Commit graph

36 commits

Author SHA1 Message Date
Brian Kassouf 57c568e511
Update some SDK dependency versions (#12828)
* Update some SDK dependency versions

* Update API go.sum

* Update jsonpatch to v5
2021-10-14 09:47:32 -07:00
Chris Capurso bbb4ab4a41
Add HTTP PATCH support to KV (#12687)
* handle HTTP PATCH requests as logical.PatchOperation

* update go.mod, go.sum

* a nil response for logical.PatchOperation should result in 404

* respond with 415 for incorrect MIME type in PATCH Content-Type header

* add abstraction to handle PatchOperation requests

* add ACLs for patch

* Adding JSON Merge support to the API client

* add HTTP PATCH tests to check high level response logic

* add permission-based 'kv patch' tests in prep to add HTTP PATCH

* adding more 'kv patch' CLI command tests

* fix TestHandler_Patch_NotFound

* Fix TestKvPatchCommand_StdinValue

* add audit log test for HTTP PATCH

* patch CLI changes

* add patch CLI tests

* change JSONMergePatch func to accept a ctx

* fix TestKVPatchCommand_RWMethodNotExists and TestKVPatchCommand_RWMethodSucceeds to specify -method flag

* go fmt

* add a test to verify patching works by default with the root token

* add changelog entry

* get vault-plugin-secrets-kv@add-patch-support

* PR feedback

* reorder some imports; go fmt

* add doc comment for HandlePatchOperation

* add json-patch@v5.5.0 to go.mod

* remove unnecessary cancelFunc for WriteBytes

* remove default for -method

* use stable version of json-patch; go mod tidy

* more PR feedback

* temp go get vault-plugin-secrets-kv@master until official release

Co-authored-by: Josh Black <raskchanky@users.noreply.github.com>
2021-10-13 15:24:31 -04:00
John-Michael Faircloth 2abf916ddb
Add support to parameterize unauthenticated paths (#12668)
* store unauthenticated path wildcards in map

* working unauthenticated paths with basic unit tests

* refactor wildcard logic

* add parseUnauthenticatedPaths unit tests

* use parseUnauthenticatedPaths when reloading backend

* add more wildcard test cases

* update special paths doc; add changelog

* remove buggy prefix check; add test cases

* prevent false positives for prefix matches

If we ever encounter a mismatched segment, break and set a flag to
prevent false positives for prefix matches.

If it is a match we need to do a prefix check. But we should not return
unless HasPrefix also evaluates to true. Otherwise we should let the for
loop continue to check other possibilities and only return false once
all wildcard paths have been evaluated.

* refactor switch and add more test cases

* remove comment leftover from debug session

* add more wildcard path validation and test cases

* update changelong; feature -> improvement

* simplify wildcard segment matching logic

* refactor wildcard matching into func

* fix glob matching, add more wildcard validation, refactor

* refactor common wildcard errors to func

* move doc comment to logical.Paths

* optimize wildcard paths storage with pre-split slices

* fix comment typo

* fix test case after changing wildcard paths storage type

* move prefix check to parseUnauthenticatedPaths

* tweak regex, remove unneeded array copy, refactor

* add test case around wildcard and glob matching
2021-10-13 11:51:20 -05:00
Jeff Mitchell f7147025dd
Migrate to sdk/internalshared libs in go-secure-stdlib (#12090)
* Swap sdk/helper libs to go-secure-stdlib

* Migrate to go-secure-stdlib reloadutil

* Migrate to go-secure-stdlib kv-builder

* Migrate to go-secure-stdlib gatedwriter
2021-07-15 20:17:31 -04:00
Chris Capurso 505e3f9a89
[VAULT-2825] Fix erroneous 500 resp for field validation errors (#12042)
* [VAULT-2825] Correctly respond with 400 rather than 500 for field validation errors

* [VAULT-2825] Add changelog entry

* [VAULT-2825] Simplify test assertion
2021-07-12 13:39:28 -04:00
swayne275 67bc4fdabd
Require special privileges to list irrevocable leases (#11888)
* add leases path to sudo required set

* update TestSystemBackend_RootPaths with new special privilege paths

* note that list-leases requires sudo

* minor typo fixes
2021-06-28 16:51:47 -06:00
Scott Miller 6b8d7fe2e6
Patch expiration fix over from ENT (#11650)
* Patch expiration fix over from ENT

* Rename changelog
2021-05-18 14:55:38 -07:00
Scott Miller 4fc6e8b366
Fix barrier key autoration config edge cases (#11541)
* Add an Int64 type

* Use the new Int64 type so that even 32 bit builds can specify max_operations above 2^31

* Missed a spot

* go mod vendor

* fix cast

* changelog

* Update unit test to ensure this works on both 32 and 64-bit archs
2021-05-05 14:39:04 -05:00
Brian Kassouf 303c2aee7c
Run a more strict formatter over the code (#11312)
* Update tooling

