Commit Graph

2832 Commits

Author SHA1 Message Date
Pratyoy Mukhopadhyay 7b807a9bb0
add ns path to granting_policies (#20522) 2023-05-04 15:08:22 -07:00
Victor Rodriguez 2656c020ae
Convert seal.Access struct into a interface (OSS) (#20510)
* Move seal barrier type field from Access to autoSeal struct.

Remove method Access.SetType(), which was only being used by a single test, and
which can use the name option of NewTestSeal() to specify the type.

* Change method signatures of Access to match those of Wrapper.

* Turn seal.Access struct into an interface.

* Tweak Access implementation.

Change `access` struct to have a field of type wrapping.Wrapper, rather than
extending it.

* Add method Seal.GetShamirWrapper().

Add method Seal.GetShamirWrapper() for use by code that need to perform
Shamir-specific operations.
2023-05-04 14:22:30 -04:00
Alexander Scheel 544ae3461f
Allow ensuring ticker is stopped multiple times (#20509)
When executing multi-stage, multi-namespace tests, stopping the ticker
multiple times (via closing the StopTicker channel) results in a panic.

Store whether or not we've stopped it once, and do not close it again.

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2023-05-04 14:14:06 +00:00
Hamid Ghaf 148263084d
adding support for four cluster docker based test scenario (#20492) 2023-05-03 10:49:45 -07:00
miagilepner 4cd982554e
VAULT-15840: Allow updates of only entity-alias custom-metadata (#20368)
* allow updates of only custom metadata

* add changelog
2023-05-01 12:42:30 +02:00
Nick Cabatoff e0093a2791
Simple perf replication test using docker containers (#20393) 2023-04-28 19:43:30 +00:00
Nick Cabatoff f19f537a4f
Add support for restarting docker nodes, and for providing args (#20409) 2023-04-28 14:03:14 -04:00
Nick Cabatoff a816ef6c15
Use a dedicated runner for the binary-based tests. (#20377) 2023-04-27 09:41:49 -04:00
davidadeleon 0d621ea47e
add nil check for mfa enforcement config namespace on login (#20375)
* add nil check for mfa enforcement config ns

* move nil check and add changelog
2023-04-26 16:52:39 -04:00
Nick Cabatoff f5b5662122
Don't require every test to specify a VaultLicense field (#20372) 2023-04-26 18:39:48 +00:00
Nick Cabatoff ad18fc6398
Docker testing: handle licensing, different images per node (#20347) 2023-04-25 17:11:46 -04:00
Nick Cabatoff 22b00eba12
Add support for docker testclusters (#20247) 2023-04-24 14:25:50 -04:00
Nick Cabatoff 313957b911
Add tests based on vault binary (#20224)
First steps towards docker-based tests: tests using vault binary in -dev or -dev-three-node modes.
2023-04-24 09:57:37 -04:00
Marc Boudreau 895564d615
Provide Descriptive Error when Enterprise-only Paths Called in Open-source Version (#18870)
* define ent paths in OSS codebase with common handler

* fixup! define ent paths in OSS codebase with common handler

* add missing path

* retain existing behaviour for replication/status path

* remove commented out path
2023-04-21 16:14:40 -04:00
Mike Palmiotto 8001d76e28
Refactor reporter for unseal setup (#20296) 2023-04-21 15:29:37 -04:00
Josh Black 1ae09ca6b6
OSS changes for new update-primary API endpoint (#20277)
* OSS changes for new update-primary API endpoint

