scottk/vault
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/vault.git synced 2025-11-23 05:14:58 +00:00
Code Issues Packages Projects Releases Wiki Activity
18,722 Commits 2,630 Branches 341 Tags
auto-plugin-update/hashicorp/vault-plugin-database-redis-elasticache/auto-dependency-upgrades
Commit Graph

18722 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Calvin Leung Huang
e52111dbf6 changelog: updates for 1.13.1, 1.12.5, 1.11.9 (#19834) 2023-03-29 16:14:38 -07:00
Theron Voran
f2e6480999 docs/vault-secrets-operator: update for beta install (#19835) 
Update the helm commands to work with the beta release.
 2023-03-29 22:51:34 +00:00
Alexander Scheel
32e3cd6972 Merge ACME package back into the PKI package (#19826) 
* Squash pki/acme package down to pki folder

Without refactoring most of PKI to export the storage layer, which we
were initially hesitant about, it would be nearly impossible to have the
ACME layer handle its own storage while being in the acme/ subpackage
under the pki package.

Thus, merge the two packages together again.

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Properly format errors for missing parameters

When missing required ACME request parameters, don't return Vault-level
errors, but drop into the PKI package to return properly-formatted ACME
error messages.

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Error type clarifications

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Fix GetOk with type conversion calls

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

---------

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
 2023-03-29 21:08:31 +00:00
Brian Shumate
7b40f73646 Docs: API: Update token_period description (#19821) 
- Clarify token_period per feedback in SPE-34
 2023-03-29 13:53:16 -07:00
Ben Ash
25934124a0 Add vault-secrets-operator beta docs. (#19827) 
Co-authored-by: Kyle Schochenmaier <kschoche@gmail.com>
Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com>
Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>
 2023-03-29 20:33:06 +00:00
Alexander Scheel
71441742fa Add ACME new account creation handlers (#19820) 
* Identify whether JWKs existed or were created, set KIDs

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Reclassify ErrAccountDoesNotExist as 400 per spec

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add additional stub methods for ACME accounts

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Start adding ACME newAccount handlers

This handler supports two pieces of functionality:

 1. Searching for whether an existing account already exists.
 2. Creating a new account.

One side effect of our JWS parsing logic is that we needed a way to
differentiate between whether a JWK existed on disk from an account or
if it was specified in the request. This technically means we're
potentially responding to certain requests with positive results (e.g.,
key search based on kid) versus erring earlier like other
implementations do.

No account storage has been done as part of this commit.

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Unify path fields handling, fix newAccount method

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

---------

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
 2023-03-29 19:06:09 +00:00
Mike Palmiotto
2054fe2259 changelog: Drop entry for no-op (#19819) 2023-03-29 14:53:49 -04:00
Steven Clark
ddb5db1538 Initial ACME new-nonce API (#19822) 
* Initial ACME new-nonce API implementation

* Return proper HTTP status codes for ACME new-nonce API handler
 2023-03-29 18:22:48 +00:00
Robert
2834ac293d docs: Change wording for AssumeRole permissions in AWS secrets (#19823) 
Co-authored-by: wernerwws <wernerwws@users.noreply.github.com>
 2023-03-29 13:03:26 -05:00
Steven Clark
4063d6ed09 PKI: Initial ACME directory API support (#19803) 
* PKI: Initial ACME directory API support along with basic tests for error handler and the directory itself across various paths.
 2023-03-29 16:29:19 +00:00
vinay-gopalan
b6e0077a7f Update pseudo-version for Secrets Terraform plugin (#19798) 2023-03-29 09:01:35 -07:00
Alexander Scheel
3c2faf269e Add mechanism to disable automatic rollbacks (#19748) 
When testing the rollback mechanism, there's two categories of tests
typically written:

 1. Ones in which the rollback manager is entirely left alone, which
    usually are a bit slower and less predictable. However, it is still
    sufficient in many scenarios.
 2. Ones in which the rollback manager is explicitly probed by tests
    and "stepped" to achieve the next rollback.

