Commit Graph

16999 Commits

Author SHA1 Message Date
nsimons d91d2ceaf8
Fix cubbyhole and token revocation for legacy service tokens (#19416)
* Fix cubbyhole and revocation for legacy service tokens

Legacy service tokens generated in Vault 1.10+ with env var
VAULT_DISABLE_SERVER_SIDE_CONSISTENT_TOKENS=true are not assigned
a cubbyhole ID. The implication is that cubbyhole/ cannot be
used, nor can the tokens be revoked.

This commit assigns a cubbyhole ID to these tokens and adds
a new test case to see that cubbyhole and revocation works correctly.

* add changelog

* add godoc to test cases
2023-03-06 15:09:45 -05:00
Tony Wittinger 79c0619f14
Add OpenAPI-based (Beta) (#19462)
Updated with missing OpenAPI-based Go & .NET Client Libraries (Beta) context
2023-03-06 10:57:46 -08:00
Phil Renaud d09c716e4b
Link to the Nomad tutorial for Vault as OIDC provider (#19461) 2023-03-06 10:30:14 -08:00
Angel Garbarino be2454ec1b
Pass encodeBase64 param to transit-key-actions (#19429)
* fix and test coverage

* changelog
2023-03-06 11:28:49 -07:00
miagilepner ac36b31846
VAULT-13729 activity log test godocs (#19433)
* add godocs to activity log tests

* format

* add trailing periods
2023-03-06 13:08:22 +01:00
Yoko Hyakuna 40dc1d39d9
Add more context on the Release Notes landing page (#19456)
* Add little more verbiage on the Release Notes landing page

* Add missing comma
2023-03-03 14:39:39 -08:00
prabhat-hashi e5b982199f
Docs - update ldap page to add clarity around sAMAccountName (#19450)
* Docs - update ldap page to add clarity around sAMAccountName

Updated https://developer.hashicorp.com/vault/docs/secrets/ldap#active-directory-ad-1 to clarify customers configure username properly using username_template when sAMAccountName is involved.

* Docs -  edit on last update for ldap page

Fixed the link /vault/docs/concepts/username-templating
2023-03-03 10:09:13 -08:00
Max Winslow c44f94d7ff
update entity-alias doc fix (#19435) 2023-03-03 08:16:26 -08:00
Tony Wittinger 64b4ee234d
docs: updated key size in transit documentation (#19346) 2023-03-02 16:07:40 -08:00
claire bontempo a22bb9bfcc
UI: refactor to use pki/action model for importing a pem bundle (#19425)
* rename component test file

* rename component

* rename file again..

* rename component file and remove import from issuer adapter

* rename hbs file

* update to new component name, use pki/action

* update test selectors

* update tests

* update workflow test

* add useIssuer to adapter options
2023-03-02 15:38:39 -08:00
Jordan Reimer 87c9649515
Configure Ember Data ID Generation (#19428)
* adds initializer to configure ember data id generation

* updates comments

* adds changelog entry

* adds check for id to ember data identifier config
2023-03-02 13:59:35 -07:00
Tony Wittinger 35450e247e
Updated Changelog for 1.13 and point releases (#19424)
* Updated Changelog for 1.13 and point releases

Point releases: 1.10.11, 1.11.8, 1.12.4

* update link

* Update CHANGELOG.md

Co-authored-by: Calvin Leung Huang <1883212+calvn@users.noreply.github.com>

* Fixed missing enteries

* Update CHANGELOG.md

Co-authored-by: Calvin Leung Huang <1883212+calvn@users.noreply.github.com>

---------

Co-authored-by: Calvin Leung Huang <1883212+calvn@users.noreply.github.com>
2023-03-01 18:13:45 -08:00
Kianna 6e38bb4922
UI: Use specific date in clients activity test (#19419)
* Use specific date in clients activity test

* Remove add and subtracting months twice
2023-03-01 13:41:50 -08:00
akshya96 09057073ae
Vault Status Command Differs Depending on Format (#19361)
* vault-issue-9185

* removing new lines:

* removing new space

* fix grammar

* change field name
2023-03-01 12:57:53 -08:00
Alexander Scheel dabe38dcc1
Document RSA operations (#19377)
Also clarify hash function choices.

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2023-03-01 13:35:35 -05:00
Mark Sailes 4c3c56dee4
Remove the Lambda SnapStart incompatibility notice. (#19394) 2023-03-01 18:13:18 +00:00
Kianna 7204439960
UI: VAULT-13782 VAULT-13794 pki ui improvements for phase two (#19312)
* VAULT-13782 move keys tab next to issuers

* VAULT-13794 move private_key_format to key paramter toggle

* Fix failing tests!

