Commit Graph

552 Commits

Author SHA1 Message Date
Alexander Scheel 30488bc374
sdk/helper/nonce -> go-secure-stdlib/nonceutil (#20737)
Depends on https://github.com/hashicorp/go-secure-stdlib/pull/73

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2023-05-25 20:57:08 +00:00
vinay-gopalan f9f4b68a58
upgrade vault-plugin-secrets-alicloud to v0.15.0 (#20787) 2023-05-25 10:34:48 -07:00
Robert 2fa0953759
auth/kerberos: upgrade plugin version (#20771)
* Upgrade vault-plugin-auth-kerberos to v0.10.0
2023-05-25 17:29:42 +00:00
Robert a7054c643b
database/redis: upgrade plugin version (#20763)
* Upgrade vault-plugin-database-redis to v0.2.1
2023-05-25 17:25:18 +00:00
Raymond Ho e010999167
fix: upgrade vault-plugin-auth-cf to v0.15.0 (#20785) 2023-05-25 17:10:51 +00:00
Robert bd528daeef
database/elasticsearch: upgrade plugin version (#20767)
* Upgrade vault-plugin-database-elasticsearch to v0.13.2
2023-05-25 17:09:41 +00:00
vinay-gopalan ae2ebb1b1b
upgrade vault-plugin-auth-alicloud to v0.15.0 (#20758) 2023-05-25 09:56:48 -07:00
Raymond Ho 0d1ecfdc7d
fix: upgrade vault-plugin-secrets-terraform to v0.7.1 (#20748) 2023-05-25 16:47:08 +00:00
Robert 9c09bf1501
secrets/gcpkms: upgrade plugin version (#20784)
* Upgrade vault-plugin-secrets-gcpkms to v0.15.0
2023-05-25 16:39:00 +00:00
Christopher Swenson d0c364558c
fix: upgrade vault-plugin-database-couchbase to v0.9.2 (#20764) 2023-05-25 09:17:36 -07:00
Raymond Ho 8f83bee210
fix: upgrade vault-plugin-secrets-mongodbatlas to v0.10.0 (#20742) 2023-05-25 09:13:28 -07:00
Raymond Ho 400d47d93c
fix: upgrade vault-plugin-auth-centrify to v0.15.1 (#20745) 2023-05-25 09:13:11 -07:00
Max Coulombe 84b63ed833
Updated the azure secrets plugin (#20777)
* updated the azure secrets plugin
2023-05-25 11:27:33 -04:00
Daniel Huckins 958ccda6b1
agent: Add implementation for injecting secrets as environment variables to vault agent cmd (#20739)
* added exec and env_template config/parsing

* add tests

* we can reuse ctconfig here

* do not create a non-nil map

* check defaults

* Apply suggestions from code review

Co-authored-by: Anton Averchenkov <84287187+averche@users.noreply.github.com>

* Apply suggestions from code review

Co-authored-by: Anton Averchenkov <84287187+averche@users.noreply.github.com>

* first go of exec server

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* convert to list

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* convert to list

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* sig test

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* add failing example

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* refactor for config changes

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* add test for invalid signal

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* account for auth token changes

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* only start the runner once we have a token

* tests in diff branch

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* Apply suggestions from code review

Co-authored-by: Anton Averchenkov <84287187+averche@users.noreply.github.com>

* fix rename

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* Update command/agent/exec/exec.go

Co-authored-by: Anton Averchenkov <84287187+averche@users.noreply.github.com>

* apply suggestions from code review

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* cleanup

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* remove unnecessary lock

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* refactor to use enum

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* dont block

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* handle default

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* make more explicit

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* cleanup

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* remove unused

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* remove unused file

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* remove test app

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* Apply suggestions from code review

Co-authored-by: Anton Averchenkov <84287187+averche@users.noreply.github.com>

* apply suggestions from code review

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* update comment

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* add changelog

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* new channel for exec server token

* wire to run with vault agent

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* watch for child process to exit on its own

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* block before returning

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

---------

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>
Co-authored-by: Anton Averchenkov <84287187+averche@users.noreply.github.com>
2023-05-25 09:23:56 -04:00
Daniel Huckins 2343ff04f6
agent: Add implementation for injecting secrets as environment variables (#20628)
* added exec and env_template config/parsing

* add tests

* we can reuse ctconfig here

* do not create a non-nil map

* check defaults

* Apply suggestions from code review

Co-authored-by: Anton Averchenkov <84287187+averche@users.noreply.github.com>

* Apply suggestions from code review

Co-authored-by: Anton Averchenkov <84287187+averche@users.noreply.github.com>

* first go of exec server

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* convert to list

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* convert to list

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* sig test

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* add failing example

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* refactor for config changes

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* add test for invalid signal

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* account for auth token changes

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* only start the runner once we have a token

* tests in diff branch

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* Apply suggestions from code review

Co-authored-by: Anton Averchenkov <84287187+averche@users.noreply.github.com>

* fix rename

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* Update command/agent/exec/exec.go

