0082cc4a5b
Correct flag name: -dev-kv-v1, not dev-kv-1. ( #13250 )
2021-11-23 12:17:51 -05:00
c01b993bd3
Fix regression in returning empty value for approle cidrlist. ( #13235 )
2021-11-23 12:13:47 -05:00
fe0dd6f867
Add InitialMmapSize to bolt options ( #13178 )
2021-11-22 20:16:57 -08:00
f77223bfe5
Authenticate to "login" endpoint for non-existent mount path bug ( #13162 )
...
* changing response from missing client token to permission denied
* removing todo comment
* fix tests
* adding changelog
* fixing changelog
2021-11-22 17:06:59 -08:00
d5f4fbecc1
identity/oidc: optional nonce parameter for authorize request ( #13231 )
2021-11-22 09:42:22 -08:00
3bad83f76f
Prevent CWE-190/AllocationSizeOverflow in KDF ( #13237 )
...
In the Counter-mode KBKDF implementation, due to the nature of the PRF
(being implemented as a function rather than a hash.Hash instance), we
need to allocate a buffer capable of storing the entire input to the
PRF. This consists of the user-supplied context with 8 additional bytes
(4 before and 4 after) of encoded integers.
If the user supplies a maximally-sized context, the internally allocated
buffer's size computation will overflow, resulting in a runtime panic.
Guard against this condition.
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2021-11-22 12:25:50 -05:00
5236fe93aa
Add a new parameter "allowed_managed_keys" to mount config ( #13202 )
...
* Add a new parameter "allowed_managed_keys" to mount config
* Adjust formatting in mount.go
* Add changelog entry
2021-11-21 19:08:38 -06:00
19fe708fc6
README.md of website/ with WARNING on rebuilding ( #13027 )
...
* README.md of website/ with WARNING on rebuilding
* Update README.md
2021-11-19 13:15:37 -08:00
3818adf3f8
Fix missing changelog ( #13230 )
2021-11-19 12:59:00 -08:00
10d146125a
Updates to 1.9 documentation ( #13228 )
...
* incorporated feedback
* fixed link
* fixed link again
* found another error
2021-11-19 12:46:47 -08:00
980cc8f182
auth/kubernetes: add changelog for issuer deprecation ( #13221 )
...
* add kubenetes issuer config deprecation
* changelog++
* add Vault specific PR in deprecation section
* ordering
2021-11-19 09:50:31 -08:00
79ec6b7f3d
docs: updated for vault-k8s 0.14.1 vault-helm 0.18.0 ( #13199 )
...
* version bumps
* updated chart options
2021-11-18 18:08:35 -08:00
9622e36b82
Docs deprecate token issuer validation ( #13019 )
...
* change default vaule for disable_iss_validation to be true
* mark as deprecated | remove issuer from sample
* deprecation section
* additional informaiton about when fields will be removed
* additional deprecation note under csi provider
* punctuation
* make the deprecation note more noticable
* missing issuer sentence | remove whitespace
* Update website/content/docs/platform/k8s/csi/index.mdx
Co-authored-by: Ben Ash <32777270+benashz@users.noreply.github.com>
* cleanup
* additional deprecation comments
* fix discovery link
* highlight
* no need to configure the issuer
Co-authored-by: Ben Ash <32777270+benashz@users.noreply.github.com>
2021-11-18 15:16:54 -08:00
73d3204b8f
OIDC: add note on PKCE support for code flow ( #13206 )
...
* OIDC: add note on PKCE support for code flow
* add changelog
* remove changelong
2021-11-18 13:46:34 -06:00
4127092fdd
fixed errors in file ( #13205 )
2021-11-18 10:50:26 -08:00
d563882933
docs: move deprecation notices down the navbar ( #13201 )
...
Moved from one of the first items in the navbar down to one of the last. They are not high priority information and should be grouped with upgrade and release notes.
2021-11-18 10:26:30 -08:00
ba5ad97e78
UI/Make revocation time and credential dates human-readable ( #13196 )
...
