Commit graph

2851 commits

Author SHA1 Message Date
Peter Wilson 9723462891
updated Leader godoc comment to give a warning on possible deadlock (#20773) 2023-05-25 12:02:39 +00:00
akshya96 38250d1917
Revert "User Lockout Perf Standby Error oss (#20766)" (#20770)
This reverts commit 7a546a96e41e24b8341bb890154c9093accb9dc9.
2023-05-24 18:55:34 -07:00
akshya96 3200310b90
User Lockout Perf Standby Error oss (#20766)
* adding changes from ent

* add changelog

* removing new line
2023-05-24 17:35:17 -07:00
Alexander Scheel c67546511d
Move activityType to a constant, set precedence (#20738)
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2023-05-24 12:29:47 -04:00
miagilepner fdecd99d26
VAULT-14735: repeated and segmented activity log clients (#20699)
* add repeated, segmented, and writing

* simplify

* pr fixes

* remove comment

* Update vault/logical_system_activity_write_testonly.go

Co-authored-by: Mike Palmiotto <mike.palmiotto@hashicorp.com>

---------

Co-authored-by: Mike Palmiotto <mike.palmiotto@hashicorp.com>
2023-05-24 08:42:00 +00:00
miagilepner 06055fb668
VAULT-15395: Support mocking time functions in the activity log (#20720)
* mock time in the activity log

* cleanup

* fix comment

* pr fixes

* update comment to explain why new timer is needed
2023-05-23 16:25:23 +00:00
Márk Sági-Kazár 258b2ef740
Upgrade go-jose library to v3 (#20559)
* upgrade go-jose library to v3

Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com>

* chore: fix unnecessary import alias

Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com>

* upgrade go-jose library to v2 in vault

Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com>

---------

Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com>
2023-05-23 12:25:58 +00:00
miagilepner bff8931640
VAULT-14735: generate mock clients for activity log (#20252)
* first part of segment client generation

* fix imports

* initial pr fixes

* refactor and fix

* update comments

* assign client type
2023-05-23 11:58:51 +02:00
Mike Palmiotto dc8d2af2d8
Add current_billing_period activity endpoint param (#20694)
* Add current_billing_period activity endpoint param

This commit introduces a new parameter: `current_billing_period`, which
can be used in lieu of `start_time` and `end_time` options.

GET ... /sys/internal/counters/activity?current_billing_period=true now
results in a response which contains the full billing period
information.

* changelog

* Update internal counters docs
2023-05-22 09:22:45 -04:00
Mike Palmiotto a40341d176
Add client_type field to EntityRecord protobuf (#20626)
* Add client_type field to EntityRecord protobuf

* changelog

* Add ACME clientType verification
2023-05-19 20:30:12 +00:00
Alexander Scheel 9d2af72bde
Fix entropy sourcing on Vault Enterprise (#20684)
Note the three overlapping scenarios discussed in the comments. In the
future, when this interface is more broadly supported, we should likely
add the interface directly to SystemView and implement it over the GRPC
interface, removing this nasty layering of already complex SystemView
implementations.

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2023-05-19 14:15:43 -04:00
miagilepner 7aa1bce6fb
VAULT-15703: Reload automated reporting (#20680)
* support config reloading for census

* changelog

* second changelog entry for license updates

* correct changelog PR
2023-05-19 14:42:50 +00:00
l-with d1d3d697da
Add possibility to decode generated encoded root token to api (#20595) 2023-05-18 15:18:19 -04:00
Hamid Ghaf 04d81e1c27
report intermediate error messages during request forwarding (#20643)
* report intermediate error messages during request forwarding

* CL
2023-05-18 05:07:54 -07:00
Marc Boudreau b35ded0cb8
VAULT-16217 Fixing Broken OpenAPI Specification Generation (#20597)
* including path parameters into stub Paths for enterprise-only endpoints

* Set Required to true for path parameters in enterprise-only path stubs

Co-authored-by: Anton Averchenkov <84287187+averche@users.noreply.github.com>

* properly format go code

* re-adding initialization of Fields and Operations fields in the stubbed Path struct

