Commit graph

19 commits

Author SHA1 Message Date
Hamid Ghaf 27bb03bbc0
adding copyright header (#19555)
* adding copyright header

* fix fmt and a test
2023-03-15 09:00:52 -07:00
Kuba Wieczorek 51004568aa
update vault auth submodules to new version of API (#19127) 2023-02-10 08:12:10 -08:00
Anton Averchenkov 7097166b77
Update vault and api/auth submodules to use api/v1.8.3 (#18773) 2023-01-20 11:44:03 -05:00
AnPucel ed1928ca61
Update vault to v1.8.1 (#17516)
* Update vault to v1.8.1

* Updating api/auth to use new version of api
2022-10-20 11:56:55 -07:00
Steven Clark ba096f9dfa
update vault auth submodules to api/v1.8.0 (#17228) 2022-09-20 10:51:51 -04:00
Josh Black d8e0a13aae
update gofumpt to 0.3.1 and reformat the repo (#17055)
* update gofumpt to 0.3.1 and reformat the repo

* output the version of the formatter we're using
2022-09-07 17:31:20 -07:00
VAL 12e7c4553c
Update to use latest api version (#16329) 2022-07-18 10:36:50 -07:00
Christopher Swenson a49f1b9e6b
Update AWS auth method certificates (#15719)
Update AWS auth method certificates

Add tests that the `rsa2048` document can also be verified using the
`pkcs7` field for AWS auth.

Due to the use of SHA-1-based signatures for the `identity` and `pkcs7`
methods, we want to encourage moving toward using the RSA 2048 workflow,
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/verify-rsa2048.html

This doesn't require code changes for Vault necessarily, but adding in
the (many) certificates will help end users.

Also adds `rsa2048` option to API to fetch the RSA 2048 signature.

I will make a PR to update to the AWS auth docs to document the RSA 2048
flow soon after this.
2022-06-01 10:26:17 -07:00
Christopher Swenson e6fb16be9c
Remove spurious fmt.Printf calls including one of a key (#15344)
And add a semgrep for fmt.Printf/Println.
2022-05-19 12:27:02 -07:00
Anton Averchenkov c74feaa6ac
Use WriteWithContext in auth helpers (#14775) 2022-04-06 11:20:34 -04:00
Anton Averchenkov de6d55d4a9
Update Vault to use api/v1.5.0 (#14718) 2022-03-28 12:11:03 -04:00
Victor Rodriguez 6f8def2873
Run 'make fmt'. (#13914) 2022-02-04 16:54:06 -05:00
Ricky Grassmuck edd5b69376
[API] Add LDAP auth method (#13841)
* [api] Add LDAP auth method

This commit adds LDAP to the available Vault API auth methods.

* Add changelog entry for PR 13841

* Obtain password for LDAPAuth from File/EnvVar

* Fix name of package in error message
2022-02-04 11:10:51 -08:00
Josh Black d249fad2df
reformat using 'make fmt' (#13794) 2022-01-27 10:06:34 -08:00
VAL 532dd354a6
update vault and auth submodules to api v1.3.1 (#13509) 2021-12-23 09:45:30 -08:00
Anton Averchenkov 5af2b699fe
Respect WithWrappingToken for all secret ID's in approle auth (#13241) 2021-11-23 15:53:48 -08:00
VAL e18f180609
GCP and Azure Login methods for Go client library (#13022)
* Add native Login method for GCP auth backend

* Add native Login method for Azure auth backend

* Add changelog entry

* Use official azure library Environment struct rather than passing string, add timeouts

* Use v1.3.0 which now has interface definition

* Don't throw away error and close resp body

* Back to WithResource so we can support non-Azure URLs for aud
2021-11-12 09:32:05 -08:00
VAL 558672797e
Remove reference to local api module, use v1.3.0 (#13105) 2021-11-09 14:49:46 -08:00
VAL a44505dd06
Native Login method for Go client (#12796)
* Native Login method, userpass and approle interfaces to implement it

* Add AWS auth interface for Login, unexported struct fields for now

* Add Kubernetes client login

* Add changelog

* Add a test for approle client login

* Return errors from LoginOptions, use limited reader for secret ID

* Fix auth comment length

* Return actual type not interface, check for client token in tests

* Require specification of secret ID location using SecretID struct as AppRole arg

* Allow password from env, file, or plaintext

* Add flexibility in how to fetch k8s service token, but still with default

* Avoid passing strings that need to be validated by just having different login options

* Try a couple real tests with approle and userpass login

* Fix method name in comment

* Add context to Login methods, remove comments about certain sources being inherently insecure

* Perform read of secret ID at login time

* Read password from file at login time

* Pass context in integ tests

* Read env var values in at login time, add extra tests

* Update api version

* Revert "Update api version"

This reverts commit 1ef3949497dcf878c47e0e5ffcbc8cac1c3c1679.

* Update api version in all go.mod files
2021-10-26 16:48:48 -07:00