Commit graph

14838 commits

Author SHA1 Message Date
Loann Le 1ef5e40d6c
New server side consistent token faq for vault 1.10 (#14550)
* new ssct faq page

* provide links to faq

* provided lik to login mfa tutorial
2022-03-17 12:08:27 -07:00
Loann Le a588b06978
added note (#14556) 2022-03-17 10:31:32 -07:00
Jim Kalafut 9733e8b858
Rename master key -> root key in docs (#14542) 2022-03-16 22:01:38 -07:00
Jason O'Donnell 219df7087c
identity/token: fix duplicate keys in well-known (#14543)
* identity/token: fix duplicate kids in well-known

* Remove unused check

* changelog

* use map-based approach to dedup key IDs

* improve changelog description

* move jwks closer to usage; specify capacity

Co-authored-by: Austin Gebauer <agebauer@hashicorp.com>
2022-03-16 18:48:10 -07:00
Angel Garbarino 993f30618e
Addressing various Ember depreciations required for 4.0 (#14532)
* remove Ember Logger

* remove jquery

* prevent setting ember string methods on string

* remove reopen class

* Revert "remove reopen class"

This reverts commit d6a48f148617694cf7b0fc95feb30771ef982c59.

* redo

* clean up

* fix test

* Update ui/app/styles/components/tabs.scss

Co-authored-by: Chelsea Shaw <82459713+hashishaw@users.noreply.github.com>

* fix test

* test clean up

* clean up cont.

Co-authored-by: Chelsea Shaw <82459713+hashishaw@users.noreply.github.com>
2022-03-16 18:36:48 -06:00
Loann Le 01570eaa3a
agent injector doc for 1-10 (#14548) 2022-03-16 17:09:04 -07:00
Loann Le 80c56225dc
new vault docs (#14546) 2022-03-16 16:29:56 -07:00
Benjamin Chrobot 267e202624
docs: add missing k8s verb (#12374) 2022-03-16 14:24:19 -05:00
Chelsea Shaw 214d9e3a90
Update gitignore (#14536) 2022-03-16 13:56:51 -05:00
claire bontempo a003d9875e
UI/d3 DOM cleanup hover issue (#14493)
* fix duplicate rendering of chart elements

* organize SVG char elements into groups, give data-test attrs

* update tests

* tweak mirage

* add fake client counting start date

* fix test

* add waitUntil

* adds changelog

* add second waituntil
2022-03-16 13:36:41 -05:00
Hridoy Roy 0dfabe7ade
Server Side Consistency Docs (#14392)
* partial docs

* remove unnecessary docs link

* move SSCT upgrade notes to 1.10 instead of 0.10

* Update website/content/docs/enterprise/consistency.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* Update website/content/docs/enterprise/consistency.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* Update website/content/docs/enterprise/consistency.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* Update website/content/docs/enterprise/consistency.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* Update website/content/docs/enterprise/consistency.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* Update website/content/docs/enterprise/consistency.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* docs updates

* Update website/content/docs/configuration/replication.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* Update website/content/docs/configuration/replication.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>
2022-03-16 10:20:12 -07:00
Chelsea Shaw ecd4c1e514
UI/fix kv data cache (#14489)
* KV fetches recent version on every page, no longer disallow new version without metadata access

* Don't flash no read permissions warning

* Send noMetadataVersion on destroy if version is undefined

* test coverage

* add changelog, fix tests

* Fix failing test
2022-03-16 11:00:08 -05:00
Lars Lehtonen 50a9dedbcb
vault/external_tests/raft: fix dropped test error (#14519) 2022-03-16 09:32:57 -06:00
Zach Stone b43ed904f2
Update mholt/archiver to v3.5.1 (#11584)
* Update mholt/archiver to v3.5.0

* Bump archiver to 3.5.1

* Vendor dependencies

* Use newer go

* go mod tidy

* Remove vendor

* Rm vendor

* Revert api and sdk sums

Co-authored-by: Jim Kalafut <jkalafut@hashicorp.com>
2022-03-16 09:42:21 -05:00
Chelsea Shaw a5a6d99d11
UI: Parse OpenAPI response correctly if schema includes $ref (#14508)
* Parse OpenAPI response correctly if schema includes

* Add changelog

* small cleanup
2022-03-16 09:24:07 -05:00
Nick Cabatoff 9e18350cf4
Handle the empty mount accessor case. (#14507) 2022-03-16 09:28:05 -04:00
mickael-hc ada3d31dd1
update security model (#14482)
compromised clients are not part of vault's threat model
2022-03-15 16:27:41 -04:00
Hridoy Roy 1558387af4
port of semgrep fixes oss (#14488) 2022-03-15 13:17:55 -07:00
Alexander Scheel ff62a34487
Update more PKI documentation (#14490)
* Update description of certificate fetch API

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Clarify /config/crl and /config/url PKI are empty

GET-ing these URLs will return 404 until such time as a config is posted
to them, even though (in the case of CRL), default values will be used.

