Commit graph

15905 commits

Author SHA1 Message Date
Steven Clark b7c4c80a5c
update api to use sdk/v0.6.0 (#17224) 2022-09-20 10:11:29 -04:00
Nick Cabatoff d8101f82ee
Handle when pluginCatalog.Get returns (nil,nil) during cred backend creation (#17204) 2022-09-20 08:57:08 -04:00
Nick Cabatoff c7f4d79684
We don't need to test LifetimeWatcher's behaviour with database leases specifically. (#17208) 2022-09-20 08:23:51 -04:00
Tom Proctor f5655ae857
Plugins: Consistently use plugin_version (#17171)
* Delete Sha field, rename RunningSha -> RunningSha256
* Rename version -> plugin_version
2022-09-20 12:35:50 +01:00
Tom Proctor abfeb59646
Upgrade vault-plugin-auth-centrify to v0.13.0 (#17195) 2022-09-20 06:05:50 -04:00
vinay-gopalan c548ea39be
Re-initialize v5 backend after a plugin crash (#17140) 2022-09-19 16:48:45 -07:00
Christopher Swenson 5a8a896b5a
fix: upgrade vault-plugin-database-elasticsearch to v0.12.0 (#17203) 2022-09-19 14:46:23 -07:00
Christopher Swenson 4ad2dcbfe3
fix: upgrade vault-plugin-database-couchbase to v0.8.0 (#17205) 2022-09-19 14:12:33 -07:00
claire bontempo e89745178b
UI: Add 'disable' to CRL config (#17153)
* add disable to crl attrs

* add changelog

* change styling per design

* update tests and fix default setting of buildCrl

* cleanup + refactor
2022-09-19 14:03:50 -07:00
Robert b8afefbc6a
secrets/ad: update plugin to v0.14.0 (#17214) 2022-09-19 16:03:17 -05:00
Steven Clark dae2ef535b
Update protos to match update of protobuf go library (#17215) 2022-09-19 16:45:44 -04:00
Jordan Reimer 583f8f08d0
HCP Link Status Updates (#17213)
* updates hcp link status message parsing and adds handling for connection errors

* adds handling for missing status to link-status component
2022-09-19 14:37:40 -06:00
Ben Ash d76dbeead1
fix: upgrade vault-plugin-auth-oci to v0.12.0 (#17212) 2022-09-19 13:34:44 -07:00
Milena Zlaticanin f115a3929f
secrets/mongodbatlas: upgrade plugin to v0.8.0 (#17211) 2022-09-19 15:13:36 -05:00
Tom Proctor f7fdb7b7d0
Upgrade vault-plugin-auth-cf to v0.13.0 (#17196) 2022-09-19 19:24:24 +01:00
Tom Proctor bc5ac79928
Upgrade vault-plugin-auth-azure to v0.12.0 (#17194) 2022-09-19 19:22:09 +01:00
Hamid Ghaf 35258379fd
adding missing telemetry entry for cached auth response (#17197) 2022-09-19 14:08:39 -04:00
Ben Ash bdb9fb0a33
Update changelog for gcpkms dep updates. (#17202) 2022-09-19 11:00:37 -07:00
Ben Ash adf9b7eca0
fix: upgrade vault-plugin-secrets-alicloud to v0.13.0 (#17201) 2022-09-19 10:39:36 -07:00
Christopher Swenson 17fd8ad465
fix: upgrade vault-plugin-database-mongodbatlas to v0.8.0 (#17200) 2022-09-19 10:16:20 -07:00
vinay-gopalan f0d3cbaa43
bump secrets/azure to v0.14.0 (#17180) 2022-09-19 10:02:57 -07:00
Ben Ash bc8ab07b28
fix: upgrade vault-plugin-secrets-gcpkms to v0.13.0 (#17199) 2022-09-19 12:56:56 -04:00
vinay-gopalan fdebc2c2c3
bump secrets/kv to v0.13.0 (#17175) 2022-09-19 09:40:52 -07:00
Yoko Hyakuna 402b8279b4
Fix a broken URL (#17192) 2022-09-19 08:57:07 -07:00
Steven Clark 555a5833ec
Bring back managed key documentation update from ENT to OSS (#17190) 2022-09-19 11:46:30 -04:00
Alexander Scheel c0264c923d
Don't race for CRL rebuilding capability check (#17185)
* Don't race for CRL rebuilding capability check

Core has recently seen some data races during SystemView/replication
updates between them and the PKI subsystem. This is because this
SystemView access occurs outside of a request (during invalidation
handling) and thus the proper lock isn't held.

Because replication status cannot change within the lifetime of a plugin
(and instead, if a node switches replication status, the entire plugin
instance will be torn down and recreated), it is safe to cache this
once, at plugin startup, and use it throughout its lifetime.

Thus, we replace this SystemView access with a stored boolean variable
computed ahead of time.

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Update builtin/logical/pki/backend.go

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2022-09-19 11:41:32 -04:00
Steven Clark 7f3dd736c9
Update OSS dependencies to match newer versions that ENT is using (#17188) 2022-09-19 10:33:36 -04:00
Max Coulombe 709c1bebf6
+ added Redis ElastiCache documentation (#17133)
* added Redis ElastiCache documentation
2022-09-19 10:26:49 -04:00
Steven Clark 05a5928b8d
Update missing go-kms-wrapping v2 dep and address some ENT->OSS drift (#17178)
* Update missing go-kms-wrapping v2 dep and address some ENT->OSS drift

* Bump go-kms-wrapping/wrappers/gcpckms/v2 to v2.0.1
2022-09-19 10:23:40 -04:00
Alexander Scheel 9cd4850bc8
Fix race in cert auth tests (#17181)
There were two races here:

 1. Tests racing against periodic func on updating the backend.
 2. Tests racing internally to itself, to access the http-served
    CRL data.

