Commit graph

15067 commits

Author SHA1 Message Date
Hamid Ghaf 0fc7a363cc
loading MFA configs upont restart (#15261)
* loading MFA configs upont restart

* Adding CL

* feedback

* Update vault/core.go

Co-authored-by: Chris Capurso <1036769+ccapurso@users.noreply.github.com>

Co-authored-by: Chris Capurso <1036769+ccapurso@users.noreply.github.com>
2022-05-05 18:53:57 -04:00
John-Michael Faircloth 36f1938b30
update go-plugin to v1.4.4 (#15297) 2022-05-05 16:26:42 -05:00
Christopher Swenson 0affe226ad
Update deps for consul-template 0.29.0 (#15293)
This requires bumping https://github.com/mitchellh/go-testing-interface.
For this new version, we have to create a wrapper to convert
the stdlib `testing.TB` interface to the
`mitchellh/go-testing-interface` `T` interface, since it uses
`Parallel()` now, which is not supported by `testing.TB`. This had to be
added to a new package, `benchhelpers`, to avoid a circular dependency
in `testhelpers`.

We also have to *unbump* https://github.com/armon/go-metrics since
updating it breaks our usage of
https://github.com/google/go-metrics-stackdriver

I verified that the new `pkiCert` template function works with agent
injection using annotations like:

```yaml
vault.hashicorp.com/agent-inject-secret-sample.crt: "pki/issue/example-dot-com"
vault.hashicorp.com/agent-inject-template-sample.crt: |
  {{ pkiCert "pki/issue/example-dot-com" "common_name=foo.example.com" "ttl=1h" }}
```
2022-05-05 10:30:40 -07:00
Vinayak 988468a67b
Skip metric increment during existence check (#12763)
* Skip metric increment during existence check

Signed-off-by: Vinayak Kadam <kadamvinayak03@gmail.com>

* Adding changelog.txt

Signed-off-by: Vinayak Kadam <kadamvinayak03@gmail.com>

* Updated changelog text

Signed-off-by: Vinayak Kadam <kadamvinayak03@gmail.com>
2022-05-05 10:22:19 -07:00
Nick Cabatoff 1a21b00bf1
Fix bogus duration string: "1hr" should be "1h". (#15301) 2022-05-05 10:15:50 -04:00
Chris Capurso 353246655a
base sys/license/status mock times based on current timestamp (#15286)
* base sys/license/status mock times based on current timestamp

* add missing trailing commas

* license specific test selector

Co-authored-by: Claire Bontempo <cbontempo@hashicorp.com>
2022-05-05 08:20:40 -04:00
Loann Le c5cf149f3c
added helm for install--no-verify (#15287) 2022-05-04 13:58:25 -07:00
Christopher Swenson 6c3c79c3a1
GOPATH is being set incorrectly in latest CircleCI machine image (#15288)
For some reason, GOPATH is being overridden in the `go mod download`
step after the latest machine image update in #15215.

This causes all of the modules to be downloaded to the
`/home/circleci/.go_workspace` cache instead of `/home/circleci/go` like
we require for the build (which will otherwise fail since we build with
`GOPROXY=off`).

Without this fix, the build will start to fail once the existing cache
is no longer used (after the root `go.mod`) is updated.
2022-05-04 13:39:23 -07:00
Nick Cabatoff d90ab7ef87
Add upgrade note for #15108. (#15275) 2022-05-04 09:56:37 -04:00
Jeanne Angeles Franco 6745d79669
Add release metadata config key (#15270) 2022-05-03 20:34:29 -07:00
Hridoy Roy 9a5b46436e
change ordering of activity log month data to sort by ascending order… (#15259)
* change ordering of activity log month data to sort by ascending order of timestamp

* changelog

* changelog
2022-05-03 13:39:29 -07:00
Chris Capurso 5e6437ab70
Add build_date to CLI and API docs (#15268)
* update version cmd docs

* update status cmd docs

* update version-history cmd docs

* update sys/seal-status docs

* update sys/version-history docs
2022-05-03 16:37:55 -04:00
Chris Capurso 5f3d63a03a
clone vault agent client with headers (#15274) 2022-05-03 16:27:53 -04:00
Steven Clark d80de5d9bb
Fix fmt error (#15266) 2022-05-03 10:07:23 -04:00
Alexander Tischenko b89fc5af96
When running under systemd, send ready when server completed reloading config #7028 (#15041) 2022-05-03 08:34:11 -04:00
Angel Garbarino 33de0a0a49
CSV Export include monthly data (#15169)
* setup

* add new clients to attribution

* refactor serializers, move to util folder

* cleanup export csv generator

* fix isDateRange getter

* remove new chart from partial/current month

* fix export modal text

* update version history text

* update variable naming, remove new client data from current/partial month

* add filtering by namespace to month over month charts

* remove filtering for namespace by month, need to change serializer

* add checks

* update horizontal bar chart test

* update tests

* cleanup

* address comments

* fix flakey test

* add new counts to export

Co-authored-by: Claire Bontempo <cbontempo@hashicorp.com>
2022-05-02 18:37:09 -07:00
Scott Miller bef350c916
Allow callers to choose the entropy source for the random endpoints. (#15213)
* Allow callers to choose the entropy source for the random endpoints

