLS 1.2.
The 1.2 suites have been supported in Go until at least as far back as
Go 1.9 from two years ago. As a result in cases where no specific suites
have been chosen this _ought_ to have no compatibility issues.
Also includes a useful test script.
* Fix unordered imports
* Allow Raft node ID to be set via the environment variable `VAULT_RAFT_NODE_ID`
* Allow Raft path to be set via the environment variable `VAULT_RAFT_PATH`
* Prioritize the environment when fetching the Raft configuration values
Values in environment variables should override the config as per the
documentation as well as common sense.
* embed yarn binary using yarn policies set-version and loosen the restriction on yarn in the dockerfile and the package.json
* don't lint the embedded yarn package
* rename mount-filter-config models, components, serializer, adapters to path-filter-config
* move search-select component to core addon
* add js class for search-select-placeholder and sort out power-select deps for moving to the core component
* expose oninput from powerselect through search-select
* don't fetch mounts in the replication routes
* remove toggle from add template
* start cross-namespace fetching
* group options and set up for namespace fetch via power-select search prop
* add and style up radio-card CSS component
* add xlm size for icons between l and xl
* copy defaults so they're not getting mutated
* finalize cross-namespace fetching and getting that to work with power-select
* when passing options but no models, format the options in search select so that they render properly in the list
* tint the background of a selected radio card
* default to null mode and uniq options in search-select
* finish styling radio-card
* format inputValues when first rendering the component if options are being passed from outside
* treat mode:null as deleting existing config which simplifies save logic
* correctly prune the auto complete list since path-filter-config-list handles all of that and finish styling
* remove old component
* add search debounce and fix linting
* update search-select docs
* updating tests
* support grouped options for when to show the create prompt
* update and add tests for path-filter-config-list
* fix tests for search-select and path-filter-config-list
* the new api uses allow/deny instead of whitelist/blacklist
The example request for "Generate Intermediate" was type "internal", but the example response contained the private key, which "internal" doesn't do. This patch fixes the example request to be type "exported" to match the example response.
Jeff Mitchell