Commit graph

15045 commits

Author SHA1 Message Date
Chris Capurso 15bad36e83
Fix sentence under Integrated Storage (Raft) Autopilot docs (#15231)
Co-authored-by: Peter Zujko <peter.zujko@klaviyo.com>
2022-04-29 11:26:32 -04:00
VAL a06c8a139f
Add enterprise sudo paths to api.SudoPaths map (#15219)
* Add enterprise sudo paths to api.SudoPaths map

* add comment to denote ent-only sudo paths

* go fmt

Co-authored-by: Chris Capurso <1036769+ccapurso@users.noreply.github.com>
2022-04-29 10:09:25 -04:00
Peter Wilson 43bb764808
Do sockaddr template parsing only when needed (#15224) 2022-04-29 09:57:17 -04:00
Nick Cabatoff c5928c1d15
Raft: use a larger initial heartbeat/election timeout (#15042) 2022-04-29 08:32:16 -04:00
Sergey Lanzman 90b12f1386
Add AWS_DYNAMODB_REGION Environment variable (#15054)
Added AWS_DYNAMODB_REGION env
2022-04-28 12:29:51 -07:00
VAL 0ef529b710
Global flag that outputs minimum policy HCL required for an operation (#14899)
* WIP: output policy

* Outputs example policy HCL for given request

* Simplify conditional

* Add PATCH capability

* Use OpenAPI spec and regex patterns to determine if path is sudo

* Add test for isSudoPath

* Add changelog

* Fix broken CLI tests

* Add output-policy to client cloning code

* Smaller fixes from PR comments

* Clone client instead of saving and restoring custom values

* Fix test

* Address comments

* Don't unset output-policy flag on KV requests otherwise the preflight request will fail and not populate LastOutputPolicyError

* Print errors saved in buffer from preflight KV requests

* Unescape characters in request URL

* Rename methods and properties to improve readability

* Put KV-specificness at front of KV-specific error

* Simplify logic by doing more direct returns of strings and errors

* Use precompiled regexes and move OpenAPI call to tests

* Remove commented out code

* Remove legacy MFA paths

* Remove unnecessary use of client

* Move sudo paths map to plugin helper

* Remove unused error return

* Add explanatory comment

* Remove need to pass in address

* Make {name} regex less greedy

* Use method and path instead of info from retryablerequest

* Add test for IsSudoPaths, use more idiomatic naming

* Use precompiled regexes and move OpenAPI call to tests (#15170)

* Use precompiled regexes and move OpenAPI call to tests

* Remove commented out code

* Remove legacy MFA paths

* Remove unnecessary use of client

* Move sudo paths map to plugin helper

* Remove unused error return

* Add explanatory comment

* Remove need to pass in address

* Make {name} regex less greedy

* Use method and path instead of info from retryablerequest

* Add test for IsSudoPaths, use more idiomatic naming

* Make stderr writing more obvious, fix nil pointer deref
2022-04-27 16:35:18 -07:00
Loann Le 48a4c01b97
updated KI for upgrade guides (#15202) 2022-04-27 13:26:45 -07:00
Christopher Swenson 7713b67c15
fix: upgrade vault-plugin-database-snowflake to v0.4.1 (#15199) 2022-04-27 10:55:10 -07:00
Theron Voran 3d70b41049
docs: update the vault-lambda-extension docs (#15190)
Updates the layer version for the new release, and renames the docs
page from lambda-extension-cache -> lambda-extension, and includes a
redirect.
2022-04-27 08:27:18 -07:00
Rémi Lapeyre 089b6ea970
Remove dead code in setupCredentials() (#15194)
This should have been removed as part of f09e39ea42 but somehow got
forgotten.
2022-04-27 10:47:04 -04:00
Loann Le cca8244040
Vault documentation: applied new guidelines to code blocks (#15191)
* applied new guidelines to codeblock

* updated text
2022-04-26 14:12:52 -07:00
Christopher Swenson aa6d61477e
VAULT-5827 Don't prepare SQL queries before executing them (#15166)
VAULT-5827 Don't prepare SQL queries before executing them

We don't support proper prepared statements, i.e., preparing once and
executing many times since we do our own templating. So preparing our
queries does not really accomplish anything, and can have severe
performance impacts (see
https://github.com/hashicorp/vault-plugin-database-snowflake/issues/13
for example).

