Commit graph

761 commits

Author SHA1 Message Date
hc-github-team-secure-vault-core 28f2585da3
backport of commit 0fa36a36ae1b4842d96623eef0d20af5dea557c0 (#23443)
Co-authored-by: Paul Banks <pbanks@hashicorp.com>
2023-10-02 09:49:05 -07:00
hc-github-team-secure-vault-core d52cf3c46d
backport of commit 4c8cc87794ed2d989f515cd30c1c1b953d092ef3 (#22247)
Co-authored-by: Mike Palmiotto <mike.palmiotto@hashicorp.com>
2023-09-01 13:02:28 -04:00
hc-github-team-secure-vault-core 6510f797ee
backport of commit 3a46df2077f61f2d8e8262441cb2e3d991571ef3 (#22198)
Co-authored-by: Steven Clark <steven.clark@hashicorp.com>
2023-08-03 14:01:14 -04:00
hc-github-team-secure-vault-core 48247cdec6
backport of commit 9ace8751ff0df06058043b92343ceab2121c2bbd (#21727)
Co-authored-by: divyaac <divya.chandrasekaran@hashicorp.com>
2023-07-10 12:52:42 -07:00
hc-github-team-secure-vault-core 946329b29d
backport of commit e0472d4059decd4a5801e027c34d38b80e038a32 (#21590)
Co-authored-by: Anton Averchenkov <84287187+averche@users.noreply.github.com>
2023-07-05 15:29:29 -04:00
hc-github-team-secure-vault-core 3ddd7a14f0
backport of commit c5549cdac681676ae52ea173d737ee1c5d1949a2 (#21272)
Co-authored-by: Nick Cabatoff <ncabatoff@hashicorp.com>
2023-06-15 20:41:45 +00:00
hc-github-team-secure-vault-core 6c26b96b31
backport of commit 0ff9059967aa3fc0f2be0fd46926f9a7f1de5573 (#21124)
Co-authored-by: Josh Black <raskchanky@gmail.com>
2023-06-09 22:04:11 +00:00
hc-github-team-secure-vault-core 84b60f3056
backport of commit f147bc1fb1197495c865145e68015d369fb16a5c (#21086)
Co-authored-by: Matt Schultz <975680+schultz-is@users.noreply.github.com>
2023-06-08 18:09:17 +00:00
miagilepner 06055fb668
VAULT-15395: Support mocking time functions in the activity log (#20720)
* mock time in the activity log

* cleanup

* fix comment

* pr fixes

* update comment to explain why new timer is needed
2023-05-23 16:25:23 +00:00
Violet Hynes 92dc054bb3
VAULT-15547 Agent/proxy decoupling, take two (#20634)
* VAULT-15547 Additional tests, refactoring, for proxy split

* VAULT-15547 Additional tests, refactoring, for proxy split

* VAULT-15547 Import reorganization

* VAULT-15547 Some missed updates for PersistConfig

* VAULT-15547 address comments

* VAULT-15547 address comments
2023-05-19 13:17:48 -04:00
Rachel Culpepper 11f9603b37
Vault-12308: Change password policy testing to be deterministic (#20625)
* change testing password policy to be deterministic

* fix panic

* test password against rules

* improve error message

* make test password gen more random

* fix check on test password length
2023-05-17 18:22:19 +00:00
Violet Hynes b2468d3481
VAULT-15547 First pass at agent/proxy decoupling (#20548)
* VAULT-15547 First pass at agent/proxy decoupling

* VAULT-15547 Fix some imports

* VAULT-15547 cases instead of string.Title

* VAULT-15547 changelog

* VAULT-15547 Fix some imports

* VAULT-15547 some more dependency updates

* VAULT-15547 More dependency paths

* VAULT-15547 godocs for tests

* VAULT-15547 godocs for tests

* VAULT-15547 test package updates

* VAULT-15547 test packages

* VAULT-15547 add proxy to test packages

* VAULT-15547 gitignore

* VAULT-15547 address comments

* VAULT-15547 Some typos and small fixes
2023-05-17 09:38:34 -04:00
Victor Rodriguez 2656c020ae
Convert seal.Access struct into a interface (OSS) (#20510)
* Move seal barrier type field from Access to autoSeal struct.