* adds date time helper to generated creds
* makes revocation time human-readable
2021-11-18 10:14:48 -08:00
e43f2bb80c
Add sb extract to enable Storybook composition ( #12808 )
...
* Add sb extract to enable Storybook composition
Ref: hashicorp/cloud-ui#1457 and https://github.com/hashicorp/design-system-website/blob/main/taskbox/.storybook/main.js
* Add metadata to enable SB extract
* Change dir location
* Change location of stories
* Move cp stories.json to build:storybook step
2021-11-18 09:19:46 -06:00
c933664eeb
docs: fixing the injector.webhookAnnotations annotation ( #13181 )
2021-11-17 18:19:33 -08:00
42abf7ed2e
Updated Vault 1.9 documentation ( #13194 )
...
* post 1-9 doc changes
* fixed endpoint sample
* Update website/content/docs/release-notes/1.9.0.mdx
Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>
Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>
2021-11-17 14:23:48 -08:00
f6d8904540
Use new auth modules + Login method in Go client docs ( #13189 )
2021-11-17 11:52:38 -08:00
176fae22cc
changelog++
2021-11-17 14:05:11 -05:00
5af1db7992
Removing draft note ( #13187 )
2021-11-17 13:22:55 -05:00
d9e3dde39a
Prep work for docs cutover ( #13186 )
...
* Some prep work for docs cutover
* Rerun Vercel
2021-11-17 13:09:18 -05:00
f7a7b4a32b
Raft Snapshot Restore Bug ( #13107 )
...
* fixes issue restoring raft snapshot
* adds changelog entry
2021-11-17 10:30:59 -07:00
d9d9a7353e
Form field component ttl picker not initially enabling ( #13177 )
...
* fixes issue with ttl picker not initially enabling in form field component
* adds changelog entry
* updates test
* updates initial ttl toggle state for default 0s value
2021-11-17 10:21:17 -07:00
dd11865597
Return a UserError if aead.Open() fails to align with documentation ( #10914 )
...
Return a UserError is aead.Open() fails and assume by that stage there is a problem with the user input for said decryption
2021-11-17 11:40:43 -05:00
a01e1a4101
docs/identity: fix template parameter for groups ( #13176 )
2021-11-17 08:25:37 -08:00
3458c22df0
Vault-2257: don't log token error on DR Secondary ( #13137 )
...
* don't log token error on DR Secondary
* stop gauge collector expiration errors on dr secondary
* don't check dr secondary for token create
* see if CI hits panic
* Revert "don't check dr secondary for token create"
This reverts commit c036a1a544d3a20d29d046f1ee239ab1563ce4d9.
* don't check dr secondary for token create
* Revert "see if CI hits panic"
This reverts commit 1e15aa535cac6e4d1684aaf47c8746c094068eb8.
* remove condition on log
2021-11-17 09:21:54 -07:00
46adcccfea
Website docs for Vault EKM provider for MS SQL ( #13175 )
2021-11-17 13:46:07 +00:00
c8bfbbdf7e
UI/Update blueprints to glimmer components ( #13149 )
...
* updates generator to glimmer
* adds changelog
* accounts for addon vs reg components
* moves imports to the top of components
2021-11-16 13:14:16 -08:00
eda9607c8a
Revert more downgrades from #12975 . ( #13168 )
2021-11-16 15:07:03 -05:00
1ec904976a
Note that versionTimestamps are only loaded on the active node.
2021-11-16 15:05:59 -05:00
c2d9215d1d
Fix startup failures when aliases from a pre-1.9 vault version exist ( #13169 )
...
* Add AllowMissing to local_bucket_key schema, preventing startup failures in post-unseal when aliases from an older version exist.
2021-11-16 14:56:34 -05:00
9e27ccbae1
Fix 1.9 regression with raft and stored time values ( #13165 )
2021-11-16 14:43:00 -05:00
b73815f966
identity/oidc: Adds section to 1.9 upgrade guide for ACL policy requirements ( #13154 )
2021-11-16 11:27:31 -08:00
d75db00dcb
Adds documentation for GCP Cloud KMS support in key management secrets engine ( #13153 )
2021-11-16 11:27:08 -08:00
c105c58bce
Hide verify-connection attribute on connection config show page ( #13152 )
...
