Commit graph

56 commits

Author SHA1 Message Date
Tom Proctor 5b52184766
Update x/net and x/crypto/ssh (#19282)
* Update x/net and x/crypto/ssh in api and sdk

* go mod tidy in root go module
2023-02-22 13:46:12 +00:00
Scott Miller ccab6ab676
Update go-kms-wrapping and it's gcpc wrapper to pick up google-cloud-go migration (#19219) 2023-02-16 11:21:25 -06:00
Scott Miller 78522ed923
Update specific wrappers to v2.0.7 (#19101)
* Update go-kms-wrapping to v2.0.7

* Update specific wrappers to v2.0.7

* Attempt to fix aead
2023-02-09 12:19:50 -06:00
Rachel Culpepper c151d5fd58
Vault-11713: Add the ability for transit to use managed keys (#18844)
* add the ability for transit to use managed keys

* add fields for rotate

* reorganize managed keys for better error messaging

* add aad for managed keys

* change encrypting key interface

* fix import error

* fix fmt errors

* move managed key rotation to a separate function

* fix fmt issue

* fix import error

* fix go.mod issue

* fix go.mod

* remove extra rotate param

* fix locking issue in rotation

* fix errors in policy tests

* move managed key params to fit existing policy functions

* fix sign and verify

* fix policy tests

* fix test error
2023-01-27 13:39:58 -06:00
Alexander Scheel 2f5c7458b2
Update x/crypto + x/net (#18794)
* Update golang.org/x/crypto version

go get -u golang.org/x/crypto && go mod tidy

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Update golang.org/x/crypto version in api

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Update golang.org/x/crypto version in sdk

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2023-01-23 19:11:04 +00:00
Anton Averchenkov a54678fb6b
Add logic to generate openapi response structures (#18192) 2022-12-05 11:11:06 -05:00
Scott Miller b51b2a7027
Add cached OCSP client support to Cert Auth (#17093)
* wip

* Add cached OCSP client support to Cert Auth

* ->pointer

* Code cleanup

* Fix unit tests

* Use an LRU cache, and only persist up to 1000 of the most recently used values to stay under the storage entry limit

* Fix caching, add fail open mode parameter to cert auth roles

* reduce logging

* Add the retry client and GET then POST logic

* Drop persisted cache, make cache size configurable, allow for parallel testing of multiple servers

* dead code

* Update builtin/credential/cert/path_certs.go

Co-authored-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Hook invalidate to reinit the ocsp cache size

* locking

* Conditionally init the ocsp client

* Remove cache size config from cert configs, it's a backend global

* Add field

* Remove strangely complex validity logic

* Address more feedback

* Rework error returning logic

* More edge cases

* MORE edge cases

* Add a test matrix with a builtin responder

* changelog

* Use an atomic for configUpdated

* Actually use ocsp_enabled, and bind to a random port for testing

* Update builtin/credential/cert/path_login.go

Co-authored-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Refactor unit tests

* Add status to cache

* Make some functions private

* Rename for testing, and attribute

* Up to date gofumpt

* remove hash from key, and disable the vault dependent unit test

* Comment out TestMultiOCSP

* imports

* more imports

* Address semgrep results

* Attempt to pass some sort of logging to test_responder

* fix overzealous search&replace

Co-authored-by: Alexander Scheel <alex.scheel@hashicorp.com>
2022-11-21 10:39:24 -06:00
John-Michael Faircloth b92d42af2e
update vault sdk and api go-plugin version to v1.4.5 (#17734)
* update sdk's go-plugin version

* update api go.mod

* update api go.mod go version and go mod tidy
2022-10-31 08:52:04 -05:00
Alexander Scheel 3015689848
Update tlsutil to v0.1.2 for ecdsa algo naming (#17282)
* Update tlsutil in sdk

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Update tlsutil in API

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Update tlsutil to v0.1.2 for ecdsa algo naming