* Move format and private key format out

* Address feedback and fix not valid after spacing

* Add more spacing and code cleanup

* Remove engines stylesheet

* Remove class conditional logic
2023-03-01 07:29:35 -08:00
Malte S. Stretz 320f46ba8a
Add documentation for tls_max_version (#19398) 2023-03-01 14:45:04 +00:00
Max Winslow 109fbe06bb
change verbiage for lookup group and entity (#19406) 2023-02-28 12:40:38 -08:00
Jordan Reimer 07ce9ba30b
Identity manager secure context fallback (#19403)
* adds check for isSecureContext in identity-manager and falls back to incrementing ids

* adds uuid package to replace crypto.randomUUID

* adds test for okta number challenge nonce value validation
2023-02-28 12:26:10 -07:00
Austin Gebauer 10fe43701f
docs/ad: adds deprecation announcements and migration guide (#19388)
* docs/ad: adds deprecation announcements and migration guide

* fix table ending

* remove fully-qualified links

* Minor format fixes - migrationguide

* Update website/content/docs/secrets/ad/migration-guide.mdx

Co-authored-by: vinay-gopalan <86625824+vinay-gopalan@users.noreply.github.com>

* Update website/content/docs/secrets/ad/migration-guide.mdx

Co-authored-by: vinay-gopalan <86625824+vinay-gopalan@users.noreply.github.com>

---------

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>
Co-authored-by: vinay-gopalan <86625824+vinay-gopalan@users.noreply.github.com>
2023-02-28 10:41:59 -08:00
Anton Averchenkov f19bcd79c5
Remove 'openldap' from gen_openapi.sh (#19401) 2023-02-28 13:24:11 -05:00
Alexander Scheel 2970b15a63
Add docs on FIPS Inside vs Seal Wrap (#19310)
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2023-02-28 10:22:17 -05:00
Alexander Scheel 76269dfab9
Fix PKI Synopsis, add Transit help text and casing fixes (#19395)
* Fix synopsis for PKI subcommand

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add transit command for synopsis, help text

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Fix nits around spacing

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

---------

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2023-02-28 14:43:05 +00:00
Yoko Hyakuna cd7f7cc131
Vault 1.13.0 Release Notes (#19360)
* Adding Vault 1.13.0 Release Notes

* Add OpenAPI Go and .NET client libraries to the list

* Add the 'UI wizard removal' to the release note
2023-02-27 12:44:13 -08:00
Rowan Smith 4fd467a53b
approle naming syntax documentation (#19369)
Documentation does not currently detail the accepted naming scheme for approle roles, this aims to provide clarity based on customer feedback. https://github.com/hashicorp/vault/blob/main/sdk/framework/path.go#L16-L18 details the regex used.
2023-02-27 12:08:15 -08:00
Alexander Scheel 7182949029
Fix transit byok tool, add docs, tests (#19373)
* Fix Vault Transit BYOK helper argument parsing

This commit fixes the following issues with the importer:

 - More than two arguments were not supported, causing the CLI to error
   out and resulting in a failure to import RSA keys.
 - The @file notation support was not accepted for KEY, meaning
   unencrypted keys had to be manually specified on the CLI.
 - Parsing of additional argument data was done in a non-standard way.
 - Fix parsing of command line options and ensure only relevant
   options are included.

Additionally, some error messages and help text was clarified.

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add missing documentation on Transit CLI to website

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add tests for Transit BYOK vault subcommand

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add changelog

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Appease CI

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

---------

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2023-02-27 18:25:38 +00:00
Daniel Huckins d9229a5fba
VAULT-12112: add openapi responses for /sys/internal endpoints (#18542)
* added responses for sys/internal/ui/mounts

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* responses for internal paths

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* added changelog

* add schema validation for internal/ui/mounts

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* add counters test

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* update test to use new method

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* use new method in TestSystemBackend_InternalUIMounts

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* :rage4: fixed test, diff between core.HandleRequest and backend.HandleRequest

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* test feature flags

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

---------

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>
2023-02-24 15:03:21 -05:00
Steven Clark ff112ff695
Update to Go 1.20.1 (#19355) 2023-02-24 19:54:27 +00:00
Nick Cabatoff 89f31aca48
Revert "updated raft-autopilot to v0.2.0 (#17848)" (#19353)
This reverts commit 21cab77be8df948af147c11758f7fa0620ae8be6.
2023-02-24 14:24:32 -05:00
Jakob Beckmann 078a245939
Allow alias dereferencing in LDAP searches (#18230)
* impr(auth/ldap): allow to dereference aliases in searches

* docs: add documentation for LDAP alias dereferencing

* chore(auth/ldap): add changelog entry for PR 18230

* chore: run formatter

* fix: update default LDAP configuration with new default

* Update website/content/docs/auth/ldap.mdx

Co-authored-by: tjperry07 <tjperry07@users.noreply.github.com>

* docs(ldap): add alias dereferencing to API docs for LDAP

---------

Co-authored-by: tjperry07 <tjperry07@users.noreply.github.com>
2023-02-24 13:49:17 -05:00
Alexander Scheel 809957aac0
Refactor OCSP client to support better retries (#19345)
Mirror NSS's GET-vs-POST selection criteria, wherein GET is preferred
over POST (as the former might be a response from a cached CDN entry,
whereas the latter might hit a live responder). However, only accept it
if it definitively says "Good" or "Revoked" -- trigger a POST request
when an unknown or failure status is seen.

