Commit graph

236 commits

Author SHA1 Message Date
Jason O'Donnell abcac87687
secrets/ad: update dependency (#10121) 2020-10-09 14:07:04 -04:00
Jason O'Donnell cf9a7373bb
Update ad plugin to v0.6.7 (#10116) 2020-10-08 17:00:45 -04:00
Jonas-Taha El Sesiy 9b599c8162
Migrate to azure-storage-blob-go (#9577)
The azure sdk for go is maintenance-only for storage, see https://github.com/Azure/azure-sdk-for-go/tree/master/storage\#azure-storage-sdk-for-go-preview
Migrate to new azure-storage-blob-go SDK
Minor test improvements

Fix #9661
2020-10-05 14:37:13 -07:00
Michel Vocks dc5a0da770
Pull latest raft updates (#10055)
* Implement raft peers metric

* Remove old peers metric

* Update vault raft dependency

* Add peer_id docs
2020-10-05 16:36:48 +02:00
Scott Miller b513af3851
Expose generic versions of KDF and symmetric crypto (#10076)
* Support salt in DeriveKey

* Revert "Support salt in DeriveKey"

This reverts commit b295ae42673308a2d66d66b53527c6f9aba92ac9.

* Refactor out key derivation, symmetric encryption, and symmetric decryption into generic functions

* comments

* comments

* go mod vendor

* bump both go.mods

* This one too

* bump

* bump

* bump

* Make the lesser used params of symmetric ops a struct

* go fmt

* Call GetKey instead of DeriveKey

* Address feedback

* Wrong rv

* Rename calls

* Assign the nonce field

* trivial change

* Check nonce len instead

* go mod vendor
2020-10-01 21:04:36 -05:00
Theron Voran 52581cd472
Add logging during awskms auto-unseal (#9794)
Adds debug and warn logging around AWS credential chain generation,
specifically to help users debugging auto-unseal problems on AWS, by
logging which role is being used in the case of a webidentity token.

Adds a deferred call to flush the log output as well, to ensure logs
are output in the event of an initialization failure.
2020-09-28 14:06:49 -07:00
Theron Voran 8b20c04eb1
Update to vault-plugin-auth-kubernetes@master (#10004) 2020-09-24 15:44:06 -07:00
Michael Golowka 60e0cbbc37
[DBPW 4/X] Update DB engine to support v4 and v5 interfaces with password policies (#9878) 2020-09-18 15:10:54 -06:00
ncabatoff 8d830fc772
Upgrade bolt to get 543c40ab41 to avoid panics in tests. (#9964) 2020-09-16 15:35:43 -04:00
Lauren Voswinkel 5740e1ff9e
5844 AWS Root Credential Rotation (#9921)
* strip redundant field type declarations

* root credential rotation for aws creds plugin

* Change location of mocks awsutil and update methods that no longer exist

* Update website/pages/docs/auth/aws.mdx

Co-authored-by: Calvin Leung Huang <cleung2010@gmail.com>

* Update sdk version to get the awsutil mock file

* Re-vendor modules to pass CI

* Use write lock for the entirety of AWS root cred rotation

* Update docs for AWS root cred rotation for clarity

Co-authored-by: Becca Petrin <beccapetrin@gmail.com>
Co-authored-by: Calvin Leung Huang <cleung2010@gmail.com>
2020-09-15 15:26:56 -07:00
ncabatoff b615da43d7
Run CI tests in docker instead of a machine. (#8948) 2020-09-15 10:01:26 -04:00
Alexander Bezobchuk c97e7e3951
Merge PR #9945: Bump raft to b7cd2b3 2020-09-14 15:47:57 -04:00
Jim Kalafut 1d066276d0
Fix mock dependency version (#9886) 2020-09-03 08:27:05 -07:00
ncabatoff 30eba1eed1
Update retryablehttp to fix a data race (#9551) 2020-08-31 11:10:52 -04:00
Michael Golowka acda64aa35
Add Database v5 interface with gRPC client & server (#9641)
* Add new Database v5 interface with gRPC client & server
This is primarily for making password policies available to the DB engine, however since there are a number of other problems with the current interface this is getting an overhaul to a more gRPC request/response approach for easier future compatibility.

