Commit graph

13139 commits

Author SHA1 Message Date
Calvin Leung Huang 0df09e356d
agent: add an inflight cache better concurrent request handling (#10705)
* agent: do not grap idLock writelock until caching entry

* agent: inflight cache using sync.Map

* agent: implement an inflight caching mechanism

* agent/lease: add lock for inflight cache to prevent simultaneous Set calls

* agent/lease: lock on a per-ID basis so unique requests can be processed independently

* agent/lease: add some concurrency tests

* test: use lease_id for uniqueness

* agent: remove env flags, add comments around locks

* agent: clean up test comment

* agent: clean up test comment

* agent: remove commented debug code

* agent/lease: word-smithing

* Update command/agent/cache/lease_cache.go

Co-authored-by: Nick Cabatoff <ncabatoff@hashicorp.com>

* agent/lease: return the context error if the Done ch got closed

* agent/lease: fix data race in concurrency tests

* agent/lease: mockDelayProxier: return ctx.Err() if context got canceled

* agent/lease: remove unused inflightCacheLock

* agent/lease: test: bump context timeout to 3s

Co-authored-by: Nick Cabatoff <ncabatoff@hashicorp.com>
2021-01-26 12:09:37 -08:00
Jim Kalafut fb049caa7f
Clarify agent lease renewal docs (#10772) 2021-01-26 12:07:59 -08:00
Vishal Nayak f539117255
changelog++ (#10775) 2021-01-26 12:45:54 -05:00
Lauren Voswinkel 508d33e64a
Updating GCP secrets plugin (#10759)
* Update gcp secrets plugin pseudo tag
2021-01-26 09:35:49 -08:00
John Eikenberry 1ecd3464eb
fix deep links to consul-template docs (#10768) 2021-01-25 16:42:19 -08:00
Vishal Nayak 2602675402
Set namespace for template server in agent (#10757)
* Set namespace for template server in agent

* cl++
2021-01-25 17:37:01 -05:00
Vishal Nayak fcbbc5f7d8
Remove peer DR op token check only on secondaries (#10765) 2021-01-25 17:35:58 -05:00
Nick Cabatoff 88d14684e2
We should allow test-go and test-go-remote-docker to run so that they can satisfy the check. There's a short-circuit within them to avoid taking time if it's a ui/ or docs/ branch. (#10763) 2021-01-25 15:31:05 -05:00
Vishal Nayak 904bacd55e
Fix remove peers check (#10758) 2021-01-25 14:20:46 -05:00
Jeff Escalante cbf38d8deb
fix URLs to point to vercel for ui/storybook projects (#10760) 2021-01-25 14:09:34 -05:00
Ricardo Cardenas 049301f70b
feat(agent): add retry configuration for vault agent (#10644)
* feat(agent): add retry configuration for vault agent

* feat(agent): add test fixtures for retry

* fix(retry): move retry stanza to top level as template_retry

* fix(retry): add retry config to ServerConfig struct

* fix(retry): point config parser to parse template_retry instead of retry

* remove netlify config (#10711)

* Fix build (#10749)

* Move the declaration to a OSS build tag file to not have it collide w… (#10750)

* Move the declaration to a OSS build tag file to not have it collide with ent declarations

* Add comment

* Remove comment to trigger ci

* Unconditionally use the root namespace when calling sys/seal-status. (#10742)

* feat(agent): add retry configuration for vault agent

* feat(agent): add test fixtures for retry

* fix(retry): move retry stanza to top level as template_retry

* fix(retry): add retry config to ServerConfig struct

* fix(retry): point config parser to parse template_retry instead of retry

Co-authored-by: Hridoy Roy <roy@hashicorp.com>
Co-authored-by: Jeff Escalante <jescalan@users.noreply.github.com>
Co-authored-by: Vishal Nayak <vishalnayak@users.noreply.github.com>
Co-authored-by: Mark Gritter <mgritter@hashicorp.com>
2021-01-25 11:00:17 -08:00
Mark Gritter bd6d25499f
Unconditionally use the root namespace when calling sys/seal-status. (#10742) 2021-01-25 11:25:54 -06:00
Vishal Nayak c74c381fb1
Move the declaration to a OSS build tag file to not have it collide w… (#10750)
* Move the declaration to a OSS build tag file to not have it collide with ent declarations