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2022-09-23 08:28:40 -04:00
Steven Clark 05a5928b8d
Update missing go-kms-wrapping v2 dep and address some ENT->OSS drift (#17178)
* Update missing go-kms-wrapping v2 dep and address some ENT->OSS drift

* Bump go-kms-wrapping/wrappers/gcpckms/v2 to v2.0.1
2022-09-19 10:23:40 -04:00
Max Coulombe f9b5d1a563
Multiplexing opt out flag (#16972)
* added mplexing opt-out flag
2022-09-08 11:32:46 -04:00
VAL bbcd47b10a
Update minimum required go version for sdk (#15913) 2022-06-09 12:25:24 -07:00
Alexander Scheel 03efc71e62
Update to fixed parseutil v0.1.6 (#15774)
Note that this only really applies to the SSH engine, nothing else uses
this helper. Other go.mod's updated for consistency.

See also: https://github.com/hashicorp/go-secure-stdlib/pull/40

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2022-06-02 17:31:45 -04:00
Alexander Scheel 60acf9ad6e
Update parseutil in API, SDK (#15465)
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2022-05-17 11:44:32 -04:00
Chris Capurso dc4aae642a
Fix panic caused by parsing json.Number values for TypeCommaStringSlice fields (#14522)
* go-secure-stdlib/parseutil to v0.1.4

* add TypeCommaStringSlice for json.Number

* add changelog entry

* upgrade go-secure-stdlib/parseutil to v0.1.4 in sdk

* move json number TypeCommaStringSlice test

* go mod download for api; go mod tidy
2022-03-28 11:07:55 -04:00
Hridoy Roy c2d7386be4
sdk changes for 1.10.0 release branch (#14264) 2022-02-24 16:39:14 -08:00
Pavlos Tzianos 0abc8f43fa
Add helper for encoding/decoding root tokens and OTP generation in SDK module (#10504) (#10505) 2021-12-01 08:05:49 -05:00
Brian Kassouf 57c568e511
Update some SDK dependency versions (#12828)
* Update some SDK dependency versions

* Update API go.sum

* Update jsonpatch to v5
2021-10-14 09:47:32 -07:00
Nick Cabatoff 124bc87381
Upgrade snappy to fix panic with identity/packer on Go 1.16+arm64. (#12371) 2021-08-19 15:51:06 -04:00
Jeff Mitchell 33ff878946
Move awsutil over to the go-secure-stdlib version (#12128)
Unlike the other libraries that were migrated, there are no usages of
this lib in any of our plugins, and the only other known usage was in
go-kms-wrapping, which has been updated. Aliasing it like the other libs
would still keep the aws-sdk-go dep in the sdk module because of the
function signatures. So I've simply removed it entirely here.
2021-07-20 20:42:00 -04:00
Jeff Mitchell fe18b6f9e0
Swap out sdk/helper libs with implementations in go-secure-stdlib (#12088)
* Swap out sdk/helper libs with implementations in go-secure-stdlib

* Fix transit batch test
2021-07-15 01:56:37 -04:00
Scott Miller ecb5474466
Update Vault main to new API/SDK Tags. (#12069)
* Update Vault main to new api/sdk tags

* go mod tidy

* Go mod tidy

* Go mod tidy on api

* go mod download on root
2021-07-13 18:54:31 -05:00
Nick Cabatoff bddd2888e8
Make latency injector duration atomic. This is a prerequisite for a deadlock fix to the ent integ tests. (#11875) 2021-06-16 11:48:39 -04:00
Scott Miller 6f084b75f1
Update Go to 1.16.2 for the 1.8-dev cycle (#11267)
* Update to Go 1.16.2 for build/dev

* Update SDK version_base

* Update docker images

* make packages
2021-04-07 15:46:42 -05:00
Scott Miller dfec27df87
Revert unnecessary changes to api/go.mod (#10097)
* restore api's go.mod

* sdk too

* root level go mod vendor
2020-10-06 14:25:46 -05:00
Scott Miller b513af3851
Expose generic versions of KDF and symmetric crypto (#10076)
* Support salt in DeriveKey

* Revert "Support salt in DeriveKey"

This reverts commit b295ae42673308a2d66d66b53527c6f9aba92ac9.

