From b14431e63f9a2c0eef6f68bfc8af60c29ebe2413 Mon Sep 17 00:00:00 2001 From: Vault Automation Date: Fri, 27 Mar 2026 09:24:12 -0600 Subject: [PATCH 1/2] VAULT-43198 [2/7] JWT sys backend: Unit tests (#12875) (#13440) * feat: move JWT auth config from HCL to sys/config/oauth-resource-server endpoint * test(jwt): add unit and storage tests for JwtAuthManager and sys endpoint * refactor: move oauth-resource-server paths from CE to ent file Path definitions for sys/config/oauth-resource-server belong in logical_system_paths_ent.go (ent-only), not logical_system_paths.go (shared CE file). Move them into a new oAuthResourceServerPaths() function registered via the ent init() hook. * fix logical system paths * fix logical system paths (2) * respect the user claim in oauth profile * review comments * feat(jwt): add oauth-resource-server activation flag and bugfix * refactor(jwt): rewrite JWT engine and expiration handling * feat(jwt): add sys backend paths and remove HCL config * fix(test): update activation flags tests for oauth-resource-server * fix(test): skip outdated jwt test in logical_ent_test.go * fixes for broken tests (4) * add activation flag tests * moving out request handling changes * fix linter errors * merge * cleanup comments and names * cosmetic var name cleanup * update from main * add tests * avoid sleep * review comments * review comments * review comments * review comments * review comments Co-authored-by: Arnab Chatterjee --- vault/expiration.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vault/expiration.go b/vault/expiration.go index 92efd1009f..55156bcc4a 100644 --- a/vault/expiration.go +++ b/vault/expiration.go @@ -1094,7 +1094,7 @@ func (m *ExpirationManager) revokeCommon(ctx context.Context, leaseID string, fo // Delete the secondary index, but only if it's a leased secret (not auth) if le.Secret != nil { var indexToken string - // Maintain secondary index by token, except for orphan batch tokens and ent tokens + // Maintain secondary index by token, except for orphan batch tokens and enterprise tokens switch le.ClientTokenType { case logical.TokenTypeBatch: te, err := m.tokenStore.lookupBatchTokenInternal(ctx, le.ClientToken) From 13eff8cf56bc10b1bfdea2477a947debef1099d8 Mon Sep 17 00:00:00 2001 From: Vault Automation Date: Fri, 27 Mar 2026 09:45:42 -0600 Subject: [PATCH 2/2] auto: bumps vault-client-typescript version (#13252) (#13308) Co-authored-by: Angelo Cordon --- ui/pnpm-lock.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/ui/pnpm-lock.yaml b/ui/pnpm-lock.yaml index b7bba3a68d..1c4b54c15f 100644 --- a/ui/pnpm-lock.yaml +++ b/ui/pnpm-lock.yaml @@ -56,7 +56,7 @@ importers: version: 3.0.0 '@hashicorp/vault-client-typescript': specifier: github:hashicorp/vault-client-typescript - version: https://codeload.github.com/hashicorp/vault-client-typescript/tar.gz/5f320eb200ed107202eb3932f66cc9efb693204e + version: https://codeload.github.com/hashicorp/vault-client-typescript/tar.gz/89117e7ceca84680eca76d6f99041140fa45ca1a ember-auto-import: specifier: 2.10.0 version: 2.10.0(@glint/template@1.7.3)(webpack@5.105.4) @@ -1610,8 +1610,8 @@ packages: '@hashicorp/flight-icons@3.14.0': resolution: {integrity: sha512-nyLDApaZsAHpAf2sRNwYX1MnJQU9UI3euiwE6wHPl2l/+Yt8wba1oXkmWL/Ptc4QgJxxnRUUhf66jGcB/AIOyQ==} - '@hashicorp/vault-client-typescript@https://codeload.github.com/hashicorp/vault-client-typescript/tar.gz/5f320eb200ed107202eb3932f66cc9efb693204e': - resolution: {tarball: https://codeload.github.com/hashicorp/vault-client-typescript/tar.gz/5f320eb200ed107202eb3932f66cc9efb693204e} + '@hashicorp/vault-client-typescript@https://codeload.github.com/hashicorp/vault-client-typescript/tar.gz/89117e7ceca84680eca76d6f99041140fa45ca1a': + resolution: {tarball: https://codeload.github.com/hashicorp/vault-client-typescript/tar.gz/89117e7ceca84680eca76d6f99041140fa45ca1a} version: 0.0.0 '@humanwhocodes/config-array@0.13.0': @@ -11155,7 +11155,7 @@ snapshots: '@hashicorp/flight-icons@3.14.0': {} - '@hashicorp/vault-client-typescript@https://codeload.github.com/hashicorp/vault-client-typescript/tar.gz/5f320eb200ed107202eb3932f66cc9efb693204e': {} + '@hashicorp/vault-client-typescript@https://codeload.github.com/hashicorp/vault-client-typescript/tar.gz/89117e7ceca84680eca76d6f99041140fa45ca1a': {} '@humanwhocodes/config-array@0.13.0': dependencies: