Transactional storage #3
Open
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
* Fix Vault plugin compatibility tests Signed-off-by: Alexander Scheel <alexander.m.scheel@gmail.com> * Remove upstream HashiCorp Vault build process This removes unnecessary pipeline executions as we've replaced the upstream release tooling with goreleaser. Signed-off-by: Alexander Scheel <alexander.m.scheel@gmail.com> * Fix panic in external binary testing When reverting SSCTs in 15c4855, this did not correctly handle making the config DisableSSCTs value a pointer, resulting in a failure when running with external (Docker) binaries and potentially full (non-dev-mode) server instances. Signed-off-by: Alexander Scheel <alexander.m.scheel@gmail.com> * Fix ACME EAB test with Caddy When using `caddy start` with RunCmdWithOutput(...), the container runner prematurely terminates the backgrounded Caddy server when the latter function call returns. This prevents the subsequent curl from working as the server has already been shut down. Switch to running the interactive variant (`caddy run`) in the background explicitly via RunCmdInBackground(...). Signed-off-by: Alexander Scheel <alexander.m.scheel@gmail.com> * Fix Vault reference on missing OpenBao UI page Signed-off-by: Alexander Scheel <alexander.m.scheel@gmail.com> * Fix log statement in goroutine after text exit Go tests may not log after the end of the test as this will panic the logger. Signed-off-by: Alexander Scheel <alexander.m.scheel@gmail.com> --------- Signed-off-by: Alexander Scheel <alexander.m.scheel@gmail.com>
minor fixes like spaces and punctuation Signed-off-by: Wouter Koorn <54982288+Wouterkoorn@users.noreply.github.com> Co-authored-by: Alexander Scheel <alexander.m.scheel@gmail.com>
Bumps [actions/checkout](https://github.com/actions/checkout) from 3.5.3 to 4.1.7. - [Release notes](https://github.com/actions/checkout/releases) - [Commits](actions/checkout@v3.5.3...v4.1.7) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Alexander Scheel <alexander.m.scheel@gmail.com>
Bumps [actions/configure-pages](https://github.com/actions/configure-pages) from 4 to 5. - [Release notes](https://github.com/actions/configure-pages/releases) - [Commits](actions/configure-pages@v4...v5) --- updated-dependencies: - dependency-name: actions/configure-pages dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
GPG signing was broken as --detach-sign does not itself take an argument to a file to sign; instead this should be a separate positional argument to the CLI as a whole. This means that stdin was signed instead of the specified file, resulting in bogus signatures. While the existing cosign signatures work, they require additional calls to rekor to fetch the corresponding certificate used to sign. Mirroring with what OpenTofu does, we can save the certificates directly so that users can verify without additional calls to the rekor network. Lastly, switch to GitHub-hosted runners to avoid needing to use a self-hosted runner for this release stage. Thanks to @JanMa and @janosdebugs for their help. Signed-off-by: Alexander Scheel <alexander.m.scheel@gmail.com>
* docs(token): document the token format Add details on the format of OpenBao tokens, it should hopefully add clear documentation as to one can detect tokens. The body's format was inferred from: - https://github.com/openbao/openbao/blob/180024468640acc82eb8dc621f7fd21ce6bfd125/vault/token_store.go#L72-L74 - https://github.com/openbao/openbao/blob/180024468640acc82eb8dc621f7fd21ce6bfd125/vault/token_store.go#L997-L999 Signed-off-by: nobe4 <nobe4@users.noreply.github.com> * docs(token): fix table Signed-off-by: nobe4 <nobe4@users.noreply.github.com> --------- Signed-off-by: nobe4 <nobe4@users.noreply.github.com>
Signed-off-by: Jan Martens <jan@martens.eu.org> Co-authored-by: Alexander Scheel <alexander.m.scheel@gmail.com>
We started to generate SBOM and signature files for our release assets which are currently shown in our download page. This updates our parsing logic to exclude them and to also handle the new uppercase naming scheme. Signed-off-by: Jan Martens <jan@martens.eu.org>