This behavior seems to have been copy-pasted for many years but not for
any particular reason that we have been able to find. First use was in
https://github.com/hashicorp/vault/pull/15

So here we switch to new methods suffixed with `Direct` to indicate
that they don't `Prepare` before running `Exec`, and switch everything
here to use those. We maintain the older methods with the existing
behavior (with `Prepare`) for backwards compatibility.
2022-04-26 12:47:06 -07:00
Jordan Reimer 9eaea7bc14
KMSE Wizard Steps (#15171)
* fixes issues in key-edit component

* adds capabilities checks for keys and providers

* adds distribute component to key and provider edit

* adds wizard steps for kmse
2022-04-26 13:17:42 -06:00
Loann Le 5a47db75cc
Vault documentation: updated docs to include a note about seal requirement (#15172)
* add note about seal requirement

* fixed spelling error

* updated notes

* Update website/content/docs/configuration/seal/pkcs11.mdx

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>

* Update website/content/docs/concepts/seal.mdx

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>
2022-04-26 12:13:03 -07:00
kitography 87fa42db66
Fix the AllowedValues and description on "key_type" on the roles endpoint. (#15184) 2022-04-26 13:26:43 -04:00
Josh Black a4593e8913
When tainting a route during setup, pre-calculate the namespace specific path (#15067) 2022-04-26 09:13:45 -07:00
Jordan Reimer d6933e9ef4
KMSE Capabilities & Phase 1 Cleanup (#15143)
* fixes issues in key-edit component

* adds capabilities checks for keys and providers

* adds distribute component to key and provider edit
2022-04-26 08:23:31 -06:00
Chris Capurso cc531c793d
fix raft tls key rotation panic when rotation time in past (#15156)
* fix raft tls key rotation panic when rotation time in past

* add changelog entry

* push out next raft TLS rotation time in case close to elapsing

* consolidate tls key rotation duration calculation

* reduce raft getNextRotationTime padding to 10 seconds

* move tls rotation ticker reset to where its duration is calculated
2022-04-25 21:48:34 -04:00
AnPucel 2b5be0adec
[VAULT-5813] Remove duplicate sha_256 in SystemCatalogRequest OAS (#15163) 2022-04-25 13:12:08 -07:00
Matt Schultz a06f9863e7
Don't show the signature for git commits in the build_date script (#15165) 2022-04-25 13:47:55 -05:00
Angel Garbarino 80c4ab7148
Client Count banner warnings for upgraded of minor 9 or 10 (#15103)
* handle current warning

* handle history

* match the two flows

* clean up

* Refactor to account for chart indicator (#15121)

* refactor for charts

* revert handler changes

* clarify variable

* add 1.10 to version history

* woops add key

* handle mock query end date

* update current template

* add date

* fix tests

* fix fake version response

* address comments, cleanup

* change word

* add TODO

* revert selector

Co-authored-by: claire bontempo <68122737+hellobontempo@users.noreply.github.com>
Co-authored-by: Claire Bontempo <cbontempo@hashicorp.com>
2022-04-25 11:23:12 -06:00
Nick Cabatoff 15ad2dd438
Add upgrade note for #15147. (#15154) 2022-04-25 12:55:58 -04:00
AnPucel f38248f5e5
[VAULT-5887] TypeInt64 support added to OpenApi Spec generation (#15104)
Adding handling for TypeInt64 to OAS types
2022-04-22 15:37:12 -07:00
claire bontempo 2907464b96
fix test selector (#15132) 2022-04-22 11:44:45 -07:00
claire labry 11c1b49277
change action to pull v1 instead of main (#15128) 2022-04-22 14:15:09 -04:00
Nick Cabatoff 7e64e105a0
Clone identity objects to prevent races. (#15123) 2022-04-22 13:04:34 -04:00
Reuben James 92cd0e8248
Update golang.org/x/crypto/ssh (#15125)
* Update golang.org/x/crypto/ssh

* Add changelog comment
2022-04-22 12:58:23 -04:00
ldilalla-HC 0a6c7be73e
Update CHANGELOG.md 2022-04-22 09:54:30 -04:00
Chris Capurso 762c08833e
remove references to sys/license endpoint in docs (#14913) 2022-04-21 16:27:51 -04:00
Chris Capurso b4a46313b4
remove mount-filter endpoint from replication docs (#14896) 2022-04-21 16:27:00 -04:00
Jason O'Donnell 716430d3e7
docs/agent: merge template and template config (#15117)
* docs/agent: merge template and template config

