Commit graph

571 commits

Author SHA1 Message Date
Austin Gebauer 437cb74c5a
Updates vault-plugin-secrets-gcp to v0.10.2 (#12379) 2021-08-19 16:33:34 -07:00
Nick Cabatoff 124bc87381
Upgrade snappy to fix panic with identity/packer on Go 1.16+arm64. (#12371) 2021-08-19 15:51:06 -04:00
Jason O'Donnell b55e1a31fc
creds/aws: Add support for DSA signature verification for EC2 (#12340)
* creds/aws: import pkcs7 verification package

* Add DSA support

* changelog

* Add DSA to correct verify function

* Remove unneeded tests

* Fix backend test

* Update builtin/credential/aws/pkcs7/README.md

Co-authored-by: Calvin Leung Huang <1883212+calvn@users.noreply.github.com>

* Update builtin/credential/aws/path_login.go

Co-authored-by: Calvin Leung Huang <1883212+calvn@users.noreply.github.com>

Co-authored-by: Calvin Leung Huang <1883212+calvn@users.noreply.github.com>
2021-08-19 09:16:31 -04:00
Clint 675e0c1383
Replace go-bindata-assetfs build dependency with native go:embed (#11208)
* copy over the webui

move web_ui to http

remove web ui files, add .gitkeep

updates, messing with gitkeep and ignoring web_ui

update ui scripts

gitkeep

ignore http/web_ui

Remove debugging

remove the jwt reference, that was from something else

restore old jwt plugin

move things around

Revert "move things around"

This reverts commit 2a35121850f5b6b82064ecf78ebee5246601c04f.

Update ui path handling to not need the web_ui name part

add desc

move the http.FS conversion internal to assetFS

update gitignore

remove bindata dep

clean up some comments

remove asset check script that's no longer needed

Update readme

remove more bindata things

restore asset check

update packagespec

update stub

stub the assetFS method and set uiBuiltIn to false for non-ui builds

update packagespec to build ui

* fail if assets aren't found

* tidy up vendor

* go mod tidy

* updating .circleci

* restore tools.go

* re-re-re-run make packages

* re-enable arm64

* Adding change log

* Removing a file

Co-authored-by: hamid ghaf <hamid@hashicorp.com>
2021-08-18 11:05:11 -04:00
Calvin Leung Huang d0adf67771
dep: update database-couchbase plugin to v0.4.1 (#12301)
* dep: update database-couchbase plugin to v0.4.1

* add CL entry
2021-08-12 11:54:19 -07:00
Austin Gebauer 53373f78ed
Updates vault-plugin-auth-jwt to v0.10.1 (#12265) 2021-08-04 13:13:02 -07:00
Jeff Mitchell 33ff878946
Move awsutil over to the go-secure-stdlib version (#12128)
Unlike the other libraries that were migrated, there are no usages of
this lib in any of our plugins, and the only other known usage was in
go-kms-wrapping, which has been updated. Aliasing it like the other libs
would still keep the aws-sdk-go dep in the sdk module because of the
function signatures. So I've simply removed it entirely here.
2021-07-20 20:42:00 -04:00
Jeff Mitchell fb473a8b9b
Swap out stepwise for external repo version (#12089) 2021-07-20 13:20:23 -04:00
Jeff Mitchell f7147025dd
Migrate to sdk/internalshared libs in go-secure-stdlib (#12090)
* Swap sdk/helper libs to go-secure-stdlib

* Migrate to go-secure-stdlib reloadutil

* Migrate to go-secure-stdlib kv-builder

* Migrate to go-secure-stdlib gatedwriter
2021-07-15 20:17:31 -04:00
Tom Proctor 491c0ca78b
Update kubernetes auth plugin with AliasLookahead fix (#12073) 2021-07-15 14:35:40 +01:00
Jeff Mitchell fe18b6f9e0
Swap out sdk/helper libs with implementations in go-secure-stdlib (#12088)
* Swap out sdk/helper libs with implementations in go-secure-stdlib

* Fix transit batch test
2021-07-15 01:56:37 -04:00
Scott Miller ecb5474466
Update Vault main to new API/SDK Tags. (#12069)
* Update Vault main to new api/sdk tags

* go mod tidy

* Go mod tidy

* Go mod tidy on api

* go mod download on root
2021-07-13 18:54:31 -05:00
Jim Kalafut 7986c2c1f8
Update plugin dependencies for 1.8 (#12036) 2021-07-09 13:36:52 -07:00
Austin Gebauer f54338977d
secrets/gcp: update to v0.10.1 for static accounts (#12023) 2021-07-08 13:53:45 -07:00
Jason O'Donnell af51033214
secrets/openldap: add schema config to rotate-root (#12019)
* update go mod & go mod tidy

* Changelog
2021-07-08 13:53:17 -04:00
Josh Black 3e8d8dda6b
Update vault-plugin-secrets-kv to 0.9.0 (#12007) 2021-07-07 11:48:00 -07:00
MilenaHC 4430a11bc5
Update SnowflakeDB plugin to v0.2.0 (#11997)
* update snowflake database plugin to v0.2.0

* add changelog

* update api-docs
2021-07-06 13:23:03 -05:00
John-Michael Faircloth aa6afd50f6
Update mongodb atlas plugin version (#11956)
* Update mongodb atlas plugin version

* go.mod was missing mongodbatlas plugin

* add changelog

* update build-go-dev circle ci job GOPROXY

* Revert "update build-go-dev circle ci job GOPROXY"

This reverts commit 0e6f339c779dac65ecb036735199f72d3d9e6a4a.

* ci: more complete go mod cache

* ci: doc use of go list ./... to populate mod cache

Co-authored-by: Sam Salisbury <samsalisbury@gmail.com>
2021-07-06 08:24:10 -05:00
MilenaHC 02d45f3a66
Update ElasticSearch DB plugin to v0.8.0 (#11957)
* update elasticsearch database plugin to v0.8.0

* add changelog

* update api-docs
2021-06-29 08:07:00 -05:00
Jason O'Donnell b2c9b3c344
plugins/ad: Add rotate-role endpoint (#11942)
* plugins/ad: add rotate-role

* Add doc

* changelog

* Add note about rotate-role in overview
2021-06-25 14:00:03 -04:00
Jason O'Donnell b2b25be0ce
agent/template: add static_secret_render_interval configurable (#11934)
* agent/template: add default_lease_duration config

* go mod tidy

* Add changelog

* Fix panic

* Add documentation

* Change to static_secret_render_interval

* Update doc

* Update command/agent/template/template.go

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

* Update changelog/11934.txt

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

* Update website/content/docs/agent/template-config.mdx

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>
2021-06-24 15:40:31 -04:00
Scott Miller ee0d6603f3
Wire configuration checks into diagnose and fix resulting bugs. (#11854)
* Actually call config.Validate in diagnose

* Wire configuration checks into diagnose and fix resulting bugs.

* go mod vendor

* Merge to vendorless version

* Remove sentinel section to allow diagnose_ok to pass

* Fix unit tests
2021-06-17 13:09:37 -05:00
Jason O'Donnell 4cc1402e52
mod: update vault-plugin-secrets-ad@v0.9.1 (#11837)
* mod: update vault-plugin-secrets-ad@v0.9.1

* changelog
2021-06-11 13:40:51 -04:00
Calvin Leung Huang 1239217cd5
dep: update consul-template to v0.26.0 (#11838)
* dep: update consul-template to v0.26.0

* changelog: add a CL entry
2021-06-11 10:29:40 -07:00
Austin Gebauer cdc56809a2
Updates the JWT/OIDC auth plugin to v0.9.4 (#11784) 2021-06-07 16:02:57 -07:00
Scott Miller 69d0242db9
Add Advice and Advise functions for adding an advice section to any span. (#11760)
* wip

* wip

* Finish implementing advice handling and word wrapping

* Properly word wrap messages and warnings

* Remove debugging

* Remove debugging

* Remove unnecessary test

* unit test bug

* go vendor
2021-06-07 11:29:36 -05:00
Scott Miller b4b050fbf6
Upgrade to shirou/gopsutil 3.21.5 to fix openbsd build error (#11740) 2021-06-01 18:48:45 -05:00
Calvin Leung Huang 8cb48018b7
api/client: provide the ability to set a logger on retryablehttp.Client (#11696)
* api/client: provide the ability to set a logger on retryablehttp.Client

* go mod tidy; fix import ordering

* go mod vendor
2021-05-27 10:25:25 -07:00
Scott Miller 941d01eee3
Initial Diagnose CLI output (#11583)
* Create helpers which integrate with OpenTelemetry for diagnose collection

* Go mod vendor

* Comments

* Update vault/diagnose/helpers.go

Co-authored-by: swayne275 <swayne275@gmail.com>

* Add unit test/example

* tweak output

* More comments

* add spot check concept

* Get unit tests working on Result structs

* wip

* Fix unit test

* Get unit tests working, and make diagnose sessions local rather than global

* Comments

* Last comments

* No need for init

* :|

* Fix helpers_test

* wip

* wip

* wip

* Revendor otel

* Fix merge related problems

* imports

* Fix unit tests

Co-authored-by: swayne275 <swayne275@gmail.com>
2021-05-21 19:21:11 -07:00
Scott Miller 4be3d7e0ab
Point to a tag rather than branch for hashicorp/hcl (#11559)
* Point to a tag rather than branch for hashicorp/hcl

