luxolus
/
open-vault
2
0
Fork 0
Code Issues 1 Pull Requests Releases Activity
17,392 Commits 1 Branch 0 Tags 214 MiB
Commit Graph

17392 Commits

Author SHA1 Message Date
Violet Hynes 325c0dd1ac
Update Vault Proxy changelog to use the new feature format (#20811) 2023-05-26 11:56:20 -04:00
Thy Ton 9fbf8ad72f
update API docs for kubernetes secrets engine (#20726) 
Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com>
 2023-05-26 07:38:22 -07:00
Alexander Scheel 34804c6817
Increase retry limit on dnstest/server.go (#20810) 
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
 2023-05-26 14:33:21 +00:00
Violet Hynes ac2af5cd24
Update auth/api submodules to new API version (#20809) 
* Update auth/api submodules to new API version

* Update auth/api submodules to new API version
 2023-05-26 14:06:31 +00:00
Max Coulombe 4c45de5b37
Updated snowflake plugin to v0.8.0 (#20807) 
* updated snowflake plugin to v0.8.0
 2023-05-26 09:48:25 -04:00
Violet Hynes 9851856257
Update SDK and API for 1.14 release (#20808) 2023-05-26 09:34:58 -04:00
Ben Ash 57e41db42a
Update VSO API reference docs for v0.1.0-beta.1 (#20801) 
Co-authored-by: Kyle Schochenmaier <kschoche@gmail.com>
 2023-05-25 20:31:45 -04:00
John-Michael Faircloth 5ed35b8257
update secrets/kubernetes and auth/kubernetes plugin versions (#20802) 
* update secrets/kubernetes and auth/kubernetes plugin versions

* add changelog
 2023-05-25 18:54:45 -05:00
Christopher Swenson 8fbca24c2f
fix: upgrade vault-plugin-auth-jwt to v0.16.0 (#20799) 2023-05-25 14:59:17 -07:00
Kyle Schochenmaier b43e865aef
[docs] update helm docs for vso beta1 release (#20776) 
* update helm docs for vso beta1 release
 2023-05-25 16:45:08 -05:00
claire bontempo 27dd70457b
ui: update pki link (#20791) 
* fix link

* hold off change popup link

* clarify todo

* remove typo
 2023-05-25 14:10:15 -07:00
Alexander Scheel 30488bc374
sdk/helper/nonce -> go-secure-stdlib/nonceutil (#20737) 
Depends on https://github.com/hashicorp/go-secure-stdlib/pull/73

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
 2023-05-25 20:57:08 +00:00
Larroyo c32032c1f8
Make transit import command work for the transform backend (#20668) 
* Add import and import-version commands for the transform backend
 2023-05-25 15:33:27 -05:00
vinay-gopalan f9f4b68a58
upgrade vault-plugin-secrets-alicloud to v0.15.0 (#20787) 2023-05-25 10:34:48 -07:00
Anton Averchenkov 5b510ffeca
openapi: Fix response schema for pki list roles (#20782) 2023-05-25 13:34:34 -04:00
Robert 2fa0953759
auth/kerberos: upgrade plugin version (#20771) 
* Upgrade vault-plugin-auth-kerberos to v0.10.0
 2023-05-25 17:29:42 +00:00
Robert a7054c643b
database/redis: upgrade plugin version (#20763) 
* Upgrade vault-plugin-database-redis to v0.2.1
 2023-05-25 17:25:18 +00:00
Raymond Ho e010999167
fix: upgrade vault-plugin-auth-cf to v0.15.0 (#20785) 2023-05-25 17:10:51 +00:00
Robert bd528daeef
database/elasticsearch: upgrade plugin version (#20767) 
* Upgrade vault-plugin-database-elasticsearch to v0.13.2
 2023-05-25 17:09:41 +00:00
vinay-gopalan ae2ebb1b1b
upgrade vault-plugin-auth-alicloud to v0.15.0 (#20758) 2023-05-25 09:56:48 -07:00
miagilepner 741c890ce0
VAULT-14735: write mock activity log entity files (#20702) 
* support writing entities

* tests for writing entity segments
 2023-05-25 18:55:55 +02:00
Raymond Ho 0d1ecfdc7d
fix: upgrade vault-plugin-secrets-terraform to v0.7.1 (#20748) 2023-05-25 16:47:08 +00:00
claire bontempo eb53284e69
UI: Transit Key TTL not initializing to toggled off (#20731) 
* add test