* Put source in the URL for sys as well

* changelog

* docs

* Fix unit tests, and add coverage

* refactor to use a single common implementation

* Update documentation

* one more tweak

* more cleanup

* Readd lost test expected code

* fmt
2022-05-02 14:42:07 -05:00
Steven Clark 6d9888e09b
Allow looking up mount entries by their backend UUIDs (#15217) 2022-04-29 16:15:29 -04:00
Meggie 03db502c6b
changelog++ 2022-04-29 15:55:05 -04:00
Calvin Leung Huang 888248f9cc
docs: update agent sections around auto-auth, caching, and templating (#15195)
* docs: update agent sections around auto-auth, caching, and templating

* Update website/content/docs/agent/template.mdx

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>

* address review feedback

* Example snippet updates

* review feedback on example note

* address review feedback

* use hcl syntax highlight on code blocks

* simplify exec param description

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>
2022-04-29 12:10:48 -07:00
Jason O'Donnell e9535bda2f
agent/auto-auth: Add min_backoff to set first backoff value (#15204)
* Add initial_backoff to auto-auth method

* Disable retries in client

* Fix bug

* Thread initial backoff to CT

* Add comment

* Change to min_backoff

* changelog

* remove initial references, review

* fix test

* Thread max_backoff through

* Add doc note for max_backoff/templating
2022-04-29 12:31:32 -04:00
Hamid Ghaf c332e578fc
Upgrade CircleCI machine image (#15215)
* Upgrade CircleCI machine image

* setting the path for ci-verify

* create GOPATH/bin
This is because CI failed with
cp: cannot create regular file '/home/circleci/go/bin/': Not a directory

* Update .circleci/config/jobs/pre-flight-checks.yml

Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com>

* updating config.yml

* source BASH_ENV

Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com>
2022-04-29 12:28:43 -04:00
Chris Capurso 15bad36e83
Fix sentence under Integrated Storage (Raft) Autopilot docs (#15231)
Co-authored-by: Peter Zujko <peter.zujko@klaviyo.com>
2022-04-29 11:26:32 -04:00
VAL a06c8a139f
Add enterprise sudo paths to api.SudoPaths map (#15219)
* Add enterprise sudo paths to api.SudoPaths map

* add comment to denote ent-only sudo paths

* go fmt

Co-authored-by: Chris Capurso <1036769+ccapurso@users.noreply.github.com>
2022-04-29 10:09:25 -04:00
Peter Wilson 43bb764808
Do sockaddr template parsing only when needed (#15224) 2022-04-29 09:57:17 -04:00
Nick Cabatoff c5928c1d15
Raft: use a larger initial heartbeat/election timeout (#15042) 2022-04-29 08:32:16 -04:00
Sergey Lanzman 90b12f1386
Add AWS_DYNAMODB_REGION Environment variable (#15054)
Added AWS_DYNAMODB_REGION env
2022-04-28 12:29:51 -07:00
VAL 0ef529b710
Global flag that outputs minimum policy HCL required for an operation (#14899)
* WIP: output policy

* Outputs example policy HCL for given request

* Simplify conditional

* Add PATCH capability

* Use OpenAPI spec and regex patterns to determine if path is sudo

* Add test for isSudoPath

* Add changelog

* Fix broken CLI tests

* Add output-policy to client cloning code

* Smaller fixes from PR comments

* Clone client instead of saving and restoring custom values

* Fix test

* Address comments

* Don't unset output-policy flag on KV requests otherwise the preflight request will fail and not populate LastOutputPolicyError

* Print errors saved in buffer from preflight KV requests

* Unescape characters in request URL

* Rename methods and properties to improve readability

* Put KV-specificness at front of KV-specific error

* Simplify logic by doing more direct returns of strings and errors

* Use precompiled regexes and move OpenAPI call to tests

* Remove commented out code

* Remove legacy MFA paths

* Remove unnecessary use of client

* Move sudo paths map to plugin helper

* Remove unused error return

* Add explanatory comment

* Remove need to pass in address

* Make {name} regex less greedy

* Use method and path instead of info from retryablerequest

* Add test for IsSudoPaths, use more idiomatic naming

* Use precompiled regexes and move OpenAPI call to tests (#15170)

* Use precompiled regexes and move OpenAPI call to tests

* Remove commented out code

* Remove legacy MFA paths

* Remove unnecessary use of client

* Move sudo paths map to plugin helper

* Remove unused error return

* Add explanatory comment

* Remove need to pass in address

* Make {name} regex less greedy

* Use method and path instead of info from retryablerequest

* Add test for IsSudoPaths, use more idiomatic naming

* Make stderr writing more obvious, fix nil pointer deref
2022-04-27 16:35:18 -07:00
Loann Le 48a4c01b97
updated KI for upgrade guides (#15202) 2022-04-27 13:26:45 -07:00
Christopher Swenson 7713b67c15
fix: upgrade vault-plugin-database-snowflake to v0.4.1 (#15199) 2022-04-27 10:55:10 -07:00
Theron Voran 3d70b41049
docs: update the vault-lambda-extension docs (#15190)
Updates the layer version for the new release, and renames the docs
page from lambda-extension-cache -> lambda-extension, and includes a
redirect.
2022-04-27 08:27:18 -07:00
Rémi Lapeyre 089b6ea970
Remove dead code in setupCredentials() (#15194)
This should have been removed as part of f09e39ea42 but somehow got
forgotten.
2022-04-27 10:47:04 -04:00
Loann Le cca8244040
Vault documentation: applied new guidelines to code blocks (#15191)
* applied new guidelines to codeblock

