open-vault/vault
nsimons d91d2ceaf8
Fix cubbyhole and token revocation for legacy service tokens (#19416)
* Fix cubbyhole and revocation for legacy service tokens

Legacy service tokens generated in Vault 1.10+ with env var
VAULT_DISABLE_SERVER_SIDE_CONSISTENT_TOKENS=true are not assigned
a cubbyhole ID. The implication is that cubbyhole/ cannot be
used, nor can the tokens be revoked.

This commit assigns a cubbyhole ID to these tokens and adds
a new test case to see that cubbyhole and revocation works correctly.

* add changelog

* add godoc to test cases
2023-03-06 15:09:45 -05:00
..
activity Allow Token Create Requests To Be Replicated (#18689) 2023-01-24 14:00:27 -05:00
cluster Fix inmem layer unlock bug (#19323) 2023-02-23 20:16:49 +00:00
diagnose Upgrade go.opentelemetry.io/otel from v0.20.0 to v1.11.2 (#18589) 2023-01-04 11:31:30 -08:00
eventbus events: WS protobuf messages should be binary (#19232) 2023-02-17 11:38:03 -08:00
external_tests VAULT-12112: add openapi responses for /sys/internal endpoints (#18542) 2023-02-24 15:03:21 -05:00
hcp_link add error consistency in link node status resp (#19279) 2023-02-22 11:53:29 -05:00
quotas VAULT-8336 Fix default rate limit paths (#18273) 2022-12-09 08:49:17 -05:00
replication Convert to Go 1.17 go:build directive (#13579) 2022-01-05 12:02:03 -06:00
seal OSS portion of wrapper-v2 (#16811) 2022-08-23 15:37:16 -04:00
tokens Allow Token Create Requests To Be Replicated (#18689) 2023-01-24 14:00:27 -05:00
acl.go Fix HelpOperation on sudo-protected paths (#18568) 2023-01-10 12:17:16 -06:00
acl_test.go Fix linter issues in policy.go & acl.go (#16366) 2022-07-22 14:13:14 -04:00
acl_util.go Convert to Go 1.17 go:build directive (#13579) 2022-01-05 12:02:03 -06:00
activity_log.go VAULT-13061: Fix mount path discrepancy in activity log (#18916) 2023-02-06 10:26:32 +01:00
activity_log_test.go VAULT-13729 activity log test godocs (#19433) 2023-03-06 13:08:22 +01:00
activity_log_testing_util.go s/path/mount_path (#14164) 2022-02-18 13:44:43 -05:00
activity_log_util.go Convert to Go 1.17 go:build directive (#13579) 2022-01-05 12:02:03 -06:00
activity_log_util_common.go VAULT-13763 normalize activity log mount paths (#19343) 2023-02-24 16:57:41 +01:00
activity_log_util_common_test.go VAULT-13729 activity log test godocs (#19433) 2023-03-06 13:08:22 +01:00
audit.go core: push entry table type-checking into for loop (#17220) 2022-10-05 15:56:12 -04:00
audit_broker.go Add stack trace to audit logging panic recovery (#18121) 2022-11-30 17:59:05 +00:00
audit_test.go Vault test cluster helper refactorings, mostly audit related (#18928) 2023-02-01 08:33:16 -05:00
audited_headers.go vault: deprecate errwrap.Wrapf() (#11577) 2021-05-11 13:12:54 -04:00
audited_headers_test.go Fix some more error shadowing issues (#12990) 2021-11-01 11:43:00 -07:00
auth.go Add events sending routed from plugins (#18834) 2023-02-03 13:24:16 -08:00
auth_test.go Vault test cluster helper refactorings, mostly audit related (#18928) 2023-02-01 08:33:16 -05:00
barrier.go Rename master key to root key (#13324) 2021-12-06 17:12:20 -08:00
barrier_access.go
barrier_aes_gcm.go Barrier: Fix potential locking issue (#17944) 2022-11-16 09:53:22 -08:00
barrier_aes_gcm_test.go validate cipher length before decrypting (#14098) 2022-02-18 07:37:22 -07:00
barrier_test.go Rename master key to root key (#13324) 2021-12-06 17:12:20 -08:00
barrier_view.go Create sdk/ and api/ submodules (#6583) 2019-04-12 17:54:35 -04:00
barrier_view_test.go Run a more strict formatter over the code (#11312) 2021-04-08 09:43:39 -07:00
