Commit graph

2863 commits

Author SHA1 Message Date
hc-github-team-secure-vault-core 9310e3acba
backport of commit 5b41148bfcfd305991c19998f6d04ca8880da137 (#21488) 2023-06-28 17:46:37 +00:00
hc-github-team-secure-vault-core aa7b7ad951
backport of commit c3741b0177056d9e999ff03a6542a4811508fa9a (#21485)
Co-authored-by: Violet Hynes <violet.hynes@hashicorp.com>
2023-06-27 15:54:28 -04:00
hc-github-team-secure-vault-core 36365ed7f4
backport of commit 3a46ecc389e9096ccea6c6f847b68ada7f8068d7 (#21362)
Co-authored-by: Violet Hynes <violet.hynes@hashicorp.com>
2023-06-21 14:01:13 +00:00
hc-github-team-secure-vault-core 3ddd7a14f0
backport of commit c5549cdac681676ae52ea173d737ee1c5d1949a2 (#21272)
Co-authored-by: Nick Cabatoff <ncabatoff@hashicorp.com>
2023-06-15 20:41:45 +00:00
hc-github-team-secure-vault-core 7385e73a15
backport of commit 7b56b69959a7e5c1eb6326df3dd92e2411154548 (#21265)
Co-authored-by: Nick Cabatoff <ncabatoff@hashicorp.com>
2023-06-15 17:05:27 +00:00
hc-github-team-secure-vault-core fa482cbf1c
backport of commit f2887a253506f80cd507d619dc49a2a495c173c1 (#21139)
Co-authored-by: Paul Banks <pbanks@hashicorp.com>
2023-06-13 14:21:51 +00:00
hc-github-team-secure-vault-core 6c26b96b31
backport of commit 0ff9059967aa3fc0f2be0fd46926f9a7f1de5573 (#21124)
Co-authored-by: Josh Black <raskchanky@gmail.com>
2023-06-09 22:04:11 +00:00
hc-github-team-secure-vault-core 03a8d1268a
backport of commit 8931e4790b46df81cca615865e1f33a127276e1d (#20972)
Co-authored-by: akshya96 <87045294+akshya96@users.noreply.github.com>
2023-06-08 18:59:55 +00:00
hc-github-team-secure-vault-core 6009fab706
backport of commit b54645514400b7c3db6e4a60b5491cdb7d55ceb6 (#20869)
Co-authored-by: akshya96 <87045294+akshya96@users.noreply.github.com>
2023-05-31 17:51:20 +00:00
hc-github-team-secure-vault-core c16d572ab8
backport of commit 3b5ca69b62a3c59468754278f579610c0902fa05 (#20839)
Co-authored-by: Nick Cabatoff <ncabatoff@hashicorp.com>
2023-05-30 16:41:07 +00:00
hc-github-team-secure-vault-core 337d13cc3a
backport of commit c67242463c239215a1dbf3b9979787a5f8359bbf (#20830)
Co-authored-by: Nick Cabatoff <ncabatoff@hashicorp.com>
2023-05-29 15:02:27 +00:00
miagilepner 741c890ce0
VAULT-14735: write mock activity log entity files (#20702)
* support writing entities

* tests for writing entity segments
2023-05-25 18:55:55 +02:00
Peter Wilson 9723462891
updated Leader godoc comment to give a warning on possible deadlock (#20773) 2023-05-25 12:02:39 +00:00
akshya96 38250d1917
Revert "User Lockout Perf Standby Error oss (#20766)" (#20770)
This reverts commit 7a546a96e41e24b8341bb890154c9093accb9dc9.
2023-05-24 18:55:34 -07:00
akshya96 3200310b90
User Lockout Perf Standby Error oss (#20766)
* adding changes from ent

* add changelog

* removing new line
2023-05-24 17:35:17 -07:00
Alexander Scheel c67546511d
Move activityType to a constant, set precedence (#20738)
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2023-05-24 12:29:47 -04:00
miagilepner fdecd99d26
VAULT-14735: repeated and segmented activity log clients (#20699)
* add repeated, segmented, and writing

* simplify

* pr fixes

* remove comment

* Update vault/logical_system_activity_write_testonly.go

Co-authored-by: Mike Palmiotto <mike.palmiotto@hashicorp.com>

---------

Co-authored-by: Mike Palmiotto <mike.palmiotto@hashicorp.com>
2023-05-24 08:42:00 +00:00
miagilepner 06055fb668
VAULT-15395: Support mocking time functions in the activity log (#20720)
* mock time in the activity log

