Commit graph

16234 commits

Author SHA1 Message Date
Yoan Blanc fa8f7c793f
fix: PGP subkeys support (#16224)
* fix: PGP subkeys support

Signed-off-by: Yoan Blanc <yoan@dosimple.ch>

* fix: bump ProtonMail/go-crypto

Signed-off-by: Yoan Blanc <yoan@dosimple.ch>

* fix: bump ProtonMail/go-crypto

Signed-off-by: Yoan Blanc <yoan@dosimple.ch>

Signed-off-by: Yoan Blanc <yoan@dosimple.ch>
2022-09-22 09:12:41 -04:00
Tom Proctor f920640db7
Plugins: Auto version selection for auth/secrets + tune version (#17167) 2022-09-22 13:53:52 +01:00
Milena Zlaticanin 6593466b3e
secret/database/redis: upgrade plugin to v0.1.0 (#17270) 2022-09-21 19:39:50 -05:00
Christopher Swenson 895f2c9f3d
Change usages of RunningSha to RunningSha256 (#17266)
Some PRs got crossed and somehow these were missed in the
build checks for #17182.
2022-09-21 13:32:00 -07:00
Tom Proctor 4e51491f7a
Upgrade vault-plugin-auth-alicloud to v0.13.0 (#17251) 2022-09-21 21:05:18 +01:00
Tom Proctor b0a580de47
CLI: Fix erroneous warning when reading from stdin (#17252) 2022-09-21 21:04:49 +01:00
Christopher Swenson 2c8e88ab67
Check if plugin version matches running version (#17182)
Check if plugin version matches running version

When registering a plugin, we check if the request version matches the
self-reported version from the plugin. If these do not match, we log a
warning.

This uncovered a few missing pieces for getting the database version
code fully working.

We added an environment variable that helps us unit test the running
version behavior as well, but only for approle, postgresql, and consul
plugins.

Return 400 on plugin not found or version mismatch

Populate the running SHA256 of plugins in the mount and auth tables (#17217)
2022-09-21 12:25:04 -07:00
Mike Palmiotto dc3beb428e
docs: Update agent autoauth sinks examples (#17229) 2022-09-21 14:19:16 -04:00
DevOps Rob 6495522ab7
adding boundary and waypoint plugins to portal (#17259) 2022-09-21 14:05:17 -04:00
Austin Gebauer 65b851bc2c
Fixes concurrent map writes in GRPC plugin server setup (#17247)
* Fixes concurrent map writes in GRPC plugin server setup

* move lock closer to critical section
2022-09-21 11:04:20 -07:00
Kit Haines 45cb910d0b
Try to bring versions of gofumpt to be the same (so running make bootstrap doesn't change version of gofumpt needed for make fmt) (#17254) 2022-09-21 12:57:34 -04:00
Yoko Hyakuna 9164d04262
Remove extra spaces in the table (#17257) 2022-09-21 08:42:51 -07:00
Mike Palmiotto 9ced47be66
agent: Fix missing file suffix in config test (#17245) 2022-09-21 11:30:04 -04:00
Kit Haines 2d58591feb
Fix non-atomic read of atomic value fix (#17255)
* Always load to access certCount

* Test-reads of the atomic value.
2022-09-21 11:24:34 -04:00
Angel Garbarino aef402a30f
PKI Keys List View (#17239)
* setup

* cleanup

* cleanup
2022-09-21 08:41:44 -06:00
Bernd Straehle 3623271601
vault-plugin-secrets-apigee (#17249) 2022-09-21 09:08:25 -04:00
Angel Garbarino 17898e5588
PKI Certificates List View (#17236)
* setup

* cleanup

* cleanup

* cleanup

* remove filtering for now:
2022-09-20 17:22:37 -06:00
Mark Collao cca25103f6 Merge branch 'main' of github.com:hashicorp/vault 2022-09-20 16:33:25 -05:00
Mark Collao c0d7ad6d5d update changelog 2022-09-20 16:32:37 -05:00
Alexander Scheel ad3a093b40
Prevent PSS with Go-incompatible CAs, CSRs, Private Keys (#17223)
* Fix interoperability concerns with PSS

When Go parses a certificate with rsaPSS OID, it will accept this
certificate but not parse the SubjectPublicKeyInfo, leaving the
PublicKeyAlgorithm and PublicKey fields blank, but otherwise not erring.
The same behavior occurs with rsaPSS OID CSRs.

On the other hand, when Go parses rsaPSS OID PKCS8 private keys, these
keys will fail to parse completely.

Thus, detect and fail on any empty PublicKey certs and CSRs, warning the
user that we cannot parse these correctly and thus refuse to operate.

