Commit graph

385 commits

Author SHA1 Message Date
Jason O'Donnell 6b8e5b1e1f
auth/azure: update to v0.9.3 (#14138)
* auth/azure: update to v0.9.3

* changelog

* Rollback go-testing-interface

* go mod tidy
2022-02-18 09:42:48 -05:00
Josh Black e83471d7de
Login MFA (#14025)
* Login MFA

* ENT OSS segragation (#14088)

* Delete method id if not used in an MFA enforcement config (#14063)

* Delete an MFA methodID only if it is not used by an MFA enforcement config

* Fixing a bug: mfa/validate is an unauthenticated path, and goes through the handleLoginRequest path

* adding use_passcode field to DUO config (#14059)

* add changelog

* preventing replay attack on MFA passcodes (#14056)

* preventing replay attack on MFA passcodes

* using %w instead of %s for error

* Improve CLI command for login mfa (#14106)

CLI prints a warning message indicating the login request needs to get validated

* adding the validity period of a passcode to error messages (#14115)

* PR feedback

* duo to handle preventing passcode reuse

Co-authored-by: hghaf099 <83242695+hghaf099@users.noreply.github.com>
Co-authored-by: hamid ghaf <hamid@hashicorp.com>
2022-02-17 13:08:51 -08:00
Alexander Scheel 45c028a2fb
Allow specifying multiple allowed SSH key lengths (#13991)
* Allow specifying multiple allowed SSH key lengths

In the ssh secrets engine, only a single allowed key length was allowed
for each algorithm type. However, many algorithms have multiple safe
values (such as RSA and ECDSA); allowing a single role to have multiple
values for a single algorithm is thus helpful.

On creation or update, roles can now specify multiple types using a list
or comma separated string of allowed values:

    allowed_user_key_lengths: map[string][]int{"rsa": []int{2048, 4096}}

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add changelog entry

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Break out ssh upgrade logic into separate function

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Update parseutil for optional lists of integers

    go get -u github.com/hashicorp/go-secure-stdlib/parseutil
    go mod tidy

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Simplify parse logic using new parseutil

The newly introduced parseutil.ParseIntSlice handles the more
complicated optional int-like slice logic for us.

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2022-02-17 15:36:56 -05:00
Jordan Reimer b936db8332
Revert "MFA (#14049)" (#14135)
This reverts commit 5f17953b5980e6438215d5cb62c8575d16c63193.
2022-02-17 13:17:59 -07:00
Austin Gebauer e4aab1b0cc
secrets/azure: update plugin to v0.11.4 (#14130) 2022-02-17 12:09:36 -08:00
Jordan Reimer 36ccfaa3aa
MFA (#14049)
* adds development workflow to mirage config

* adds mirage handler and factory for mfa workflow

* adds mfa handling to auth service and cluster adapter

* moves auth success logic from form to controller

* adds mfa form component

* shows delayed auth message for all methods

* adds new code delay to mfa form

* adds error views

* fixes merge conflict

* adds integration tests for mfa-form component

* fixes auth tests

* updates mfa response handling to align with backend

* updates mfa-form to handle multiple methods and constraints

* adds noDefault arg to Select component

* updates mirage mfa handler to align with backend and adds generator for various mfa scenarios

* adds tests

* flaky test fix attempt

* reverts test fix attempt

* adds changelog entry

* updates comments for todo items

* removes faker from mfa mirage factory and handler

* adds number to word helper

* fixes tests

* Revert "Merge branch 'main' into ui/mfa"

This reverts commit 8ee6a6aaa1b6c9ec16b985c10d91c3806819ec40, reversing
changes made to 2428dd6cca07bb41cda3f453619646ca3a88bfd0.

