This project is mirrored from https://gitee.com/NQL886/vault.git.
Pull mirroring failed .
Repository mirroring has been paused due to too many failed attempts. It can be resumed by a project maintainer.
Repository mirroring has been paused due to too many failed attempts. It can be resumed by a project maintainer.
- 14 Oct, 2020 2 commits
-
-
Hridoy Roy authored
-
Hridoy Roy authored
-
- 12 Oct, 2020 1 commit
-
-
Jeff Mitchell authored
* Migrate internalshared out * fix merge issue * fix merge issue * go mod vendor Co-authored-by:
Brian Kassouf <bkassouf@hashicorp.com>
-
- 09 Oct, 2020 1 commit
-
-
Lauren Voswinkel authored
* Migrate MySQL db to v5 database engine
-
- 23 Sep, 2020 1 commit
-
-
ncabatoff authored
Fix some places where raft wasn't hooking into the core logger as it should. Revisited the code that was setting the log level to Error during cleanup: it's normal for there to be a bunch of errors then, which makes it harder to see what went wrong up to the point where the test was deemed to have failed. So now, instead of setting log level to Error, we actually stop logging altogether. This only applies if the test didn't pass in its own logger during cluster creation, but we should be moving away from that anyway.
-
- 22 Sep, 2020 1 commit
-
-
Brian Kassouf authored
-
- 16 Sep, 2020 1 commit
-
-
ncabatoff authored
We now wait to see that clients are aware of a new leader before we hit them, and we wait to see that the leader has setup the forwarding handler.
-
- 10 Aug, 2020 1 commit
-
-
Rodrigo D. L authored
-
- 07 Aug, 2020 1 commit
-
-
Tom Proctor authored
-
- 27 Jul, 2020 1 commit
-
-
ncabatoff authored
-
- 22 Jul, 2020 1 commit
-
-
ncabatoff authored
-
- 10 Jul, 2020 1 commit
-
-
ncabatoff authored
-
- 09 Jul, 2020 2 commits
-
-
Alexander Bezobchuk authored
-
Brian Kassouf authored
* Fix issue migrating from Auto->Shamir and improve tests * Undo newline * fix panic in test * Fix test panic
-
- 23 Jun, 2020 1 commit
-
-
Calvin Leung Huang authored
* raft: initial work on raft ha storage support * add note on join * add todo note * raft: add support for bootstrapping and joining existing nodes * raft: gate bootstrap join by reading leader api address from storage * raft: properly check for raft-only for certain conditionals * raft: add bootstrap to api and cli * raft: fix bootstrap cli command * raft: add test for setting up new cluster with raft HA * raft: extend TestRaft_HA_NewCluster to include inmem and consul backends * raft: add test for updating an existing cluster to use raft HA * raft: remove debug log lines, clean up verifyRaftPeers * raft: minor cleanup * raft: minor cleanup * Update physical/raft/raft.go Co-authored-by:
Brian Kassouf <briankassouf@users.noreply.github.com> * Update vault/ha.go Co-authored-by:
Brian Kassouf <briankassouf@users.noreply.github.com> * Update vault/ha.go Co-authored-by: Brian Kassouf <briankasso...
