* added audit-hash operations
* more audit paths
Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>
* added audit fields
* add changelog file
* dynamic fields should be nil
Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>
* start to add test helper
Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>
* add tests for /sys/audit openapi paths
Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>
Co-authored-by: Anton Averchenkov <anton.averchenkov@hashicorp.com>
* Ember Engine for Kubernetes Secrets Engine (#17881)
* adds in-repo ember engine for kubernetes secrets engine
* updates kubernetes engine class name
* Kubernetes route plumbing (#17895)
* kubernetes route plumbing
* adds kubernetes role index route with redirect to details
* adds kubernetes as mountable and supported secrets engine (#17891)
* adds models, adapters and serializers for kubernetes secrets engine (#18010)
* adds mirage factories and handlers for kubernetes (#17943)
* Kubernetes Secrets Engine Configuration (#18093)
* moves RadioCard component to core addon
* adds kubernetes configuration view
* fixes tests using RadioCard after label for and input id changes
* adds confirm modal when editing kubernetes config
* addresses review comments
* Kubernetes Configuration View (#18147)
* removes configuration edit and index routes
* adds kubernetes configuration view
* Kubernetes Roles List (#18211)
* removes configuration edit and index routes
* adds kubernetes configuration view
* adds kubernetes secrets engine roles list view
* updates role details disabled state to explicitly check for false
* VAULT-9863 Kubernetes Overview Page (#18232)
* Add overview page view
* Add overview page tests
* Address feedback to update tests and minor changes
* Use template built in helper for conditionally showing num roles
* Set up roleOptions in constructor
* Set up models in tests and fix minor bug
* Kubernetes Secrets Engine Create/Edit Views (#18271)
* moves kv-object-editor to core addon
* moves json-editor to core addon
* adds kubernetes secrets engine create/edit views
* updates kubernetes/role adapter test
* addresses feedback
* fixes issue with overview route showing 404 page (#18303)
* Kubernetes Role Details View (#18294)
* moves format-duration helper to core addon
* adds kubernetes secrets engine role details view
* adds tests for role details page component
* adds capabilities checks for toolbar actions
* fixes list link for secrets in an ember engine (#18313)
* Manual Testing: Bug Fixes and Improvements (#18333)
* updates overview, configuration and roles components to pass args for individual model properties
* bug fixes and improvements
* adds top level index route to redirect to overview
* VAULT-9877 Kubernetes Credential Generate/View Pages (#18270)
* Add credentials route with create and view components
* Update mirage response for creds and add ajax post call for creds in adapter
* Move credentials create and view into one component
* Add test classes
* Remove files and update backend property name
* Code cleanup and add tests
* Put test helper in helper function
* Add one more test!
* Add code optimizations
* Fix model in route and add form
* Add onSubmit to form and preventDefault
* Fix tests
* Update mock data for test to be strong rather than record
* adds acceptance tests for kubernetes secrets engine roles (#18360)
* VAULT-11862 Kubernetes acceptance tests (#18431)
* VAULT-12185 overview acceptance tests
* VAULT-12298 credentials acceptance tests
* VAULT-12186 configuration acceptance tests
* VAULT-12127 Refactor breadcrumbs to use breadcrumb component (#18489)
* VAULT-12127 Refactor breadcrumbs to use Page::Breadcrumbs component
* Fix failing tests by adding breadcrumbs properties
* VAULT-12166 add jsdocs to kubernetes secrets engine pages (#18509)
* fixes incorrect merge conflict resolution
* updates kubernetes check env vars endpoint (#18588)
* hides kubernetes ca cert field if not defined in configuration view
* fixes loading substate handling issue (#18592)
* adds changelog entry
Co-authored-by: Kianna <30884335+kiannaquach@users.noreply.github.com>
* Refactor CRL building into separate functions
This will allow us to add the ability to add and build a unified CRL
across all clusters, reusing logic that is common to both, but letting
each have their own certificate lists.
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
* Rename localCRLConfigEntry->internalCRLConfigEntry
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
* Rename Delta WALs to Local Delta WALs
This adds clarity that we'll have a separate local and remote Delta CRL
and WALs for each.
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
For example, using:
```sh
vault server -dev -experiment events.beta1
```
Tested by checking that the events were enabled and disabled
when the `-experiment events.beta1` flag was present and absent.
Also added a small fix to pass the `hclog.Logger` in now so that
the logging hierarchy and levels are respected.
Using RunCommand(...) to set format to JSON for PKI HC tests results in
multiple initCommands(...) being called, overwriting the same global
variable. Nobody else calls the test suite in this way, so remove
t.Parallel() as the CLI isn't really meant to be called in parallel and
there might be other issues.
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
* OpenAPI `generic_mount_paths` follow-up
An incremental improvement within larger context discussed in #18560.
* Following the revert in #18617, re-introduce the change from
`{mountPath}` to `{<path-of-mount>_mount_path}`; this is needed, as
otherwise paths from multiple plugins would clash - e.g. almost every
auth method would provide a conflicting definition for
`auth/{mountPath}/login`, and the last one written into the map would
win.