* Run gofumpt

* go mod vendor
2021-04-08 09:43:39 -07:00
Michael Golowka 52845525e9
OpenAPI - Don't panic if field isn't found (#10929) 2021-02-17 15:45:45 -07:00
Jim Kalafut 42bae71806
Improve error messages (#10843)
- Fix: "bytes" should be less than %!s(int=131072) message
- Also add a missing openapi type that was throwing warnings
2021-02-11 19:51:12 -08:00
Scott Miller 1229bf7440
Add a helper function which adds glob filtration to any LIST endpoint (#9962) 2020-09-16 10:29:57 -05:00
Mark Gritter 92bd8eae71
Convert time to UTC, add to OpenAPI (#9924)
* Add time type to OpenAPI.
* Fix documentation and convert returned time to UTC.
* changelog++
* Vendor the SDK changes.
2020-09-11 13:29:41 -05:00
Jim Kalafut 1e8527149f
Document the ForwardPerformance* parameters (#9877)
* Document the ForwardPerformance* parameters

* Update sdk/framework/path.go

Co-authored-by: Brian Kassouf <briankassouf@users.noreply.github.com>

Co-authored-by: Brian Kassouf <briankassouf@users.noreply.github.com>
2020-09-09 19:25:46 -07:00
Mark Gritter a0c0352271
Add a time type for use in APIs. (#9911)
* Add a time type for use in APIs.
* go mod vendor
2020-09-09 15:53:51 -05:00
Vishal Nayak 84df802f4b
Add TypeFloat to field data (#8923)
* Add TypeFloat to field data

* Handle zero value case

* Address review feedback
2020-05-04 18:22:28 -04:00
Noelle Daley ced8a3f6b3
clarify that EditType is optional (#8386) 2020-02-19 11:44:22 -06:00
Jeff Mitchell a0694943cc
Migrate built in auto seal to go-kms-wrapping (#8118) 2020-01-10 20:39:52 -05:00
Jim Kalafut aa1761fb03
Update framework forwarding logic to handle nil system views (#8114) 2020-01-08 05:59:44 -08:00
Jim Kalafut fb4edc129e
Add path attributes to indicate when operations should forward (#7175) 2020-01-07 14:04:08 -08:00
Brian Kassouf 549faf47f2
Add identity templating helper to sdk/framework (#8088)
* Add identity templating helper to sdk/framework

* Cleanup a bit

* Fix length issue when groups/aliases are filtered due to ns

* review feedback
2020-01-06 10:16:52 -08:00
Seth Vargo 4ac5764c4d Output human duration in TTL warnings (#7901) 2019-11-22 09:38:46 -08:00
Madalyn 977af116c8 Enable generated items for more auth methods (#7513)
* enable auth method item configuration in go code

* properly parse and list generated items

* make sure we only set name on attrs if a label comes from openAPI

* correctly construct paths object for method index route

* set sensitive property on password for userpass

* remove debugger statements

* pass method model to list route template to use paths on model for tabs

* update tab generation in generated item list, undo enabling userpass users

* enable openapi generated itams for certs and userpass, update ldap to no longer have action on list endpoint

* add editType to DisplayAttributes, pull tokenutil fields into field group

* show sensitive message for sensitive fields displayed in fieldGroupShow component

* grab sensitive and editType fields from displayAttrs in openapi-to-attrs util

* make sure we don't ask for paths for secret backends since that isn't setup yet

* fix styling of sensitive text for fieldGroupShow component

* update openapi-to-attrs util test to no longer include label by default, change debugger to console.err in path-help, remove dynamic ui auth methods from tab count test

* properly log errors to the console

* capitalize This value is sensitive...

* get rid of extra padding on bottom of fieldgroupshow

* make auth methods clickable and use new confirm ux

* Update sdk/framework/path.go

Co-Authored-By: Jim Kalafut <jkalafut@hashicorp.com>

* Update sdk/framework/path.go

Co-Authored-By: Jim Kalafut <jkalafut@hashicorp.com>

* add whitespace

* return intErr instead of err

* uncomment out helpUrl because we need it

* remove extra box class

* use const instead of let

* remove extra conditional since we already split the pathName later on

* ensure we request the correct url when listing generated items

* use const

* link to list and show pages

* remove dead code

* show nested item name instead of id

* add comments

* show tooltip for text-file inputs

* fix storybook

* remove extra filter

* add TODOs

* add comments

* comment out unused variables but leave them in function signature

* only link to auth methods that can be fully managed in the ui

* clean up comments

* only render tooltip if there is helpText

* rename id authMethodPath

* remove optionsForQuery since we don't need it

* add indentation

* standardize ConfirmMessage and show model name instead of id when editing

* standardize ConfirmMessage and show model name instead of id when editing

* add comments

* post to the correct updateUrl so we can edit users and groups

* use pop instead of slice

* add TODO for finding a better way to store ids

* ensure ids are handled the same way on list and show pages; fix editing and deleting