* cleanup

* fix comment

* pr fixes

* update comment to explain why new timer is needed
2023-05-23 16:25:23 +00:00
Márk Sági-Kazár 258b2ef740
Upgrade go-jose library to v3 (#20559)
* upgrade go-jose library to v3

Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com>

* chore: fix unnecessary import alias

Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com>

* upgrade go-jose library to v2 in vault

Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com>

---------

Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com>
2023-05-23 12:25:58 +00:00
miagilepner bff8931640
VAULT-14735: generate mock clients for activity log (#20252)
* first part of segment client generation

* fix imports

* initial pr fixes

* refactor and fix

* update comments

* assign client type
2023-05-23 11:58:51 +02:00
Mike Palmiotto dc8d2af2d8
Add current_billing_period activity endpoint param (#20694)
* Add current_billing_period activity endpoint param

This commit introduces a new parameter: `current_billing_period`, which
can be used in lieu of `start_time` and `end_time` options.

GET ... /sys/internal/counters/activity?current_billing_period=true now
results in a response which contains the full billing period
information.

* changelog

* Update internal counters docs
2023-05-22 09:22:45 -04:00
Mike Palmiotto a40341d176
Add client_type field to EntityRecord protobuf (#20626)
* Add client_type field to EntityRecord protobuf

* changelog

* Add ACME clientType verification
2023-05-19 20:30:12 +00:00
Alexander Scheel 9d2af72bde
Fix entropy sourcing on Vault Enterprise (#20684)
Note the three overlapping scenarios discussed in the comments. In the
future, when this interface is more broadly supported, we should likely
add the interface directly to SystemView and implement it over the GRPC
interface, removing this nasty layering of already complex SystemView
implementations.

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2023-05-19 14:15:43 -04:00
miagilepner 7aa1bce6fb
VAULT-15703: Reload automated reporting (#20680)
* support config reloading for census

* changelog

* second changelog entry for license updates

* correct changelog PR
2023-05-19 14:42:50 +00:00
l-with d1d3d697da
Add possibility to decode generated encoded root token to api (#20595) 2023-05-18 15:18:19 -04:00
Hamid Ghaf 04d81e1c27
report intermediate error messages during request forwarding (#20643)
* report intermediate error messages during request forwarding

* CL
2023-05-18 05:07:54 -07:00
Marc Boudreau b35ded0cb8
VAULT-16217 Fixing Broken OpenAPI Specification Generation (#20597)
* including path parameters into stub Paths for enterprise-only endpoints

* Set Required to true for path parameters in enterprise-only path stubs

Co-authored-by: Anton Averchenkov <84287187+averche@users.noreply.github.com>

* properly format go code

* re-adding initialization of Fields and Operations fields in the stubbed Path struct

---------

Co-authored-by: Anton Averchenkov <84287187+averche@users.noreply.github.com>
2023-05-17 14:56:45 -04:00
Rachel Culpepper 11f9603b37
Vault-12308: Change password policy testing to be deterministic (#20625)
* change testing password policy to be deterministic

* fix panic

* test password against rules

* improve error message

* make test password gen more random

* fix check on test password length
2023-05-17 18:22:19 +00:00
Alexander Scheel e58f3816a4
Start counting ACME certificate issuance as client activity (#20520)
* Add stub ACME billing interfaces

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add initial implementation of client count

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Correctly attribute to mount, namespace

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Refactor adding entities of custom types

This begins to add custom types of events; presently these are counted
as non-entity tokens, but prefixed with a custom ClientID prefix.

In the future, this will be the basis for counting these events
separately (into separate buckets and separate storage segments).

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Refactor creation of ACME mounts

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add test case for billing

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Better support managed key system view casting

Without an additional parameter, SystemView could be of a different
internal implementation type that cannot be directly casted to in OSS.
Use a separate parameter for the managed key system view to use instead.

