Skip to content

Commit

Permalink
Vault 5452 resolve ent drift (#14898)
Browse files Browse the repository at this point in the history
* resolve path_config_rotate_root_test - ent uses newer version so update and fix

* clean up operator_diagnose import to match ent

* add mount_accessor to SentinelKeys to match ent

* mysql.go remove trailing space to match ent

* update protobuf version to match ent

* update vault/cluster.go log message to match ent

* update ha from ent - the dr stuff is probably fine?

* remove newline to match ent in vault/login_mfa.go

* add vaultKubernetesMountPath to doc to match ent
  • Loading branch information
swayne275 authored Apr 6, 2022
1 parent 1ffcac3 commit 9708ef8
Show file tree
Hide file tree
Showing 24 changed files with 31 additions and 31 deletions.
1 change: 0 additions & 1 deletion builtin/credential/aws/path_config_rotate_root_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,6 @@ func TestPathConfigRotateRoot(t *testing.T) {
SecretAccessKey: aws.String("buzz2"),
},
},
DeleteAccessKeyOutput: &iam.DeleteAccessKeyOutput{},
GetUserOutput: &iam.GetUserOutput{
User: &iam.User{
UserName: aws.String("ellen"),
Expand Down
2 changes: 1 addition & 1 deletion command/operator_diagnose.go
Original file line number Diff line number Diff line change
Expand Up @@ -14,14 +14,14 @@ import (
"golang.org/x/term"

wrapping "github.com/hashicorp/go-kms-wrapping"
"github.com/hashicorp/vault/helper/constants"

"github.com/docker/docker/pkg/ioutils"
"github.com/hashicorp/consul/api"
log "github.com/hashicorp/go-hclog"
"github.com/hashicorp/go-secure-stdlib/reloadutil"
uuid "github.com/hashicorp/go-uuid"
cserver "github.com/hashicorp/vault/command/server"
"github.com/hashicorp/vault/helper/constants"
"github.com/hashicorp/vault/helper/metricsutil"
"github.com/hashicorp/vault/internalshared/configutil"
"github.com/hashicorp/vault/internalshared/listenerutil"
Expand Down
2 changes: 1 addition & 1 deletion go.mod
Original file line number Diff line number Diff line change
Expand Up @@ -70,7 +70,7 @@ require (
github.com/hashicorp/go-raftchunking v0.6.3-0.20191002164813-7e9e8525653a
github.com/hashicorp/go-retryablehttp v0.7.0
github.com/hashicorp/go-rootcerts v1.0.2
github.com/hashicorp/go-secure-stdlib/awsutil v0.1.5
github.com/hashicorp/go-secure-stdlib/awsutil v0.1.6
github.com/hashicorp/go-secure-stdlib/base62 v0.1.2
github.com/hashicorp/go-secure-stdlib/gatedwriter v0.1.1
github.com/hashicorp/go-secure-stdlib/kv-builder v0.1.2
Expand Down
6 changes: 2 additions & 4 deletions go.sum
Original file line number Diff line number Diff line change
Expand Up @@ -870,15 +870,13 @@ github.com/hashicorp/go-retryablehttp v0.7.0/go.mod h1:vAew36LZh98gCBJNLH42IQ1ER
github.com/hashicorp/go-rootcerts v1.0.2 h1:jzhAVGtqPKbwpyCPELlgNWhE1znq+qwJtW5Oi2viEzc=
github.com/hashicorp/go-rootcerts v1.0.2/go.mod h1:pqUvnprVnM5bf7AOirdbb01K4ccR319Vf4pU3K5EGc8=
github.com/hashicorp/go-secure-stdlib/awsutil v0.1.2/go.mod h1:QRJZ7siKie+SZJB9jLbfKrs0Gd0yPWMtbneg0iU1PrY=
github.com/hashicorp/go-secure-stdlib/awsutil v0.1.5 h1:TkCWKqk1psjvUV7WktmZiRoZ1a9vw048AVnk/YbrzgY=
github.com/hashicorp/go-secure-stdlib/awsutil v0.1.5/go.mod h1:MpCPSPGLDILGb4JMm94/mMi3YysIqsXzGCzkEZjcjXg=
github.com/hashicorp/go-secure-stdlib/awsutil v0.1.6 h1:W9WN8p6moV1fjKLkeqEgkAMu5rauy9QeYDAmIaPuuiA=
github.com/hashicorp/go-secure-stdlib/awsutil v0.1.6/go.mod h1:MpCPSPGLDILGb4JMm94/mMi3YysIqsXzGCzkEZjcjXg=
github.com/hashicorp/go-secure-stdlib/base62 v0.1.1/go.mod h1:EdWO6czbmthiwZ3/PUsDV+UD1D5IRU4ActiaWGwt0Yw=
github.com/hashicorp/go-secure-stdlib/base62 v0.1.2 h1:ET4pqyjiGmY09R5y+rSd70J2w45CtbWDNvGqWp/R3Ng=
github.com/hashicorp/go-secure-stdlib/base62 v0.1.2/go.mod h1:EdWO6czbmthiwZ3/PUsDV+UD1D5IRU4ActiaWGwt0Yw=
github.com/hashicorp/go-secure-stdlib/gatedwriter v0.1.1 h1:9um9R8i0+HbRHS9d64kdvWR0/LJvo12sIonvR9zr1+U=
github.com/hashicorp/go-secure-stdlib/gatedwriter v0.1.1/go.mod h1:6RoRTSMDK2H/rKh3P/JIsk1tK8aatKTt3JyvIopi3GQ=
github.com/hashicorp/go-secure-stdlib/kv-builder v0.1.1 h1:IJgULbAXuvWxzKFfu+Au1FUmHIJulS6N4F7Hkn+Kck0=
github.com/hashicorp/go-secure-stdlib/kv-builder v0.1.1/go.mod h1:rf5JPE13wi+NwjgsmGkbg4b2CgHq8v7Htn/F0nDe/hg=
github.com/hashicorp/go-secure-stdlib/kv-builder v0.1.2 h1:NS6BHieb/pDfx3M9jDdaPpGyyVp+aD4A3DjX3dgRmzs=
github.com/hashicorp/go-secure-stdlib/kv-builder v0.1.2/go.mod h1:rf5JPE13wi+NwjgsmGkbg4b2CgHq8v7Htn/F0nDe/hg=
github.com/hashicorp/go-secure-stdlib/mlock v0.1.1/go.mod h1:zq93CJChV6L9QTfGKtfBxKqD7BqqXx5O04A/ns2p5+I=
Expand Down
2 changes: 1 addition & 1 deletion helper/forwarding/types.pb.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion helper/identity/mfa/types.pb.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

