open-vault/vault
Max Bowsher 4c5f583f39
OpenAPI `generic_mount_paths` follow-up (#18663)
* OpenAPI `generic_mount_paths` follow-up

An incremental improvement within larger context discussed in #18560.

* Following the revert in #18617, re-introduce the change from
  `{mountPath}` to `{<path-of-mount>_mount_path}`; this is needed, as
  otherwise paths from multiple plugins would clash - e.g. almost every
  auth method would provide a conflicting definition for
  `auth/{mountPath}/login`, and the last one written into the map would
  win.

* Move the half of the functionality that was in `sdk/framework/` to
  `vault/logical_system.go` with the rest; this is needed, as
  `sdk/framework/` gets compiled in to externally built plugins, and
  therefore there may be version skew between it and the Vault main
  code. Implementing the `generic_mount_paths` feature entirely on one
  side of this boundary frees us from problems caused by this.

* Update the special exception that recognizes `system` and `identity`
  as singleton mounts to also include the other two singleton mounts,
  `cubbyhole` and `auth/token`.

* Include a comment that documents to restricted circumstances in which
  the `generic_mount_paths` option makes sense to use:

	    // Note that for this to actually be useful, you have to be using it with
	    // a Vault instance in which you have mounted one of each secrets engine
	    // and auth method of types you are interested in, at paths which identify
	    // their type, and for the KV secrets engine you will probably want to
	    // mount separate kv-v1 and kv-v2 mounts to include the documentation for
	    // each of those APIs.

* Fix tests

Also remove comment "// TODO update after kv repo update" which was
added 4 years ago in #5687 - the implied update has not happened.

