* Delete cluster.Start for NewTestCluster clusters, and deprecate and clean up cluster.Cleanup for NewTestCluster clusters (#14014)
* progress
* more progress
* missed cleanup
* fix mistakes
* cleanup
* fix docker cleanup
* various fixes
* further fixes
* further cleanup
* the cleanup will continue until morale improves
* two morE
* more fixes
* how did I miss that
* new test cleanup
* update
* cleanup, attempt small de-flake
* fix and extra cleanup
* some docker cleanup
* newlines
* some testwaitactives
* CE changes
---------
Co-authored-by: Violet Hynes <violet.hynes@hashicorp.com>
* Update config.go
* added validation and parsing
* tests
* move pki external config structs and validation into separate file
* update copywrite
* update configuration
* updates
* Moved tests to pki_external_config.go, comments, refactoring
* refactor
* add tests
* linter fix
* Consolidate to table tests
* consolidate to table tests
* remove APIVersion from PKIExternalCA
* added comments for explaining each struct
* Added ParsePKIExternalCA Test
* Update tests
* Added remaining constraints
* Added destination.template field
* changes
* Added validateListenerAddr
* refactor
* more comments
* changes
* Check for duplicates across blocks
* Make RSA bits a required field
* moved template to the top level
* added comment for test explanation
* move template to the top level
* Move pki config into pkiexternalca directory
* fix linting error
* move pkiconfig back into config folder
* fix failing unit tests
* added comments
* update to preserve order of templatePKIExternalCARefs
* Added comment descriptions for each struct member
* update to include warning
* bring in warning logger from upstream into the pki config parser
* Set default umask to 077
* added comments to each field in agent config
* execute tests in parallel
* combine tests into Validate
* Use assertion error func for tests
* assert error strings
* Removed warning for now
* removed normalization on values during validation
* added tests to ensure that user values are not overridden
* remove testparse
* Update command/agent/config/config.go
* change improvement to feature in changelog
* updated to add line number in error
* Added _ent suffix to files
* Implement CA manager for ACME-based workflows (#12827)
* Implement CA manager for ACME-based workflows
* refactor tests into table tests
* update with suggestions
* format
* fix challenge cleanup
* make fmt
* update with suggestions
* add _ent + build flags
* Add a runtime component for pkiexternalca (#12838)
* Implement CA manager for ACME-based workflows
* Add a runtime component for pkiexternalca
* make fmt
* refactor tests into table tests
* update with suggestions
* format
* fix challenge cleanup
* make fmt
* update with suggestions
* update with suggestions
* add _ent + build flags
* fix linters
* delete duplicate files
* fix changelog
* rename test files
* fix linter
* try to bypass false positive linter err
* fix
* Rename file
* fix linter
* fix linter
* remove go:build enterprise commends from _ent files
* update order statuses to use kebab case + fix scanner failures
* add missing order status
* Template Integration For pki_external_ca resources (#13069)
* Implement CA manager for ACME-based workflows
* Add a runtime component for pkiexternalca
* make fmt
* refactor tests into table tests
* update with suggestions
* initial commit
* fix test failure
* changes
* remove logger check
* remove redundant config by name check
* convert to table tests
* added comments
* updates
* Fix tests
* fix nil pointer issue
* move changes to _ent files
* remove ce duplicate files
* updates
* update template.go
* added changelog.txt
* create template_pem_ent_test.go
* added comment explanation
* update ca_manager_ent.go
* update changelog
* separate ce stubs into server_ce.go and common code into server.go
* Moved helper functions to bottom of test file. Added godocs.
* Make pkiExternalCA name required in template
* remove go:build enterprise commends from _ent files
* rename to template_pem_ent
* include ent tag in server_ent.go
* remove enterprise tag comment from server_ent.go
* create pki_external_config_ce.go
* update template_pem_ent_integration_test.go
* rename integration test
---------
---------
Co-authored-by: Jaired Jawed <jaired.jawed@hashicorp.com>
Co-authored-by: Ben Ash <32777270+benashz@users.noreply.github.com>
Co-authored-by: Zlaticanin <60530402+Zlaticanin@users.noreply.github.com>
Co-authored-by: Milena Zlaticanin <Milena.Zlaticanin@ibm.com>
* license: update headers to IBM Corp.