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Clarify usage of /pki/crl/rotate

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Update documentation around PKI key_bits

This unifies the description of key_bits to match the API description
(which is consistent across all usages).

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Fix indented field descriptions in PKI paths

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Clarify documentation around serial_number

Note that this field has no impact on the actual Serial Number field and
only an attribute in the requested certificate's Subject.

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Fix spelling of localdomain

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2022-03-15 14:37:26 -04:00
Pratyoy Mukhopadhyay d222981cec
Fixes from mount move testing (#14492)
* Add validation, fix docs

* add changelog

* fmt fix

* Update vault/logical_system.go

Co-authored-by: Josh Black <raskchanky@users.noreply.github.com>

* Update vault/logical_system.go

Co-authored-by: Josh Black <raskchanky@users.noreply.github.com>

* Update vault/logical_system_test.go

Co-authored-by: Josh Black <raskchanky@users.noreply.github.com>

* Update vault/logical_system_test.go

Co-authored-by: Josh Black <raskchanky@users.noreply.github.com>

Co-authored-by: Josh Black <raskchanky@users.noreply.github.com>
2022-03-15 11:11:23 -07:00
Alexander Scheel f6712ca417
Introduce fips build tag (#14495)
Unlike fips_140_3, fips will be a (FIPS) version-agnostic build tag.
The listener support will remain in 140-3 only, but the IsFIPS() check
should apply regardless of FIPS version.

We add two FIPS-only build files which validate the constraints of FIPS
builds here: fips must be specified with either fips_140_2 or fips_140_3
build tags, and fips and cgo must also be specified together.
Additionally, using only a version-specific FIPS build tag without the
version-agnostic FIPS tag should be a failure.

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2022-03-15 13:04:21 -04:00
swayne275 6ae9c76970
only check Contains if IP address (#14487)
* only check Contains if IP address

* fix typo

* add bug fix changelog
2022-03-15 09:55:50 -06:00
Jason O'Donnell dd4a3b339e
auth/ldap: add username_as_alias config flag (#14324) 2022-03-15 10:21:40 -04:00
hghaf099 361646ab26
add MFA validation support to vault login command (#14425)
* add MFA validation support to vault login command

* correctly report new totp code availability period
2022-03-14 15:54:41 -04:00
Alexander Scheel d9c1314552
Fix description of StringSliceVar options (#14439)
These options must be specified multiple times in order to be properly
parsed. However, the present description suggests that a comma-separated
list would work as well, however this isn't the case and results in a
slice containing a single string (with all comma-separated values) in
the API request. Clarify the argument help text to make this clearer.

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2022-03-14 14:11:49 -04:00
Vinny Mannello 2290ca5e83
[VAULT-5003] Use net/http client in Sys().RaftSnapshotRestore (#14269)
Use net/http client when body could be too big for retryablehttp client
2022-03-14 10:13:33 -07:00
Michele Degges 528a6847a4
Temporarily turn nvd sec scanning off (#14466) 2022-03-14 10:06:06 -07:00
Victor Rodriguez e78cca413d
Document the managed key PKCS#11 parameter key_id. (#14476) 2022-03-14 12:08:14 -04:00
Anton Averchenkov c425078008
Change OpenAPI code generator to extract request objects (#14217) 2022-03-11 19:00:26 -05:00
claire bontempo ce0c872478
UI/Hide empty masked PKI row values (#14400)
* fix empty masked inputs displaying

* Revert "fix empty masked inputs displaying"

This reverts commit 8b297df7cf971bce32d73c07fea2b1b8112c2f4b.

* fix empty masked inputs displaying

* fix info banner conditional

* add test coverage

* adds changelog

* fixes tests

* change other canParse conditional
2022-03-11 13:55:01 -08:00
claire bontempo 8844895745
fix flaky clients current test (#14471) 2022-03-11 13:52:02 -08:00
swayne275 ec4d013047
add tip for how to force a secrets engine disable (#14363)
* add tip for how to force a secrets engine disable

* add warning to force disable secrets instructions

* clean up wording

* add force secrets engine disable info to api doc

* Update website/content/api-docs/system/mounts.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* Update website/content/api-docs/system/mounts.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* Update website/content/api-docs/system/mounts.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* Update website/content/api-docs/system/mounts.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* Update website/content/api-docs/system/mounts.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* Update website/content/docs/commands/secrets/disable.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* Update website/content/docs/commands/secrets/disable.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* feedback updates

* impl taoism feedback

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>
2022-03-11 11:43:59 -07:00
Peter Sonnek c3dea33e92
added add_basic_constraints parameter to PKI API docs (#14457)
* added add_basic_constraints parameter to PKI API docs

Added add_basic_constraints parameter to PKI API docs for Generate Intermediate. 