* format-ttl helper fix from main
2022-02-17 09:10:56 -07:00
Robert 91f5069c03
secret/consul: Add Consul ACL roles support (#14014)
Co-authored-by: Brandon Ingalls <brandon@ingalls.io>
2022-02-16 19:31:08 -06:00
Alexander Scheel f45ad6e284
Fix ed25519 generated SSH key marshalling (#14101)
* Ensure we can issue against generated SSH CA keys

This adds a test to ensure that we can issue leaf SSH certificates using
the newly generated SSH CA keys. Presently this fails because the
ed25519 key private is stored using PKIX's PKCS8 PrivateKey object
format rather than using OpenSSH's desired private key format:

> path_config_ca_test.go:211: bad case 12: err: failed to parse stored CA private key: ssh: invalid openssh private key format, resp: <nil>

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add dependency on edkey for OpenSSH ed25519 keys

As mentioned in various terraform-provider-tls discussions, OpenSSH
doesn't understand the standard OpenSSL/PKIX ed25519 key structure (as
generated by PKCS8 marshalling). Instead, we need to place it into the
OpenSSH RFC 8709 format. As mentioned in this dependency's README,
support in golang.org/x/crypto/ssh is presently lacking for this.
When the associated CL is merged, we should be able to remove this dep
and rely on the (extended) standard library, however, no review progress
appears to have been made since the CL was opened by the author.

See also: https://go-review.googlesource.com/c/crypto/+/218620/

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2022-02-16 14:28:57 -05:00
Ben Ash 7aaee22e07
auth/kubernetes: Update plugin to v0.11.5 (#13925) 2022-02-10 12:23:19 -05:00
Robert d0832a1993
secret/consul: Add support for consul namespaces and admin partitions (#13850)
* Add support for consul namespaces and admin partitions
2022-02-09 15:44:00 -06:00
Jason O'Donnell fc69112f9a
secrets/gcp: update to v0.11.2 (#13974)
* secrets/gcp: update to v0.11.2

* Changelog
2022-02-09 12:57:53 -05:00
Jason O'Donnell 9218e8126e
secrets/azure: update to v0.11.3 (#13973)
* secrets/azure: update to v0.11.3

* Changelog
2022-02-09 11:58:53 -05:00
Jason O'Donnell 702399a156
go-mssqldb: update to v0.12.0 (#13951) 2022-02-08 11:45:55 -05:00
Tero Saarni f4eea60799
Switch/upgrade to influxdata/influxdb1-client (#12262)
* influxdb v1 client has been split into a separate module from the main influxdb
  code base. This changes uses the correct client, which also allows us to
  get updates and avoids confusing some vulnerability scanners that flagged 
  previous version incorrectly.

Co-authored-by: Ben Ash <32777270+benashz@users.noreply.github.com>
2022-01-25 13:30:24 -05:00
Nick Cabatoff ddab893034
Update to raft lib v1.3.3 (#13703) 2022-01-24 09:50:23 -05:00
Tero Saarni e2b17ca96b
auth/kubernetes: support for dynamically reloading short-lived tokens (#13595)
* auth/kubernetes: support for short-lived tokens

* Uplift new version of Kubernetes auth plugin that does not store the
  service account token persistently to Vault storage.

* Update the documentation to recommend local token again when running
  Vault inside cluster.

Signed-off-by: Tero Saarni <tero.saarni@est.tech>

* Added changelog entry

Signed-off-by: Tero Saarni <tero.saarni@est.tech>

* clarification to changelog entry, executed go mod tidy

* clarifications and added targeted release version
2022-01-14 19:55:15 -08:00
Chris Capurso d52d69e4bb
Add HTTP PATCH support for KV key metadata (#13215)
* go get vault-plugin-secrets-kv@vault-4290-patch-metadata

* add kv metadata patch command

* add changelog entry

* success tests for kv metadata patch flags

* add more kv metadata patch flags tests

* add kv metadata patch cas warning test

* add kv-v2 key metadata patch API docs

* add kv metadata patch to docs

* prevent unintentional field overwriting in kv metadata put cmd

* like create/update ops, prevent patch to paths ending in /

* fix kv metadata patch cmd in docs

* fix flag defaults for kv metadata put

* go get vault-plugin-secrets-kv@vault-4290-patch-metadata

* fix TestKvMetadataPatchCommand_Flags test

* doc fixes

* go get vault-plugin-secrets-kv@master; go mod tidy
2022-01-12 12:05:27 -05:00
Chris Capurso fea26266f3
update okta-sdk-golang to v2.9.1 (#13439)
* update okta-sdk-golang to v2.9.1

