Port activation flags with dynamic registration

[biazmoreira]

Description

This PR adds activation flag logic, paths, and tests.

Activation flags are a one-off type of flags used to activate certain features in Vault.

Features cannot be deactivate and new paths cannot be registered by users.

TODO only if you're a HashiCorp employee

• Backport Labels: If this fix needs to be backported, use the appropriate backport/ label that matches the desired release branch. Note that in the CE repo, the latest release branch will look like backport/x.x.x, but older release branches will be backport/ent/x.x.x+ent.
  • LTS: If this fixes a critical security vulnerability or severity 1 bug, it will also need to be backported to the current LTS versions of Vault. To ensure this, use all available enterprise labels.
• ENT Breakage: If this PR either 1) removes a public function OR 2) changes the signature
  of a public function, even if that change is in a CE file, double check that
  applying the patch for this PR to the ENT repo and running tests doesn't
  break any tests. Sometimes ENT only tests rely on public functions in CE
  files.
• Jira: If this change has an associated Jira, it's referenced either
  in the PR description, commit message, or branch name.
• RFC: If this change has an associated RFC, please link it in the description.
• ENT PR: If this change has an associated ENT PR, please link it in the
  description. Also, make sure the changelog is in this PR, not in your ENT PR.

[github-actions]

CI Results:
All Go tests succeeded! ✅

[banks]

@biazmoreira this is looking great!

I think most comments inline are around parts of the test code that seem like they should ideally remain in Ent-only code.

I'm not sure if you already discussed these and there's a reason they need to be CE for now. Some of them seem from this PR like they'd fail because only the test code is here and not the actual implementation which I guess is ent-only.

I could be missing something though from previous ent review so let me know!

[github-actions]

Build Results:
All builds succeeded! ✅

[banks]

LGTM! Good to go. if you want to take the optional simpler syntax suggestion I can re-approve!

[banks]

re-approve. The delta is just my suggestion. There are some build things going on but don't seem related. If those can be figured out I think this is good!

[mpalmi]

Approving with my super late nits from before the break. Feel free to disregard unless they spark some new thinking.

[mpalmi]

We can probably just drop the FieldData arg here, right (same with the other handler internals)?

[mpalmi]

Not a big deal, but we've got two "writes" in this method name. Maybe writeActivationFlag to keep it consistent with the readActivationFlag?

[mpalmi]

🤔 I wonder if we need to be so defensive... Wouldn't this mean that the systemBarrier is nil? Presumably we would have already bailed long before this point if so.

Same argument for the rest of the f.storage nil checks. I think it's safe to assume they're all non-nil at this point, unless you have a specific flow in mind that would break this assumption.

[banks]

🤔 this already existed in previous versions right (just Enterprise only)? Was there no changelog entry at the time? It might be confusing for folks in the future if they see this in 1.19 but then see that older versions documented the API and had instructions for using with secret sync? We do have public docs for the endpoint already for example.

[biazmoreira]

There's no Changelog for that... I can mention this was an enterprise only feature and now it's being ported to CE. Would that sound better?

[banks]

Yeah, I'd also maybe not put it in as a "feature" as it's more of a mechanism for enabling actual features. (it's not use to users unless we wire it to something they care about). Maybe enhancement is better?

Maybe we could hint at the history without details like:

release-note:enhancement
Activation Flags (core): A mechanism for users to opt-in to new functionality at a convenient time. Previously used only in Enterprise for SecretSync, activation flags are now available in CE for future features to use.

Or something?