-
- 16 Jun, 2020 1 commit
-
-
Mike Jarmy authored
* move adjustForSealMigration to vault package * fix adjustForSealMigration * begin working on new seal migration test * create shamir seal migration test * refactor testhelpers * add VerifyRaftConfiguration to testhelpers * stub out TestTransit * Revert "refactor testhelpers" This reverts commit 39593defd0d4c6fd79aedfd37df6298391abb9db. * get shamir test working again * stub out transit join * work on transit join * remove debug code * initTransit now works with raft join * runTransit works with inmem * work on runTransit with raft * runTransit works with raft * cleanup tests * TestSealMigration_TransitToShamir_Pre14 * TestSealMigration_ShamirToTransit_Pre14 * split for pre-1.4 testing * add simple tests for transit and shamir * fix typo in test suite * debug wrapper type * test debug * test-debug * refactor core migration * Revert "refactor core migration" This reverts commit a776452d32a9dca7a51e3df4a76b9234d8c0c7ce. * begin refactor of adjustForSealMigration * fix bug in adjustForSealMigration * clean up tests * clean up core refactoring * fix bug in shamir->transit migration * stub out test that brings individual nodes up and down * refactor NewTestCluster * pass listeners into newCore() * simplify cluster address setup * simplify extra test core setup * refactor TestCluster for readability * refactor TestCluster for readability * refactor TestCluster for readability * add shutdown func to TestCore * add cleanup func to TestCore * create RestartCore * stub out TestSealMigration_ShamirToTransit_Post14 * refactor address handling in NewTestCluster * fix listener setup in newCore() * remove unnecessary lock from setSealsForMigration() * rename sealmigration test package * use ephemeral ports below 30000 * work on post-1.4 migration testing * clean up pre-1.4 test * TestSealMigration_ShamirToTransit_Post14 works for non-raft * work on raft TestSealMigration_ShamirToTransit_Post14 * clean up test code * refactor TestClusterCore * clean up TestClusterCore * stub out some temporary tests * use HardcodedServerAddressProvider in seal migration tests * work on raft for TestSealMigration_ShamirToTransit_Post14 * always use hardcoded raft address provider in seal migration tests * debug TestSealMigration_ShamirToTransit_Post14 * fix bug in RestartCore * remove debug code * TestSealMigration_ShamirToTransit_Post14 works now * clean up debug code * clean up tests * cleanup tests * refactor test code * stub out TestSealMigration_TransitToShamir_Post14 * set seals properly for transit->shamir migration * migrateFromTransitToShamir_Post14 works for inmem * migrateFromTransitToShamir_Post14 works for raft * use base ports per-test * fix seal verification test code * simplify seal migration test suite * simplify test suite * cleanup test suite * use explicit ports below 30000 * simplify use of numTestCores * Update vault/external_tests/sealmigration/seal_migration_test.go Co-authored-by:
Calvin Leung Huang <cleung2010@gmail.com> * Update vault/external_tests/sealmigration/seal_migration_test.go Co-authored-by:
Calvin Leung Huang <cleung2010@gmail.com> * clean up imports * rename to StartCore() * Update vault/testing.go Co-authored-by:
Calvin Leung Huang <cleung2010@gmail.com> * simplify test suite * clean up tests Co-authored-by:
Calvin Leung Huang <cleung2010@gmail.com>
-
- 12 Jun, 2020 1 commit
-
-
Austin Gebauer authored
-
- 11 Jun, 2020 2 commits
-
-
Mike Jarmy authored
* enable seal wrap in all seal migration tests * move adjustForSealMigration to vault package * fix adjustForSealMigration * begin working on new seal migration test * create shamir seal migration test * refactor testhelpers * add VerifyRaftConfiguration to testhelpers * stub out TestTransit * Revert "refactor testhelpers" This reverts commit 39593defd0d4c6fd79aedfd37df6298391abb9db. * get shamir test working again * stub out transit join * work on transit join * Revert "move resuable storage test to avoid creating import cycle" This reverts commit b3ff2317381a5af12a53117f87d1c6fbb093af6b. * remove debug code * initTransit now works with raft join * runTransit works with inmem * work on runTransit with raft * runTransit works with raft * get rid of dis-used test * cleanup tests * TestSealMigration_TransitToShamir_Pre14 * TestSealMigration_ShamirToTransit_Pre14 * split for pre-1.4 testing * add simple tests for transit and shamir * fix typo in test suite * debug wrapper type * test debug * test-debug * refactor core migration * Revert "refactor core migration" This reverts commit a776452d32a9dca7a51e3df4a76b9234d8c0c7ce. * begin refactor of adjustForSealMigration * fix bug in adjustForSealMigration * clean up tests * clean up core refactoring * fix bug in shamir->transit migration * remove unnecessary lock from setSealsForMigration() * rename sealmigration test package * use ephemeral ports below 30000 * simplify use of numTestCores
