luxolus
/
open-vault
2
0
Fork 0
Code Issues 1 Pull Requests Releases Activity
15,730 Commits 1 Branch 0 Tags 214 MiB
Commit Graph

15730 Commits

Author SHA1 Message Date
Austin Gebauer 30c75699f2
auth/jwt: updates dependency and adds changelogs (#16525) 
* auth/jwt: updates dependency and adds changelogs

* adds changelog entries
 2022-08-01 12:46:34 -07:00
TheHussky 22b01bcd01
Fix last sample request (#16509) 
Add a missing \
 2022-08-01 14:09:12 -04:00
John-Michael Faircloth 528373de6c
oidc provider: use identity store's storage view in test (#16520) 2022-08-01 09:37:23 -06:00
Alexander Scheel 4987bcfcd6
Add KMIP CSPs + initial Seal Wrap list (#16515) 
* Add note on KMIP EA usage

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add wrapped parameters section to Seal Wrap docs

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
 2022-08-01 10:32:47 -04:00
Angel Garbarino 8cb161bd5a
UI/glimmerize info table item array (#16495) 
* wip

* fix

* fix test

* set new props

* fix tests

* clean up

* cleanup
 2022-07-29 14:33:00 -06:00
mcollao-hc 03f7d98ed0
replace missing text 1.10.5 2022-07-29 15:21:25 -05:00
mcollao-hc 0de8ac58c2
update changelog for HCSEC-2022-15 2022-07-29 15:19:06 -05:00
Steven Clark 639fa64ce5
secret/ssh: Return errors for bad templates in roles as we did previously (#16505) 2022-07-29 15:18:22 +01:00
Chris Capurso 36e20779bc
VAULT-7256 - Add CustomMetadata to Namespace type (#16491) 
* remove CustomMetadata type

* add custom metadata to namespace struct
 2022-07-29 10:04:57 -04:00
Ian Ferguson dc603b4f7f
Allow identity templates in ssh backend `default_user` field (#16351) 
* Allow identity templates in ssh backend `default_user` field

* use correct test expected value

* include api docs for `default_user_template` field
 2022-07-29 09:45:52 -04:00
Theron Voran 4dc7b71a28
docs/vault-k8s: updated for v0.17.0 release (#16492) 2022-07-28 14:23:47 -07:00
Jason O'Donnell e3f942f51c
agent: add disable_keep_alives configurable (#16479) 
agent: add disable_keep_alives config

Co-authored-by: Christopher Swenson <christopher.swenson@hashicorp.com>
 2022-07-28 12:59:49 -07:00
linda9379 6be7c6610e
Lookup, wrap, rewrap and unwrap token rename with description (#16489) 
* Changed wrapping token to wrapped token

* Added descriptions and changed rewrap and unwrap labels

* Added changelog

* Fixed changelog
 2022-07-28 14:33:47 -04:00
Chris Capurso d814ab3825
ignore leading slash in kv get command (#16443) 
* ignore leading slash in kv get command

* add changelog entry
 2022-07-28 14:11:58 -04:00
Austin Gebauer b3f138679c
identity/oidc: allow filtering the list providers response by an allowed_client_id (#16181) 
* identity/oidc: allow filtering the list providers response by an allowed_client_id

* adds changelog

* adds api documentation

* use identity store view in list provider test
 2022-07-28 09:47:53 -07:00
Christopher Swenson b04d6e6720
Remove SHA1 for certs in prep for Go 1.18 (#16455) 
Remove SHA1 for certs in prep for Go 1.18

* Remove certs with SHA1 from tests
* Use default SHA-256 with PKCS7 in AWS
* Update SHA1 deprecation note

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>
 2022-07-28 09:14:33 -07:00
Chris Capurso 013e1d12b1
move custom metadata validation logic to its own package (#16464) 
* move custom metadata validation logic to its own package

* add comments

* add custom metadata Validate unit tests
 2022-07-28 10:40:38 -04:00
Nick Cabatoff 488858e919
Clone created entities that were inserted into memdb... (#16487) 
* Clone created entities that were inserted into memdb to prevent possibility of data race.
 2022-07-28 09:43:24 -04:00
Nick Cabatoff b9181077fd
Fix a panic at cleanup time in an expiration restore lease benchmark. (#16485) 2022-07-28 05:54:03 -07:00
Calvin Leung Huang 6c87ff92b4
changelog: Add entry for AD secrets engine bug fix (#16480) 2022-07-27 15:51:53 -07:00
claire bontempo 9ea4c8b037
UI/vault 7196/search select with modal (#16456) 
* add validator