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2022-09-19 09:09:03 -04:00
Mike Palmiotto 2bb11d2d4c
semgrep: Add replication-has-state and fix findings (#17179) 2022-09-19 08:15:27 -04:00
vinay-gopalan 38eca7b66e
update changelog with google dep updates (#17176) 2022-09-16 15:46:46 -07:00
Robert e529bac132
auth/kerberos: update plugin to v0.8.0 (#17173)
* Update plugin version to v0.8.0
2022-09-16 16:50:12 -05:00
Scott Miller 7f38b0440e
Fetch CRLs from a user defined URL (#17136)
* Fetch CRLs from a user defined CDP (PoC)

* Handle no param sent

* Move CRL fetch to a periodFunc.  Use configured CA certs + system root as trusted certs for CRL fetch

* comments

* changelog

* Just use root trust

* cdp->url in api

* Store CRL and populate it initially in cdlWrite

* Update docs

* Update builtin/credential/cert/path_crls.go

Co-authored-by: Steven Clark <steven.clark@hashicorp.com>

* Handle pre-verification of a CRL url better

* just in case

* Fix crl write locking

* Add a CRL fetch unit test

* Remove unnecessary validity clear

* Better func name

* Don't exit early updating CRLs

* lock in updateCRLs

* gofumpt

* err-

Co-authored-by: Steven Clark <steven.clark@hashicorp.com>
2022-09-16 16:44:30 -05:00
Robert d89aeb7a3a
secrets/terraform: update plugin to v.0.6.0 (#17172)
* Update plugin version to v.0.6.0
2022-09-16 15:56:39 -05:00
Luis (LT) Carbonell a0f4c18f44
Add links for service registration provides (#17170) 2022-09-16 15:28:18 -05:00
Austin Gebauer 7b862f33c3
secrets/gcp: updates plugin to v0.14.0 (#17174)
* secrets/gcp: updates plugin to v0.14.0

* adds changelog
2022-09-16 12:42:37 -07:00
Mike Palmiotto fc87471580
docs: Add faq for deprecation status (#17096) 2022-09-16 15:38:40 -04:00
vinay-gopalan ec76c2c8a3
update auth/gcp to v0.14.0 (#17160) 2022-09-16 09:39:34 -07:00
Josh Black 04a2396573
Adjust raft transactions to be safer with get operations (#17151) 2022-09-16 09:35:48 -07:00
Max Coulombe a3f7a8c487
+ upgrade redis-elasticache plugin to v0.1.0 (#17163) 2022-09-16 12:32:12 -04:00
Theron Voran c9e5bee8d0
docs/vault-k8s: update for v1.0.0 release (#17165) 2022-09-16 08:46:39 -07:00
Theron Voran 81ea92459c
secrets/kubernetes: upgrade to v0.2.0 (#17164) 2022-09-16 08:31:53 -07:00
Nick Cabatoff b7c5dbd713
Reduce time taken to run the vault test package (#17157)
Factored out some plugin related tests into their own test package, and added a bunch of parallelism.  Moved some non-plugin tests that were in logical_system_integ_test into another file (keeping them in vault package) just for cohesion.
2022-09-16 09:53:16 -04:00
Steven Clark 7f31d68d86
Update semgrep to 0.113.0 (#17168)
* Update semgrep to 0.113.0
* Print semgrep version in CI
2022-09-16 14:41:58 +01:00
Theron Voran 37b30337a0
auth/kubernetes: upgrade to v0.14.0 (#17161) 2022-09-16 02:03:21 -04:00
Austin Gebauer c1f51417b0
Adds ldap secrets to plugin registry and updates to v0.9.0 (#17152)
* Adds ldap secrets to plugin registry and updates to v0.9.0

* adds changelog

* fix test
2022-09-15 22:19:24 -07:00
Christopher Swenson b136a7ecd8
Add plugin version to GRPC interface (#17088)
Add plugin version to GRPC interface

Added a version interface in the sdk/logical so that it can be shared between all plugin types, and then wired it up to RunningVersion in the mounts, auth list, and database systems.

I've tested that this works with auth, database, and secrets plugin types, with the following logic to populate RunningVersion:

If a plugin has a PluginVersion() method implemented, then that is used
If not, and the plugin is built into the Vault binary, then the go.mod version is used
Otherwise, the it will be the empty string.
My apologies for the length of this PR.

* Placeholder backend should be external

We use a placeholder backend (previously a framework.Backend) before a
GRPC plugin is lazy-loaded. This makes us later think the plugin is a
builtin plugin.

So we added a `placeholderBackend` type that overrides the
`IsExternal()` method so that later we know that the plugin is external,
and don't give it a default builtin version.
2022-09-15 16:37:59 -07:00
Christopher Swenson aa503ef7ff
fix: upgrade vault-plugin-database-snowflake to v0.6.0 (#17159)
fix: upgrade vault-plugin-database-snowflake to v0.6.0
2022-09-15 16:01:56 -07:00
Austin Gebauer c87954e7e3
auth/jwt: updates plugin to v0.14.0 (#17154) 2022-09-15 13:44:50 -07:00