vault

mirror of https://github.com/optim-enterprises-bv/vault.git synced 2025-10-30 02:02:43 +00:00

Author	SHA1	Message	Date
hc-github-team-secure-vault-core	486f7d0fda	backport of commit `7e5f2cebb7` (#22274 ) Co-authored-by: Violet Hynes <violet.hynes@hashicorp.com>	2023-08-10 10:56:45 -04:00
hc-github-team-secure-vault-core	88f041d12e	backport of commit `4c1a7b53d3` (#21609 ) Co-authored-by: Bianca Moreira <48203644+biazmoreira@users.noreply.github.com>	2023-07-06 12:05:43 +02:00
hc-github-team-secure-vault-core	6f3b60356f	backport of commit `325233ea7d` (#21519 ) Co-authored-by: Christophe Deliens <chris@deliens.be>	2023-06-30 17:48:20 +00:00
hc-github-team-secure-vault-core	0f58c6f3e0	backport of commit `3a46ecc389` (#21362 ) Co-authored-by: Violet Hynes <violet.hynes@hashicorp.com>	2023-06-21 14:01:13 +00:00
hc-github-team-secure-vault-core	13a649f860	backport of commit `f12c128559` (#21348 ) Co-authored-by: Nick Cabatoff <ncabatoff@hashicorp.com>	2023-06-19 11:40:23 -04:00
hc-github-team-secure-vault-core	dd62be3bfb	backport of commit `3908ec9dc4` (#21331 ) Co-authored-by: Anton Averchenkov <84287187+averche@users.noreply.github.com>	2023-06-16 17:33:30 -04:00
Mike Baum	3bd1bcb31c	Backport of audit file changes to release/1.14.x (#20985 )	2023-06-05 11:46:59 -04:00
hc-github-team-secure-vault-core	da738782dc	backport of commit `155003aa0c` (#20973 ) Co-authored-by: Anton Averchenkov <84287187+averche@users.noreply.github.com>	2023-06-02 21:37:06 +00:00
hc-github-team-secure-vault-core	08cbaab36e	backport of commit `bc9a39a2f1` (#20954 ) Co-authored-by: Anton Averchenkov <84287187+averche@users.noreply.github.com>	2023-06-02 13:34:20 +00:00
hc-github-team-secure-vault-core	c826572328	backport of commit `8fe7076c02` (#20939 ) Co-authored-by: Anton Averchenkov <84287187+averche@users.noreply.github.com>	2023-06-02 02:05:51 +00:00
hc-github-team-secure-vault-core	944e818a9d	backport of commit `a5a49cde3f` (#20949 ) Co-authored-by: Daniel Huckins <dhuckins@users.noreply.github.com>	2023-06-01 20:31:53 -04:00
hc-github-team-secure-vault-core	75c608718c	backport of commit `e4c19ac0af` (#20938 ) Co-authored-by: Anton Averchenkov <84287187+averche@users.noreply.github.com>	2023-06-01 19:14:17 +00:00
hc-github-team-secure-vault-core	569e4ba6e9	backport of commit `9be2903a34` (#20932 ) Co-authored-by: Anton Averchenkov <84287187+averche@users.noreply.github.com> Co-authored-by: Daniel Huckins <dhuckins@users.noreply.github.com>	2023-06-01 12:01:14 -04:00
hc-github-team-secure-vault-core	88c6eb0c5d	backport of commit `360a406a2f` (#20928 ) Co-authored-by: Steven Clark <steven.clark@hashicorp.com>	2023-06-01 14:34:52 +00:00
hc-github-team-secure-vault-core	9d9dba5ac5	backport of commit `8ff31f32a5` (#20895 ) Co-authored-by: Anton Averchenkov <84287187+averche@users.noreply.github.com>	2023-06-01 00:37:32 +00:00
hc-github-team-secure-vault-core	e465cf7078	backport of commit `21eccf8b8d` (#20866 ) Co-authored-by: Anton Averchenkov <84287187+averche@users.noreply.github.com>	2023-05-31 23:06:59 +00:00
hc-github-team-secure-vault-core	92325ac8e3	backport of commit `7f2d3f2c5c` (#20860 ) Co-authored-by: Anton Averchenkov <84287187+averche@users.noreply.github.com>	2023-05-31 22:38:26 +00:00
hc-github-team-secure-vault-core	47eeccadd6	backport of commit `344ee1ec3e` (#20865 ) Co-authored-by: Daniel Huckins <dhuckins@users.noreply.github.com>	2023-05-31 17:14:02 +00:00
hc-github-team-secure-vault-core	91dc50bd98	backport of commit `fe53c4684c` (#20894 ) Co-authored-by: Anton Averchenkov <84287187+averche@users.noreply.github.com>	2023-05-31 16:32:17 +00:00
hc-github-team-secure-vault-core	7ad266ba39	backport of commit `3b5ca69b62` (#20839 ) Co-authored-by: Nick Cabatoff <ncabatoff@hashicorp.com>	2023-05-30 16:41:07 +00:00
Larroyo	1336abddfe	Make transit import command work for the transform backend (#20668 ) * Add import and import-version commands for the transform backend	2023-05-25 15:33:27 -05:00
Daniel Huckins	a66074425d	agent: Add implementation for injecting secrets as environment variables to vault agent cmd (#20739 ) * added exec and env_template config/parsing * add tests * we can reuse ctconfig here * do not create a non-nil map * check defaults * Apply suggestions from code review Co-authored-by: Anton Averchenkov <84287187+averche@users.noreply.github.com> * Apply suggestions from code review Co-authored-by: Anton Averchenkov <84287187+averche@users.noreply.github.com> * first go of exec server Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com> * convert to list Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com> * convert to list Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com> * sig test Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com> * add failing example Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com> * refactor for config