-
ncabatoff authored
-
- 21 May, 2020 1 commit
-
-
Josh Black authored
Add a new "vault monitor" command Co-authored-by:
ncabatoff <ncabatoff@hashicorp.com> Co-authored-by:
Calvin Leung Huang <cleung2010@gmail.com> Co-authored-by:
Jeff Mitchell <jeffrey.mitchell@gmail.com>
-
- 14 May, 2020 2 commits
-
-
Jeff Mitchell authored
-
Mike Jarmy authored
* stub out reusable storage test * implement reusable inmem test * work on reusable raft test * stub out simple raft test * switch to reusable raft storage * cleanup tests * cleanup tests * refactor tests * verify raft configuration * cleanup tests * stub out reuseStorage * use common base address across clusters * attempt to reuse raft cluster * tinker with test * fix typo * start debugging * debug raft configuration * add BaseClusterListenPort to TestCluster options * use BaseClusterListenPort in test * raft join works now * misc cleanup of raft tests * use configurable base port for raft test * clean up raft tests * add parallelized tests for all backends * clean up reusable storage tests * remove debugging code from startClusterListener() * improve comments in testhelpers * improve comments in teststorage * improve comments and test logging * fix typo in vault/testing * fix typo in comments * remove debugging code * make number of cores parameterizable in test
-
- 05 May, 2020 1 commit
-
-
ncabatoff authored
Factor out test logger creation so that it can be used when the caller wants to specify a logger explicitly, e.g. because they also want to use it when creating storage. (#8916)
-
- 01 May, 2020 1 commit
-
-
ncabatoff authored
-
- 15 Feb, 2020 1 commit
-
-
Jeff Mitchell authored
-
- 13 Feb, 2020 3 commits
-
-
Vishal Nayak authored
* Seal migration after unsealing * Refactor migration fields migrationInformation in core * Perform seal migration as part of postUnseal * Remove the sleep logic * Use proper seal in the unseal function * Fix migration from Auto to Shamir * Fix the recovery config missing issue * Address the non-ha migration case * Fix the multi cluster case * Avoid re-running seal migration * Run the post migration code in new leaders * Fix the issue of wrong recovery being set * Address review feedback * Add more complete testing coverage for seal migrations. (#8247) * Add more complete testing coverage for seal migrations. Also remove VAULT_ACC gate from some tests that just depend on docker, cleanup dangling recovery config in storage after migration, and fix a call in adjustCoreForSealMigration that seems broken. * Fix the issue of wrong recovery key being set * Adapt tests to work with multiple cores. * Add missing line to disable raft join. Co-authored-by:
Vishal Nayak <vishalnayak@users.noreply.github.com> * Fix all known issues * Remove warning * Review feedback. * Revert my previous change that broke raft tests. We'll need to come back and at least comment this once we better understand why it's needed. * Don't allow migration between same types for now * Disable auto to auto tests for now since it uses migration between same types which is not allowed * Update vault/core.go Co-Authored-By:
Brian Kassouf <briankassouf@users.noreply.github.com> * Add migration logs * Address review comments * Add the recovery config check back * Skip a few steps if migration is already done * Return from waitForLeadership if migration fails Co-authored-by:
ncabatoff <nick.cabatoff@gmail.com> Co-authored-by:
Brian Kassouf <briankassouf@users.noreply.github.com>
-
Jeff Malnick authored
* feat: add redshift database plugin * build: update vendored libraries * docs: add reference doc for redshift variant of the database secrets engine * feat: set middlewear type name for better metrics naming (#8346) Co-authored-by:
Becca Petrin <beccapetrin@gmail.com>
-
Jeff Mitchell authored
-
- 07 Feb, 2020 1 commit
-
-
Jim Kalafut authored
-
- 06 Feb, 2020 1 commit
-
-
ncabatoff authored
-
- 05 Feb, 2020 1 commit
-
-
ncabatoff authored
-
- 17 Jan, 2020 1 commit
-
-
Brian Kassouf authored
-
- 11 Jan, 2020 1 commit
-
-
Jeff Mitchell authored
-
- 22 Oct, 2019 1 commit
-
-
ncabatoff authored
because when unsealing it wouldn't wait for core 0 to come up and become the active node. Much of our testing code assumes that core0 is the active node.