* add comment about difference between list and show urls

* use model.id instead of name since we do not need it

* remove dead code

* ensure list pages have page headers

* standardize using authMethodPath instead of method and remove dead code

* i love indentation

* remove more dead code

* use new Confirm

* show correct flash message when deleting an item

* update flash message for creating and updating

* use plus icon for creating group/user instead of an arrow
2019-10-17 16:19:14 -07:00
Lexman c86fe212c0
oss changes for entropy augmentation feature (#7670)
* oss changes for entropy augmentation feature

* fix oss command/server/config tests

* update go.sum

* fix logical_system and http/ tests

* adds vendored files

* removes unused variable
2019-10-17 10:33:00 -07:00
Mike Jarmy e0ce2195cc AWS upgrade role entries (#7025)
* upgrade aws roles

* test upgrade aws roles

* Initialize aws credential backend at mount time

* add a TODO

* create end-to-end test for builtin/credential/aws

* fix bug in initializer

* improve comments

* add Initialize() to logical.Backend

* use Initialize() in Core.enableCredentialInternal()

* use InitializeRequest to call Initialize()

* improve unit testing for framework.Backend

* call logical.Backend.Initialize() from all of the places that it needs to be called.

* implement backend.proto changes for logical.Backend.Initialize()

* persist current role storage version when upgrading aws roles

* format comments correctly

* improve comments

* use postUnseal funcs to initialize backends

* simplify test suite

* improve test suite

* simplify logic in aws role upgrade

* simplify aws credential initialization logic

* simplify logic in aws role upgrade

* use the core's activeContext for initialization

* refactor builtin/plugin/Backend

* use a goroutine to upgrade the aws roles

* misc improvements and cleanup

* do not run AWS role upgrade on DR Secondary

* always call logical.Backend.Initialize() when loading a plugin.

* improve comments

* on standbys and DR secondaries we do not want to run any kind of upgrade logic

* fix awsVersion struct

* clarify aws version upgrade

* make the upgrade logic for aws auth more explicit

* aws upgrade is now called from a switch

* fix fallthrough bug

* simplify logic

* simplify logic

* rename things

* introduce currentAwsVersion const to track aws version

* improve comments

* rearrange things once more

* conglomerate things into one function

* stub out aws auth initialize e2e test

* improve aws auth initialize e2e test

* finish aws auth initialize e2e test

* tinker with aws auth initialize e2e test

* tinker with aws auth initialize e2e test

* tinker with aws auth initialize e2e test

* fix typo in test suite

* simplify logic a tad

* rearrange assignment

* Fix a few lifecycle related issues in #7025 (#7075)

* Fix panic when plugin fails to load
2019-07-05 16:55:40 -07:00
Jeff Mitchell fe7bb0b630
Standardize how we format deprecated values in traditional path-help (#7007) 2019-06-27 14:52:52 -04:00
Jeff Mitchell 8fe9c2c163 Add deprecation notices for policymap/pathmap
External plugin authors keep using it :-(
2019-06-27 10:17:05 -04:00
Michael Gaffney 76208eaf84
sdk/framework: add TypeSignedDurationSecond FieldType (#6989)
* Refactor table driven tests to use subtests

* sdk/framework: add TypeSignedDurationSecond FieldType

Adds the TypeSignedDurationSecond FieldType which accepts positive and
negative durations. The existing TypeDurationSecond FieldType does not
accept negative durations.

* Add tests for 0 for TypeDurationSecond and TypeSignedDurationSecond
2019-06-26 13:15:36 -04:00
Madalyn a2606ddccf
update OpenAPI output to use DisplayAttributes struct (#6928) 2019-06-21 11:08:08 -04:00
Jeff Mitchell 81ef0bb190
Unify time.Duration handling across framework and parseutil (#6935)
This removes a lot of duplicated code and adds time.Duration support to
parseutil, needed by the jwt auth method.
2019-06-20 14:28:32 -04:00
Jeff Mitchell 55e9f46ca3
Allow Default for TimeDurationSecond values to be time.Duration (#6934) 2019-06-20 12:28:15 -04:00
Jim Kalafut 122134b207
Add new structures for OpenAPI/UI enhancements (#6931) 2019-06-19 16:48:58 -07:00
Jeff Mitchell 2f7019f5bd
Fix some regressions (#6723)
Multierror is not nil unless you return ErrorOrNil, so this was causing
non-nil errors to be returned when not expected.

Also we need to ensure we only call handleWALRollback if a function
exists.
2019-05-13 11:04:06 -04:00
Clint 970840d88c
Update handleRollback to run both PeriodicFunc and handleWALRollback (#6717) 2019-05-10 14:11:42 -05:00
Jim Kalafut 944adb53d6
Don't show TypeHeader fields as being sent as headers in OpenAPI (#6679)
Fixes #6671
2019-05-03 15:12:24 -07:00
Jeff Mitchell 8bcb533a1b
Create sdk/ and api/ submodules (#6583) 2019-04-12 17:54:35 -04:00