Port: Premature Rotation For autorotate #12563
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
* Need to configure DB mount correctly, with db type mockv5 * Need to find a way to inject errors into that mock db
kalafut
reviewed
Sep 17, 2021
calvn
reviewed
Sep 21, 2021
calvn
approved these changes
Sep 21, 2021
briankassouf
approved these changes
Sep 22, 2021
calvn
pushed a commit
that referenced
this pull request
Sep 22, 2021
* port of ldap fix for early cred rotation * some more porting * another couple lines to port * final commits before report * remove deadlock * needs testing * updates * Sync with OpenLDAP PR * Update the update error handling for items not found in the queue * WIP unit tests * Need to configure DB mount correctly, with db type mockv5 * Need to find a way to inject errors into that mock db * throw error on role creation failure * do not swallow error on role creation * comment out wip tests and add in a test for disallowed role * Use newly generated password in WAL Co-authored-by: Michael Golowka <[email protected]> * return err on popFromRotationQueueByKey error; cleanup on setStaticAccount * test: fix TestPlugin_lifecycle * Uncomment and fix unit tests * Use mock database plugin to inject errors * Tidy test code to rely less on code internals where possible * Some stronger test assertions * Undo logging updates * Add changelog * Remove ticker and background threads from WAL tests * Keep pre-existing API behaviour of allowing update static role to act as a create * Switch test back to update operation * Revert my revert, and fix some test bugs * Fix TestBackend_StaticRole_LockRegression * clean up defer on TestPlugin_lifecycle * unwrap reqs on cleanup * setStaticAccount: don't hold a write lock * TestStoredWALsCorrectlyProcessed: set replication state to unknown Co-authored-by: Tom Proctor <[email protected]> Co-authored-by: Michael Golowka <[email protected]> Co-authored-by: Calvin Leung Huang <[email protected]> # Conflicts: # builtin/logical/database/path_roles.go # builtin/logical/database/rotation.go
calvn
added a commit
that referenced
this pull request
Sep 22, 2021
* port of ldap fix for early cred rotation * some more porting * another couple lines to port * final commits before report * remove deadlock * needs testing * updates * Sync with OpenLDAP PR * Update the update error handling for items not found in the queue * WIP unit tests * Need to configure DB mount correctly, with db type mockv5 * Need to find a way to inject errors into that mock db * throw error on role creation failure * do not swallow error on role creation * comment out wip tests and add in a test for disallowed role * Use newly generated password in WAL Co-authored-by: Michael Golowka <[email protected]> * return err on popFromRotationQueueByKey error; cleanup on setStaticAccount * test: fix TestPlugin_lifecycle * Uncomment and fix unit tests * Use mock database plugin to inject errors * Tidy test code to rely less on code internals where possible * Some stronger test assertions * Undo logging updates * Add changelog * Remove ticker and background threads from WAL tests * Keep pre-existing API behaviour of allowing update static role to act as a create * Switch test back to update operation * Revert my revert, and fix some test bugs * Fix TestBackend_StaticRole_LockRegression * clean up defer on TestPlugin_lifecycle * unwrap reqs on cleanup * setStaticAccount: don't hold a write lock * TestStoredWALsCorrectlyProcessed: set replication state to unknown Co-authored-by: Tom Proctor <[email protected]> Co-authored-by: Michael Golowka <[email protected]> Co-authored-by: Calvin Leung Huang <[email protected]>
calvn
added a commit
that referenced
this pull request
Sep 22, 2021
* port of ldap fix for early cred rotation * some more porting * another couple lines to port * final commits before report * remove deadlock * needs testing * updates * Sync with OpenLDAP PR * Update the update error handling for items not found in the queue * WIP unit tests * Need to configure DB mount correctly, with db type mockv5 * Need to find a way to inject errors into that mock db * throw error on role creation failure * do not swallow error on role creation * comment out wip tests and add in a test for disallowed role * Use newly generated password in WAL Co-authored-by: Michael Golowka <[email protected]> * return err on popFromRotationQueueByKey error; cleanup on setStaticAccount * test: fix TestPlugin_lifecycle * Uncomment and fix unit tests * Use mock database plugin to inject errors * Tidy test code to rely less on code internals where possible * Some stronger test assertions * Undo logging updates * Add changelog * Remove ticker and background threads from WAL tests * Keep pre-existing API behaviour of allowing update static role to act as a create * Switch test back to update operation * Revert my revert, and fix some test bugs * Fix TestBackend_StaticRole_LockRegression * clean up defer on TestPlugin_lifecycle * unwrap reqs on cleanup * setStaticAccount: don't hold a write lock * TestStoredWALsCorrectlyProcessed: set replication state to unknown Co-authored-by: Tom Proctor <[email protected]> Co-authored-by: Michael Golowka <[email protected]> Co-authored-by: Calvin Leung Huang <[email protected]>
calvn
added a commit
that referenced
