* Use a role cache to avoid separate locking paths
Due to the various locked/nonlocked paths we had a case where we weren't
always checking for secondary status before trying to upgrade. This
broadly simplifies things by using a cache to store the current role
values (avoiding a lot of storage hits) and updating the cache on any
write, delete, or invalidation.
* add no-jquery rule and move event listeners to ember-concurrency tasks
* remove unnecessary onchange and handleKeyDown actions
* add element.closest polyfill and convert linked-block to use native dom apis
* update pretender, fetch, page-object, add optional-features, remove ember/jquery
* turn off jquery inclusion
* remove jQuery.isPlainObject usage
* violatedDirective isn't always formatted the same
* use fetch and the ember-fetch adapter mixin
* move to fetch and lowercase headers for pretender
* display non-ember-data errors
* use new async fn test style and lowercase headers in auth service test
* setContext is not necessary with the new style tests and ember-cli-page-object - it actually triggers jquery usage
* update ember-fetch, ember-cli-pretender
* wait for permissions check
* lowercase header name in auth test
* refactor transit tests to one test per key type
* simplify pollCluster helper
* stop flakey tests by prefering the native fetch
* avoid uncaught TransitionAborted error by navigating directly to unseal
* unset model on controller after unloading it because controllers are singletons
* update yarn.lock
* Add http request volume table (#6765)
* init http metrics page
* remove flex-table-column
* add http requests table
* calculate percent change between each counter
* start percent change tests
* style request table
* show percent more/less glyph
* add percent more less tests
* add inline alert about recorded metrics
* make arrows diagonal
* remove conditional inside countersWithChange
* add better error msg
* use tagName and wrapping element a la glimmer components
* extend ClusterRouteBase so auth and seal checks happen
* make table accessible
* remove curlies
* add HttpRequestsTable to storybook
* make table accessible
* use qunit dom for better assertions
* remove EmptyState since we will never have 0 requests
* ensure counters is set in test context
* Http request volume/add barchart (#6814)
* Add http request volume table (#6765)
* init http metrics page
* remove flex-table-column
* add http requests table
* calculate percent change between each counter
* start percent change tests
* style request table
* show percent more/less glyph
* add percent more less tests
* add inline alert about recorded metrics
* make arrows diagonal
* remove conditional inside countersWithChange
* add better error msg
* use tagName and wrapping element a la glimmer components
* extend ClusterRouteBase so auth and seal checks happen
* make table accessible
* remove curlies
* add HttpRequestsTable to storybook
* make table accessible
* use qunit dom for better assertions
* remove EmptyState since we will never have 0 requests
* ensure counters is set in test context
* add http-requests-bar-chart
* add HttpRequestsBarChart tests
* add HttpRequestsBarChart to Storybook
* format total number of requests according to locale
* do not show extra minus sign when percent change is negative
* add link to request metrics in status bar menu
* only show bar chart if we have data for more than 1 month
* make ticks lighter
* ensure charts show data for correct month
* make example counters response look like the adapter response instead of the raw api response
* ensure ui shows the same utc date as the api response
* add format-utc tests
* downgrade to d3 v4 to support ie11
* add gridlines
* move dasharray to css
* use scheduleOnce instead of debounce to prevent multiple re-renders
* add key function to bars
* add exit case when data is no longer in parsedCounters
* fix timestamp in table test
* fix timestamps
* use utcParse and fallback to isoParse for non-UTC dates
* fix bar chart tests
* Add priority queue to sdk
* fix issue of storing pointers and now copy
* update to use copy structure
* Remove file, put Item struct def. into other file
* add link
* clean up docs
* refactor internal data structure to hide heap method implementations. Other cleanup after feedback
* rename PushItem and PopItem to just Push/Pop, after encapsulating the heap methods
* updates after feedback
* refactoring/renaming
* guard against pushing a nil item
* minor updates after feedback
* Add SetCredentials, GenerateCredentials gRPC methods to combined database backend gPRC
* Initial Combined database backend implementation of static accounts and automatic rotation
* vendor updates
* initial implementation of static accounts with Combined database backend, starting with PostgreSQL implementation
* add lock and setup of rotation queue
* vendor the queue
* rebase on new method signature of queue
* remove mongo tests for now
* update default role sql
* gofmt after rebase
* cleanup after rebasing to remove checks for ErrNotFound error
* rebase cdcr-priority-queue
* vendor dependencies with 'go mod vendor'
* website database docs for Static Role support
* document the rotate-role API endpoint
* postgres specific static role docs
* use constants for paths
* updates from review
* remove dead code
* combine and clarify error message for older plugins