* Move the half of the functionality that was in `sdk/framework/` to
`vault/logical_system.go` with the rest; this is needed, as
`sdk/framework/` gets compiled in to externally built plugins, and
therefore there may be version skew between it and the Vault main
code. Implementing the `generic_mount_paths` feature entirely on one
side of this boundary frees us from problems caused by this.
* Update the special exception that recognizes `system` and `identity`
as singleton mounts to also include the other two singleton mounts,
`cubbyhole` and `auth/token`.
* Include a comment that documents to restricted circumstances in which
the `generic_mount_paths` option makes sense to use:
// Note that for this to actually be useful, you have to be using it with
// a Vault instance in which you have mounted one of each secrets engine
// and auth method of types you are interested in, at paths which identify
// their type, and for the KV secrets engine you will probably want to
// mount separate kv-v1 and kv-v2 mounts to include the documentation for
// each of those APIs.
* Fix tests
Also remove comment "// TODO update after kv repo update" which was
added 4 years ago in #5687 - the implied update has not happened.
* Add changelog
* Update 18663.txt
Creates a new `eventbus` package under `vault` with
an implementation of the `go-eventlogger` broker.
Also creates a stub of a common broker that will be accessible
in the core, and creates a simple event sending interface.
* Inital pki overview page code setup
* Add more properties to pki-overview
* Remove previous selectable card component and update template
* Add capability check for roles and issuers
* Add acceptance tests for overview page
* Update SelectableCardForm component
* Code refactor!
* Add selectable-card-form test
* More code cleanup and move function to test helper file
* Address most feedback. Pending refactor of issue certificate card!
* Add integration test
* Moves form to SelectableCard and add tests
* Add jsdoc props to SelectableCard and fix placeholder
* Move back SelectableCard
* Covert to typescript and finish up tests
* Dont use try catch for hasConfig
* Add overview card test
* More overview card tests
* Address feedback!
Removing the timeout logic from raw-response functions and adding documentation comments. The following functions are affected:
- `ReadRaw`
- `ReadRawWithContext` (newly added)
- `ReadRawWithData`
- `ReadRawWithDataWithContext`
The previous logic of using `ctx, _ = c.c.withConfiguredTimeout(ctx)` could cause a potential [context leak](https://pkg.go.dev/context):
> Failing to call the CancelFunc leaks the child and its children until the parent is canceled or the timer fires. The go vet tool checks that CancelFuncs are used on all control-flow paths.
Cancelling the context would have caused more issues since the context would be cancelled before the request body is closed.
Resolves: #18658
* Ensure OCI creds are set for acc test
* Ensure AWS creds are resolvable before testing
Co-authored-by: Michael Anthony <5498095+manthonygfp@users.noreply.github.com>
Vault has gradually had the ability to pass query-string parameters
added to GET, then DELETE, and now recently LIST requests. Update
a comment which seems to date back to when no query-string parameters
were used at all.
This PR modifies every test in `builtin/credentials/approle/path_role_test.go` with new validation checks to ensure that approle/path_role successful responses align with the declared response schema.
It also introduces a test helper in `sdk/helper/testhelpers`:
```go
func FindResponseSchema(t *testing.T, ...)
```
This test helper will be useful for all plugins that require similar response schema validation in tests.
### Background
This PR is part of the ongoing work to add structured responses in Vault OpenAPI (VLT-234)
This pull request adds 3 functions (and corresponding tests):
`testhelpers/response_validation.go`:
- `ValidateResponse`
- `ValidateResponseData`
field_data.go:
- `ValidateStrict` (has the "strict" validation logic)
The functions are primarily meant to be used in tests to ensure that the responses are consistent with the defined response schema. An example of how the functions can be used in tests can be found in #18636.
### Background
This PR is part of the ongoing work to add structured responses in Vault OpenAPI (VLT-234)
* Rename revokeCert variable to identify serial number formatting
* Refactor out lease specific behavior out of revokeCert
- Isolate the specific behavior regarding revoking lease specific
certificates outside of the revokeCert function and into the only
caller that leveraged used it.
- This allows us to simplify revokeCert a little bit and keeps the
function purely about revoking a certificate
* Within revokeCert short circuit the already revoked use-case
- Make the function a little easier to process by exiting early
if the certificate has already been revoked.
* Do not load certificates from storage multiple times during revocation
- Isolate the loading of a certificate and parsing of a certificate
into a single attempt, either when provided the certificate for BYOC
revocation or strictly from storage for the other revocation types.
* With BYOC write certificate entry using dashes not the legacy colon char
* build object-list-component WIP
* finish component functionality
* refactor so handleChange is separate function and does not send empty last object to parent
* add inputValue as an arg to pre-fill component
* finish tests
* final cleanup, add comments and assertions
* add aria-labels
* Update ui/lib/core/addon/components/object-list-input.js
* Update ui/lib/core/addon/components/object-list-input.hbs
Co-authored-by: Chelsea Shaw <82459713+hashishaw@users.noreply.github.com>
Co-authored-by: Chelsea Shaw <82459713+hashishaw@users.noreply.github.com>