* bug fix and tests

* add changelog
 2023-05-25 16:39:48 +00:00
Robert 9c09bf1501
secrets/gcpkms: upgrade plugin version (#20784) 
* Upgrade vault-plugin-secrets-gcpkms to v0.15.0
 2023-05-25 16:39:00 +00:00
Yoko Hyakuna fda4a6407f
Change the codeowner for docs PRs (#20779) 2023-05-25 09:23:31 -07:00
Christopher Swenson d0c364558c
fix: upgrade vault-plugin-database-couchbase to v0.9.2 (#20764) 2023-05-25 09:17:36 -07:00
Raymond Ho 8f83bee210
fix: upgrade vault-plugin-secrets-mongodbatlas to v0.10.0 (#20742) 2023-05-25 09:13:28 -07:00
Raymond Ho 400d47d93c
fix: upgrade vault-plugin-auth-centrify to v0.15.1 (#20745) 2023-05-25 09:13:11 -07:00
Marc Boudreau 6ef35feeb9
update security-scanner version to latest to pickup changes that eliminate use of deprecated GitHub Actions commands (#20690) 2023-05-25 12:09:43 -04:00
Max Coulombe 84b63ed833
Updated the azure secrets plugin (#20777) 
* updated the azure secrets plugin
 2023-05-25 11:27:33 -04:00
Daniel Huckins 958ccda6b1
agent: Add implementation for injecting secrets as environment variables to vault agent cmd (#20739) 
* added exec and env_template config/parsing

* add tests

* we can reuse ctconfig here

* do not create a non-nil map

* check defaults

* Apply suggestions from code review

Co-authored-by: Anton Averchenkov <84287187+averche@users.noreply.github.com>

* Apply suggestions from code review

Co-authored-by: Anton Averchenkov <84287187+averche@users.noreply.github.com>

* first go of exec server

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* convert to list

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* convert to list

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* sig test

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* add failing example

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* refactor for config changes

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* add test for invalid signal

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* account for auth token changes

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* only start the runner once we have a token

* tests in diff branch

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* Apply suggestions from code review

Co-authored-by: Anton Averchenkov <84287187+averche@users.noreply.github.com>

* fix rename

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* Update command/agent/exec/exec.go

Co-authored-by: Anton Averchenkov <84287187+averche@users.noreply.github.com>

* apply suggestions from code review

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* cleanup

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* remove unnecessary lock

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* refactor to use enum

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* dont block

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* handle default

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* make more explicit

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* cleanup

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* remove unused

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* remove unused file

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* remove test app

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* Apply suggestions from code review

Co-authored-by: Anton Averchenkov <84287187+averche@users.noreply.github.com>

* apply suggestions from code review

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* update comment

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* add changelog

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* new channel for exec server token

* wire to run with vault agent

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* watch for child process to exit on its own

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* block before returning

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

---------

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>
Co-authored-by: Anton Averchenkov <84287187+averche@users.noreply.github.com>
 2023-05-25 09:23:56 -04:00
Peter Wilson 9723462891
updated Leader godoc comment to give a warning on possible deadlock (#20773) 2023-05-25 12:02:39 +00:00
akshya96 38250d1917
Revert "User Lockout Perf Standby Error oss (#20766)" (#20770) 
This reverts commit 7a546a96e41e24b8341bb890154c9093accb9dc9.
 2023-05-24 18:55:34 -07:00
akshya96 3200310b90
User Lockout Perf Standby Error oss (#20766) 
* adding changes from ent

* add changelog

* removing new line
 2023-05-24 17:35:17 -07:00
Jonathan Frappier 24edfc6be4
Add additional endpoints, remove non-protected endpoints (#20669) 
* Add additional endpoints, remove non-protected endpoints

* Add step-down per engineering

* Match HTTP verb to individual doc pages

* Add /sys/internal/inspect/router to table

* Apply additional suggestions

* Updates based on engineering feedback

* Adding unsaved changes
 2023-05-24 17:32:53 -04:00
Angel Garbarino 4a402ca128
Address Test-ui suite failure for package install issues (#20756) 
* fix

* apparently its going to take me two commits.. for one line.

* test removing the installation of the packages.