* Fix example

* Update per review
2022-04-21 16:23:27 -04:00
Nick Cabatoff 5fa60555c5
Correct the unit type for mount_table.size. (#15114) 2022-04-21 12:54:32 -04:00
Yoko Hyakuna e9f18bdad7
Elaborate the correlation between CLI and API (#15056)
* Add command help info

* Explain CLI and API correlation

* Update the heading level

* Updated the command example with more description

* Update website/content/docs/commands/index.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* Update website/content/docs/commands/index.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* Update website/content/docs/commands/index.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* Incorporate review feedback

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>
2022-04-21 09:17:24 -07:00
Jordan Reimer 22c5159520
updates LinkTo disabled attributes to args and fixes toolbar secret link disabled styling (#15106) 2022-04-21 07:44:06 -06:00
Peter Wilson fec9fa6841
Modified explanation on >=1 audit devices and successful requests (#15110) 2022-04-21 09:15:05 -04:00
Chelsea Shaw c77e620879
Add back metadata.json (#15105)
* Add back metadata.json

* remove space
2022-04-20 17:32:03 -05:00
Rémi Lapeyre bf4c4595f3
secrets/consul: Add support to auto-bootstrap Consul ACL system (#10751)
* Automatically bootstraps the Consul ACL system if no management token is given on the access config
2022-04-20 17:16:15 -05:00
Jordan Reimer 3172e74d7e
Key Management Secrets Engine Phase 1 (#15036)
* KMSE: Key Model / Adapter / Serializer setup (#13638)

* First pass model

* KMS key adapter (create/update), serializer, model

* Add last rotated and provider to key

* KeyEdit secret-edit component, and more key model stuff

* add formatDate param support to infotablerow

* Add keymgmt key to routes and options-for-backend

* Rename keymgmt-key to keymgmt/key

* Add test, cleanup

* Add mirage handler for kms

* Address PR comments

* KMS Providers (#13797)

* adds pagination-controls component

* adds kms provider model, adapter and serializer

* adds kms provider-edit component

* updates secrets routes to handle itemType query param for kms

* updates kms key adapter to query by provider

* adds tests for provider-edit component

* refactors kms provider adapter to account for dynamic path

* adds model-validations-helper util

* removes keymgmt from supported-secret-backends

* fixes issue generating url for fetching keys for a provider

* updates modelType method on secret-edit route to accept options object as arg rather than transition

* adds additional checks to ensure queryParams are defined in options object for modelType method

* UI/keymgmt distribute key (#13840)

* Add distribution details on key page, and empty states if no permissions

* Allow search-select component to return object so parent can tell when new item was created

* Add stringarray transform

* Distribute component first pass

* Refactor distribute component for use with internal object rather than ember-data model

* Specific permission denied errors on key edit

* Allow inline errors on search-select component

* Style updates for form errors

* Styling and error messages on distribute component

* Allow block template on inline alert so we can add doc links

* Add distribute action, flash messages, cleanup

* Cleanup & Add tests

* More cleanup

* Address PR comments

* Move disable operations logic to commponent class

* KMSE Enable/Config (#14835)

* adds keymgmt secrets engine as supported backend

* adds comment to check on keymgmt as member of adp module

* updates kms provider to use model-validations decorator

* fixes lint errors and tests

Co-authored-by: Chelsea Shaw <82459713+hashishaw@users.noreply.github.com>
2022-04-20 12:40:27 -06:00
Conor Mongey 9c294f1ef0
Bootstrap Nomad ACL system if no token is given (#12451)
* Bootstrap Nomad ACL system if no token is given

Similar to the [Bootstrap the Consul ACL system if no token is given][boostrap-consul]
it would be very useful to bootstrap Nomads ACL system and manage it in
Vault.

[boostrap-consul]:https://github.com/hashicorp/vault/pull/10751

* Add changelog entry

* Remove debug log line

* Remove redundant else

* Rename Nomad acl bootstrap param

* Replace sleep with attempt to list nomad leader, setup will retry until successful

* fmt
2022-04-20 11:06:25 -07:00
Steven Clark cb16c478e7
Refactor enterprise PKI managed key code (OSS) (#15102)
- As part of the PKI rotation project we need to hook into some of the functions
   that were factored out for managed keys in regards to key handling within the
   CA bundles.
 - Refactor the codebase so that we only extract managed key stuff from oss/ent
   and not additional business logic.
2022-04-20 13:46:01 -04:00
Jordan Reimer 6cfa604044
Generated Model Bug (#15099)
* updates path help service to handle setting id of model