barrier_view_util.go Convert to Go 1.17 go:build directive (#13579) 2022-01-05 12:02:03 -06:00
capabilities.go Adds ability to define an inline policy and internal metadata on tokens (#12682) 2021-10-07 10:36:22 -07:00
capabilities_test.go Create sdk/ and api/ submodules (#6583) 2019-04-12 17:54:35 -04:00
cluster.go VAULT-11829: Add cluster status handler (#18351) 2023-01-06 17:06:54 -05:00
cluster_test.go Vault test cluster helper refactorings, mostly audit related (#18928) 2023-02-01 08:33:16 -05:00
core.go Validate response schema for integration tests (#19043) 2023-02-15 14:57:57 -05:00
core_metrics.go Add more raft metrics, emit more metrics on non-perf standbys (#12166) 2022-10-07 09:09:08 -07:00
core_metrics_test.go oss changes (#15487) 2022-05-18 09:16:13 -07:00
core_test.go Vault test cluster helper refactorings, mostly audit related (#18928) 2023-02-01 08:33:16 -05:00
core_util.go core: Move rollback period init to NewCore (#17547) 2022-10-13 18:39:00 -04:00
core_util_common.go merkle sync undo logs (#17103) 2022-09-13 10:03:19 -07:00
cors.go Migrate to sdk/internalshared libs in go-secure-stdlib (#12090) 2021-07-15 20:17:31 -04:00
counters.go [VAULT-2852] deprecate req counters in oss (#12197) 2021-07-29 10:21:40 -07:00
counters_test.go VAULT-12112: add openapi responses for /sys/internal endpoints (#18542) 2023-02-24 15:03:21 -05:00
custom_response_headers.go reformat using 'make fmt' (#13794) 2022-01-27 10:06:34 -08:00
custom_response_headers_test.go VAULT-12112: add openapi response structures for /sys/config and /sys/generate-root endpoints (#18472) 2023-02-16 15:06:26 -05:00
dynamic_system_view.go Add path based primary write forwarding (PBPWF) - OSS (#18735) 2023-01-20 16:36:18 -05:00
dynamic_system_view_test.go core: set namespace within GeneratePasswordFromPolicy (#12635) 2021-09-27 09:08:07 -07:00
events_test.go events: WS protobuf messages should be binary (#19232) 2023-02-17 11:38:03 -08:00
expiration.go add core state lock deadlock detection config option v2 (#18604) 2023-01-11 13:32:05 -06:00
expiration_integ_test.go Revert the WithContext changes to vault tests (#14947) 2022-04-07 15:12:58 -04:00
expiration_test.go Fix a panic at cleanup time in an expiration restore lease benchmark. (#16485) 2022-07-28 05:54:03 -07:00
expiration_testing_util_common.go [VAULT-1981] Add OSS changes (#11999) 2021-07-06 17:12:24 -05:00
expiration_util.go Convert to Go 1.17 go:build directive (#13579) 2022-01-05 12:02:03 -06:00
external_plugin_test.go test/plugin: refactor compilePlugin for reuse (#18952) 2023-02-03 16:27:11 -06:00
forwarded_writer_oss.go Add path based primary write forwarding (PBPWF) - OSS (#18735) 2023-01-20 16:36:18 -05:00
generate_root.go SSCT Tokens Feature [OSS] (#14109) 2022-02-17 11:43:07 -08:00
generate_root_recovery.go SSCT Tokens Feature [OSS] (#14109) 2022-02-17 11:43:07 -08:00
generate_root_test.go SSCT Tokens Feature [OSS] (#14109) 2022-02-17 11:43:07 -08:00
ha.go VAULT-8436 remove <-time.After statements in for loops (#18818) 2023-02-06 17:49:01 +01:00
ha_test.go Run a more strict formatter over the code (#11312) 2021-04-08 09:43:39 -07:00
identity_lookup.go Switch to go modules (#6585) 2019-04-13 03:44:06 -04:00
identity_lookup_test.go Create sdk/ and api/ submodules (#6583) 2019-04-12 17:54:35 -04:00
identity_store.go named Login MFA methods (#18610) 2023-01-23 15:51:22 -05:00
identity_store_aliases.go move custom metadata validation logic to its own package (#16464) 2022-07-28 10:40:38 -04:00
