This project is mirrored from https://gitee.com/NQL886/vault.git. Pull mirroring failed .
Repository mirroring has been paused due to too many failed attempts. It can be resumed by a project maintainer.
  1. 14 Oct, 2020 2 commits
  2. 12 Oct, 2020 1 commit
  3. 09 Oct, 2020 1 commit
  4. 23 Sep, 2020 1 commit
    • ncabatoff's avatar
      Logging tweaks, mostly for tests (#10028) · 066678f5
      ncabatoff authored
      Fix some places where raft wasn't hooking into the core logger as it should.
      Revisited the code that was setting the log level to Error during cleanup: it's normal for there to be a bunch of errors then, which makes it harder to see what went wrong up to the point where the test was deemed to have failed.  So now, instead of setting log level to Error, we actually stop logging altogether.  This only applies if the test didn't pass in its own logger during cluster creation, but we should be moving away from that anyway.
      066678f5
  5. 22 Sep, 2020 1 commit
  6. 16 Sep, 2020 1 commit
  7. 10 Aug, 2020 1 commit
  8. 07 Aug, 2020 1 commit
  9. 27 Jul, 2020 1 commit
  10. 22 Jul, 2020 1 commit
  11. 10 Jul, 2020 1 commit
  12. 09 Jul, 2020 2 commits
  13. 23 Jun, 2020 1 commit
    • Calvin Leung Huang's avatar
      raft: add support for using backend for ha_storage (#9193) · 045836da
      Calvin Leung Huang authored
      
      * raft: initial work on raft ha storage support
      
      * add note on join
      
      * add todo note
      
      * raft: add support for bootstrapping and joining existing nodes
      
      * raft: gate bootstrap join by reading leader api address from storage
      
      * raft: properly check for raft-only for certain conditionals
      
      * raft: add bootstrap to api and cli
      
      * raft: fix bootstrap cli command
      
      * raft: add test for setting up new cluster with raft HA
      
      * raft: extend TestRaft_HA_NewCluster to include inmem and consul backends
      
      * raft: add test for updating an existing cluster to use raft HA
      
      * raft: remove debug log lines, clean up verifyRaftPeers
      
      * raft: minor cleanup
      
      * raft: minor cleanup
      
      * Update physical/raft/raft.go
      Co-authored-by: default avatarBrian Kassouf <briankassouf@users.noreply.github.com>
      
      * Update vault/ha.go
      Co-authored-by: default avatarBrian Kassouf <briankassouf@users.noreply.github.com>
      
      * Update vault/ha.go
      
      Co-authored-by: Brian Kassouf <briankasso...
      045836da
  14. 16 Jun, 2020 1 commit
    • Mike Jarmy's avatar
      Test Shamir-to-Transit and Transit-to-Shamir Seal Migration for post-1.4 Vault. (#9214) · ec904e72
      Mike Jarmy authored
      
      * move adjustForSealMigration to vault package
      
      * fix adjustForSealMigration
      
      * begin working on new seal migration test
      
      * create shamir seal migration test
      
      * refactor testhelpers
      
      * add VerifyRaftConfiguration to testhelpers
      
      * stub out TestTransit
      
      * Revert "refactor testhelpers"
      
      This reverts commit 39593defd0d4c6fd79aedfd37df6298391abb9db.
      
      * get shamir test working again
      
      * stub out transit join
      
      * work on transit join
      
      * remove debug code
      
      * initTransit now works with raft join
      
      * runTransit works with inmem
      
      * work on runTransit with raft
      
      * runTransit works with raft
      
      * cleanup tests
      
      * TestSealMigration_TransitToShamir_Pre14
      
      * TestSealMigration_ShamirToTransit_Pre14
      
      * split for pre-1.4 testing
      
      * add simple tests for transit and shamir
      
      * fix typo in test suite
      
      * debug wrapper type
      
      * test debug
      
      * test-debug
      
      * refactor core migration
      
      * Revert "refactor core migration"
      
      This reverts commit a776452d32a9dca7a51e3df4a76b9234d8c0c7ce.
      