Co-authored-by: Anton Averchenkov <84287187+averche@users.noreply.github.com>

* apply suggestions from code review

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* cleanup

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* remove unnecessary lock

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* refactor to use enum

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* dont block

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* handle default

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* make more explicit

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* cleanup

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* remove unused

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* remove unused file

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* remove test app

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* Apply suggestions from code review

Co-authored-by: Anton Averchenkov <84287187+averche@users.noreply.github.com>

* apply suggestions from code review

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* update comment

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* add changelog

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* watch for child process to exit on its own

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

---------

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>
Co-authored-by: Anton Averchenkov <84287187+averche@users.noreply.github.com>
2023-05-24 16:56:06 -04:00
Raymond Ho c921a74b56
fix: upgrade vault-plugin-secrets-openldap to v0.11.0 (#20753) 2023-05-24 13:45:24 -07:00
vinay-gopalan 1ef982849b
upgrade vault-plugin-secrets-ad to v0.16.0 (#20750) 2023-05-24 13:37:41 -07:00
Christopher Swenson 7956c382e6
fix: upgrade vault-plugin-database-redis-elasticache to v0.2.1 (#20751) 2023-05-24 20:15:53 +00:00
kpcraig 628c51516a
VAULT-12226: Add Static Roles to the AWS plugin (#20536)
Add static roles to the aws secrets engine

---------

Co-authored-by: maxcoulombe <max.coulombe@hashicorp.com>
Co-authored-by: vinay-gopalan <86625824+vinay-gopalan@users.noreply.github.com>
Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>
2023-05-24 14:55:13 -04:00
John-Michael Faircloth a151ec76dd
fix: upgrade vault-plugin-auth-oci to v0.14.0 (#20743) 2023-05-24 13:00:49 -05:00
John-Michael Faircloth a123ca2b6a
fix: upgrade vault-plugin-secrets-kv to v0.15.0 (#20746) 2023-05-24 13:00:23 -05:00
Christopher Swenson d12604eff2
fix: upgrade vault-plugin-auth-gcp to v0.16.0 (#20725) 2023-05-23 11:24:33 -07:00
Márk Sági-Kazár 258b2ef740
Upgrade go-jose library to v3 (#20559)
* upgrade go-jose library to v3

Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com>

* chore: fix unnecessary import alias

Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com>

* upgrade go-jose library to v2 in vault

Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com>

---------

Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com>
2023-05-23 12:25:58 +00:00
Daniel Huckins 2658dcf48d
agent: Add support for parsing env_template configuration files (#20598)
* added exec and env_template config/parsing

* add tests

* we can reuse ctconfig here

* do not create a non-nil map

* check defaults

* Apply suggestions from code review

Co-authored-by: Anton Averchenkov <84287187+averche@users.noreply.github.com>

* Apply suggestions from code review

Co-authored-by: Anton Averchenkov <84287187+averche@users.noreply.github.com>

* convert to list

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* convert to list

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* sig test

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* add failing example

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* add test for invalid signal

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* Update command/agent/config/config.go

* use latest consul-template

* fix build

* fix test

* fix test fixtures

* make fmt

* test docs

* rename file

* env var -> environment variable

* default to SIGTERM

* empty line

* explicit naming

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* clean typo

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* replace $ HOME with /home/username in examples

* remove empty line

---------

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>
Co-authored-by: Anton Averchenkov <84287187+averche@users.noreply.github.com>
Co-authored-by: Anton Averchenkov <anton.averchenkov@hashicorp.com>
2023-05-19 18:11:41 -04:00
Anton Averchenkov f551f4e5ba
cli: Add 'agent generate-config' sub-command (#20530) 2023-05-19 13:42:19 -04:00
Nick Cabatoff 22b00eba12
Add support for docker testclusters (#20247) 2023-04-24 14:25:50 -04:00
Nick Cabatoff 313957b911
Add tests based on vault binary (#20224)
First steps towards docker-based tests: tests using vault binary in -dev or -dev-three-node modes.
2023-04-24 09:57:37 -04:00
Nick Cabatoff 21f3977639
Use a current version of etcd (#20261)
Use a current version of etcd, remove the replace hack in go.mod that was intended to be temporary.
2023-04-19 14:17:11 -04:00
Raymond Ho e26aa0aff2
update vault-plugin-secrets-openldap@main (#19993) 2023-04-05 14:40:08 -07:00
John-Michael Faircloth de68f1820e
upgrade mongo driver to 1.11 (#19954)
* upgrade mongo driver to 1.11

* add changelog

* fix failing test comparison

* ignore http.Transport
2023-04-03 22:18:18 -05:00
Violet Hynes a2f457e10c
VAULT-12940 Vault Agent uses Vault Agent specific User-Agent header when issuing requests (#19776)
* VAULT-12940 test for templating user agent

* VAULT-12940 User agent work so far

* VAULT-12940 Vault Agent uses Vault Agent specific User-Agent header when issuing requests

* VAULT-12940 Clean-up and godocs

* VAULT-12940 changelog

* VAULT-12940 Fix test checking headers

* VAULT-12940 Fix test checking headers

* VAULT-12940 Fix test checking headers

* VAULT-12940 Fix test checking headers

* VAULT-12940 copy/paste typos

* VAULT-12940 improve comments, use make(http.Header)

