Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Make reception of an empty valid principals configurable based on a role flag. #28466

Merged
merged 8 commits into from
Sep 23, 2024
Merged

Make reception of an empty valid principals configurable based on a role flag. #28466

merged 8 commits into from
Sep 23, 2024

Conversation

sgmiller
Copy link
Collaborator

@sgmiller sgmiller commented Sep 23, 2024
edited
Loading

Adds allow_empty_principals, which if true allows valid_principals on credential generation calls
to be empty.

Description

What does this PR do?

TODO only if you're a HashiCorp employee

  • Backport Labels: If this PR is in the ENT repo and needs to be backported, backport
    to N, N-1, and N-2, using the backport/ent/x.x.x+ent labels. If this PR is in the CE repo, you should only backport to N, using the backport/x.x.x label, not the enterprise labels.
    • If this fixes a critical security vulnerability or severity 1 bug, it will also need to be backported to the current LTS versions of Vault. To ensure this, use all available enterprise labels.
  • ENT Breakage: If this PR either 1) removes a public function OR 2) changes the signature
    of a public function, even if that change is in a CE file, double check that
    applying the patch for this PR to the ENT repo and running tests doesn't
    break any tests. Sometimes ENT only tests rely on public functions in CE
    files.
  • Jira: If this change has an associated Jira, it's referenced either
    in the PR description, commit message, or branch name.
  • RFC: If this change has an associated RFC, please link it in the description.
  • ENT PR: If this change has an associated ENT PR, please link it in the
    description. Also, make sure the changelog is in this PR, not in your ENT PR.

@sgmiller
Make reception of an empty valid principals configurable based on a r…
918867a 
…ole flag.

Adds allow_empty_principals, which if true allows valid_principals on credential generation calls
to be empty.
@sgmiller
Merge remote-tracking branch 'origin/main' into sgm/allow_empty_princ…
471405d 
…ipals_flag
@sgmiller sgmiller requested a review from a team as a code owner September 23, 2024 15:18
@github-actions github-actions bot added the hashicorp-contributed-pr If the PR is HashiCorp (i.e. not-community) contributed label Sep 23, 2024
@github-actions GitHub Actions
Copy link

github-actions bot commented Sep 23, 2024
edited
Loading

CI Results:
All Go tests succeeded! ✅

@github-actions GitHub Actions
Copy link

github-actions bot commented Sep 23, 2024
edited
Loading

Build Results:
All builds succeeded! ✅

@sgmiller sgmiller added this to the 1.19.0-rc milestone Sep 23, 2024
victorr
victorr approved these changes Sep 23, 2024
View reviewed changes
Copy link
Contributor

@victorr victorr left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍

website/content/api-docs/secret/ssh.mdx
@@ -170,7 +170,9 @@ This endpoint creates or updates a named role.

~> **Note**: In FIPS 140-2 mode, the following algorithms are not certified
and thus should not be used: `ed25519`.

- `allow_empty_principals` `(bool: false)` - Allow signing certificates with
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I am not sure if the absence of the empty line matters or not. The Vercel step was skipped by the PR build, so I couldn't verify it.

@sgmiller sgmiller merged commit 12f03b0 into main Sep 23, 2024
83 of 84 checks passed
@sgmiller sgmiller deleted the sgm/allow_empty_principals_flag branch September 23, 2024 22:20
This was referenced Sep 23, 2024
Merged
Merged
@sgmiller sgmiller added backport/ent/1.16.x+ent Changes are backported to 1.16.x+ent and removed backport/ent/1.16.x+ent Changes are backported to 1.16.x+ent labels Sep 23, 2024
@hellobontempo hellobontempo mentioned this pull request Sep 24, 2024
Merged
6 tasks
This was referenced Sep 24, 2024
Closed
Merged
@hellobontempo hellobontempo mentioned this pull request Sep 24, 2024
Merged
6 tasks
@Sayrus Sayrus mentioned this pull request Oct 11, 2024
Closed
@fairclothjm fairclothjm mentioned this pull request Nov 6, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@stevendpclark stevendpclark stevendpclark approved these changes

@victorr victorr victorr approved these changes

Assignees
No one assigned
Labels
backport/ent/1.16.x+ent Changes are backported to 1.16.x+ent backport/1.18.x hashicorp-contributed-pr If the PR is HashiCorp (i.e. not-community) contributed
Projects
None yet
Milestone
1.19.0-rc
Development

Successfully merging this pull request may close these issues.
3 participants
@sgmiller @victorr @stevendpclark