Part 10/n - Add openldap plugin #108
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
* Add 0.1.0 secret engine * Update readme * Change callbacks to operations * Goimports * Remove unneeded http status code * Update to Go 1.13 * Ignore vendor directory for review * Remove vendor for review * Add config tests * Remove unused code * Add lower case string type * Revise for feedback, add role tests * Add backend helper * Remove unused field registries, gofmt * Add remaining tests * Remove todo * Add passwordless map return * Add list test * Goimports * fix tests by stripping removed fields (#2) * Fix list path bug * Remove ttls from output of config and role * Update path_creds.go Co-Authored-By: Jim Kalafut <jkalafut@hashicorp.com> * Update client/client.go Co-Authored-By: Jim Kalafut <jkalafut@hashicorp.com> * Update client/client.go Co-Authored-By: Jim Kalafut <jkalafut@hashicorp.com> * Update path_config.go Co-Authored-By: Jim Kalafut <jkalafut@hashicorp.com> * Update path_config.go Co-Authored-By: Jim Kalafut <jkalafut@hashicorp.com> * Update path_roles.go Co-Authored-By: Jim Kalafut <jkalafut@hashicorp.com> * Update path_roles.go Co-Authored-By: Jim Kalafut <jkalafut@hashicorp.com> * Update path_roles.go Co-Authored-By: Jim Kalafut <jkalafut@hashicorp.com> * Update path_rotate.go Co-Authored-By: Jim Kalafut <jkalafut@hashicorp.com> * Remove unused fmt package * Add error handling for queue pop * Move role methods to path_roles * Remove forwarding from paths * Explicit passwordless map, gofmt * Swap errors package * Add TODO for retry logic on pop * Add comment * Add config to client.go * Update password error message * Remove redundant name check * Clarify rotation comment * Simplify return on storePassword * Simplify password generation * Add coverage for backend cleanup * Simplify lock for queue * Fix list path * Add dependencies Co-authored-by: Becca Petrin <beccapetrin@gmail.com> Co-authored-by: Jim Kalafut <jim@kalafut.net>
* Move Factory code into an InitializeFunc * Fix test * Delete read-only loop
* Add RCAF support * Update per review * Change noexpire to resume * Rename rcaf to racf * Change resume to noexpire for racf
…penbao#10) * set rotate-role paths to forward * return an error, if any * Add forwarding to rotate-root as well
* Allows users to specify a password policy to generate passwords from rather than hard coded to base62 * If no policy is specified, it defaults back to base62 * The PasswordLength field has been deprecated. If both the length and a policy are specified, the configuration will error on save.
* Add item check to prevent panic * check if resp pointer is nil
…bao#28) * Add more WAL logging * Fix early rotation for roles with WALs, handle multiple WALs per role * Respect previous WAL's new password * Ensure only 1 WAL per role * Add a warning to manual rotation response when rotation not immediately successful * Remove re-storing of mount config when rotating unrelated roles * Discard all WALs with a previous rotation time of 0 * Remove deleted WAL IDs from queue items * Delete unused struct fields * Switch from warning to error to correct HTTP status code from 400 -> 500 * Delete WALs on failed role creation or role deletion * Take exclusive lock before reading config * Fix manual rotate not respecting WAL ID * Add tests for processing of stored WALs * Remove unnecessary multierror * Add last check on newPassword
- update tests to handle new request_timeout response field.
* Fix panic from nil logger * Check if logger is nil * Add comment * Update per review
* Updates repository tooling and automated testing * jira sync from scaffold
…penbao#44) * Adds the last_password field to static roles * adds changelog entries * add back missing dn test
* update golang.org/x/text to v0.3.8 Addresses alert noise for CVE-2022-32149[1]. This vulnerability should not be exploitable as this plugin as the vulnerable methods are MatchStrings and ParseAcceptLanguage [1] https://pkg.go.dev/vuln/GO-2022-1059 * go mod tidy
…penbao#50) * CreateOperation should only be implemented alongside ExistenceCheck See hashicorp/vault#18492 * Change CreateOperation to UpdateOperation in tests, too
* Updates Vault API and SDK modules * remove -v from go test * adds entry
Co-authored-by: hashicorp-copywrite[bot] <110428419+hashicorp-copywrite[bot]@users.noreply.github.com>
* enable plugin multiplexing - the plugin will be multiplexed when run as an external plugin against vault versions that support plugin multiplexing - we continue to set the TLSProviderFunc to maintain backwards compatibility with vault versions that don't support AutoMTLS (< 1.12) * update changelog
Bumps [golang.org/x/sys](https://github.com/golang/sys) from 0.0.0-20220319134239-a9b59b0215f8 to 0.1.0. - [Release notes](https://github.com/golang/sys/releases) - [Commits](https://github.com/golang/sys/commits/v0.1.0) --- updated-dependencies: - dependency-name: golang.org/x/sys dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…openbao#53) Bumps [golang.org/x/net](https://github.com/golang/net) from 0.0.0-20210428140749-89ef3d95e781 to 0.7.0. - [Release notes](https://github.com/golang/net/releases) - [Commits](https://github.com/golang/net/commits/v0.7.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…penbao#56) * Invalidates WAL entry for static role if password policy has changed * improve test output for failures
Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.41.0 to 1.53.0. - [Release notes](https://github.com/grpc/grpc-go/releases) - [Commits](grpc/grpc-go@v1.41.0...v1.53.0) --- updated-dependencies: - dependency-name: google.golang.org/grpc dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* workflows: add bulk dep update job * remove dependabot
* Prepare for v0.11.2 release * use ldap 3.4.4 to match Vault * update changelog * update test interface implementation * fix test with new default fields in config response
Co-authored-by: hashicorp-copywrite[bot] <110428419+hashicorp-copywrite[bot]@users.noreply.github.com>
update changelog
Signed-off-by: Alexander Scheel <alexander.m.scheel@gmail.com>
Cherry-pick of 20728dc. Signed-off-by: Alexander Scheel <alexander.m.scheel@gmail.com>
Cherry-pick of 80afe22. Signed-off-by: Alexander Scheel <alexander.m.scheel@gmail.com>
cipherboy
force-pushed
the
add-openldap-plugin
branch
from
a1dbbb9
to
0caacd1
Compare
naphelps
approved these changes
Feb 2, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This imports the OpenLDAP secrets plugin as discussed in #64, bringing it in-tree with history.
This is part of #68, broken up to make review easier.
@naphelps When it comes time for merge, I'd suggest making this one a rebase merge if you can to preserve history. Thanks!