* VAULT-12940 small typos and clean-up
2023-04-03 14:14:47 -04:00
Peter Wilson a2bdf7250b
VAULT-14048: raft-autopilot appears to refuse to remove a node which has left and wouldn't impact stability (#19472)
* ensure we supply the node type when it's for a voter
* bumped autopilot version back to v0.2.0 and ran go mod tidy
* changed condition in knownservers and added some comments
* Export GetRaftBackend
* Updated tests for autopilot (related to dead server cleanup)
* Export Raft NewDelegate

Co-authored-by: Nick Cabatoff <ncabatoff@hashicorp.com>
2023-04-03 11:58:57 -04:00
Max Coulombe af20d4a6aa
Bumping ad dependencies (#19829)
* bumping ad dependencies
2023-03-31 11:01:02 -04:00
Milena Zlaticanin 73edda4d1f
secrets/mongodbatlas: upgrade dependencies (#19861)
* secrets/mongodbatlas: upgrade dependencies

* add changelog
2023-03-30 11:24:31 -07:00
John-Michael Faircloth ebd97f1fb2
plugin/secrets/alicloud: upgrade dependencies (#19846)
* plugin/secrets/alicloud: upgrade dependencies

* add changelog
2023-03-30 11:11:15 -04:00
vinay-gopalan f2a4b23b7f
Update pseudo-version for Secrets Terraform plugin (#19798) 2023-03-29 09:01:35 -07:00
akshya96 c3b1c3188c
Github Action to check deprecations in PR (#19666)
* deprecation check

* adding script

* add execute permission to script

* revert changes

* adding the script back

* added working script for local and GHA

* give execute permissions

* updating revgrep

* adding changes to script, tools

* run go mod tidy

* removing default ref

* make bootstrap

* adding to makefile
2023-03-27 22:50:58 -07:00
Austin Gebauer 66e26d2735
secrets/ldap: upgrades plugin to v0.10.1 (#19640)
* secrets/ldap: upgrades plugin to v0.10.1

* adds changelog
2023-03-20 11:29:09 -07:00
Austin Gebauer f73348e501
database/elasticsearch: upgrades plugin to v0.13.1 (#19545)
* database/elasticsearch: upgrades plugin to v0.13.1

* adds changelog
2023-03-15 10:24:03 -07:00
Marc Boudreau 84238dee52
Introduce GitHub Actions CI Workflow (#19449)
* Migrate subset of CircleCI ci workflow to GitHub Actions

Runs test-go and test-go-remote-docker with a static splitting of test packages

* [skip actions] add comment to explain the purpose of test-generate-test-package-lists.sh and what to do if it fails

* change trigger to push

---------

Co-authored-by: Kuba Wieczorek <kuba.wieczorek@hashicorp.com>
2023-03-06 16:57:55 -05:00
Nick Cabatoff 89f31aca48
Revert "updated raft-autopilot to v0.2.0 (#17848)" (#19353)
This reverts commit 21cab77be8df948af147c11758f7fa0620ae8be6.
2023-02-24 14:24:32 -05:00
Tom Proctor 5b52184766
Update x/net and x/crypto/ssh (#19282)
* Update x/net and x/crypto/ssh in api and sdk

* go mod tidy in root go module
2023-02-22 13:46:12 +00:00
Anton Averchenkov e5770359b5
Simplify gen_openapi.sh script (#19245)
* Simplify gen_openapi.sh script

* Update scripts/gen_openapi.sh

Co-authored-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* use correct import

---------

Co-authored-by: Daniel Huckins <dhuckins@users.noreply.github.com>
2023-02-17 14:48:05 -05:00
Christopher Swenson 404d7a57bb
events: WS protobuf messages should be binary (#19232)
The [WebSockets spec](https://www.rfc-editor.org/rfc/rfc6455) states
that text messages must be valid UTF-8 encoded strings, which protobuf
messages virtually never are. This now correctly sends the protobuf events
as binary messages.

We change the format to correspond to CloudEvents, as originally intended,
and remove a redundant timestamp and newline.

We also bump the eventlogger to fix a race condition that this code triggers.
2023-02-17 11:38:03 -08:00
Scott Miller ccab6ab676
Update go-kms-wrapping and it's gcpc wrapper to pick up google-cloud-go migration (#19219) 2023-02-16 11:21:25 -06:00
mickael-hc f144c8c239
bump dev depenendencies (#19140)
reduces alert noise
2023-02-13 10:31:43 -05:00
Austin Gebauer 1b4bbe2b5b
upgrade vault-plugin-database-mongodbatlas to v0.9.0 (#19153) 2023-02-11 00:57:18 +00:00
Tom Proctor eb1d58257c
Bump kv plugin v0.14.0->v0.14.2 (#19145) 2023-02-10 21:42:05 +00:00
Austin Gebauer 12871c1974
upgrade vault-plugin-secrets-alicloud to v0.14.1 (#19128) 2023-02-10 09:32:46 -08:00
Austin Gebauer cf5abe021f
upgrade vault-plugin-secrets-alicloud to v0.14.0 (#19118) 2023-02-10 09:13:04 -08:00