scottk/vault
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/vault.git synced 2025-11-03 03:58:01 +00:00
Code Issues Packages Projects Releases Wiki Activity
18,725 Commits 2,630 Branches 341 Tags
jira-sync-workflow-dispatch
Commit Graph

717 Commits

Author SHA1 Message Date
Peter Wilson
c0bbede1e2 Bump go-eventlogger to v0.2.8 (#24442) 2023-12-08 14:43:34 +00:00
Christopher Swenson
6ed8b88f5f Switch from mitchellh/cli to hashicorp/cli (#24239) 
@mitchellh suggested we fork `cli` and switch to that.

Since we primarily use the interfaces in `cli`, and the new
fork has not changed those, this is (mostly) a drop-in replacement.

A small fix will be necessary for Vault Enterprise, I believe.
 2023-12-04 11:05:02 -08:00
Raymond Ho
f5622a677a bump eventlogger dependency to v0.2.7 (#24305) 2023-11-30 20:05:25 +00:00
Tom Proctor
030bba4e68 Support rootless plugin containers (#24236) 
* Pulls in github.com/go-secure-stdlib/plugincontainer@v0.3.0 which exposes a new `Config.Rootless` option to opt in to extra container configuration options that allow establishing communication with a non-root plugin within a rootless container runtime.
* Adds a new "rootless" option for plugin runtimes, so Vault needs to be explicitly told whether the container runtime on the machine is rootless or not. It defaults to false as rootless installs are not the default.
* Updates `run_config.go` to use the new option when the plugin runtime is rootless.
* Adds new `-rootless` flag to `vault plugin runtime register`, and `rootless` API option to the register API.
* Adds rootless Docker installation to CI to support tests for the new functionality.
* Minor test refactor to minimise the number of test Vault cores that need to be made for the external plugin container tests.
* Documentation for the new rootless configuration and the new (reduced) set of restrictions for plugin containers.
* As well as adding rootless support, we've decided to drop explicit support for podman for now, but there's no barrier other than support burden to adding it back again in future so it will depend on demand.
 2023-11-28 14:07:07 +00:00
Marccio Silva
8e8bc82a5a Update go-jose dependency to 3.0.1 (#24226) 2023-11-21 13:36:58 -08:00
Nick Cabatoff
1bf366ccdc Use our fork of bbolt to improve freelist performance (#24010) 2023-11-21 10:08:18 -05:00
Dominik Baláž
b148f24d91 Update dependency packages for sdk package (#23913) 
* Update dependency packages for sdk package

* Add changelog

* Tidy up main package dependencies

---------

Co-authored-by: Chris Capurso <1036769+ccapurso@users.noreply.github.com>
 2023-11-06 16:55:46 -05:00
Nick Cabatoff
c9a6dab91c Add replace directive to work around an issue in ent, namely: module declares its path as: github.com/moov-io/signedxml but was required as: github.com/ma314smith/signedxml. (#24036) 2023-11-06 18:41:19 +00:00
Nick Cabatoff
ca06412a14 Some not-yet-merged changes to go.mod have resulted in updating the Go version and toolchain, which then breaks a test compilation. The test only applies to Go version older than 1.16, which we don't have in any active branches, so I'm just removing it. (#24028) 2023-11-06 15:48:12 +00:00
Marc Boudreau
6af8bc7ce0 replace nytimes/gziphandler with klauspost/compress/gzhttp (#23898) 2023-10-31 12:38:07 -04:00
hc-github-team-secure-vault-core
b7a97cba92 Update hashicorp/vault-plugin-secrets-mongodbatlas to v0.10.2 (#23849) 
* Automated dependency upgrades

* Add changelog

---------

Co-authored-by: hc-github-team-secure-vault-ecosystem <hc-github-team-secure-vault-ecosystem@users.noreply.github.com>
 2023-10-26 09:23:42 -04:00
Mike Palmiotto
f2f532ec80 Bump grpc version to v1.58.3 (#23703) 
* Bump x/net to v0.17.0