* Add comment

* Remove comment to trigger ci
2021-01-25 09:35:19 -05:00
Vishal Nayak 8ebf0ae794
Fix build (#10749) 2021-01-22 16:40:22 -05:00
Jeff Escalante c0c0dd5379
remove netlify config (#10711) 2021-01-22 15:16:25 -05:00
Vishal Nayak 5d270db1df
Add list peers to DR secondaries (#10746) 2021-01-22 11:50:59 -05:00
Mike Green b0d5660765
Clarify slash is needed on gcs and azure (#10710)
Clarify user question, unexpected behavior with no slash on gcs.
2021-01-21 12:32:24 -05:00
Michael Golowka 1f164a8202
Add 'Add' and 'Del' functions to LDAP interface (#10692) 2021-01-20 16:59:29 -07:00
Lauren Voswinkel 086e8bbb74
Updates api-docs for static role deletion (#10736)
We now specify that the user will remain unless cleaned up manually
2021-01-20 12:57:00 -08:00
Lauren Voswinkel 5794c4e91e
Updating snowflake plugin to 0.1.1 (#10709) 2021-01-20 12:56:36 -08:00
Meggie e67964e870
Changelog notes for 1.6.2 (#10737) 2021-01-20 15:52:48 -05:00
Meggie e4a457f47f
Update _1622.txt
Fixing some formatting so the resulting changelog looks right.
2021-01-20 15:06:23 -05:00
Mark Gritter fd55aa8378
Implement sys/seal-status and sys/leader in system backend (#10725)
* Implement sys/seal-status and sys/leader as normal API calls
(so that they can be used in namespaces.)
* Added changelog.
2021-01-20 14:04:24 -06:00
Meggie 9a5920ba7a
changelog++
Broken link
2021-01-20 15:03:03 -05:00
Josh Black 2cc9e2d914
Update to go 1.15.7 (#10730)
* Update to go 1.15.6

* Just kidding, how about 1.15.7

* And the associated CI config

* Add changelog and update go version in more places
2021-01-20 11:02:33 -08:00
Chelsea Shaw 8d8577c60e
UI: Temporarily skip flaky tests on test-ui (#10728)
* Skip secrets/pki/list?tab=certs

* Skip redirect_to acceptance test

* Skip access/identity/entities/create acceptance test

* Skip settings/configure/secrets/pki/cert
2021-01-20 10:03:29 -06:00
Nick Cabatoff b93c5ff304
Spell out how to configure credentials for GCS. (#10589) 2021-01-20 09:09:23 -05:00
Nick Cabatoff 8cbc63d572
Add configuration to specify a TLS ServerName to use in the TLS handshake when performing a raft join. (#10698) 2021-01-19 17:54:28 -05:00
Nick Cabatoff c2bdeb9e7d
Minimal change to ensure that the bulky leaseEntry isn't kept in memory. (#10726) 2021-01-19 17:51:41 -05:00
Hridoy Roy 0becd555cf
Protect part of emitMetrics from panic behavior during post-seal (#10708)
* vault/core_metrics.go

* changelog

* comments
2021-01-19 14:06:50 -08:00
Hridoy Roy 0e3bddf295
Revert "allow create to create transit keys (#10706)" (#10724)
This reverts commit 4144ee0d3da10fbfef4d081aa72529f2e513f8e2.
2021-01-19 11:49:57 -08:00
Gunjan 4900283ad5
Fix: handle max_request_size<=0 (#10072)
* Fix: handle max_request_size<=0

