Tags: openbao/openbao
Tags
Update to go-kms-wrapping/v2.4.0 (#1370) Signed-off-by: Alexander Scheel <ascheel@gitlab.com>
Track lock in namespace entry directly (#1367) * Track lock in namespace entry directly This moves the lock to the existing namespace entry, removing the need to track another separate storage entry. We hide the unlock key from callers to the namespace store, exposing only the boolean locked status. Signed-off-by: Alexander Scheel <ascheel@gitlab.com> * Update vault/namespace_store.go Co-authored-by: wslabosz-reply <w.slabosz@reply.com> Signed-off-by: Alexander Scheel <alexander.m.scheel@gmail.com> * Refactor to prevent accidental unlock key leakage Signed-off-by: Alexander Scheel <ascheel@gitlab.com> --------- Signed-off-by: Alexander Scheel <ascheel@gitlab.com> Signed-off-by: Alexander Scheel <alexander.m.scheel@gmail.com> Co-authored-by: wslabosz-reply <w.slabosz@reply.com>
Track lock in namespace entry directly (#1367) * Track lock in namespace entry directly This moves the lock to the existing namespace entry, removing the need to track another separate storage entry. We hide the unlock key from callers to the namespace store, exposing only the boolean locked status. Signed-off-by: Alexander Scheel <ascheel@gitlab.com> * Update vault/namespace_store.go Co-authored-by: wslabosz-reply <w.slabosz@reply.com> Signed-off-by: Alexander Scheel <alexander.m.scheel@gmail.com> * Refactor to prevent accidental unlock key leakage Signed-off-by: Alexander Scheel <ascheel@gitlab.com> --------- Signed-off-by: Alexander Scheel <ascheel@gitlab.com> Signed-off-by: Alexander Scheel <alexander.m.scheel@gmail.com> Co-authored-by: wslabosz-reply <w.slabosz@reply.com>
Track lock in namespace entry directly (#1367) * Track lock in namespace entry directly This moves the lock to the existing namespace entry, removing the need to track another separate storage entry. We hide the unlock key from callers to the namespace store, exposing only the boolean locked status. Signed-off-by: Alexander Scheel <ascheel@gitlab.com> * Update vault/namespace_store.go Co-authored-by: wslabosz-reply <w.slabosz@reply.com> Signed-off-by: Alexander Scheel <alexander.m.scheel@gmail.com> * Refactor to prevent accidental unlock key leakage Signed-off-by: Alexander Scheel <ascheel@gitlab.com> --------- Signed-off-by: Alexander Scheel <ascheel@gitlab.com> Signed-off-by: Alexander Scheel <alexander.m.scheel@gmail.com> Co-authored-by: wslabosz-reply <w.slabosz@reply.com>
Track lock in namespace entry directly (#1367) * Track lock in namespace entry directly This moves the lock to the existing namespace entry, removing the need to track another separate storage entry. We hide the unlock key from callers to the namespace store, exposing only the boolean locked status. Signed-off-by: Alexander Scheel <ascheel@gitlab.com> * Update vault/namespace_store.go Co-authored-by: wslabosz-reply <w.slabosz@reply.com> Signed-off-by: Alexander Scheel <alexander.m.scheel@gmail.com> * Refactor to prevent accidental unlock key leakage Signed-off-by: Alexander Scheel <ascheel@gitlab.com> --------- Signed-off-by: Alexander Scheel <ascheel@gitlab.com> Signed-off-by: Alexander Scheel <alexander.m.scheel@gmail.com> Co-authored-by: wslabosz-reply <w.slabosz@reply.com>
Track lock in namespace entry directly (#1367) * Track lock in namespace entry directly This moves the lock to the existing namespace entry, removing the need to track another separate storage entry. We hide the unlock key from callers to the namespace store, exposing only the boolean locked status. Signed-off-by: Alexander Scheel <ascheel@gitlab.com> * Update vault/namespace_store.go Co-authored-by: wslabosz-reply <w.slabosz@reply.com> Signed-off-by: Alexander Scheel <alexander.m.scheel@gmail.com> * Refactor to prevent accidental unlock key leakage Signed-off-by: Alexander Scheel <ascheel@gitlab.com> --------- Signed-off-by: Alexander Scheel <ascheel@gitlab.com> Signed-off-by: Alexander Scheel <alexander.m.scheel@gmail.com> Co-authored-by: wslabosz-reply <w.slabosz@reply.com>
Namespaces: Test flake, deadlock, race condition cleanup (#1311) * namespace deletion: avoid outdated reads Signed-off-by: Jonas Köhnen <jonas.koehnen@sap.com> * expiration manager: fix deadlock on seal Signed-off-by: Jonas Köhnen <jonas.koehnen@sap.com> * token store: wait for tidy before teardown Signed-off-by: Jonas Köhnen <jonas.koehnen@sap.com> --------- Signed-off-by: Jonas Köhnen <jonas.koehnen@sap.com>
Implement Cascading Delete for Namespaces and Associated Resources (#… …1206) * feat(wip): initial pass at namespace deletion Signed-off-by: Wojciech Slabosz <wojciech.slabosz@sap.com> * feat: added tainted field to the namespace Signed-off-by: Wojciech Slabosz <wojciech.slabosz@sap.com> * test: logical_system_namespaces adjusted Signed-off-by: Wojciech Slabosz <wojciech.slabosz@sap.com> * test: tweaks to delete namespace operation Signed-off-by: Wojciech Slabosz <wojciech.slabosz@sap.com> * refactor: grabbing a lock before modifyingthe namespace tree Signed-off-by: Wojciech Slabosz <wojciech.slabosz@sap.com> * refactor: deletion operation is not request-blocking Signed-off-by: Wojciech Slabosz <wojciech.slabosz@sap.com> * fix: namespace create no longer overwriting tainted namespace Signed-off-by: Wojciech Slabosz <wojciech.slabosz@sap.com> * refactor: use internal unmount and disable credential Signed-off-by: Wojciech Slabosz <wojciech.slabosz@sap.com> * fix: fixed delete namespace test with proper root namespace uuid Signed-off-by: Wojciech Slabosz <wojciech.slabosz@sap.com> * fix: additional test fixing and adjustments Signed-off-by: Wojciech Slabosz <wojciech.slabosz@sap.com> * cr: persist tainted status Signed-off-by: Wojciech Slabosz <wojciech.slabosz@sap.com> * test: tweaks to delete tests Signed-off-by: Wojciech Slabosz <wojciech.slabosz@sap.com> * test: fix race condition in fuzz namespace name Signed-off-by: Wojciech Slabosz <wojciech.slabosz@sap.com> * refactor: interrupted deletion handled Signed-off-by: Wojciech Slabosz <wojciech.slabosz@sap.com> --------- Signed-off-by: Wojciech Slabosz <wojciech.slabosz@sap.com>
Fix make goreleaser-check after split (#1257) After splitting the goreleaser template into separate files, we needed to update the Makefile so that release verification could proceed. Signed-off-by: Alexander Scheel <ascheel@gitlab.com>