* Refactor out key derivation, symmetric encryption, and symmetric decryption into generic functions

* comments

* comments

* go mod vendor

* bump both go.mods

* This one too

* bump

* bump

* bump

* Make the lesser used params of symmetric ops a struct

* go fmt

* Call GetKey instead of DeriveKey

* Address feedback

* Wrong rv

* Rename calls

* Assign the nonce field

* trivial change

* Check nonce len instead

* go mod vendor
2020-10-01 21:04:36 -05:00
Michael Golowka acda64aa35
Add Database v5 interface with gRPC client & server (#9641)
* Add new Database v5 interface with gRPC client & server
This is primarily for making password policies available to the DB engine, however since there are a number of other problems with the current interface this is getting an overhaul to a more gRPC request/response approach for easier future compatibility.

This is the first in a series of PRs to add support for password policies in the combined database engine
2020-08-28 11:20:49 -06:00
ncabatoff 0247a7533e
Upgrade to newer okta lib for pagination, fetch all groups using it (#9580) 2020-07-24 09:05:08 -04:00
Calvin Leung Huang 46a52a6098
sdk/gomod: remove dependency on vault (#9449)
* sdk/gomod: remove dependency on vault

* add vendored deps

* sdk/testing: move reloadutil into internal package

* re-vendor moved files
2020-07-16 16:24:07 -07:00
Clint cbecc40e48
Stepwise docker env (#9292)
* add first stepwise test env, Docker, with example transit test

* update transit stepwise test

* add other tests that use stepwise

* cleanup test, make names different than just 'transit'

* return the stderr if compile fails with error

* minor cleanups

* minor cleanups

* go mod vendor

* cleanups

* remove some extra code, and un-export some fields/methods

* update vendor

* remove reference to vault.CoreConfig, which really wasn't used anyway

* update with go mod vendor

* restore Precheck method to test cases

* clean up some networking things; create networks with UUID, clean up during teardown

* vendor stepwise

* Update sdk/testing/stepwise/environments/docker/environment.go

haha thanks :D

Co-authored-by: Michael Golowka <72365+pcman312@users.noreply.github.com>

* Update sdk/testing/stepwise/environments/docker/environment.go

Great catch, thanks

Co-authored-by: Michael Golowka <72365+pcman312@users.noreply.github.com>

* fix redundant name

* update error message in test

* Update builtin/credential/userpass/stepwise_test.go

More explicit error checking and responding

Co-authored-by: Michael Golowka <72365+pcman312@users.noreply.github.com>

* Update builtin/logical/aws/stepwise_test.go

`test` -> `testFunc`

Co-authored-by: Michael Golowka <72365+pcman312@users.noreply.github.com>

* Update builtin/logical/transit/stepwise_test.go

Co-authored-by: Michael Golowka <72365+pcman312@users.noreply.github.com>

* fix typos

* update error messages to provide clarity

* Update sdk/testing/stepwise/environments/docker/environment.go

Co-authored-by: Michael Golowka <72365+pcman312@users.noreply.github.com>

* update error handling / collection in Teardown

* panic if GenerateUUID returns an error

* Update sdk/testing/stepwise/environments/docker/environment.go

Co-authored-by: Michael Golowka <72365+pcman312@users.noreply.github.com>

* Update builtin/credential/userpass/stepwise_test.go

Co-authored-by: Calvin Leung Huang <cleung2010@gmail.com>

* Update builtin/logical/aws/stepwise_test.go

Co-authored-by: Calvin Leung Huang <cleung2010@gmail.com>

* Update builtin/logical/transit/stepwise_test.go

Co-authored-by: Calvin Leung Huang <cleung2010@gmail.com>

* Update sdk/testing/stepwise/environments/docker/environment.go

Co-authored-by: Calvin Leung Huang <cleung2010@gmail.com>

* import ordering

* standardize on dc from rc for cluster

* lowercase name

* CreateAPIClient -> NewAPIClient

* testWait -> ensure

* go mod cleanup

* cleanups

* move fields and method around

* make start and dockerclusternode private; use better random serial number

* use better random for SerialNumber

* add a timeout to the context used for terminating the docker container

* Use a constant for the Docker client version

* rearrange import statements

Co-authored-by: Michael Golowka <72365+pcman312@users.noreply.github.com>
Co-authored-by: Calvin Leung Huang <cleung2010@gmail.com>
2020-06-26 17:52:31 -05:00
Clint 6b4bdb1882
VLT091 plugin testing framework stepwise (#9270)
* Resolve merge conflicts and updates from running a test

* move testing/_test.go over to legacy

* updates

* Add core of plugin test framework Stepwise  (#9166)

* adding stepwise testing, but there are protocol buff error :/

* move file and update sdk/go.mo

* update/sync modules

* update from other branch

* update sdk/go.mod

* some cleanups after feedback

* remove enviornments from this PR

* update vendor

* change from running go mod tidy

* change from go mod tidy

* Update sdk/testing/stepwise/helpers.go

Co-authored-by: Michael Golowka <72365+pcman312@users.noreply.github.com>

* Update sdk/testing/stepwise/helpers.go

Co-authored-by: Michael Golowka <72365+pcman312@users.noreply.github.com>

* change panic to error

* Update sdk/testing/stepwise/helpers.go

return `nil` and not `err` at the end

Co-authored-by: Michael Golowka <72365+pcman312@users.noreply.github.com>

* Defer close() on successful Open of a file

* document the re-creation of steps

* Update sdk/testing/stepwise/stepwise.go

Co-authored-by: Michael Golowka <72365+pcman312@users.noreply.github.com>

* remove unused BarrierKeys()

* Update sdk/testing/stepwise/stepwise.go

Co-authored-by: Michael Golowka <72365+pcman312@users.noreply.github.com>

* updates from feedback

* fix return with bad arguments

* Rename things:

- StepOperation -> Operation
- StepwiseEnvironment -> Environment
- StepCheckFunc -> AssertionFunc
- step.Check -> step.Assert