changes Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com> * add test for invalid signal Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com> * account for auth token changes Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com> * only start the runner once we have a token * tests in diff branch Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com> * Apply suggestions from code review Co-authored-by: Anton Averchenkov <84287187+averche@users.noreply.github.com> * fix rename Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com> * Update command/agent/exec/exec.go Co-authored-by: Anton Averchenkov <84287187+averche@users.noreply.github.com> * apply suggestions from code review Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com> * cleanup Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com> * remove unnecessary lock Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com> * refactor to use enum Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com> * dont block Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com> * handle default Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com> * make more explicit Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com> * cleanup Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com> * remove unused Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com> * remove unused file Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com> * remove test app Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com> * Apply suggestions from code review Co-authored-by: Anton Averchenkov <84287187+averche@users.noreply.github.com> * apply suggestions from code review Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com> * update comment Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com> * add changelog Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com> * new channel for exec server token * wire to run with vault agent Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com> * watch for child process to exit on its own Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com> * block before returning Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com> --------- Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com> Co-authored-by: Anton Averchenkov <84287187+averche@users.noreply.github.com>	2023-05-25 09:23:56 -04:00
Daniel Huckins	17a1e78ffb	agent: Add implementation for injecting secrets as environment variables (#20628 ) * added exec and env_template config/parsing * add tests * we can reuse ctconfig here * do not create a non-nil map * check defaults * Apply suggestions from code review Co-authored-by: Anton Averchenkov <84287187+averche@users.noreply.github.com> * Apply suggestions from code review Co-authored-by: Anton Averchenkov <84287187+averche@users.noreply.github.com> * first go of exec server Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com> * convert to list Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com> * convert to list Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com> * sig test Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com> * add failing example Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com> * refactor for config changes Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com> * add test for invalid signal Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com> * account for auth token changes Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com> * only start the runner once we have a token * tests in diff branch Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com> * Apply suggestions from code review Co-authored-by: Anton Averchenkov <84287187+averche@users.noreply.github.com> * fix rename Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com> * Update command/agent/exec/exec.go Co-authored-by: Anton Averchenkov <84287187+averche@users.noreply.github.com> * apply suggestions from code review Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com> * cleanup Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com> * remove unnecessary lock Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com> * refactor to use enum Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com> * dont block Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com> * handle default Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com> * make more explicit Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com> * cleanup Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com> * remove unused Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com> * remove unused file Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com> * remove test app Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com> * Apply suggestions from code review Co-authored-by: Anton Averchenkov <84287187+averche@users.noreply.github.com> * apply suggestions from code review Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com> * update comment Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com> * add changelog Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com> * watch for child process to exit on its own Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com> --------- Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com> Co-authored-by: Anton Averchenkov <84287187+averche@users.noreply.github.com>	2023-05-24 16:56:06 -04:00