* go mod tidy

* add changelog entry
2022-01-06 09:42:51 -05:00
Austin Gebauer c21ff7e587
secrets/gcp: update plugin to v0.11.1 (#13548) 2022-01-03 11:18:48 -08:00
Austin Gebauer 431376cb7f
auth/oidc: update plugin to v0.11.4 (#13492) 2021-12-21 16:48:53 -08:00
Jason O'Donnell 1966264bcd
auth/gcp: update to v0.11.3 (#13457)
* update gcp auth

* go mod tidy
2021-12-16 15:46:34 -05:00
John-Michael Faircloth 7f78f3357f
auth/jwt: Update plugin to v0.11.3 (#13365)
* auth/jwt: Update plugin to v0.11.3

* add changelog
2021-12-09 07:44:52 -06:00
Eugene R f39f1ce8de
Aerospike backend update (#12165)
* upgrade aerospike-client-go to v5.2.0

* use strings.Contains to check an error

* add changelog file

* go mod tidy

* go mod tidy

* update the changelog

* revert .gitignore update

* go mod tidy
2021-11-29 11:09:12 -08:00
Austin Gebauer 0ca08038d5
secrets/azure: Update plugin to v0.11.2 (#13277) 2021-11-29 09:05:23 -08:00
Chris Capurso 15b06780ab
remove nil response to 404 translation for PatchOperation (#13167)
* remove nil response to 404 translation for PatchOperation

* go get vault-plugin-secrets-kv@master
2021-11-23 13:57:22 -05:00
Austin Gebauer d5f4fbecc1
identity/oidc: optional nonce parameter for authorize request (#13231) 2021-11-22 09:42:22 -08:00
Nick Cabatoff eda9607c8a
Revert more downgrades from #12975. (#13168) 2021-11-16 15:07:03 -05:00
Nick Cabatoff 9e27ccbae1
Fix 1.9 regression with raft and stored time values (#13165) 2021-11-16 14:43:00 -05:00
Calvin Leung Huang 4a59b4c683
deps: update plugin versions for 1.9 release (#12975)
* deps: update plugin versions for 1.9 release

* deps: update vault-plugin-secrets-azure to v0.11.1

* go get newest version of github.com/pkg/browser

* deps: update vault-plugin-secrets-alicloud v0.10.2

* deps: update vault-plugin-auth-jwt to v0.11.2

* deps: update vault-plugin-auth-gcp to v0.11.2

* Clean up some inflated indirect dep versions

* deps: update vault-plugin-auth-azure to v0.9.2

* deps: re-fetch x/oauth2 to adjust version

* deps: github.com/pkg/browser to v0.0.0-20210911075715-681adbf594b8

Co-authored-by: Ben Ash <bash@hashicorp.com>
Co-authored-by: Jim Kalafut <jkalafut@hashicorp.com>
2021-11-01 14:18:21 -07:00
Jim Kalafut 170421af31
Update parseutil dependency (#12947) 2021-10-28 09:15:42 -07:00
Alexander Scheel 5579394b48
go-kms-wrapping update for Azure Key Vault's Managed HSM offering (#12934)
* Update to hashicorp/go-kms-wrapping@v0.6.8

Co-authored-by: Rachel Culpepper <84159930+rculpepper@users.noreply.github.com>
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add documentation around Managed HSM KeyVault

This introduces the "resource" config parameter and the
AZURE_AD_RESOURCE environment variable from the updated go-kms-wrapping
dependency.

Co-authored-by: Rachel Culpepper <84159930+rculpepper@users.noreply.github.com>
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add changelog entry for g-k-w changes

Includes changes from @stevendpclark.

Co-authored-by: Rachel Culpepper <84159930+rculpepper@users.noreply.github.com>
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

Co-authored-by: Rachel Culpepper <84159930+rculpepper@users.noreply.github.com>
2021-10-27 12:07:18 -04:00
Ben Ash 6769ab37ea
fix: upgrade vault-plugin-auth-kerberos to v0.5.0 (#12930)
* Update docker helper code to match deps.
* Fix container variable name collides with import.
* Update vault-testing-stepwise to v0.1.2
2021-10-27 10:01:34 -04:00
Chris Capurso a6b1cbad12
Extend kv metadata to get, put, and patch (#12907)
* go get vault-plugin-secrets-kv@extend-kv-metadata-to-get-and-put