* Hide verify-connection attribute on connection config show page
* Add changelog
2021-11-16 12:56:42 -06:00
5864e0a523
Remove old guides folder and its contents ( #13156 )
...
* Remove old guides folder and its contents
* Remove the guide-nav file
* Remove the guides page
2021-11-16 08:15:42 -08:00
764c10ded7
[Doc Assembly Branch] Vault 1.9 release ( #12944 )
...
* new document for feature deprecation notice
* fixed errors
* Update website/content/docs/feature-deprecation-notice.mdx
Co-authored-by: Meggie <meggie@hashicorp.com>
* Update website/content/docs/feature-deprecation-notice.mdx
Co-authored-by: Meggie <meggie@hashicorp.com>
* Update website/content/docs/feature-deprecation-notice.mdx
Co-authored-by: Rosemary Wang <915624+joatmon08@users.noreply.github.com>
* Update website/content/docs/feature-deprecation-notice.mdx
Co-authored-by: Rosemary Wang <915624+joatmon08@users.noreply.github.com>
* Update feature-deprecation-notice.mdx
* added new faq page
* added content for faq
* updated faq page based on aarti's feedback
* added client count faq
* fixed a broken link
* added links
* fixed spacing issue
* added new release notes page
* edited the client count faq
* edited the feature deprecation faq
* edited the featue deprecation notice and plans
* edited the release notes
* added new oidc provider doc
* Update website/content/docs/concepts/oidc-provider.mdx
Co-authored-by: John-Michael Faircloth <fairclothjm@users.noreply.github.com>
* Update website/content/docs/concepts/oidc-provider.mdx
Co-authored-by: John-Michael Faircloth <fairclothjm@users.noreply.github.com>
* Update website/content/docs/concepts/oidc-provider.mdx
Co-authored-by: John-Michael Faircloth <fairclothjm@users.noreply.github.com>
* Update website/content/docs/concepts/oidc-provider.mdx
Co-authored-by: John-Michael Faircloth <fairclothjm@users.noreply.github.com>
* Update website/content/docs/concepts/oidc-provider.mdx
Co-authored-by: John-Michael Faircloth <fairclothjm@users.noreply.github.com>
* Update website/content/docs/concepts/oidc-provider.mdx
Co-authored-by: John-Michael Faircloth <fairclothjm@users.noreply.github.com>
* Update website/content/docs/concepts/oidc-provider.mdx
Co-authored-by: John-Michael Faircloth <fairclothjm@users.noreply.github.com>
* Update website/content/docs/concepts/oidc-provider.mdx
Co-authored-by: John-Michael Faircloth <fairclothjm@users.noreply.github.com>
* Update website/content/docs/concepts/oidc-provider.mdx
Co-authored-by: John-Michael Faircloth <fairclothjm@users.noreply.github.com>
* incorporated feedback
* Update website/content/docs/concepts/oidc-provider.mdx
Co-authored-by: John-Michael Faircloth <fairclothjm@users.noreply.github.com>
* Update website/content/docs/concepts/oidc-provider.mdx
Co-authored-by: John-Michael Faircloth <fairclothjm@users.noreply.github.com>
* Update website/content/docs/concepts/oidc-provider.mdx
Co-authored-by: John-Michael Faircloth <fairclothjm@users.noreply.github.com>
* Update website/content/docs/concepts/oidc-provider.mdx
Co-authored-by: John-Michael Faircloth <fairclothjm@users.noreply.github.com>
* changed mnt_acc to mount_accessor
* rewritting content
* added doc link
* fixed link error
* fixed spacing error
* incorporate additional feedback
* more feedback
* incorporated more feedback
* fixed headings
* fixed a heading
* incorproate changes
* incorporate feedback
* modified RN based on feedback
* Update website/content/docs/concepts/oidc-provider.mdx
Co-authored-by: Austin Gebauer <34121980+austingebauer@users.noreply.github.com>
* updated final release notes
* updated image
* fixed link
* added a new hyperlink to the etcd document
* add and modify notes; update scope template
* break identity docs into separate pages
* fix nav for identity token
* fix nav links; add links on overview
* use real example IDs
* fix typos
* incorporated additional feedback
Co-authored-by: Meggie <meggie@hashicorp.com>
Co-authored-by: Rosemary Wang <915624+joatmon08@users.noreply.github.com>
Co-authored-by: John-Michael Faircloth <fairclothjm@users.noreply.github.com>
Co-authored-by: Austin Gebauer <34121980+austingebauer@users.noreply.github.com>
Co-authored-by: JM Faircloth <jmfaircloth@hashicorp.com>
2021-11-15 18:02:36 -08:00
0abd248c9f
Return non-retryable errors on transit encrypt and decrypt failures ( #13111 )
...