* changelog

* go mod tidy
 2023-10-17 17:35:30 -04:00
Peter Wilson
b4d221536a bump go-eventlogger to v0.2.5 (#23526) 2023-10-05 17:23:21 +00:00
Tom Proctor
a074bf9cbf Support mlock and custom tmpdir for containerized plugins (#23215) 2023-09-22 12:14:02 +01:00
Scott Miller
c08b645d8f Unseal HA changes, CE side (#23192) 
* Unseal HA changes, CE side

* Transit wrapper update
 2023-09-20 10:58:12 -05:00
Raymond Ho
25221fe012 downgrade go-ldap client to v3.4.4 due to race conditions in tests (#23103) 2023-09-14 23:18:20 +00:00
Tom Proctor
e29c6c129d Bump plugincontainer dep v0.2.0 -> v0.2.1 (#23075) 
Fixes a bug that prevented Vault from streaming plugin containers' logs
 2023-09-14 18:33:14 +01:00
Raymond Ho
018e5675fe VAULT 18227/introduce cap ldap library (#22185) 2023-09-14 10:26:29 -07:00
hc-github-team-secure-vault-core
3116e2ecab Update hashicorp/vault-plugin-auth-azure to v0.16.2 (#23060) 
* Automated dependency upgrades

* Add changelog

---------

Co-authored-by: hc-github-team-secure-vault-ecosystem <hc-github-team-secure-vault-ecosystem@users.noreply.github.com>
 2023-09-13 21:30:00 +00:00
Jim
771470c28f chore: update azurevaultkey wrapper dependency (#22994) 
* chore: update azurevaultkey wrapper dependency

This update brings in PR #155 from go-kms-wrapping which adds support for azure
workload identity authentication

* chore: add changelog entry

* fixup! chore: add changelog entry
 2023-09-12 12:31:33 -04:00
hc-github-team-secure-vault-core
06d0c396b9 Update hashicorp/vault-plugin-secrets-terraform to v0.7.3 (#22907) 
* Automated dependency upgrades

* Add changelog

---------

Co-authored-by: hc-github-team-secure-vault-ecosystem <hc-github-team-secure-vault-ecosystem@users.noreply.github.com>
 2023-09-08 16:31:58 +00:00
hc-github-team-secure-vault-core
f43bbc0fae Update hashicorp/vault-plugin-auth-kubernetes to v0.17.1 (#22879) 
* Automated dependency upgrades

* Add changelog

---------

Co-authored-by: hc-github-team-secure-vault-ecosystem <hc-github-team-secure-vault-ecosystem@users.noreply.github.com>
 2023-09-08 00:42:53 +00:00
hc-github-team-secure-vault-core
eb0aa974aa Update hashicorp/vault-plugin-database-couchbase to v0.9.4 (#22871) 
---------

Co-authored-by: hc-github-team-secure-vault-ecosystem <hc-github-team-secure-vault-ecosystem@users.noreply.github.com>
Co-authored-by: Thy Ton <maithytonn@gmail.com>
 2023-09-07 23:19:24 +00:00
Tom Proctor
d6da79aa5f Make runsc the default plugin container runtime (#22850) 
* Also makes plugin directory optional when registering container plugins
* And threads plugin runtime settings through to plugin execution config
* Add runsc to github runner for plugin container tests
 2023-09-07 23:01:27 +00:00
Christopher Swenson
022469da45 events: WebSocket subscriptions support go-bexpr expressions (#22835) 
Subscribing to events through a WebSocket now support boolean
expressions to filter only the events wanted based on the fields

* `event_type`
* `operation`
* `source_plugin_mount`
* `data_path`
* `namespace`

Example expressions:

These can be passed to `vault events subscribe`, e.g.,:
* `event_type == abc`
* `source_plugin_mount == secret/`
* `event_type != def and operation != write`

```sh
vault events subscribe -filter='source_plugin_mount == secret/' 'kv*'
```

The docs for the `vault events subscribe` command and API endpoint
will be coming shortly in a different PR, and will include a better
specification for these expressions, similar to (or linking to)
https://developer.hashicorp.com/boundary/docs/concepts/filtering
 2023-09-07 20:11:53 +00:00
hc-github-team-secure-vault-core
db662131e7 Update hashicorp/vault-plugin-secrets-ad to v0.16.1 (#22856) 
---------