* Bump actions/upload-artifact from 3.1.2 to 4.3.3 Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 3.1.2 to 4.3.3. - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](actions/upload-artifact@0b7f8ab...6546280) --- updated-dependencies: - dependency-name: actions/upload-artifact dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> * Ensure uploaded artifact names are unique Breaking change in v4 Signed-off-by: Jan Martens <jan@martens.eu.org> * Bump actions/download-artifact from 3.0.2 to 4.1.7 Signed-off-by: Jan Martens <jan@martens.eu.org> --------- Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Jan Martens <jan@martens.eu.org> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Jan Martens <44572196+JanMa@users.noreply.github.com> Co-authored-by: Jan Martens <jan@martens.eu.org>
Bumps [actions/github-script](https://github.com/actions/github-script) from 6.4.1 to 7.0.1. - [Release notes](https://github.com/actions/github-script/releases) - [Commits](actions/github-script@d7906e4...60a0d83) --- updated-dependencies: - dependency-name: actions/github-script dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [browser-actions/setup-chrome](https://github.com/browser-actions/setup-chrome) from 1.5.0 to 1.7.1. - [Release notes](https://github.com/browser-actions/setup-chrome/releases) - [Changelog](https://github.com/browser-actions/setup-chrome/blob/master/CHANGELOG.md) - [Commits](browser-actions/setup-chrome@97349de...db1b524) --- updated-dependencies: - dependency-name: browser-actions/setup-chrome dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [test-summary/action](https://github.com/test-summary/action) from 2.1 to 2.3. - [Release notes](https://github.com/test-summary/action/releases) - [Commits](test-summary/action@62bc5c6...032c8a9) --- updated-dependencies: - dependency-name: test-summary/action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
We're running into this open Issue which seems to have been introduced in version 2.3: test-summary/action#44 Signed-off-by: Jan Martens <jan@martens.eu.org>
In [RFC openbao#354](openbao#354), the mlock implementation inherited from Vault was deemed buggy. Here it is ripped out of all core OpenBao code. A few stubs are retained for compatibility's sake: 1. The config file parser will still parse the setting "disable_mlock". It will do nothing when set to true, and it will immediately error if set to false (i.e. the user is explicitly expecting mlock to be enabled). 2. The dynamicSystemView struct has a MlockEnabled method so it can still implement pluginutil.RunnerUtil. This method now just returns false. All mlock code is RETAINED in all ./sdk files, because the question is not yet settled whether plugins built against the *OpenBao SDK* should be binary-compatible with Vault. If this is eventually resolved in the negative, most of the mlock related code in the SDK can be stubbed out. As mlock is no longer used, Docker-related scripts have also had setcap calls removed. In place of mlock, documentation has been added to draw attention to the danger of sensitive information leaking through swap space and stress the importance of disabling or encrypting swap on any platform, or on Linux, changing the cgroupv2 setting memory.swap.max to 0. This last option has also been included in the example systemd service file. Signed-off-by: John Arnold <code@iohannes.us>
Bumps [test-summary/action](https://github.com/test-summary/action) from 2.2 to 2.4. - [Release notes](https://github.com/test-summary/action/releases) - [Commits](test-summary/action@fee35d7...31493c7) --- updated-dependencies: - dependency-name: test-summary/action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
To use the OpenBao branding Closes: openbao#149 Signed-off-by: Jan Martens <jan@martens.eu.org>
Resolves: openbao#282 Signed-off-by: Alexander Scheel <alexander.m.scheel@gmail.com> Co-authored-by: Jan Martens <44572196+JanMa@users.noreply.github.com>
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4.3.3 to 4.3.4. - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](actions/upload-artifact@6546280...0b2256b) --- updated-dependencies: - dependency-name: actions/upload-artifact dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Adds the RFC to the docs and fixes a few related typos. Signed-off-by: John Arnold <code@iohannes.us> Co-authored-by: Jan Martens <44572196+JanMa@users.noreply.github.com>
In Vault Enterprise's split-storage clustering (Performance Secondary), the PKI engine needed a way of maintaining a single, unified CRL across all Perf Secondary clusters and accepting revocations given to any cluster for certs stored on any other cluster. The combination of Unified CRLs and Revocation Queues solved this problem for Vault Enterprise, but the code largely lived in Vault Community. Since OpenBao lacks these clustering semantics and is unlikely to add them, remove this code. Resolves: openbao#272 Signed-off-by: Alexander Scheel <alexander.m.scheel@gmail.com>
