* fix: pin to the right version for azure keyvault
Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
* update the fake and the test
Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
---------
Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
* Added Previder Vault Provider and tests
Signed-off-by: Gijs Middelkamp <g.middelkamp@previder.nl>
* Set go version back to 1.23
Signed-off-by: Gijs Middelkamp <g.middelkamp@previder.nl>
* Updates after "make reviewable"
Signed-off-by: Gijs Middelkamp <g.middelkamp@previder.nl>
* Fixed methods to naming convention
Signed-off-by: Gijs Middelkamp <g.middelkamp@previder.nl>
* Added Previder to stability support doc
Signed-off-by: Gijs Middelkamp <g.middelkamp@previder.nl>
* Added installation documentation and Previder logo
Signed-off-by: Gijs Middelkamp <g.middelkamp@previder.nl>
* Altered last test name for naming convention
Signed-off-by: Gijs Middelkamp <g.middelkamp@previder.nl>
* Adds Previder provider to api-docs/mkdocs.yml
Signed-off-by: Gijs Middelkamp <g.middelkamp@previder.nl>
* Ran make check-diff
Signed-off-by: Gijs Middelkamp <g.middelkamp@previder.nl>
* Updated Tiltfile to check for new default image used in helm chart
Signed-off-by: Gijs Middelkamp <g.middelkamp@previder.nl>
* Added optional tag to PreviderAuth struct
Signed-off-by: Gijs Middelkamp <g.middelkamp@previder.nl>
* Removed toolchain
Signed-off-by: Gijs Middelkamp <g.middelkamp@previder.nl>
* Updated to go 1.23.1 for CVE; Updated previder/vault-cli to 0.1.2 for CVE fix also
Signed-off-by: Gijs Middelkamp <g.middelkamp@previder.nl>
---------
Signed-off-by: Gijs Middelkamp <g.middelkamp@previder.nl>
Signed-off-by: Gijs Middelkamp <17021438+gkwmiddelkamp@users.noreply.github.com>
* Squash changes to prep for manual testing
Signed-off-by: Nick Knowlson <nick.knowlson@alayacare.com>
* remove commented out test data
Signed-off-by: Nick Knowlson <nick.knowlson@alayacare.com>
* update e2e test file
Signed-off-by: Nick Knowlson <nick.knowlson@alayacare.com>
---------
Signed-off-by: Nick Knowlson <nick.knowlson@alayacare.com>
Co-authored-by: Gustavo Fernandes de Carvalho <17139678+gusfcarvalho@users.noreply.github.com>
* feat(generator/uuid): initial version
Signed-off-by: Alexander Schaber <a.schaber@cuegee.com>
* fix(generator/uuid): rename symbols in compliance with lint
Signed-off-by: Alexander Schaber <a.schaber@cuegee.com>
* fix(generator/uuid): rename unused vars to `_` to fix lint
Signed-off-by: Alexander Schaber <a.schaber@cuegee.com>
* docs(generator/uuid): initial documentation for uuid generator
Signed-off-by: Alexander Schaber <a.schaber@cuegee.com>
---------
Signed-off-by: Alexander Schaber <a.schaber@cuegee.com>
* fix: bitwarden API url to point to the correct default location
Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
* explicitly remove trailing slashes to prevent not found error
Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
---------
Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
use passthrough resolver to be consistent with ycsdk library, and to
work correctly in dual-stack environments until gRPC proposal A61 is
fully implemented in grpc-go
fixes#3837
Signed-off-by: Viktor Oreshkin <imselfish@stek29.rocks>
Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
* Use Conjur API's built in JWT functions
Signed-off-by: Shlomo Heigh <shlomo.heigh@cyberark.com>
* docs: clarify that all Conjur types are supported
Signed-off-by: Shlomo Heigh <shlomo.heigh@cyberark.com>
* docs: add link to Conjur blog post
Signed-off-by: Shlomo Heigh <shlomo.heigh@cyberark.com>
---------
Signed-off-by: Shlomo Heigh <shlomo.heigh@cyberark.com>
* chore: update go version of the project to 1.23
Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
* fixed an absurd amount of linter issues
Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
---------
Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
* feat: add CAProvider to bitwarden
This change introduces a refactor as well since CAProvider
was used by multiple providers with diverging implementations.
The following providers were affected:
- webhook
- akeyless
- vault
- conjur
- kubernetes
Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
* refactored the Kubernetes provider to use create ca
Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
* refactor webhook, vault and kubernetes provider
Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
* rename CreateCACert to FetchCACertFromSource
Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
* addressed comments and autodecoding base64 data
Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
* check if the decoded value is a valid certificate
Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
---------
Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
* feat: add prefix definition to all secret keys for aws parameter store
Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
* added a push secret test to verify called parameter has a prefix
Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
---------
Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
* feat: increase verbosity of error message during validation
Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
* removing Equal as we do not have the specific error message there
Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
---------
Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
* fix: add namespace to path and route construction
Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
* fix: use the correct namespace while restoring from auth namespace
Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
* added fix suggestion from Gustavo
Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
---------
Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
* fix(vault): Treat tokens expiring in <60s as expired
Without this, it's possible to hit a TOCTOU issue where checkToken()
sees a valid token, but it expires before the actual operation is
performed. This condition is only reachable when the experimental
caching feature is enabled.
60 seconds was chosen as a sane (but arbitrary) value. It should be more
than enough to cover the amount of time between checkToken() and the
actual operation.
Signed-off-by: Andrew Gunnerson <andrew.gunnerson@elastic.co>
* ADOPTERS.md: Add Elastic
Signed-off-by: Andrew Gunnerson <andrew.gunnerson@elastic.co>
---------
Signed-off-by: Andrew Gunnerson <andrew.gunnerson@elastic.co>
Instead of assuming that the data fields are strings that can be
converted to byte array, convert the actual type to a byte array.
fixes#3239
Signed-off-by: Doug Goldstein <cardoe@cardoe.com>
* fix: explicitly fetch status subresource due to inconsistencies
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
* fix: bump go
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
* fix: add rbac to get status
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
---------
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
In the vault client library, LookupSelfWithContext calls ParseSecret,
which has a few places where it returns `nil, nil` instead of returning
a proper error. The most common scenario is when the token expires and
the Vault server returns:
{
"errors": [
"permission denied"
]
}
This commit adds an additional check to ensure that a nil response won't
be dereferenced in checkToken().
Signed-off-by: Andrew Gunnerson <andrew.gunnerson@elastic.co>
