Syncing the forked repo with upstream (whilst keeping the v2 commit)#74
Draft
rahulkaukuntla wants to merge 2955 commits into
Draft
Syncing the forked repo with upstream (whilst keeping the v2 commit)#74rahulkaukuntla wants to merge 2955 commits into
rahulkaukuntla wants to merge 2955 commits into
Conversation
* Add Integrations Endpoint * Test Fixes * PR feed back, changelog, test docs, check authed Co-authored-by: Kit Haines <khaines@mit.edu>
hashicorp#9484) (hashicorp#9492) - Instead of using a reserved oid from LetsEncrypt in our tests and documentation (1.3.6.1.4.1.44947.1.2.4), use 1.3.6.1.4.1.32473.1.2.4, which is in the reserved space for docs and examples based on RFC 5612 Co-authored-by: Steven Clark <steven.clark@hashicorp.com>
… (hashicorp#9496) The code that loads the trusted certificate cache for cert-based authentication ignores any error that occurs while attempting to load any of the certificates that it finds. Undoubtedly some deployments have broken certificates or other non-certificate files stored in their respective back-ends, and so this is important behavior: we don't want to fail authentication just because `README.md` is not a valid certificate! In addition, because listing files and loading certificates is expensive, the server maintains a cache of trusted certificates. This cache is populated the first time it's needed, and then used for the lifetime of the process. If a file fails to load as a certificate, then it is simply not included in the cache. These two things lead to a problem when using a backend that might be subject to transient failures: a hiccough in the certificate loading process can cause the server to establish a cache that is missing an otherwise valid certificate. This can then lead to clients failing to authenticate to the server, until such time as the server is restarted and the cache reloaded. This change makes the certificate cache more resilient to loading failures, by caching partial successes. With this patch, the cache behavior becomes: - If the cache exists *and* is either complete or it is not yet time to attempt to reload the certificates, then the cached results are used without reservation. - Otherwise we attempt to load the certificates from storage: - If the cache does not already exist then a new, empty cache is created. - The storage is listed, we attempt to load everything in storage, skipping things that we have already successfully loaded, and skipping things that we cannot load, as usual. - Once we have attempted to load everything from storage, if there were any errors, we compute a deadline for retrying the load, with an exponentially increasing delay. If there were no errors, then the cache is considered complete, and there will be no retry. This has the nice behavior that we recover from transient failures eventually, while the exponential back-off ensures that we don't waste too much time attempting to load certificates that can never be loaded. Co-authored-by: John Doty <john.doty@databricks.com> Co-authored-by: Steven Clark <steven.clark@hashicorp.com>
…ashicorp#9501) - Now that all branches are upgraded to Go 1.24 we no longer need to guard against older branches from being upgraded for FIPS reasons. Co-authored-by: Steven Clark <steven.clark@hashicorp.com>
…A self-enrollment endpoint (hashicorp#9421) (hashicorp#9521) Co-authored-by: Kuba Wieczorek <kuba.wieczorek@hashicorp.com>
…rp#9478) (hashicorp#9524) * make allowed and denied_parameters compare lists * change name of env var * add changelog * linter fixes and unnecessary code removal Co-authored-by: Bruno Oliveira de Souza <bruno.souza@hashicorp.com>
) (hashicorp#9538) When determining whether to skip a backport ref we currenly we have to consider many factors: - Whether or not there are changed files? - If there are changed files, are some enterprise or CE? - Are there some changed files that ought to be backported to inactive branches? - Is the target branch active or not? We had a large test suite that covered _most_ of these cases but because the changed file set determines a lot of behavior we were missing cases where we ought to backport normal mixed changed file sets for no other reason other than the branch is active. After fixing and normalizing the tests I fixed the source bug which is that we didn't strip the branch prefix from the ref version when checking branch activeness. Signed-off-by: Ryan Cragun <me@ryan.ec> Co-authored-by: Ryan Cragun <me@ryan.ec>
) (hashicorp#9543) Add a new `github` changed file group that includes everything in the `.github` directory. Further refine the `pipeline` group to only include scripts, workflows, and actions files in `.github`. We also move the `CODEOWNERS` file into `.github/` to simplify `github` grouping. As `build` logic responds to changes to the `pipeline` group this will result in no longer building and testing everything for simple changes in `github` that don't affect the pipeline. Signed-off-by: Ryan Cragun <me@ryan.ec> Co-authored-by: Ryan Cragun <me@ryan.ec>
Co-authored-by: claire bontempo <68122737+hellobontempo@users.noreply.github.com>
…shicorp#9550) * add error template for recovery routes * only render one link Co-authored-by: claire bontempo <68122737+hellobontempo@users.noreply.github.com>
* updating go-discover * adding changelog * adjusting changelog --------- Co-authored-by: JMGoldsmith <spartanaudio@gmail.com> Co-authored-by: Tony Wittinger <anwittin@users.noreply.github.com>
…PLA blurb (hashicorp#9331) (hashicorp#9486) * Updates post-install text to properly reflect the updated IPLA blurb * Adds changelog for SMRE-733 Co-authored-by: ethel-hashicorp <ethel.evans@hashicorp.com>
