* first round, there shall be more
* fix secret test
* more clean up
* maybe last round of clean up?
* this is going to take a while
* all the things or more of them at least
* this is the song that never ends...
* ... it goes on and on my friend.
* clean up clean up everybody lets clean up
* rename mount helper to mountBackend
* clean up 🧹
* address pr comments
---------
Co-authored-by: claire bontempo <68122737+hellobontempo@users.noreply.github.com>
* upgrade ember-data 5.3.2, uninstall legacy compat, upgrade ember-cli, ember-source
* use query instead of findAll for auth methods, update tests
* set mutableId for kmip
* show generated private key data before transitioning to details
* update kv metadata test
* remove deprecated methods from path help service
* add changelog, update readme version matrix
* remove toggle template helper
Cache scopes allow other branches to inherit default branch scopes,
which means that release branches can restore a key from main. Instead,
we now include the vault version as part of the cache key to ensure
we don't include versions that are incompatible with our version.
Signed-off-by: Ryan Cragun <me@ryan.ec>
* Switch from an unbounded Map to an LRU, 429 when exceeding it's size, and repeat challenges to the same server rather than encrypting new ones
* Prune old challenges
* Remove from pending only if the answer is correct
* Add a unit test that validates 429s, delays, and eviction of old entries
* Switch to using a flat token bucket from x/time/rate
* remove from LRU on each challenge write
* Remove sleep, simplify unit test
* improve const names
* additional tests
* max answer size
* add locking to prevent multiple new challenges
* remove log line
---------
Co-authored-by: Scott G. Miller <smiller@hashicorp.com>
* updating audit file_path duplication
* update test
* updating tests
* fixing go test errors
* adding go test doc for TestCore_EnableExistingAudit
* adding go test doc for TestCore_EnableExistingAudit
* adding go test doc for TestCore_EnableExistingAudit
* adding changelog
* adding suggested comments
* Support trimming trailing slashes via a mount tuneable to support CMPv2
* changelog/
* Perform trimming in handleLoginRequest too
* Eagerly fetch the mount entry so we only test this once
* Add a mount match function that gets path and entry
* Update vault/request_handling.go
Co-authored-by: Steven Clark <steven.clark@hashicorp.com>
* more docs
* Some patches (from ENT) didnt apply
* patch fail
* Update vault/router.go
Co-authored-by: Steven Clark <steven.clark@hashicorp.com>
* PR feedback
* dupe
* another dupe
* Add support for enabling trim_request_trailing_slashes on mount creation
* Fix read mount api returning configuration for trim_request_trailing_slashes
* Fix test assertion
* Switch enable and tune arguments to BoolPtrVal to allow end-users to specify false flag
* Add trim-request-trailing-slashes to the auth enable API and CLI
---------
Co-authored-by: Steven Clark <steven.clark@hashicorp.com>
As the Vault pipeline and release processes evolve over time, so too must the tooling that drives them. Historically we've utilized a combination of CI features and shell scripts that are wrapped into make targets to drive our CI. While this
approach has worked, it requires careful consideration of what features to use (bash in CI almost never matches bash in developer machines, etc.) and often requires a deep understanding of several CLI tools (jq, etc). `make` itself also has limitations in user experience, e.g. passing flags.
As we're all in on Github Actions as our pipeline coordinator, continuing to utilize and build CLI tools to perform our pipeline tasks makes sense. This PR adds a new CLI tool called `pipeline` which we can use to build new isolated tasks that we can string together in Github Actions. We intend to use this utility as the interface for future release automation work, see VAULT-27514.
For the first task in this new `pipeline` tool, I've chosen to build two small sub-commands:
* `pipeline releases list-versions` - Allows us to list Vault versions between a range. The range is configurable either by setting `--upper` and/or `--lower` bounds, or by using the `--nminus` to set the N-X to go back from the current branches version. As CE and ENT do not have version parity we also consider the `--edition`, as well as none-to-many `--skip` flags to exclude specific versions.
* `pipeline generate enos-dynamic-config` - Which creates dynamic enos configuration based on the branch and the current list of release versions. It takes largely the same flags as the `release list-versions` command, however it also expects a `--dir` for the enos directory and a `--file` where the dynamic configuration will be written. This allows us to dynamically update and feed the latest versions into our sampling algorithm to get coverage over all supported prior versions.
We then integrate these new tools into the pipeline itself and cache the dynamic config on a weekly basis. We also cache the pipeline tool itself as it will likely become a repository for pipeline specific tooling. The caching strategy for the `pipeline` tool itself will make most workflows that require it super fast.
Signed-off-by: Ryan Cragun <me@ryan.ec>
* rename store to pagination, remove store extension
* initial update of service test
* remove superfluous helper
* replace store with pagination service in main app
* update kmip engine syntax
* add pagination to kmip engine
* update to pagination in config-ui engine
* update sync engine to use pagination service
* use pagination service in kv engine
* use pagination service in ldap engine
* use pagination in pki engine
* update renaming clearDataset functions
* link to jira VAULT-31721
* remove comment
* Fix ACME http-01 challenges for IPv6 IPs
- We weren't properly encapsulating the IPv6 IP within the url provided
to the http client with [].
* Add cl
* Cleanup a test println