Co-authored-by: hc-github-team-secure-vault-ecosystem <hc-github-team-secure-vault-ecosystem@users.noreply.github.com>
Co-authored-by: Thy Ton <maithytonn@gmail.com>
 2023-09-07 12:03:28 -07:00
hc-github-team-secure-vault-core
9af1c4a183 Update hashicorp/vault-plugin-database-couchbase to v0.9.3 (#22854) 
---------

Co-authored-by: hc-github-team-secure-vault-ecosystem <hc-github-team-secure-vault-ecosystem@users.noreply.github.com>
 2023-09-07 11:18:05 -07:00
Scott Miller
28bdfe6c14 Update go-kms-wrapping dependencies for community (#22833) 2023-09-06 21:59:00 -04:00
kpcraig
2172786316 Add support for IAM Auth for Google CloudSQL DBs (#22445) 2023-09-06 14:40:39 -07:00
hc-github-team-secure-vault-core
868906d47a Update hashicorp/vault-plugin-secrets-kubernetes to v0.6.0 (#22823) 
* Automated dependency upgrades

* Add changelog

* fix typo

* gofumpt fix

---------

Co-authored-by: hc-github-team-secure-vault-ecosystem <hc-github-team-secure-vault-ecosystem@users.noreply.github.com>
Co-authored-by: robmonte <17119716+robmonte@users.noreply.github.com>
 2023-09-06 20:27:06 +00:00
hc-github-team-secure-vault-core
4436c24b34 Update hashicorp/vault-plugin-secrets-azure to v0.16.3 (#22824) 
* Automated dependency upgrades

* Add changelog

---------

Co-authored-by: hc-github-team-secure-vault-ecosystem <hc-github-team-secure-vault-ecosystem@users.noreply.github.com>
 2023-09-06 20:08:41 +00:00
hc-github-team-secure-vault-core
16654d7242 Update hashicorp/vault-plugin-auth-oci to v0.14.2 (#22805) 
* Automated dependency upgrades

* Add changelog

---------

Co-authored-by: hc-github-team-secure-vault-ecosystem <hc-github-team-secure-vault-ecosystem@users.noreply.github.com>
 2023-09-06 09:53:23 -07:00
hc-github-team-secure-vault-core
35fd8f3496 Update hashicorp/vault-plugin-secrets-azure to v0.16.2 (#22799) 
* Automated dependency upgrades

* Add changelog

---------

Co-authored-by: hc-github-team-secure-vault-ecosystem <hc-github-team-secure-vault-ecosystem@users.noreply.github.com>
 2023-09-06 16:38:46 +00:00
hc-github-team-secure-vault-core
1e414cf6a2 Update hashicorp/vault-plugin-auth-kerberos to v0.10.1 (#22797) 
* Automated dependency upgrades

* Add changelog

---------

Co-authored-by: hc-github-team-secure-vault-ecosystem <hc-github-team-secure-vault-ecosystem@users.noreply.github.com>
 2023-09-06 16:17:21 +00:00
hc-github-team-secure-vault-core
18a1bece15 Update hashicorp/vault-plugin-auth-azure to v0.16.1 (#22795) 
* Automated dependency upgrades

* Add changelog

---------

Co-authored-by: hc-github-team-secure-vault-ecosystem <hc-github-team-secure-vault-ecosystem@users.noreply.github.com>
 2023-09-06 16:07:41 +00:00
Max Coulombe
ac009ab27a * bumped kv plugin (#22790) 
+ changelog
 2023-09-06 11:07:48 -04:00
hc-github-team-secure-vault-core
824a8a5901 Update hashicorp/vault-plugin-auth-oci to v0.14.1 (#22774) 
* Automated dependency upgrades

* Add changelog

---------

Co-authored-by: hc-github-team-secure-vault-ecosystem <hc-github-team-secure-vault-ecosystem@users.noreply.github.com>
 2023-09-05 13:30:06 -07:00
Josh Black
23932dee23 Use new sdk and api versions (#22771) 2023-09-05 18:37:17 +00:00
hc-github-team-secure-vault-core
b97ec49125 Update hashicorp/vault-plugin-secrets-gcpkms to v0.15.1 (#22757) 
* Automated dependency upgrades