identity_store_aliases_test.go Support clearing an identity alias' custom_metadata (#13395) 2021-12-10 18:07:47 -05:00
identity_store_entities.go VAULT-9451 Fix data race in entity merge (#17631) 2022-10-21 16:47:59 -04:00
identity_store_entities_test.go Check if plugin version matches running version (#17182) 2022-09-21 12:25:04 -07:00
identity_store_group_aliases.go Refactor usages of Core in IdentityStore so they can be decoupled. (#12461) 2021-08-30 15:31:11 -04:00
identity_store_group_aliases_test.go Update group alias handling to better protect against namespace differences 2019-06-18 16:43:30 -04:00
identity_store_groups.go return bad request instead of server error for identity group cycle detection (#15912) 2022-06-10 10:15:31 -04:00
identity_store_groups_test.go update gofumpt to 0.3.1 and reformat the repo (#17055) 2022-09-07 17:31:20 -07:00
identity_store_oidc.go Fix multiple OpenAPI generation issues with new AST-based generator (#18554) 2023-01-31 16:27:39 -05:00
identity_store_oidc_provider.go Fix multiple OpenAPI generation issues with new AST-based generator (#18554) 2023-01-31 16:27:39 -05:00
identity_store_oidc_provider_test.go identity/oidc: adds claims_supported to discovery document (#16992) 2022-09-02 09:19:25 -07:00
identity_store_oidc_provider_util.go identity/oidc: Adds proof key for code exchange (PKCE) support (#13917) 2022-02-15 12:02:22 -08:00
identity_store_oidc_test.go unit test: fix oidc periodicfunc flaky test (#15320) 2022-05-09 13:43:23 -05:00
identity_store_oidc_util.go Convert to Go 1.17 go:build directive (#13579) 2022-01-05 12:02:03 -06:00
identity_store_oss.go Login MFA (#14025) 2022-02-17 13:08:51 -08:00
identity_store_schema.go Fix startup failures when aliases from a pre-1.9 vault version exist (#13169) 2021-11-16 14:56:34 -05:00
identity_store_structs.go HCP link integration (#16939) 2022-09-06 14:11:04 -04:00
identity_store_test.go identity/entity-alias: fix bug where alias metadata was shared if alias had same name (#16838) 2022-08-23 15:39:45 -04:00
identity_store_upgrade.go Prevent entity alias creation when entity is in different NS than mount (#943) (#6886) 2019-06-14 12:53:00 -04:00
identity_store_util.go VAULT-9451 Fix data race in entity merge (#17631) 2022-10-21 16:47:59 -04:00
init.go Revert #18683 (#18942) 2023-02-01 13:34:53 -06:00
init_test.go OSS portion of wrapper-v2 (#16811) 2022-08-23 15:37:16 -04:00
inspectable.go Introspection API Implementation for Router Struct (#17789) 2022-11-04 09:39:09 -07:00
inspectable_test.go OSS PR for Config Changes PR (#18418) 2022-12-15 12:19:19 -08:00
keyring.go reformat using 'make fmt' (#13794) 2022-01-27 10:06:34 -08:00
keyring_test.go Rename master key to root key (#13324) 2021-12-06 17:12:20 -08:00
logical_cubbyhole.go Add plugin version to GRPC interface (#17088) 2022-09-15 16:37:59 -07:00
logical_cubbyhole_test.go Create sdk/ and api/ submodules (#6583) 2019-04-12 17:54:35 -04:00
logical_passthrough.go Prevent panics in expiration invalidation, and make some changes for testing (#18401) 2022-12-15 18:09:36 +00:00
logical_passthrough_test.go Prevent panics in expiration invalidation, and make some changes for testing (#18401) 2022-12-15 18:09:36 +00:00
logical_raw.go added OpenAPI response objects for sys endpoints (#18633) 2023-02-15 15:02:21 -05:00
logical_system.go Make experiments API authenticated (#18966) 2023-02-09 20:18:14 +00:00
logical_system_activity.go De-duplicate namespaces when historical and current month data are mixed (#18452) 2022-12-16 16:02:42 -08:00