* adds changelog entry

* removes changelog entry
2022-04-20 09:56:03 -06:00
claire bontempo 6c7dee4824
UI/Add upgrade indicator client charts (#15083)
* clean up activity serailizer

* fix line chart so only plot months with data

* cleanup monthly serializer

* account for empty months in vertical bar chart

* tidy version upgrade info

* fix version history model typo

* extract const into helper

* add upgrade indicator to line chart

* fix tests

* add todos
2022-04-20 08:35:57 -07:00
John-Michael Faircloth 73887be1e0
Update CODEOWNERS (#15097) 2022-04-20 09:47:26 -05:00
Hamid Ghaf 6ff678000e
deprecating Legacy MFA (#14869)
* deprecating Legacy MFA

* removing legacy MFA doc json entry

* CL

* changing the link to legacy MFA in CL

* removing legacy MFA stuff from credentials' cli
2022-04-19 21:19:34 -04:00
Christopher Swenson 457f28240e
VAULT-5827 Update mongodb, brotli (#15093)
VAULT-5827 Update mongodb, brotli

Closes https://github.com/hashicorp/vault-plugin-secrets-mongodbatlas/issues/11

* `brotli` 1.0.1 was withdrawn
* `go-client-mongodb-atlas` has an old dependency on a renamed repo, and
  has been renamed twice. This caused issues in
  https://github.com/hashicorp/vault-plugin-secrets-mongodbatlas/issues/11
  for example.
* VAULT-5827 Set unwrap token during database tests

The unwrap token is necessary for the plugins to start correctly when
running when running acceptance tests locally, e.g.,

```
$ VAULT_MONGODBATLAS_PROJECT_ID=... VAULT_MONGODBATLAS_PRIVATE_KEY=... VAULT_MONGODBATLAS_PUBLIC_KEY=... TEST='-run TestBackend_StaticRole_Rotations_MongoDBAtlas github.com/hashicorp/vault/builtin/logical/database'  make test

--- FAIL: TestBackend_StaticRole_Rotations_MongoDBAtlas (5.33s)
    rotation_test.go:818: err:%!s(<nil>) resp:&logical.Response{Secret:<nil>, Auth:<nil>, Data:map[string]interface {}{"error":"error creating database object: invalid database version: 2 errors occurred:\n\t* Unrecognized remote plugin message: PASS\n\nThis usually means that the plugin is either invalid or simply\nneeds to be recompiled to support the latest protocol.\n\t* Incompatible API version with plugin. Plugin version: 5, Client versions: [3 4]\n\n"}, Redirect:"", Warnings:[]string(nil), WrapInfo:(*wrapping.ResponseWrapInfo)(nil), Headers:map[string][]string(nil)}
```

Note the `PASS` message there, which indicates that the plugin exited
before starting the RPC server.
2022-04-19 15:26:22 -07:00
Angel Garbarino afddcfd645
remove storybook: (#15074)
* remove storybook:

* changelog

* clean up

* update browserstack

* remove special case for storybook

* add back gen-story-md
2022-04-19 15:45:20 -06:00
Tom Proctor b30e7d3545
Upgrade hashicorp/consul-template dependency (#15092)
* Includes sprig template functions
* Includes improvements to writeTo template function
* Add sprig functions test, improve failure message
2022-04-19 20:51:11 +01:00
John-Michael Faircloth 358f0f1e4b
Update CODEOWNERS (#15095) 2022-04-19 14:45:17 -05:00
Bryce Kalow 2c4a619a8c
website: remove source code (#15068)
* removes site source code

* remove algolia index and docker image workflows

* remove unneeded dependencies
2022-04-19 14:41:15 -04:00
Chris Capurso e69f89c279
Add build date (#14957)
* add BuildDate to version base

* populate BuildDate with ldflags

* include BuildDate in FullVersionNumber

* add BuildDate to seal-status and associated status cmd

* extend core/versions entries to include BuildDate

* include BuildDate in version-history API and CLI

* fix version history tests

* fix sys status tests

* fix TestStatusFormat

* remove extraneous LD_FLAGS from build.sh

* add BuildDate to build.bat

* fix TestSysUnseal_Reset

* attempt to add build-date to release builds

* add branch to github build workflow

* add get-build-date to build-* job needs

* fix release build command vars

* add missing quote in release build command

* Revert "add branch to github build workflow"

This reverts commit b835699ecb7c2c632757fa5fe64b3d5f60d2a886.

* add changelog entry
2022-04-19 14:28:08 -04:00