* test for custom_metadata in kv get, put, patch command output

* remove flagFormat-specific check from TestKVMetadataGetCommand

* rewrite custom metadata changelog entry

* go get vault-plugin-secrets-kv@master

* go mod tidy
2021-10-26 15:38:56 -04:00
Ben Ash e44dbb01ba
fix: upgrade vault-plugin-auth-kubernetes to v0.11.2 (#12913)
* Update k8s.io/client-go to v0.22.2
2021-10-22 18:02:41 -04:00
Ben Ash f8914a273a
fix: upgrade vault-plugin-secrets-terraform to v0.3.0 (#12909) 2021-10-22 16:34:22 -04:00
Nick Cabatoff ff74f49047
Move to go 1.17 (#12868)
Also ensure that the go 1.17 breaking changes to net.ParseCIDR don't make us choke on stored CIDRs that were acceptable to older Go versions.
2021-10-21 09:32:03 -04:00
vinay-gopalan 4834bb854c
[VAULT-3008] Update RabbitMQ dependency and fix regression in UserInfo.Tags in v3.9 (#12877) 2021-10-20 09:46:37 -07:00
Austin Gebauer c797ed1b5c
Updates vault-plugin-auth-jwt to v0.11.0 (#12876) 2021-10-19 15:22:52 -07:00
vinay-gopalan 1eb73d9ef4
[VAULT-3379] Add support for contained DBs in MSSQL root rotation and lease revocation (#12839) 2021-10-19 14:11:47 -07:00
Ben Ash 5be11c78d6
Update k8s-auth to v0.11.1 (#12865) 2021-10-19 15:30:02 -04:00
Theron Voran ae79afdd26
agent: Use an in-process listener with cache (#12762)
Uses a bufconn listener between consul-template and vault-agent when
caching is enabled and either templates or a listener is defined. This
means no listeners need to be defined in vault-agent for just
templating. Always routes consul-template through the vault-agent
cache (instead of only when persistent cache is enabled).

Uses a local transportDialer interface in config.Cache{}. 

Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com>
Co-authored-by: Ben Ash <32777270+benashz@users.noreply.github.com>
2021-10-15 17:22:19 -07:00
Jim Kalafut 74eba6fa56
Update mongo-driver dependency (#12842) 2021-10-15 12:47:33 -07:00
Brian Kassouf 57c568e511
Update some SDK dependency versions (#12828)
* Update some SDK dependency versions

* Update API go.sum

* Update jsonpatch to v5
2021-10-14 09:47:32 -07:00
Chris Capurso bbb4ab4a41
Add HTTP PATCH support to KV (#12687)
* handle HTTP PATCH requests as logical.PatchOperation

* update go.mod, go.sum

* a nil response for logical.PatchOperation should result in 404

* respond with 415 for incorrect MIME type in PATCH Content-Type header

* add abstraction to handle PatchOperation requests

* add ACLs for patch

* Adding JSON Merge support to the API client

* add HTTP PATCH tests to check high level response logic

* add permission-based 'kv patch' tests in prep to add HTTP PATCH

* adding more 'kv patch' CLI command tests

* fix TestHandler_Patch_NotFound

* Fix TestKvPatchCommand_StdinValue

* add audit log test for HTTP PATCH

* patch CLI changes

* add patch CLI tests

* change JSONMergePatch func to accept a ctx

* fix TestKVPatchCommand_RWMethodNotExists and TestKVPatchCommand_RWMethodSucceeds to specify -method flag

* go fmt

* add a test to verify patching works by default with the root token

* add changelog entry

* get vault-plugin-secrets-kv@add-patch-support

* PR feedback

* reorder some imports; go fmt

* add doc comment for HandlePatchOperation

* add json-patch@v5.5.0 to go.mod

* remove unnecessary cancelFunc for WriteBytes

* remove default for -method

* use stable version of json-patch; go mod tidy

* more PR feedback

* temp go get vault-plugin-secrets-kv@master until official release

Co-authored-by: Josh Black <raskchanky@users.noreply.github.com>
2021-10-13 15:24:31 -04:00
Calvin Leung Huang 8640984035
dep: update tencentcloud-sdk-go to v1.0.162 (#12781) 2021-10-12 08:05:05 -07:00
Brian Kassouf b397418e64
Update a few hashicorp deps (#12757) 2021-10-11 10:06:41 -07:00
Scott Miller b84100d4a0
Upgrade go-kms-wrapping to pickup oci-go-sdk update (#12724)
* Upgrade go-kms-wrapping to pickup oci-go-sdk update

