Commit graph

2817 commits

Author SHA1 Message Date
Josh Black 1ae09ca6b6
OSS changes for new update-primary API endpoint (#20277)
* OSS changes for new update-primary API endpoint

* remove ENT specific piece

* remove another ENT specific field
2023-04-20 13:13:37 -07:00
Mike Palmiotto c0b8a9eddb
Add minimum_retention_months to config endpoint (#20150) 2023-04-13 18:33:23 +00:00
Anton Averchenkov 7e12300d7c
openapi: Add display attributes for cubbyhole/ (#19880) 2023-04-13 11:33:21 -04:00
Anton Averchenkov 14ac4fc045
openapi: Add display attributes for /sys (p2) (#19707) 2023-04-13 11:32:57 -04:00
Anton Averchenkov 254c5e2568
openapi: Add display attributes for /sys (p1) (#19706) 2023-04-13 11:32:26 -04:00
Anton Averchenkov d0cc7bc71a
openapi: Add display attributes for identity/ (remaining) (#19763) 2023-04-12 15:46:01 -04:00
Anton Averchenkov 31e123f7a0
openapi: Add display attributes for identity/group (#19762) 2023-04-12 15:45:12 -04:00
Anton Averchenkov 4b94669779
openapi: Add display attributes for identity/entity (#19760) 2023-04-12 15:44:43 -04:00
Anton Averchenkov f69bea9161
openapi: Add display attributes for identity/oidc (#19758) 2023-04-12 15:44:07 -04:00
Tom Proctor 9aa9686c81
Simplify tracking of external plugins (#20009) 2023-04-12 18:34:35 +01:00
miagilepner 1ea85c56d7
VAULT-14734: activity log write endpoint (#20019)
* add noop endpoint with testonly build flag

* add tests for endpoint

* cleanup

* fix test name

* add changelog

* pr fixes
2023-04-12 18:26:26 +02:00
Mike Palmiotto 1b5d527521
api: Add reporting fields to activitylog config endpoint (#20086)
This PR adds the internal reporting state to the
`internal/counters/config` read endpoint:
* reporting_enabled
* billing_start_timestamp
2023-04-12 12:02:28 -04:00
Hamid Ghaf 976ab9c87f
Revert "Remove dead licensing code and extra core setup (#20080)" (#20112)
This reverts commit 60d8bff89c490c5489c97b98b168de9a50239815.
2023-04-12 13:46:15 +00:00
Anton Averchenkov 618e79af82
openapi: Add display attributes for identity/mfa (#19757) 2023-04-11 16:00:35 -04:00
Christopher Swenson df8d0444dd
Remove dead licensing code and extra core setup (#20080)
The extra core setup is no longer needed in Vault Enterprise, and the
licensing code here has no effect here or in Vault Enterprise.

I pulled this commit into Vault Enterprise and it still compiled fine,
and all tests pass. (Though a few functions can be deleted there as
well after this is merged.)
2023-04-11 10:30:05 -07:00
miagilepner c8b4afd189
Require activity log retention months at least the minimum (#20078)
* reject retention month updates that are less than min retention months

* add changelog

* reword error

* switch to retention_months
2023-04-11 15:09:01 +00:00
Alexander Scheel f0fc48c788
Only log stopping rollback manager once (#20041)
When testing the Rollback Manager's one-time invocation in Enterprise,
it was noticed that due to the channel being closed, we'd always hit
this case and thus spam logs rather quickly with this message.

Switch to a boolean flip to log this once, as it is not executed in
parallel and thus doesn't need a sync.Once.

This only affected anyone calling the test core's
StopAutomaticRollbacks() helper.

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2023-04-10 13:24:03 -04:00
Anton Averchenkov 56698d6d15
openapi: Add display attributes for token/ (#19399) 2023-04-06 11:11:49 -04:00
miagilepner 3b91b9ebbf
VAULT-14733: SegmentReader interface for reading activity log segments (#19934)
* create a segment reader for activity log segment