* tidy
2021-05-10 16:28:37 -05:00
Calvin Leung Huang 9aa7269926
mod: update vault-plugin-secrets-azure@v0.9.1 (#11562) 2021-05-07 11:12:07 -07:00
Nick Cabatoff 3b88a87b84
LifetimeWatcher should retry renew failures until end of lease (#11445)
Co-authored-by: Andrej van der Zee <andrejvanderzee@gmail.com>
2021-05-06 14:04:26 -04:00
Scott Miller 7d9524be2f
Expose unknown fields and duplicate sections as diagnose warnings (#11455)
* Expose unknown fields and duplicate sections as diagnose warnings

* section counts not needed, already handled

* Address PR feedback

* Prune more of the new fields before tests call deep.Equals

* Update go.mod
2021-05-04 14:47:56 -05:00
Scott Miller 52930c5614
When running under systemd, send notifications about server startup, shutdown, and config reload (#11517) 2021-05-04 14:47:16 -05:00
Scott Miller 85fbd45e1c
Create helpers which integrate with OpenTelemetry for diagnose collection (#11454)
* Create helpers which integrate with OpenTelemetry for diagnose collection

* Go mod vendor

* Comments

* Update vault/diagnose/helpers.go

Co-authored-by: swayne275 <swayne275@gmail.com>

* Add unit test/example

* tweak output

* More comments

* add spot check concept

* Get unit tests working on Result structs

* Fix unit test

* Get unit tests working, and make diagnose sessions local rather than global

* Comments

* Last comments

* No need for init

* :|

* Fix helpers_test

Co-authored-by: swayne275 <swayne275@gmail.com>
2021-04-29 13:32:41 -05:00
Vishal Nayak 406abc19dc
Autopilot: Return leader info via delegate (#11247)
* Autopilot: Return leader info via delegate

* Pull in the new raft-autopilot lib dependencies

* update deps

* Add CL
2021-04-27 15:54:26 -04:00
Josh Black ec105f288f
Switch to shared raft-boltdb library and add metrics (#11269) 2021-04-26 16:01:26 -07:00
Austin Gebauer 18999489d9
Updates the JWT/OIDC auth plugin to v0.9.3 (#11388) 2021-04-19 09:14:17 -07:00
Michael Golowka 4279bc8b34
Validate hostnames when using TLS in Cassandra (#11365) 2021-04-16 15:52:35 -06:00
Brian Kassouf 303c2aee7c
Run a more strict formatter over the code (#11312)
* Update tooling

* Run gofumpt

* go mod vendor
2021-04-08 09:43:39 -07:00
Scott Miller 077f56c6ff
Update armon/go-proxyproto to latest, fixing VAULT-1042 (#11190) 2021-04-02 09:15:37 -05:00
Austin Gebauer 985fa230ce
Updates the JWT/OIDC auth plugin to v0.9.2 (#11157) 2021-03-19 12:06:37 -07:00
Austin Gebauer 145d08dc44
Updates the JWT/OIDC auth plugin to v0.9.1 (#11107) 2021-03-15 17:26:54 -07:00
Calvin Leung Huang 0a6e7ab94b
mod: update plugin versions for 1.7.0 (#11046)
* mod: update plugin versions for 1.7.0

* command/agent: fix TestCFEndToEnd test
2021-03-04 18:32:51 -08:00
Vishal Nayak 3e55e79a3f
Autopilot: Server Stabilization, State and Dead Server Cleanup (#10856)
* k8s doc: update for 0.9.1 and 0.8.0 releases (#10825)

* k8s doc: update for 0.9.1 and 0.8.0 releases

* Update website/content/docs/platform/k8s/helm/configuration.mdx

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

* Autopilot initial commit

* Move autopilot related backend implementations to its own file

* Abstract promoter creation

* Add nil check for health

* Add server state oss no-ops

* Config ext stub for oss

* Make way for non-voters

* s/health/state

* s/ReadReplica/NonVoter

* Add synopsis and description

* Remove struct tags from AutopilotConfig

* Use var for config storage path

* Handle nin-config when reading

* Enable testing autopilot by using inmem cluster

* First passing test

* Only report the server as known if it is present in raft config

* Autopilot defaults to on for all existing and new clusters

* Add locking to some functions

* Persist initial config

* Clarify the command usage doc

* Add health metric for each node

* Fix audit logging issue

* Don't set DisablePerformanceStandby to true in test

* Use node id label for health metric

* Log updates to autopilot config

* Less aggressively consume config loading failures

* Return a mutable config

* Return early from known servers if raft config is unable to be pulled

* Update metrics name

* Reduce log level for potentially noisy log

* Add knob to disable autopilot

* Don't persist if default config is in use

* Autopilot: Dead server cleanup (#10857)

* Dead server cleanup

* Initialize channel in any case

* Fix a bunch of tests

* Fix panic

* Add follower locking in heartbeat tracker

* Add LastContactFailureThreshold to config

* Add log when marking node as dead

* Update follower state locking in heartbeat tracker

* Avoid follower states being nil

* Pull test to its own file

* Add execution status to state response

* Optionally enable autopilot in some tests

* Updates

* Added API function to fetch autopilot configuration

* Add test for default autopilot configuration

* Configuration tests

* Add State API test

* Update test

* Added TestClusterOptions.PhysicalFactoryConfig

* Update locking

* Adjust locking in heartbeat tracker

* s/last_contact_failure_threshold/left_server_last_contact_threshold

* Add disabling autopilot as a core config option

* Disable autopilot in some tests

* s/left_server_last_contact_threshold/dead_server_last_contact_threshold

* Set the lastheartbeat of followers to now when setting up active node

* Don't use config defaults from CLI command

* Remove config file support

* Remove HCL test as well

* Persist only supplied config; merge supplied config with default to operate

* Use pointer to structs for storing follower information

* Test update

* Retrieve non voter status from configbucket and set it up when a node comes up

* Manage desired suffrage

* Consider bucket being created already

* Move desired suffrage to its own entry

* s/DesiredSuffrageKey/LocalNodeConfigKey

* s/witnessSuffrage/recordSuffrage

* Fix test compilation

* Handle local node config post a snapshot install

* Commit to storage first; then record suffrage in fsm

* No need of local node config being nili case, post snapshot restore

* Reconcile autopilot config when a new leader takes over duty

* Grab fsm lock when recording suffrage

* s/Suffrage/DesiredSuffrage in FollowerState

* Instantiate autopilot only in leader

* Default to old ways in more scenarios

* Make API gracefully handle 404

* Address some feedback

* Make IsDead an atomic.Value

* Simplify follower hearbeat tracking

* Use uber.atomic

* Don't have multiple causes for having autopilot disabled

* Don't remove node from follower states if we fail to remove the dead server

* Autopilot server removals map (#11019)

* Don't remove node from follower states if we fail to remove the dead server

* Use map to track dead server removals

* Use lock and map

* Use delegate lock

* Adjust when to remove entry from map

* Only hold the lock while accessing map

* Fix race

* Don't set default min_quorum

* Fix test

* Ensure follower states is not nil before starting autopilot

* Fix race

Co-authored-by: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com>
Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>
2021-03-03 13:59:50 -05:00
Hridoy Roy 2da7de2fec
Minimal changes to solve Dependency CVEs [VAULT-871] (#11015)
* minimal changes to solve most of the cves

* cleanup

* finished go mod vendor upgrades
2021-03-01 14:35:40 -08:00
Michael Golowka 00c1acf0e1
Vendor OpenLDAP v0.4.0 (#10996) 2021-02-25 13:00:00 -07:00
Michael Golowka eb891db72d
Vendor Couchbase DB plugin v0.3.0 (#10995) 2021-02-25 12:59:45 -07:00
Hridoy Roy 0c17cb5a79
upgrade consul template (#10973) 2021-02-22 14:24:27 -08:00
Clint 2aff402279
Bundle new Vault plugin: Terraform secrets (#10931)
* Bundle Terraform secrets engine

* update go.mod/sum

* vendor update

* add changelog entry

* add secrets terraform
2021-02-19 16:38:56 -06:00
Hridoy Roy 4a96126d5a
Revert "Vault Dependency Upgrades [VAULT-871] (#10903)" (#10939)
This reverts commit eb74ca61fc4dcb7038f39defb127d5d639ba0ca1.
2021-02-18 15:40:18 -05:00
Hridoy Roy a26d1300e8
Vault Dependency Upgrades [VAULT-871] (#10903)
* upgrade vault dependency set

* etcd and grpc issues:

* better for tests

* testing

* all upgrades for hashicorp deps

* kubernetes plugin upgrade seems to work

* kubernetes plugin upgrade seems to work

* etcd and a bunch of other stuff

* all vulnerable packages upgraded

* k8s is broken in linux env but not locally

* test fixes

* fix testing

* fix etcd and grpc

* fix etcd and grpc

* use master branch of go-testing-interface

* roll back etcd upgrade

* have to fix grpc since other vendors pull in grpc 1.35.0 but we cant due to etcd