      * begin refactor of adjustForSealMigration
      
      * fix bug in adjustForSealMigration
      
      * clean up tests
      
      * clean up core refactoring
      
      * fix bug in shamir->transit migration
      
      * stub out test that brings individual nodes up and down
      
      * refactor NewTestCluster
      
      * pass listeners into newCore()
      
      * simplify cluster address setup
      
      * simplify extra test core setup
      
      * refactor TestCluster for readability
      
      * refactor TestCluster for readability
      
      * refactor TestCluster for readability
      
      * add shutdown func to TestCore
      
      * add cleanup func to TestCore
      
      * create RestartCore
      
      * stub out TestSealMigration_ShamirToTransit_Post14
      
      * refactor address handling in NewTestCluster
      
      * fix listener setup in newCore()
      
      * remove unnecessary lock from setSealsForMigration()
      
      * rename sealmigration test package
      
      * use ephemeral ports below 30000
      
      * work on post-1.4 migration testing
      
      * clean up pre-1.4 test
      
      * TestSealMigration_ShamirToTransit_Post14 works for non-raft
      
      * work on raft TestSealMigration_ShamirToTransit_Post14
      
      * clean up test code
      
      * refactor TestClusterCore
      
      * clean up TestClusterCore
      
      * stub out some temporary tests
      
      * use HardcodedServerAddressProvider in seal migration tests
      
      * work on raft for TestSealMigration_ShamirToTransit_Post14
      
      * always use hardcoded raft address provider in seal migration tests
      
      * debug TestSealMigration_ShamirToTransit_Post14
      
      * fix bug in RestartCore
      
      * remove debug code
      
      * TestSealMigration_ShamirToTransit_Post14 works now
      
      * clean up debug code
      
      * clean up tests
      
      * cleanup tests
      
      * refactor test code
      
      * stub out TestSealMigration_TransitToShamir_Post14
      
      * set seals properly for transit->shamir migration
      
      * migrateFromTransitToShamir_Post14 works for inmem
      
      * migrateFromTransitToShamir_Post14 works for raft
      
      * use base ports per-test
      
      * fix seal verification test code
      
      * simplify seal migration test suite
      
      * simplify test suite
      
      * cleanup test suite
      
      * use explicit ports below 30000
      
      * simplify use of numTestCores
      
      * Update vault/external_tests/sealmigration/seal_migration_test.go
      Co-authored-by: default avatarCalvin Leung Huang <cleung2010@gmail.com>
      
      * Update vault/external_tests/sealmigration/seal_migration_test.go
      Co-authored-by: default avatarCalvin Leung Huang <cleung2010@gmail.com>
      
      * clean up imports
      
      * rename to StartCore()
      
      * Update vault/testing.go
      Co-authored-by: default avatarCalvin Leung Huang <cleung2010@gmail.com>
      
      * simplify test suite
      
      * clean up tests
      Co-authored-by: default avatarCalvin Leung Huang <cleung2010@gmail.com>
      ec904e72
  15. 12 Jun, 2020 1 commit
  16. 11 Jun, 2020 2 commits
    • Mike Jarmy's avatar
      Test pre-1.4 seal migration (#9085) · 3d02fb4b
      Mike Jarmy authored
      * enable seal wrap in all seal migration tests
      
      * move adjustForSealMigration to vault package
      
      * fix adjustForSealMigration
      
      * begin working on new seal migration test
      
      * create shamir seal migration test
      
      * refactor testhelpers
      
      * add VerifyRaftConfiguration to testhelpers
      
      * stub out TestTransit
      
      * Revert "refactor testhelpers"
      
      This reverts commit 39593defd0d4c6fd79aedfd37df6298391abb9db.
      
      * get shamir test working again
      
      * stub out transit join
      
      * work on transit join
      
      * Revert "move resuable storage test to avoid creating import cycle"
      
      This reverts commit b3ff2317381a5af12a53117f87d1c6fbb093af6b.
      
      * remove debug code
      
      * initTransit now works with raft join
      
      * runTransit works with inmem
      
      * work on runTransit with raft
      
      * runTransit works with raft
      
      * get rid of dis-used test
      
      * cleanup tests
      
      * TestSealMigration_TransitToShamir_Pre14
      
      * TestSealMigration_ShamirToTransit_Pre14
      
      * split for pre-1.4 testing
      
      * add simple tests for transit and shamir
      
      * fix typo in test suite
      
      * debug wrapper type
      
      * test debug
      
      * test-debug
      
      * refactor core migration
      
      * Revert "refactor core migration"
      
      This reverts commit a776452d32a9dca7a51e3df4a76b9234d8c0c7ce.
      
