vault

mirror of https://github.com/optim-enterprises-bv/vault.git synced 2026-01-01 01:11:49 +00:00

Author	SHA1	Message	Date
Anton Averchenkov	155003aa0c	agent: Better help text for agent generate-config (#20967 )	2023-06-02 21:05:14 +00:00
Mike Baum	0115b5e43a	[QT-426] Add support for enabling the file audit device for enos scenarios (#20552 )	2023-06-02 13:07:33 -04:00
Nick Cabatoff	5a987c0212	Introduce a wrapper for NewTestCluster that only supports single node (#20872 )	2023-06-02 11:45:17 -04:00
Anton Averchenkov	bc9a39a2f1	agent: Fix bug with early exits during restarts (#20950 )	2023-06-02 09:05:13 -04:00
Daniel Huckins	a5a49cde3f	agent: Prevent multiple restarts of child process in supervisor mode (#20940 ) * try timer Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com> * add to config Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com> * add test to verify behavior * remove closer func -- it was causing a race condition * Revert "add to config" This reverts commit 1de6af0ff676029e290cc42a0bb2b7e6f597d1a6. * rename variables, add comment * comment * comment re debounce timer * don't skip tests * fix comment * formatting * formatting --------- Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com> Co-authored-by: Anton Averchenkov <anton.averchenkov@hashicorp.com>	2023-06-01 19:55:50 -04:00
Anton Averchenkov	8fe7076c02	agent: Allow for a 'cache' stanza in environment template configuration (#20918 )	2023-06-01 19:01:55 +00:00
Anton Averchenkov	e4c19ac0af	agent: Fix bug with 'cache' stanza validation (#20934 )	2023-06-01 18:08:04 +00:00
Anton Averchenkov	9be2903a34	agent: Don't restart process unless environment variables changed (#20917 )	2023-06-01 10:57:45 -04:00
Steven Clark	360a406a2f	Remove mentions of transform from the transit key import help text (#20925 ) - The transit import and import-version command line help texts referenced that it worked with Transform which it doesn't.	2023-06-01 10:05:14 -04:00
Anton Averchenkov	8ff31f32a5	agent: Don't print errors on exit 0 in supervisor mode (#20880 )	2023-05-31 16:22:16 +00:00
Anton Averchenkov	fe53c4684c	agent: Don't render templates to stdout in supervisor mode (#20884 )	2023-05-31 12:04:33 -04:00
Anton Averchenkov	21eccf8b8d	agent: Add agent process supervisor tests (#20741 )	2023-05-30 18:06:44 +00:00
Daniel Huckins	344ee1ec3e	enable token ch (#20862 ) Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>	2023-05-30 13:39:56 -04:00
Anton Averchenkov	7f2d3f2c5c	fix exitCh race condition (#20817 )	2023-05-30 12:23:51 -04:00
Nick Cabatoff	3b5ca69b62	Remove feature toggle for SSCTs, VAULT_DISABLE_SERVER_SIDE_CONSISTENT_TOKENS (#20834 )	2023-05-29 12:54:20 -04:00
Larroyo	1336abddfe	Make transit import command work for the transform backend (#20668 ) * Add import and import-version commands for the transform backend	2023-05-25 15:33:27 -05:00
Daniel Huckins	a66074425d	agent: Add implementation for injecting secrets as environment variables to vault agent cmd (#20739 ) * added exec and env_template config/parsing * add tests * we can reuse ctconfig here * do not create a non-nil map * check defaults * Apply suggestions from code review Co-authored-by: Anton Averchenkov <84287187+averche@users.noreply.github.com> * Apply suggestions from code review Co-authored-by: Anton Averchenkov <84287187+averche@users.noreply.github.com> * first go of exec server Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com> * convert to list Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com> * convert to list Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com> * sig test Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com> * add failing example Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com> * refactor for config changes Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com> * add test for invalid signal Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com> * account for auth token changes Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com> * only start the runner once we have a token * tests in diff branch Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com> * Apply suggestions from code review Co-authored-by: Anton Averchenkov <84287187+averche@users.noreply.github.com> * fix rename Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com> * Update command/agent/exec/exec.go Co-authored-by: Anton Averchenkov <84287187+averche@users.noreply.github.com> * apply suggestions from code review Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com> * cleanup Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com> * remove unnecessary lock Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com> * refactor to use enum Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com> * dont block Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com> * handle default Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com> * make more explicit Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com> * cleanup Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com> * remove unused Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com> * remove unused file Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com> * remove test app Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com> * Apply suggestions from code review Co-authored-by: Anton Averchenkov <84287187+averche@users.noreply.github.com> * apply suggestions from code review Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com> * update comment Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com> * add changelog Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com> * new channel for exec server token * wire to run with vault agent Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com> * watch for child process to exit on its own Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com> * block before returning Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com> --------- Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com> Co-authored-by: Anton Averchenkov <84287187+averche@users.noreply.github.com>	2023-05-25 09:23:56 -04:00
Daniel Huckins	17a1e78ffb	agent: Add implementation for injecting secrets as environment variables (#20628 ) * added exec and env_template config/parsing * add tests * we can reuse ctconfig here * do not create a non-nil map * check defaults * Apply suggestions from code review Co-authored-by: Anton Averchenkov <84287187+averche@users.noreply.github.com> * Apply suggestions from code review Co-authored-by: Anton Averchenkov <84287187+averche@users.noreply.github.com> * first go of exec server Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com> * convert to list Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com> * convert to list Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com> * sig test Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com> * add failing example Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com> * refactor for config changes Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com> * add test for invalid signal Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com> * account for auth token changes Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com> * only start the runner once we have a token * tests in diff branch Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com> * Apply suggestions from code review Co-authored-by: Anton Averchenkov <84287187+averche@users.noreply.github.com> * fix rename Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com> * Update command/agent/exec/exec.go Co-authored-by: Anton Averchenkov <84287187+averche@users.noreply.github.com> * apply suggestions from code review Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com> * cleanup Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com> * remove unnecessary lock Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com> * refactor to use enum Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com> * dont block Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com> * handle default Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com> * make more explicit Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com> * cleanup Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com> * remove unused Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com> * remove unused file Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com> * remove test app Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com> * Apply suggestions from code review Co-authored-by: Anton Averchenkov <84287187+averche@users.noreply.github.com> * apply suggestions from code review Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com> * update comment Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com> * add changelog Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com> * watch for child process to exit on its own Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com> --------- Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com> Co-authored-by: Anton Averchenkov <84287187+averche@users.noreply.github.com>	2023-05-24 16:56:06 -04:00
Anton Averchenkov	a051ab443f	agent: Add logic to validate env_template entries (#20569 )	2023-05-23 18:37:08 +00:00
Steven Clark	476bec104e	Add ACME health checks to pki health-check CLI (#20619 ) * Add ACME health checks to pki health-check CLI - Verify we have the required header values listed within allowed_response_headers: 'Replay-Nonce', 'Link', 'Location' - Make sure the local cluster config path variable contains an URL with an https scheme * Split ACME health checks into two separate verifications - Promote ACME usage through the enable_acme_issuance check, if ACME is disabled currently - If ACME is enabled verify that we have a valid 'path' field within local cluster configuration as well as the proper response headers allowed. - Factor out response header verifications into a separate check mainly to work around possible permission issues. * Only recommend enabling ACME on mounts with intermediate issuers * Attempt to connect to the ACME directory based on the cluster path variable - Final health check is to attempt to connect to the ACME directory based on the cluster local 'path' value. Only if we successfully connect do we say ACME is healthy. * Fix broken unit test	2023-05-23 10:37:31 -04:00