This is the first in a series of PRs to add support for password policies in the combined database engine
2020-08-28 11:20:49 -06:00
Scott Miller 0dc0a8233f
Update go.mod to reference latest public gcp-auth plugin (#9813)
* Point to the public, recent version of vault-plugin-auth-gcp

* Vendor the subsequent changes
2020-08-27 13:34:41 -05:00
Jim Kalafut 2c737182e4
Import vault-plugin-mock (#9839)
Support testing of CI and GitHub actions by creating a real dependency
between Vault and a plugin. The plugin itself is a no-op.
2020-08-26 12:51:46 -07:00
Clint 6af69d7d3d
Update hashicorp/vault-plugin-secrets-azure to v0.6.2 (#9768)
* Update hashicorp/vault-plugin-secrets-azure to v0.6.2

* update go mod vendor
2020-08-18 13:48:11 -05:00
Jason O'Donnell e3fcb4c5b9
agent/templates: update consul-template to v0.25.1 (#9626) 2020-08-17 11:31:48 -07:00
Josh Black 1d6a5ae058
Update go-metrics (#9704) 2020-08-11 10:19:16 -07:00
Sam Salisbury 4bf0ce85e0
update go-limiter to v0.3.0 (#9697) 2020-08-10 17:04:50 +01:00
Tom Proctor f0e0d3bc73
Update OpenLDAP secrets plugin 0.1.4 -> 0.1.5 (#9673)
* Update OpenLDAP secrets plugin 0.1.4 -> 0.1.5

* go mod vendor and tidy
2020-08-10 10:22:53 +01:00
Tom Proctor 4ca978598f
Bundle couchbase database plugin with vault (#9664) 2020-08-07 11:01:04 +01:00
Alexander Bezobchuk 1e262e5648
Merge PR #9581: Rate Limit Quota Headers 2020-07-29 15:15:05 -04:00
Ivan Buymov a837322897
update gocql version for cassandra physical backend (#9602) 2020-07-27 15:18:43 -04:00
Austin Gebauer 8bc5232fdb
Update GCP secrets plugin (#9591) 2020-07-24 15:10:25 -07:00
ncabatoff 0247a7533e
Upgrade to newer okta lib for pagination, fetch all groups using it (#9580) 2020-07-24 09:05:08 -04:00
Austin Gebauer 4f08c33ce4
Updates the JWT/OIDC auth plugin (#9552) 2020-07-22 15:42:17 -07:00
Brian Kassouf 8f8a85a151
raft: Update raft library dependency (#9571) 2020-07-22 14:49:51 -07:00
Jeff Mitchell dc8aa4e8c2 Fix broken api reference in go.mod 2020-07-17 15:31:04 -04:00
Jeff Mitchell a9bb72b891
Revert "Get rid of sdk internal reloadutil package for now. (#9515)" (#9521)
This reverts commit fa39e7bce02301cd795fa9ccbb2a55ff92ea13c6.
2020-07-17 15:18:44 -04:00
ncabatoff 22c15c85ac
Get rid of sdk internal reloadutil package for now. (#9515) 2020-07-17 15:16:15 -04:00
Calvin Leung Huang 46a52a6098
sdk/gomod: remove dependency on vault (#9449)
* sdk/gomod: remove dependency on vault

* add vendored deps

* sdk/testing: move reloadutil into internal package

* re-vendor moved files
2020-07-16 16:24:07 -07:00
Austin Gebauer fe3a765369
Updates the GCP auth plugin (#9507) 2020-07-16 12:38:44 -07:00
Calvin Leung Huang d5d9da821d
gomod: update golang.org/x/sys (#9455) 2020-07-10 14:43:49 -07:00
ncabatoff 9ea38545a7
Update sentinel dependencies. (#9427) 2020-07-08 15:04:11 -04:00
Sam Salisbury a9aa4d301f
update gopsutil@01afd763e6c0 + go mod vendor (#9346)
- This version of gopsutil fixes the build for FreeBSD.
- See https://github.com/shirou/gopsutil/pull/895
2020-07-07 16:14:48 +01:00
Jim Kalafut 6e605c0995
Update plugin dependencies (#9367) 2020-07-01 12:03:47 -07:00
Brian Kassouf 50cd031798
Update go-kms-deps & run go mod vendor (#9366) 2020-07-01 10:54:50 -07:00
Scott Miller 2aa90105d3
Address feedback on Plugin Reload: OSS Side (#9350)
* just use an error string

* Switch command to use new struct
2020-06-30 16:26:38 -05:00
Scott Miller ad292bec73
Fix wrong err return value in plugin reload status command (#9348)
* Fix wrong return value (discovered when merging to ENT)

* go.mod

* go mod vendor

* Add setup plugin reload hook

* All reloads return something now
2020-06-30 13:33:30 -05:00
Scott Miller 001ee861bd
Global Plugin Reload: OSS Changes Take II (#9347)
* Carefully move changes from the plugin-cluster-reload branch into this clean branch off master.