Here, without a mechanism to fully disable the rollback manager's
periodic ticker (without affecting its ability to work!) we'll continue
to see races of the sort:

>     --- FAIL: TestRevocationQueue (50.95s)
>     panic: sync: WaitGroup is reused before previous Wait has returned [recovered]
>         panic: sync: WaitGroup is reused before previous Wait has returned

This allows us to disable the ticker, returning control to the test
suite entirely.

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
 2023-03-29 08:59:01 -04:00
Raymond Ho
35eb2dd907 add docs for VAULT_RUN_MODE (#19808) 2023-03-28 21:18:45 -07:00
claire labry
d26d4c0fa4 fix github ref (#19805) 
* fix github ref

* udpate comment
 2023-03-28 15:59:27 -05:00
Alexander Scheel
c3fce3512c Tighten JWS algorithm lists (#19797) 
* Add new PKI ACME subpackage to test_packages list

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Restrict JWS keys to specified algorithms

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

---------

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
 2023-03-28 20:49:07 +00:00
Chelsea Shaw
4146561a8c UI: Remove out of date blueprint (#19795) 2023-03-28 14:59:54 -05:00
Daniel Huckins
1498560d7d VAULT-12144: add openapi responses for /sys/rotate endpoints (#18624) 
* responses for rotate endpoints

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* added changelog

* add test for rotate config

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* update to use newer function

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* use new func

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

---------

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>
 2023-03-28 15:40:48 -04:00
Daniel Huckins
b4756f9cde VAULT-12144: add openapi responses for /sys/seal endpoints (#18625) 
* added responses to seal/unseal endpoints

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* add response for /seal-status

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* added change log

---------

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>
 2023-03-28 15:39:08 -04:00
Daniel Huckins
cf755f4fc0 VAULT-12144: add openapi responses for assorted /sys endpoints (#18628) 
* added response struct for version-history

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* add response struct for leader

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* add response struct for ha-status

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* add response struct for host-info

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* add response struct for in-flight-req

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* added changelog

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* Apply suggestions from code review

Co-authored-by: Anton Averchenkov <84287187+averche@users.noreply.github.com>

* make fmt

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

---------

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>
Co-authored-by: Anton Averchenkov <84287187+averche@users.noreply.github.com>
 2023-03-28 15:38:35 -04:00
Daniel Huckins
17541fd7b1 mark internal/counters/requests as deprecated (#19359) 
Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>
 2023-03-28 15:31:20 -04:00
Victor Rodriguez
3026f87b7b Update Vault PKCS#11 Provider documentation for v0.2.0. (#19783) 2023-03-28 14:57:45 -04:00
Alexander Scheel
a060e6ee7e Add initial ACME server library to PKI (#19778) 
* Add ACME package to provide a nonce service

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add JWS parsing helper

Using go-jose v2, we start building a JWS parsing helper, ensuring that
fields are properly validated w.r.t. the ACME spec's intersection with
JWS.

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add error context information

Start adding the ability to wrap errors returned by Vault to
ACME-specific errors.

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Make ACMEState exported

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

---------

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
 2023-03-28 17:29:54 +00:00
Daniel Huckins
3777ba40dc VAULT-12144: add openapi responses for /sys/wrapping endpoints (#18627) 
* add response structures for /sys/wrapping endpoints

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* added changelog

* dynamic tests should be nil

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

---------

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>
 2023-03-28 11:12:34 -04:00
Violet Hynes
6ae439985b VAULT-8337 OSS changes part 2 (#19698) 2023-03-28 10:32:30 -04:00
akshya96
6a429bb0d6 Github Action to check deprecations in PR (#19666) 
* deprecation check