this pull request
Sep 22, 2021
* port of ldap fix for early cred rotation * some more porting * another couple lines to port * final commits before report * remove deadlock * needs testing * updates * Sync with OpenLDAP PR * Update the update error handling for items not found in the queue * WIP unit tests * Need to configure DB mount correctly, with db type mockv5 * Need to find a way to inject errors into that mock db * throw error on role creation failure * do not swallow error on role creation * comment out wip tests and add in a test for disallowed role * Use newly generated password in WAL Co-authored-by: Michael Golowka <[email protected]> * return err on popFromRotationQueueByKey error; cleanup on setStaticAccount * test: fix TestPlugin_lifecycle * Uncomment and fix unit tests * Use mock database plugin to inject errors * Tidy test code to rely less on code internals where possible * Some stronger test assertions * Undo logging updates * Add changelog * Remove ticker and background threads from WAL tests * Keep pre-existing API behaviour of allowing update static role to act as a create * Switch test back to update operation * Revert my revert, and fix some test bugs * Fix TestBackend_StaticRole_LockRegression * clean up defer on TestPlugin_lifecycle * unwrap reqs on cleanup * setStaticAccount: don't hold a write lock * TestStoredWALsCorrectlyProcessed: set replication state to unknown Co-authored-by: Tom Proctor <[email protected]> Co-authored-by: Michael Golowka <[email protected]> Co-authored-by: Calvin Leung Huang <[email protected]> # Conflicts: # builtin/logical/database/path_roles.go # builtin/logical/database/rotation.go Co-authored-by: Hridoy Roy <[email protected]>
calvn
added a commit
that referenced
this pull request
Sep 22, 2021
* port of ldap fix for early cred rotation * some more porting * another couple lines to port * final commits before report * remove deadlock * needs testing * updates * Sync with OpenLDAP PR * Update the update error handling for items not found in the queue * WIP unit tests * Need to configure DB mount correctly, with db type mockv5 * Need to find a way to inject errors into that mock db * throw error on role creation failure * do not swallow error on role creation * comment out wip tests and add in a test for disallowed role * Use newly generated password in WAL Co-authored-by: Michael Golowka <[email protected]> * return err on popFromRotationQueueByKey error; cleanup on setStaticAccount * test: fix TestPlugin_lifecycle * Uncomment and fix unit tests * Use mock database plugin to inject errors * Tidy test code to rely less on code internals where possible * Some stronger test assertions * Undo logging updates * Add changelog * Remove ticker and background threads from WAL tests * Keep pre-existing API behaviour of allowing update static role to act as a create * Switch test back to update operation * Revert my revert, and fix some test bugs * Fix TestBackend_StaticRole_LockRegression * clean up defer on TestPlugin_lifecycle * unwrap reqs on cleanup * setStaticAccount: don't hold a write lock * TestStoredWALsCorrectlyProcessed: set replication state to unknown Co-authored-by: Tom Proctor <[email protected]> Co-authored-by: Michael Golowka <[email protected]> Co-authored-by: Calvin Leung Huang <[email protected]> Co-authored-by: Hridoy Roy <[email protected]> Co-authored-by: Tom Proctor <[email protected]> Co-authored-by: Michael Golowka <[email protected]>
calvn
added a commit
that referenced
this pull request
Sep 22, 2021
* port of ldap fix for early cred rotation * some more porting * another couple lines to port * final commits before report * remove deadlock * needs testing * updates * Sync with OpenLDAP PR * Update the update error handling for items not found in the queue * WIP unit tests * Need to configure DB mount correctly, with db type mockv5 * Need to find a way to inject errors into that mock db * throw error on role creation failure * do not swallow error on role creation * comment out wip tests and add in a test for disallowed role * Use newly generated password in WAL Co-authored-by: Michael Golowka <[email protected]> * return err on popFromRotationQueueByKey error; cleanup on setStaticAccount * test: fix TestPlugin_lifecycle * Uncomment and fix unit tests * Use mock database plugin to inject errors * Tidy test code to rely less on code internals where possible * Some stronger test assertions * Undo logging updates * Add changelog * Remove ticker and background threads from WAL tests * Keep pre-existing API behaviour of allowing update static role to act as a create * Switch test back to update operation * Revert my revert, and fix some test bugs * Fix TestBackend_StaticRole_LockRegression * clean up defer on TestPlugin_lifecycle * unwrap reqs on cleanup * setStaticAccount: don't hold a write lock * TestStoredWALsCorrectlyProcessed: set replication state to unknown Co-authored-by: Tom Proctor <[email protected]> Co-authored-by: Michael Golowka <[email protected]> Co-authored-by: Calvin Leung Huang <[email protected]> Co-authored-by: Hridoy Roy <[email protected]> Co-authored-by: Tom Proctor <[email protected]> Co-authored-by: Michael Golowka <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Port of: https://github.com/hashicorp/vault-plugin-secrets-openldap/pull/28/files