This checks the request against the `read` permission for
`sys/events/subscribe/{eventType}` on the initial subscribe.
Future work includes moving this to its own verb (`subscribe`)
and periodically rechecking the request.
Tested locally by minting a token with the wrong permissions
and verifying that they are rejected as expected, and that
they work if the policy is adjusted to `sys/event/subscribe/*`
(or the specific topic name) with `read` permissions.
I had to change the `core.checkToken()` to be publicly accessible,
as it seems like the easiest way to check the token on the
`logical.Request` against all relevant policies, but without
going into all of the complex logic further in `handleLogical()`.
Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com>
* The verify-sign command in it's cleanest existing form.
* Working state
* Updates to proper verification syntax
Co-authored-by: 'Alex Scheel' <alex.scheel@hashicorp.com>
* make fmt
* Base functionality.
* make fmt; changelog
* pki issue command.
* Make fmt. Changelog.
* Error Handling Is Almost A Tutorial
* Issue and ReIssue are Almost the Same Command
* Make Fmt + Changelog.
* Make some of the tests go.
* make fmt
* Merge fix (take 2)
* Fix existing support, add support for use_pss, max_path_length, not_after, permitted_dns_domains and skid
* Good Test which Fails
* Test-correction.
* Fix update to key_type key_bits; allow "," in OU or similar
* More specific includeCNinSANs
* Add tests around trying to use_pss on an ec key.
* GoDoc Test Paragraph thing.
---------
Co-authored-by: 'Alex Scheel' <alex.scheel@hashicorp.com>
* add show page for generated CSR
* fix typo, make key-id copyable
* add tests
* move pki tests to designated folder
* list keys when in between state after CSR generation
* uses customTTL for generateing role cert and adds privateKeyFormat
* Revert "move pki tests to designated folder"
This reverts commit 82b60e4beab0717bbace8dee64cc0863a5488079.
* Revert "add tests"
This reverts commit 3c90fc9abacf8309d2cf9f1b90299a5153b743da.
* Revert "fix typo, make key-id copyable"
This reverts commit 8e6f5a1f4580229e6de8f6e919945f03ee29ac3d.
* revert accidental parent commits
* Revert "list keys when in between state after CSR generation"
This reverts commit c01d7852a46d41a72e5eace28aafed5daa93f70f.
* fix empty arrays removed when serialized
* fix comment;
g
* update test
* add show page for generated CSR
* fix typo, make key-id copyable
* add tests
* move pki tests to designated folder
* list keys when in between state after CSR generation
* update tests
* fix: upgrade vault-plugin-secrets-mongodbatlas to v0.9.1
* add changelog
* Update changelog/19111.txt
Co-authored-by: Max Coulombe <109547106+maxcoulombe@users.noreply.github.com>
* use correct plugin type in changelog
---------
Co-authored-by: Max Coulombe <109547106+maxcoulombe@users.noreply.github.com>
Also updates the event receieved to include a timestamp.
Websockets support both JSON and protobuf binary formats.
This can be used by either `wscat` or the new
`vault events subscribe`:
e.g.,
```sh
$ wscat -H "X-Vault-Token: $(vault print token)" --connect ws://127.0.0.1:8200/v1/sys/events/subscribe/abc?json=true
{"event":{"id":"5c5c8c83-bf43-7da5-fe88-fc3cac814b2e", "note":"testing"}, "eventType":"abc", "timestamp":"2023-02-07T18:40:50.598408Z"}
...
```
and
```sh
$ vault events subscribe abc
{"event":{"id":"5c5c8c83-bf43-7da5-fe88-fc3cac814b2e", "note":"testing"}, "eventType":"abc", "timestamp":"2023-02-07T18:40:50.598408Z"}
...
```
Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com>
* glimmerize alert-banner
* remove conditional commented out
* add assert to require type
* add assert for if message type not included
* amend alert-inline test
- Match the existing vault kv capitalization scheme for Synopsis help of each sub-command.
- A few small tweaks as well to the messages text in a few cases