* Update builtin/logical/database/backend.go
Co-Authored-By: Jim Kalafut <jim@kalafut.net>
* cleanups from feedback
* code and comment cleanups
* move db.RLock higher to protect db.GenerateCredentials call
* Return output with WALID if we failed to delete the WAL
* Update builtin/logical/database/path_creds_create.go
Co-Authored-By: Jim Kalafut <jim@kalafut.net>
* updates after running 'make fmt'
* update after running 'make proto'
* Update builtin/logical/database/path_roles.go
Co-Authored-By: Brian Kassouf <briankassouf@users.noreply.github.com>
* Update builtin/logical/database/path_roles.go
Co-Authored-By: Brian Kassouf <briankassouf@users.noreply.github.com>
* update comment and remove and rearrange some dead code
* Update website/source/api/secret/databases/index.html.md
Co-Authored-By: Jim Kalafut <jim@kalafut.net>
* cleanups after review
* Update sdk/database/dbplugin/grpc_transport.go
Co-Authored-By: Brian Kassouf <briankassouf@users.noreply.github.com>
* code cleanup after feedback
* remove PasswordLastSet; it's not used
* document GenerateCredentials and SetCredentials
* Update builtin/logical/database/path_rotate_credentials.go
Co-Authored-By: Brian Kassouf <briankassouf@users.noreply.github.com>
* wrap pop and popbykey in backend methods to protect against nil cred rotation queue
* use strings.HasPrefix instead of direct equality check for path
* Forgot to commit this
* updates after feedback
* re-purpose an outdated test to now check that static and dynamic roles cannot share a name
* check for unique name across dynamic and static roles
* refactor loadStaticWALs to return a map of name/setCredentialsWAL struct to consolidate where we're calling set credentials
* remove commented out code
* refactor to have loadstaticwals filter out wals for roles that no longer exist
* return error if nil input given
* add nil check for input into setStaticAccount
* Update builtin/logical/database/path_roles.go
Co-Authored-By: Brian Kassouf <briankassouf@users.noreply.github.com>
* add constant for queue tick time in seconds, used for comparrison in updates
* Update builtin/logical/database/path_roles.go
Co-Authored-By: Jim Kalafut <jim@kalafut.net>
* code cleanup after review
* remove misplaced code comment
* remove commented out code
* create a queue in the Factory method, even if it's never used
* update path_roles to use a common set of fields, with specific overrides for dynamic/static roles by type
* document new method
* move rotation things into a specific file
* rename test file and consolidate some static account tests
* Update builtin/logical/database/path_roles.go
Co-Authored-By: Brian Kassouf <briankassouf@users.noreply.github.com>
* Update builtin/logical/database/rotation.go
Co-Authored-By: Brian Kassouf <briankassouf@users.noreply.github.com>
* Update builtin/logical/database/rotation.go
Co-Authored-By: Brian Kassouf <briankassouf@users.noreply.github.com>
* Update builtin/logical/database/rotation.go
Co-Authored-By: Brian Kassouf <briankassouf@users.noreply.github.com>
* Update builtin/logical/database/rotation.go
Co-Authored-By: Brian Kassouf <briankassouf@users.noreply.github.com>
* Update builtin/logical/database/rotation.go
Co-Authored-By: Brian Kassouf <briankassouf@users.noreply.github.com>
* update code comments, method names, and move more methods into rotation.go
* update comments to be capitalized
* remove the item from the queue before we try to destroy it
* findStaticWAL returns an error
* use lowercase keys when encoding WAL entries
* small cleanups
* remove vestigial static account check
* remove redundant DeleteWAL call in populate queue
* if we error on loading role, push back to queue with 10 second backoff
* poll in initqueue to make sure the backend is setup and can write/delete data
* add revoke_user_on_delete flag to allow users to opt-in to revoking the static database user on delete of the Vault role. Default false
* add code comments on read-only loop
* code comment updates
* re-push if error returned from find static wal
* add locksutil and acquire locks when pop'ing from the queue
* grab exclusive locks for updating static roles
* Add SetCredentials and GenerateCredentials stubs to mockPlugin
* add a switch in initQueue to listen for cancelation
* remove guard on zero time, it should have no affect
* create a new context in Factory to pass on and use for closing the backend queue
* restore master copy of vendor dir
* Fix a deadlock if a panic happens during request handling
During request handling, if a panic is created, deferred functions are
run but otherwise execution stops. #5889 changed some locks to
non-defers but had the side effect of causing the read lock to not be
released if the request panicked. This fixes that and addresses a few
other potential places where things could go wrong:
1) In sealInitCommon we always now defer a function that unlocks the
read lock if it hasn't been unlocked already
2) In StepDown we defer the RUnlock but we also had two error cases that
were calling it manually. These are unlikely to be hit but if they were
I believe would cause a panic.
* Add panic recovery test
This allows us to truly delete policies when we've either invalidated it
(which since they're singletons/default should only happen when we're
doing a namespace delete) or are doing a namespace delete on the local
node.