* rolling back in the replace directives

* a few more testing dependencies to clean up

* fix go mod vendor
2021-02-18 12:31:57 -08:00
Austin Gebauer a7531a11ea
Updates the JWT/OIDC auth plugin (#10919) 2021-02-16 17:21:35 -08:00
swayne275 6e1b183f79
Shutdown Test Cores when Tests Complete (#10912)
* Shutdown Test Cores when Tests Complete

* go mod vendor
2021-02-12 13:04:48 -07:00
Michael Golowka d22c6f9a7a
Update gopsutil & x/sys libraries (#10889) 2021-02-10 14:33:11 -07:00
Michael Golowka baf50061e9
MSSQL - Add username customization (#10767) 2021-02-05 11:14:24 -07:00
Michael Golowka 43a05c5e84
PostgreSQL - Add username customization (#10766) 2021-02-04 16:05:56 -07:00
Michael Golowka ec18926754
Vendor OpenLDAP dynamic secrets (#10818) 2021-02-02 11:41:47 -07:00
Hridoy Roy fa5784d789
Pull in newest consul-template from master and all corresponding dependencies [VAULT-1392] (#10756)
* pull in newest consul template with bugfix and all dependencies

* pull in newest consul template with bugfix and all dependencies

* Rename readme.md to README.md

* add changelog
2021-01-29 12:30:16 -08:00
Lauren Voswinkel 508d33e64a
Updating GCP secrets plugin (#10759)
* Update gcp secrets plugin pseudo tag
2021-01-26 09:35:49 -08:00
Lauren Voswinkel 5794c4e91e
Updating snowflake plugin to 0.1.1 (#10709) 2021-01-20 12:56:36 -08:00
Eugene R 331529fc94
Aerospike storage backend (#10131)
* add an Aerospike storage backend

* go mod vendor

* add Aerospike storage configuration docs

* review fixes

* bump aerospike client to v3.1.1

* rename the defaultHostname variable

* relocate the docs page
2021-01-12 15:26:07 -08:00
Lauren Voswinkel 7189a67a33
Adding snowflake as a bundled database secrets plugin (#10603)
* Adding snowflake as a bundled database secrets plugin

* Add snowflake-database-plugin to expected bundled plugins

* Add snowflake plugin name to the mockBuiltinRegistry
2021-01-07 09:30:24 -08:00
Calvin Leung Huang 058532406b
mod: update secrets-gcp to latest (#10558) 2020-12-14 11:42:53 -08:00
Austin Gebauer 747d49150b
Updates the OIDC/JWT auth plugin (#10546) 2020-12-14 10:07:07 -08:00
Michael Golowka 1911e92dca
Add template helper library (#10500) 2020-12-11 13:23:08 -07:00
Michael Golowka cc7efd393d
MySQL - Fix username generation length bug (#10433) 2020-12-01 15:24:51 -07:00
Scott Miller 32cb144d0d
Update HCL dependency to fix ParseACLPolicy error on invalid syntax (#10156) 2020-11-30 09:17:33 -06:00
Calvin Leung Huang ca72dd4761
mod: update database-couchbase to v0.2.1 (#10286) 2020-10-30 14:29:54 -07:00
Calvin Leung Huang 531e2eb613
mod: update vault plugins (#10283) 2020-10-30 13:28:47 -07:00
Theron Voran a15236e664
Updating to jwt plugin@master (#10266) 2020-10-29 14:25:06 -07:00
Calvin Leung Huang 08486cdbb9
mod: update gopsutil@v2.20.9 (#10261) 2020-10-28 17:20:54 -07:00
Jonas-Taha El Sesiy b7cf4a05ff
Add support for Managed Identity auth for physical/Azure (#10189)
* Add support for Managed Identity auth for physical/Azure

Obtain OAuth token from IMDS to allow for access to Azure Blob with
short-lived dynamic credentials

Fix #7322

* add tests & update docs/dependencies
2020-10-28 15:04:26 -07:00
Aleksandr Bezobchuk 95bbd8d920
Merge PR #10192: Auto-Join: Configurable Scheme & Port (and add k8s provider) 2020-10-23 16:13:09 -04:00
Michael Golowka bd79fbafb3
Add couchbase, elasticsearch, and mongodbatlas back (#10222)
Updated the `Serve` function so these can be added back into Vault
2020-10-22 17:20:17 -06:00
Michael Golowka e6c8ee24ea
DBPW - Enables AutoMTLS for DB plugins (#10220)
This also temporarily disables couchbase, elasticsearch, and
mongodbatlas because the `Serve` function needs to change signatures
and those plugins are vendored in from external repos, causing problems
when building.
2020-10-22 15:43:19 -06:00
Theron Voran 92fa04c910
Update auth/jwt to latest master (#10214)
Fixes oidc config UI, and adds EdDSA (ed25519) to supported algorithms
2020-10-22 13:59:37 -07:00
Michael Golowka f4a3bf46ed
Couchbase -> 0.2.0; Elasticsearch -> 0.6.0; MongoDBAtlas -> 0.2.0 (#10188) 2020-10-20 11:48:53 -06:00
Theron Voran a3375f0fc8
Set default IMDS timeouts to match AWS SDK (#10133) 2020-10-16 15:54:16 -07:00
Michael Golowka a9e7edab39
DBPW - Updated couchbase plugin (#10162) 2020-10-16 15:19:42 -06:00
Nick Cabatoff 66274607b7
OSS changes for enterprise automated snapshots (#10160) 2020-10-16 14:57:11 -04:00
Hridoy Roy bd2dc7734c
Backport leader status telemetry [VAULT-672] (#10147)
* backport VAULT-672

* backport VAULT-672

* go mod tidy

* go mod tidy

* add back indirect import

* replace go mod and go sum with master version

* go mod vendor

* more go mod vendor

Co-authored-by: Hridoy Roy <hridoyroy@Hridoys-MBP.hitronhub.home>
Co-authored-by: Hridoy Roy <hridoyroy@Hridoys-MacBook-Pro.local>
2020-10-15 14:15:58 -07:00
Brian Kassouf 84dbca38a1
Revert "Migrate internalshared out (#9727)" (#10141)
This reverts commit ee6391b691ac12ab6ca13c3912404f1d3a842bd6.
2020-10-13 16:38:21 -07:00
Aleksandr Bezobchuk d37be9af6e
Merge PR #10095: Integrated Storage Cloud Auto-Join 2020-10-13 16:26:39 -04:00
Jeff Mitchell e6881c8147
Migrate internalshared out (#9727)
* Migrate internalshared out

* fix merge issue

* fix merge issue

* go mod vendor

Co-authored-by: Brian Kassouf <bkassouf@hashicorp.com>
2020-10-12 11:56:24 -07:00
Lauren Voswinkel 0b7c6d2f71
Update couchbase plugin to use v5 dbplugin (#10124)
* Update couchbase plugin to use v5 dbplugin
2020-10-09 13:47:13 -07:00
Michael Golowka 5705133c2b
Fix checksum for vault-plugin-secrets-ad (#10125) 2020-10-09 13:53:27 -06:00
Jason O'Donnell abcac87687
secrets/ad: update dependency (#10121) 2020-10-09 14:07:04 -04:00
Jason O'Donnell cf9a7373bb
Update ad plugin to v0.6.7 (#10116) 2020-10-08 17:00:45 -04:00
Jonas-Taha El Sesiy 9b599c8162
Migrate to azure-storage-blob-go (#9577)
The azure sdk for go is maintenance-only for storage, see https://github.com/Azure/azure-sdk-for-go/tree/master/storage\#azure-storage-sdk-for-go-preview
Migrate to new azure-storage-blob-go SDK
Minor test improvements

Fix #9661
2020-10-05 14:37:13 -07:00
Michel Vocks dc5a0da770
Pull latest raft updates (#10055)
* Implement raft peers metric

* Remove old peers metric

* Update vault raft dependency

* Add peer_id docs
2020-10-05 16:36:48 +02:00
Theron Voran 52581cd472
Add logging during awskms auto-unseal (#9794)
Adds debug and warn logging around AWS credential chain generation,
specifically to help users debugging auto-unseal problems on AWS, by
logging which role is being used in the case of a webidentity token.

Adds a deferred call to flush the log output as well, to ensure logs
are output in the event of an initialization failure.
2020-09-28 14:06:49 -07:00
Theron Voran 8b20c04eb1
Update to vault-plugin-auth-kubernetes@master (#10004) 2020-09-24 15:44:06 -07:00
Michael Golowka 60e0cbbc37
[DBPW 4/X] Update DB engine to support v4 and v5 interfaces with password policies (#9878) 2020-09-18 15:10:54 -06:00
ncabatoff 8d830fc772
Upgrade bolt to get 543c40ab41 to avoid panics in tests. (#9964) 2020-09-16 15:35:43 -04:00
ncabatoff b615da43d7
Run CI tests in docker instead of a machine. (#8948) 2020-09-15 10:01:26 -04:00
Alexander Bezobchuk c97e7e3951
Merge PR #9945: Bump raft to b7cd2b3 2020-09-14 15:47:57 -04:00
Jim Kalafut 1d066276d0
Fix mock dependency version (#9886) 2020-09-03 08:27:05 -07:00
ncabatoff 30eba1eed1
Update retryablehttp to fix a data race (#9551) 2020-08-31 11:10:52 -04:00
Michael Golowka acda64aa35
Add Database v5 interface with gRPC client & server (#9641)
* Add new Database v5 interface with gRPC client & server
This is primarily for making password policies available to the DB engine, however since there are a number of other problems with the current interface this is getting an overhaul to a more gRPC request/response approach for easier future compatibility.