* set bao binary version info with Goreleaser This adjusts the Goreleaser config to fill the required veriables which are used when reporting the binary version with `bao version`. Signed-off-by: Jan Martens <jan@martens.eu.org> * fix test-go report collection `find` refuses to delete non-empty directories which causes a test failure. Adjust the command to only look for files and not directories Signed-off-by: Jan Martens <jan@martens.eu.org> --------- Signed-off-by: Jan Martens <jan@martens.eu.org>
* Update Go version, changelog, modules for GA This introduces a new Makefile target, release-changelog, which requires to environment variables (LAST_RELEASE, THIS_RELEASE) to generate a changelog difference between. This can be revised and placed in CHANGELOG.md and on the website. Signed-off-by: Alexander Scheel <alexander.m.scheel@gmail.com> * Fix known vulnerable packages This updates: - github.com/hashicorp/go-retryablehttp - github.com/Azure/azure-sdk-for-go/sdk/azidentity - github.com/docker/docker@v24.0.9+incompatible to fix vulnerabilities in these packages. In updating go-retryablehttp, we pulled in commit a1a8ab82eb1779b8e09b2d6d2605bbf6fd059a17 which changes the cert detection behavior. This behavior is not consistent between Go 1.19 and Go 1.20 (when pulling newer go-retryablehttp versions), so the test is malformed. Opt to remove it instead. Signed-off-by: Alexander Scheel <alexander.m.scheel@gmail.com> --------- Signed-off-by: Alexander Scheel <alexander.m.scheel@gmail.com>
This splits the release workflow into a matrix, using matrix parallelism to avoid exceeding default disk space (14GB) per OS. If we have too many Linux architectures in the future, we could split by architecture as well. This should mean that each workflow executes a separate operating system but contributes to a single release draft. We'll need to remember to do manual clean up of releases in the event that a pipeline fails, as currently we'll default to appending to the existing one due to the parallelism. Signed-off-by: Alexander Scheel <alexander.m.scheel@gmail.com>
In openbao#411, we added the `#LINUXONLY#` prefix to the `nfpms` section as it triggered on non-Linux builds; Docker was not thought about as I had removed it for my local repository testing. This shows the need for a proper staging release area, complete with registries and signing keys. Signed-off-by: Alexander Scheel <alexander.m.scheel@gmail.com>
This also adds instructions about verifying release artifacts either with GPG signing or with Cosign and Rekor. Signed-off-by: Alexander Scheel <alexander.m.scheel@gmail.com>
Ignore some more metadata files and add a section for Arch Packages Signed-off-by: Jan Martens <jan@martens.eu.org>
Signed-off-by: Dave Dykstra <2129743+DrDaveD@users.noreply.github.com>
Signed-off-by: Erick Bajao <fcbajao@gmail.com>
Per clarification, Michael Maxey intends to resign from the TSC on behalf of Zededa without replacement by Zededa. See also: https://lists.lfedge.org/g/OpenBao-TSC/topic/zededa_and_open_bao/108134993 Signed-off-by: Alexander Scheel <ascheel@gitlab.com>
Signed-off-by: Yonas Yanfa <yonas.y@gmail.com>
- one too many '`'. - add `shell-session` Signed-off-by: Yonas Yanfa <yonas.y@gmail.com>
* Start blog, add kickoff article We welcome other contributions to the blog! Signed-off-by: Alexander Scheel <ascheel@gitlab.com> * Update website/content/blog/authors.yml Co-authored-by: Jan Martens <44572196+JanMa@users.noreply.github.com> Signed-off-by: Alexander Scheel <alexander.m.scheel@gmail.com> --------- Signed-off-by: Alexander Scheel <ascheel@gitlab.com> Signed-off-by: Alexander Scheel <alexander.m.scheel@gmail.com> Co-authored-by: Jan Martens <44572196+JanMa@users.noreply.github.com>
This adds a symlink to our Docker images which links `/bin/vault` to `/bin/bao`. It will fix the issue of a not working Vault/OpenBao agent injector in our HELM chart. Signed-off-by: Jan Martens <jan@martens.eu.org>
Cache is a layer over the top of the physical storage backend (but below barrier encryption) to reduce strain of repeated read operations on the backend. We implement transactions by wrapping the underlying physical transaction with a new (empty) cache. This means that we may not have the data locality in oft-read paths, but means that the cache is internally consistent (and that the transaction's cache doesn't need to be merged back into the primary cache). In the future, this could be improved. Signed-off-by: Alexander Scheel <ascheel@gitlab.com>