* Don't test this at this level, adequately covered in the api level tests

* Change PR link

* go.mod

* Vendoring

* Vendor api/sys_plugins.go
2020-06-30 10:26:52 -05:00
Jason O'Donnell 142b47fe5e
auth/k8s: update go.mod (#9328)
Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>
2020-06-29 15:44:33 -07:00
Scott Miller e92f8f5a81
Revert global plugin reload commits (#9344)
* Revert "Some of the OSS changes were clobbered when merging with quotas out of, master (#9343)"

This reverts commit 8719a9b7c4d6ca7afb2e0a85e7c570cc17081f41.

* Revert "OSS side of Global Plugin Reload (#9340)"

This reverts commit f98afb998ae50346849050e882b6be50807983ad.
2020-06-29 17:36:22 -05:00
Scott Miller a83fe0fc6d
OSS side of Global Plugin Reload (#9340)
* OSS side of Global Plugin Reload

* changelog++
2020-06-29 16:23:28 -05:00
Theron Voran c943235288
Update auth-jwt to v0.7.0 (#9320)
Adds support for distributed groups claims on Azure, necessary when a
user is a member of more than 200 groups.
2020-06-29 10:23:32 -07:00
Clint cbecc40e48
Stepwise docker env (#9292)
* add first stepwise test env, Docker, with example transit test

* update transit stepwise test

* add other tests that use stepwise

* cleanup test, make names different than just 'transit'

* return the stderr if compile fails with error

* minor cleanups

* minor cleanups

* go mod vendor

* cleanups

* remove some extra code, and un-export some fields/methods

* update vendor

* remove reference to vault.CoreConfig, which really wasn't used anyway

* update with go mod vendor

* restore Precheck method to test cases

* clean up some networking things; create networks with UUID, clean up during teardown

* vendor stepwise

* Update sdk/testing/stepwise/environments/docker/environment.go

haha thanks :D

Co-authored-by: Michael Golowka <72365+pcman312@users.noreply.github.com>

* Update sdk/testing/stepwise/environments/docker/environment.go

Great catch, thanks

Co-authored-by: Michael Golowka <72365+pcman312@users.noreply.github.com>

* fix redundant name

* update error message in test

* Update builtin/credential/userpass/stepwise_test.go

More explicit error checking and responding

Co-authored-by: Michael Golowka <72365+pcman312@users.noreply.github.com>

* Update builtin/logical/aws/stepwise_test.go

`test` -> `testFunc`

Co-authored-by: Michael Golowka <72365+pcman312@users.noreply.github.com>

* Update builtin/logical/transit/stepwise_test.go

Co-authored-by: Michael Golowka <72365+pcman312@users.noreply.github.com>

* fix typos

* update error messages to provide clarity

* Update sdk/testing/stepwise/environments/docker/environment.go

Co-authored-by: Michael Golowka <72365+pcman312@users.noreply.github.com>

* update error handling / collection in Teardown

* panic if GenerateUUID returns an error

* Update sdk/testing/stepwise/environments/docker/environment.go

Co-authored-by: Michael Golowka <72365+pcman312@users.noreply.github.com>

* Update builtin/credential/userpass/stepwise_test.go

Co-authored-by: Calvin Leung Huang <cleung2010@gmail.com>

* Update builtin/logical/aws/stepwise_test.go

Co-authored-by: Calvin Leung Huang <cleung2010@gmail.com>

* Update builtin/logical/transit/stepwise_test.go

Co-authored-by: Calvin Leung Huang <cleung2010@gmail.com>

* Update sdk/testing/stepwise/environments/docker/environment.go

Co-authored-by: Calvin Leung Huang <cleung2010@gmail.com>

* import ordering

* standardize on dc from rc for cluster

* lowercase name

* CreateAPIClient -> NewAPIClient

* testWait -> ensure

* go mod cleanup

* cleanups

* move fields and method around

* make start and dockerclusternode private; use better random serial number

* use better random for SerialNumber

* add a timeout to the context used for terminating the docker container

* Use a constant for the Docker client version

* rearrange import statements

Co-authored-by: Michael Golowka <72365+pcman312@users.noreply.github.com>
Co-authored-by: Calvin Leung Huang <cleung2010@gmail.com>
2020-06-26 17:52:31 -05:00
Vishal Nayak c6876fe00f
Resource Quotas: Rate Limiting (#9330) 2020-06-26 17:13:16 -04:00
Jim Kalafut b775ea5c7e
Update kerberos auth plugin (#9307) 2020-06-24 14:02:52 -07:00
Jason O'Donnell 5eaddca426
plugins/openldap: update go mod (#9301)
* plugins/openldap: update go mod

* go mod vendor
2020-06-24 09:28:24 -04:00