Commit Graph

566 Commits

Author SHA1 Message Date
hc-github-team-secure-vault-core f66da5eda2
backport of commit bf05cfd64a8ac01e07c2b6b1e1db02390266c932 (#21957)
Co-authored-by: John-Michael Faircloth <fairclothjm@users.noreply.github.com>
2023-07-19 19:43:50 +00:00
hc-github-team-secure-vault-core 7b8c8e722c
backport of commit c2cbd5a578108d2447efc52f47f3bb7f7b69ee02 (#21819)
Co-authored-by: Austin Gebauer <34121980+austingebauer@users.noreply.github.com>
2023-07-13 10:27:03 -07:00
hc-github-team-secure-vault-core 93d2fc099f
VAULT-17592 Extract failed Go test results across runners (#21625) (#21672)
Co-authored-by: Kuba Wieczorek <kuba.wieczorek@hashicorp.com>
2023-07-07 18:52:01 +01:00
hc-github-team-secure-vault-core 820e38e259
backport of commit 304ecfc8e9d61536834e1e3904c3eee28411f6f8 (#21637)
Co-authored-by: Austin Gebauer <34121980+austingebauer@users.noreply.github.com>
2023-07-06 15:35:25 -07:00
hc-github-team-secure-vault-core 2c4e40eaf6
backport of commit 8bb9cbbebaed39b290590f79a8857f5ba01fbf16 (#21627)
Co-authored-by: Peter Wilson <peter.wilson@hashicorp.com>
2023-07-06 18:46:13 +01:00
hc-github-team-secure-vault-core 94213dacde
backport of commit c6ef0800a00f3634b869e1152cfbf5581753633f (#21576)
Co-authored-by: mickael-hc <86245626+mickael-hc@users.noreply.github.com>
2023-07-05 11:22:27 -04:00
hc-github-team-secure-vault-core c1e932ed20
backport of commit 17d63abdb1a8c0e0c3aaf649b34b4645d28dc17b (#21371)
Co-authored-by: Josh Black <raskchanky@gmail.com>
2023-06-20 21:19:13 +00:00
hc-github-team-secure-vault-core a485cf8f9a
backport of commit 82359a9e8ff8902be46f8c54864d594f83e1d41a (#20858)
Co-authored-by: Christopher Swenson <christopher.swenson@hashicorp.com>
2023-06-01 17:27:37 +00:00
hc-github-team-secure-vault-core 5b545ba747
backport of commit e5ae00a767fec245c954dd89cc3dec10d0b5f56b (#20857)
Co-authored-by: Christopher Swenson <christopher.swenson@hashicorp.com>
2023-06-01 16:51:54 +00:00
hc-github-team-secure-vault-core cdace6f002
Update MongoDB Atlas plugin to v0.10.0 (#20882) (#20896)
* Update MongoDB Atlas plugin to v0.10.0

* add changelog

* add a changelog with feature release note

* Update changelog/20882.txt



---------

Co-authored-by: Milena Zlaticanin <60530402+Zlaticanin@users.noreply.github.com>
Co-authored-by: Calvin Leung Huang <1883212+calvn@users.noreply.github.com>
2023-05-31 20:19:27 +00:00
hc-github-team-secure-vault-core a486b13957
backport of commit 63ccb60b9a6dadf717e6813f9789c7194a2375de (#20877)
Co-authored-by: Alexander Scheel <alex.scheel@hashicorp.com>
2023-05-30 23:49:24 +00:00
Max Coulombe 4c45de5b37
Updated snowflake plugin to v0.8.0 (#20807)
* updated snowflake plugin to v0.8.0
2023-05-26 09:48:25 -04:00
John-Michael Faircloth 5ed35b8257
update secrets/kubernetes and auth/kubernetes plugin versions (#20802)
* update secrets/kubernetes and auth/kubernetes plugin versions