* `make proto`
* update offset because source file changed
Signed-off-by: Ryan Cragun <me@ryan.ec>
Co-authored-by: Ryan Cragun <me@ryan.ec>
* VAULT-28192 fix Agent and Proxy consuming large amounts of CPU for auto-auth self-healing
* Changelog
* Update changelog
* drain incoming if we get invalid token
---------
Co-authored-by: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com>
* VAULT-25341 Address issue where having no permissions to renew caused Agent and Proxy auth to attempt to renew with no backoff
* Fiddle with go.mod changes that shouldn't have happened
* VAULT-25341 small cleanup and extra test
* VAULT-25341 backoff only in error case
* VAULT-25341 godocs
* VAULT-25342 changelog
* Update command/agent_test.go
Co-authored-by: divyaac <divya.chandrasekaran@hashicorp.com>
* VAULT-25341 rename file audit
---------
Co-authored-by: divyaac <divya.chandrasekaran@hashicorp.com>
* add gosimport to make fmt and run it
* move installation to tools.sh
* correct weird spacing issue
* Update Makefile
Co-authored-by: Nick Cabatoff <ncabatoff@hashicorp.com>
* fix a weird issue
---------
Co-authored-by: Nick Cabatoff <ncabatoff@hashicorp.com>
I have an upcoming PR for event notifications that needs similar
exponential backoff logic, and I prefer the API and logic in the
auto-auth exponential backoff rather than that of
github.com/cenkalti/backoff/v3.
This does have a small behavior change: the auto-auth min backoff
will now be randomly reduced by up to 25% on the first call. This is
a desirable property to avoid thundering herd problems, where a bunch
of agents won't all try have the same retry timeout.
* Adding explicit MPL license for sub-package.
This directory and its subdirectories (packages) contain files licensed with the MPLv2 `LICENSE` file in this directory and are intentionally licensed separately from the BSL `LICENSE` file at the root of this repository.
* Adding explicit MPL license for sub-package.
This directory and its subdirectories (packages) contain files licensed with the MPLv2 `LICENSE` file in this directory and are intentionally licensed separately from the BSL `LICENSE` file at the root of this repository.
* Updating the license from MPL to Business Source License.
Going forward, this project will be licensed under the Business Source License v1.1. Please see our blog post for more details at https://hashi.co/bsl-blog, FAQ at www.hashicorp.com/licensing-faq, and details of the license at www.hashicorp.com/bsl.
* add missing license headers
* Update copyright file headers to BUS-1.1
* Fix test that expected exact offset on hcl file
---------
Co-authored-by: hashicorp-copywrite[bot] <110428419+hashicorp-copywrite[bot]@users.noreply.github.com>
Co-authored-by: Sarah Thompson <sthompson@hashicorp.com>
Co-authored-by: Brian Kassouf <bkassouf@hashicorp.com>
* added exec and env_template config/parsing
* add tests
* we can reuse ctconfig here
* do not create a non-nil map
* check defaults
* Apply suggestions from code review
Co-authored-by: Anton Averchenkov <84287187+averche@users.noreply.github.com>
* Apply suggestions from code review
Co-authored-by: Anton Averchenkov <84287187+averche@users.noreply.github.com>
* first go of exec server
Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>
* convert to list
Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>
* convert to list
Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>
* sig test
Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>
* add failing example
Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>
* refactor for config changes
Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>
* add test for invalid signal
Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>
* account for auth token changes
Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>
* only start the runner once we have a token
* tests in diff branch
Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>
* Apply suggestions from code review
Co-authored-by: Anton Averchenkov <84287187+averche@users.noreply.github.com>
* fix rename
Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>
* Update command/agent/exec/exec.go
Co-authored-by: Anton Averchenkov <84287187+averche@users.noreply.github.com>
* apply suggestions from code review
Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>
* cleanup
Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>
* remove unnecessary lock
Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>
* refactor to use enum
Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>
* dont block
Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>
* handle default
Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>
* make more explicit
Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>
* cleanup
Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>
* remove unused
Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>
* remove unused file
Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>
* remove test app
Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>
* Apply suggestions from code review
Co-authored-by: Anton Averchenkov <84287187+averche@users.noreply.github.com>
* apply suggestions from code review
Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>
* update comment
Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>
* add changelog
Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>
* new channel for exec server token
* wire to run with vault agent
Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>
* watch for child process to exit on its own
Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>
* block before returning
Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>
---------
Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>
Co-authored-by: Anton Averchenkov <84287187+averche@users.noreply.github.com>
* VAULT-15547 First pass at agent/proxy decoupling
* VAULT-15547 Fix some imports
* VAULT-15547 cases instead of string.Title
* VAULT-15547 changelog
* VAULT-15547 Fix some imports
* VAULT-15547 some more dependency updates
* VAULT-15547 More dependency paths
* VAULT-15547 godocs for tests
* VAULT-15547 godocs for tests
* VAULT-15547 test package updates
* VAULT-15547 test packages
* VAULT-15547 add proxy to test packages
* VAULT-15547 gitignore
* VAULT-15547 address comments
* VAULT-15547 Some typos and small fixes
