Tags: openbao/openbao
Tags
Bump to v2.3.1 - Drop Illumos support per policy in #711 (#1503) * Drop Illumos support per policy in #711 In https://github.com/openbao/openbao/actions/runs/15883186152/job/44788865022, the Illumos build failed. This was due to the etcd build failing: > • building build={builds-other [illumos] [amd64 arm arm64 riscv64] [v1] [sse2] [6 7] [v8.0] [hardfloat] [power8] [rva20u64] [illumos_amd64_v1] [{linux } {darwin 6 } {darwin arm } {darwin riscv64 } {dragonfly arm } {dragonfly arm64 } {dragonfly riscv64 } {freebsd 7 } {illumos arm } {illumos arm64 } {netbsd riscv64 } {netbsd 7 } {openbsd riscv64 } {openbsd 7 } {windows arm 7 } {windows riscv64 }] . . bao {[] []} go {{ .CommitTimestamp }} false go build false { [-X github.com/openbao/openbao/version.fullVersion={{.Version}} -X github.com/openbao/openbao/version.GitCommit={{.Commit}} -X github.com/openbao/openbao/version.BuildDate={{ .Date }}] [ui] [] [] [] [CGO_ENABLED=0]} []} > • building binary=dist/builds-other_illumos_amd64_v1/bao > • env "CGO_ENABLED=0" evaluated to "CGO_ENABLED=0" > • running > • took: 2m0s > ⨯ release failed after 2m29s error=build failed: failed to build for illumos_amd64_v1: exit status 1: # go.etcd.io/bbolt > Error: ../../../go/pkg/mod/go.etcd.io/bbolt@v1.4.1/bolt_solaris.go:70:15: undefined array length maxMapSize or missing type constraint > > target: illumos_amd64_v1 > Error: Process completed with exit code 1. If this is fixed with a corresponding action build + test verification, we can revert this. See also: etcd-io/bbolt#988 Signed-off-by: Alexander Scheel <ascheel@gitlab.com> * Bump changelog version to v2.3.1 Signed-off-by: Alexander Scheel <ascheel@gitlab.com> --------- Signed-off-by: Alexander Scheel <ascheel@gitlab.com>
Bump sdk to v2.3.1, add changelog to v2.3.0 (#1501) * Bump sdk to v2.3.1 Signed-off-by: Alexander Scheel <ascheel@gitlab.com> * Update changelog for v2.3.0 GA Signed-off-by: Alexander Scheel <ascheel@gitlab.com> --------- Signed-off-by: Alexander Scheel <ascheel@gitlab.com>
Bump API to v2.3.1 in core, sdk (#1500) Signed-off-by: Alexander Scheel <ascheel@gitlab.com>
Minor improvements to CEL for PKI (#1390) (#1499) * Minor improvements to CEL for PKI (#1390) * Regenerate PKI CEL protobuf Signed-off-by: Alexander Scheel <ascheel@gitlab.com> * Restructure certutil issuance, cleanup bugs This fixes a few minor bugs with CEL for PKI issuance: - Proper handling of key_bits, key_type, signature_bits, &c, to set use the global default handlers from the role system. - Move the fields into the privileged evaluationData space, rather than using the untrusted "request" values: these are not necessarily validated by CEL and so we must set our preferred values output by the program. - Clean up handling of extensions on the template. - Hide unrecognized parameter warnings via use of TakesArbitraryInput. - Support repeated warnings Signed-off-by: Alexander Scheel <ascheel@gitlab.com> * Refactor signature bits handling for CSRs Signed-off-by: Alexander Scheel <ascheel@gitlab.com> * Add identity into CEL environment Signed-off-by: Alexander Scheel <ascheel@gitlab.com> --------- This had conflicts in the protobuf file; since this is self-contained to the PKI engine, I opted to take the version merged to main completely rather than rebuilding. The only other modifying commit, 6225830, will not be backported to v2.3.0 but shouldn't impact functionality at all. Signed-off-by: Alexander Scheel <ascheel@gitlab.com> * Fix changelog for 1496's backport Signed-off-by: Alexander Scheel <ascheel@gitlab.com> --------- Signed-off-by: Alexander Scheel <ascheel@gitlab.com>
Minor improvements to CEL for PKI (#1390) (#1499) * Minor improvements to CEL for PKI (#1390) * Regenerate PKI CEL protobuf Signed-off-by: Alexander Scheel <ascheel@gitlab.com> * Restructure certutil issuance, cleanup bugs This fixes a few minor bugs with CEL for PKI issuance: - Proper handling of key_bits, key_type, signature_bits, &c, to set use the global default handlers from the role system. - Move the fields into the privileged evaluationData space, rather than using the untrusted "request" values: these are not necessarily validated by CEL and so we must set our preferred values output by the program. - Clean up handling of extensions on the template. - Hide unrecognized parameter warnings via use of TakesArbitraryInput. - Support repeated warnings Signed-off-by: Alexander Scheel <ascheel@gitlab.com> * Refactor signature bits handling for CSRs Signed-off-by: Alexander Scheel <ascheel@gitlab.com> * Add identity into CEL environment Signed-off-by: Alexander Scheel <ascheel@gitlab.com> --------- This had conflicts in the protobuf file; since this is self-contained to the PKI engine, I opted to take the version merged to main completely rather than rebuilding. The only other modifying commit, 6225830, will not be backported to v2.3.0 but shouldn't impact functionality at all. Signed-off-by: Alexander Scheel <ascheel@gitlab.com> * Fix changelog for 1496's backport Signed-off-by: Alexander Scheel <ascheel@gitlab.com> --------- Signed-off-by: Alexander Scheel <ascheel@gitlab.com>