      * begin refactor of adjustForSealMigration
      
      * fix bug in adjustForSealMigration
      
      * clean up tests
      
      * clean up core refactoring
      
      * fix bug in shamir->transit migration
      
      * remove unnecessary lock from setSealsForMigration()
      
      * rename sealmigration test package
      
      * use ephemeral ports below 30000
      
      * simplify use of numTestCores
      3d02fb4b
    • ncabatoff's avatar
      de62507b
  17. 21 May, 2020 1 commit
  18. 14 May, 2020 2 commits
    • Jeff Mitchell's avatar
    • Mike Jarmy's avatar
      Test reusable storage (#8983) · 8813dc73
      Mike Jarmy authored
      * stub out reusable storage test
      
      * implement reusable inmem test
      
      * work on reusable raft test
      
      * stub out simple raft test
      
      * switch to reusable raft storage
      
      * cleanup tests
      
      * cleanup tests
      
      * refactor tests
      
      * verify raft configuration
      
      * cleanup tests
      
      * stub out reuseStorage
      
      * use common base address across clusters
      
      * attempt to reuse raft cluster
      
      * tinker with test
      
      * fix typo
      
      * start debugging
      
      * debug raft configuration
      
      * add BaseClusterListenPort to TestCluster options
      
      * use BaseClusterListenPort in test
      
      * raft join works now
      
      * misc cleanup of raft tests
      
      * use configurable base port for raft test
      
      * clean up raft tests
      
      * add parallelized tests for all backends
      
      * clean up reusable storage tests
      
      * remove debugging code from startClusterListener()
      
      * improve comments in testhelpers
      
      * improve comments in teststorage
      
      * improve comments and test logging
      
      * fix typo in vault/testing
      
      * fix typo in comments
      
      * remove debugging code
      
      * make number of cores parameterizable in test
      8813dc73
  19. 05 May, 2020 1 commit
  20. 01 May, 2020 1 commit
  21. 15 Feb, 2020 1 commit
  22. 13 Feb, 2020 3 commits
    • Vishal Nayak's avatar
      Seal migration with Raft (#8103) · 9f980ade
      Vishal Nayak authored
      
      * Seal migration after unsealing
      
      * Refactor migration fields migrationInformation in core
      
      * Perform seal migration as part of postUnseal
      
      * Remove the sleep logic
      
      * Use proper seal in the unseal function
      
      * Fix migration from Auto to Shamir
      
      * Fix the recovery config missing issue
      
      * Address the non-ha migration case
      
      * Fix the multi cluster case
      
      * Avoid re-running seal migration
      
      * Run the post migration code in new leaders
      
      * Fix the issue of wrong recovery being set
      
      * Address review feedback
      
      * Add more complete testing coverage for seal migrations.   (#8247)
      
      * Add more complete testing coverage for seal migrations.  Also remove VAULT_ACC gate from some tests that just depend on docker, cleanup dangling recovery config in storage after migration, and fix a call in adjustCoreForSealMigration that seems broken.
      
      * Fix the issue of wrong recovery key being set
      
      * Adapt tests to work with multiple cores.
      
      * Add missing line to disable raft join.
      Co-authored-by: default avatarVishal Nayak <vishalnayak@users.noreply.github.com>
      
      * Fix all known issues
      
      * Remove warning
      
      * Review feedback.
      
      * Revert my previous change that broke raft tests.  We'll need to come back and at least comment
      this once we better understand why it's needed.
      
      * Don't allow migration between same types for now
      
      * Disable auto to auto tests for now since it uses migration between same types which is not allowed
      
      * Update vault/core.go
      Co-Authored-By: default avatarBrian Kassouf <briankassouf@users.noreply.github.com>
      
      * Add migration logs
      
      * Address review comments
      
      * Add the recovery config check back
      
      * Skip a few steps if migration is already done
      
      * Return from waitForLeadership if migration fails
      Co-authored-by: default avatarncabatoff <nick.cabatoff@gmail.com>
      Co-authored-by: default avatarBrian Kassouf <briankassouf@users.noreply.github.com>
      9f980ade
    • Jeff Malnick's avatar
      Add redshift database plugin (#8299) · 942dd1ef
      Jeff Malnick authored
      