* Add changelog

* Update 18663.txt
2023-01-17 23:07:11 -05:00
..
activity Link OSS (#18228) 2022-12-08 15:02:18 -05:00
cluster autopilot: assume nodes we haven't received heartbeats from are running the same version as we are (#17019) 2022-09-06 14:49:04 -04:00
diagnose Upgrade `go.opentelemetry.io/otel` from v0.20.0 to v1.11.2 (#18589) 2023-01-04 11:31:30 -08:00
eventbus Add basic event bus broker stub (#18640) 2023-01-17 13:34:37 -08:00
external_tests Prevent Brute Forcing: Create an api endpoint to list locked users OSS changes (#18675) 2023-01-17 14:25:56 -08:00
hcp_link VAULT-12548: Fix data races in Link status reporting (#18674) 2023-01-12 15:10:34 -05:00
quotas VAULT-8336 Fix default rate limit paths (#18273) 2022-12-09 08:49:17 -05:00
replication Convert to Go 1.17 go:build directive (#13579) 2022-01-05 12:02:03 -06:00
seal OSS portion of wrapper-v2 (#16811) 2022-08-23 15:37:16 -04:00
tokens Link OSS (#18228) 2022-12-08 15:02:18 -05:00
acl.go Fix HelpOperation on sudo-protected paths (#18568) 2023-01-10 12:17:16 -06:00
acl_test.go Fix linter issues in policy.go & acl.go (#16366) 2022-07-22 14:13:14 -04:00
acl_util.go Convert to Go 1.17 go:build directive (#13579) 2022-01-05 12:02:03 -06:00
activity_log.go Revert "Add new clients into the monthly breakdown (#18629)" (#18726) 2023-01-16 15:51:19 +00:00
activity_log_test.go Make some activity log tests less flaky (#17028) 2022-09-07 09:06:15 -04:00
activity_log_testing_util.go s/path/mount_path (#14164) 2022-02-18 13:44:43 -05:00
activity_log_util.go Convert to Go 1.17 go:build directive (#13579) 2022-01-05 12:02:03 -06:00
activity_log_util_common.go fix off by one err in current month client count computation (#17457) 2022-10-07 12:37:09 -04:00
activity_log_util_common_test.go fix off by one err in current month client count computation (#17457) 2022-10-07 12:37:09 -04:00
audit.go core: push entry table type-checking into for loop (#17220) 2022-10-05 15:56:12 -04:00
audit_broker.go Add stack trace to audit logging panic recovery (#18121) 2022-11-30 17:59:05 +00:00
audit_test.go Run a more strict formatter over the code (#11312) 2021-04-08 09:43:39 -07:00
audited_headers.go vault: deprecate errwrap.Wrapf() (#11577) 2021-05-11 13:12:54 -04:00
audited_headers_test.go Fix some more error shadowing issues (#12990) 2021-11-01 11:43:00 -07:00
auth.go plugins: Handle mount/enable for shadowed builtins (#17879) 2022-12-14 13:06:33 -05:00
auth_test.go Plugins: Allow explicitly specifying the builtin version of a plugin (#17289) 2022-09-22 23:15:46 +01:00
barrier.go Rename master key to root key (#13324) 2021-12-06 17:12:20 -08:00
barrier_access.go Fix compile 2018-01-19 05:31:55 -05:00
barrier_aes_gcm.go Barrier: Fix potential locking issue (#17944) 2022-11-16 09:53:22 -08:00
barrier_aes_gcm_test.go validate cipher length before decrypting (#14098) 2022-02-18 07:37:22 -07:00
barrier_test.go Rename master key to root key (#13324) 2021-12-06 17:12:20 -08:00
barrier_view.go Create sdk/ and api/ submodules (#6583) 2019-04-12 17:54:35 -04:00
barrier_view_test.go Run a more strict formatter over the code (#11312) 2021-04-08 09:43:39 -07:00
barrier_view_util.go Convert to Go 1.17 go:build directive (#13579) 2022-01-05 12:02:03 -06:00
capabilities.go Adds ability to define an inline policy and internal metadata on tokens (#12682) 2021-10-07 10:36:22 -07:00
capabilities_test.go Create sdk/ and api/ submodules (#6583) 2019-04-12 17:54:35 -04:00
cluster.go VAULT-11829: Add cluster status handler (#18351) 2023-01-06 17:06:54 -05:00
cluster_test.go Wait for standby to have a working grpc connection before we try to use it (#16905) 2022-08-26 12:50:10 -04:00
core.go Prevent brute forcing : telemetry oss changes (#18718) 2023-01-17 15:10:50 -08:00
core_metrics.go Add more raft metrics, emit more metrics on non-perf standbys (#12166) 2022-10-07 09:09:08 -07:00
core_metrics_test.go oss changes (#15487) 2022-05-18 09:16:13 -07:00
core_test.go Vault 8308 Background thread to update locked user entries (#18673) 2023-01-12 14:09:33 -08:00
core_util.go core: Move rollback period init to NewCore (#17547) 2022-10-13 18:39:00 -04:00
core_util_common.go merkle sync undo logs (#17103) 2022-09-13 10:03:19 -07:00