* Use transactions for PKI root generation This updates PKI root generation to use transactions, giving us an initial test of the capabilities. PKI root generation involves modification of several entries, including regenerating all CRLs in the backend and reading and setting several concurrently-modifiable config entries, which makes it a good candidate for this. Signed-off-by: Alexander Scheel <ascheel@gitlab.com> * Use transactions for intermediate import After root CA generation, the next most risky CA operation is intermediate import. Intermediate signing is usually done on a separate mount and so doesn't involve as many storage operations as say, root generation (which also imports the generated root and performs a full CRL rebuild). However, since this code is shared by the generalized CA import, and users may be recovering complex chains, it is useful to protect everything inside a transaction. Signed-off-by: Alexander Scheel <ascheel@gitlab.com> * Add changelog entry Signed-off-by: Alexander Scheel <ascheel@gitlab.com> --------- Signed-off-by: Alexander Scheel <ascheel@gitlab.com>
…in (openbao#536) * added an endpoint to allow the creation of CSRs, from existing keys, on the path 'transit/keys/{name}/csr' Signed-off-by: Gabriel Santos <gabrielopesantos97@gmail.com> * added an endpoint to allow a certificate chain to be imported for its key entry - WIP Signed-off-by: Gabriel Santos <gabrielopesantos97@gmail.com> * remove create operations from new endpoints and address some notes Signed-off-by: Gabriel Santos <gabrielopesantos97@gmail.com> * update read a key endpoint to include certificate chain if present Signed-off-by: Gabriel Santos <gabrielopesantos97@gmail.com> * update key export endpoint to allow exporting certificate chain Signed-off-by: Gabriel Santos <gabrielopesantos97@gmail.com> * update path_certificates test names and address notes Signed-off-by: Gabriel Santos <gabrielopesantos97@gmail.com> * remove NOTE comment Signed-off-by: Gabriel Santos <gabrielopesantos97@gmail.com> * revert removal of trailing whitespace Signed-off-by: Gabriel Santos <gabrielopesantos97@gmail.com> * implement minor suggested changes Signed-off-by: Gabriel Santos <gabrielopesantos97@gmail.com> * fix test create CSR test by updating operation Signed-off-by: Gabriel Santos <gabrielopesantos97@gmail.com> * update certificate chain validation Signed-off-by: Gabriel Santos <gabrielopesantos97@gmail.com> * update certificate chain validation to accept a single certificate Signed-off-by: Gabriel Santos <gabrielopesantos97@gmail.com> * update checks for TestTransit_Certificates_CreateCSR test Signed-off-by: Gabriel Santos <gabrielopesantos97@gmail.com> * fix typo Signed-off-by: Gabriel Santos <gabrielopesantos97@gmail.com> * add docs Signed-off-by: Gabriel Santos <gabrielopesantos97@gmail.com> * add sample responses to endpoints Signed-off-by: Gabriel Santos <gabrielopesantos97@gmail.com> * update docs and messages Signed-off-by: Gabriel Santos <gabrielopesantos97@gmail.com> * remove NOTE comment Signed-off-by: Gabriel Santos <gabrielopesantos97@gmail.com> * move fetching of keyVersion to before validating if certificate matches key in transit Signed-off-by: Gabriel Santos <gabrielopesantos97@gmail.com> * update certificate type validations to disregard types if basic contraints are not valid Signed-off-by: Gabriel Santos <gabrielopesantos97@gmail.com> * add changelog Signed-off-by: Gabriel Santos <gabrielopesantos97@gmail.com> * fix leaf certificate verification error and out of bounds panic Signed-off-by: Gabriel Santos <gabrielopesantos97@gmail.com> --------- Signed-off-by: Gabriel Santos <gabrielopesantos97@gmail.com> Co-authored-by: Gabriel Santos <gsantos@singlestore.com>
This blog suggests a new profile-based request system, simplifying application developer's experience by giving them a single endpoint to fetch all secrets configured by their administrator. Signed-off-by: Alexander Scheel <ascheel@gitlab.com>
This converts BarrierView to an interface, updating definitions everywhere to use it as such. This lets us replace it with two different structs (barrierView and transacitonalBarrierView) depending on whether the underlying physical storage supports transactions. Note that BarrierView is a translation layer, like logical.LogicalStorage, which converts from a physical.Backend to a logical.Storage instance. This means BarrierView is not itself stackable. BarrierView is used to ensure mounts only have local access to storage and cannot impact other plugins' data. Signed-off-by: Alexander Scheel <ascheel@gitlab.com>