This is the first in a series of PRs to add support for password policies in the combined database engine
2020-08-28 11:20:49 -06:00
Scott Miller 0dc0a8233f
Update go.mod to reference latest public gcp-auth plugin (#9813)
* Point to the public, recent version of vault-plugin-auth-gcp

* Vendor the subsequent changes
2020-08-27 13:34:41 -05:00
Jim Kalafut 2c737182e4
Import vault-plugin-mock (#9839)
Support testing of CI and GitHub actions by creating a real dependency
between Vault and a plugin. The plugin itself is a no-op.
2020-08-26 12:51:46 -07:00
Clint 6af69d7d3d
Update hashicorp/vault-plugin-secrets-azure to v0.6.2 (#9768)
* Update hashicorp/vault-plugin-secrets-azure to v0.6.2

* update go mod vendor
2020-08-18 13:48:11 -05:00
Jason O'Donnell e3fcb4c5b9
agent/templates: update consul-template to v0.25.1 (#9626) 2020-08-17 11:31:48 -07:00
Josh Black 1d6a5ae058
Update go-metrics (#9704) 2020-08-11 10:19:16 -07:00
Sam Salisbury 4bf0ce85e0
update go-limiter to v0.3.0 (#9697) 2020-08-10 17:04:50 +01:00
Tom Proctor f0e0d3bc73
Update OpenLDAP secrets plugin 0.1.4 -> 0.1.5 (#9673)
* Update OpenLDAP secrets plugin 0.1.4 -> 0.1.5

* go mod vendor and tidy
2020-08-10 10:22:53 +01:00
Tom Proctor 4ca978598f
Bundle couchbase database plugin with vault (#9664) 2020-08-07 11:01:04 +01:00
Alexander Bezobchuk 1e262e5648
Merge PR #9581: Rate Limit Quota Headers 2020-07-29 15:15:05 -04:00
Ivan Buymov a837322897
update gocql version for cassandra physical backend (#9602) 2020-07-27 15:18:43 -04:00
Austin Gebauer 8bc5232fdb
Update GCP secrets plugin (#9591) 2020-07-24 15:10:25 -07:00
ncabatoff 0247a7533e
Upgrade to newer okta lib for pagination, fetch all groups using it (#9580) 2020-07-24 09:05:08 -04:00
Austin Gebauer 4f08c33ce4
Updates the JWT/OIDC auth plugin (#9552) 2020-07-22 15:42:17 -07:00
Brian Kassouf 8f8a85a151
raft: Update raft library dependency (#9571) 2020-07-22 14:49:51 -07:00
Jeff Mitchell dc8aa4e8c2 Fix broken api reference in go.mod 2020-07-17 15:31:04 -04:00
Calvin Leung Huang 46a52a6098
sdk/gomod: remove dependency on vault (#9449)
* sdk/gomod: remove dependency on vault

* add vendored deps

* sdk/testing: move reloadutil into internal package

* re-vendor moved files
2020-07-16 16:24:07 -07:00
Austin Gebauer fe3a765369
Updates the GCP auth plugin (#9507) 2020-07-16 12:38:44 -07:00
Calvin Leung Huang d5d9da821d
gomod: update golang.org/x/sys (#9455) 2020-07-10 14:43:49 -07:00
ncabatoff 9ea38545a7
Update sentinel dependencies. (#9427) 2020-07-08 15:04:11 -04:00
Sam Salisbury a9aa4d301f
update gopsutil@01afd763e6c0 + go mod vendor (#9346)
- This version of gopsutil fixes the build for FreeBSD.
- See https://github.com/shirou/gopsutil/pull/895
2020-07-07 16:14:48 +01:00
Jim Kalafut 6e605c0995
Update plugin dependencies (#9367) 2020-07-01 12:03:47 -07:00
Brian Kassouf 50cd031798
Update go-kms-deps & run go mod vendor (#9366) 2020-07-01 10:54:50 -07:00
Scott Miller 001ee861bd
Global Plugin Reload: OSS Changes Take II (#9347)
* Carefully move changes from the plugin-cluster-reload branch into this clean branch off master.

* Don't test this at this level, adequately covered in the api level tests

* Change PR link

* go.mod

* Vendoring

* Vendor api/sys_plugins.go
2020-06-30 10:26:52 -05:00
Jason O'Donnell 142b47fe5e
auth/k8s: update go.mod (#9328)
Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>
2020-06-29 15:44:33 -07:00
Theron Voran c943235288
Update auth-jwt to v0.7.0 (#9320)
Adds support for distributed groups claims on Azure, necessary when a
user is a member of more than 200 groups.
2020-06-29 10:23:32 -07:00
Clint cbecc40e48
Stepwise docker env (#9292)
* add first stepwise test env, Docker, with example transit test

* update transit stepwise test

* add other tests that use stepwise

* cleanup test, make names different than just 'transit'

* return the stderr if compile fails with error

* minor cleanups

* minor cleanups

* go mod vendor

* cleanups

* remove some extra code, and un-export some fields/methods

* update vendor

* remove reference to vault.CoreConfig, which really wasn't used anyway

* update with go mod vendor

* restore Precheck method to test cases

* clean up some networking things; create networks with UUID, clean up during teardown

* vendor stepwise

* Update sdk/testing/stepwise/environments/docker/environment.go

haha thanks :D

Co-authored-by: Michael Golowka <72365+pcman312@users.noreply.github.com>

* Update sdk/testing/stepwise/environments/docker/environment.go

Great catch, thanks

Co-authored-by: Michael Golowka <72365+pcman312@users.noreply.github.com>

* fix redundant name

* update error message in test

* Update builtin/credential/userpass/stepwise_test.go

More explicit error checking and responding

Co-authored-by: Michael Golowka <72365+pcman312@users.noreply.github.com>

* Update builtin/logical/aws/stepwise_test.go

`test` -> `testFunc`

Co-authored-by: Michael Golowka <72365+pcman312@users.noreply.github.com>

* Update builtin/logical/transit/stepwise_test.go

Co-authored-by: Michael Golowka <72365+pcman312@users.noreply.github.com>

* fix typos

* update error messages to provide clarity

* Update sdk/testing/stepwise/environments/docker/environment.go

Co-authored-by: Michael Golowka <72365+pcman312@users.noreply.github.com>

* update error handling / collection in Teardown

* panic if GenerateUUID returns an error

* Update sdk/testing/stepwise/environments/docker/environment.go

Co-authored-by: Michael Golowka <72365+pcman312@users.noreply.github.com>

* Update builtin/credential/userpass/stepwise_test.go

Co-authored-by: Calvin Leung Huang <cleung2010@gmail.com>

* Update builtin/logical/aws/stepwise_test.go

Co-authored-by: Calvin Leung Huang <cleung2010@gmail.com>

* Update builtin/logical/transit/stepwise_test.go

Co-authored-by: Calvin Leung Huang <cleung2010@gmail.com>

* Update sdk/testing/stepwise/environments/docker/environment.go

Co-authored-by: Calvin Leung Huang <cleung2010@gmail.com>

* import ordering

* standardize on dc from rc for cluster

* lowercase name

* CreateAPIClient -> NewAPIClient

* testWait -> ensure

* go mod cleanup

* cleanups

* move fields and method around

* make start and dockerclusternode private; use better random serial number

* use better random for SerialNumber

* add a timeout to the context used for terminating the docker container

* Use a constant for the Docker client version

* rearrange import statements

Co-authored-by: Michael Golowka <72365+pcman312@users.noreply.github.com>
Co-authored-by: Calvin Leung Huang <cleung2010@gmail.com>
2020-06-26 17:52:31 -05:00
Jim Kalafut b775ea5c7e
Update kerberos auth plugin (#9307) 2020-06-24 14:02:52 -07:00
Jason O'Donnell 5eaddca426
plugins/openldap: update go mod (#9301)
* plugins/openldap: update go mod

* go mod vendor
2020-06-24 09:28:24 -04:00
Brian Kassouf 09593283b8
Improve the performance of snapshot installs by using rename (#9247)
* initial work on improving snapshot performance

* Work on snapshots

* rename a few functions

* Cleanup the snapshot file

* vendor the safeio library

* Add a test

* Add more tests

* Some review comments

* Fix comment

* Update physical/raft/snapshot.go

Co-authored-by: Alexander Bezobchuk <alexanderbez@users.noreply.github.com>

* Update physical/raft/snapshot.go

Co-authored-by: Alexander Bezobchuk <alexanderbez@users.noreply.github.com>

* Review feedback

Co-authored-by: Alexander Bezobchuk <alexanderbez@users.noreply.github.com>
2020-06-23 11:08:30 -07:00
Clint 6b4bdb1882
VLT091 plugin testing framework stepwise (#9270)
* Resolve merge conflicts and updates from running a test