* fix imports

* updates based on comments
2023-04-06 16:23:41 +02:00
Thy Ton fcf06d5874
feat: add plugin metadata to audit logging (#19814) 2023-04-06 00:41:07 -07:00
Jason O'Donnell e4e34c0f96
Add extra ssct gen counter debug logs (#19980) 2023-04-05 13:06:57 -04:00
miagilepner 09adb9ee12
VAULT-14733: Refactor processClientRecord in activity log (#19933) 2023-04-04 14:50:19 +02:00
Peter Wilson a2bdf7250b
VAULT-14048: raft-autopilot appears to refuse to remove a node which has left and wouldn't impact stability (#19472)
* ensure we supply the node type when it's for a voter
* bumped autopilot version back to v0.2.0 and ran go mod tidy
* changed condition in knownservers and added some comments
* Export GetRaftBackend
* Updated tests for autopilot (related to dead server cleanup)
* Export Raft NewDelegate

Co-authored-by: Nick Cabatoff <ncabatoff@hashicorp.com>
2023-04-03 11:58:57 -04:00
Steven Clark b1c557bd73
Extend expiration of diagnose test-fixture certificate (#19868)
- Regenerated with
    - openssl x509 -x509toreq -in xxx.crt -signkey xxx -out xxx.csr
    - openssl x509 -req -in xxx.csr -signkey xxx.pem -days 18250 -out xxx.crt
2023-04-03 09:34:58 -04:00
miagilepner de56c728a1
VAULT-13191: OSS changes (#19891)
* add open source changes for reporting

* fix function signature

* add changelog
2023-03-31 15:05:16 +00:00
Alexander Scheel e95fadd8f0
Add mechanism to disable automatic rollbacks (#19748)
When testing the rollback mechanism, there's two categories of tests
typically written:

 1. Ones in which the rollback manager is entirely left alone, which
    usually are a bit slower and less predictable. However, it is still
    sufficient in many scenarios.
 2. Ones in which the rollback manager is explicitly probed by tests
    and "stepped" to achieve the next rollback.

Here, without a mechanism to fully disable the rollback manager's
periodic ticker (without affecting its ability to work!) we'll continue
to see races of the sort:

>     --- FAIL: TestRevocationQueue (50.95s)
>     panic: sync: WaitGroup is reused before previous Wait has returned [recovered]
>         panic: sync: WaitGroup is reused before previous Wait has returned

This allows us to disable the ticker, returning control to the test
suite entirely.

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2023-03-29 08:59:01 -04:00
Daniel Huckins 243c86b2c5
VAULT-12144: add openapi responses for /sys/rotate endpoints (#18624)
* responses for rotate endpoints

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* added changelog

* add test for rotate config

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* update to use newer function

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* use new func

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

---------

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>
2023-03-28 15:40:48 -04:00
Daniel Huckins 4b52cea28c
VAULT-12144: add openapi responses for /sys/seal endpoints (#18625)
* added responses to seal/unseal endpoints

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* add response for /seal-status

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* added change log

---------

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>
2023-03-28 15:39:08 -04:00
Daniel Huckins e33b87a2c3
VAULT-12144: add openapi responses for assorted /sys endpoints (#18628)
* added response struct for version-history

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* add response struct for leader

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* add response struct for ha-status

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* add response struct for host-info

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* add response struct for in-flight-req

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* added changelog

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* Apply suggestions from code review

Co-authored-by: Anton Averchenkov <84287187+averche@users.noreply.github.com>

* make fmt

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

---------

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>
Co-authored-by: Anton Averchenkov <84287187+averche@users.noreply.github.com>
2023-03-28 15:38:35 -04:00
Daniel Huckins d8191e0a4b
mark internal/counters/requests as deprecated (#19359)
Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>
2023-03-28 15:31:20 -04:00
Daniel Huckins f34313e611
VAULT-12144: add openapi responses for /sys/wrapping endpoints (#18627)
* add response structures for /sys/wrapping endpoints

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* added changelog

* dynamic tests should be nil

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

---------

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>
2023-03-28 11:12:34 -04:00
Violet Hynes 44894253fc
VAULT-8337 OSS changes part 2 (#19698) 2023-03-28 10:32:30 -04:00
Daniel Huckins e3d3d6e528
VAULT-12144: add openapi responses for /sys/tools endpoints (#18626)
* add struct for /sys/tools/hash

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* added responses for /sys/tools paths

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* add changelog

* verify respose structure for hash

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* verify respose structure for hash/random