* changelog
2021-10-04 16:21:38 -05:00
Ian Ferguson afb501a0d4
Upgrade pq to fix connection failure cleanup bug (v1.8.0 => v1.10.3) (#12413)
* Upgrade pq to fix connection failure cleanup bug (v1.8.0 => v1.10.3)

* Run go mod tidy after `go get -u github.com/lib/pq`

* include changelog/12413.txt
2021-10-01 14:35:51 -07:00
Ben Ash dda2c1ed88
upgrade vault-plugin-auth-kubernetes (#12688)
* fix: upgrade vault-plugin-auth-kubernetes

-  on alias look ahead, validate JWT token against the role's configuration
2021-09-30 14:25:09 -04:00
Brian Kassouf 39a9727c8b
Update protobuf & grpc libraries and protoc plugins (#12679) 2021-09-29 18:25:15 -07:00
vinay-gopalan 447fdf624a
Upgrade awsutil package version to 0.1.5 (#12621)
* upgrade awsutil version to 0.1.5

* add changelog

* update changelog
2021-09-29 14:45:35 -07:00
Tero Saarni 944332d12d
Update Go client libraries for etcd (#11980)
* Update Go client libraries for etcd

* Added etcd server container to run etcd3 tests automatically.

* Removed etcd2 test case: it fails the backend tests but the failure is
  unrelated to the uplift.  The etcd2 backend implementation does not
  remove empty nested nodes when removing leaf (see comments in #11980).
2021-09-29 14:28:13 -04:00
Michael Golowka bee49a4c49
Update Azure secrets engine to use MS Graph (#12629) 2021-09-29 11:28:13 -06:00
Ben Ash b48debda2b
fix: upgrade vault-plugin-auth-kubernetes (#12633)
* fix: upgrade vault-plugin-auth-kubernetes

- brings in the alias_name_source feature which allows for setting
  alternate alias names based on the service accounts's namespace and
  name
- document the seurity related aspects for the feature addition above.
2021-09-27 13:10:55 -04:00
Calvin Leung Huang 992b8089a2
dep: update vault-plugin-secrets-openldap to latest (#12600)
* dep: update vault-plugin-secrets-openldap to v0.5.2

* add changelog entry

* dep: update to use the plugin's master branch
2021-09-21 15:30:19 -07:00
Tero Saarni 105786cc27
Update github.com/ulikunitz/xz (#12253)
* Update github.com/ulikunitz/xz

* Bump xz which is transitive dependency of github.com/mholt/archiver.
  Fixes known security vulnerability GHSA-25xm-hr59-7c27.

* Update github.com/ulikunitz/xz

* Added security advisory ID to changelog.
2021-09-17 09:48:38 -07:00
Justin Kromlinger f1448e2e6d
Upgrade go-limiter to v0.7.1 to fix build failure in go1.17.1 (#12557)
See 748ae80bc1
2021-09-16 06:13:46 -07:00
Theron Voran 48e0c3fde7
dep: update consul-template to v0.27.0 (#12505) 2021-09-09 09:12:42 -07:00
Tero Saarni 30ca69f16a
Update github.com/gogo/protobuf (#12255)
* Update github.com/gogo/protobuf

* Fixes #12254 (CVE-2021-3121)

* Update github.com/gogo/protobuf

* Added changelog

Signed-off-by: Tero Saarni <tero.saarni@est.tech>

* go mod tidy
2021-09-07 11:40:14 -07:00
John-Michael Faircloth 2cca67c96f
update couchbase plugin version (#12483)
* update couchbase plugin version

* add changelog

* go get main branch and go mod tidy
2021-09-07 11:48:10 -05:00
Scott Miller 0f6543fb41
Upgrade go-limiter to fix building on 1.17 (#12358)
* Upgrade go-limiter

* Modify quota system to pass contexts to upgraded go-limiter

* One more spot

* Add context vars to unit tests

* missed one
2021-09-01 16:28:47 -05:00
Jeff Widman 42da406824
Bump go-discover to fix broken dep (#12404)
The previous version of `go-discover` pulled in a broken version of
`tencentcloud-sdk-go`, resulting in anything that runs `go get -d`
downstream breaking... ie, a dep on hashicorp vault will break
Dependabot (among other things).