* document the environment interface methods

* rename EnvironmentOptions to MountOptions

* rename Name to RegistryName

* remove ExpectError because it's redundant

* minor doc update

* Update sdk/testing/stepwise/stepwise.go

Co-authored-by: Michael Golowka <72365+pcman312@users.noreply.github.com>

* add checkShouldRun function

* remove redundant return

* remove vestigial PreCheck function

* add tt.Helper() to makeRequest

* minor code formatting and document 1-based index for log output of Steps

Co-authored-by: Michael Golowka <72365+pcman312@users.noreply.github.com>

* minor updates

* update sdk

* use local reference for api, vault dep

* Update sdk/testing/stepwise/stepwise.go

Co-authored-by: Calvin Leung Huang <cleung2010@gmail.com>

* Update sdk/testing/stepwise/stepwise.go

Co-authored-by: Calvin Leung Huang <cleung2010@gmail.com>

* cleanup some defer functions

* call fatal if environment setup fails, and don't call teardown

* defer re-setting client token in makeRequest

* Move legacy logicaltest back to testhelpers

* update mods and test files with go mod tidy

* go mod vendor

* remove relative replace directives

* restore old logical test location

* move declaration to main stepwise file

* remove index var and use i+1

* add testing for write, delete paths of makeRequest

* update stepwise core testing to do request counting

* remove unused methods

* Update sdk/testing/stepwise/stepwise.go

remove dead line

Co-authored-by: Alexander Bezobchuk <alexanderbez@users.noreply.github.com>

* Update sdk/testing/stepwise/stepwise.go

fix capitalization in code comment

Co-authored-by: Alexander Bezobchuk <alexanderbez@users.noreply.github.com>

* update code comments for SkipTeardown to clarify its use

* update stepwise

Co-authored-by: Michael Golowka <72365+pcman312@users.noreply.github.com>
Co-authored-by: Calvin Leung Huang <cleung2010@gmail.com>
Co-authored-by: Alexander Bezobchuk <alexanderbez@users.noreply.github.com>
2020-06-23 06:01:39 -05:00
Clint dd9c3b9133
Sync Protobuf dependencies between core and sdk (#9154)
* update go.mod/sum for root and sdk folders to sync protobuf versions

* run 'go mod vendor'

* bump github.com/golang/protobuf to v1.4.2
2020-06-05 14:15:12 -05:00
Michael Golowka b52950f884
Add user configurable password policies available to secret engines (#8637)
* Add random string generator with rules engine

This adds a random string generation library that validates random
strings against a set of rules. The library is designed for use as generating
passwords, but can be used to generate any random strings.
2020-05-27 12:28:00 -06:00
Jeff Mitchell f09f21e512 Move reload/listenerutil/gatedwriter back out of sdk 2020-02-15 14:56:00 -05:00
Jeff Mitchell e90d9f3946 Update to go-kms-wrapping entropy module 2020-02-14 17:27:19 -05:00
Jeff Mitchell fedb451a12 Move reload and listenerutil into sdk 2020-02-13 10:40:02 -05:00
Jeff Mitchell 3be3cd6d42 Update sdk's go-hclog 2020-01-23 14:11:38 -05:00
Jeff Mitchell a0694943cc
Migrate built in auto seal to go-kms-wrapping (#8118) 2020-01-10 20:39:52 -05:00
Jeff Mitchell 156e31c740 Bump go-uuid 2020-01-10 10:43:37 -05:00
Jeff Mitchell f437b80370
Update go-hclog to version that removes some possible panics and incorrect mutex locking (#8054) 2019-12-18 16:32:02 -05:00
ncabatoff fde5e55ce9
Handle otherName SANs in CSRs (#6163)
If a CSR contains a SAN of type otherName, encoded in UTF-8, and the signing role specifies use_csr_sans, the otherName SAN will be included in the signed cert's SAN extension.

Allow single star in allowed_other_sans to match any OtherName.  Update documentation to clarify globbing behaviour.
2019-12-11 10:16:44 -05:00
Jeff Mitchell a47758865c Bump go-ldap
Closes https://github.com/hashicorp/vault/pull/7780

Changes to other parts of Vault have to come piece by piece, that's
next.
2019-11-08 11:18:36 -05:00
Jeff Mitchell b998849b73
Update go-metrics in sdk (#7795) 2019-11-05 15:27:07 -05:00
Lexman c86fe212c0
oss changes for entropy augmentation feature (#7670)
* oss changes for entropy augmentation feature

* fix oss command/server/config tests

* update go.sum

* fix logical_system and http/ tests

* adds vendored files

* removes unused variable
2019-10-17 10:33:00 -07:00
Calvin Leung Huang 7a385a7854 update go.mod and sdk/go.mod 2019-10-04 09:40:23 -07:00
Jeff Mitchell 63f377c6b6 Tidy sdk 2019-09-18 09:09:44 -04:00
Jim Kalafut 051bc15da3
Bundle OCI Auth method (#7422) 2019-09-04 16:46:00 -07:00
Jeff Mitchell 5f7ed385aa Run go mod tidy 2019-09-04 12:44:50 -04:00
Nick Cabatoff 3f1d1765ec Update sdk to grpc 1.22 for https://github.com/grpc/grpc-go/pull/2818 which caused intermittent ent test failures. 2019-07-24 11:45:58 -04:00
Jeff Mitchell 2ff5380179 Remove gogo proto from where it snuck in 2019-06-18 14:45:42 -04:00