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2023-02-24 13:18:37 -05:00
davidadeleon dd39b177f9
add nil check for secret id entry on delete via accessor (#19186)
* add nil check for secret id entry on delete via accessor

* add changelog

* add godoc to test

* improve feedback on nil entry

* fix error reporting on invalid secret id accessor

* fix test to expect implemented error
2023-02-24 13:18:08 -05:00
Steven Clark 6747c546af
Address some small issues within pki health-check (#19295)
* Address some small issues within pki health-check

 - Notify user yaml output mode is not support with --list argument
 - Output pure JSON in json output mode with --list argument
 - If a checker returns a nil response, convert to an empty slice
 - Add handler for permission errors to too many certs checker
 - Add checks for permission issues within hardware_backed_root and root_issued_leaves

* Identify the role that contained the permission issue in role based checks

 - Augument the role health checks to identify the role(s) that we have
   insufficient permissions to read instead of an overall read failure
 - Treat the failure to list roles as a complete failure for the check
2023-02-24 13:00:09 -05:00
miagilepner c31a10b90a
VAULT-13763 normalize activity log mount paths (#19343)
* add slashes to mount paths in activity log

* cleanup test

* fix test
2023-02-24 16:57:41 +01:00
claire bontempo 16baa1090f
UI: Pki model attribute consolidation (#19281) 2023-02-24 07:56:12 -08:00
Austin Gebauer d8348490d5
secrets/ad: change deprecation status to deprecated (#19334)
* secrets/ad: change deprecation status to deprecated

* adds changelog
2023-02-24 00:13:32 +00:00
Christopher Swenson 6b36cc7587
When copying test binary, delete first (#19331)
For plugin tests, we copy the test binary. On macOS, if the
destination binary already exists, then copying over it will result
in an invalid signature.

The easiest workaround is to delete the file before copying.
2023-02-23 15:10:13 -08:00
Jason O'Donnell f69297e0b3
Fix inmem layer unlock bug (#19323) 2023-02-23 20:16:49 +00:00
Angel Garbarino ede0000843
Auth method token_type possibleValues fix (#19290)
* language by design

* fix issue with active class not doing anything on the LinkTo

* changelog

* noDefault instead of empty string

* test coverage

* update test descriptions

* address pr comments

* welp
2023-02-23 11:59:21 -07:00
John-Michael Faircloth 0a7656ae5c
test: Fix bug in TestAddTestPlugin test helper (#19313)
* fix external plugin test failing locally

* Ensure file is closed and written in TestAddTestPlugin
2023-02-23 17:07:48 +00:00
miagilepner 271e5b14d2
VAULT-12299 Use file.Stat when checking file permissions (#19311)
* use file.Stat for config files

* cleanup and add path

* include directory path

* revert changes to LoadConfigDir

* remove path, add additional test:

* add changelog
2023-02-23 18:05:00 +01:00
Kianna f976e399f7
VAULT-13220 use decorator instead of extending overview route (#19294) 2023-02-23 08:35:07 -08:00
Jakob Beckmann 0bed33d84f
feat(auth/ldap): allow passing the LDAP password via an env var (#18225)
* feat(auth/ldap): allow passing the LDAP password via an environment variable when authenticating via the CLI

* chore(auth/ldap): add changelog entry for PR 18225
2023-02-23 11:16:17 -05:00
Peter Wilson 15302d9fe2
Restore 'server' and 'agent' base loggers to use their original names (#19304) 2023-02-23 14:56:21 +00:00
David Yu 9753379fe8
Update consul.mdx (#19300) 2023-02-22 17:45:26 -05:00
Austin Gebauer a8d382d52a
docs/oidc: make it clear that contents of CA certificate are expected (#19297) 2023-02-22 11:33:53 -08:00
Leland Ursu 432fad12b1
added in the missing test cases to validate response structures (#19277)
* added in the missing test cases to validate response structures

* added changelog file

* remove unneeded changelog file

* removed comment to update when indentity/entity is implemented

---------

Co-authored-by: lursu <leland.ursu@hashicorp.com>
2023-02-22 12:46:46 -05:00
Bryce Kalow 2fa1153e95
adds content-check command and README update (#19271) 2023-02-22 12:04:00 -05:00
Max Coulombe b9bcd135e5
Added disambiguation that creation request can also update roles (#17371)
+ added  disambiguation that creation request can also update roles
2023-02-22 12:02:31 -05:00