When reading the config, we attempt to detect if the running Vault
instance has been changed from its Enterprise status on write.
Similarly, we should detect if the mount is a local mount instead. While
this isn't changeable at runtime, using sys/raw to side-load an invalid
config could be possible.
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
Sometimes the tests will modify the client to set a namespace; this
results in testhelpers sometimes trying to access sys/ endpoints with a
namespace, which usually don't work well.
Detect an unset namespaces, if present, before executing, and restore
afterwards so as not to affect the tests.
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
* Log, don't err, on unified delta WAL write failure
When the PBPWF fails on the Active node of a PR Secondary cluster with a
read-only failure, there is no value in forwarding this request up to
the Active node of the PR Primary cluster: it does not have the local
revocation context necessary to write a Delta WAL entry for this
request, and would likely end up writing a cross-cluster revocation
entry (if it is enabled) or else erring completely.
Instead, log this error like we do when failing to write unified CRL
entries. Switch both to using Error instead of Debug for this type of
failure.
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
* Add changelog entry
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
---------
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
When testing the Rollback Manager's one-time invocation in Enterprise,
it was noticed that due to the channel being closed, we'd always hit
this case and thus spam logs rather quickly with this message.
Switch to a boolean flip to log this once, as it is not executed in
parallel and thus doesn't need a sync.Once.
This only affected anyone calling the test core's
StopAutomaticRollbacks() helper.
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
Please see https://github.com/hashicorp/vault/pull/19319 for more details on how this will affect the generated OpenAPI schema.
____
### The following OperationID's will be generated for GitHub auth:
github-read-configuration
github-configure
github-log-in
github-read-teams
github-read-team-mapping
github-write-team-mapping
github-delete-team-mapping
github-read-users
github-read-user-mapping
github-write-user-mapping
github-delete-user-mapping
Please see #19319 for more details on how this will affect the generated OpenAPI schema.
___
The following OperationID's will be generated for Nomad plugin:
nomad-read-access-configuration
nomad-configure-access
nomad-delete-access-configuration
nomad-read-lease-configuration
nomad-configure-lease
nomad-delete-lease-configuration
nomad-generate-credentials
nomad-list-roles
nomad-read-role
nomad-write-role
nomad-delete-role
I was wondering why the default VaultAuth CR was not created. It was due the fact that I copy/pasted the snippet from the docs here, which has the wrong key.
* update index.mdx with correct installation doc ref
update index.mdx with installation doc ref to point to the right installation.mdx path
* Update installation ref
Update installation ref
* Update index ref without relative path
Update installation doc index ref without relative path
* updates github workflows to read node version from .nvmrc file
* updates to double quotes for shell expression
* removes set-output workflow command
* updates to use node-version-file option for gh workflows
* pins node version to 16