* remove ENT specific piece

* remove another ENT specific field
2023-04-20 13:13:37 -07:00
Mike Palmiotto c0b8a9eddb
Add minimum_retention_months to config endpoint (#20150) 2023-04-13 18:33:23 +00:00
Anton Averchenkov 7e12300d7c
openapi: Add display attributes for cubbyhole/ (#19880) 2023-04-13 11:33:21 -04:00
Anton Averchenkov 14ac4fc045
openapi: Add display attributes for /sys (p2) (#19707) 2023-04-13 11:32:57 -04:00
Anton Averchenkov 254c5e2568
openapi: Add display attributes for /sys (p1) (#19706) 2023-04-13 11:32:26 -04:00
Anton Averchenkov d0cc7bc71a
openapi: Add display attributes for identity/ (remaining) (#19763) 2023-04-12 15:46:01 -04:00
Anton Averchenkov 31e123f7a0
openapi: Add display attributes for identity/group (#19762) 2023-04-12 15:45:12 -04:00
Anton Averchenkov 4b94669779
openapi: Add display attributes for identity/entity (#19760) 2023-04-12 15:44:43 -04:00
Anton Averchenkov f69bea9161
openapi: Add display attributes for identity/oidc (#19758) 2023-04-12 15:44:07 -04:00
Tom Proctor 9aa9686c81
Simplify tracking of external plugins (#20009) 2023-04-12 18:34:35 +01:00
miagilepner 1ea85c56d7
VAULT-14734: activity log write endpoint (#20019)
* add noop endpoint with testonly build flag

* add tests for endpoint

* cleanup

* fix test name

* add changelog

* pr fixes
2023-04-12 18:26:26 +02:00
Mike Palmiotto 1b5d527521
api: Add reporting fields to activitylog config endpoint (#20086)
This PR adds the internal reporting state to the
`internal/counters/config` read endpoint:
* reporting_enabled
* billing_start_timestamp
2023-04-12 12:02:28 -04:00
Hamid Ghaf 976ab9c87f
Revert "Remove dead licensing code and extra core setup (#20080)" (#20112)
This reverts commit 60d8bff89c490c5489c97b98b168de9a50239815.
2023-04-12 13:46:15 +00:00
Anton Averchenkov 618e79af82
openapi: Add display attributes for identity/mfa (#19757) 2023-04-11 16:00:35 -04:00
Christopher Swenson df8d0444dd
Remove dead licensing code and extra core setup (#20080)
The extra core setup is no longer needed in Vault Enterprise, and the
licensing code here has no effect here or in Vault Enterprise.

I pulled this commit into Vault Enterprise and it still compiled fine,
and all tests pass. (Though a few functions can be deleted there as
well after this is merged.)
2023-04-11 10:30:05 -07:00
miagilepner c8b4afd189
Require activity log retention months at least the minimum (#20078)
* reject retention month updates that are less than min retention months

* add changelog

* reword error

* switch to retention_months
2023-04-11 15:09:01 +00:00
Alexander Scheel f0fc48c788
Only log stopping rollback manager once (#20041)
When testing the Rollback Manager's one-time invocation in Enterprise,
it was noticed that due to the channel being closed, we'd always hit
this case and thus spam logs rather quickly with this message.

Switch to a boolean flip to log this once, as it is not executed in
parallel and thus doesn't need a sync.Once.

This only affected anyone calling the test core's
StopAutomaticRollbacks() helper.

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2023-04-10 13:24:03 -04:00
Anton Averchenkov 56698d6d15
openapi: Add display attributes for token/ (#19399) 2023-04-06 11:11:49 -04:00
miagilepner 3b91b9ebbf
VAULT-14733: SegmentReader interface for reading activity log segments (#19934)
* create a segment reader for activity log segment

* fix imports

* updates based on comments
2023-04-06 16:23:41 +02:00
Thy Ton fcf06d5874
feat: add plugin metadata to audit logging (#19814) 2023-04-06 00:41:07 -07:00
Jason O'Donnell e4e34c0f96
Add extra ssct gen counter debug logs (#19980) 2023-04-05 13:06:57 -04:00
miagilepner 09adb9ee12
VAULT-14733: Refactor processClientRecord in activity log (#19933) 2023-04-04 14:50:19 +02:00
Peter Wilson a2bdf7250b
VAULT-14048: raft-autopilot appears to refuse to remove a node which has left and wouldn't impact stability (#19472)
* ensure we supply the node type when it's for a voter
* bumped autopilot version back to v0.2.0 and ran go mod tidy
* changed condition in knownservers and added some comments
* Export GetRaftBackend
* Updated tests for autopilot (related to dead server cleanup)
* Export Raft NewDelegate