Anton Averchenkov	a051ab443f	agent: Add logic to validate env_template entries (#20569 )	2023-05-23 18:37:08 +00:00
Steven Clark	476bec104e	Add ACME health checks to pki health-check CLI (#20619 ) * Add ACME health checks to pki health-check CLI - Verify we have the required header values listed within allowed_response_headers: 'Replay-Nonce', 'Link', 'Location' - Make sure the local cluster config path variable contains an URL with an https scheme * Split ACME health checks into two separate verifications - Promote ACME usage through the enable_acme_issuance check, if ACME is disabled currently - If ACME is enabled verify that we have a valid 'path' field within local cluster configuration as well as the proper response headers allowed. - Factor out response header verifications into a separate check mainly to work around possible permission issues. * Only recommend enabling ACME on mounts with intermediate issuers * Attempt to connect to the ACME directory based on the cluster path variable - Final health check is to attempt to connect to the ACME directory based on the cluster local 'path' value. Only if we successfully connect do we say ACME is healthy. * Fix broken unit test	2023-05-23 10:37:31 -04:00
Márk Sági-Kazár	200f0c0e03	Upgrade go-jose library to v3 (#20559 ) * upgrade go-jose library to v3 Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com> * chore: fix unnecessary import alias Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com> * upgrade go-jose library to v2 in vault Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com> --------- Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com>	2023-05-23 12:25:58 +00:00
Daniel Huckins	a86d8c4539	agent: Add support for parsing env_template configuration files (#20598 ) * added exec and env_template config/parsing * add tests * we can reuse ctconfig here * do not create a non-nil map * check defaults * Apply suggestions from code review Co-authored-by: Anton Averchenkov <84287187+averche@users.noreply.github.com> * Apply suggestions from code review Co-authored-by: Anton Averchenkov <84287187+averche@users.noreply.github.com> * convert to list Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com> * convert to list Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com> * sig test Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com> * add failing example Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com> * add test for invalid signal Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com> * Update command/agent/config/config.go * use latest consul-template * fix build * fix test * fix test fixtures * make fmt * test docs * rename file * env var -> environment variable * default to SIGTERM * empty line * explicit naming Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com> * clean typo Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com> * replace $ HOME with /home/username in examples * remove empty line --------- Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com> Co-authored-by: Anton Averchenkov <84287187+averche@users.noreply.github.com> Co-authored-by: Anton Averchenkov <anton.averchenkov@hashicorp.com>	2023-05-19 18:11:41 -04:00
Marc Boudreau	729e477b03	Refactor Code Focused on DevTLS Mode into New Function (#20376 ) * refactor code focused on DevTLS mode into new function * add tests for configureDevTLS function * replace testcase comments with fields in testcase struct	2023-05-19 15:45:22 -04:00
Anton Averchenkov	1a1af69cdd	cli: Add 'agent generate-config' sub-command (#20530 )	2023-05-19 13:42:19 -04:00
Violet Hynes	3d7d8f4965	VAULT-15547 Agent/proxy decoupling, take two (#20634 ) * VAULT-15547 Additional tests, refactoring, for proxy split * VAULT-15547 Additional tests, refactoring, for proxy split * VAULT-15547 Import reorganization * VAULT-15547 Some missed updates for PersistConfig * VAULT-15547 address comments * VAULT-15547 address comments	2023-05-19 13:17:48 -04:00
miagilepner	35e2c1665f	VAULT-15703: Reload automated reporting (#20680 ) * support config reloading for census * changelog * second changelog entry for license updates * correct changelog PR	2023-05-19 14:42:50 +00:00
Nick Cabatoff	8b3e17ea38	Make -dev-three-node use perf standbys for ent binaries (#20629 )	2023-05-17 18:37:44 +00:00