* Fix cache invalidation in transactions When the caching layer supports transactions, we had two notable errors: 1. We were not thread-safe for modifications to the invalidation list. 2. We were not correctly enabling caching within the transaction. In particular, 2 meant that we were directly calling into the underlying backend's transaction, causing us to skip cache invalidation logic within the transaction and when committing the transaction. Signed-off-by: Alexander Scheel <ascheel@gitlab.com> * Fix transaction commit order in PKI Due to interleaving of CRL rebuild and the transaction commit, we'd be unable to commit the transaction when generating a root or importing issuers. This is because the transaction read and modified entries that were also read and modified by the CRL rebuild, such as the local CRL configuration which includes last-modified timestamps. This moves the CRL rebuild to after the transaction is complete, moving the CRL rebuild failure as a warning, because the issuer import otherwise succeeded. Signed-off-by: Alexander Scheel <ascheel@gitlab.com> --------- Signed-off-by: Alexander Scheel <ascheel@gitlab.com>
- Adds edge cases to test suite - Marks changelog entry as feature for better visibility Signed-off-by: Alexander Scheel <ascheel@gitlab.com>
* Correctly handle IPv6 for HTTP-01 and ALPN-01 When using IPv6 addresses for HTTP-01 and ALPN-01 challenges in PKI's ACME engine, we needed to correctly template them into the [bracket] form. Resolves: openbao#551 Signed-off-by: Alexander Scheel <ascheel@gitlab.com> * Add changelog entry Signed-off-by: Alexander Scheel <ascheel@gitlab.com> --------- Signed-off-by: Alexander Scheel <ascheel@gitlab.com>
…penbao#557) * upgrade mysql docker version Signed-off-by: fp17 <fp17@hw.ac.uk> * Change InfluxDB version from 1.8-alpine to 1.8 Signed-off-by: fp17 <fp17@hw.ac.uk> * Fix transactions and PKI interactions (openbao#558) * Fix cache invalidation in transactions When the caching layer supports transactions, we had two notable errors: 1. We were not thread-safe for modifications to the invalidation list. 2. We were not correctly enabling caching within the transaction. In particular, 2 meant that we were directly calling into the underlying backend's transaction, causing us to skip cache invalidation logic within the transaction and when committing the transaction. Signed-off-by: Alexander Scheel <ascheel@gitlab.com> * Fix transaction commit order in PKI Due to interleaving of CRL rebuild and the transaction commit, we'd be unable to commit the transaction when generating a root or importing issuers. This is because the transaction read and modified entries that were also read and modified by the CRL rebuild, such as the local CRL configuration which includes last-modified timestamps. This moves the CRL rebuild to after the transaction is complete, moving the CRL rebuild failure as a warning, because the issuer import otherwise succeeded. Signed-off-by: Alexander Scheel <ascheel@gitlab.com> --------- Signed-off-by: Alexander Scheel <ascheel@gitlab.com> --------- Signed-off-by: fp17 <fp17@hw.ac.uk> Signed-off-by: Alexander Scheel <ascheel@gitlab.com> Co-authored-by: Alexander Scheel <ascheel@gitlab.com>
* Replace references of Vault->OpenBao in the CLI This modifies the CLI to replace Vault with OpenBao in more non-critical output messages (e.g., help text). While we only guarantee API compatibility, we also don't want to break scripts unnecessarily. Signed-off-by: Alexander Scheel <ascheel@gitlab.com> * Finish removing Enterprise-only Transform CLIs Transform is a separate, internal plugin which isn't built externally and thus isn't supported on OpenBao. Remove support for it in the CLI. Signed-off-by: Alexander Scheel <ascheel@gitlab.com> * Add changelog entry Signed-off-by: Alexander Scheel <ascheel@gitlab.com> --------- Signed-off-by: Alexander Scheel <ascheel@gitlab.com>