* Return HTTP 400s on transit decrypt requests where decryption fails. (#10842 )
* Don't abort transit batch encryption when a single batch item fails.
* Add unit tests for updated transit batch decryption behavior.
* Add changelog entry for transit encrypt/decrypt batch abort fix.
* Simplify transit batch error message generation when ciphertext is empty.
* Return error HTTP status codes in transit on partial batch decrypt failure.
* Return error HTTP status codes in transit on partial batch encrypt failure.
* Properly account for non-batch transit decryption failure return. Simplify transit batch decryption test data. Ensure HTTP status codes are expected values on batch transit batch decryption partial failure.
* Properly account for non-batch transit encryption failure return. Actually return error HTTP status code on transit batch encryption failure (partial or full).
2021-11-15 15:53:22 -06:00
3d46021d4e
Prevent constant-refresh UI bug ( #12896 )
2021-11-15 15:45:55 -06:00
677e2a1ca5
Fix some typos ( #12289 )
2021-11-15 14:52:04 -05:00
ff145d3a4f
Fix out-dated hyperlink ( #13145 )
2021-11-15 09:53:49 -08:00
2d21c00476
Add extra debugging to help identify failures within mssql test ( #13142 )
...
* Add extra debugging to help identify failures within mssql test
* Switch up the AssertInitialized method for mssql tests by marking the test as failed instead of
immediately failing, this will also allow us to see what happens even if this assertion fails to the rest
of the test.
2021-11-15 12:51:16 -05:00
a3862bcf97
OIDC Auth Bug ( #13133 )
...
* fixes issue with oidc auth method when MetaMask chrome extenstion is used
* adds changelog entry
* updates auth-jwt integration tests
* fixes race condition in runCommands ui-panel helper method where running multiple commands would not always result in the same output order
2021-11-15 08:48:11 -07:00
8b869dde70
Revert "OSS parts to support new kms_library configuration stanza. ( #13132 )" ( #13138 )
...
This reverts commit 82d6662787c181b16bfdec315f96e4a81d123178.
2021-11-15 09:58:50 -05:00
a5e55f6b05
Fix a data race in the new autoseal health check ( #13136 )
...
* Move the ctx capture outside the goroutine to avoid a race
* refactor the toggleable wrapper to avoid races
* Move the capture back outside the goroutine
* defer
2021-11-12 15:58:46 -06:00
1279413ea2
Docs Updates for Client Counting non-entity tokens ( #13134 )
...
* some client count docs updates
* Update website/content/docs/concepts/client-count.mdx
Co-authored-by: swayne275 <swayne275@gmail.com>
* remove full link path
* more path shortening for urls
Co-authored-by: swayne275 <swayne275@gmail.com>
2021-11-12 13:12:23 -08:00
ae04eda675
OSS parts to support new kms_library configuration stanza. ( #13132 )
...
- Add a new top level configuration stanza named kms_library with
Vault's SharedConfig struct
2021-11-12 13:39:22 -05:00
Nick Cabatoff