* Enable creation of accounts
- Refactors many methods to take an acmeContext, which holds the
storageContext on it.
- Updates the core ACME Handlers to use *acmeContext, to avoid
copying structs.
- Makes JWK exported so the JSON parser can find it.
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
* Finish ACME account creation
- This ensures a Kid is created when one doesn't exist
- Expands the parsed handler capabilities, to format the response and
set required headers.
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
---------
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
* Revert "UI: Remove custom service (#19925)"
This reverts commit b04751d22437b06947a84148c499c4728602b5e1.
* replace stickyInfo with options info
* revert replacing custom stickyInfo
* change flash message name to be consistent throughout application
* make service imports consistent for k8 engine
* replace stickyInfo with options info
* Revert "change flash message name to be consistent throughout application"
This reverts commit 17de49894de3976ed708fcf15f19f6f1eb1012a5.
* add comment
---------
Co-authored-by: Chelsea Shaw <cshaw@hashicorp.com>
* VAULT-12940 test for templating user agent
* VAULT-12940 User agent work so far
* VAULT-12940 Vault Agent uses Vault Agent specific User-Agent header when issuing requests
* VAULT-12940 Clean-up and godocs
* VAULT-12940 changelog
* VAULT-12940 Fix test checking headers
* VAULT-12940 Fix test checking headers
* VAULT-12940 Fix test checking headers
* VAULT-12940 Fix test checking headers
* VAULT-12940 copy/paste typos
* VAULT-12940 improve comments, use make(http.Header)
* VAULT-12940 small typos and clean-up
* add dependabot configuration
* Add missing newline at end of file
Co-authored-by: Kuba Wieczorek <kuba.wieczorek@hashicorp.com>
---------
Co-authored-by: Kuba Wieczorek <kuba.wieczorek@hashicorp.com>
* ensure we supply the node type when it's for a voter
* bumped autopilot version back to v0.2.0 and ran go mod tidy
* changed condition in knownservers and added some comments
* Export GetRaftBackend
* Updated tests for autopilot (related to dead server cleanup)
* Export Raft NewDelegate
Co-authored-by: Nick Cabatoff <ncabatoff@hashicorp.com>
- Instead of using tests that just test the plugin storage/interface
layer, use a full Vault instance to validate that we can send/receive
the proper headers and responses back to a client.
- Found an issue with HEAD new-nounce api calls returning 500 errors.
- Add the /acme/ suffix to the baseUrl in the acme context so we don't
have to keep adding it a bit everywhere.
* Update tests-completed job in CI to appear as success when one of the required checks is skipped (but not cancelled)
* Fix typo in tests-completed
---------
Co-authored-by: Marc Boudreau <marc.boudreau@hashicorp.com>
* Add a new category of runners to the CI workflow; use new, dedicated runners on OSS; adjust runner sizes for jobs
Co-authored-by: Marc Boudreau <marc.boudreau@hashicorp.com>
* Squash pki/acme package down to pki folder
Without refactoring most of PKI to export the storage layer, which we
were initially hesitant about, it would be nearly impossible to have the
ACME layer handle its own storage while being in the acme/ subpackage
under the pki package.
Thus, merge the two packages together again.
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
* Properly format errors for missing parameters
When missing required ACME request parameters, don't return Vault-level
errors, but drop into the PKI package to return properly-formatted ACME
error messages.
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
* Error type clarifications
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
* Fix GetOk with type conversion calls
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
---------
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
* Identify whether JWKs existed or were created, set KIDs
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
* Reclassify ErrAccountDoesNotExist as 400 per spec
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
* Add additional stub methods for ACME accounts
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
* Start adding ACME newAccount handlers
This handler supports two pieces of functionality:
1. Searching for whether an existing account already exists.
2. Creating a new account.
One side effect of our JWS parsing logic is that we needed a way to
differentiate between whether a JWK existed on disk from an account or
if it was specified in the request. This technically means we're
potentially responding to certain requests with positive results (e.g.,
key search based on kid) versus erring earlier like other
implementations do.
No account storage has been done as part of this commit.
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
* Unify path fields handling, fix newAccount method
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
---------
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
When testing the rollback mechanism, there's two categories of tests
typically written:
1. Ones in which the rollback manager is entirely left alone, which
usually are a bit slower and less predictable. However, it is still
sufficient in many scenarios.
2. Ones in which the rollback manager is explicitly probed by tests
and "stepped" to achieve the next rollback.
Here, without a mechanism to fully disable the rollback manager's
periodic ticker (without affecting its ability to work!) we'll continue
to see races of the sort:
> --- FAIL: TestRevocationQueue (50.95s)
> panic: sync: WaitGroup is reused before previous Wait has returned [recovered]
> panic: sync: WaitGroup is reused before previous Wait has returned
This allows us to disable the ticker, returning control to the test
suite entirely.
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
Alexander Scheel