      * feat: add redshift database plugin
      
      * build: update vendored libraries
      
      * docs: add reference doc for redshift variant of the database secrets engine
      
      * feat: set middlewear type name for better metrics naming (#8346)
      Co-authored-by: default avatarBecca Petrin <beccapetrin@gmail.com>
      942dd1ef
    • Jeff Mitchell's avatar
      Bump api/sdk and fix imports · 6ca61fa2
      Jeff Mitchell authored
      6ca61fa2
  23. 07 Feb, 2020 1 commit
  24. 06 Feb, 2020 1 commit
  25. 05 Feb, 2020 1 commit
  26. 17 Jan, 2020 1 commit
  27. 11 Jan, 2020 1 commit
  28. 22 Oct, 2019 1 commit
  29. 18 Oct, 2019 1 commit
    • ncabatoff's avatar
      Shamir seals now come in two varieties: legacy and new-style. (#7694) · afcba411
      ncabatoff authored
      Shamir seals now come in two varieties: legacy and new-style. Legacy
      Shamir is automatically converted to new-style when a rekey operation
      is performed. All new Vault initializations using Shamir are new-style.
      
      New-style Shamir writes an encrypted master key to storage, just like
      AutoUnseal. The stored master key is encrypted using the shared key that
      is split via Shamir's algorithm. Thus when unsealing, we take the key
      fragments given, combine them into a Key-Encryption-Key, and use that
      to decrypt the master key on disk. Then the master key is used to read
      the keyring that decrypts the barrier.
      afcba411
  30. 17 Oct, 2019 1 commit
  31. 15 Oct, 2019 1 commit
    • Vishal Nayak's avatar
      Recovery Mode (#7559) · 2f4ae7f2
      Vishal Nayak authored
      * Initial work
      
      * rework
      
      * s/dr/recovery
      
      * Add sys/raw support to recovery mode (#7577)
      
      * Factor the raw paths out so they can be run with a SystemBackend.
      
      # Conflicts:
      #	vault/logical_system.go
      
      * Add handleLogicalRecovery which is like handleLogical but is only
      sufficient for use with the sys-raw endpoint in recovery mode.  No
      authentication is done yet.
      
      * Integrate with recovery-mode.  We now handle unauthenticated sys/raw
      requests, albeit on path v1/raw instead v1/sys/raw.
      
      * Use sys/raw instead raw during recovery.
      
      * Don't bother persisting the recovery token.  Authenticate sys/raw
      requests with it.
      
      * RecoveryMode: Support generate-root for autounseals (#7591)
      
      * Recovery: Abstract config creation and log settings
      
      * Recovery mode integration test. (#7600)
      
      * Recovery: Touch up (#7607)
      
      * Recovery: Touch up
      
      * revert the raw backend creation changes
      
      * Added recovery operation token prefix
      
      * Move RawBackend to its own file
      
      * Update API path and hit it using CLI flag on generate-root
      
      * Fix a panic triggered when handling a request that yields a nil response. (#7618)
      
      * Improve integ test to actually make changes while in recovery mode and
      verify they're still there after coming back in regular mode.
      
      * Refuse to allow a second recovery token to be generated.
      
      * Resize raft cluster to size 1 and start as leader (#7626)
      
      * RecoveryMode: Setup raft cluster post unseal (#7635)
      
      * Setup raft cluster post unseal in recovery mode
      
      * Remove marking as unsealed as its not needed
      
      * Address review comments
      
      * Accept only one seal config in recovery mode as there is no scope for migration
      2f4ae7f2
  32. 08 Oct, 2019 1 commit
    • Calvin Leung Huang's avatar
      sys/config: config state endpoint (#7424) · 656b113d
      Calvin Leung Huang authored
      * sys/config: initial work on adding config state endpoint
      
      * server/config: add tests, fix Sanitized method
      
      * thread config through NewTestCluster's config to avoid panic on dev modes
      
      * properly guard endpoint against request forwarding
      
      * add http tests, guard against panics on nil RawConfig
      
      * ensure non-nil rawConfig on NewTestCluster cores
      
      * update non-forwarding logic
      
      * fix imports; use no-forward handler
      
      * add missing config test fixture; update gitignore
      
      * return sanitized config as a map
      
      * fix test, use deep.Equal to check for equality
      
      * fix http test
      
      * minor comment fix
      
      * config: change Sanitized to return snake-cased keys, update tests
      
      * core: hold rlock when reading config; add docstring
      
      * update docstring
      656b113d
  33. 04 Oct, 2019 1 commit
  34. 17 Sep, 2019 1 commit