* move testing/_test.go over to legacy

* updates

* Add core of plugin test framework Stepwise  (#9166)

* adding stepwise testing, but there are protocol buff error :/

* move file and update sdk/go.mo

* update/sync modules

* update from other branch

* update sdk/go.mod

* some cleanups after feedback

* remove enviornments from this PR

* update vendor

* change from running go mod tidy

* change from go mod tidy

* Update sdk/testing/stepwise/helpers.go

Co-authored-by: Michael Golowka <72365+pcman312@users.noreply.github.com>

* Update sdk/testing/stepwise/helpers.go

Co-authored-by: Michael Golowka <72365+pcman312@users.noreply.github.com>

* change panic to error

* Update sdk/testing/stepwise/helpers.go

return `nil` and not `err` at the end

Co-authored-by: Michael Golowka <72365+pcman312@users.noreply.github.com>

* Defer close() on successful Open of a file

* document the re-creation of steps

* Update sdk/testing/stepwise/stepwise.go

Co-authored-by: Michael Golowka <72365+pcman312@users.noreply.github.com>

* remove unused BarrierKeys()

* Update sdk/testing/stepwise/stepwise.go

Co-authored-by: Michael Golowka <72365+pcman312@users.noreply.github.com>

* updates from feedback

* fix return with bad arguments

* Rename things:

- StepOperation -> Operation
- StepwiseEnvironment -> Environment
- StepCheckFunc -> AssertionFunc
- step.Check -> step.Assert

* document the environment interface methods

* rename EnvironmentOptions to MountOptions

* rename Name to RegistryName

* remove ExpectError because it's redundant

* minor doc update

* Update sdk/testing/stepwise/stepwise.go

Co-authored-by: Michael Golowka <72365+pcman312@users.noreply.github.com>

* add checkShouldRun function

* remove redundant return

* remove vestigial PreCheck function

* add tt.Helper() to makeRequest

* minor code formatting and document 1-based index for log output of Steps

Co-authored-by: Michael Golowka <72365+pcman312@users.noreply.github.com>

* minor updates

* update sdk

* use local reference for api, vault dep

* Update sdk/testing/stepwise/stepwise.go

Co-authored-by: Calvin Leung Huang <cleung2010@gmail.com>

* Update sdk/testing/stepwise/stepwise.go

Co-authored-by: Calvin Leung Huang <cleung2010@gmail.com>

* cleanup some defer functions

* call fatal if environment setup fails, and don't call teardown

* defer re-setting client token in makeRequest

* Move legacy logicaltest back to testhelpers

* update mods and test files with go mod tidy

* go mod vendor

* remove relative replace directives

* restore old logical test location

* move declaration to main stepwise file

* remove index var and use i+1

* add testing for write, delete paths of makeRequest

* update stepwise core testing to do request counting

* remove unused methods

* Update sdk/testing/stepwise/stepwise.go

remove dead line

Co-authored-by: Alexander Bezobchuk <alexanderbez@users.noreply.github.com>

* Update sdk/testing/stepwise/stepwise.go

fix capitalization in code comment

Co-authored-by: Alexander Bezobchuk <alexanderbez@users.noreply.github.com>

* update code comments for SkipTeardown to clarify its use

* update stepwise

Co-authored-by: Michael Golowka <72365+pcman312@users.noreply.github.com>
Co-authored-by: Calvin Leung Huang <cleung2010@gmail.com>
Co-authored-by: Alexander Bezobchuk <alexanderbez@users.noreply.github.com>
2020-06-23 06:01:39 -05:00
Jim Kalafut d2bb399d95
Update kubernetes auth plugin (#9195) 2020-06-19 15:47:13 -07:00
Michael Golowka 7502813335
Add password_policy field to Azure docs (#9249)
* Add password_policy field
* Updated vault-plugin-secrets-azure to v0.6.1
* A bunch of other libraries also got updated at the same time because of the plugin update
2020-06-18 13:25:59 -06:00
Scott Miller 883524c71c
Add backend type to audit logs (#9167)
Add a mount_type field to audit log requests and responses.
2020-06-16 07:22:33 -05:00
Austin Gebauer 1fe041689d
Update GCP secrets plugin (#9231) 2020-06-15 18:24:12 -07:00
Austin Gebauer 7aba2ada56
Update oracle cloud infrastructure auth plugin to v0.5.5 (#9210) 2020-06-15 10:11:20 -07:00
Michael Golowka 1a8b7765bc
Add password policies to Active Directory secret engine (#9144)
* Also updates AD docs to reflect password policies
2020-06-15 10:36:17 -06:00
Brian Kassouf 3b4ba9d1fb
Upgrade raft library (#9170)
* Upgrade raft library

* Update vendor

* Update physical/raft/snapshot_test.go

Co-authored-by: Calvin Leung Huang <cleung2010@gmail.com>

* Update physical/raft/snapshot_test.go

Co-authored-by: Calvin Leung Huang <cleung2010@gmail.com>
2020-06-08 16:34:20 -07:00
Clint dd9c3b9133
Sync Protobuf dependencies between core and sdk (#9154)
* update go.mod/sum for root and sdk folders to sync protobuf versions

* run 'go mod vendor'

* bump github.com/golang/protobuf to v1.4.2
2020-06-05 14:15:12 -05:00
Michael Golowka 438345c390
Update OpenLDAP secret engine to v0.1.3 (#9123)
* Adds ability to use password policies

Operations:
Updated go.mod for OpenLDAP to v0.1.3
Ran `go mod tidy`
Ran `go mod vendor`
2020-06-03 10:37:00 -06:00
Jim Kalafut 34fab8ae09
Update gcp secrets plugin (#9004) 2020-06-01 11:02:33 -07:00
ncabatoff 8870b2e51c
Add mongodbatlas static roles support (#8987)
* Refactor PG container creation.
* Rework rotation tests to use shorter sleeps.
* Refactor rotation tests.
* Add a static role rotation test for MongoDB Atlas.
2020-05-29 14:21:23 -04:00
Michael Golowka b52950f884
Add user configurable password policies available to secret engines (#8637)
* Add random string generator with rules engine

This adds a random string generation library that validates random
strings against a set of rules. The library is designed for use as generating
passwords, but can be used to generate any random strings.
2020-05-27 12:28:00 -06:00
Jeff Mitchell 7e5d68a73e
Bump go-kms-wrapping to remove proto warning, and vendor (#9066) 2020-05-22 10:48:50 -04:00
Lauren Voswinkel 4d98430964
Use parameters when executing prepared statements rather than fmt.Sprintf (#9013)
* Don't use string formatting to prepare queries.

We should, when possible, use the built-in params and ? format when
preparing and executing a query. This is done to prevent SQL Injection
attacks.

* Revert some changes due to failing tests, update mssql go driver

* Add docker container startup for some MSSQL tests

* Remove acceptance test flagging, add more SQL injection protection

* Refactor MSSQL prepareTestContainer to a test helper

Also, remove all ? references and convert them to @p*
2020-05-21 16:07:18 -07:00
Josh Black 6e92c8cbd2
Add a new "vault monitor" command (#8477)
Add a new "vault monitor" command

Co-authored-by: ncabatoff <ncabatoff@hashicorp.com>
Co-authored-by: Calvin Leung Huang <cleung2010@gmail.com>
Co-authored-by: Jeff Mitchell <jeffrey.mitchell@gmail.com>
2020-05-21 13:07:50 -07:00
Clint 39de184f1f
Update vault-plugin-secret-ad dependency (#9025) 2020-05-20 12:47:37 -07:00
Jason O'Donnell dd254b08d5
agent/template: update consul-template dep (#9044) 2020-05-20 13:03:33 -04:00
Jeff Mitchell 41d5727d9d
Port encrypted config shared bits to a separate PR (#9037)
* Port encrypted config shared bits to a separate PR

* Address feedback
2020-05-19 18:15:30 -04:00
Clint 86a62130fd
Update to latest version of vault-plugin-secrets-openldap (#9006) 2020-05-18 15:59:11 -05:00
Jeff Mitchell b4f5d38916
Update to latest go-kms-wrapping and fix protos/etcd (#8996) 2020-05-14 18:45:10 -04:00
Jeff Mitchell 2f5f0049db
Switch bootstrap (except CI) over to using pinned versions from go.mod (#9000) 2020-05-14 13:45:12 -04:00
Jeff Mitchell 1d3d89e2aa
Create configutil and move some common config and setup functions there (#8362) 2020-05-14 09:19:27 -04:00
Scott Miller 16cc804086
Upgrade go-ldap to 3.1.10, containing the send race fix (#8937)
* Upgrade go-ldap to 3.1.10, containing the send race fix
2020-05-11 11:28:01 -05:00
ncabatoff 55609f1d38
Ensure that the .vault-token file writen by vault login always has the correct permissions and ownership. (#8867) 2020-04-27 19:55:13 -04:00
Brian Kassouf d979279015
storage/raft: Fix memory allocation issue and Metadata tracking issues with snapshots (#8793)
* storage/raft: Split snapshot restore disk write into batches