I already fixed it in `go-discover`, so this just pulls in the update.

More details in
657e803ce0
and https://github.com/hashicorp/go-discover/issues/172.
2021-08-24 12:07:16 -04:00
Chris Capurso 3f4a381f1b
Add kv custom key metadata (#12218)
* add custom-metdata flag to "kv metadata put" command

* add kv metadata put command test for custom-metadata flag

* add custom_metadata to kv-v2 api docs

* add custom_metadata to kv-v2 cli docs

* update go.mod

* Add custom metadata limits to docs

* add changelog entry

* update vault-plugin-secrets-kv to @master
2021-08-23 15:49:09 -04:00
Jason O'Donnell 1cf3ff046e
plugin/snowflake: update gosnowflake to v1.6.1 (#12378)
* plugin/snowflake: update gosnowflake to v1.6.1

* changelog

* go mod tidy
2021-08-20 11:52:31 -04:00
Austin Gebauer 437cb74c5a
Updates vault-plugin-secrets-gcp to v0.10.2 (#12379) 2021-08-19 16:33:34 -07:00
Nick Cabatoff 124bc87381
Upgrade snappy to fix panic with identity/packer on Go 1.16+arm64. (#12371) 2021-08-19 15:51:06 -04:00
Jason O'Donnell b55e1a31fc
creds/aws: Add support for DSA signature verification for EC2 (#12340)
* creds/aws: import pkcs7 verification package

* Add DSA support

* changelog

* Add DSA to correct verify function

* Remove unneeded tests

* Fix backend test

* Update builtin/credential/aws/pkcs7/README.md

Co-authored-by: Calvin Leung Huang <1883212+calvn@users.noreply.github.com>

* Update builtin/credential/aws/path_login.go

Co-authored-by: Calvin Leung Huang <1883212+calvn@users.noreply.github.com>

Co-authored-by: Calvin Leung Huang <1883212+calvn@users.noreply.github.com>
2021-08-19 09:16:31 -04:00
Clint 675e0c1383
Replace go-bindata-assetfs build dependency with native go:embed (#11208)
* copy over the webui

move web_ui to http

remove web ui files, add .gitkeep

updates, messing with gitkeep and ignoring web_ui

update ui scripts

gitkeep

ignore http/web_ui

Remove debugging

remove the jwt reference, that was from something else

restore old jwt plugin

move things around

Revert "move things around"

This reverts commit 2a35121850f5b6b82064ecf78ebee5246601c04f.

Update ui path handling to not need the web_ui name part

add desc

move the http.FS conversion internal to assetFS

update gitignore

remove bindata dep

clean up some comments

remove asset check script that's no longer needed

Update readme

remove more bindata things

restore asset check

update packagespec

update stub

stub the assetFS method and set uiBuiltIn to false for non-ui builds

update packagespec to build ui

* fail if assets aren't found

* tidy up vendor

* go mod tidy

* updating .circleci

* restore tools.go

* re-re-re-run make packages

* re-enable arm64

* Adding change log

* Removing a file

Co-authored-by: hamid ghaf <hamid@hashicorp.com>
2021-08-18 11:05:11 -04:00
Calvin Leung Huang d0adf67771
dep: update database-couchbase plugin to v0.4.1 (#12301)
* dep: update database-couchbase plugin to v0.4.1

* add CL entry
2021-08-12 11:54:19 -07:00
Austin Gebauer 53373f78ed
Updates vault-plugin-auth-jwt to v0.10.1 (#12265) 2021-08-04 13:13:02 -07:00
Jeff Mitchell 33ff878946
Move awsutil over to the go-secure-stdlib version (#12128)
Unlike the other libraries that were migrated, there are no usages of
this lib in any of our plugins, and the only other known usage was in
go-kms-wrapping, which has been updated. Aliasing it like the other libs
would still keep the aws-sdk-go dep in the sdk module because of the
function signatures. So I've simply removed it entirely here.
2021-07-20 20:42:00 -04:00
Jeff Mitchell fb473a8b9b
Swap out stepwise for external repo version (#12089) 2021-07-20 13:20:23 -04:00
Jeff Mitchell f7147025dd
Migrate to sdk/internalshared libs in go-secure-stdlib (#12090)
* Swap sdk/helper libs to go-secure-stdlib