Minor improvements to CEL for PKI (#1390) (#1499) * Minor improvements to CEL for PKI (#1390) * Regenerate PKI CEL protobuf Signed-off-by: Alexander Scheel <ascheel@gitlab.com> * Restructure certutil issuance, cleanup bugs This fixes a few minor bugs with CEL for PKI issuance: - Proper handling of key_bits, key_type, signature_bits, &c, to set use the global default handlers from the role system. - Move the fields into the privileged evaluationData space, rather than using the untrusted "request" values: these are not necessarily validated by CEL and so we must set our preferred values output by the program. - Clean up handling of extensions on the template. - Hide unrecognized parameter warnings via use of TakesArbitraryInput. - Support repeated warnings Signed-off-by: Alexander Scheel <ascheel@gitlab.com> * Refactor signature bits handling for CSRs Signed-off-by: Alexander Scheel <ascheel@gitlab.com> * Add identity into CEL environment Signed-off-by: Alexander Scheel <ascheel@gitlab.com> --------- This had conflicts in the protobuf file; since this is self-contained to the PKI engine, I opted to take the version merged to main completely rather than rebuilding. The only other modifying commit, 6225830, will not be backported to v2.3.0 but shouldn't impact functionality at all. Signed-off-by: Alexander Scheel <ascheel@gitlab.com> * Fix changelog for 1496's backport Signed-off-by: Alexander Scheel <ascheel@gitlab.com> --------- Signed-off-by: Alexander Scheel <ascheel@gitlab.com>
Minor improvements to CEL for PKI (#1390) (#1499) * Minor improvements to CEL for PKI (#1390) * Regenerate PKI CEL protobuf Signed-off-by: Alexander Scheel <ascheel@gitlab.com> * Restructure certutil issuance, cleanup bugs This fixes a few minor bugs with CEL for PKI issuance: - Proper handling of key_bits, key_type, signature_bits, &c, to set use the global default handlers from the role system. - Move the fields into the privileged evaluationData space, rather than using the untrusted "request" values: these are not necessarily validated by CEL and so we must set our preferred values output by the program. - Clean up handling of extensions on the template. - Hide unrecognized parameter warnings via use of TakesArbitraryInput. - Support repeated warnings Signed-off-by: Alexander Scheel <ascheel@gitlab.com> * Refactor signature bits handling for CSRs Signed-off-by: Alexander Scheel <ascheel@gitlab.com> * Add identity into CEL environment Signed-off-by: Alexander Scheel <ascheel@gitlab.com> --------- This had conflicts in the protobuf file; since this is self-contained to the PKI engine, I opted to take the version merged to main completely rather than rebuilding. The only other modifying commit, 6225830, will not be backported to v2.3.0 but shouldn't impact functionality at all. Signed-off-by: Alexander Scheel <ascheel@gitlab.com> * Fix changelog for 1496's backport Signed-off-by: Alexander Scheel <ascheel@gitlab.com> --------- Signed-off-by: Alexander Scheel <ascheel@gitlab.com>
Minor improvements to CEL for PKI (#1390) (#1499) * Minor improvements to CEL for PKI (#1390) * Regenerate PKI CEL protobuf Signed-off-by: Alexander Scheel <ascheel@gitlab.com> * Restructure certutil issuance, cleanup bugs This fixes a few minor bugs with CEL for PKI issuance: - Proper handling of key_bits, key_type, signature_bits, &c, to set use the global default handlers from the role system. - Move the fields into the privileged evaluationData space, rather than using the untrusted "request" values: these are not necessarily validated by CEL and so we must set our preferred values output by the program. - Clean up handling of extensions on the template. - Hide unrecognized parameter warnings via use of TakesArbitraryInput. - Support repeated warnings Signed-off-by: Alexander Scheel <ascheel@gitlab.com> * Refactor signature bits handling for CSRs Signed-off-by: Alexander Scheel <ascheel@gitlab.com> * Add identity into CEL environment Signed-off-by: Alexander Scheel <ascheel@gitlab.com> --------- This had conflicts in the protobuf file; since this is self-contained to the PKI engine, I opted to take the version merged to main completely rather than rebuilding. The only other modifying commit, 6225830, will not be backported to v2.3.0 but shouldn't impact functionality at all. Signed-off-by: Alexander Scheel <ascheel@gitlab.com> * Fix changelog for 1496's backport Signed-off-by: Alexander Scheel <ascheel@gitlab.com> --------- Signed-off-by: Alexander Scheel <ascheel@gitlab.com>
PreviousNext