* Work on snapshot consistency

* make sure tests send a snapshot

* Fix comment

* Don't remove metrics

* Fix comment
2020-04-23 11:11:08 -07:00
Jim Kalafut 053c2b3cf6
Update go.mod to corrected plugin tags (#8759)
This addresses an issue found in #8696 which was determined to be due to
the Go module proxy having a cached copy of a tag that doesn't match the
official version (due a build prep error weeks ago). All of the repos
got new patch versions, but the content is identical.
2020-04-17 11:50:19 -07:00
Jim Kalafut b7fc72d5ec
Update go.mod and vendoring (#8752)
This primarily ports updates made during the 1.4 release to master.
2020-04-16 12:07:07 -07:00
Brian Kassouf 2e7d682586
Update triton-go package (#8751) 2020-04-16 09:57:37 -07:00
Jim Kalafut 5c4796bb55
Update MongoDB Atlas secrets plugin (#8669) 2020-04-03 15:47:17 -07:00
Nick Cabatoff f13589f9fe Revert "Bump cloud.google.com/go to get timeout fix (#8636)"
This reverts commit 0ea3e78f91153129853dea6c42d4a01b403ae5c9.
2020-04-02 10:09:24 -04:00
Joshua Kwan b0561a189d
Bump cloud.google.com/go to get timeout fix (#8636)
The commit I'm interested in is
googleapis/google-cloud-go@fbf2f51 ,
which disables an aggressive 2-second timeout for awaiting headers from
the compute metadata service.

This 2-second timeout causes problems when [Workload Identity] is
enabled on a cluster. In this situation, a different endpoint is used
under the hood for compute metadata, and this endpoint can often take
more than 2 seconds to return headers.

[Workload Identity]: https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity

Co-authored-by: Vishal Nayak <vishalnayak@users.noreply.github.com>
2020-04-01 15:42:06 -04:00
Tommy Murphy a936a77f01
stackdriver: metric label extraction (#8073)
* stackdriver: use label extraction and add debug config

* go.mod: update go-metrics-stackdriver

* vendor go-metrics-stackdriver
2020-03-13 07:58:45 +01:00
ncabatoff 5fe1ab766b
Add option to detect deadlocks in Core.stateLock using build tag deadlock (#8524) 2020-03-10 16:01:20 -04:00
ncabatoff c9ff95ec70
Update to go-metrics 1.3.3 for Prometheus performance improvements. (#8507) 2020-03-09 09:54:55 -04:00
Jason O'Donnell 3d2c5477ec
openldap secret: update go.mod (#8494) 2020-03-06 12:46:29 -05:00
Jason O'Donnell 524e871343
secrets/openldap: update go.mod (#8475)
Co-authored-by: Jim Kalafut <jkalafut@hashicorp.com>
2020-03-06 11:52:28 -05:00
Jim Kalafut 2e8826744f
Update plugin dependencies (#8371)
* Update plugin dependencies

* Update vendoring
2020-02-18 09:55:04 -08:00
Jason O'Donnell dd9f25a118
Add OpenLDAP Secret Plugin (#8360)
* Add openldap secret plugin

* go mod vendor

* Revert to go-ldap 3.1.3

* go mod vendor
2020-02-15 13:21:07 -05:00
Jeff Mitchell 463e5a05fe Bump API/SDK 2020-02-14 17:28:40 -05:00
Becca Petrin 5f19ff828c
update kerberos dependency (#8353) 2020-02-14 11:13:28 -08:00
Jim Kalafut 2ee7b76469
Bundle MongoDB Atlas (#8309) 2020-02-07 14:09:39 -08:00
ncabatoff fbd4925889
Update to newest go-metrics, go mod vendor. (#8311) 2020-02-07 09:05:14 -05:00
Becca Petrin 1459544630
update from github.com/hashicorp/gokrb5 to github.com/jcmturner/gokrb5/v8 (#8296) 2020-02-05 14:23:22 -08:00
ncabatoff 03b14d8a64
Upgrade okta sdk lib (#8143)
Upgrade to new official Okta sdk lib.  Since it requires an API token, use old unofficial okta lib for no-apitoken case. 

Update test to use newer field names.  Remove obsolete test invalidated by #4798.  Properly handle case where an error was expected and didn't occur.
2020-02-03 12:51:10 -05:00
Michel Vocks 2bde6a3a5a
Bump etcd client API dep (#8037) 2020-01-29 15:16:38 +01:00
Michel Vocks f695eb737b
Add Consul TLS options to access API endpoint (#8253) 2020-01-29 09:44:35 +01:00
Michel Vocks 027ada452e
Mongodb driver switch to mongo-driver (#8140)
* Switch mongodb driver to mongo-driver

* Tidy mod

* Make writeConcern private

* Implement review feedback

* Add retry functionality

* Added backoff time

* go mod vendor

* Fix failing test

* goimport
2020-01-24 09:32:47 +01:00
Jeff Mitchell ef44e226a9 Bump sdk and go-hclog and vendor 2020-01-23 14:12:19 -05:00
Jeff Mitchell 3956072c93 Update test var name and tidy 2020-01-16 20:18:59 -05:00
Michel Vocks 13ebf5460c
Add TLS options per Nomad backend (#8083) 2020-01-15 11:03:38 +01:00
Jeff Mitchell 80408beabe Bump go-kms-wrapping dep to fix a nil pointer in tests 2020-01-13 09:28:49 -05:00
Jeff Mitchell c5f9f8fc05 Update go-kms-wrapping dep 2020-01-13 09:25:11 -05:00
Jeff Mitchell 6a5916fdc3 Bump sdk/api 2020-01-10 20:45:24 -05:00
Jeff Mitchell a0694943cc
Migrate built in auto seal to go-kms-wrapping (#8118) 2020-01-10 20:39:52 -05:00
Jeff Mitchell d873e7ba3c Update master's sdk/api 2019-12-18 16:36:50 -05:00
Jim Kalafut 78524e00db Run go mod tidy 2019-12-18 11:52:37 -08:00
Becca Petrin c9b0e372ac
update vault-plugin-secrets-ad to v0.6.2 (#8049) 2019-12-18 09:23:09 -08:00
Becca Petrin 02dfa885d4
run go mod tidy (#8041) 2019-12-17 10:37:58 -08:00
Joel Thompson ed20dbf4f7 Bump aws-sdk-go to v1.25.41 (#7458)
This is in support of #7450 and #7924
2019-12-16 16:43:00 -08:00
Becca Petrin a7383b6d86
Add Kerberos SPNEGO auth plugin (#7908) 2019-12-11 11:18:37 -08:00
Jeff Mitchell 9e9eed0f15 Remove the Thrift replacement line.
I'm not sure if it's that Go has worked around/fixed this or Apache did,
but I can confirm that it builds fine with both Go 1.12.13 and 1.13.4
without the line.
2019-11-14 14:43:48 -05:00
Jim Kalafut 6000a12380 Update GCP secrets plugin (#7869) 2019-11-12 11:59:26 -08:00
Clint 847fcf8551 Update how Vault Agent configures Consul Templates internal logger (#7822)
* fix up logger in Vault Agent Template

* update deps
2019-11-12 11:29:29 -08:00
Brian Kassouf f8085f518f Update plugins 2019-11-11 19:28:09 -08:00
Jeff Mitchell a8aa5f0dd3 go-ldap update; bump dep, api, secrets-ad plugin, and vendor 2019-11-08 11:24:46 -05:00
Jeff Mitchell 6a95e8465b
Update go-metrics (#7794) 2019-11-05 15:28:51 -05:00
Jim Kalafut a8a50df7fc
Update azure secrets plugin (#7788) 2019-11-05 10:43:28 -08:00
Calvin Leung Huang 8c31e45860
hostutil: query stats with context, update gopsutil, refactor tests (#7769)
* hostutil: query stats with context, update gopsutil, refactor tests

* go mod vendor

* minor comment wording
2019-11-01 10:12:22 -07:00
Lukasz Jagiello 05fdb2287e Correct version of vault-plugin-auth-jwt (#7773)
Based on Vault changelog JWT-71 and JWT-77 should be included in Vault
1.3.0. Unfortunetly there was a wrong version of vault-plugin-auth-jwt
included.

This fix #7771
2019-10-31 12:17:37 -07:00
Pascal Enz 33c1b7150f Rabbitmq topic permissions (#7751)
* Upgraded rabbit hole library to 2.0

* Added RabbitMQ topic permission support.

* Updated docs to cover RabbitMQ topic permissions.