* Add changelog

---------

Co-authored-by: hc-github-team-secure-vault-ecosystem <hc-github-team-secure-vault-ecosystem@users.noreply.github.com>
 2023-09-05 15:27:46 +00:00
hc-github-team-secure-vault-core
dc896a5aa1 Update hashicorp/vault-plugin-auth-cf to v0.15.1 (#22758) 
* Automated dependency upgrades

* Add changelog

---------

Co-authored-by: hc-github-team-secure-vault-ecosystem <hc-github-team-secure-vault-ecosystem@users.noreply.github.com>
 2023-09-05 14:53:20 +00:00
miagilepner
4e3b91d91f [VAULT-17827] Rollback manager worker pool (#22567) 
* workerpool implementation

* rollback tests

* website documentation

* add changelog

* fix failing test
 2023-09-04 15:48:09 +02:00
hc-github-team-secure-vault-core
c25e1a5fd4 Update hashicorp/vault-plugin-secrets-mongodbatlas to v0.10.1 (#22748) 
* Automated dependency upgrades

* Add changelog

---------

Co-authored-by: hc-github-team-secure-vault-ecosystem <hc-github-team-secure-vault-ecosystem@users.noreply.github.com>
 2023-09-01 15:08:39 -07:00
hc-github-team-secure-vault-core
f3c0bfeb5d Update hashicorp/vault-plugin-secrets-gcp to v0.17.0 (#22746) 
Co-authored-by: hc-github-team-secure-vault-ecosystem <hc-github-team-secure-vault-ecosystem@users.noreply.github.com>
 2023-09-01 20:40:44 +00:00
Tom Proctor
07e76196ba Support running plugins in isolated containers (#22712) 
Implements running plugins in containers to give them some degree
of isolation from the main Vault process and other plugins. It only
supports running on Linux initially, where it is easiest to manage unix
socket communication across the container boundary.

Additionally

* Adds -env arg to vault plugin register.
* Don't return env from 'vault plugin info'

Historically it's been omitted, and it could conceivably have secret information in
it, so if we want to return it in the response, it should probably only be via explicit
opt-in. Skipping for now though as it's not the main purpose of the commit.
 2023-09-01 17:55:17 +00:00
Raymond Ho
715f02ff0d fix: upgrade vault-plugin-auth-kubernetes to v0.17.0 (#22709) 2023-09-01 09:35:44 -07:00
hc-github-team-secure-vault-core
ece4b60346 Update hashicorp/vault-plugin-secrets-openldap to v0.11.2 (#22734) 
* Automated dependency upgrades

* Add changelog

---------

Co-authored-by: hc-github-team-secure-vault-ecosystem <hc-github-team-secure-vault-ecosystem@users.noreply.github.com>
 2023-09-01 11:28:55 -05:00
hc-github-team-secure-vault-core
ccda5e2a34 Update hashicorp/vault-plugin-secrets-kv to v0.16.1 (#22716) 2023-09-01 10:52:59 -05:00
hc-github-team-secure-vault-core
bbffe93bbb Update hashicorp/vault-plugin-auth-jwt to v0.17.0 (#22678) 
* Automated dependency upgrades

* Add changelog

---------

Co-authored-by: hc-github-team-secure-vault-ecosystem <hc-github-team-secure-vault-ecosystem@users.noreply.github.com>
 2023-08-31 11:59:34 -07:00
hc-github-team-secure-vault-core
d9ec27eb4c Update hashicorp/vault-plugin-database-elasticsearch to v0.13.3 (#22696) 
* Automated dependency upgrades

* Add changelog

---------

Co-authored-by: hc-github-team-secure-vault-ecosystem <hc-github-team-secure-vault-ecosystem@users.noreply.github.com>
 2023-08-31 11:31:38 -07:00
hc-github-team-secure-vault-core
9006375b53 Update hashicorp/vault-plugin-auth-alicloud to v0.16.0 (#22646) 
* Automated dependency upgrades

* Add changelog

---------

Co-authored-by: hc-github-team-secure-vault-ecosystem <hc-github-team-secure-vault-ecosystem@users.noreply.github.com>
 2023-08-30 20:51:10 +00:00