* add updateRecord to role adapter to correctly handle the query when the the is not new.
* wip
* update and cancel test
* clean up
* wip
* final
* clean up
* split test in two
* clean up
* example for checking go doc tests
* add analyzer test and action
* get metadata step
* install revgrep
* fix for ci
* add revgrep to go.mod
* clarify how analysistest works
* Add a stronger warning about the usage of recovery keys
* Update website/content/docs/concepts/seal.mdx
Co-authored-by: Nick Cabatoff <ncabatoff@hashicorp.com>
* Keep the mitigation text in the warning box
---------
Co-authored-by: Nick Cabatoff <ncabatoff@hashicorp.com>
* Document 'managed_key' key type for transit. Document new 'usages' parameter when creating a managed key in the system backend.
* Document new managed key parameters for transit managed key rotation.
* test/plugin: refactor compilePlugin for reuse
- move compilePlugin to helper package
- make NewTestCluster use compilePlugin
* do not overwrite plugin directory in CoreConfig if set
* fix getting plugin directory path for go build
This isn't perfect for sure, but it's solidifying and becoming a useful
base to work off.
This routes events sent from auth and secrets plugins to the main
`EventBus` in the Vault Core. Events sent from plugins are automatically
tagged with the namespace and plugin information associated with them.
* Use the unified CRL on legacy CRL paths if UnifiedCRLOnExistingPaths is set
- If the crl configuration option unified_crl_on_existing_paths is set
to true along with the unified_crl feature, provide the unified crl
on the existing CRL paths.
- Added some test helpers to help debugging, they are being used by
the ENT test that validates this feature.
* Rename method to shouldLocalPathsUseUnified
* Add additional OIDs for extKeyUsage
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
* Allow ignoring AIA info on issuers
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
* Tell users which extension OIDs are not allowed
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
* Add commentary on cross-signing failure modes
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
* Add parsing of keyUsage
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
* Remove ext_key_usage parsing - doesn't exist on API
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
* Add support for parsing ip_sans attribute
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
* Use Uint8Array directly for key_usage parsing
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
* Add error on unknown key usage values
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
* Fix typing of IPv6 SANs, verficiation of keyUsages
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
* Correctly format ip addresses
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
* add ip_sans to details page
* fix typo
* update tests
* alphabetize attrs
* hold off on ip compression
* rename model attrs
* parse other_names
* is that illegal
* add parenthesis to labels
* update tests to account for other_sans
---------
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
Co-authored-by: clairebontempo@gmail.com <clairebontempo@gmail.com>
Co-authored-by: claire bontempo <68122737+hellobontempo@users.noreply.github.com>