* Improved comments and docs as suggested.
2019-10-30 14:19:49 -07:00
Sam Salisbury 8f0c38f78d
run go mod vendor (#7736) 2019-10-25 13:35:22 +01:00
Clint 245935447b
Vault Agent Template (#7652)
* Vault Agent Template: parse templates  (#7540)

* add template config parsing, but it's wrong b/c it's not using mapstructure

* parsing consul templates in agent config

* add additional test to configuration parsing, to cover basics

* another test fixture, rework simple test into table

* refactor into table test

* rename test

* remove flattenKeys and add other test fixture

* Update command/agent/config/config.go

Co-Authored-By: Jim Kalafut <jkalafut@hashicorp.com>

* return the decode error instead of swallowing it

* Update command/agent/config/config_test.go

Co-Authored-By: Jim Kalafut <jkalafut@hashicorp.com>

* go mod tidy

* change error checking style

* Add agent template doc

* TemplateServer: render secrets with Consul Template (#7621)

* add template config parsing, but it's wrong b/c it's not using mapstructure

* parsing consul templates in agent config

* add additional test to configuration parsing, to cover basics

* another test fixture, rework simple test into table

* refactor into table test

* rename test

* remove flattenKeys and add other test fixture

* add template package

* WIP: add runner

* fix panic, actually copy templates, etc

* rework how the config.Vault is created and enable reading from the environment

* this was supposed to be a part of the prior commit

* move/add methods to testhelpers for converting some values to pointers

* use new methods in testhelpers

* add an unblock channel to block agent until a template has been rendered

* add note

* unblock if there are no templates

* cleanups

* go mod tidy

* remove dead code

* simple test to starT

* add simple, empty templates test

* Update package doc, error logs, and add missing close() on channel

* update code comment to be clear what I'm referring to

* have template.NewServer return a (<- chan) type, even though it's a normal chan, as a better practice to enforce reading only

* Update command/agent.go

Co-Authored-By: Jim Kalafut <jkalafut@hashicorp.com>

* update with test

* Add README and doc.go to the command/agent directory (#7503)

* Add README and doc.go to the command/agent directory

* Add link to website

* address feedback for agent.go

* updated with feedback from Calvin

* Rework template.Server to export the unblock channel, and remove it from the NewServer function

* apply feedback from Nick

* fix/restructure rendering test

* Add pointerutil package for converting types to their pointers

* Remove pointer helper methods; use sdk/helper/pointerutil instead

* update newRunnerConfig to use pointerutil and empty strings

* only wait for unblock if template server is initialized

* drain the token channel in this test

* conditionally send on channel
2019-10-18 16:21:46 -05:00
Jeff Mitchell c4df00f193 Fix kv mod import and vendoring 2019-10-18 08:57:32 -04:00
Lexman c86fe212c0
oss changes for entropy augmentation feature (#7670)
* oss changes for entropy augmentation feature

* fix oss command/server/config tests

* update go.sum

* fix logical_system and http/ tests

* adds vendored files

* removes unused variable
2019-10-17 10:33:00 -07:00
Calvin Leung Huang d2dbb8c963
Vault Debug (#7375)
* cli: initial work on debug; server-status target

* debug: add metrics capture target (#7376)

* check against DR secondary

* debug: add compression

* refactor check into preflight func

* debug: set short test time on tests, fix exit code bug

* debug: use temp dir for output on tests

* debug: use mholt/archiver for compression

* first pass on adding pprof

* use logger for output

* refactor polling target capture logic

* debug: poll and collect replication status

* debug: poll and collect host-info; rename output files and collection refactor

* fix comments

* add archive test; fix bugs found

* rename flag name to singular target

* add target output test; scaffold other tests cases

* debug/test: add pprof and index file tests

* debug/test: add min timing check tests

* debug: fix index gen race and collection goroutine race

* debug: extend archive tests, handle race between program exit and polling goroutines

* update docstring

* debug: correctly add to pollingWg

* debug: add config target support

* debug: don't wait on interrupt shutdown; add file exists unit tests

* move pprof bits into its goroutine

* debug: skip empty metrics and some pprof file creation if permission denied, add matching unit test

* address comments and feedback

* Vault debug using run.Group (#7658)

* debug: switch to use oklog/run.Group

* debug: use context to cancel requests and interrupt rungroups.

* debug: trigger the first interval properly

* debug: metrics collection should use metrics interval

* debug: add missing continue on metrics error

* debug: remove the use of buffered chan to trigger first interval

* debug: don't shadow BaseCommand's client, properly block on interval capture failures

* debug: actually use c.cachedClient everywhere

* go mod vendor

* debug: run all pprof in goroutines; bump pprof timings in tests to reduce flakiness

* debug: update help text
2019-10-15 15:39:19 -07:00
Becca Petrin e8432f1ebe
update ad secrets plugin for check-out feature (#7617) 2019-10-14 11:17:05 -07:00
Brian Kassouf 1167fad704
Improve raft write performance by utilizing FSM Batching (#7527)
* Start benchmark work

* Add batching FSM function

* dedupe some code

* Update dependency on chunking FSM

* fix raft external tests

* fix go.mod

* Add batching test

* uncomment test

* update raft deps

* update vendor

* Update physical/raft/fsm.go

Co-Authored-By: Michel Vocks <michelvocks@gmail.com>

* Update physical/raft/fsm.go
2019-10-14 09:25:07 -06:00
ncabatoff c16e3bbceb
Cache whether we've been initialized to reduce load on storage (#7549) 2019-10-08 17:52:38 -04:00
Nick Cabatoff 85e387439e go mod vendor and go mod tidy 2019-10-04 09:14:37 -04:00
Calvin Leung Huang 3f1c7c86a0
sys: add host-info endpoint (#7330)
* sys: add host-info endpoint, add client API method

* remove old commented handler

* add http tests, fix bugs

* query all partitions for disk usage

* fix Timestamp decoding

* add comments for clarification

* dont append a nil entry on disk usage query error

* remove HostInfo from the sdk api

We can use Logical().Read(...) to query this endpoint since the payload is contained with the data object. All warnings are preserved under Secret.Warnings.

* ensure that we're testing failure case against a standby node

* add and use TestWaitStandby to ensure core is on standby

* remove TestWaitStandby

* respond with local-only error

* move HostInfo into its own helper package

* fix imports; use new no-forward handler

* add cpu times to collection

* emit clearer multierrors/warnings by collection type

* add comments on HostInfo fields
2019-10-03 09:43:52 -07:00
Jeff Mitchell 86d14691f4 Bump sdk and vendoring 2019-09-17 11:38:03 -04:00
Brian Kassouf c2905773e4
Add download headers to snapshot take API (#7369)
* Add download headers to snapshot take API

* Add content type
2019-09-06 10:34:36 -07:00
Jim Kalafut b3fbcb2809
Update JWT auth dep (#7427) 2019-09-05 10:24:08 -07:00
ncabatoff 17695e4927
Use replace to force github.com source for thrift, since git.apache.org is flaky. (#7420) 2019-09-05 10:46:08 -04:00
Jim Kalafut 051bc15da3
Bundle OCI Auth method (#7422) 2019-09-04 16:46:00 -07:00
Vu Pham a47b2faf34 Added OCI Object Storage Plugin (#6985) 2019-09-04 11:33:16 -07:00
Jeff Mitchell d2376354f7 Update API and revendor 2019-09-04 12:46:30 -04:00
Aaron Bennett 9994307c6c update dependencies (#7390) 2019-09-03 16:08:50 -04:00
Jeff Malnick 8fdb5f62c4
feat: bump vault-plugin-auth-kubernetes to pick up support for projected tokens feature (#7386) 2019-08-30 11:53:06 -07:00
Jeff Mitchell 0d39d0507a Update api 2019-08-26 15:49:51 -04:00
Becca Petrin 64ecf46fb6
rename pcf to cf maintaining backwards compat (#7346) 2019-08-26 09:55:08 -07:00
Tommy Murphy fc3f1896ad telemetry: add stackdriver metrics sink (#6957)
* telemetry: add stackdriver metrics sink

* telemetry: stackdriver go mod tidy
2019-08-20 14:47:08 -07:00
Jeff Mitchell 88e1885c1c Updating plugin deps 2019-08-14 17:23:29 -04:00
Jim Kalafut 3e7a2211bf Update PCF Auth plugin (#7306) 2019-08-14 09:43:04 -04:00
Jeff Mitchell cfffaa5f09 Updating plugin deps 2019-07-30 00:26:33 -04:00
Jeff Mitchell e3ef0d3051 Pull in updated secrets-ad plugin 2019-07-29 18:10:13 -04:00
Brian Kassouf bdfa2c7828
Add additional raft chunk test (#7192)
* Add an end-to-end raft chunk test

* Apply suggestions from code review

Co-Authored-By: Jim Kalafut <jkalafut@hashicorp.com>
2019-07-29 14:11:46 -07:00
Jeff Mitchell abcae3830f Updating plugin deps 2019-07-25 13:01:47 -04:00
Jeff Mitchell 6e22d14ff7 Updating plugin deps 2019-07-25 12:38:07 -04:00
Jeff Mitchell 0425db59ab
Raft chunk snapshotting (#7185)
Support chunking, including snapshot handling
2019-07-24 20:44:13 -04:00
Nick Cabatoff b9c9148cff Update to latest sdk. 2019-07-24 11:47:20 -04:00
Nick Cabatoff 3f1d1765ec Update sdk to grpc 1.22 for https://github.com/grpc/grpc-go/pull/2818 which caused intermittent ent test failures. 2019-07-24 11:45:58 -04:00
Jeff Mitchell fd376b4bdf Use ChunkingConfigurationStore for raft 2019-07-23 10:59:21 -04:00
Jeff Mitchell 20f2b1097e Updating plugin deps 2019-07-22 12:55:11 -04:00
Jeff Mitchell 3b22ab2486 Add chunking support to raft 2019-07-22 12:17:58 -04:00
Jim Kalafut d23ea4fdac
Update JWT dep (#7152) 2019-07-19 15:30:30 -07:00
Jeff Mitchell e88ba8b29b Updating plugin deps 2019-07-19 10:59:39 -04:00
Jeff Mitchell 0811f983be Bump raft and vendoring 2019-07-19 10:40:25 -04:00
Jeff Mitchell 03c6090b95 Mod tidy 2019-07-05 20:26:12 -04:00
Brian Kassouf 4d7d0d729a
storage/raft: When restoring a snapshot preseal first (#7011)
* storage/raft: When restoring a snapshot preseal first