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Run more PKI tests in parallel

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add notes about PSS shortcomings to considerations

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2022-09-20 17:30:58 -04:00
Steven Clark 0856fa11a3
Fix fmt error (#17241) 2022-09-20 13:33:01 -07:00
Steven Clark a231f68549
Update Vault on main to pull in SDK 1.13 version bump (#17240) 2022-09-20 16:08:06 -04:00
Steven Clark e5319bcc3c
Bump version in SDK to 1.13 for next major release (#17233) 2022-09-20 15:40:06 -04:00
Jordan Reimer a89586a3cb
adds enhanced checks for hcp link status timestamp and error message and uses HCP abbreviation in messaging (#17235) 2022-09-20 12:57:32 -06:00
Kit Haines f2adbb3e47
Basics of Cert-Count Non-Locking Telemetry (#16676)
Basics of Cert-Count Telemetry, changelog,  "best attempt" slice to capture (and test for) duplicates, Move sorting of possibleDoubleCountedRevokedSerials to after compare of entries. Add values to counter when still initializing.
Set lists to nil after use, Fix atomic2 import, Delay reporting metrics until after deduplication has completed, 
The test works now, Move string slice to helper function; Add backendUUID to gauge name.
2022-09-20 10:32:20 -07:00
Angel Garbarino 2e197fcfcd
PKI Issuer List view (#17210)
* initial setup for issuers toolbar and some slight changes to roles model after discussion with design.

* wip

* wip ... :/

* finalizes serializer and linkedblock iteration of is_default

* clean up

* fix

* forgot this bit

* pr comments amendments:

* small PR comment changes
2022-09-20 09:25:57 -06:00
Nick Cabatoff 559754d580
Break grabLockOrStop into two pieces to facilitate investigating deadlocks (#17187)
Break grabLockOrStop into two pieces to facilitate investigating deadlocks.  Without this change, the "grab" goroutine looks the same regardless of who was calling grabLockOrStop, so there's no way to identify one of the deadlock parties.
2022-09-20 11:03:16 -04:00
Steven Clark ba096f9dfa
update vault auth submodules to api/v1.8.0 (#17228) 2022-09-20 10:51:51 -04:00
Steven Clark bd27bdba5a
update vault to api/v1.8.0 (#17227) 2022-09-20 10:31:08 -04:00
Steven Clark b7c4c80a5c
update api to use sdk/v0.6.0 (#17224) 2022-09-20 10:11:29 -04:00
Nick Cabatoff d8101f82ee
Handle when pluginCatalog.Get returns (nil,nil) during cred backend creation (#17204) 2022-09-20 08:57:08 -04:00
Nick Cabatoff c7f4d79684
We don't need to test LifetimeWatcher's behaviour with database leases specifically. (#17208) 2022-09-20 08:23:51 -04:00
Tom Proctor f5655ae857
Plugins: Consistently use plugin_version (#17171)
* Delete Sha field, rename RunningSha -> RunningSha256
* Rename version -> plugin_version
2022-09-20 12:35:50 +01:00
Tom Proctor abfeb59646
Upgrade vault-plugin-auth-centrify to v0.13.0 (#17195) 2022-09-20 06:05:50 -04:00
vinay-gopalan c548ea39be
Re-initialize v5 backend after a plugin crash (#17140) 2022-09-19 16:48:45 -07:00
Christopher Swenson 5a8a896b5a
fix: upgrade vault-plugin-database-elasticsearch to v0.12.0 (#17203) 2022-09-19 14:46:23 -07:00
Christopher Swenson 4ad2dcbfe3
fix: upgrade vault-plugin-database-couchbase to v0.8.0 (#17205) 2022-09-19 14:12:33 -07:00
claire bontempo e89745178b
UI: Add 'disable' to CRL config (#17153)
* add disable to crl attrs

* add changelog

* change styling per design

* update tests and fix default setting of buildCrl

* cleanup + refactor
2022-09-19 14:03:50 -07:00
Robert b8afefbc6a
secrets/ad: update plugin to v0.14.0 (#17214) 2022-09-19 16:03:17 -05:00
Steven Clark dae2ef535b
Update protos to match update of protobuf go library (#17215) 2022-09-19 16:45:44 -04:00
Jordan Reimer 583f8f08d0
HCP Link Status Updates (#17213)
* updates hcp link status message parsing and adds handling for connection errors

* adds handling for missing status to link-status component
2022-09-19 14:37:40 -06:00
Ben Ash d76dbeead1
fix: upgrade vault-plugin-auth-oci to v0.12.0 (#17212) 2022-09-19 13:34:44 -07:00
Milena Zlaticanin f115a3929f
secrets/mongodbatlas: upgrade plugin to v0.8.0 (#17211) 2022-09-19 15:13:36 -05:00
Tom Proctor f7fdb7b7d0
Upgrade vault-plugin-auth-cf to v0.13.0 (#17196) 2022-09-19 19:24:24 +01:00
Tom Proctor bc5ac79928
Upgrade vault-plugin-auth-azure to v0.12.0 (#17194) 2022-09-19 19:22:09 +01:00
Hamid Ghaf 35258379fd
adding missing telemetry entry for cached auth response (#17197) 2022-09-19 14:08:39 -04:00
Ben Ash bdb9fb0a33
Update changelog for gcpkms dep updates. (#17202) 2022-09-19 11:00:37 -07:00
Ben Ash adf9b7eca0
fix: upgrade vault-plugin-secrets-alicloud to v0.13.0 (#17201) 2022-09-19 10:39:36 -07:00
Christopher Swenson 17fd8ad465
fix: upgrade vault-plugin-database-mongodbatlas to v0.8.0 (#17200) 2022-09-19 10:16:20 -07:00
vinay-gopalan f0d3cbaa43
bump secrets/azure to v0.14.0 (#17180) 2022-09-19 10:02:57 -07:00