Remove method Access.SetType(), which was only being used by a single test, and
which can use the name option of NewTestSeal() to specify the type.

* Change method signatures of Access to match those of Wrapper.

* Turn seal.Access struct into an interface.

* Tweak Access implementation.

Change `access` struct to have a field of type wrapping.Wrapper, rather than
extending it.

* Add method Seal.GetShamirWrapper().

Add method Seal.GetShamirWrapper() for use by code that need to perform
Shamir-specific operations.
2023-05-04 14:22:30 -04:00
Nick Cabatoff f5b5662122
Don't require every test to specify a VaultLicense field (#20372) 2023-04-26 18:39:48 +00:00
Nick Cabatoff ad18fc6398
Docker testing: handle licensing, different images per node (#20347) 2023-04-25 17:11:46 -04:00
Nick Cabatoff 22b00eba12
Add support for docker testclusters (#20247) 2023-04-24 14:25:50 -04:00
Luis (LT) Carbonell d308c31cbf
Add Configurable LDAP Max Page Size (#19032)
* Add config flag for LDAP max page size

* Add changelog

* move changelog to correct file

* cleanup

* Default to non-paged searching for with -1

* Update website/content/api-docs/auth/ldap.mdx

Co-authored-by: Austin Gebauer <34121980+austingebauer@users.noreply.github.com>

* Update website/content/docs/auth/ldap.mdx

Co-authored-by: Austin Gebauer <34121980+austingebauer@users.noreply.github.com>

* Update tests

---------

Co-authored-by: Austin Gebauer <34121980+austingebauer@users.noreply.github.com>
2023-04-20 20:39:27 +00:00
Anton Averchenkov 5a57db3f32
openapi: Remove pcf plugin (#20067) 2023-04-11 13:54:12 -04:00
Alexander Scheel 3e36a58cf7
Support namespaces in test helpers (#20048)
Sometimes the tests will modify the client to set a namespace; this
results in testhelpers sometimes trying to access sys/ endpoints with a
namespace, which usually don't work well.

Detect an unset namespaces, if present, before executing, and restore
afterwards so as not to affect the tests.

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2023-04-11 14:09:16 +00:00
Peter Wilson 4fc4516b49
Moved 'WaitForNodesExcludingSelectedStandbys' to shared testhelpers file (#19976) 2023-04-04 15:32:01 +01:00
Violet Hynes a2f457e10c
VAULT-12940 Vault Agent uses Vault Agent specific User-Agent header when issuing requests (#19776)
* VAULT-12940 test for templating user agent

* VAULT-12940 User agent work so far

* VAULT-12940 Vault Agent uses Vault Agent specific User-Agent header when issuing requests

* VAULT-12940 Clean-up and godocs

* VAULT-12940 changelog

* VAULT-12940 Fix test checking headers

* VAULT-12940 Fix test checking headers

* VAULT-12940 Fix test checking headers

* VAULT-12940 Fix test checking headers

* VAULT-12940 copy/paste typos

* VAULT-12940 improve comments, use make(http.Header)

* VAULT-12940 small typos and clean-up
2023-04-03 14:14:47 -04:00
Peter Wilson a2bdf7250b
VAULT-14048: raft-autopilot appears to refuse to remove a node which has left and wouldn't impact stability (#19472)
* ensure we supply the node type when it's for a voter
* bumped autopilot version back to v0.2.0 and ran go mod tidy
* changed condition in knownservers and added some comments
* Export GetRaftBackend
* Updated tests for autopilot (related to dead server cleanup)
* Export Raft NewDelegate

Co-authored-by: Nick Cabatoff <ncabatoff@hashicorp.com>
2023-04-03 11:58:57 -04:00
John-Michael Faircloth 72f5ed8fe1
fix race condition in string generator helper (#19875)
* fix race condition in string generator helper