* Remove deprecated -stored-shares flag from operator init This flag was deprecated and functionality removed before Vault 1.3, so we can safely remove it from the list of arguments. Signed-off-by: Alexander Scheel <ascheel@gitlab.com> * Remove legacy password handling code If a user upgrades from Vault 0.2 -> OpenBao v2.0.0+, they'll have to recreate any user entries which use the legacy (direct) password comparison. Signed-off-by: Alexander Scheel <ascheel@gitlab.com> * Remove legacy LeaseEntry namespace handling Signed-off-by: Alexander Scheel <ascheel@gitlab.com> * Remove legacy SSH command options Signed-off-by: Alexander Scheel <ascheel@gitlab.com> * Remove legacy NetRCP support In early versions of Vault, plugins could be run via NetRPC, which predated support for GRPC. This support has been deprecated and removed, but a few stray helper functions existed. Signed-off-by: Alexander Scheel <ascheel@gitlab.com> * Remove conditional version check for SSCT generation In OpenBao, we'll never have a pre-v1 version as we require users to come from Vault v1.14 prior to upgrading to OpenBao v2.0.0. Signed-off-by: Alexander Scheel <ascheel@gitlab.com> * Add changelog entry Signed-off-by: Alexander Scheel <ascheel@gitlab.com> --------- Signed-off-by: Alexander Scheel <ascheel@gitlab.com>
Module `github.com/ghodss/yaml` is not maintained anymore and `sigs.k8s.io/yaml` is a maintained fork that is already pulled by other dependencies. Signed-off-by: Mikel Olasagasti Uranga <mikel@olasagasti.info>
Also add note from CONTRIBUTING.md as required by Charter and to the website for easy visibility. See also: https://lists.lfedge.org/g/OpenBao-TSC/topic/announce_roadmap/108738128 Signed-off-by: Alexander Scheel <ascheel@gitlab.com>
Signed-off-by: Mikel Olasagasti Uranga <mikel@olasagasti.info>
See also: https://lists.lfedge.org/g/OpenBao-TSC/topic/announce_roadmap/108738128 Signed-off-by: Alexander Scheel <ascheel@gitlab.com>
Signed-off-by: Mikel Olasagasti Uranga <mikel@olasagasti.info>
Signed-off-by: Alexander Scheel <ascheel@gitlab.com>
* Deny empty valid_principals during SSH issuance HashiCorp Vault recently released a security vulnerability identifying global issuance without valid_principals. They introduced a new role option, allow_empty_principals, breaking existing users (as it defaults to false), but allowing operators to override it on a per-role level. As evidenced by the extent of the test changes, this is definitely considered a breaking change. See also: https://discuss.hashicorp.com/t/hcsec-2024-20-vault-ssh-secrets-engine-configuration-did-not-restrict-valid-principals-by-default/70251 See also: https://groups.google.com/g/opensshunixdev/c/RFKeIwNvtn8 See also: openssh/openssh-portable@0a80ca1 See also: https://github.com/openssh/openssh-portable/blob/67a115e7a56dbdc3f5a58c64b29231151f3670f5/regress/cert-userkey.sh#L341-L343 See also: https://github.com/openssh/openssh-portable/blob/67a115e7a56dbdc3f5a58c64b29231151f3670f5/regress/cert-hostkey.sh#L247 Signed-off-by: Alexander Scheel <ascheel@gitlab.com> * Add changelog entry Signed-off-by: Alexander Scheel <ascheel@gitlab.com> * Update changelog/561.txt Signed-off-by: Alexander Scheel <alexander.m.scheel@gmail.com> --------- Signed-off-by: Alexander Scheel <ascheel@gitlab.com> Signed-off-by: Alexander Scheel <alexander.m.scheel@gmail.com>
This adds support for transactions to the plugin GRPC layer, opportunistically upgrading the client storage implementation to a transactional aware one if the underlying storage implementation on the server supports it. This retains bidirectional interoperability with upstream, allowing plugins compiled with OpenBao's SDK to continue to work with upstream server implementations and visa-versa. Signed-off-by: Alexander Scheel <ascheel@gitlab.com>
This adds a cross-storage backend testing interface, suitable for testing all physical backends at various levels of indirection (from direct access to caches to error interposers). This will eventually include testing logical.Storage interfaces as well, to ensure various combinations of layers work together nicely (physical + barrier + views) and match interface expectations. Signed-off-by: Alexander Scheel <alexander.m.scheel@gmail.com>
Similar to the other commit for physical.Backend, but adapted for logical.Storage, this allows us to validate the AES Barrier and related physical->logical bridges and their interactions with transactions. Signed-off-by: Alexander Scheel <alexander.m.scheel@gmail.com>
This adds a harness for exercising transactional storage backends to physical, allowing others to have a basic test suite to ensure their transactions work. Signed-off-by: Alexander Scheel <ascheel@gitlab.com>
Signed-off-by: Alexander Scheel <ascheel@gitlab.com>
cipherboy
force-pushed
the
transactional-storage
branch
from
5e6663a
to
6870e0d
Compare
Signed-off-by: Alexander Scheel <ascheel@gitlab.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
See openbao#292 -- variant without other commits.