cors.go Migrate to sdk/internalshared libs in go-secure-stdlib (#12090) 2021-07-15 20:17:31 -04:00
counters.go [VAULT-2852] deprecate req counters in oss (#12197) 2021-07-29 10:21:40 -07:00
counters_test.go Use %q for quoted strings where appropriate (#15216) 2022-08-03 12:32:45 -06:00
custom_response_headers.go reformat using 'make fmt' (#13794) 2022-01-27 10:06:34 -08:00
custom_response_headers_test.go vault: fix dropped test errors (#14402) 2022-03-08 12:32:27 -07:00
dynamic_system_view.go Move version out of SDK. (#14229) 2022-12-07 13:29:51 -05:00
dynamic_system_view_test.go core: set namespace within GeneratePasswordFromPolicy (#12635) 2021-09-27 09:08:07 -07:00
expiration.go add core state lock deadlock detection config option v2 (#18604) 2023-01-11 13:32:05 -06:00
expiration_integ_test.go Revert the WithContext changes to vault tests (#14947) 2022-04-07 15:12:58 -04:00
expiration_test.go Fix a panic at cleanup time in an expiration restore lease benchmark. (#16485) 2022-07-28 05:54:03 -07:00
expiration_testing_util_common.go [VAULT-1981] Add OSS changes (#11999) 2021-07-06 17:12:24 -05:00
expiration_util.go Convert to Go 1.17 go:build directive (#13579) 2022-01-05 12:02:03 -06:00
external_plugin_test.go plugins: Handle mount/enable for shadowed builtins (#17879) 2022-12-14 13:06:33 -05:00
generate_root.go SSCT Tokens Feature [OSS] (#14109) 2022-02-17 11:43:07 -08:00
generate_root_recovery.go SSCT Tokens Feature [OSS] (#14109) 2022-02-17 11:43:07 -08:00
generate_root_test.go SSCT Tokens Feature [OSS] (#14109) 2022-02-17 11:43:07 -08:00
ha.go Add more raft metrics, emit more metrics on non-perf standbys (#12166) 2022-10-07 09:09:08 -07:00
ha_test.go Run a more strict formatter over the code (#11312) 2021-04-08 09:43:39 -07:00
identity_lookup.go Switch to go modules (#6585) 2019-04-13 03:44:06 -04:00
identity_lookup_test.go Create sdk/ and api/ submodules (#6583) 2019-04-12 17:54:35 -04:00
identity_store.go Add plugin version to GRPC interface (#17088) 2022-09-15 16:37:59 -07:00
identity_store_aliases.go move custom metadata validation logic to its own package (#16464) 2022-07-28 10:40:38 -04:00
identity_store_aliases_test.go Support clearing an identity alias' custom_metadata (#13395) 2021-12-10 18:07:47 -05:00
identity_store_entities.go VAULT-9451 Fix data race in entity merge (#17631) 2022-10-21 16:47:59 -04:00
identity_store_entities_test.go Check if plugin version matches running version (#17182) 2022-09-21 12:25:04 -07:00
identity_store_group_aliases.go Refactor usages of Core in IdentityStore so they can be decoupled. (#12461) 2021-08-30 15:31:11 -04:00
identity_store_group_aliases_test.go Update group alias handling to better protect against namespace differences 2019-06-18 16:43:30 -04:00
identity_store_groups.go return bad request instead of server error for identity group cycle detection (#15912) 2022-06-10 10:15:31 -04:00
identity_store_groups_test.go update gofumpt to 0.3.1 and reformat the repo (#17055) 2022-09-07 17:31:20 -07:00
identity_store_oidc.go HCP link integration (#16939) 2022-09-06 14:11:04 -04:00
identity_store_oidc_provider.go identity/oidc: adds claims_supported to discovery document (#16992) 2022-09-02 09:19:25 -07:00
identity_store_oidc_provider_test.go identity/oidc: adds claims_supported to discovery document (#16992) 2022-09-02 09:19:25 -07:00
identity_store_oidc_provider_util.go identity/oidc: Adds proof key for code exchange (PKCE) support (#13917) 2022-02-15 12:02:22 -08:00
identity_store_oidc_test.go unit test: fix oidc periodicfunc flaky test (#15320) 2022-05-09 13:43:23 -05:00
identity_store_oidc_util.go Convert to Go 1.17 go:build directive (#13579) 2022-01-05 12:02:03 -06:00
identity_store_oss.go Login MFA (#14025) 2022-02-17 13:08:51 -08:00
identity_store_schema.go Fix startup failures when aliases from a pre-1.9 vault version exist (#13169) 2021-11-16 14:56:34 -05:00
identity_store_structs.go HCP link integration (#16939) 2022-09-06 14:11:04 -04:00
identity_store_test.go identity/entity-alias: fix bug where alias metadata was shared if alias had same name (#16838) 2022-08-23 15:39:45 -04:00