* Migrate to go-secure-stdlib reloadutil

* Migrate to go-secure-stdlib kv-builder

* Migrate to go-secure-stdlib gatedwriter
2021-07-15 20:17:31 -04:00
Tom Proctor 491c0ca78b
Update kubernetes auth plugin with AliasLookahead fix (#12073) 2021-07-15 14:35:40 +01:00
Jeff Mitchell fe18b6f9e0
Swap out sdk/helper libs with implementations in go-secure-stdlib (#12088)
* Swap out sdk/helper libs with implementations in go-secure-stdlib

* Fix transit batch test
2021-07-15 01:56:37 -04:00
Scott Miller ecb5474466
Update Vault main to new API/SDK Tags. (#12069)
* Update Vault main to new api/sdk tags

* go mod tidy

* Go mod tidy

* Go mod tidy on api

* go mod download on root
2021-07-13 18:54:31 -05:00
Jim Kalafut 7986c2c1f8
Update plugin dependencies for 1.8 (#12036) 2021-07-09 13:36:52 -07:00
Austin Gebauer f54338977d
secrets/gcp: update to v0.10.1 for static accounts (#12023) 2021-07-08 13:53:45 -07:00
Jason O'Donnell af51033214
secrets/openldap: add schema config to rotate-root (#12019)
* update go mod & go mod tidy

* Changelog
2021-07-08 13:53:17 -04:00
Josh Black 3e8d8dda6b
Update vault-plugin-secrets-kv to 0.9.0 (#12007) 2021-07-07 11:48:00 -07:00
MilenaHC 4430a11bc5
Update SnowflakeDB plugin to v0.2.0 (#11997)
* update snowflake database plugin to v0.2.0

* add changelog

* update api-docs
2021-07-06 13:23:03 -05:00
John-Michael Faircloth aa6afd50f6
Update mongodb atlas plugin version (#11956)
* Update mongodb atlas plugin version

* go.mod was missing mongodbatlas plugin

* add changelog

* update build-go-dev circle ci job GOPROXY

* Revert "update build-go-dev circle ci job GOPROXY"

This reverts commit 0e6f339c779dac65ecb036735199f72d3d9e6a4a.

* ci: more complete go mod cache

* ci: doc use of go list ./... to populate mod cache

Co-authored-by: Sam Salisbury <samsalisbury@gmail.com>
2021-07-06 08:24:10 -05:00
MilenaHC 02d45f3a66
Update ElasticSearch DB plugin to v0.8.0 (#11957)
* update elasticsearch database plugin to v0.8.0

* add changelog

* update api-docs
2021-06-29 08:07:00 -05:00
Jason O'Donnell b2c9b3c344
plugins/ad: Add rotate-role endpoint (#11942)
* plugins/ad: add rotate-role

* Add doc

* changelog

* Add note about rotate-role in overview
2021-06-25 14:00:03 -04:00
Jason O'Donnell b2b25be0ce
agent/template: add static_secret_render_interval configurable (#11934)
* agent/template: add default_lease_duration config

* go mod tidy

* Add changelog

* Fix panic

* Add documentation

* Change to static_secret_render_interval

* Update doc

* Update command/agent/template/template.go

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

* Update changelog/11934.txt

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

* Update website/content/docs/agent/template-config.mdx

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>
2021-06-24 15:40:31 -04:00
Scott Miller ee0d6603f3
Wire configuration checks into diagnose and fix resulting bugs. (#11854)
* Actually call config.Validate in diagnose

* Wire configuration checks into diagnose and fix resulting bugs.