* adding script

* add execute permission to script

* revert changes

* adding the script back

* added working script for local and GHA

* give execute permissions

* updating revgrep

* adding changes to script, tools

* run go mod tidy

* removing default ref

* make bootstrap

* adding to makefile
 2023-03-27 22:50:58 -07:00
Chelsea Shaw
61b152c02c UI: Test business logic for oidc callback params (#19727) 
Co-authored-by: claire bontempo <68122737+hellobontempo@users.noreply.github.com>
 2023-03-27 15:05:26 -05:00
Anton Averchenkov
c39579f3b3 openapi: Remove 'ad' from gen_openapi.sh 2023-03-27 19:50:36 +00:00
Chelsea Shaw
158447554d UI: secret-engine model octanified (#19750) 2023-03-27 13:58:21 -05:00
Anton Averchenkov
34e2b65be6 docs: Fix duration format link in kv-v2 docs page (#19768) 2023-03-27 13:18:25 -04:00
Raymond Ho
6d9a1adc72 add warning for vault lambda extension cache ttl (#19738) 2023-03-24 23:37:38 +00:00
Daniel Huckins
c913950538 VAULT-12144: add openapi responses for /sys/tools endpoints (#18626) 
* add struct for /sys/tools/hash

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* added responses for /sys/tools paths

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* add changelog

* verify respose structure for hash

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* verify respose structure for hash/random

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* use newer testing funct

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* use new test method

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

---------

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>
 2023-03-24 23:11:39 +00:00
Marc Boudreau
1361932d91 Remove CircleCI Configuration (#19751) 
* modify pre-commit hook to not look for circleci

* remove circleci configuration
 2023-03-24 14:24:06 -04:00
Marc Boudreau
58bbcad74b Marcboudreau/vault 13760/add test UI to completed (#19747) 
* remove check of circleci configuration from pre-commit hook

* add dependency on test-ui for tests-completed job
 2023-03-24 13:20:49 -04:00
Kuba Wieczorek
f7897be022 Add the FIPS testing job to GitHub Actions CI workflow (#19742) 2023-03-24 17:17:21 +00:00
Marc Boudreau
27123e5558 Create Job to Track All Required Test Jobs (#19743) 
* add tests-completed job to track all matrix jobs completed successfully

* add dependency on setup job for tests-completed job
 2023-03-24 10:39:17 -04:00
Nick Cabatoff
e439289be5 Address regression introduced by #15493 for non-raft storage backends. (#19721) 2023-03-24 10:15:25 -04:00
ram-parameswaran
14eda8a178 Update username template description for AWS (#19690) 
Update username template description for AWS by calling out what DisplayName and PolicyName actually are placeholders for
 2023-03-23 19:56:55 -07:00
Yoko Hyakuna
5b35ae4ba2 Add OpenAPI Go and C# (#18896) 
* Add OpenAPI Go and C#

* Update website/content/docs/get-started/developer-qs.mdx

Co-authored-by: Anton Averchenkov <84287187+averche@users.noreply.github.com>

* Update website/content/docs/get-started/developer-qs.mdx

Co-authored-by: Anton Averchenkov <84287187+averche@users.noreply.github.com>

* Update website/content/docs/get-started/developer-qs.mdx

Co-authored-by: Anton Averchenkov <84287187+averche@users.noreply.github.com>

* Update website/content/docs/get-started/developer-qs.mdx

Co-authored-by: Anton Averchenkov <84287187+averche@users.noreply.github.com>

* Update website/content/docs/get-started/developer-qs.mdx

Co-authored-by: Anton Averchenkov <84287187+averche@users.noreply.github.com>

* Update website/content/docs/get-started/developer-qs.mdx

Co-authored-by: Anton Averchenkov <84287187+averche@users.noreply.github.com>

* Update website/content/docs/get-started/developer-qs.mdx

Co-authored-by: Anton Averchenkov <84287187+averche@users.noreply.github.com>

* Update website/content/docs/get-started/developer-qs.mdx

Co-authored-by: Anton Averchenkov <84287187+averche@users.noreply.github.com>

* Update website/content/docs/get-started/developer-qs.mdx

Co-authored-by: AnPucel <adiroff@hashicorp.com>

* Update website/content/docs/get-started/developer-qs.mdx

Co-authored-by: AnPucel <adiroff@hashicorp.com>

* Update website/content/docs/get-started/developer-qs.mdx

Co-authored-by: AnPucel <adiroff@hashicorp.com>

* Update website/content/docs/get-started/developer-qs.mdx

Co-authored-by: AnPucel <adiroff@hashicorp.com>

* Add code sample links for OpenAPI-based Go and .NET

* Update website/content/docs/get-started/developer-qs.mdx

Co-authored-by: Anton Averchenkov <84287187+averche@users.noreply.github.com>

* Remove command flags that are no longer needed

* Fix 'OpenAPI C#' > 'OpenAPI .NET'