* add changelog
2023-03-31 15:19:45 +00:00
Anton Averchenkov 1b8dd129ab
Remove 'oidc' from gen_openapi.sh (#19839) 2023-03-30 13:38:56 -04:00
vinay-gopalan f2a4b23b7f
Update pseudo-version for Secrets Terraform plugin (#19798) 2023-03-29 09:01:35 -07:00
Anton Averchenkov fe53ebd19c
openapi: Remove 'ad' from gen_openapi.sh 2023-03-27 19:50:36 +00:00
Hamid Ghaf 27bb03bbc0
adding copyright header (#19555)
* adding copyright header

* fix fmt and a test
2023-03-15 09:00:52 -07:00
Anton Averchenkov f19bcd79c5
Remove 'openldap' from gen_openapi.sh (#19401) 2023-02-28 13:24:11 -05:00
Austin Gebauer d8348490d5
secrets/ad: change deprecation status to deprecated (#19334)
* secrets/ad: change deprecation status to deprecated

* adds changelog
2023-02-24 00:13:32 +00:00
miagilepner 271e5b14d2
VAULT-12299 Use file.Stat when checking file permissions (#19311)
* use file.Stat for config files

* cleanup and add path

* include directory path

* revert changes to LoadConfigDir

* remove path, add additional test:

* add changelog
2023-02-23 18:05:00 +01:00
Anton Averchenkov e5770359b5
Simplify gen_openapi.sh script (#19245)
* Simplify gen_openapi.sh script

* Update scripts/gen_openapi.sh

Co-authored-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* use correct import

---------

Co-authored-by: Daniel Huckins <dhuckins@users.noreply.github.com>
2023-02-17 14:48:05 -05:00
John-Michael Faircloth eca810d06e
test/plugin: test external database plugin workflows (#19191)
* test/plugin: test external db plugin

* use test helper to get cluster and plugins

* create test helper to create a vault admin user

* add step to revoke lease

* make tests parallel and add reload test

* use more descriptive name for test group; check response
2023-02-16 15:52:24 -06:00
Christopher Swenson 98513eb784
Update namespace.FromContext comment (#18840)
It looks like namespace context caching was removed in
https://github.com/hashicorp/vault/pull/5200
but this comment was left referencing it, which I found confusing
at first glance.
2023-02-13 11:04:32 -08:00
Nick Cabatoff 53afd2627b
Make API not depend on SDK (#18962) 2023-02-06 09:41:56 -05:00
John-Michael Faircloth 14e4d67026
test/plugin: refactor compilePlugin for reuse (#18952)
* test/plugin: refactor compilePlugin for reuse

- move compilePlugin to helper package
- make NewTestCluster use compilePlugin

* do not overwrite plugin directory in CoreConfig if set

* fix getting plugin directory path for go build
2023-02-03 16:27:11 -06:00
Nick Cabatoff c2b222a11a
Vault test cluster helper refactorings, mostly audit related (#18928)
* Move some test helper stuff from the vault package to a new helper/testhelpers/corehelpers package.  Consolidate on a single "noop audit" implementation.
2023-02-01 08:33:16 -05:00
Nick Cabatoff db41c5319d
TestClusterCore's TLSConfig becomes a method and does a Clone. (#18914) 2023-01-31 11:05:16 -05:00
Hamid Ghaf edbf093290
Allow Token Create Requests To Be Replicated (#18689)
* Allow Token Create Requests To Be Replicated

* adding a test

* revert a test
2023-01-24 14:00:27 -05:00
Hamid Ghaf 65a41d4f08
named Login MFA methods (#18610)
* named MFA method configurations

* fix a test

* CL

* fix an issue with same config name different ID and add a test

* feedback

* feedback on test

* consistent use of passcode for all MFA methods (#18611)

* make use of passcode factor consistent for all MFA types

* improved type for MFA factors

* add method name to login CLI

* minor refactoring

* only accept MFA method name with its namespace path in the login request MFA header