Copied description from ba533d006f/builtin/logical/pki/path_intermediate.go (L34-L37)
2022-03-11 10:52:26 -05:00
Guillaume 6178f4e060
Added Enigma Vault secret plugin. Designed to be simple but complete, a good starting point for plugin developers (#14389) 2022-03-11 08:33:48 -05:00
Nick Cabatoff 57c6064863
Update error codes that are retried. (#14447) 2022-03-10 15:09:45 -05:00
Peter-Gess 5497f5e8d2
Fixing typo from "fo" to "of" (#14445) 2022-03-10 11:56:28 -08:00
Nick Cabatoff 6fc5a5d165
Add a place for us to link to external plugin examples/guides. (#14414) 2022-03-10 14:29:29 -05:00
Jim Kalafut c2f4dbc83a
Revert "Remove docs changes from CODEOWNERS" (#14442)
It was determined that it would be better to have these changes alert
the docs team. Additional guidance is in place to not approve docs+code
PRs ahead of code review.

This reverts commit 6d16840f605c1b58ce0b572274edf96c6d0e0b7f.
2022-03-10 11:21:35 -08:00
Jordan Reimer b49f77fa91
updates mfa-form to show push methods with placeholder for multi method enforcements (#14430) 2022-03-10 07:59:22 -07:00
Chelsea Shaw c6318713ee
UI/add managed ns redirect prefix (#14422)
* The UI redirects to properly prefixed namespace if some other namespace is passed instead, with tests

* Fix ordering

* Add changelog
2022-03-10 08:26:33 -06:00
Alvin Huang 40e24f3688
rename Dockerfile build-arg VERSION to PRODUCT_VERSION (#14369) 2022-03-10 12:59:30 +00:00
Austin Gebauer d016b67915
identity/oidc: prevent key rotation on performance secondary clusters (#14426) 2022-03-09 15:41:02 -08:00
naseemkullah 0667cb8b76
Update index.mdx (#14161) 2022-03-09 14:15:05 -08:00
VAL 94fcca09e3
Remove unneeded comments (#14423) 2022-03-09 11:37:18 -08:00
hghaf099 b358bd6ffa
remove mount accessor from MFA config (#14406)
* remove mount accessor from MFA config

* Update login_mfa_duo_test.go

* DUO test with entity templating

* using identitytpl.PopulateString to perform templating

* minor refactoring

* fixing fmt failures in CI

* change username format to username template

* fixing username_template example
2022-03-09 09:14:30 -08:00
Ricky Grassmuck dac2a02570
Set service type to notify in systemd unit. (#14385)
Updates the systemd service shipped with Linux packages to `Type=notify`
2022-03-09 08:13:45 -05:00
Jan Klaas Kollhof 756d0f0750
fix spelling of identity (#14318) 2022-03-08 15:59:15 -08:00
VAL 63a2ed296b
Output full secret path in certain kv commands (#14301)
* Full secret path in table output of get and put

* Add path output to KV patch and metadata get

* Add changelog

* Don't print secret path for kv-v1

* Make more readable

* Switch around logic to not swallow error

* Add test for secret path

* Fix metadata test

* Add unit test for padequalsigns

* Remove wonky kv get tests
2022-03-08 13:17:27 -08:00
Lars Lehtonen b9a6ec67c9
vault: fix dropped test errors (#14402) 2022-03-08 12:32:27 -07:00
Rémi Lapeyre e89bbd51d9
Add support for PROXY protocol v2 in TCP listener (#13540)
* Add support for PROXY protocol v2 in TCP listener

I did not find tests for this so I added one trying to cover different
configurations to make sure I did not break something. As far as I know,
the behavior should be exactly the same as before except for one thing
when proxy_protocol_behavior is set to "deny_unauthorized", unauthorized
requests were previously silently reject because of https://github.com/armon/go-proxyproto/blob/7e956b284f0a/protocol.go#L81-L84
but it will now be logged.

Also fixes https://github.com/hashicorp/vault/issues/9462 by adding
support for `PROXY UNKNOWN` for PROXY protocol v1.

Closes https://github.com/hashicorp/vault/issues/3807

* Add changelog
2022-03-08 12:13:00 -05:00