Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add ability to cancel PKI tidy operations, pause between tidying certs #16958

Merged
merged 8 commits into from
Aug 31, 2022
Merged

Add ability to cancel PKI tidy operations, pause between tidying certs #16958

merged 8 commits into from
Aug 31, 2022

Commits on Aug 31, 2022

  1. Allow tidy operations to be cancelled 

    When tidy operations take a long time to execute (and especially when
executing them automatically), having the ability to cancel them becomes
useful to reduce strain on Vault clusters (and let them be rescheduled
at a later time).

To this end, we add the /tidy-cancel write endpoint.

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
    @cipherboy
    cipherboy committed Aug 31, 2022
    Configuration menu
    Copy the full SHA
    699a2d1 View commit details
    Browse the repository at this point in the history

  2. Add missing auto-tidy synopsis / description 

    Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
    @cipherboy
    cipherboy committed Aug 31, 2022
    Configuration menu
    Copy the full SHA
    3287cbe View commit details
    Browse the repository at this point in the history

  3. Add a pause duration between tidying certificates 

    By setting pause_duration, operators can have a little control over the
resource utilization of a tidy operation. While the list of certificates
remain in memory throughout the entire operation, a pause is added
between processing certificates and the revocation lock is released.
This allows other operations to occur during this gap and potentially
allows the tidy operation to consume less resources per unit of time
(due to the sleep -- though obviously consumes the same resources over
the time of the operation).

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
    @cipherboy
    cipherboy committed Aug 31, 2022
    Configuration menu
    Copy the full SHA
    3c86926 View commit details
    Browse the repository at this point in the history

  4. Add tests for cancellation, pause 

    Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
    @cipherboy
    cipherboy committed Aug 31, 2022
    Configuration menu
    Copy the full SHA
    3bf6f24 View commit details
    Browse the repository at this point in the history

  5. Add API docs on pause_duration, /tidy-cancel 

    Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
    @cipherboy
    cipherboy committed Aug 31, 2022
    Configuration menu
    Copy the full SHA
    f2aa1a6 View commit details
    Browse the repository at this point in the history

  6. Add changelog entry 

    Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
    @cipherboy
    cipherboy committed Aug 31, 2022
    Configuration menu
    Copy the full SHA
    f9ba5d7 View commit details
    Browse the repository at this point in the history

  7. Add lock releasing around tidy pause 

    Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
    @cipherboy
    cipherboy committed Aug 31, 2022
    Configuration menu
    Copy the full SHA
    33fdbf5 View commit details
    Browse the repository at this point in the history

  8. Reset cancel guard, return errors 

    Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
    @cipherboy
    cipherboy committed Aug 31, 2022
    Configuration menu
    Copy the full SHA
    1fc1773 View commit details
    Browse the repository at this point in the history