identity_store_upgrade.go Prevent entity alias creation when entity is in different NS than mount (#943) (#6886) 2019-06-14 12:53:00 -04:00
identity_store_util.go VAULT-9451 Fix data race in entity merge (#17631) 2022-10-21 16:47:59 -04:00
init.go OSS portion of wrapper-v2 (#16811) 2022-08-23 15:37:16 -04:00
init_test.go OSS portion of wrapper-v2 (#16811) 2022-08-23 15:37:16 -04:00
inspectable.go Introspection API Implementation for Router Struct (#17789) 2022-11-04 09:39:09 -07:00
inspectable_test.go OSS PR for Config Changes PR (#18418) 2022-12-15 12:19:19 -08:00
keyring.go reformat using 'make fmt' (#13794) 2022-01-27 10:06:34 -08:00
keyring_test.go Rename master key to root key (#13324) 2021-12-06 17:12:20 -08:00
logical_cubbyhole.go Add plugin version to GRPC interface (#17088) 2022-09-15 16:37:59 -07:00
logical_cubbyhole_test.go Create sdk/ and api/ submodules (#6583) 2019-04-12 17:54:35 -04:00
logical_passthrough.go Prevent panics in expiration invalidation, and make some changes for testing (#18401) 2022-12-15 18:09:36 +00:00
logical_passthrough_test.go Prevent panics in expiration invalidation, and make some changes for testing (#18401) 2022-12-15 18:09:36 +00:00
logical_raw.go Use %q for quoted strings where appropriate (#15216) 2022-08-03 12:32:45 -06:00
logical_system.go OpenAPI `generic_mount_paths` follow-up (#18663) 2023-01-17 23:07:11 -05:00
logical_system_activity.go De-duplicate namespaces when historical and current month data are mixed (#18452) 2022-12-16 16:02:42 -08:00
logical_system_helpers.go Login MFA (#14025) 2022-02-17 13:08:51 -08:00
logical_system_integ_test.go Move version out of SDK. (#14229) 2022-12-07 13:29:51 -05:00
logical_system_paths.go Prevent Brute Forcing: Create an api endpoint to list locked users OSS changes (#18675) 2023-01-17 14:25:56 -08:00
logical_system_pprof.go Add support for unauthenticated pprof access on a per-listener basis,… (#11324) 2021-04-19 14:30:59 -04:00
logical_system_quotas.go VAULT-6614 Enable role based quotas for lease-count quotas (OSS) (#16157) 2022-07-05 13:02:00 -04:00
logical_system_raft.go Prevent autopilot from demoting voters when they join a 2nd time (#18263) 2022-12-07 14:17:45 -05:00
logical_system_test.go OpenAPI `generic_mount_paths` follow-up (#18663) 2023-01-17 23:07:11 -05:00
logical_system_user_lockout.go Prevent Brute Forcing: Create an api endpoint to list locked users OSS changes (#18675) 2023-01-17 14:25:56 -08:00
logical_system_util.go Convert to Go 1.17 go:build directive (#13579) 2022-01-05 12:02:03 -06:00
login_mfa.go Tolerate NamespaceByID returning (nil,nil) when looking up an mfa enforcement's ns (#17562) 2022-10-17 09:18:02 -04:00
managed_key_registry.go Invalidate the ManagedKeyRegistry cache when Vault config is updated. (#14179) 2022-02-21 09:55:44 -05:00
mfa_auth_resp_priority_queue.go Login MFA (#14025) 2022-02-17 13:08:51 -08:00
mfa_auth_resp_priority_queue_test.go Login MFA (#14025) 2022-02-17 13:08:51 -08:00
mount.go Fix typo in mount.go (#18575) 2023-01-04 21:52:42 -05:00
mount_test.go Remove pinned builtin plugin versions from storage (#18051) 2022-11-23 18:36:25 +00:00
mount_util.go Fix unsafe access to perf standby status from systemview (#17186) 2022-10-05 08:56:36 -04:00
namespaces.go Refactor usages of Core in IdentityStore so they can be decoupled. (#12461) 2021-08-30 15:31:11 -04:00
namespaces_oss.go HCP link integration (#16939) 2022-09-06 14:11:04 -04:00
password_policy_util.go Convert to Go 1.17 go:build directive (#13579) 2022-01-05 12:02:03 -06:00
plugin_catalog.go Move version out of SDK. (#14229) 2022-12-07 13:29:51 -05:00
plugin_catalog_test.go Remove pinned builtin plugin versions from storage (#18051) 2022-11-23 18:36:25 +00:00
plugin_reload.go Plugins: Add version info to CLI and server log output (#17430) 2022-10-06 12:54:27 +01:00
policy.go prevent memory leak when using control group factors in a policy (#17532) 2022-10-14 19:15:15 -04:00
policy_store.go Remove unreachable code (#18576) 2023-01-03 09:02:01 -05:00
policy_store_test.go Run a more strict formatter over the code (#11312) 2021-04-08 09:43:39 -07:00
policy_store_util.go Convert to Go 1.17 go:build directive (#13579) 2022-01-05 12:02:03 -06:00