logical_system_helpers.go Login MFA (#14025) 2022-02-17 13:08:51 -08:00
logical_system_integ_test.go Vault test cluster helper refactorings, mostly audit related (#18928) 2023-02-01 08:33:16 -05:00
logical_system_paths.go VAULT-12112: add openapi responses for /sys/internal endpoints (#18542) 2023-02-24 15:03:21 -05:00
logical_system_pprof.go Added OpenAPI response structures for sys endpoints (#18515) 2023-02-15 15:00:06 -05:00
logical_system_quotas.go added OpenAPI response objects for sys endpoints (#18633) 2023-02-15 15:02:21 -05:00
logical_system_raft.go Prevent autopilot from demoting voters when they join a 2nd time (#18263) 2022-12-07 14:17:45 -05:00
logical_system_test.go VAULT-12112: add openapi responses for /sys/internal endpoints (#18542) 2023-02-24 15:03:21 -05:00
logical_system_user_lockout.go Prevent Brute Forcing: Create an api endpoint to list locked users OSS changes (#18675) 2023-01-17 14:25:56 -08:00
logical_system_util.go Convert to Go 1.17 go:build directive (#13579) 2022-01-05 12:02:03 -06:00
login_mfa.go Added OpenAPI response structures for sys endpoints (#18515) 2023-02-15 15:00:06 -05:00
login_mfa_test.go named Login MFA methods (#18610) 2023-01-23 15:51:22 -05:00
managed_key_registry.go Invalidate the ManagedKeyRegistry cache when Vault config is updated. (#14179) 2022-02-21 09:55:44 -05:00
mfa_auth_resp_priority_queue.go Login MFA (#14025) 2022-02-17 13:08:51 -08:00
mfa_auth_resp_priority_queue_test.go Login MFA (#14025) 2022-02-17 13:08:51 -08:00
mount.go Add events sending routed from plugins (#18834) 2023-02-03 13:24:16 -08:00
mount_test.go Vault test cluster helper refactorings, mostly audit related (#18928) 2023-02-01 08:33:16 -05:00
mount_util.go Add path based primary write forwarding (PBPWF) - OSS (#18735) 2023-01-20 16:36:18 -05:00
mount_util_shared.go Add path based primary write forwarding (PBPWF) - OSS (#18735) 2023-01-20 16:36:18 -05:00
namespaces.go Refactor usages of Core in IdentityStore so they can be decoupled. (#12461) 2021-08-30 15:31:11 -04:00
namespaces_oss.go HCP link integration (#16939) 2022-09-06 14:11:04 -04:00
password_policy_util.go Convert to Go 1.17 go:build directive (#13579) 2022-01-05 12:02:03 -06:00
plugin_catalog.go Move version out of SDK. (#14229) 2022-12-07 13:29:51 -05:00
plugin_catalog_test.go Remove pinned builtin plugin versions from storage (#18051) 2022-11-23 18:36:25 +00:00
plugin_reload.go Plugins: Add version info to CLI and server log output (#17430) 2022-10-06 12:54:27 +01:00
policy.go prevent memory leak when using control group factors in a policy (#17532) 2022-10-14 19:15:15 -04:00
policy_store.go Make experiments API authenticated (#18966) 2023-02-09 20:18:14 +00:00
policy_store_test.go Make experiments API authenticated (#18966) 2023-02-09 20:18:14 +00:00
policy_store_util.go Convert to Go 1.17 go:build directive (#13579) 2022-01-05 12:02:03 -06:00
policy_test.go Add HTTP PATCH support to KV (#12687) 2021-10-13 15:24:31 -04:00
policy_util.go Convert to Go 1.17 go:build directive (#13579) 2022-01-05 12:02:03 -06:00
raft.go VAULT-8436 remove <-time.After statements in for loops (#18818) 2023-02-06 17:49:01 +01:00
rekey.go Revert #18683 (#18942) 2023-02-01 13:34:53 -06:00
rekey_test.go OSS portion of wrapper-v2 (#16811) 2022-08-23 15:37:16 -04:00
request_forwarding.go Add autopilot automated upgrades and redundancy zones (#15521) 2022-05-20 16:49:11 -04:00
request_forwarding_rpc.go Add stack trace to audit logging panic recovery (#18121) 2022-11-30 17:59:05 +00:00