---------

Co-authored-by: Anton Averchenkov <84287187+averche@users.noreply.github.com>
2023-05-17 14:56:45 -04:00
Rachel Culpepper 11f9603b37
Vault-12308: Change password policy testing to be deterministic (#20625)
* change testing password policy to be deterministic

* fix panic

* test password against rules

* improve error message

* make test password gen more random

* fix check on test password length
2023-05-17 18:22:19 +00:00
Alexander Scheel e58f3816a4
Start counting ACME certificate issuance as client activity (#20520)
* Add stub ACME billing interfaces

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add initial implementation of client count

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Correctly attribute to mount, namespace

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Refactor adding entities of custom types

This begins to add custom types of events; presently these are counted
as non-entity tokens, but prefixed with a custom ClientID prefix.

In the future, this will be the basis for counting these events
separately (into separate buckets and separate storage segments).

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Refactor creation of ACME mounts

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add test case for billing

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Better support managed key system view casting

Without an additional parameter, SystemView could be of a different
internal implementation type that cannot be directly casted to in OSS.
Use a separate parameter for the managed key system view to use instead.

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Refactor creation of mounts for enterprise

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Validate mounts in ACME billing tests

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Use a hopefully unique separator for encoded identifiers

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Use mount accesor, not path

Co-authored-by: miagilepner <mia.epner@hashicorp.com>
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Rename AddEventToFragment->AddActivityToFragment

Co-authored-by: Mike Palmiotto <mike.palmiotto@hashicorp.com>
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

---------

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
Co-authored-by: miagilepner <mia.epner@hashicorp.com>
Co-authored-by: Mike Palmiotto <mike.palmiotto@hashicorp.com>
2023-05-17 16:12:04 +00:00
miagilepner f14a039a65
VAULT-14733: Split logic of precomputedQueryWorker (#20073)
* split precomputed query worker and add unit tests

* add new client delete method and test

* add changelog

* fixes from pr review

* add missing comment

* fix comparison
2023-05-16 16:29:18 +02:00
Anton Averchenkov 31d33f189f
openapi: A few fixes for display attributes (#20549) 2023-05-11 17:20:11 -04:00
Pratyoy Mukhopadhyay 7b807a9bb0
add ns path to granting_policies (#20522) 2023-05-04 15:08:22 -07:00
Victor Rodriguez 2656c020ae
Convert seal.Access struct into a interface (OSS) (#20510)
* Move seal barrier type field from Access to autoSeal struct.

Remove method Access.SetType(), which was only being used by a single test, and
which can use the name option of NewTestSeal() to specify the type.

* Change method signatures of Access to match those of Wrapper.

* Turn seal.Access struct into an interface.

* Tweak Access implementation.

Change `access` struct to have a field of type wrapping.Wrapper, rather than
extending it.

* Add method Seal.GetShamirWrapper().

Add method Seal.GetShamirWrapper() for use by code that need to perform
Shamir-specific operations.
2023-05-04 14:22:30 -04:00
Alexander Scheel 544ae3461f
Allow ensuring ticker is stopped multiple times (#20509)
When executing multi-stage, multi-namespace tests, stopping the ticker
multiple times (via closing the StopTicker channel) results in a panic.

Store whether or not we've stopped it once, and do not close it again.

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2023-05-04 14:14:06 +00:00
Hamid Ghaf 148263084d
adding support for four cluster docker based test scenario (#20492) 2023-05-03 10:49:45 -07:00
miagilepner 4cd982554e
VAULT-15840: Allow updates of only entity-alias custom-metadata (#20368)
* allow updates of only custom metadata

* add changelog
2023-05-01 12:42:30 +02:00
Nick Cabatoff e0093a2791
Simple perf replication test using docker containers (#20393) 2023-04-28 19:43:30 +00:00
Nick Cabatoff f19f537a4f
Add support for restarting docker nodes, and for providing args (#20409) 2023-04-28 14:03:14 -04:00
Nick Cabatoff a816ef6c15
Use a dedicated runner for the binary-based tests. (#20377) 2023-04-27 09:41:49 -04:00
davidadeleon 0d621ea47e
add nil check for mfa enforcement config namespace on login (#20375)
* add nil check for mfa enforcement config ns