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* use newer testing funct

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* use new test method

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

---------

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>
2023-03-24 23:11:39 +00:00
Nick Cabatoff fae3e31fda
Address regression introduced by #15493 for non-raft storage backends. (#19721) 2023-03-24 10:15:25 -04:00
Violet Hynes db31cf2da2
Revert "VAULT-8337 OSS changes" (#19700)
This reverts commit 160196f4bc270ea0698b894d4f5f3e84426b77c9.
2023-03-23 11:47:10 -04:00
Nick Cabatoff 7de257de46
Make sure that we specify Backoff in conjunction with MinConnectTimeout, else we get a zero value. (#19701) 2023-03-23 10:21:28 -04:00
Nick Cabatoff 06e3f971ef
Allow overriding gRPC's connection timeout with VAULT_GRPC_MIN_CONNECT_TIMEOUT (#19676) 2023-03-22 18:51:37 +00:00
Chris Capurso 12cf80fafd
user Platform from host info for node status OS (#19611) 2023-03-21 09:53:31 -04:00
Mike Palmiotto d6a1cc63ac
activitylog: Fix pq.Get trace logger output (#19650) 2023-03-20 19:35:40 -04:00
Mike Palmiotto 2381e6be66
Add no-op CensusAgent (#19625)
* Add no-op CensusAgent

* Changelog for Census Agent background worker
2023-03-20 10:51:35 -04:00
Violet Hynes e627737fe8
VAULT-8337 OSS changes (#19580) 2023-03-20 09:04:55 -04:00
Tom Proctor f1f5c8444a
Suppress event broker not started log warning (#19593) 2023-03-20 11:14:14 +00:00
Chris Capurso 078d4eef7c
update link policy fetch URL (#19371)
* update link policy fetch URL

* fix fmt
2023-03-17 09:09:25 -04:00
Violet Hynes 943678e359
Fix remount for mounts with spaces in the name (#19585)
* Fix remount for mounts with spaces in the name

* Git mishap

* Git mishap

* Changelog

* Godocs for tests
2023-03-16 15:26:55 -04:00
Hamid Ghaf 27bb03bbc0
adding copyright header (#19555)
* adding copyright header

* fix fmt and a test
2023-03-15 09:00:52 -07:00
John-Michael Faircloth 1553c310c4
Fix a possible data race with rollback manager and plugin reload (#19468)
* fix data race on plugin reload

* add changelog

* add comment for posterity

* revert comment and return assignment in router.go

* rework plugin continue on error tests to use compilePlugin

* fix race condition on route entry

* add test for plugin reload and rollback race detection

* add go doc for test
2023-03-14 09:36:37 -05:00
Marc Boudreau f286ee5b3c
Fix failing TestHCPLinkConnected Test (#19474)
* replace use of os.Unsetenv in test with t.Setenv and remove t.Parallel from test that rely on env being modified.

* experiment with using fromJSON function

* revert previous experiment

* including double quotes in the output value for the string ubuntu-latest

* use go run to launch gofumpt
2023-03-09 13:46:54 -05:00
nsimons d91d2ceaf8
Fix cubbyhole and token revocation for legacy service tokens (#19416)
* Fix cubbyhole and revocation for legacy service tokens

Legacy service tokens generated in Vault 1.10+ with env var
VAULT_DISABLE_SERVER_SIDE_CONSISTENT_TOKENS=true are not assigned
a cubbyhole ID. The implication is that cubbyhole/ cannot be
used, nor can the tokens be revoked.

This commit assigns a cubbyhole ID to these tokens and adds
a new test case to see that cubbyhole and revocation works correctly.

* add changelog

* add godoc to test cases
2023-03-06 15:09:45 -05:00
miagilepner ac36b31846
VAULT-13729 activity log test godocs (#19433)
* add godocs to activity log tests

* format

* add trailing periods
2023-03-06 13:08:22 +01:00
Daniel Huckins d9229a5fba
VAULT-12112: add openapi responses for /sys/internal endpoints (#18542)
* added responses for sys/internal/ui/mounts

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* responses for internal paths

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* added changelog

* add schema validation for internal/ui/mounts

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* add counters test

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* update test to use new method

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* use new method in TestSystemBackend_InternalUIMounts

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* :rage4: fixed test, diff between core.HandleRequest and backend.HandleRequest

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* test feature flags

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

---------

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>
2023-02-24 15:03:21 -05:00