* Update website/content/docs/get-started/developer-qs.mdx

Co-authored-by: AnPucel <adiroff@hashicorp.com>

* Update website/content/docs/get-started/developer-qs.mdx

Co-authored-by: AnPucel <adiroff@hashicorp.com>

* Update website/content/docs/get-started/developer-qs.mdx

Co-authored-by: AnPucel <adiroff@hashicorp.com>

* Update website/content/docs/get-started/developer-qs.mdx

Co-authored-by: AnPucel <adiroff@hashicorp.com>

---------

Co-authored-by: Anton Averchenkov <84287187+averche@users.noreply.github.com>
Co-authored-by: AnPucel <adiroff@hashicorp.com>
 2023-03-23 16:04:50 -07:00
Rowan Smith
c3141977a6 Update tcp.mdx (#19546) 
expand the info for using x-forwarded-for option
 2023-03-23 15:59:42 -07:00
Anton Averchenkov
f674f0ea32 Fix response structure validation tests for non-2xx responses (#19726) 2023-03-23 16:33:44 -04:00
Ryan Cragun
0f1ac87ab5 ci: unpin terraform in CICD (#19665) 
A prior planning bug was resolved in Terraform 1.4.2
 2023-03-23 11:59:11 -06:00
Mason Foster
cfff8d420e aws: pass cancelable context with aws calls (#19365) 
* auth/aws: use cancelable context with aws calls

* secrets/aws: use cancelable context with aws calls
 2023-03-23 12:02:24 -05:00
Jordan Reimer
85c3eab989 Secret Metadata Breadcrumb Bug (#19703) 
* fixes issue navigating back a level using the breadcrumbs from kvv2 metadata view

* adds changelog entry

* deletes kv mount after breadcrumb test -- attempt to fix unrelated failing secrets tests
 2023-03-23 16:25:56 +00:00
Alexander Scheel
dcde779450 Add test to test SSH endpoint authentication (#19705) 
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
 2023-03-23 16:00:21 +00:00
Alexander Scheel
bebdc6551d Add tests for PKI endpoint authentication (#19704) 
* Split (un,)authenticated issuer fetch endpoints

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Allow unauthed per-issuer unified-crl access

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add tests to validate endpoint authentication status

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Disable schema validation in TestBackend_IfModifiedSinceHeaders

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

---------

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
 2023-03-23 15:54:26 +00:00
Chelsea Shaw
914230868d UI: standardize display for type=exported (#19672) 2023-03-23 15:49:24 +00:00
Violet Hynes
0c69cf1048 Revert "VAULT-8337 OSS changes" (#19700) 
This reverts commit 160196f4bc.
 2023-03-23 11:47:10 -04:00
Nick Cabatoff
0be6924452 Make sure that we specify Backoff in conjunction with MinConnectTimeout, else we get a zero value. (#19701) 2023-03-23 10:21:28 -04:00
Yoko Hyakuna
449482d9b3 Fix the title parsing error (#19685) 2023-03-22 20:35:35 -07:00
Angel Garbarino
dcb44bb1d1 Regression bug fix OIDC namespace (#19460) 
* the fix

* changelog

* clair fix

* add test

* update changelog

* clarify comment

* remove state from paramsFor completely, update tests

* Revert "remove state from paramsFor completely, update tests"

This reverts commit bea042f73d50dd51aa67b30e97c6e6685e808794.

* add tests with skips until not flaky

---------

Co-authored-by: clairebontempo@gmail.com <clairebontempo@gmail.com>
Co-authored-by: claire bontempo <68122737+hellobontempo@users.noreply.github.com>
 2023-03-23 00:55:03 +00:00