* updated text
2022-04-26 14:12:52 -07:00
Christopher Swenson aa6d61477e
VAULT-5827 Don't prepare SQL queries before executing them (#15166)
VAULT-5827 Don't prepare SQL queries before executing them

We don't support proper prepared statements, i.e., preparing once and
executing many times since we do our own templating. So preparing our
queries does not really accomplish anything, and can have severe
performance impacts (see
https://github.com/hashicorp/vault-plugin-database-snowflake/issues/13
for example).

This behavior seems to have been copy-pasted for many years but not for
any particular reason that we have been able to find. First use was in
https://github.com/hashicorp/vault/pull/15

So here we switch to new methods suffixed with `Direct` to indicate
that they don't `Prepare` before running `Exec`, and switch everything
here to use those. We maintain the older methods with the existing
behavior (with `Prepare`) for backwards compatibility.
2022-04-26 12:47:06 -07:00
Jordan Reimer 9eaea7bc14
KMSE Wizard Steps (#15171)
* fixes issues in key-edit component

* adds capabilities checks for keys and providers

* adds distribute component to key and provider edit

* adds wizard steps for kmse
2022-04-26 13:17:42 -06:00
Loann Le 5a47db75cc
Vault documentation: updated docs to include a note about seal requirement (#15172)
* add note about seal requirement

* fixed spelling error

* updated notes

* Update website/content/docs/configuration/seal/pkcs11.mdx

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>

* Update website/content/docs/concepts/seal.mdx

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>
2022-04-26 12:13:03 -07:00
kitography 87fa42db66
Fix the AllowedValues and description on "key_type" on the roles endpoint. (#15184) 2022-04-26 13:26:43 -04:00
Josh Black a4593e8913
When tainting a route during setup, pre-calculate the namespace specific path (#15067) 2022-04-26 09:13:45 -07:00
Jordan Reimer d6933e9ef4
KMSE Capabilities & Phase 1 Cleanup (#15143)
* fixes issues in key-edit component

* adds capabilities checks for keys and providers

* adds distribute component to key and provider edit
2022-04-26 08:23:31 -06:00
Chris Capurso cc531c793d
fix raft tls key rotation panic when rotation time in past (#15156)
* fix raft tls key rotation panic when rotation time in past

* add changelog entry

* push out next raft TLS rotation time in case close to elapsing

* consolidate tls key rotation duration calculation

* reduce raft getNextRotationTime padding to 10 seconds

* move tls rotation ticker reset to where its duration is calculated
2022-04-25 21:48:34 -04:00
AnPucel 2b5be0adec
[VAULT-5813] Remove duplicate sha_256 in SystemCatalogRequest OAS (#15163) 2022-04-25 13:12:08 -07:00
Matt Schultz a06f9863e7
Don't show the signature for git commits in the build_date script (#15165) 2022-04-25 13:47:55 -05:00
Angel Garbarino 80c4ab7148
Client Count banner warnings for upgraded of minor 9 or 10 (#15103)
* handle current warning

* handle history

* match the two flows

* clean up

* Refactor to account for chart indicator (#15121)

* refactor for charts

* revert handler changes

* clarify variable

* add 1.10 to version history

* woops add key

* handle mock query end date

* update current template

* add date

* fix tests

* fix fake version response

* address comments, cleanup

* change word

* add TODO

* revert selector

Co-authored-by: claire bontempo <68122737+hellobontempo@users.noreply.github.com>
Co-authored-by: Claire Bontempo <cbontempo@hashicorp.com>
2022-04-25 11:23:12 -06:00
Nick Cabatoff 15ad2dd438
Add upgrade note for #15147. (#15154) 2022-04-25 12:55:58 -04:00
AnPucel f38248f5e5
[VAULT-5887] TypeInt64 support added to OpenApi Spec generation (#15104)
Adding handling for TypeInt64 to OAS types
2022-04-22 15:37:12 -07:00
claire bontempo 2907464b96
fix test selector (#15132) 2022-04-22 11:44:45 -07:00
claire labry 11c1b49277
change action to pull v1 instead of main (#15128) 2022-04-22 14:15:09 -04:00
Nick Cabatoff 7e64e105a0
Clone identity objects to prevent races. (#15123) 2022-04-22 13:04:34 -04:00
Reuben James 92cd0e8248
Update golang.org/x/crypto/ssh (#15125)
* Update golang.org/x/crypto/ssh

* Add changelog comment
2022-04-22 12:58:23 -04:00
ldilalla-HC 0a6c7be73e
Update CHANGELOG.md 2022-04-22 09:54:30 -04:00