Márk Sági-Kazár	200f0c0e03	Upgrade go-jose library to v3 (#20559 ) * upgrade go-jose library to v3 Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com> * chore: fix unnecessary import alias Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com> * upgrade go-jose library to v2 in vault Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com> --------- Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com>	2023-05-23 12:25:58 +00:00
Daniel Huckins	a86d8c4539	agent: Add support for parsing env_template configuration files (#20598 ) * added exec and env_template config/parsing * add tests * we can reuse ctconfig here * do not create a non-nil map * check defaults * Apply suggestions from code review Co-authored-by: Anton Averchenkov <84287187+averche@users.noreply.github.com> * Apply suggestions from code review Co-authored-by: Anton Averchenkov <84287187+averche@users.noreply.github.com> * convert to list Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com> * convert to list Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com> * sig test Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com> * add failing example Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com> * add test for invalid signal Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com> * Update command/agent/config/config.go * use latest consul-template * fix build * fix test * fix test fixtures * make fmt * test docs * rename file * env var -> environment variable * default to SIGTERM * empty line * explicit naming Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com> * clean typo Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com> * replace $ HOME with /home/username in examples * remove empty line --------- Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com> Co-authored-by: Anton Averchenkov <84287187+averche@users.noreply.github.com> Co-authored-by: Anton Averchenkov <anton.averchenkov@hashicorp.com>	2023-05-19 18:11:41 -04:00
Marc Boudreau	729e477b03	Refactor Code Focused on DevTLS Mode into New Function (#20376 ) * refactor code focused on DevTLS mode into new function * add tests for configureDevTLS function * replace testcase comments with fields in testcase struct	2023-05-19 15:45:22 -04:00
Anton Averchenkov	1a1af69cdd	cli: Add 'agent generate-config' sub-command (#20530 )	2023-05-19 13:42:19 -04:00
Violet Hynes	3d7d8f4965	VAULT-15547 Agent/proxy decoupling, take two (#20634 ) * VAULT-15547 Additional tests, refactoring, for proxy split * VAULT-15547 Additional tests, refactoring, for proxy split * VAULT-15547 Import reorganization * VAULT-15547 Some missed updates for PersistConfig * VAULT-15547 address comments * VAULT-15547 address comments	2023-05-19 13:17:48 -04:00
miagilepner	35e2c1665f	VAULT-15703: Reload automated reporting (#20680 ) * support config reloading for census * changelog * second changelog entry for license updates * correct changelog PR	2023-05-19 14:42:50 +00:00
Nick Cabatoff	8b3e17ea38	Make -dev-three-node use perf standbys for ent binaries (#20629 )	2023-05-17 18:37:44 +00:00
Violet Hynes	6b4b0f7aaf	VAULT-15547 First pass at agent/proxy decoupling (#20548 ) * VAULT-15547 First pass at agent/proxy decoupling * VAULT-15547 Fix some imports * VAULT-15547 cases instead of string.Title * VAULT-15547 changelog * VAULT-15547 Fix some imports * VAULT-15547 some more dependency updates * VAULT-15547 More dependency paths * VAULT-15547 godocs for tests * VAULT-15547 godocs for tests * VAULT-15547 test package updates * VAULT-15547 test packages * VAULT-15547 add proxy to test packages * VAULT-15547 gitignore * VAULT-15547 address comments * VAULT-15547 Some typos and small fixes	2023-05-17 09:38:34 -04:00
Jason O'Donnell	00855a9e7a	command/server: add support to write pprof files to the filesystem via SIGUSR2 (#20609 ) * core/server: add support to write pprof files to the filesystem via SIGUSR2 * changelog * Fix filepath join * Use core logger * Simplify logic * Break on error	2023-05-17 09:21:25 -04:00
Daniel Huckins	d899c57125	move private function to internal pkg for sharing (#20531 ) * move private function to internal pkg for sharing * rename to mc Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com> * rename to NewConfig Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com> --------- Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>	2023-05-15 10:55:28 -04:00
Hamid Ghaf	c93f4aa6d0	disable printing flags warning message for the ssh command (#20502 ) * disable printing flags warning message for the ssh command * adding a test * CL * add go doc on the test	2023-05-08 16:15:44 +00:00
Victor Rodriguez	2d7efaef97	Convert seal.Access struct into a interface (OSS) (#20510 ) * Move seal barrier type field from Access to autoSeal struct. Remove method Access.SetType(), which was only being used by a single test, and which can use the name option of NewTestSeal() to specify the type. * Change method signatures of Access to match those of Wrapper. * Turn seal.Access struct into an interface. * Tweak Access implementation. Change `access` struct to have a field of type wrapping.Wrapper, rather than extending it. * Add method Seal.GetShamirWrapper(). Add method Seal.GetShamirWrapper() for use by code that need to perform Shamir-specific operations.	2023-05-04 14:22:30 -04:00