* add changelog
2023-05-25 18:54:45 -05:00
Christopher Swenson 8fbca24c2f
fix: upgrade vault-plugin-auth-jwt to v0.16.0 (#20799) 2023-05-25 14:59:17 -07:00
Alexander Scheel 30488bc374
sdk/helper/nonce -> go-secure-stdlib/nonceutil (#20737)
Depends on https://github.com/hashicorp/go-secure-stdlib/pull/73

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2023-05-25 20:57:08 +00:00
vinay-gopalan f9f4b68a58
upgrade vault-plugin-secrets-alicloud to v0.15.0 (#20787) 2023-05-25 10:34:48 -07:00
Robert 2fa0953759
auth/kerberos: upgrade plugin version (#20771)
* Upgrade vault-plugin-auth-kerberos to v0.10.0
2023-05-25 17:29:42 +00:00
Robert a7054c643b
database/redis: upgrade plugin version (#20763)
* Upgrade vault-plugin-database-redis to v0.2.1
2023-05-25 17:25:18 +00:00
Raymond Ho e010999167
fix: upgrade vault-plugin-auth-cf to v0.15.0 (#20785) 2023-05-25 17:10:51 +00:00
Robert bd528daeef
database/elasticsearch: upgrade plugin version (#20767)
* Upgrade vault-plugin-database-elasticsearch to v0.13.2
2023-05-25 17:09:41 +00:00
vinay-gopalan ae2ebb1b1b
upgrade vault-plugin-auth-alicloud to v0.15.0 (#20758) 2023-05-25 09:56:48 -07:00
Raymond Ho 0d1ecfdc7d
fix: upgrade vault-plugin-secrets-terraform to v0.7.1 (#20748) 2023-05-25 16:47:08 +00:00
Robert 9c09bf1501
secrets/gcpkms: upgrade plugin version (#20784)
* Upgrade vault-plugin-secrets-gcpkms to v0.15.0
2023-05-25 16:39:00 +00:00
Christopher Swenson d0c364558c
fix: upgrade vault-plugin-database-couchbase to v0.9.2 (#20764) 2023-05-25 09:17:36 -07:00
Raymond Ho 8f83bee210
fix: upgrade vault-plugin-secrets-mongodbatlas to v0.10.0 (#20742) 2023-05-25 09:13:28 -07:00
Raymond Ho 400d47d93c
fix: upgrade vault-plugin-auth-centrify to v0.15.1 (#20745) 2023-05-25 09:13:11 -07:00
Max Coulombe 84b63ed833
Updated the azure secrets plugin (#20777)
* updated the azure secrets plugin
2023-05-25 11:27:33 -04:00
Daniel Huckins 958ccda6b1
agent: Add implementation for injecting secrets as environment variables to vault agent cmd (#20739)
* added exec and env_template config/parsing

* add tests

* we can reuse ctconfig here

* do not create a non-nil map

* check defaults

* Apply suggestions from code review

Co-authored-by: Anton Averchenkov <84287187+averche@users.noreply.github.com>

* Apply suggestions from code review

Co-authored-by: Anton Averchenkov <84287187+averche@users.noreply.github.com>

* first go of exec server

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* convert to list

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* convert to list

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* sig test

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* add failing example

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* refactor for config changes

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* add test for invalid signal

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* account for auth token changes

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* only start the runner once we have a token

* tests in diff branch

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* Apply suggestions from code review

Co-authored-by: Anton Averchenkov <84287187+averche@users.noreply.github.com>

* fix rename

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* Update command/agent/exec/exec.go

Co-authored-by: Anton Averchenkov <84287187+averche@users.noreply.github.com>

* apply suggestions from code review

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* cleanup

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* remove unnecessary lock

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* refactor to use enum

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* dont block

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* handle default

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* make more explicit

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* cleanup

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* remove unused

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* remove unused file

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* remove test app

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* Apply suggestions from code review

Co-authored-by: Anton Averchenkov <84287187+averche@users.noreply.github.com>

* apply suggestions from code review

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* update comment

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* add changelog

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* new channel for exec server token