Signed-off-by: guacamole <gunjanwalecha@gmail.com>

* created test cases for listener

Signed-off-by: guacamole <gunjanwalecha@gmail.com>

* added test case for negative value of MaxRequestSize

Signed-off-by: guacamole <gunjanwalecha@gmail.com>

Co-authored-by: Hridoy Roy <roy@hashicorp.com>
2021-01-19 11:28:28 -08:00
Nick Cabatoff ffe301a5df
Don't list certs if we were told which cert to use. (#10616) 2021-01-19 08:39:59 -05:00
Jeff Escalante 5e60bd9677
add vercel config (#10707) 2021-01-15 15:44:28 -05:00
Jeff Escalante f48841c6ea
Docs: prepare for vercel hosting move (#10598)
* prepare for move to vercel hosting

* update readme

* add back netlify files for hosting transition
2021-01-15 15:29:22 -05:00
Hridoy Roy e8164ad09a
allow create to create transit keys (#10706)
* allow create to create transit keys

* changelog
2021-01-15 12:20:32 -08:00
Nick Cabatoff 792ea778dc
Use 1.15.4 in CI and Dockerfile. (#10587) 2021-01-15 12:39:33 -05:00
Chelsea Shaw 5ec08a469a
UI: refactor flaky test (#10697)
* refactor flaky test

* Replace is-present with dom assertions

* Skip test for now
2021-01-14 14:26:01 -06:00
Mike Wickett b4d0403ef1
website: update alert banner for HCP Vault public beta (#10699) 2021-01-14 14:03:41 -05:00
Brandon Romano 339b8d62c2
Website StackMenu updates for 1/14 (#10690) 2021-01-14 09:19:09 -08:00
Lauren Voswinkel 1ec64fd010
Update Snowflake docs (#10691)
* Update Snowflake docs

Snowflake docs had an issue, `DEFAULT ROLE` should be `DEFAULT_ROLE`

* Update docs to show an actual username
2021-01-13 14:59:16 -08:00
Michael Golowka 6bf38198fd
Remove duplicate funcs, add timestamp with format (#10686) 2021-01-13 10:49:17 -07:00
Calvin Leung Huang eaaa2421a9
changelog: add PR 10131 to the changelog (#10688) 2021-01-12 18:24:04 -08:00
Eugene R 331529fc94
Aerospike storage backend (#10131)
* add an Aerospike storage backend

* go mod vendor

* add Aerospike storage configuration docs

* review fixes

* bump aerospike client to v3.1.1

* rename the defaultHostname variable

* relocate the docs page
2021-01-12 15:26:07 -08:00
Chelsea Shaw 5a05a1b39f
UI: Fix shape of response anticipated from feature-flags endpoint (#10684)
* Fix shape of response anticipated from feature-flags endpoint

* Add changelog
2021-01-11 14:44:52 -06:00
Mike Wickett d72c4d5235
website: add alert banner to promote webinar (#10683) 2021-01-11 11:17:03 -05:00
Hridoy Roy f6bdda8c9c
add variable entropy readers to cert gen helpers [VAULT-1179] (#10653)
* move entropy augmentation in cert gen to oss

* changelog

* go mod vendor

* updated helpers to allow custom entropy

* comments

* comments
2021-01-08 09:48:27 -08:00
Scott Miller 77d27cb968
Add NIST guidance on rotating keys used for AES-GCM encryption (#10612)
* Add NIST guidance on rotating keys used for AES-GCM encryption

* Capture more places barrier encryption is used

* spacing issue

* Probabilistically track an estimated encryption count by key term

* Un-reorder imports

* wip

* get rid of sampling
2021-01-07 15:37:37 -06:00
Theron Voran c788e98a16
Adding documentation for multiple vault-k8s replicas (#10659)
Describes the setup and config for using multiple injector replicas
with auto and manual TLS.

Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com>
2021-01-07 12:22:21 -08:00
Chelsea Shaw 70d3185d3a
UI/managed namespace changes (#10588)
* Redirect to url with namespace param if user logged into root namespace without permission

* Feature flag service for managing flags

* Redirect with namespace query param if no current namespace param AND managed root namespace set

* Test coverage for managed namespace changes

* Handle null body case on feature-flag response, add pretender route for feature-flags on shamir test
2021-01-07 14:18:36 -06:00