Hamid Ghaf	fb9324c3c9	CLI to take days as a unit of time (#20477 ) * CLI to take days as a unit of time * CL	2023-05-04 08:03:37 -07:00
Anton Averchenkov	bd0a525189	Move TestWalkSecretsTree to the correct file. (#20493 )	2023-05-03 18:24:23 +00:00
Anton Averchenkov	06bc1307a3	Improve addPrefixToKVPath helper (#20488 )	2023-05-03 17:10:55 +00:00
Anton Averchenkov	d5f73115fa	Add walkSecretsTree helper function (#20464 )	2023-05-02 15:23:43 -04:00
Peter Wilson	9ae8f48f9b	Fix panic when Vault enters recovery mode, added test (#20418 ) * Fix panic when Vault enters recovery mode, added test * Added changelog	2023-04-28 12:41:19 +00:00
Nick Cabatoff	2f0929f3ab	Add support for docker testclusters (#20247 )	2023-04-24 14:25:50 -04:00
Nick Cabatoff	980f1e0aae	Add tests based on vault binary (#20224 ) First steps towards docker-based tests: tests using vault binary in -dev or -dev-three-node modes.	2023-04-24 09:57:37 -04:00
miagilepner	b0289d4472	VAULT-15668: fix windows issues with -dev-tls flag (#20257 ) * fix -dev-tls flag on windows * changelog * fix only hcl config * fix import * fmt	2023-04-21 10:54:38 +02:00
Jason O'Donnell	98786d96c7	cli/namespace: add detailed flag to namespace list (#20243 ) * cli/namespace: add detailed flag to namespace list * changelog	2023-04-19 09:31:51 -04:00
Chris Capurso	ca702745e8	add max_entry_size to sanitized config output (#20044 ) * add max_entry_size to sanitized config output * add changelog entry * add test parallelism * add inmem test case * use named struct fields for TestSysConfigState_Sanitized cases	2023-04-14 09:52:23 -04:00
Violet Hynes	33731d6f63	VAULT-12940 Vault Agent uses Vault Agent specific User-Agent header when issuing requests (#19776 ) * VAULT-12940 test for templating user agent * VAULT-12940 User agent work so far * VAULT-12940 Vault Agent uses Vault Agent specific User-Agent header when issuing requests * VAULT-12940 Clean-up and godocs * VAULT-12940 changelog * VAULT-12940 Fix test checking headers * VAULT-12940 Fix test checking headers * VAULT-12940 Fix test checking headers * VAULT-12940 Fix test checking headers * VAULT-12940 copy/paste typos * VAULT-12940 improve comments, use make(http.Header) * VAULT-12940 small typos and clean-up	2023-04-03 14:14:47 -04:00
miagilepner	b4fab6ac2a	VAULT-13191: OSS changes (#19891 ) * add open source changes for reporting * fix function signature * add changelog	2023-03-31 15:05:16 +00:00
Karel	5631e806c2	Fix: Optionally reload x509 key-pair from disk on agent auto-auth (#19002 ) * Optionally reload x509 key-pair from disk * Document 'reload' config value * Added changelog release note	2023-03-22 11:01:58 -04:00
Daniel Huckins	1723525a79	Add `-mount` flag to kv list command (#19378 ) * add flag Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com> * handle kv paths Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com> * scaffold test Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com> * need metadata for list paths Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com> * add (broken) test Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com> * fix test Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com> * update docs Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com> * add changelog Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com> * format Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com> * add godoc Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com> * add test case for mount only Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com> * handle case of no unnamed arg Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com> * add non-mount behavior Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com> * add more detail to comment Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com> * add v1 tests Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com> --------- Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>	2023-03-20 16:26:21 -04:00
Hamid Ghaf	e55c18ed12	adding copyright header (#19555 ) * adding copyright header * fix fmt and a test	2023-03-15 09:00:52 -07:00
Francis Chuang	789406ca90	Add Oracle Cloud auth to the Vault Agent (#19260 ) * Add Oracle Cloud auth to the Vault Agent * Use ParseDurationSecond to parse credential_poll_interval * Use os.UserHomeDir()	2023-03-15 09:08:52 -04:00
Violet Hynes	5581c26859	VAULT-12798 Correct removal behaviour when JWT is symlink (#18863 ) * VAULT-12798 testing for jwt symlinks * VAULT-12798 Add testing of jwt removal * VAULT-12798 Update docs for clarity * VAULT-12798 Small change, and changelog * VAULT-12798 Lstat -> Stat * VAULT-12798 remove forgotten comment * VAULT-12798 small refactor, add new config item * VAULT-12798 Require opt-in config for following symlinks for JWT deletion * VAULT-12798 change changelog	2023-03-14 15:44:19 -04:00
Marc Boudreau	e44bd4c61d	Fix failing TestHCPLinkConnected Test (#19474 ) * replace use of os.Unsetenv in test with t.Setenv and remove t.Parallel from test that rely on env being modified. * experiment with using fromJSON function * revert previous experiment * including double quotes in the output value for the string ubuntu-latest * use go run to launch gofumpt	2023-03-09 13:46:54 -05:00

1 2 3 4 5 ...

1722 Commits