request_forwarding_rpc_util.go Convert to Go 1.17 go:build directive (#13579) 2022-01-05 12:02:03 -06:00
request_forwarding_service.pb.go Allow Token Create Requests To Be Replicated (#18689) 2023-01-24 14:00:27 -05:00
request_forwarding_service.proto Add autopilot automated upgrades and redundancy zones (#15521) 2022-05-20 16:49:11 -04:00
request_forwarding_service_grpc.pb.go Update protobuf & grpc libraries and protoc plugins (#12679) 2021-09-29 18:25:15 -07:00
request_handling.go Validate response schema for integration tests (#19043) 2023-02-15 14:57:57 -05:00
request_handling_test.go SSCT Optimizations (OSS) (#14323) 2022-03-01 12:24:45 -08:00
request_handling_util.go Allow Token Create Requests To Be Replicated (#18689) 2023-01-24 14:00:27 -05:00
rollback.go Fix a data race with rollbackPeriod. (#17387) 2022-10-13 09:59:07 -04:00
rollback_test.go When tainting a route during setup, pre-calculate the namespace specific path (#15067) 2022-04-26 09:13:45 -07:00
router.go Introspection API Implementation for Router Struct (#17789) 2022-11-04 09:39:09 -07:00
router_access.go
router_test.go When tainting a route during setup, pre-calculate the namespace specific path (#15067) 2022-04-26 09:13:45 -07:00
router_testing.go AWS upgrade role entries (#7025) 2019-07-05 16:55:40 -07:00
seal.go Revert #18683 (#18942) 2023-02-01 13:34:53 -06:00
seal_access.go OSS portion of wrapper-v2 (#16811) 2022-08-23 15:37:16 -04:00
seal_autoseal.go Revert #18683 (#18942) 2023-02-01 13:34:53 -06:00
seal_autoseal_test.go OSS portion of wrapper-v2 (#16811) 2022-08-23 15:37:16 -04:00
seal_test.go Shamir seals now come in two varieties: legacy and new-style. (#7694) 2019-10-18 14:46:00 -04:00
seal_testing.go Rename master key to root key (#13324) 2021-12-06 17:12:20 -08:00
seal_testing_util.go OSS portion of wrapper-v2 (#16811) 2022-08-23 15:37:16 -04:00
sealunwrapper.go OSS portion of wrapper-v2 (#16811) 2022-08-23 15:37:16 -04:00
sealunwrapper_test.go OSS portion of wrapper-v2 (#16811) 2022-08-23 15:37:16 -04:00
test_cluster_detect_deadlock.go add core state lock deadlock detection config option v2 (#18604) 2023-01-11 13:32:05 -06:00
test_cluster_do_not_detect_deadlock.go add core state lock deadlock detection config option v2 (#18604) 2023-01-11 13:32:05 -06:00
testing.go When copying test binary, delete first (#19331) 2023-02-23 15:10:13 -08:00
testing_util.go Convert to Go 1.17 go:build directive (#13579) 2022-01-05 12:02:03 -06:00
token_store.go Fix cubbyhole and token revocation for legacy service tokens (#19416) 2023-03-06 15:09:45 -05:00
token_store_test.go Fix cubbyhole and token revocation for legacy service tokens (#19416) 2023-03-06 15:09:45 -05:00
token_store_util.go Convert to Go 1.17 go:build directive (#13579) 2022-01-05 12:02:03 -06:00
token_store_util_common.go Load SSCT Generation Counter Upon DR Promotion [OSS] (#16956) 2022-08-31 11:05:21 -07:00
ui.go Add Semgrep Rules to OSS (#14513) 2022-03-18 11:14:03 -07:00
ui_test.go Fix UI custom header values (#10511) 2020-12-15 15:58:03 +01:00
util.go
util_test.go
vault_version_time.go Add build date (#14957) 2022-04-19 14:28:08 -04:00
version_store.go plugins: Handle mount/enable for shadowed builtins (#17879) 2022-12-14 13:06:33 -05:00
version_store_test.go Move version out of SDK. (#14229) 2022-12-07 13:29:51 -05:00
wrapping.go feature: secrets/auth plugin multiplexing (#14946) 2022-08-29 21:42:26 -05:00
wrapping_util.go Convert to Go 1.17 go:build directive (#13579) 2022-01-05 12:02:03 -06:00