* move nil check and add changelog
2023-04-26 16:52:39 -04:00
Nick Cabatoff f5b5662122
Don't require every test to specify a VaultLicense field (#20372) 2023-04-26 18:39:48 +00:00
Nick Cabatoff ad18fc6398
Docker testing: handle licensing, different images per node (#20347) 2023-04-25 17:11:46 -04:00
Nick Cabatoff 22b00eba12
Add support for docker testclusters (#20247) 2023-04-24 14:25:50 -04:00
Nick Cabatoff 313957b911
Add tests based on vault binary (#20224)
First steps towards docker-based tests: tests using vault binary in -dev or -dev-three-node modes.
2023-04-24 09:57:37 -04:00
Marc Boudreau 895564d615
Provide Descriptive Error when Enterprise-only Paths Called in Open-source Version (#18870)
* define ent paths in OSS codebase with common handler

* fixup! define ent paths in OSS codebase with common handler

* add missing path

* retain existing behaviour for replication/status path

* remove commented out path
2023-04-21 16:14:40 -04:00
Mike Palmiotto 8001d76e28
Refactor reporter for unseal setup (#20296) 2023-04-21 15:29:37 -04:00
Josh Black 1ae09ca6b6
OSS changes for new update-primary API endpoint (#20277)
* OSS changes for new update-primary API endpoint

* remove ENT specific piece

* remove another ENT specific field
2023-04-20 13:13:37 -07:00
Mike Palmiotto c0b8a9eddb
Add minimum_retention_months to config endpoint (#20150) 2023-04-13 18:33:23 +00:00
Anton Averchenkov 7e12300d7c
openapi: Add display attributes for cubbyhole/ (#19880) 2023-04-13 11:33:21 -04:00
Anton Averchenkov 14ac4fc045
openapi: Add display attributes for /sys (p2) (#19707) 2023-04-13 11:32:57 -04:00
Anton Averchenkov 254c5e2568
openapi: Add display attributes for /sys (p1) (#19706) 2023-04-13 11:32:26 -04:00
Anton Averchenkov d0cc7bc71a
openapi: Add display attributes for identity/ (remaining) (#19763) 2023-04-12 15:46:01 -04:00
Anton Averchenkov 31e123f7a0
openapi: Add display attributes for identity/group (#19762) 2023-04-12 15:45:12 -04:00
Anton Averchenkov 4b94669779
openapi: Add display attributes for identity/entity (#19760) 2023-04-12 15:44:43 -04:00
Anton Averchenkov f69bea9161
openapi: Add display attributes for identity/oidc (#19758) 2023-04-12 15:44:07 -04:00
Tom Proctor 9aa9686c81
Simplify tracking of external plugins (#20009) 2023-04-12 18:34:35 +01:00
miagilepner 1ea85c56d7
VAULT-14734: activity log write endpoint (#20019)
* add noop endpoint with testonly build flag

* add tests for endpoint

* cleanup

* fix test name

* add changelog

* pr fixes
2023-04-12 18:26:26 +02:00
Mike Palmiotto 1b5d527521
api: Add reporting fields to activitylog config endpoint (#20086)
This PR adds the internal reporting state to the
`internal/counters/config` read endpoint:
* reporting_enabled
* billing_start_timestamp
2023-04-12 12:02:28 -04:00
Hamid Ghaf 976ab9c87f
Revert "Remove dead licensing code and extra core setup (#20080)" (#20112)
This reverts commit 60d8bff89c490c5489c97b98b168de9a50239815.
2023-04-12 13:46:15 +00:00
Anton Averchenkov 618e79af82
openapi: Add display attributes for identity/mfa (#19757) 2023-04-11 16:00:35 -04:00
Christopher Swenson df8d0444dd
Remove dead licensing code and extra core setup (#20080)
The extra core setup is no longer needed in Vault Enterprise, and the
licensing code here has no effect here or in Vault Enterprise.

I pulled this commit into Vault Enterprise and it still compiled fine,
and all tests pass. (Though a few functions can be deleted there as
well after this is merged.)
2023-04-11 10:30:05 -07:00
miagilepner c8b4afd189
Require activity log retention months at least the minimum (#20078)
* reject retention month updates that are less than min retention months

* add changelog

* reword error

* switch to retention_months
2023-04-11 15:09:01 +00:00