mirror of
https://github.com/hashicorp/vault.git
synced 2026-03-21 01:50:57 -04:00
f3f30022d0
In some situations, it can be impossible to revoke leases (for instance, if someone has gone and manually removed users created by Vault). This can not only cause Vault to cycle trying to revoke them, but it also prevents mounts from being unmounted, leaving them in a tainted state where the only operations allowed are to revoke (or rollback), which will never successfully complete. This adds a new endpoint that works similarly to `revoke-prefix` but ignores errors coming from a backend upon revocation (it does not ignore errors coming from within the expiration manager, such as errors accessing the data store). This can be used to force Vault to abandon leases. Like `revoke-prefix`, this is a very sensitive operation and requires `sudo`. It is implemented as a separate endpoint, rather than an argument to `revoke-prefix`, to ensure that control can be delegated appropriately, as even most administrators should not normally have this privilege. Fixes #1135 |
||
|---|---|---|
| .. | ||
| test-fixtures | ||
| api_test.go | ||
| auth.go | ||
| auth_token.go | ||
| auth_token_test.go | ||
| client.go | ||
| client_test.go | ||
| help.go | ||
| logical.go | ||
| request.go | ||
| request_test.go | ||
| response.go | ||
| secret.go | ||
| secret_test.go | ||
| SPEC.md | ||
| ssh.go | ||
| ssh_agent.go | ||
| ssh_agent_test.go | ||
| sys.go | ||
| sys_audit.go | ||
| sys_auth.go | ||
| sys_generate_root.go | ||
| sys_init.go | ||
| sys_leader.go | ||
| sys_lease.go | ||
| sys_mounts.go | ||
| sys_mounts_test.go | ||
| sys_policy.go | ||
| sys_rekey.go | ||
| sys_rotate.go | ||
| sys_seal.go | ||