vault

mirror of https://github.com/optim-enterprises-bv/vault.git synced 2025-10-29 09:42:25 +00:00

Author	SHA1	Message	Date
hc-github-team-secure-vault-core	ec654e3caf	Backport of fix `-log-file` so that it uses the correct name and only adds timestamps on rotation into release/1.14.x (#24322 ) * backport of commit `06b9325bb9` * fix server.go imports --------- Co-authored-by: Peter Wilson <peter.wilson@hashicorp.com>	2023-12-01 12:33:09 +00:00
hc-github-team-secure-vault-core	46bcae656a	backport of commit `64dfff080a` (#24285 ) Co-authored-by: Peter Wilson <peter.wilson@hashicorp.com>	2023-11-29 14:10:52 +00:00
Hamid Ghaf	96f5e64b83	Revert "Automatically track subloggers in allLoggers (#22038 )" (#24005 ) This reverts commit `4c8cc87794`.	2023-11-03 14:40:17 -07:00
hc-github-team-secure-vault-core	c07c8f2b6c	backport of commit `63ab253cb4` (#23929 ) Co-authored-by: Ellie <ellie.sterner@hashicorp.com>	2023-10-31 15:18:21 -05:00
hc-github-team-secure-vault-core	274436c097	api/seal-status: fix deadlock when namespace is set on seal-status calls (#23861 ) (#23879 ) * api/seal-status: fix deadlock when namespace is set on seal-status calls * changelog Co-authored-by: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com>	2023-10-27 14:47:12 +00:00
hc-github-team-secure-vault-core	e83f62dadb	Revert "Implement user lockout log (#23140 )" (#23741 ) (#23765 ) This reverts commit `92fcfda8ad`. Co-authored-by: davidadeleon <56207066+davidadeleon@users.noreply.github.com>	2023-10-25 15:38:58 +00:00
hc-github-team-secure-vault-core	9bdfa0f170	backport of commit `7872338ec1` (#23639 ) Co-authored-by: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com>	2023-10-12 18:49:44 +00:00
davidadeleon	4fea2d147c	Backport of Implement user lockout log into release/1.14.x (#23630 ) * Implement user lockout log (#23140) * implement user lockout logger * formatting * make user lockout log interval configurable * create func to get locked user count, and fix potential deadlock * fix test * fix test * add changelog * fix panic when unlocking unlocked user (#23611)	2023-10-12 11:24:52 -04:00
hc-github-team-secure-vault-core	31b83d7dac	backport of commit `d5f4243c9e` (#23162 ) Co-authored-by: Hamid Ghaf <83242695+hghaf099@users.noreply.github.com>	2023-09-19 16:03:52 +00:00
hc-github-team-secure-vault-core	eeeddecccd	backport of commit `5a83838f1d` (#23020 ) Co-authored-by: Chris Capurso <1036769+ccapurso@users.noreply.github.com>	2023-09-13 09:50:57 -04:00
hc-github-team-secure-vault-core	3078887abb	backport of commit `3130e8ba94` (#22868 )	2023-09-07 20:08:01 +00:00
hc-github-team-secure-vault-core	4c0edc73b2	backport of commit `4c8cc87794` (#22247 ) Co-authored-by: Mike Palmiotto <mike.palmiotto@hashicorp.com>	2023-09-01 13:02:28 -04:00
hc-github-team-secure-vault-core	429c693e76	Add config value that gives users options to skip calculating role for each lease (#22651 ) (#22730 ) * Add config value that gives users options to skip calculating role for each lease * add changelog * change name * add config for testing * Update changelog/22651.txt * update tests, docs and reorder logic in conditional * fix comment * update comment * fix comment again * Update comments and change if order * change comment again * add other comment * fix tests * add documentation * edit docs * Update http/util.go * Update vault/core.go * Update vault/core.go * update var name * udpate docs * Update vault/request_handling.go * 1 more docs change --------- Co-authored-by: Ellie <ellie.sterner@hashicorp.com> Co-authored-by: Violet Hynes <violet.hynes@hashicorp.com> Co-authored-by: Mike Palmiotto <mike.palmiotto@hashicorp.com>	2023-09-01 08:07:47 -05:00
hc-github-team-secure-vault-core	6a22f6d75d	backport of commit `727c73cbd1` (#22684 ) Co-authored-by: Luis (LT) Carbonell <lt.carbonell@hashicorp.com>	2023-08-31 13:18:25 +00:00
Tom Proctor	649ad639e8	Backport: Bump consul-template 0.32.0 -> 0.33.0 (#22322 ) (#22338 ) Also adds a test to ensure the new VAULT_CACERT_BYTES functionality works. Conflicts: go.mod go.sum	2023-08-15 14:36:26 +01:00
hc-github-team-secure-vault-core	486f7d0fda	backport of commit `7e5f2cebb7` (#22274 ) Co-authored-by: Violet Hynes <violet.hynes@hashicorp.com>	2023-08-10 10:56:45 -04:00
hc-github-team-secure-vault-core	88f041d12e	backport of commit `4c1a7b53d3` (#21609 ) Co-authored-by: Bianca Moreira <48203644+biazmoreira@users.noreply.github.com>	2023-07-06 12:05:43 +02:00
hc-github-team-secure-vault-core	6f3b60356f	backport of commit `325233ea7d` (#21519 ) Co-authored-by: Christophe Deliens <chris@deliens.be>	2023-06-30 17:48:20 +00:00
hc-github-team-secure-vault-core	0f58c6f3e0	backport of commit `3a46ecc389` (#21362 ) Co-authored-by: Violet Hynes <violet.hynes@hashicorp.com>	2023-06-21 14:01:13 +00:00
hc-github-team-secure-vault-core	13a649f860	backport of commit `f12c128559` (#21348 ) Co-authored-by: Nick Cabatoff <ncabatoff@hashicorp.com>	2023-06-19 11:40:23 -04:00