* wire to run with vault agent

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* watch for child process to exit on its own

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* block before returning

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

---------

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>
Co-authored-by: Anton Averchenkov <84287187+averche@users.noreply.github.com>
2023-05-25 09:23:56 -04:00
Daniel Huckins 2343ff04f6
agent: Add implementation for injecting secrets as environment variables (#20628)
* added exec and env_template config/parsing

* add tests

* we can reuse ctconfig here

* do not create a non-nil map

* check defaults

* Apply suggestions from code review

Co-authored-by: Anton Averchenkov <84287187+averche@users.noreply.github.com>

* Apply suggestions from code review

Co-authored-by: Anton Averchenkov <84287187+averche@users.noreply.github.com>

* first go of exec server

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* convert to list

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* convert to list

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* sig test

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* add failing example

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* refactor for config changes

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* add test for invalid signal

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* account for auth token changes

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* only start the runner once we have a token

* tests in diff branch

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* Apply suggestions from code review

Co-authored-by: Anton Averchenkov <84287187+averche@users.noreply.github.com>

* fix rename

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* Update command/agent/exec/exec.go

Co-authored-by: Anton Averchenkov <84287187+averche@users.noreply.github.com>

* apply suggestions from code review

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* cleanup

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* remove unnecessary lock

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* refactor to use enum

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* dont block

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* handle default

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* make more explicit

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* cleanup

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* remove unused

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* remove unused file

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* remove test app

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* Apply suggestions from code review

Co-authored-by: Anton Averchenkov <84287187+averche@users.noreply.github.com>

* apply suggestions from code review

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* update comment

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* add changelog

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* watch for child process to exit on its own

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

---------

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>
Co-authored-by: Anton Averchenkov <84287187+averche@users.noreply.github.com>
2023-05-24 16:56:06 -04:00
Raymond Ho c921a74b56
fix: upgrade vault-plugin-secrets-openldap to v0.11.0 (#20753) 2023-05-24 13:45:24 -07:00
vinay-gopalan 1ef982849b
upgrade vault-plugin-secrets-ad to v0.16.0 (#20750) 2023-05-24 13:37:41 -07:00
Christopher Swenson 7956c382e6
fix: upgrade vault-plugin-database-redis-elasticache to v0.2.1 (#20751) 2023-05-24 20:15:53 +00:00
kpcraig 628c51516a
VAULT-12226: Add Static Roles to the AWS plugin (#20536)
Add static roles to the aws secrets engine

---------

Co-authored-by: maxcoulombe <max.coulombe@hashicorp.com>
Co-authored-by: vinay-gopalan <86625824+vinay-gopalan@users.noreply.github.com>
Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>
2023-05-24 14:55:13 -04:00
John-Michael Faircloth a151ec76dd
fix: upgrade vault-plugin-auth-oci to v0.14.0 (#20743) 2023-05-24 13:00:49 -05:00
John-Michael Faircloth a123ca2b6a
fix: upgrade vault-plugin-secrets-kv to v0.15.0 (#20746) 2023-05-24 13:00:23 -05:00
Christopher Swenson d12604eff2
fix: upgrade vault-plugin-auth-gcp to v0.16.0 (#20725) 2023-05-23 11:24:33 -07:00
Márk Sági-Kazár 258b2ef740
Upgrade go-jose library to v3 (#20559)
* upgrade go-jose library to v3

Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com>

* chore: fix unnecessary import alias

Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com>

* upgrade go-jose library to v2 in vault

Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com>

---------

Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com>
2023-05-23 12:25:58 +00:00
Daniel Huckins 2658dcf48d
agent: Add support for parsing env_template configuration files (#20598)
* added exec and env_template config/parsing

* add tests

* we can reuse ctconfig here

* do not create a non-nil map

* check defaults

* Apply suggestions from code review

Co-authored-by: Anton Averchenkov <84287187+averche@users.noreply.github.com>

* Apply suggestions from code review

Co-authored-by: Anton Averchenkov <84287187+averche@users.noreply.github.com>

* convert to list

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* convert to list

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* sig test

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* add failing example

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* add test for invalid signal

