Commit graph

14031 commits

Author SHA1 Message Date
hghaf099 1b54217094
Adds note about policy needed for batch dr token (#12767) 2021-10-07 16:15:32 -04:00
Jason O'Donnell 403595fa9f
docs: add note for rolesets to avoid globs in policies (#12756)
* docs: add note for rolesets to avoid wildcards in policies

* Add note about not using example

* Change wildcard to glob

* Update website/content/docs/upgrading/upgrade-to-1.8.0.mdx

Co-authored-by: mickael-hc <86245626+mickael-hc@users.noreply.github.com>

* Update documentation per review

* Update per review

* Update website/content/docs/upgrading/upgrade-to-1.8.0.mdx

Co-authored-by: Calvin Leung Huang <1883212+calvn@users.noreply.github.com>

Co-authored-by: mickael-hc <86245626+mickael-hc@users.noreply.github.com>
Co-authored-by: Calvin Leung Huang <1883212+calvn@users.noreply.github.com>
2021-10-07 15:35:56 -04:00
Scott Miller 1097f356af
Add a TRACE log with TLS connection details on replication connections (#12754)
* remove cruft
use helper
Add a helper for getting public key sizes
wip

* error names

* Fix ecdsa

* only if trace is on

* Log listener side as well

* rename

* Add remote address

* Make the log level configurable via the env var, and a member of the Listener and thus modifiable by tests

* Fix certutil_test
2021-10-07 14:17:31 -05:00
Chelsea Shaw 7fd527dc9a
UI update changelog link (#12766)
* Update changelog link

* Update test
2021-10-07 11:38:12 -06:00
Austin Gebauer e09657e1f3
Adds ability to define an inline policy and internal metadata on tokens (#12682)
* Adds ability to define an inline policy and internal metadata to tokens

* Update comment on fetchEntityAndDerivedPolicies

* Simplify handling of inline policy

* Update comment on InternalMeta

Co-authored-by: Brian Kassouf <briankassouf@users.noreply.github.com>

* Improve argument name

Co-authored-by: Brian Kassouf <briankassouf@users.noreply.github.com>

* Use explicit SkipIdentityInheritance token field instead of implicit InlinePolicy behavior

* Add SkipIdentityInheritance to pb struct in token store create method

* Rename SkipIdentityInheritance to NoIdentityPolicies

* Merge latest from main and make proto

Co-authored-by: Brian Kassouf <briankassouf@users.noreply.github.com>
2021-10-07 10:36:22 -07:00
Pamela Bortnick 5e4ca0468f
Update social share image (#12441)
* Update social share image

* Update image for social share
2021-10-07 13:34:44 -04:00
swayne275 b9fde1dd6f
oss port (#12755) 2021-10-07 11:25:16 -06:00
Bryce Kalow 55e195f161
website: upgrades dependencies (#12670)
* upgrades deps and gets it building

* remove unneeded css file

* fix: hide intended elements in print (#12710)

* upgrade deps to latest

Co-authored-by: Zachary Shilton <4624598+zchsh@users.noreply.github.com>
2021-10-07 11:23:19 -04:00
Tim Peoples 17eb29f1d3
Update plugin proto to send tls.ConnectionState (Op.2) (#12581) 2021-10-07 08:06:09 -04:00
Rowan Smith f21be1ed1c
updated vault.core.license.expiration_time_epoch (#12760) 2021-10-07 07:14:25 -04:00
Yoan Blanc 5951b832bb
docs: since Vault 1.0 Unseal is OSS (#12268)
* docs: since Vault 1.0 Unseal is OSS

Signed-off-by: Yoan Blanc <yoan@dosimple.ch>

* fixup! docs: since Vault 1.0 Unseal is OSS

Signed-off-by: Yoan Blanc <yoan@dosimple.ch>

* fixup! fixup! docs: since Vault 1.0 Unseal is OSS

Signed-off-by: Yoan Blanc <yoan@dosimple.ch>
2021-10-06 13:35:35 -07:00
Meggie a1c4bb5ba4
Updating website for 1.8.4 (#12751) 2021-10-06 16:23:37 -04:00
Meggie f496f21f40
changelog++ 2021-10-06 16:20:03 -04:00
vinay-gopalan 458927c2ed
[VAULT-3157] Move mergeStates utils from Agent to api module (#12731)
* move merge and compare states to vault core

* move MergeState, CompareStates and ParseRequiredStates to api package

* fix merge state reference in API Proxy

* move mergeStates test to api package

* add changelog

* ghost commit to trigger CI

* rename CompareStates to CompareReplicationStates

* rename MergeStates and make compareStates and parseStates private methods

* improved error messaging in parseReplicationState

* export ParseReplicationState for enterprise files
2021-10-06 10:57:06 -07:00
Michael Boulding 79662d0842
Patch to support VAULT_HTTP_PROXY variable (#12582)
* patch to support VAULT_HTTP_PROXY variable