* go mod vendor

* Merge to vendorless version

* Remove sentinel section to allow diagnose_ok to pass

* Fix unit tests
2021-06-17 13:09:37 -05:00
Jason O'Donnell 4cc1402e52
mod: update vault-plugin-secrets-ad@v0.9.1 (#11837)
* mod: update vault-plugin-secrets-ad@v0.9.1

* changelog
2021-06-11 13:40:51 -04:00
Calvin Leung Huang 1239217cd5
dep: update consul-template to v0.26.0 (#11838)
* dep: update consul-template to v0.26.0

* changelog: add a CL entry
2021-06-11 10:29:40 -07:00
Austin Gebauer cdc56809a2
Updates the JWT/OIDC auth plugin to v0.9.4 (#11784) 2021-06-07 16:02:57 -07:00
Scott Miller 69d0242db9
Add Advice and Advise functions for adding an advice section to any span. (#11760)
* wip

* wip

* Finish implementing advice handling and word wrapping

* Properly word wrap messages and warnings

* Remove debugging

* Remove debugging

* Remove unnecessary test

* unit test bug

* go vendor
2021-06-07 11:29:36 -05:00
Scott Miller b4b050fbf6
Upgrade to shirou/gopsutil 3.21.5 to fix openbsd build error (#11740) 2021-06-01 18:48:45 -05:00
Calvin Leung Huang 8cb48018b7
api/client: provide the ability to set a logger on retryablehttp.Client (#11696)
* api/client: provide the ability to set a logger on retryablehttp.Client

* go mod tidy; fix import ordering

* go mod vendor
2021-05-27 10:25:25 -07:00
Scott Miller 941d01eee3
Initial Diagnose CLI output (#11583)
* Create helpers which integrate with OpenTelemetry for diagnose collection

* Go mod vendor

* Comments

* Update vault/diagnose/helpers.go

Co-authored-by: swayne275 <swayne275@gmail.com>

* Add unit test/example

* tweak output

* More comments

* add spot check concept

* Get unit tests working on Result structs

* wip

* Fix unit test

* Get unit tests working, and make diagnose sessions local rather than global

* Comments

* Last comments

* No need for init

* :|

* Fix helpers_test

* wip

* wip

* wip

* Revendor otel

* Fix merge related problems

* imports

* Fix unit tests

Co-authored-by: swayne275 <swayne275@gmail.com>
2021-05-21 19:21:11 -07:00
Scott Miller 4be3d7e0ab
Point to a tag rather than branch for hashicorp/hcl (#11559)
* Point to a tag rather than branch for hashicorp/hcl

* tidy
2021-05-10 16:28:37 -05:00
Calvin Leung Huang 9aa7269926
mod: update vault-plugin-secrets-azure@v0.9.1 (#11562) 2021-05-07 11:12:07 -07:00
Nick Cabatoff 3b88a87b84
LifetimeWatcher should retry renew failures until end of lease (#11445)
Co-authored-by: Andrej van der Zee <andrejvanderzee@gmail.com>
2021-05-06 14:04:26 -04:00
Scott Miller 7d9524be2f
Expose unknown fields and duplicate sections as diagnose warnings (#11455)
* Expose unknown fields and duplicate sections as diagnose warnings

* section counts not needed, already handled

* Address PR feedback

* Prune more of the new fields before tests call deep.Equals

* Update go.mod
2021-05-04 14:47:56 -05:00
Scott Miller 52930c5614
When running under systemd, send notifications about server startup, shutdown, and config reload (#11517) 2021-05-04 14:47:16 -05:00
Scott Miller 85fbd45e1c
Create helpers which integrate with OpenTelemetry for diagnose collection (#11454)
* Create helpers which integrate with OpenTelemetry for diagnose collection

* Go mod vendor

* Comments

* Update vault/diagnose/helpers.go

Co-authored-by: swayne275 <swayne275@gmail.com>

* Add unit test/example

* tweak output

* More comments

* add spot check concept

* Get unit tests working on Result structs

* Fix unit test

* Get unit tests working, and make diagnose sessions local rather than global

* Comments

* Last comments

* No need for init

* :|

* Fix helpers_test

Co-authored-by: swayne275 <swayne275@gmail.com>
2021-04-29 13:32:41 -05:00
Vishal Nayak 406abc19dc
Autopilot: Return leader info via delegate (#11247)
* Autopilot: Return leader info via delegate

* Pull in the new raft-autopilot lib dependencies

* update deps

* Add CL
2021-04-27 15:54:26 -04:00