* Forward PKI revocation requests received by standby nodes to active node
- A refactoring that occurred in 1.13 timeframe removed what was
considered a specific check for standby nodes that wasn't required
as a writes should be returning ErrReadOnly.
- That sadly exposed a long standing bug where the errors from the
storage layer were not being properly wrapped, hiding the ErrReadOnly
coming from a write and failing the request.
* Add cl
* Add test for basic PKI operations against standby nodes
* fix data race on plugin reload
* add changelog
* add comment for posterity
* revert comment and return assignment in router.go
* rework plugin continue on error tests to use compilePlugin
* fix race condition on route entry
* add test for plugin reload and rollback race detection
* add go doc for test
* Add support for importing RSA-PSS keys in Transit
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
* Add changelog entry
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
---------
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
* replace use of os.Unsetenv in test with t.Setenv and remove t.Parallel from test that rely on env being modified.
* experiment with using fromJSON function
* revert previous experiment
* including double quotes in the output value for the string ubuntu-latest
* use go run to launch gofumpt
* bug: correct handling of the zero int64 value
* Update changelog/18729.txt
---------
Co-authored-by: valli_0x <personallune@mail.ru>
Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com>
* glimmerize alert-banner
* structure for the DocLink todo: css important remove
* styling done. kind of strange, but should help in future
* clean up
* test coverage
* changelog
* address pr comments
* clean up
* amended language on banner to match most recent change.
* add return
* clean up
* modify the banner title and shorten message
* update language
* don't error for other message events
Signed-off-by: David van der Spek <vanderspek.david@gmail.com>
* add changelog
Signed-off-by: David van der Spek <vanderspek.david@gmail.com>
* rename release note for changelog
Signed-off-by: David van der Spek <vanderspek.david@gmail.com>
---------
Signed-off-by: David van der Spek <vanderspek.david@gmail.com>
* Migrate subset of CircleCI ci workflow to GitHub Actions
Runs test-go and test-go-remote-docker with a static splitting of test packages
* [skip actions] add comment to explain the purpose of test-generate-test-package-lists.sh and what to do if it fails
* change trigger to push
---------
Co-authored-by: Kuba Wieczorek <kuba.wieczorek@hashicorp.com>
* Fix cubbyhole and revocation for legacy service tokens
Legacy service tokens generated in Vault 1.10+ with env var
VAULT_DISABLE_SERVER_SIDE_CONSISTENT_TOKENS=true are not assigned
a cubbyhole ID. The implication is that cubbyhole/ cannot be
used, nor can the tokens be revoked.
This commit assigns a cubbyhole ID to these tokens and adds
a new test case to see that cubbyhole and revocation works correctly.
* add changelog
* add godoc to test cases
Alexander Scheel