Commit graph

12999 commits

Author SHA1 Message Date
Meggie 10a16574a6
Proposed changelog for the 1.6.0 RC (#10328)
* changelog++

I wasn't entirely sure what the changelog should look like for the release candidate.

* Updating website version
2020-11-04 18:23:15 -05:00
Chelsea Shaw d791add3e9
Fix inner link on transform item (#10324) 2020-11-04 13:27:21 -06:00
Chelsea Shaw c6035a74f5
Update query params sent to activity endpoint so that they aren't rounded incorrectly (#10322) 2020-11-04 12:14:33 -06:00
Nick Cabatoff 87af415e25
Remove darwin/386 since Go 1.15 doesn't support it. Remove some 1.14.7 references that were missed. (#10321) 2020-11-04 12:35:09 -05:00
Mark Gritter 91ca298a14
Move "counters" path to the logical system's local path list. (#10314) 2020-11-02 21:59:55 -06:00
Austin Gebauer e32e1e17c7
docs: clarify location of service account key file for google-specific OIDC handling (#10313) 2020-11-02 17:45:05 -08:00
Jim Kalafut 70c14947b4
Fix changelog formatting 2020-11-02 16:17:57 -08:00
Jim Kalafut 3b8c9b23f5
changelog++ 2020-11-02 16:16:38 -08:00
Meggie edd1a48c39
Use packagespec's auto signed tag feature (#10306) 2020-11-02 12:11:58 -05:00
Sam Salisbury e602d763d2
Use Docker Mirror in CI (#10294)
* ci: use docker mirror (source)

* ci: use docker mirror (gen)
2020-10-31 09:09:54 +00:00
swayne275 dffd85e09a
Backport invalidation changes (#10292)
* merge activity log invalidation work from vault-enterprise PR 1546

* skip failing test due to enabled config on oss

Co-authored-by: Mark Gritter <mgritter@hashicorp.com>
2020-10-30 18:11:12 -06:00
Mark Gritter 7f01a58aee
Reintroduce a feature flag to disable the activity log entirely. (#10288)
* Reintroduce a feature flag to disable the activity log entirely.
* Add log message when disabled.
2020-10-30 18:27:35 -05:00
Mark Gritter 6cd07b91c1
changelog++ 2020-10-30 16:58:05 -05:00
Brian Kassouf 8af08c3221
Add an env var to enable a permit pool that limits lease expirations (#10268)
* Add a flag to enable a permit pool to gate lease expiration

* Use the env var to get the size

* Add logs and metris to help debug this

Co-authored-by: Hridoy Roy <roy@hashicorp.com>
2020-10-30 14:45:44 -07:00
Calvin Leung Huang ca72dd4761
mod: update database-couchbase to v0.2.1 (#10286) 2020-10-30 14:29:54 -07:00
Brian Kassouf 10668331e4
Update go version to 1.15.3 (#10279)
* Update go version to 1.15.3

* Fix OU ordering for go1.15.x testing

* Fix CI version

* Update docker image

* Fix test

* packagespec upgrade -version 0.1.8

Co-authored-by: Sam Salisbury <samsalisbury@gmail.com>
2020-10-30 16:44:06 -04:00
Calvin Leung Huang 531e2eb613
mod: update vault plugins (#10283) 2020-10-30 13:28:47 -07:00
Sam Salisbury d678ddfa2b packagespec upgrade -version 0.1.8 2020-10-30 17:29:33 +00:00
Theron Voran 16eb1489d1
Update OIDC namespace_in_state docs (#10269)
To reflect the default of true for new configs.
2020-10-30 08:15:34 -07:00
Brian Kassouf 81a86f48e8
Backport some OSS changes (#10267)
* Backport some OSS changes

* go mod vendor
2020-10-29 16:47:34 -07:00
Theron Voran be0bb77e7e
changelog++ 2020-10-29 14:30:38 -07:00
Theron Voran a15236e664
Updating to jwt plugin@master (#10266) 2020-10-29 14:25:06 -07:00
aphorise f172eb9477
Docs - examples of IPv6 added in listener section of configurations. (#9601) 2020-10-29 15:12:18 -04:00
akosuadenell ab5b8bc6bf
Update index.mdx (#10262) 2020-10-29 12:04:48 -07:00
Vishal Nayak 90a9528610
added test for concurrency call of remount handler and proposed fix for logic to avoid duplication of mount names (#10264)
Co-authored-by: bruj0 <ramakandra@gmail.com>
2020-10-29 14:39:41 -04:00
Vishal Nayak 30fe58a458
Fix remount tests (#10265) 2020-10-29 14:31:58 -04:00
Matt Greenfield 2f369730e0
Validate to/from parameters when remounting a backend (#9890)
Vault uses http.ServeMux which issues an HTTP 301 redirect if the
request path contains a double slash (`//`). Additionally, vault
handles all paths to ensure that the path only contains printable
characters. Therefore use the same validation on the to/from parameters
for remounting.

Not doing this can result in a Vault mount that was originally mounted
at `pki/foo` to being remounted at `pki/foo//bar` resulting in mounts
that cannot be accessed.