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Refactor creation of mounts for enterprise

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Validate mounts in ACME billing tests

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Use a hopefully unique separator for encoded identifiers

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Use mount accesor, not path

Co-authored-by: miagilepner <mia.epner@hashicorp.com>
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Rename AddEventToFragment->AddActivityToFragment

Co-authored-by: Mike Palmiotto <mike.palmiotto@hashicorp.com>
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

---------

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
Co-authored-by: miagilepner <mia.epner@hashicorp.com>
Co-authored-by: Mike Palmiotto <mike.palmiotto@hashicorp.com>
2023-05-17 16:12:04 +00:00
miagilepner f14a039a65
VAULT-14733: Split logic of precomputedQueryWorker (#20073)
* split precomputed query worker and add unit tests

* add new client delete method and test

* add changelog

* fixes from pr review

* add missing comment

* fix comparison
2023-05-16 16:29:18 +02:00
Anton Averchenkov 31d33f189f
openapi: A few fixes for display attributes (#20549) 2023-05-11 17:20:11 -04:00
Pratyoy Mukhopadhyay 7b807a9bb0
add ns path to granting_policies (#20522) 2023-05-04 15:08:22 -07:00
Victor Rodriguez 2656c020ae
Convert seal.Access struct into a interface (OSS) (#20510)
* Move seal barrier type field from Access to autoSeal struct.

Remove method Access.SetType(), which was only being used by a single test, and
which can use the name option of NewTestSeal() to specify the type.

* Change method signatures of Access to match those of Wrapper.

* Turn seal.Access struct into an interface.

* Tweak Access implementation.

Change `access` struct to have a field of type wrapping.Wrapper, rather than
extending it.

* Add method Seal.GetShamirWrapper().

Add method Seal.GetShamirWrapper() for use by code that need to perform
Shamir-specific operations.
2023-05-04 14:22:30 -04:00
Alexander Scheel 544ae3461f
Allow ensuring ticker is stopped multiple times (#20509)
When executing multi-stage, multi-namespace tests, stopping the ticker
multiple times (via closing the StopTicker channel) results in a panic.

Store whether or not we've stopped it once, and do not close it again.

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2023-05-04 14:14:06 +00:00
Hamid Ghaf 148263084d
adding support for four cluster docker based test scenario (#20492) 2023-05-03 10:49:45 -07:00
miagilepner 4cd982554e
VAULT-15840: Allow updates of only entity-alias custom-metadata (#20368)
* allow updates of only custom metadata

* add changelog
2023-05-01 12:42:30 +02:00
Nick Cabatoff e0093a2791
Simple perf replication test using docker containers (#20393) 2023-04-28 19:43:30 +00:00
Nick Cabatoff f19f537a4f
Add support for restarting docker nodes, and for providing args (#20409) 2023-04-28 14:03:14 -04:00
Nick Cabatoff a816ef6c15
Use a dedicated runner for the binary-based tests. (#20377) 2023-04-27 09:41:49 -04:00
davidadeleon 0d621ea47e
add nil check for mfa enforcement config namespace on login (#20375)
* add nil check for mfa enforcement config ns

* move nil check and add changelog
2023-04-26 16:52:39 -04:00
Nick Cabatoff f5b5662122
Don't require every test to specify a VaultLicense field (#20372) 2023-04-26 18:39:48 +00:00
Nick Cabatoff ad18fc6398
Docker testing: handle licensing, different images per node (#20347) 2023-04-25 17:11:46 -04:00
Nick Cabatoff 22b00eba12
Add support for docker testclusters (#20247) 2023-04-24 14:25:50 -04:00
Nick Cabatoff 313957b911
Add tests based on vault binary (#20224)
First steps towards docker-based tests: tests using vault binary in -dev or -dev-three-node modes.
2023-04-24 09:57:37 -04:00
Marc Boudreau 895564d615
Provide Descriptive Error when Enterprise-only Paths Called in Open-source Version (#18870)
* define ent paths in OSS codebase with common handler

* fixup! define ent paths in OSS codebase with common handler

* add missing path

* retain existing behaviour for replication/status path

* remove commented out path
2023-04-21 16:14:40 -04:00
Mike Palmiotto 8001d76e28
Refactor reporter for unseal setup (#20296) 2023-04-21 15:29:37 -04:00
Josh Black 1ae09ca6b6
OSS changes for new update-primary API endpoint (#20277)
* OSS changes for new update-primary API endpoint

* remove ENT specific piece

* remove another ENT specific field
2023-04-20 13:13:37 -07:00
Mike Palmiotto c0b8a9eddb
Add minimum_retention_months to config endpoint (#20150) 2023-04-13 18:33:23 +00:00
Anton Averchenkov 7e12300d7c
openapi: Add display attributes for cubbyhole/ (#19880) 2023-04-13 11:33:21 -04:00
Anton Averchenkov 14ac4fc045
openapi: Add display attributes for /sys (p2) (#19707) 2023-04-13 11:32:57 -04:00