Merge branch 'master' into respond-upstream-throttle

2018-09-05 14:48:21 -05:00 · 2018-09-05 14:48:21 -05:00 · 60dcdf1472
parent 8f869999f2 0a482e9bd2
commit 60dcdf1472
9 changed files with 38 additions and 18 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -1,4 +1,4 @@
-## 0.11.1 (Unreleased)
+## 0.11.1 (September 5th, 2018)

 SECURITY:

@ -9,7 +9,8 @@ SECURITY:
   and weakening the security of the key. On most platforms this should never
   happen because reading from kernel random sources is non-blocking and always
   successful, but there may be platform-specific behavior that has not been
-   accounted for.
+   accounted for. (Vault has tests to check exactly this, and the tests have
+   never seen nonce re-use.)

 IMPROVEMENTS:

@ -29,6 +30,8 @@ BUG FIXES:
   certificates and simplify API [GH-5231]
 * ui: JSON editor will not coerce input to an object, and will now show an 
   error about Vault expecting an object [GH-5271]
+ * ui: authentication form will now default to any methods that have been tuned
+   to show up for unauthenticated users [GH-5281]
 

 ## 0.11.0 (August 28th, 2018)
--- a/terraform/aws/variables.tf
+++ b/terraform/aws/variables.tf
@ -3,7 +3,7 @@
 //-------------------------------------------------------------------

 variable "download-url" {
-    default = "https://releases.hashicorp.com/vault/0.11.0/vault_0.11.0_linux_amd64.zip"
+    default = "https://releases.hashicorp.com/vault/0.11.1/vault_0.11.1_linux_amd64.zip"
    description = "URL to download Vault"
 }

--- a/ui/app/components/auth-form.js
+++ b/ui/app/components/auth-form.js
@ -57,7 +57,10 @@ export default Ember.Component.extend(DEFAULTS, {
    }
    // this is here because we're changing the `with` attr and there's no way to short-circuit rendering,
    // so we'll just nav -> get new attrs -> re-render
-    if (!this.get('selectedAuth') || (this.get('selectedAuth') && !this.get('selectedAuthBackend'))) {
+    if (
+      (this.get('fetchMethods.isIdle') && !this.get('selectedAuth')) ||
+      (this.get('selectedAuth') && !this.get('selectedAuthBackend'))
+    ) {
      this.set('selectedAuth', this.firstMethod());
      this.get('router').replaceWith({
        queryParams: {
--- a/ui/tests/integration/components/auth-form-test.js
+++ b/ui/tests/integration/components/auth-form-test.js
@ -104,11 +104,21 @@ test('it renders AdapterError style errors', function(assert) {
 });

 test('it renders all the supported tabs when no methods are passed', function(assert) {
+  let replaceSpy = sinon.spy(this.get('router'), 'replaceWith');
  this.render(hbs`{{auth-form cluster=cluster}}`);
-  assert.equal(component.tabs.length, BACKENDS.length, 'renders a tab for every backend');
+
+  return wait().then(() => {
+    assert.equal(component.tabs.length, BACKENDS.length, 'renders a tab for every backend');
+    assert.equal(
+      replaceSpy.getCall(0).args[0].queryParams.with,
+      'token',
+      'calls router replaceWith properly'
+    );
+  });
 });

 test('it renders all the supported methods and Other tab when methods are present', function(assert) {
+  let replaceSpy = sinon.spy(this.get('router'), 'replaceWith');
  let methods = {
    'foo/': {
      type: 'userpass',
@ -128,7 +138,9 @@ test('it renders all the supported methods and Other tab when methods are presen
    assert.equal(component.tabs.length, 2, 'renders a tab for userpass and Other');
    assert.equal(component.tabs.objectAt(0).name, 'foo', 'uses the path in the label');
    assert.equal(component.tabs.objectAt(1).name, 'Other', 'second tab is the Other tab');
+    assert.equal(replaceSpy.getCall(0).args[0].queryParams.with, 'foo/', 'calls router replaceWith properly');
    server.shutdown();
+    replaceSpy.restore();
  });
 });

--- a/vendor/github.com/hashicorp/vault-plugin-secrets-gcp/plugin/secrets_access_token.go
+++ b/vendor/github.com/hashicorp/vault-plugin-secrets-gcp/plugin/secrets_access_token.go
@ -9,6 +9,8 @@ import (
 	"net/url"
 	"time"