Co-authored-by: Nick Cabatoff <ncabatoff@hashicorp.com>
2023-04-03 11:58:57 -04:00
Steven Clark b1c557bd73
Extend expiration of diagnose test-fixture certificate (#19868)
- Regenerated with
    - openssl x509 -x509toreq -in xxx.crt -signkey xxx -out xxx.csr
    - openssl x509 -req -in xxx.csr -signkey xxx.pem -days 18250 -out xxx.crt
2023-04-03 09:34:58 -04:00
miagilepner de56c728a1
VAULT-13191: OSS changes (#19891)
* add open source changes for reporting

* fix function signature

* add changelog
2023-03-31 15:05:16 +00:00
Alexander Scheel e95fadd8f0
Add mechanism to disable automatic rollbacks (#19748)
When testing the rollback mechanism, there's two categories of tests
typically written:

 1. Ones in which the rollback manager is entirely left alone, which
    usually are a bit slower and less predictable. However, it is still
    sufficient in many scenarios.
 2. Ones in which the rollback manager is explicitly probed by tests
    and "stepped" to achieve the next rollback.

Here, without a mechanism to fully disable the rollback manager's
periodic ticker (without affecting its ability to work!) we'll continue
to see races of the sort:

>     --- FAIL: TestRevocationQueue (50.95s)
>     panic: sync: WaitGroup is reused before previous Wait has returned [recovered]
>         panic: sync: WaitGroup is reused before previous Wait has returned

This allows us to disable the ticker, returning control to the test
suite entirely.

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2023-03-29 08:59:01 -04:00
Daniel Huckins 243c86b2c5
VAULT-12144: add openapi responses for /sys/rotate endpoints (#18624)
* responses for rotate endpoints

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* added changelog

* add test for rotate config

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* update to use newer function

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* use new func

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

---------

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>
2023-03-28 15:40:48 -04:00
Daniel Huckins 4b52cea28c
VAULT-12144: add openapi responses for /sys/seal endpoints (#18625)
* added responses to seal/unseal endpoints

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* add response for /seal-status

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* added change log

---------

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>
2023-03-28 15:39:08 -04:00
Daniel Huckins e33b87a2c3
VAULT-12144: add openapi responses for assorted /sys endpoints (#18628)
* added response struct for version-history

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* add response struct for leader

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* add response struct for ha-status

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* add response struct for host-info

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* add response struct for in-flight-req

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* added changelog

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* Apply suggestions from code review

Co-authored-by: Anton Averchenkov <84287187+averche@users.noreply.github.com>

* make fmt

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

---------

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>
Co-authored-by: Anton Averchenkov <84287187+averche@users.noreply.github.com>
2023-03-28 15:38:35 -04:00
Daniel Huckins d8191e0a4b
mark internal/counters/requests as deprecated (#19359)
Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>
2023-03-28 15:31:20 -04:00
Daniel Huckins f34313e611
VAULT-12144: add openapi responses for /sys/wrapping endpoints (#18627)
* add response structures for /sys/wrapping endpoints

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* added changelog

* dynamic tests should be nil

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

---------

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>
2023-03-28 11:12:34 -04:00
Violet Hynes 44894253fc
VAULT-8337 OSS changes part 2 (#19698) 2023-03-28 10:32:30 -04:00
Daniel Huckins e3d3d6e528
VAULT-12144: add openapi responses for /sys/tools endpoints (#18626)
* add struct for /sys/tools/hash

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* added responses for /sys/tools paths

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* add changelog

* verify respose structure for hash

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* verify respose structure for hash/random

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* use newer testing funct

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* use new test method

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

---------

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>
2023-03-24 23:11:39 +00:00
Nick Cabatoff fae3e31fda
Address regression introduced by #15493 for non-raft storage backends. (#19721) 2023-03-24 10:15:25 -04:00
Violet Hynes db31cf2da2
Revert "VAULT-8337 OSS changes" (#19700)
This reverts commit 160196f4bc270ea0698b894d4f5f3e84426b77c9.
2023-03-23 11:47:10 -04:00