* best-effort allow standbys to apply the restoreOp before sealing active node

* Don't cache the raft tls key

* Update physical/raft/raft.go

* Move pending raft peers to core

* Fix race on close bool

* Extend the leaderlease time for tests

* Update raft deps

* Fix audit hashing

* Fix race with auditing
2019-07-03 13:56:30 -07:00
Jeff Mitchell b35aa24c7f Bump auth plugins 2019-07-03 00:47:07 -04:00
Jeff Mitchell 9baf59dcdc Update auth plugins 2019-07-02 18:40:41 -04:00
Jeff Mitchell e691f7a4e9 Bump secrets-ad plugin 2019-07-01 16:14:36 -04:00
Michael Gaffney ce9f8a72b6
Bump KV dep 2019-06-27 12:08:11 -04:00
Jeff Mitchell cd8058d498 More plugin updates 2019-06-20 23:37:41 -04:00
Jeff Mitchell 6b276e8cc0 Bump some more plugins 2019-06-20 23:26:39 -04:00
Jeff Mitchell 2f4f1558cf Bump sdk/api deps 2019-06-20 23:21:52 -04:00
Jeff Mitchell 8db677ce27 Bump some plugin versions 2019-06-20 23:16:06 -04:00
Vishal Nayak 53035ce390
Raft CLI (#6893)
* raft cli

* Reuse the command's client

* Better response handling

* minor touchups
2019-06-20 21:32:00 -04:00
Jeff Mitchell 44ea96e6e6 Update go.mod for new raft 2019-06-20 18:08:32 -04:00
Brian Kassouf ed14061578
Raft Storage Backend (#6888)
* Work on raft backend

* Add logstore locally

* Add encryptor and unsealable interfaces

* Add clustering support to raft

* Remove client and handler

* Bootstrap raft on init

* Cleanup raft logic a bit

* More raft work

* Work on TLS config

* More work on bootstrapping

* Fix build

* More work on bootstrapping

* More bootstrapping work

* fix build

* Remove consul dep

* Fix build

* merged oss/master into raft-storage

* Work on bootstrapping

* Get bootstrapping to work

* Clean up FMS and node-id

* Update local node ID logic

* Cleanup node-id change

* Work on snapshotting

* Raft: Add remove peer API (#906)

* Add remove peer API

* Add some comments

* Fix existing snapshotting (#909)

* Raft get peers API (#912)

* Read raft configuration

* address review feedback

* Use the Leadership Transfer API to step-down the active node (#918)

* Raft join and unseal using Shamir keys (#917)

* Raft join using shamir

* Store AEAD instead of master key

* Split the raft join process to answer the challenge after a successful unseal

* get the follower to standby state

* Make unseal work

* minor changes

* Some input checks

* reuse the shamir seal access instead of new default seal access

* refactor joinRaftSendAnswer function

* Synchronously send answer in auto-unseal case

* Address review feedback

* Raft snapshots (#910)

* Fix existing snapshotting

* implement the noop snapshotting

* Add comments and switch log libraries

* add some snapshot tests

* add snapshot test file

* add TODO

* More work on raft snapshotting

* progress on the ConfigStore strategy

* Don't use two buckets

* Update the snapshot store logic to hide the file logic

* Add more backend tests

* Cleanup code a bit

* [WIP] Raft recovery (#938)

* Add recovery functionality

* remove fmt.Printfs

* Fix a few fsm bugs

* Add max size value for raft backend (#942)

* Add max size value for raft backend

* Include physical.ErrValueTooLarge in the message

* Raft snapshot Take/Restore API  (#926)

* Inital work on raft snapshot APIs

* Always redirect snapshot install/download requests

* More work on the snapshot APIs

* Cleanup code a bit

* On restore handle special cases

* Use the seal to encrypt the sha sum file

* Add sealer mechanism and fix some bugs

* Call restore while state lock is held

* Send restore cb trigger through raft log

* Make error messages nicer

* Add test helpers

* Add snapshot test

* Add shamir unseal test

* Add more raft snapshot API tests

* Fix locking

* Change working to initalize

* Add underlying raw object to test cluster core

* Move leaderUUID to core

* Add raft TLS rotation logic (#950)

* Add TLS rotation logic

* Cleanup logic a bit

* Add/Remove from follower state on add/remove peer

* add comments

* Update more comments

* Update request_forwarding_service.proto

* Make sure we populate all nodes in the followerstate obj

* Update times

* Apply review feedback

* Add more raft config setting (#947)

* Add performance config setting

* Add more config options and fix tests

* Test Raft Recovery (#944)

* Test raft recovery

* Leave out a node during recovery

* remove unused struct

* Update physical/raft/snapshot_test.go

* Update physical/raft/snapshot_test.go

* fix vendoring

* Switch to new raft interface

* Remove unused files

* Switch a gogo -> proto instance

* Remove unneeded vault dep in go.sum

* Update helper/testhelpers/testhelpers.go

Co-Authored-By: Calvin Leung Huang <cleung2010@gmail.com>

* Update vault/cluster/cluster.go

* track active key within the keyring itself (#6915)

* track active key within the keyring itself

* lookup and store using the active key ID

* update docstring

* minor refactor

* Small text fixes (#6912)

* Update physical/raft/raft.go

Co-Authored-By: Calvin Leung Huang <cleung2010@gmail.com>

* review feedback

* Move raft logical system into separate file

* Update help text a bit

* Enforce cluster addr is set and use it for raft bootstrapping

* Fix tests

* fix http test panic

* Pull in latest raft-snapshot library

* Add comment
2019-06-20 12:14:58 -07:00
Clint 5309609758
Bump the Elasticsearch db dependency to latest, to pull in fixes to satisfy dbplugin.Database interface (#6929)
Merging despite the TravisCI tests failing, which do not support go modules
2019-06-19 17:40:07 -05:00
Becca Petrin 8782f2f8bb revert more unnecessary dep changes 2019-06-19 10:47:25 -07:00
Becca Petrin 75d15ae627 revert unnecessary dep updates from bad merge 2019-06-19 10:43:09 -07:00
Becca Petrin ab156603bd merge master 2019-06-19 10:24:45 -07:00
Becca Petrin 8bbf6e6fc3 update to latest plugin dependencies 2019-06-19 10:04:49 -07:00
Jeff Mitchell 659f97a0b7 Update api and sdk to remove direct gogo dep 2019-06-18 14:51:13 -04:00
Jeff Mitchell 6ddac3ad33 Bump api/sdk dep 2019-06-18 11:19:15 -04:00
Evan Phoenix 29a287648e Upgrade github.com/lib/pq to pickup SCRAM-SHA-* methods (#6895) 2019-06-17 14:45:27 -04:00
Becca Petrin 5b9d49fc2d add elasticsearch database engine 2019-06-10 09:19:11 -07:00
Becca Petrin 66aaa46588 add PCF auth method, agent, and cli handler 2019-06-06 12:26:04 -07:00
Jeff Mitchell 51eae6c3c1 Bump AWS plugin again 2019-05-28 17:37:47 -04:00
Joel Thompson 98ee4b84b4 Bump AWS SDK dependency to latest (#6788)
Also pull the latest into the local vendor
2019-05-28 16:36:32 -05:00
Jeff Mitchell ec3ea45858
Update grpc and protos (#6725)
gRPC updated to 1.20.1 which fixes a couple of important bugs.

Updates protos as well.
2019-05-13 12:09:30 -04:00
Jeff Mitchell fe8ead5f2d go mod tidy and go mod vendor 2019-04-23 20:58:55 -04:00
Jeff Mitchell ebc3fda060 Update deep to pull in default full-level-diff behavior 2019-04-19 19:52:03 -04:00
Jeff Mitchell 9a7eb54a68 Merge branch '1.1.2' into master-oss 2019-04-18 18:49:49 -04:00
Jeff Mitchell 6eaab11ab4 Bump secrets-gcp version 2019-04-15 17:54:29 -04:00
Jeff Mitchell 213b9fd1cf Update to api 1.0.1 and sdk 0.1.8 2019-04-15 14:10:07 -04:00
Jeff Mitchell cdf6f2e909 Add replace directives for api and sdk for easier dev work 2019-04-13 03:46:13 -04:00
Jeff Mitchell 9ebc57581d
Switch to go modules (#6585)
* Switch to go modules

* Make fmt
2019-04-13 03:44:06 -04:00