policy_test.go Add HTTP PATCH support to KV (#12687) 2021-10-13 15:24:31 -04:00
policy_util.go Convert to Go 1.17 go:build directive (#13579) 2022-01-05 12:02:03 -06:00
raft.go Enable undo logs by default (#18692) 2023-01-17 13:38:18 -08:00
rekey.go OSS portion of wrapper-v2 (#16811) 2022-08-23 15:37:16 -04:00
rekey_test.go OSS portion of wrapper-v2 (#16811) 2022-08-23 15:37:16 -04:00
request_forwarding.go Add autopilot automated upgrades and redundancy zones (#15521) 2022-05-20 16:49:11 -04:00
request_forwarding_rpc.go Add stack trace to audit logging panic recovery (#18121) 2022-11-30 17:59:05 +00:00
request_forwarding_rpc_util.go Convert to Go 1.17 go:build directive (#13579) 2022-01-05 12:02:03 -06:00
request_forwarding_service.pb.go Link OSS (#18228) 2022-12-08 15:02:18 -05:00
request_forwarding_service.proto Add autopilot automated upgrades and redundancy zones (#15521) 2022-05-20 16:49:11 -04:00
request_forwarding_service_grpc.pb.go Update protobuf & grpc libraries and protoc plugins (#12679) 2021-09-29 18:25:15 -07:00
request_handling.go VAULT-11829: Add cluster status handler (#18351) 2023-01-06 17:06:54 -05:00
request_handling_test.go SSCT Optimizations (OSS) (#14323) 2022-03-01 12:24:45 -08:00
request_handling_util.go Vault 8307 user lockout workflow oss (#17951) 2022-12-06 17:22:46 -08:00
rollback.go Fix a data race with rollbackPeriod. (#17387) 2022-10-13 09:59:07 -04:00
rollback_test.go When tainting a route during setup, pre-calculate the namespace specific path (#15067) 2022-04-26 09:13:45 -07:00
router.go Introspection API Implementation for Router Struct (#17789) 2022-11-04 09:39:09 -07:00
router_access.go The big one (#5346) 2018-09-17 23:03:00 -04:00
router_test.go When tainting a route during setup, pre-calculate the namespace specific path (#15067) 2022-04-26 09:13:45 -07:00
router_testing.go AWS upgrade role entries (#7025) 2019-07-05 16:55:40 -07:00
seal.go Make the error and http code clearer when supplying wrong unseal key (#17836) 2022-11-28 16:01:47 -08:00
seal_access.go OSS portion of wrapper-v2 (#16811) 2022-08-23 15:37:16 -04:00
seal_autoseal.go OSS portion of wrapper-v2 (#16811) 2022-08-23 15:37:16 -04:00
seal_autoseal_test.go OSS portion of wrapper-v2 (#16811) 2022-08-23 15:37:16 -04:00
seal_test.go Shamir seals now come in two varieties: legacy and new-style. (#7694) 2019-10-18 14:46:00 -04:00
seal_testing.go Rename master key to root key (#13324) 2021-12-06 17:12:20 -08:00
seal_testing_util.go OSS portion of wrapper-v2 (#16811) 2022-08-23 15:37:16 -04:00
sealunwrapper.go OSS portion of wrapper-v2 (#16811) 2022-08-23 15:37:16 -04:00
sealunwrapper_test.go OSS portion of wrapper-v2 (#16811) 2022-08-23 15:37:16 -04:00
test_cluster_detect_deadlock.go add core state lock deadlock detection config option v2 (#18604) 2023-01-11 13:32:05 -06:00
test_cluster_do_not_detect_deadlock.go add core state lock deadlock detection config option v2 (#18604) 2023-01-11 13:32:05 -06:00
testing.go add core state lock deadlock detection config option v2 (#18604) 2023-01-11 13:32:05 -06:00
testing_util.go Convert to Go 1.17 go:build directive (#13579) 2022-01-05 12:02:03 -06:00
token_store.go HCP link integration (#16939) 2022-09-06 14:11:04 -04:00
token_store_test.go Use %q for quoted strings where appropriate (#15216) 2022-08-03 12:32:45 -06:00
token_store_util.go Convert to Go 1.17 go:build directive (#13579) 2022-01-05 12:02:03 -06:00
token_store_util_common.go Load SSCT Generation Counter Upon DR Promotion [OSS] (#16956) 2022-08-31 11:05:21 -07:00
ui.go Add Semgrep Rules to OSS (#14513) 2022-03-18 11:14:03 -07:00
ui_test.go Fix UI custom header values (#10511) 2020-12-15 15:58:03 +01:00
util.go Removed unused methods 2017-01-03 12:51:35 -05:00
util_test.go Utility Enhancements 2016-04-05 20:32:59 -04:00
vault_version_time.go Add build date (#14957) 2022-04-19 14:28:08 -04:00
version_store.go plugins: Handle mount/enable for shadowed builtins (#17879) 2022-12-14 13:06:33 -05:00
version_store_test.go Move version out of SDK. (#14229) 2022-12-07 13:29:51 -05:00
wrapping.go feature: secrets/auth plugin multiplexing (#14946) 2022-08-29 21:42:26 -05:00
wrapping_util.go Convert to Go 1.17 go:build directive (#13579) 2022-01-05 12:02:03 -06:00