The result will still pass gofmtcheck and won't trigger additional
changes if someone isn't using goimports, but it will avoid the
piecemeal imports changes we've been seeing.
When Vault is concurrently creating and revoking leases for MongoDB
users as part of the database secrets engine, and then loses connection
to MongoDB, it can panic. This occurrs because the RevokeUser path does
_not_ lock the mutex, but the CreateUser path does. Both threads of
execution can concurently decide to call c.session.Close() in
mongodb/connection_producer.go:119, and then mgo panics when the second
close attempt occurs.
1) In backends, ensure they are now using TokenPolicies
2) Don't reassign auth.Policies until after expmgr registration as we
don't need them at that point
Fixes#4829
* redoing connection handling
* a little more cleanup
* empty implementation of rotation
* updating rotate signature
* signature update
* updating interfaces again :(
* changing back to interface
* adding templated url support and rotation for postgres
* adding correct username
* return updates
* updating statements to be a list
* adding error sanitizing middleware
* fixing log sanitizier
* adding postgres rotate test
* removing conf from rotate
* adding rotate command
* adding mysql rotate
* finishing up the endpoint in the db backend for rotate
* no more structs, just store raw config
* fixing tests
* adding db instance lock
* adding support for statement list in cassandra
* wip redoing interface to support BC
* adding falllback for Initialize implementation
* adding backwards compat for statements
* fix tests
* fix more tests
* fixing up tests, switching to new fields in statements
* fixing more tests
* adding mssql and mysql
* wrapping all the things in middleware, implementing templating for mongodb
* wrapping all db servers with error santizer
* fixing test
* store the name with the db instance
* adding rotate to cassandra
* adding compatibility translation to both server and plugin
* reordering a few things
* store the name with the db instance
* reordering
* adding a few more tests
* switch secret values from slice to map
* addressing some feedback
* reinstate execute plugin after resetting connection
* set database connection to closed
* switching secret values func to map[string]interface for potential future uses
* addressing feedback
This was in the deprecated backend where it fixed a similar issue a long
time ago but for some reason didn't make it over. Additionally the
function wasn't being locked properly.
Hopefully fixes#2973
* Start work on context aware backends
* Start work on moving the database plugins to gRPC in order to pass context
* Add context to builtin database plugins
* use byte slice instead of string
* Context all the things
* Move proto messages to the dbplugin package
* Add a grpc mechanism for running backend plugins
* Serve the GRPC plugin
* Add backwards compatibility to the database plugins
* Remove backend plugin changes
* Remove backend plugin changes
* Cleanup the transport implementations
* If grpc connection is in an unexpected state restart the plugin
* Fix tests
* Fix tests
* Remove context from the request object, replace it with context.TODO
* Add a test to verify netRPC plugins still work
* Remove unused mapstructure call
* Code review fixes
* Code review fixes
* Code review fixes
* Initial work on write concern support, set for the lifetime of the session
* Add base64 encoded value support, include docs and tests
* Handle error from json.Unmarshal, fix test and docs
* Remove writeConcern struct, move JSON unmarshal to Initialize
* Return error on empty mapping of write_concern into mgo.Safe struct