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* Update command/agent/config/config.go

* use latest consul-template

* fix build

* fix test

* fix test fixtures

* make fmt

* test docs

* rename file

* env var -> environment variable

* default to SIGTERM

* empty line

* explicit naming

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* clean typo

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* replace $ HOME with /home/username in examples

* remove empty line

---------

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>
Co-authored-by: Anton Averchenkov <84287187+averche@users.noreply.github.com>
Co-authored-by: Anton Averchenkov <anton.averchenkov@hashicorp.com>
2023-05-19 18:11:41 -04:00
Anton Averchenkov f551f4e5ba
cli: Add 'agent generate-config' sub-command (#20530) 2023-05-19 13:42:19 -04:00
Nick Cabatoff 22b00eba12
Add support for docker testclusters (#20247) 2023-04-24 14:25:50 -04:00
Nick Cabatoff 313957b911
Add tests based on vault binary (#20224)
First steps towards docker-based tests: tests using vault binary in -dev or -dev-three-node modes.
2023-04-24 09:57:37 -04:00
Nick Cabatoff 21f3977639
Use a current version of etcd (#20261)
Use a current version of etcd, remove the replace hack in go.mod that was intended to be temporary.
2023-04-19 14:17:11 -04:00
Raymond Ho e26aa0aff2
update vault-plugin-secrets-openldap@main (#19993) 2023-04-05 14:40:08 -07:00
John-Michael Faircloth de68f1820e
upgrade mongo driver to 1.11 (#19954)
* upgrade mongo driver to 1.11

* add changelog

* fix failing test comparison

* ignore http.Transport
2023-04-03 22:18:18 -05:00
Violet Hynes a2f457e10c
VAULT-12940 Vault Agent uses Vault Agent specific User-Agent header when issuing requests (#19776)
* VAULT-12940 test for templating user agent

* VAULT-12940 User agent work so far

* VAULT-12940 Vault Agent uses Vault Agent specific User-Agent header when issuing requests

* VAULT-12940 Clean-up and godocs

* VAULT-12940 changelog

* VAULT-12940 Fix test checking headers

* VAULT-12940 Fix test checking headers

* VAULT-12940 Fix test checking headers

* VAULT-12940 Fix test checking headers

* VAULT-12940 copy/paste typos

* VAULT-12940 improve comments, use make(http.Header)

* VAULT-12940 small typos and clean-up
2023-04-03 14:14:47 -04:00
Peter Wilson a2bdf7250b
VAULT-14048: raft-autopilot appears to refuse to remove a node which has left and wouldn't impact stability (#19472)
* ensure we supply the node type when it's for a voter
* bumped autopilot version back to v0.2.0 and ran go mod tidy
* changed condition in knownservers and added some comments
* Export GetRaftBackend
* Updated tests for autopilot (related to dead server cleanup)
* Export Raft NewDelegate

Co-authored-by: Nick Cabatoff <ncabatoff@hashicorp.com>
2023-04-03 11:58:57 -04:00
Max Coulombe af20d4a6aa
Bumping ad dependencies (#19829)
* bumping ad dependencies
2023-03-31 11:01:02 -04:00
Milena Zlaticanin 73edda4d1f
secrets/mongodbatlas: upgrade dependencies (#19861)
* secrets/mongodbatlas: upgrade dependencies

* add changelog
2023-03-30 11:24:31 -07:00
John-Michael Faircloth ebd97f1fb2
plugin/secrets/alicloud: upgrade dependencies (#19846)
* plugin/secrets/alicloud: upgrade dependencies

* add changelog
2023-03-30 11:11:15 -04:00
vinay-gopalan f2a4b23b7f
Update pseudo-version for Secrets Terraform plugin (#19798) 2023-03-29 09:01:35 -07:00