Co-authored-by: Vishal Nayak <vishalnayak@users.noreply.github.com>
2020-10-29 14:06:07 -04:00
Hridoy Roy fc94e16805
port external test fix (#10263) 2020-10-29 10:55:26 -07:00
Hridoy Roy f8a248ce48
Port: change leader status metric name to active (#10245)
* change active node metric name

* comment to see if commit is fine

Co-authored-by: Hridoy Roy <hridoyroy@Hridoys-MacBook-Pro.local>
2020-10-29 10:30:45 -07:00
Calvin Leung Huang 4cc1c8aa75
changelog++ 2020-10-28 18:20:50 -07:00
Calvin Leung Huang 08486cdbb9
mod: update gopsutil@v2.20.9 (#10261) 2020-10-28 17:20:54 -07:00
Jonas-Taha El Sesiy b7cf4a05ff
Add support for Managed Identity auth for physical/Azure (#10189)
* Add support for Managed Identity auth for physical/Azure

Obtain OAuth token from IMDS to allow for access to Azure Blob with
short-lived dynamic credentials

Fix #7322

* add tests & update docs/dependencies
2020-10-28 15:04:26 -07:00
Chelsea Shaw 8c4595e243
Add Learn More Here link to vault learn pricing metrics tutorial (#10254)
* Add Learn More Here link to vault learn pricing metrics tutorial

* Fix spacing

Co-authored-by: Vishal Nayak <vishalnayak@users.noreply.github.com>
2020-10-28 12:48:39 -05:00
Scott Miller dd0ea9a389
Wrap the dev logs in a sync.Once and deregister first, to eliminate the possibility of emitting the dev output twice in a race. (#10258) 2020-10-28 10:23:18 -05:00
Jason O'Donnell a4bcbb84e2
docs: fix k8s helm configuration rendering (#10257) 2020-10-28 10:51:40 -04:00
Chelsea Shaw 83a7281b63
Changelog++ 2020-10-27 14:51:54 -05:00
Hridoy Roy 0259be04e0
Port: Add metrics to report mount table sizes for auth and logical [Vault 671] (#10201)
* first commit

* update

* removed some ent features from backport

* final refactor

* backport patch

Co-authored-by: Hridoy Roy <hridoyroy@Hridoys-MacBook-Pro.local>
Co-authored-by: Hridoy Roy <hridoyroy@Hridoys-MBP.hitronhub.home>
2020-10-27 08:24:43 -07:00
Tom Proctor e6807a0645
Docs: Support for scopes in MongoDB Atlas database plugin (#10241) 2020-10-27 13:24:51 +00:00
Vishal Nayak f832d3da66
OCI: Don't store region in the backend struct (#10248)
* OCI: Don't store region in the backend struct

* Update physical/oci/oci.go

Co-authored-by: Calvin Leung Huang <cleung2010@gmail.com>

Co-authored-by: Calvin Leung Huang <cleung2010@gmail.com>
2020-10-26 19:41:51 -04:00
Jason Witkowski ebfaa551eb
Add ability to specify region for OCI Storage Backend (#9302)
* Add ability to specify region for OCI Storage Backend

* Fix capitalization in Vault documentation

Co-authored-by: Josh Black <raskchanky@users.noreply.github.com>
Co-authored-by: Vishal Nayak <vishalnayak@users.noreply.github.com>
2020-10-26 18:28:32 -04:00
Theron Voran d8dc45f03f
UI/OIDC: allow passing namespace in state (#10171)
* UI/OIDC: allow passing namespace in state

Suppport in the UI OIDC callback flow to parse namespace out of the
state parameter instead of a separate query parameter in the
redirect_uri. Includes docs for the option that enables this behavior
in the JWT plugin.

* 1.6 wordsmithing

* pass_namespace_in_state -> namespace_in_state

* re-wording

* use strict equals

Co-authored-by: Vishal Nayak <vishalnayak@users.noreply.github.com>
2020-10-26 18:17:21 -04:00
Vishal Nayak 7912ac9713 Fix build 2020-10-26 18:14:01 -04:00
Calvin Leung Huang c7e8605363
changelog++ 2020-10-26 14:33:59 -07:00
Jeff Mitchell 3b93a18ef2
Consolidate locking for sys/health (#9876)
* Consolidate locking for sys/health

This avoids a second state lock read-lock on every sys/health hit

* Address review feedback

Co-authored-by: Vishal Nayak <vishalnayakv@gmail.com>
Co-authored-by: Vishal Nayak <vishalnayak@users.noreply.github.com>
2020-10-26 16:47:54 -04:00
Calvin Leung Huang ca8435bf4e
auth: store period value on tokens created via login (#7885)
* auth: store period value on tokens created via login

* test: reduce potentially flaskiness due to ttl check

* test: govet on package declaration

* changelog++

* Temporarily remove CL entry

* Add back the CL entry

Co-authored-by: Vishal Nayak <vishalnayakv@gmail.com>
2020-10-26 16:25:56 -04:00
Clint 95810d1360
Return logical.StatusBadRequest on requests with missing token (#8457)
* Add test for 400 status on missing token

* Return logical.StatusBadRequest on missing token

* remove commented out code

Co-authored-by: Vishal Nayak <vishalnayak@users.noreply.github.com>
2020-10-26 16:17:25 -04:00
Michael Golowka d2c9522d39
Password policies in DB engine
Also expanded support for all DBs for root credential rotation & static credential rotation
2020-10-26 14:01:08 -06:00
Michael Golowka e07fe992ef
DBPW - Add readme to dbplugin package (#10230) 2020-10-26 13:57:02 -06:00
Jeff Mitchell a07b6ba1d2
Add omitempty's to MountEntry and MountConfig (#7154)
Co-authored-by: Jim Kalafut <jkalafut@hashicorp.com>
Co-authored-by: Vishal Nayak <vishalnayak@users.noreply.github.com>
2020-10-26 15:34:55 -04:00
Theron Voran b705d71ae7
Add info about aws timeouts to docs (#10209)
In auth/aws, seal/awskms, and secrets/aws, storage/s3, and
storage/dynamodb.

One blurb for the docs pages and one for the .0 upgrade pages.
2020-10-26 11:15:59 -07:00