…corp#9360) Co-authored-by: John-Michael Faircloth <fairclothjm@users.noreply.github.com>
…shicorp#8818) Co-authored-by: John-Michael Faircloth <fairclothjm@users.noreply.github.com>
…ranches (hashicorp#9408) (hashicorp#9472) Signed-off-by: Ryan Cragun <me@ryan.ec> Co-authored-by: Ryan Cragun <me@ryan.ec>
…ashicorp#9588) * use "redirect" instead of "afterModel" * fix styling of radio group buttons * remove redundant route redirect * wrap mount dropdown in loading conditional * reuse parent redirect logic, delete unused outlet * minor padding adjustments * force restart tests Co-authored-by: claire bontempo <68122737+hellobontempo@users.noreply.github.com>
…shicorp#9596) Co-authored-by: Bianca <48203644+biazmoreira@users.noreply.github.com>
* license: update headers to IBM Corp. * `make proto` * update offset because source file changed Signed-off-by: Ryan Cragun <me@ryan.ec> Co-authored-by: Ryan Cragun <me@ryan.ec>
…ashicorp#10292) * [VAULT-40043]: pipeline: add `go diff mod` command Add a `pipeline go diff mod` command that is capable of comparing two go.mod files at a directive level. We also support strict or lax comparisons of several directives to flexible diff comparisons. This is especially useful when you want to compare two go.mod files that have some different dependencies (CE vs. Ent) but still want to compare versions of like dependencies. This command is not currently used in the pipeline but was useful in developing the diff library that is used. Subsequent work will use the library and be integrated into CI. * review feedback * one more comment fix --------- Signed-off-by: Ryan Cragun <me@ryan.ec> Co-authored-by: Ryan Cragun <me@ryan.ec>
…#10230) * add redirect for legacy secrets path * adding changelog Co-authored-by: Dan Rivera <dan.rivera@hashicorp.com>
* replace instances of ToolTip component with HDS tooltip * Replace InfoTooltip component instances with HDS tooltip * update tests * remove remaining custom tooltip code * remove rich tooltip with copy * update test and update toolbar link with styling to remove extra link * Apply suggestions from code review * update test and remove setRunOptions now that tooltip violations are addressed * Revert "Apply suggestions from code review" This reverts commit 90f01c653be68f23b6dbd75f252d227e38dbe53f. * Remove unused disabled tooltip code * add comment and TODO explaining conditional modifier pattern --------- Co-authored-by: lane-wetmore <lane.wetmore@hashicorp.com> Co-authored-by: claire bontempo <68122737+hellobontempo@users.noreply.github.com>
…10282) * update jsondiffpatch dep + use webpack to convert into UMD format * do not lint vendor files * update test * lint fix * fix merge conflict error Co-authored-by: lane-wetmore <lane.wetmore@hashicorp.com>
…les with paths and names of Vault secrets (hashicorp#10068) (hashicorp#10323) * VAULT-39876 sys/reporting/scan for KV secrets * make fmt * changelog * stray t.log * typo * fix race probably * Bug fix, add local mount * remove comment * bolster external tests Co-authored-by: Violet Hynes <violet.hynes@hashicorp.com>
…shicorp#10317) (hashicorp#10349) Co-authored-by: Bianca <48203644+biazmoreira@users.noreply.github.com>
hashicorp#10274) (hashicorp#10330) * Set up dynamic page header component and update secret engine header * Add copyright headers * Remvoe unsused tab for now * Add page header test * Remove component test since we deleted component * Address feedback.. * Add deprecation comment Co-authored-by: Kianna <30884335+kiannaquach@users.noreply.github.com>
…10358) * WIP * VAULT-40037 Updates to PKI observations * review feedback * public key size * make fmt * issuerId for sign self issued * remove confusing issuer_name * remove unused var * whoops common name * role -> role_name * role name Co-authored-by: Violet Hynes <violet.hynes@hashicorp.com>
hashicorp#10360) Co-authored-by: Dylan Hyun <dylan.hyun@hashicorp.com>
…corp#10361) Signed-off-by: Ryan Cragun <me@ryan.ec> Co-authored-by: Ryan Cragun <me@ryan.ec>
Updated CHANGELOG for version 1.21.0, including security fixes, changes, improvements, deprecations, and bug fixes. Co-authored-by: Tony Wittinger <anwittin@users.noreply.github.com>
rahulkaukuntla
had a problem deploying
to
community-pull-request
GitHub Actions
Failure
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
6 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
What does this PR do?
There's one commit (migrating the
api/auth/awslibrary away from aws-sdk-go to v2) that we want to keep, while still syncing the forked repo with upstream. This caused a number of merge conflicts, so I just made it a pr for safety. If you make a pull request from the branch into the upstream repo, there should only be the changes made to theapi/auth/awslibrary.TODO only if you're a HashiCorp employee
backport/label that matches the desired release branch. Note that in the CE repo, the latest release branch will look likebackport/x.x.x, but older release branches will bebackport/ent/x.x.x+ent.of a public function, even if that change is in a CE file, double check that
applying the patch for this PR to the ENT repo and running tests doesn't
break any tests. Sometimes ENT only tests rely on public functions in CE
files.
in the PR description, commit message, or branch name.
description. Also, make sure the changelog is in this PR, not in your ENT PR.
PCI review checklist
Examples of changes to security controls include using new access control methods, adding or removing logging pipelines, etc.