Violet Hynes	6b4b0f7aaf	VAULT-15547 First pass at agent/proxy decoupling (#20548 ) * VAULT-15547 First pass at agent/proxy decoupling * VAULT-15547 Fix some imports * VAULT-15547 cases instead of string.Title * VAULT-15547 changelog * VAULT-15547 Fix some imports * VAULT-15547 some more dependency updates * VAULT-15547 More dependency paths * VAULT-15547 godocs for tests * VAULT-15547 godocs for tests * VAULT-15547 test package updates * VAULT-15547 test packages * VAULT-15547 add proxy to test packages * VAULT-15547 gitignore * VAULT-15547 address comments * VAULT-15547 Some typos and small fixes	2023-05-17 09:38:34 -04:00
Jason O'Donnell	00855a9e7a	command/server: add support to write pprof files to the filesystem via SIGUSR2 (#20609 ) * core/server: add support to write pprof files to the filesystem via SIGUSR2 * changelog * Fix filepath join * Use core logger * Simplify logic * Break on error	2023-05-17 09:21:25 -04:00
Daniel Huckins	d899c57125	move private function to internal pkg for sharing (#20531 ) * move private function to internal pkg for sharing * rename to mc Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com> * rename to NewConfig Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com> --------- Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>	2023-05-15 10:55:28 -04:00
Hamid Ghaf	c93f4aa6d0	disable printing flags warning message for the ssh command (#20502 ) * disable printing flags warning message for the ssh command * adding a test * CL * add go doc on the test	2023-05-08 16:15:44 +00:00
Victor Rodriguez	2d7efaef97	Convert seal.Access struct into a interface (OSS) (#20510 ) * Move seal barrier type field from Access to autoSeal struct. Remove method Access.SetType(), which was only being used by a single test, and which can use the name option of NewTestSeal() to specify the type. * Change method signatures of Access to match those of Wrapper. * Turn seal.Access struct into an interface. * Tweak Access implementation. Change `access` struct to have a field of type wrapping.Wrapper, rather than extending it. * Add method Seal.GetShamirWrapper(). Add method Seal.GetShamirWrapper() for use by code that need to perform Shamir-specific operations.	2023-05-04 14:22:30 -04:00
Hamid Ghaf	fb9324c3c9	CLI to take days as a unit of time (#20477 ) * CLI to take days as a unit of time * CL	2023-05-04 08:03:37 -07:00
Anton Averchenkov	bd0a525189	Move TestWalkSecretsTree to the correct file. (#20493 )	2023-05-03 18:24:23 +00:00
Anton Averchenkov	06bc1307a3	Improve addPrefixToKVPath helper (#20488 )	2023-05-03 17:10:55 +00:00
Anton Averchenkov	d5f73115fa	Add walkSecretsTree helper function (#20464 )	2023-05-02 15:23:43 -04:00
Peter Wilson	9ae8f48f9b	Fix panic when Vault enters recovery mode, added test (#20418 ) * Fix panic when Vault enters recovery mode, added test * Added changelog	2023-04-28 12:41:19 +00:00
Nick Cabatoff	2f0929f3ab	Add support for docker testclusters (#20247 )	2023-04-24 14:25:50 -04:00
Nick Cabatoff	980f1e0aae	Add tests based on vault binary (#20224 ) First steps towards docker-based tests: tests using vault binary in -dev or -dev-three-node modes.	2023-04-24 09:57:37 -04:00
miagilepner	b0289d4472	VAULT-15668: fix windows issues with -dev-tls flag (#20257 ) * fix -dev-tls flag on windows * changelog * fix only hcl config * fix import * fmt	2023-04-21 10:54:38 +02:00
Jason O'Donnell	98786d96c7	cli/namespace: add detailed flag to namespace list (#20243 ) * cli/namespace: add detailed flag to namespace list * changelog	2023-04-19 09:31:51 -04:00
Chris Capurso	ca702745e8	add max_entry_size to sanitized config output (#20044 ) * add max_entry_size to sanitized config output * add changelog entry * add test parallelism * add inmem test case * use named struct fields for TestSysConfigState_Sanitized cases	2023-04-14 09:52:23 -04:00
Violet Hynes	33731d6f63	VAULT-12940 Vault Agent uses Vault Agent specific User-Agent header when issuing requests (#19776 ) * VAULT-12940 test for templating user agent * VAULT-12940 User agent work so far * VAULT-12940 Vault Agent uses Vault Agent specific User-Agent header when issuing requests * VAULT-12940 Clean-up and godocs * VAULT-12940 changelog * VAULT-12940 Fix test checking headers * VAULT-12940 Fix test checking headers * VAULT-12940 Fix test checking headers * VAULT-12940 Fix test checking headers * VAULT-12940 copy/paste typos * VAULT-12940 improve comments, use make(http.Header) * VAULT-12940 small typos and clean-up	2023-04-03 14:14:47 -04:00
miagilepner	b4fab6ac2a	VAULT-13191: OSS changes (#19891 ) * add open source changes for reporting * fix function signature * add changelog	2023-03-31 15:05:16 +00:00
Karel	5631e806c2	Fix: Optionally reload x509 key-pair from disk on agent auto-auth (#19002 ) * Optionally reload x509 key-pair from disk * Document 'reload' config value * Added changelog release note	2023-03-22 11:01:58 -04:00

1 2 3 4 5 ...

1727 Commits