-
- 18 Oct, 2019 1 commit
-
-
ncabatoff authored
Shamir seals now come in two varieties: legacy and new-style. Legacy Shamir is automatically converted to new-style when a rekey operation is performed. All new Vault initializations using Shamir are new-style. New-style Shamir writes an encrypted master key to storage, just like AutoUnseal. The stored master key is encrypted using the shared key that is split via Shamir's algorithm. Thus when unsealing, we take the key fragments given, combine them into a Key-Encryption-Key, and use that to decrypt the master key on disk. Then the master key is used to read the keyring that decrypts the barrier.
-
- 17 Oct, 2019 1 commit
-
-
Lexman authored
* oss changes for entropy augmentation feature * fix oss command/server/config tests * update go.sum * fix logical_system and http/ tests * adds vendored files * removes unused variable
-
- 15 Oct, 2019 1 commit
-
-
Vishal Nayak authored
* Initial work * rework * s/dr/recovery * Add sys/raw support to recovery mode (#7577) * Factor the raw paths out so they can be run with a SystemBackend. # Conflicts: # vault/logical_system.go * Add handleLogicalRecovery which is like handleLogical but is only sufficient for use with the sys-raw endpoint in recovery mode. No authentication is done yet. * Integrate with recovery-mode. We now handle unauthenticated sys/raw requests, albeit on path v1/raw instead v1/sys/raw. * Use sys/raw instead raw during recovery. * Don't bother persisting the recovery token. Authenticate sys/raw requests with it. * RecoveryMode: Support generate-root for autounseals (#7591) * Recovery: Abstract config creation and log settings * Recovery mode integration test. (#7600) * Recovery: Touch up (#7607) * Recovery: Touch up * revert the raw backend creation changes * Added recovery operation token prefix * Move RawBackend to its own file * Update API path and hit it using CLI flag on generate-root * Fix a panic triggered when handling a request that yields a nil response. (#7618) * Improve integ test to actually make changes while in recovery mode and verify they're still there after coming back in regular mode. * Refuse to allow a second recovery token to be generated. * Resize raft cluster to size 1 and start as leader (#7626) * RecoveryMode: Setup raft cluster post unseal (#7635) * Setup raft cluster post unseal in recovery mode * Remove marking as unsealed as its not needed * Address review comments * Accept only one seal config in recovery mode as there is no scope for migration
-
- 08 Oct, 2019 1 commit
-
-
Calvin Leung Huang authored
* sys/config: initial work on adding config state endpoint * server/config: add tests, fix Sanitized method * thread config through NewTestCluster's config to avoid panic on dev modes * properly guard endpoint against request forwarding * add http tests, guard against panics on nil RawConfig * ensure non-nil rawConfig on NewTestCluster cores * update non-forwarding logic * fix imports; use no-forward handler * add missing config test fixture; update gitignore * return sanitized config as a map * fix test, use deep.Equal to check for equality * fix http test * minor comment fix * config: change Sanitized to return snake-cased keys, update tests * core: hold rlock when reading config; add docstring * update docstring
-
- 04 Oct, 2019 1 commit
-
-
Michel Vocks authored
* Implement config parameter to allow unathenticated metricss access * Add unit test for unauthenticated metrics access parameter * go mod tidy
-
- 17 Sep, 2019 1 commit
-
-
Calvin Leung Huang authored
-