hc-github-team-secure-vault-core	dd62be3bfb	backport of commit `3908ec9dc4` (#21331 ) Co-authored-by: Anton Averchenkov <84287187+averche@users.noreply.github.com>	2023-06-16 17:33:30 -04:00
Mike Baum	3bd1bcb31c	Backport of audit file changes to release/1.14.x (#20985 )	2023-06-05 11:46:59 -04:00
hc-github-team-secure-vault-core	da738782dc	backport of commit `155003aa0c` (#20973 ) Co-authored-by: Anton Averchenkov <84287187+averche@users.noreply.github.com>	2023-06-02 21:37:06 +00:00
hc-github-team-secure-vault-core	08cbaab36e	backport of commit `bc9a39a2f1` (#20954 ) Co-authored-by: Anton Averchenkov <84287187+averche@users.noreply.github.com>	2023-06-02 13:34:20 +00:00
hc-github-team-secure-vault-core	c826572328	backport of commit `8fe7076c02` (#20939 ) Co-authored-by: Anton Averchenkov <84287187+averche@users.noreply.github.com>	2023-06-02 02:05:51 +00:00
hc-github-team-secure-vault-core	944e818a9d	backport of commit `a5a49cde3f` (#20949 ) Co-authored-by: Daniel Huckins <dhuckins@users.noreply.github.com>	2023-06-01 20:31:53 -04:00
hc-github-team-secure-vault-core	75c608718c	backport of commit `e4c19ac0af` (#20938 ) Co-authored-by: Anton Averchenkov <84287187+averche@users.noreply.github.com>	2023-06-01 19:14:17 +00:00
hc-github-team-secure-vault-core	569e4ba6e9	backport of commit `9be2903a34` (#20932 ) Co-authored-by: Anton Averchenkov <84287187+averche@users.noreply.github.com> Co-authored-by: Daniel Huckins <dhuckins@users.noreply.github.com>	2023-06-01 12:01:14 -04:00
hc-github-team-secure-vault-core	88c6eb0c5d	backport of commit `360a406a2f` (#20928 ) Co-authored-by: Steven Clark <steven.clark@hashicorp.com>	2023-06-01 14:34:52 +00:00
hc-github-team-secure-vault-core	9d9dba5ac5	backport of commit `8ff31f32a5` (#20895 ) Co-authored-by: Anton Averchenkov <84287187+averche@users.noreply.github.com>	2023-06-01 00:37:32 +00:00
hc-github-team-secure-vault-core	e465cf7078	backport of commit `21eccf8b8d` (#20866 ) Co-authored-by: Anton Averchenkov <84287187+averche@users.noreply.github.com>	2023-05-31 23:06:59 +00:00
hc-github-team-secure-vault-core	92325ac8e3	backport of commit `7f2d3f2c5c` (#20860 ) Co-authored-by: Anton Averchenkov <84287187+averche@users.noreply.github.com>	2023-05-31 22:38:26 +00:00
hc-github-team-secure-vault-core	47eeccadd6	backport of commit `344ee1ec3e` (#20865 ) Co-authored-by: Daniel Huckins <dhuckins@users.noreply.github.com>	2023-05-31 17:14:02 +00:00
hc-github-team-secure-vault-core	91dc50bd98	backport of commit `fe53c4684c` (#20894 ) Co-authored-by: Anton Averchenkov <84287187+averche@users.noreply.github.com>	2023-05-31 16:32:17 +00:00
hc-github-team-secure-vault-core	7ad266ba39	backport of commit `3b5ca69b62` (#20839 ) Co-authored-by: Nick Cabatoff <ncabatoff@hashicorp.com>	2023-05-30 16:41:07 +00:00
Larroyo	1336abddfe	Make transit import command work for the transform backend (#20668 ) * Add import and import-version commands for the transform backend	2023-05-25 15:33:27 -05:00
Daniel Huckins	a66074425d	agent: Add implementation for injecting secrets as environment variables to vault agent cmd (#20739 ) * added exec and env_template config/parsing * add tests * we can reuse ctconfig here * do not create a non-nil map * check defaults * Apply suggestions from code review Co-authored-by: Anton Averchenkov <84287187+averche@users.noreply.github.com> * Apply suggestions from code review Co-authored-by: Anton Averchenkov <84287187+averche@users.noreply.github.com> * first go of exec server Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com> * convert to list Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com> * convert to list Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com> * sig test Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com> * add failing example Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com> * refactor for config changes Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com> * add test for invalid signal Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com> * account for auth token changes Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com> * only start the runner once we have a token * tests in diff branch Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com> * Apply suggestions from code review Co-authored-by: Anton Averchenkov <84287187+averche@users.noreply.github.com> * fix rename Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com> * Update command/agent/exec/exec.go Co-authored-by: Anton Averchenkov <84287187+averche@users.noreply.github.com> * apply suggestions from code review Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com> * cleanup Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com> * remove unnecessary lock Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com> * refactor to use enum Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com> * dont block Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com> * handle default Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com> * make more explicit Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com> * cleanup Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com> * remove unused Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com> * remove unused file Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com> * remove test app Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com> * Apply suggestions from code review Co-authored-by: Anton Averchenkov <84287187+averche@users.noreply.github.com> * apply suggestions from code review Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com> * update comment Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com> * add changelog Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com> * new channel for exec server token * wire to run with vault agent Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com> * watch for child process to exit on its own Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com> * block before returning Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com> --------- Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com> Co-authored-by: Anton Averchenkov <84287187+averche@users.noreply.github.com>	2023-05-25 09:23:56 -04:00
Daniel Huckins	17a1e78ffb	agent: Add implementation for injecting secrets as environment variables (#20628 ) * added exec and env_template config/parsing * add tests * we can reuse ctconfig here * do not create a non-nil map * check defaults * Apply suggestions from code review Co-authored-by: Anton Averchenkov <84287187+averche@users.noreply.github.com> * Apply suggestions from code review Co-authored-by: Anton Averchenkov <84287187+averche@users.noreply.github.com> * first go of exec server Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com> * convert to list Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com> * convert to list Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com> * sig test Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com> * add failing example Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com> * refactor for config changes Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com> * add test for invalid signal Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com> * account for auth token changes Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com> * only start the runner once we have a token * tests in diff branch Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com> * Apply suggestions from code review Co-authored-by: Anton Averchenkov <84287187+averche@users.noreply.github.com> * fix rename Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com> * Update command/agent/exec/exec.go Co-authored-by: Anton Averchenkov <84287187+averche@users.noreply.github.com> * apply suggestions from code review Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com> * cleanup Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com> * remove unnecessary lock Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com> * refactor to use enum Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com> * dont block Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com> * handle default Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com> * make more explicit Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com> * cleanup Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com> * remove unused Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com> * remove unused file Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com> * remove test app Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com> * Apply suggestions from code review Co-authored-by: Anton Averchenkov <84287187+averche@users.noreply.github.com> * apply suggestions from code review Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com> * update comment Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com> * add changelog Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com> * watch for child process to exit on its own Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com> --------- Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com> Co-authored-by: Anton Averchenkov <84287187+averche@users.noreply.github.com>	2023-05-24 16:56:06 -04:00
Anton Averchenkov	a051ab443f	agent: Add logic to validate env_template entries (#20569 )	2023-05-23 18:37:08 +00:00
Steven Clark	476bec104e	Add ACME health checks to pki health-check CLI (#20619 ) * Add ACME health checks to pki health-check CLI - Verify we have the required header values listed within allowed_response_headers: 'Replay-Nonce', 'Link', 'Location' - Make sure the local cluster config path variable contains an URL with an https scheme * Split ACME health checks into two separate verifications - Promote ACME usage through the enable_acme_issuance check, if ACME is disabled currently - If ACME is enabled verify that we have a valid 'path' field within local cluster configuration as well as the proper response headers allowed. - Factor out response header verifications into a separate check mainly to work around possible permission issues. * Only recommend enabling ACME on mounts with intermediate issuers * Attempt to connect to the ACME directory based on the cluster path variable - Final health check is to attempt to connect to the ACME directory based on the cluster local 'path' value. Only if we successfully connect do we say ACME is healthy. * Fix broken unit test	2023-05-23 10:37:31 -04:00
