fee2a76a3e
* SECVULN-41437 Require sudo for mounts auth tune * SECVULN-41437 Handle read case and update description * SECVULN-41437 Update godoc linter error * SECVULN-41437 Add changelog entry * SECVULN-41437 Rename changelog entry * SECVULN-41437 Fixing tests * SECVULN-41437 enforce sudo parity for mounts auth tune via root path policy • add mounts/auth/* to system PathsSpecial.Root so sys/mounts/auth/<path>/tune is sudo-gated through core policy checks • remove explicit handler-level sudo/token capability checks for auth-tune routes (OSS + enterprise) that were causing replication/perf invalid-token failures • update TestSystemBackend_mountsAuthTuneRequiresSudo policy expectations for the new enforcement point • align replication overload sys-auth-tune subtest expectations with current behavior * SECVULN-41437 Add static sudo path for API * SECVULN-41437 Update test based on review * SECVULN-41437 Handle incorrect paths special config for sudo * Update changelog/_13738.txt * VAULT-41437 Update system path description per pr feedback * SECVULN-41437 Add external auth tune test with NewTestCluster * SECVULN-41437 Remove un-needed lines in external test * Apply suggestion from @VioletHynes --------- Co-authored-by: Jason Pilz <jasonpilz@gmail.com> Co-authored-by: Violet Hynes <violet.hynes@hashicorp.com> |
||
|---|---|---|
| .. | ||
| database | ||
| framework | ||
| helper | ||
| logical | ||
| physical | ||
| plugin | ||
| queue | ||
| rotation | ||
| .copywrite.hcl | ||
| go.mod | ||
| go.sum | ||
| LICENSE | ||
| README.md | ||
Vault SDK libs
This package provides the sdk package which contains code useful for
developing Vault plugins.
Although we try not to break functionality, we reserve the right to reorganize
the code at will and may occasionally cause breaks if they are warranted. As
such we expect the tag of this module will stay less than v1.0.0.
For any major changes we will try to give advance notice in the CHANGES section of Vault's CHANGELOG.md.
Metrics Emission and Compatibility
This module can emit metrics using either github.com/armon/go-metrics or github.com/hashicorp/go-metrics. Choosing between the libraries is controlled via build tags.
Build Tags
armonmetrics- Using this tag will cause metrics to be routed toarmon/go-metricshashicorpmetrics- Using this tag will cause all metrics to be routed tohashicorp/go-metrics
If no build tag is specified, the default behavior is to use armon/go-metrics.
Deprecating armon/go-metrics
Emitting metrics to armon/go-metrics is officially deprecated. Usage of armon/go-metrics will remain the default until mid-2025 with opt-in support continuing to the end of 2025.
Migration
To migrate an application currently using the older armon/go-metrics to instead use hashicorp/go-metrics the following should be done.
- Upgrade libraries using
armon/go-metricsto consumehashicorp/go-metrics/compatinstead. This should involve only changing import statements. All repositories in thehashicorpnamespace will be migrated by February of 2025. - Update the application's library dependencies to those that have the compatibility layer configured.
- Update the application to use
hashicorp/go-metricsfor configuring metrics export instead ofarmon/go-metrics- Replace all application imports of
github.com/armon/go-metricswithgithub.com/hashicorp/go-metrics - Instrument your build system to build with the
hashicorpmetricstag.
- Replace all application imports of