* remove browser dependencies
 2023-05-24 15:24:47 -06:00
Steven Clark d2f74c3901
Address various issues related to ACME EAB (#20755) 
* Fix various EAB related issues

 - List API wasn't plumbed through properly so it did not work as expected
 - Use random 32 bytes instead of an EC key for EAB key values
 - Update OpenAPI definitions

* Clean up unused EAB keys within tidy

* Move Vault EAB creation path to pki/acme/new-eab

* Update eab vault responses to match up with docs
 2023-05-24 21:17:33 +00:00
Alexander Scheel f156a57325
Validate no_store=false on role configuration (#20757) 
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
 2023-05-24 21:13:28 +00:00
Daniel Huckins 2343ff04f6
agent: Add implementation for injecting secrets as environment variables (#20628) 
* added exec and env_template config/parsing

* add tests

* we can reuse ctconfig here

* do not create a non-nil map

* check defaults

* Apply suggestions from code review

Co-authored-by: Anton Averchenkov <84287187+averche@users.noreply.github.com>

* Apply suggestions from code review

Co-authored-by: Anton Averchenkov <84287187+averche@users.noreply.github.com>

* first go of exec server

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* convert to list

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* convert to list

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* sig test

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* add failing example

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* refactor for config changes

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* add test for invalid signal

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* account for auth token changes

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* only start the runner once we have a token

* tests in diff branch

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* Apply suggestions from code review

Co-authored-by: Anton Averchenkov <84287187+averche@users.noreply.github.com>

* fix rename

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* Update command/agent/exec/exec.go

Co-authored-by: Anton Averchenkov <84287187+averche@users.noreply.github.com>

* apply suggestions from code review

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* cleanup

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* remove unnecessary lock

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* refactor to use enum

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* dont block

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* handle default

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* make more explicit

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* cleanup

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* remove unused

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* remove unused file

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* remove test app

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* Apply suggestions from code review

Co-authored-by: Anton Averchenkov <84287187+averche@users.noreply.github.com>

* apply suggestions from code review

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* update comment

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* add changelog

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* watch for child process to exit on its own

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

---------

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>
Co-authored-by: Anton Averchenkov <84287187+averche@users.noreply.github.com>
 2023-05-24 16:56:06 -04:00
Raymond Ho c921a74b56
fix: upgrade vault-plugin-secrets-openldap to v0.11.0 (#20753) 2023-05-24 13:45:24 -07:00
vinay-gopalan 1ef982849b
upgrade vault-plugin-secrets-ad to v0.16.0 (#20750) 2023-05-24 13:37:41 -07:00
Nick Cabatoff 46b0b33bda
Cluster test helper improvements (#20424) 2023-05-24 20:21:10 +00:00
Christopher Swenson 7956c382e6
fix: upgrade vault-plugin-database-redis-elasticache to v0.2.1 (#20751) 2023-05-24 20:15:53 +00:00
kpcraig 628c51516a
VAULT-12226: Add Static Roles to the AWS plugin (#20536) 
Add static roles to the aws secrets engine

---------

Co-authored-by: maxcoulombe <max.coulombe@hashicorp.com>
Co-authored-by: vinay-gopalan <86625824+vinay-gopalan@users.noreply.github.com>
Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>
 2023-05-24 14:55:13 -04:00
John-Michael Faircloth a151ec76dd
fix: upgrade vault-plugin-auth-oci to v0.14.0 (#20743) 2023-05-24 13:00:49 -05:00
John-Michael Faircloth a123ca2b6a
fix: upgrade vault-plugin-secrets-kv to v0.15.0 (#20746) 2023-05-24 13:00:23 -05:00
Steven Clark f29fabe7c1
Enforce valid ACME accounts in challenge APIS (#20744) 
- Make sure we have an ACME account in a valid state and
   enforce EAB policies on that account for the challenge
   and revocation by account ACME apis.
 2023-05-24 17:28:56 +00:00
Alexander Scheel c67546511d
Move activityType to a constant, set precedence (#20738) 
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
 2023-05-24 12:29:47 -04:00
Alexander Scheel 04bb7eef15
Update transit public keys for Ed25519 support (#20727) 
* Refine documentation for public_key

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Support additional key types in importing version

This originally left off the custom support for Ed25519 and RSA-PSS
formatted keys that we've added manually.

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add support for Ed25519 keys

Here, we prevent importing public-key only keys with derived Ed25519
keys. Notably, we still allow import of derived Ed25519 keys via private
key method, though this is a touch weird: this private key must have
been packaged in an Ed25519 format (and parseable through Go as such),
even though it is (strictly) an HKDF key and isn't ever used for Ed25519.

Outside of this, importing non-derived Ed25519 keys works as expected.

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add public-key only export method to Transit

This allows the existing endpoints to retain private-key only, including
empty strings for versions which lack private keys. On the public-key
endpoint, all versions will have key material returned.

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Update tests for exporting via public-key interface

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add public-key export option to docs

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

---------

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
 2023-05-24 11:26:35 -04:00
Peter Wilson 8698650394
VAULT-11595: Augment forwarded requests with host:port info (from/to nodes) (Enterprise) (#20733) 
* Allow audit entries to contain forwarded from host info
* adjust logical/request and audit format to use bool instead of string for 'to' host
 2023-05-24 13:57:45 +01:00