1 change: 1 addition & 0 deletions helper/identity/sentinel.go
Original file line number Diff line number Diff line change
Expand Up @@ -74,6 +74,7 @@ func (a *Alias) SentinelKeys() []string {
return []string{
"id",
"mount_type",
"mount_accessor",
"mount_path",
"meta",
"metadata",
Expand Down
2 changes: 1 addition & 1 deletion helper/identity/types.pb.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion helper/storagepacker/types.pb.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion physical/raft/types.pb.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion plugins/database/mssql/mssql.go
Original file line number Diff line number Diff line change
Expand Up @@ -427,5 +427,5 @@ SET @stmt = 'IF EXISTS (SELECT name FROM [master].[sys].[server_principals] WHER
EXEC (@stmt)`

const alterLoginSQL = `
ALTER LOGIN [{{username}}] WITH PASSWORD = '{{password}}'
ALTER LOGIN [{{username}}] WITH PASSWORD = '{{password}}'
`
2 changes: 1 addition & 1 deletion sdk/database/dbplugin/database.pb.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion sdk/database/dbplugin/v5/proto/database.pb.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion sdk/helper/pluginutil/multiplexing.pb.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion sdk/logical/identity.pb.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion sdk/logical/plugin.pb.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion sdk/plugin/pb/backend.pb.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

12 changes: 6 additions & 6 deletions vault/activity/activity_log.pb.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

3 changes: 1 addition & 2 deletions vault/cluster.go
Original file line number Diff line number Diff line change
Expand Up @@ -218,13 +218,12 @@ func (c *Core) setupCluster(ctx context.Context) error {

// Create a certificate
if c.localClusterCert.Load().([]byte) == nil {
c.logger.Debug("generating local cluster certificate")

host, err := uuid.GenerateUUID()
if err != nil {
return err
}
host = fmt.Sprintf("fw-%s", host)
c.logger.Debug("generating local cluster certificate", "host", host)
template := &x509.Certificate{
Subject: pkix.Name{
CommonName: host,
Expand Down
3 changes: 2 additions & 1 deletion vault/ha.go
Original file line number Diff line number Diff line change
Expand Up @@ -770,7 +770,8 @@ func (c *Core) periodicCheckKeyUpgrades(ctx context.Context, stopCh chan struct{
// keys (e.g. from replication being activated) and we need to seal to
// be unsealed again.
entry, _ := c.barrier.Get(ctx, poisonPillPath)
if entry != nil && len(entry.Value) > 0 {
entryDR, _ := c.barrier.Get(ctx, poisonPillDRPath)
if (entry != nil && len(entry.Value) > 0) || (entryDR != nil && len(entryDR.Value) > 0) {
c.logger.Warn("encryption keys have changed out from underneath us (possibly due to replication enabling), must be unsealed again")
// If we are using raft storage we do not want to shut down
// raft during replication secondary enablement. This will
Expand Down
1 change: 0 additions & 1 deletion vault/login_mfa.go
Original file line number Diff line number Diff line change
Expand Up @@ -2283,7 +2283,6 @@ func (b *LoginMFABackend) deleteMFALoginEnforcementConfigByNameAndNamespace(ctx
}

entryIndex := mfaLoginEnforcementPrefix + eConfig.ID

barrierView, err := b.Core.barrierViewForNamespace(eConfig.NamespaceID)
if err != nil {
return err
Expand Down
2 changes: 1 addition & 1 deletion vault/request_forwarding_service.pb.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion vault/tokens/token.pb.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

3 changes: 3 additions & 0 deletions website/content/docs/platform/k8s/csi/configurations.mdx
Original file line number Diff line number Diff line change
Expand Up @@ -47,6 +47,9 @@ The following parameters are supported by the Vault provider:

- `vaultNamespace` `(string: "")` - The Vault [namespace](/docs/enterprise/namespaces) to use.

- `vaultKubernetesMountPath` `(string: "kubernetes")` - The mount path of the Kubernetes authentication
method in Vault.

- `vaultSkipTLSVerify` `(string: "false")` - When set to true, skips verification of the Vault server
certificate. Setting this to true is not recommended for production.

Expand Down

0 comments on commit 9708ef8

Please sign in to comment.