DRAFT: Buildable & Testable Base #68
Closed
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
* draft for tls support * remove baseprem param * add insecure_tls param and update test * commit suggested changes * remove base64 decoding and update field names * remove fmt.Printf statements * read ca cert from file path instead of contents * Update redis.go Co-authored-by: Austin Gebauer <34121980+austingebauer@users.noreply.github.com> Co-authored-by: Austin Gebauer <agebauer@hashicorp.com> Co-authored-by: Austin Gebauer <34121980+austingebauer@users.noreply.github.com>
Co-authored-by: hashicorp-copywrite[bot] <noreply@hashicorp.com>
Co-authored-by: hashicorp-copywrite[bot] <noreply@hashicorp.com>
Co-authored-by: hashicorp-copywrite[bot] <noreply@hashicorp.com>
Co-authored-by: hashicorp-copywrite[bot] <noreply@hashicorp.com>
Co-authored-by: hashicorp-copywrite[bot] <noreply@hashicorp.com>
By running: ```sh go list -u -m -json all | jq -r 'select(.Indirect != true and .Update != null) | .Path+"@"+.Update.Version' | xargs -L1 go get go mod tidy ```
By running: ```sh go list -u -m -json all | jq -r 'select(.Indirect != true and .Update != null) | .Path+"@"+.Update.Version' | xargs -L1 go get go mod tidy ``` I also updated for Go 1.19 and fixed integration tests for ARM64 processors, and added a changelog.
Co-authored-by: hashicorp-copywrite[bot] <110428419+hashicorp-copywrite[bot]@users.noreply.github.com>
Adds a `/check` endpoint that will return a 204 if the required environment variables are present, and otherwise returns a 400 with a list of what variables are missing. Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>
* Ensure a consistent TLS configuration for k8s API requests Previously, it was possible for the http.Client's Transport to be missing the necessary root CAs to ensure that all TLS connections between the auth engine and the Kubernetes API were validated against a configured set of CA certificates. This fix ensures that the http.Client's Transport is always consistent with the configured CA cert chain, by introducing a periodic TLS configuration checker that is started as part of the backend's initialization. Other fixes: - only update the client's transport when the CA certificate pool has changed. Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com>
[COMPLIANCE] Update MPL-2.0 LICENSE
* update golang.org/x/text to v0.3.8 Addresses alert noise for CVE-2022-32149[1]. This vulnerability should not be exploitable as this plugin as the vulnerable methods are MatchStrings and ParseAcceptLanguage [1] https://pkg.go.dev/vuln/GO-2022-1059 * go mod tidy
…penbao#50) * CreateOperation should only be implemented alongside ExistenceCheck See hashicorp/vault#18492 * Change CreateOperation to UpdateOperation in tests, too
* Return 403 instead of 500 when audience validation fails * Pass our expected audience instead of the token's audience to TokenReview * Validate the TokenReview server is audience-aware by checking the returned audiences
Co-authored-by: hashicorp-copywrite[bot] <110428419+hashicorp-copywrite[bot]@users.noreply.github.com>
Co-authored-by: hashicorp-copywrite[bot] <110428419+hashicorp-copywrite[bot]@users.noreply.github.com>
…f plugintypes. We have to use the branch version of the api for this for now, until that PR is merged, but we can't wait because we're blocking that PR without this change. (#4)
…o#220) * Adds ability to set Google workspace domain for groups search * Adds changelog entry
Co-authored-by: hashicorp-copywrite[bot] <110428419+hashicorp-copywrite[bot]@users.noreply.github.com>
Signed-off-by: Alexander Scheel <alexander.m.scheel@gmail.com>
With d34da50, behavior was made to align with Go's handling of Unix sockets that changed due to a security vulnerability. However, the tests were not updated to reflect using localhost here, resulting in the api package failing. See also: https://nvd.nist.gov/vuln/detail/CVE-2023-29406 Signed-off-by: Alexander Scheel <alexander.m.scheel@gmail.com>
Signed-off-by: Alexander Scheel <alexander.m.scheel@gmail.com>
Signed-off-by: Alexander Scheel <alexander.m.scheel@gmail.com>
Signed-off-by: Alexander Scheel <alexander.m.scheel@gmail.com>
Signed-off-by: Alexander Scheel <alexander.m.scheel@gmail.com>
HCP Link is a service to link local Vault Enterprise instances to HashiCorp's HCP cloud offering. This isn't useful for consumers of OpenBao and we do not wish to have to maintain it. Thus, removal is most prudent. Signed-off-by: Alexander Scheel <alexander.m.scheel@gmail.com>
Signed-off-by: Alexander Scheel <alexander.m.scheel@gmail.com>
Signed-off-by: Alexander Scheel <alexander.m.scheel@gmail.com>
Signed-off-by: Alexander Scheel <alexander.m.scheel@gmail.com>
This was referenced Feb 2, 2024
|
This has now been split properly into Parts 1...17 as linked above, and thus can be closed. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Based on the proposal in #64 and previous code in #56, this builds towards passing test cases post-fork.
Note that this is rather large and includes commits currently in
developmentdue to the inability to rebasegit subtree(likely a user problem).This PR and #56 will be split up into separate PRs, one per plugin, plus various miscellaneous small changes on top.
If #64 is changed significantly enough, this PR may need to be reworked. However, if the external->internal merge is not viewed favorably, this probably can be elided and not impact the results too much.