* simplify the proxy replacement

* internal code review

* rename to VAULT_HTTP_PROXY, apply within ReadEnvironment

* clean up some unintended whitespace changes

* add docs for the new env variable and a changelog entry

Co-authored-by: Dave Du Cros <davidducros@gmail.com>
2021-10-06 09:40:31 -07:00
VAL 1549af7e53
Add links to vault-examples repo (#12740) 2021-10-05 10:15:01 -07:00
Anner J. Bonilla 8c29f49e1a
Add support for ed25519 (#11780)
* update azure instructions

Update instructions in regards to azure AD Authentication and OIDC

* Initial pass of ed25519

* Fix typos on marshal function

* test wip

* typo

* fix tests

* missef changelog

* fix mismatch between signature and algo

* added test coverage for ed25519

* remove pkcs1 since does not exist for ed25519

* add ed25519 support to getsigner

* pull request feedback

Signed-off-by: Anner J. Bonilla <abonilla@hoyosintegrity.com>

* typo on key

Signed-off-by: Anner J. Bonilla <abonilla@hoyosintegrity.com>

* cast mistake

Signed-off-by: Anner J. Bonilla <abonilla@hoyosintegrity.com>

Co-authored-by: Jim Kalafut <jkalafut@hashicorp.com>
2021-10-05 11:28:49 -04:00
Sam Salisbury b979b52ed8
Update builder base image (#12709)
* build: update base image: debian:bullseye-20210927
2021-10-05 16:21:26 +01:00
Lars Lehtonen 838e20778d
builtin/logical/consul: fix dropped test error (#12733) 2021-10-05 12:09:13 +01:00
claire bontempo 42ae96ed1c
UI/ PKI UI Redesign (#12541)
* installs node-forge

* correctly displays and formats cert metadata

* removes labels

* uses helper in hbs file

* adds named arg to helper

* pki-ca-cert displays common name, issue & expiry date

* alphabetizes some attrs

* adds test for date helper
2021-10-04 14:31:36 -07:00
Scott Miller b84100d4a0
Upgrade go-kms-wrapping to pickup oci-go-sdk update (#12724)
* Upgrade go-kms-wrapping to pickup oci-go-sdk update

* changelog
2021-10-04 16:21:38 -05:00
Steven Clark fa57ba0ccf
Fix 1.8 regression preventing email addresses being used as common name within pki certificates (#12336) (#12716)
* Fix 1.8 regression preventing email addresses being used as common name within pki certs (#12336)

* Add changelog
2021-10-04 14:02:47 -04:00
hghaf099 a3796997d9
Fix a Deadlock on HA leadership transfer (#12691)
* Fix a Deadlock on HA leadership transfer when standby
was actively forwarding a request
fixes GH #12601

* adding the changelog
2021-10-04 13:55:15 -04:00
Chelsea Shaw c84bdbf1f6
Auth method role edit form should be valid by default (#12646)
* isFormInvalid should be false by default and update on keyup

* Add changelog
2021-10-04 11:53:24 -06:00
Ian Ferguson afb501a0d4
Upgrade pq to fix connection failure cleanup bug (v1.8.0 => v1.10.3) (#12413)
* Upgrade pq to fix connection failure cleanup bug (v1.8.0 => v1.10.3)

* Run go mod tidy after `go get -u github.com/lib/pq`

* include changelog/12413.txt
2021-10-01 14:35:51 -07:00
Calvin Leung Huang 752e4a48a1
docs: add plugin limits and lifecycle sections (#12697)
* docs: add plugin limits and lifecycle sections

* remove extranous comments on the limits page

* add more lifecycle cases, review feedback

* address follow-up review feedback

* rename section to "External plugin limits"
2021-10-01 11:59:13 -07:00
Calvin Leung Huang f56654ef56
gomod: run go mod tidy (#12712) 2021-10-01 11:38:24 -07:00
vinay-gopalan 680e8515fa
[VAULT-3472] Cap Client id_token_ttl field to associated Key's verification_ttl (#12677) 2021-10-01 10:47:40 -07:00
Matt Greenfield 8577602395
Fix entity group associations (#10085)
- When two entities are merged, remove the from entity ID in any
  associated groups.
- When two entities are merged, also merge their associated group
  memberships.