* fix a bug

* fixing an ErrorOrNil return value

* more informative error message

* Apply suggestions from code review

Co-authored-by: Nick Cabatoff <ncabatoff@hashicorp.com>

* feedback

* test refactor a bit

* adding godoc for a test

* feedback

* remove sanitize method name

* guard a possbile nil ref

Co-authored-by: Nick Cabatoff <ncabatoff@hashicorp.com>
2023-01-23 15:51:22 -05:00
Tom Proctor fc378c0908
Event system alpha experiment (#18795) 2023-01-23 19:26:49 +00:00
Tom Proctor d5c35f39c3
Add experiment system + events experiment (#18682) 2023-01-16 16:07:18 +00:00
Peter Wilson 5f5cad736a
VAULT-12264: Fix log rotation params which require an integer (#18666)
* integer values for some log flags
* Adjusted `log_flags` to expect `int` for max files and max bytes
* Updated `server` and `agent`
 Renamed updateConfig (and updateLogConfig)
* Added int log params to test
* Adjust config/params so we can identify when they're not present
* Removed pointer confusion
2023-01-11 20:04:57 +00:00
Ellie 6f7757e949
add core state lock deadlock detection config option v2 (#18604)
* add core state lockd eadlock detection config option v2

* add changelog

* split out NewTestCluster function to maintain build flag

* replace long func with constant

* remove line

* rename file, and move where detect deadlock flag is set
2023-01-11 13:32:05 -06:00
Mike Palmiotto 43a78c85f4
Mark deprecated builtins Removed (#18039)
* Remove logical database builtins

* Drop removed builtins from registry keys

* Update plugin prediction test

* Remove app-id builtin

* Add changelog
2023-01-09 09:16:35 -05:00
Chris Capurso 4dc5155c5f
Link OSS (#18228)
* add Link config, init, and capabilities

* add node status proto

* bump protoc version to 3.21.9

* make proto

* adding link tests

* remove wrapped link

* add changelog entry

* update changelog entry
2022-12-08 15:02:18 -05:00
Nick Cabatoff 342b61984a
Move version out of SDK. (#14229)
Move version out of SDK.  For now it's a copy rather than move: the part not addressed by this change is sdk/helper/useragent.String, which we'll want to remove in favour of PluginString.  That will have to wait until we've removed uses of useragent.String from all builtins.
2022-12-07 13:29:51 -05:00
Peter Wilson f87b7f1737
Only attempt rotation if files already exist when a Write is requested. (#18262) 2022-12-07 15:47:43 +00:00
Peter Wilson 21a8bcaa7b
Updated go-hclog to v1.4.0 to allow access to GetLevel. Refactored TranslateLoggerLevel (#18260) 2022-12-07 14:25:54 +00:00
Peter Wilson 94a349c406
Ensure base logging uses IndependentLevels (#18249) 2022-12-06 22:10:44 +00:00
Nick Cabatoff 12e1b609ac
Create global quotas of each type in every NewTestCluster. (#18038)
Create global quotas of each type in every NewTestCluster.  Also switch some key locks to use DeadlockMutex to make it easier to discover deadlocks in testing.

NewTestCluster also now starts the cluster, and the Start method becomes a no-op.  Unless SkipInit is provided, we also wait for a node to become active, eliminating the need for WaitForActiveNode.  This was needed because otherwise we can't safely make the quota api call.  We can't do it in Start because Start doesn't return an error, and I didn't want to begin storing the testing object T instead TestCluster just so we could call t.Fatal inside Start. 

The last change here was to address the problem of how to skip setting up quotas when creating a cluster with a nonstandard handler that might not even implement the quotas endpoint.  The challenge is that because we were taking a func pointer to generate the real handler func, we didn't have any way to compare that func pointer to the standard handler-generating func http.Handler without creating a circular dependency between packages vault and http.  The solution was to pass a method instead of an anonymous func pointer so that we can do reflection on it.
2022-11-29 14:38:33 -05:00