+	"strings"
+
 	"github.com/hashicorp/errwrap"
 	"github.com/hashicorp/vault/logical"
 	"github.com/hashicorp/vault/logical/framework"
@ -16,7 +18,6 @@ import (
 	"golang.org/x/oauth2/google"
 	"google.golang.org/api/googleapi"
 	"google.golang.org/api/iam/v1"
-	"strings"
 )

 const (
@ -95,6 +96,7 @@ func (b *backend) secretAccessTokenRevoke(ctx context.Context, req *logical.Requ
 	}

 	resp, err := http.Get(revokeAccessTokenEndpoint + fmt.Sprintf("?token=%s", url.QueryEscape(tokenRaw.(string))))
+	defer googleapi.CloseBody(resp)
 	if err == nil {
 		err = googleapi.CheckResponse(resp)
 	}
--- a/vendor/vendor.json
+++ b/vendor/vendor.json
@ -1359,8 +1359,8 @@
 		{
 			"checksumSHA1": "xdrSQoX7B7Hr4iWm9T2+5wHVpHQ=",
 			"path": "github.com/hashicorp/vault-plugin-auth-alicloud/tools",
-			"revision": "90acf238c385792939aade0286fcb941d9899435",
-			"revisionTime": "2018-08-22T21:26:04Z"
+			"revision": "1a078292f70a4c9e366a13d3c725d105bd5be1af",
+			"revisionTime": "2018-09-04T20:26:51Z"
 		},
 		{
 			"checksumSHA1": "ojr0r/jmutGEhftDXiHthCCwpIA=",
@ -1417,22 +1417,22 @@
 			"revisionTime": "2018-08-21T21:57:39Z"
 		},
 		{
-			"checksumSHA1": "zkmWfxanMFQXWQIAboXj/jqF12g=",
+			"checksumSHA1": "91ydauzZu3czIjeQM9IAgvy7B7o=",
 			"path": "github.com/hashicorp/vault-plugin-secrets-gcp/plugin",
-			"revision": "ba74744a1fcfcd9c5f3635571a0734e6a13ce349",
-			"revisionTime": "2018-08-17T20:56:55Z"
+			"revision": "e3f5ad9f075ab1b18fa665a64bdec5411a14a4bb",
+			"revisionTime": "2018-09-05T16:00:51Z"
 		},
 		{
 			"checksumSHA1": "zwKMP2eBB2fKeOXMf0afsbw1bS0=",
 			"path": "github.com/hashicorp/vault-plugin-secrets-gcp/plugin/iamutil",
-			"revision": "ba74744a1fcfcd9c5f3635571a0734e6a13ce349",
-			"revisionTime": "2018-08-17T20:56:55Z"
+			"revision": "e3f5ad9f075ab1b18fa665a64bdec5411a14a4bb",
+			"revisionTime": "2018-09-05T16:00:51Z"
 		},
 		{
 			"checksumSHA1": "81kYL49zTBoj1NYczxB2Xbr2d6Y=",
 			"path": "github.com/hashicorp/vault-plugin-secrets-gcp/plugin/util",
-			"revision": "ba74744a1fcfcd9c5f3635571a0734e6a13ce349",
-			"revisionTime": "2018-08-17T20:56:55Z"
+			"revision": "e3f5ad9f075ab1b18fa665a64bdec5411a14a4bb",
+			"revisionTime": "2018-09-05T16:00:51Z"
 		},
 		{
 			"checksumSHA1": "FkppDRdkWTF4Ry+olqZT8L0Stb8=",
--- a/version/version_base.go
+++ b/version/version_base.go
@ -2,7 +2,7 @@ package version

 func init() {
 	// The main version number that is being run at the moment.
-	Version = "0.11.0"
+	Version = "0.11.1"

 	// A pre-release marker for the version. If this is "" (empty string)
 	// then it means that it is a final release. Otherwise, this is a pre-release
--- a/website/config.rb
+++ b/website/config.rb
@ -2,7 +2,7 @@ set :base_url, "https://www.vaultproject.io/"

 activate :hashicorp do |h|
  h.name         = "vault"
-  h.version      = "0.11.0"
+  h.version      = "0.11.1"
  h.github_slug  = "hashicorp/vault"
  h.website_root = "website"
 end
--- a/website/source/docs/enterprise/namespaces/index.html.md
+++ b/website/source/docs/enterprise/namespaces/index.html.md
@ -20,7 +20,7 @@ There are two common challenges when implementing this architecture in Vault:
 **Tenant Isolation**

 Frequently teams within a VaaS environment require strong isolation from other
-users in their policies, secrets, and identitys. Tenant isolation is typically a 
+users in their policies, secrets, and identities. Tenant isolation is typically a 
 result of compliance regulations such as [GDPR](https://www.eugdpr.org/), though it may 
 be necessitated by corporate or organizational infosec requirements.