Fixes #10084
2021-10-01 10:22:52 -04:00
Jim Kalafut 187a15faf2
Update CODEOWNERS (#12695)
Route plugin portal changes to `acahn` as well.
2021-09-30 12:51:47 -07:00
Ben Ash dda2c1ed88
upgrade vault-plugin-auth-kubernetes (#12688)
* fix: upgrade vault-plugin-auth-kubernetes

-  on alias look ahead, validate JWT token against the role's configuration
2021-09-30 14:25:09 -04:00
Siddharth 97914173fe
Update plugin-portal.mdx (#12681) 2021-09-30 11:00:44 -07:00
Loann Le 037c538ed0
Updated documentation: added new code example and reference (#12693)
* added new code example

* Update website/content/docs/concepts/auth.mdx

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>

* Update website/content/docs/concepts/lease.mdx

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>

* Update lease.mdx

* Update website/content/docs/concepts/lease.mdx

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>
2021-09-30 10:46:01 -07:00
Jim Kalafut 06d53f1b18
Highlight that password policies are defined in a namespace (#12692) 2021-09-30 09:41:45 -07:00
Theron Voran 1210a9d319
docs: vault-k8s-0.13.1 vault-helm-0.16.1 (#12680)
Vault K8s 0.13.1 and Vault Helm 0.16.1 updated the default Vault
image, so making the corresponding docs updates here.
2021-09-30 08:49:56 -07:00
Mayo 0bd0339c0b
cleanup unused code and fix t.Fatal usage in goroutine in testing (#11694) 2021-09-30 07:33:14 -04:00
Brian Kassouf 39a9727c8b
Update protobuf & grpc libraries and protoc plugins (#12679) 2021-09-29 18:25:15 -07:00
vinay-gopalan 447fdf624a
Upgrade awsutil package version to 0.1.5 (#12621)
* upgrade awsutil version to 0.1.5

* add changelog

* update changelog
2021-09-29 14:45:35 -07:00
Jim Kalafut c944222f2a
Update changelog checker to catch invalid "fix" type (#12674) 2021-09-29 14:02:03 -07:00
Chelsea Shaw e77e65d1b3
Docfix: "Fix" is not a valid release-note type (#12676) 2021-09-29 14:54:58 -06:00
Angel Garbarino 92223b600e
KV search box when no list access to metadata (#12626)
* get credentials card test and setup

* call getcrednetials card and remove path test error

* configuration

* metadata search box

* changelog

* checking if it is noReadAccess

* try removing test

* blah

* a test

* blah

* stuff

* attempting a clean up to solve issue

* Another attempt

* test1

* test2

* test3

* test4

* test5

* test6

* test7

* finally?

* clean up
2021-09-29 14:35:00 -06:00
Meggie 33cca7586a
changelog++
Added missing UI item
2021-09-29 16:26:39 -04:00
Meggie 464d286780
Updating website latest to 1.8.3 (#12671) 2021-09-29 15:10:15 -04:00
Meggie a4ca479d2e
changelog++ 2021-09-29 14:45:03 -04:00
Tero Saarni 944332d12d
Update Go client libraries for etcd (#11980)
* Update Go client libraries for etcd

* Added etcd server container to run etcd3 tests automatically.

* Removed etcd2 test case: it fails the backend tests but the failure is
  unrelated to the uplift.  The etcd2 backend implementation does not
  remove empty nested nodes when removing leaf (see comments in #11980).
2021-09-29 14:28:13 -04:00
Scott Miller 0c7cdaf5f8
Document transform batch reference field (#12664) 2021-09-29 13:20:39 -05:00
Michael Golowka bee49a4c49
Update Azure secrets engine to use MS Graph (#12629) 2021-09-29 11:28:13 -06:00
jweissig f854b4446f
docs: updated enterprise package name (#12667)
Updated docs to align with Enterprise package name.
2021-09-29 10:17:31 -04:00
Blake Covarrubias 0963230b8c
docs: Remove permissive policies in Consul ACL examples (#12454)
The ACL policy examples documented on the Consul Storage Backend and
Consul Service Registration pages are too permissive. Both policies
unnecessarily grant agent:write and node:write access for all agents
within the Consul datacenter. When Consul is used solely for service
registration, `service:write` is only required permission.

This commit modifies the policy for the Consul Storage Backend to
remove node:write access, and changes agent:write to agent:read.

The policy on the Consul Service Registration page is updated to
remove all KV-related privileges, and solely grant the necessary
service:write permission.
2021-09-28 14:13:41 -07:00
Angel Garbarino 1d18b0a7fa
UI/kv creation time (#12663)
* add created time for secret version view

* complete functionality

* test coverage

* changelog

* version per list item

* clean up
2021-09-28 13:15:43 -06:00