Márk Sági-Kazár	200f0c0e03	Upgrade go-jose library to v3 (#20559 ) * upgrade go-jose library to v3 Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com> * chore: fix unnecessary import alias Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com> * upgrade go-jose library to v2 in vault Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com> --------- Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com>	2023-05-23 12:25:58 +00:00
Daniel Huckins	a86d8c4539	agent: Add support for parsing env_template configuration files (#20598 ) * added exec and env_template config/parsing * add tests * we can reuse ctconfig here * do not create a non-nil map * check defaults * Apply suggestions from code review Co-authored-by: Anton Averchenkov <84287187+averche@users.noreply.github.com> * Apply suggestions from code review Co-authored-by: Anton Averchenkov <84287187+averche@users.noreply.github.com> * convert to list Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com> * convert to list Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com> * sig test Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com> * add failing example Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com> * add test for invalid signal Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com> * Update command/agent/config/config.go * use latest consul-template * fix build * fix test * fix test fixtures * make fmt * test docs * rename file * env var -> environment variable * default to SIGTERM * empty line * explicit naming Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com> * clean typo Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com> * replace $ HOME with /home/username in examples * remove empty line --------- Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com> Co-authored-by: Anton Averchenkov <84287187+averche@users.noreply.github.com> Co-authored-by: Anton Averchenkov <anton.averchenkov@hashicorp.com>	2023-05-19 18:11:41 -04:00
Marc Boudreau	729e477b03	Refactor Code Focused on DevTLS Mode into New Function (#20376 ) * refactor code focused on DevTLS mode into new function * add tests for configureDevTLS function * replace testcase comments with fields in testcase struct	2023-05-19 15:45:22 -04:00
Anton Averchenkov	1a1af69cdd	cli: Add 'agent generate-config' sub-command (#20530 )	2023-05-19 13:42:19 -04:00
Violet Hynes	3d7d8f4965	VAULT-15547 Agent/proxy decoupling, take two (#20634 ) * VAULT-15547 Additional tests, refactoring, for proxy split * VAULT-15547 Additional tests, refactoring, for proxy split * VAULT-15547 Import reorganization * VAULT-15547 Some missed updates for PersistConfig * VAULT-15547 address comments * VAULT-15547 address comments	2023-05-19 13:17:48 -04:00
miagilepner	35e2c1665f	VAULT-15703: Reload automated reporting (#20680 ) * support config reloading for census * changelog * second changelog entry for license updates * correct changelog PR	2023-05-19 14:42:50 +00:00
Nick Cabatoff	8b3e17ea38	Make -dev-three-node use perf standbys for ent binaries (#20629 )	2023-05-17 18:37:44 +00:00
Violet Hynes	6b4b0f7aaf	VAULT-15547 First pass at agent/proxy decoupling (#20548 ) * VAULT-15547 First pass at agent/proxy decoupling * VAULT-15547 Fix some imports * VAULT-15547 cases instead of string.Title * VAULT-15547 changelog * VAULT-15547 Fix some imports * VAULT-15547 some more dependency updates * VAULT-15547 More dependency paths * VAULT-15547 godocs for tests * VAULT-15547 godocs for tests * VAULT-15547 test package updates * VAULT-15547 test packages * VAULT-15547 add proxy to test packages * VAULT-15547 gitignore * VAULT-15547 address comments * VAULT-15547 Some typos and small fixes	2023-05-17 09:38:34 -04:00
Jason O'Donnell	00855a9e7a	command/server: add support to write pprof files to the filesystem via SIGUSR2 (#20609 ) * core/server: add support to write pprof files to the filesystem via SIGUSR2 * changelog * Fix filepath join * Use core logger * Simplify logic * Break on error	2023-05-17 09:21:25 -04:00
Daniel Huckins	d899c57125	move private function to internal pkg for sharing (#20531 ) * move private function to internal pkg for sharing * rename to mc Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com> * rename to NewConfig Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com> --------- Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>	2023-05-15 10:55:28 -04:00

1 2 3 4 5 ...

1742 Commits