* generate search select with modal component

* finish tests

* remove store from test

* address comments, add tests
 2022-07-27 14:18:22 -07:00
Chelsea Shaw e0961cd2c4
UI: fix jwt auth failure (#16466) 
* only OIDC type gets token

* Add acceptance test for JWT login flow

* Add acceptance test for JWT login flow

* Add changelog

* maybe fix pki tests
 2022-07-27 15:22:38 -05:00
Max Coulombe aa3e1c8a2f
Added a small utility method to display warnings when parsing command arguments. (#16441) 
* Added a small utility method to display warnings when parsing command arguments

Will print warning if flag is passed after arguments e.g.
vault <command> -a b -c
In this example -c will be interpreted as an argument which may be misleading
 2022-07-27 14:00:03 -04:00
Scott Miller 1b1c6fe168
Correct the Transit HMAC key source in docs (#16463) 
* Correct the Transit HMAC key source in docs

* Update website/content/api-docs/secret/transit.mdx

Co-authored-by: Alexander Scheel <alex.scheel@hashicorp.com>

Co-authored-by: Alexander Scheel <alex.scheel@hashicorp.com>
 2022-07-27 11:48:41 -05:00
Kaevon 8c3acac173
Fixed grammar errors (#16459) 2022-07-27 07:30:55 -04:00
Theron Voran 66ef22b735
docs/k8s: adding terraform config examples (#16121) 
Adding a terraform examples page for configuring vault-helm.

Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com>
 2022-07-26 20:43:26 -04:00
Hridoy Roy 3429d7dfc5
Current Month Activity Estimate, Probabilistic Tests, And Bugfixes (#16447) 
* bugfixes and probabilistic hll tests

* changelog

* changelog fix

* remove activity log test and keep in ent

* update cl
 2022-07-26 13:00:27 -07:00
Tom Proctor bd0461619c
Docs: Add list of supported k8s versions for agent injector (#16433) 2022-07-26 15:59:27 +01:00
akshya96 6e0c04d602
vault-951Documentation (#16434) 2022-07-25 16:53:03 -07:00
Yoko Hyakuna 7b43bf4c68
Add a note referring to automated upgrade (#16444) 
* Add a note referring to automated upgrade

* Update website/content/docs/upgrading/upgrade-to-1.11.x.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* Update website/content/docs/upgrading/upgrade-to-1.11.x.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* Update website/content/docs/upgrading/upgrade-to-1.11.x.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>
 2022-07-25 15:03:55 -07:00
akshya96 6e5b4ec8c9
Validate parameters for vault operator init (#16379) 
* adding code changes to check parameters for vault operator init

* fixing defaults in cli

* fixing comments

* remove unused consts

* adding validate parameters test

* add changelog

* adding changes to validation

* adding fmt changes

* fixing test

* add test for auto unseal
 2022-07-25 12:45:04 -07:00
Steven Clark 96a355c53d
Leverage upstream docker image returntocorp/semgrep in CircleCI (#16440) 
- Instead of installing semgrep through PyPI on every run, leverage
   the upstream docker image.
 - This should isolate us from dependency updates required to run newer
   versions of semgrep
 2022-07-25 14:04:12 -04:00
tdsacilowski 887e77c2ae
Agent JWT auto auth `remove_jwt_after_reading` config option (#11969) 
Add a new config option for Vault Agent's JWT auto auth
`remove_jwt_after_reading`, which defaults to true. Can stop
Agent from attempting to delete the file, which is useful in k8s
where the service account JWT is mounted as a read-only file
and so any attempt to delete it generates spammy error logs.

When leaving the JWT file in place, the read period for new
tokens is 1 minute instead of 500ms to reflect the assumption
that there will always be a file there, so finding a file does not
provide any signal that it needs to be re-read. Kubernetes
has a minimum TTL of 10 minutes for tokens, so a period of
1 minute gives Agent plenty of time to detect new tokens,
without leaving it too unresponsive. We may want to add a
config option to override these default periods in the future.

Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com>
 2022-07-25 07:42:09 -06:00
Meggie 16c0e4cbd2
changelog++ 2022-07-25 08:34:04 -04:00
Robert 36c2c11023
auth/gcp: add support for GCE regional instance groups (#16435) 
* Update GCP auth to add support for regional instance groups

* Add changelog file
 2022-07-22 17:31:25 -05:00
Anton Averchenkov 166c618589
Fix linter issues in policy.go & acl.go (#16366) 2022-07-22 14:13:14 -04:00
Jason O'Donnell 140406143e
command/server: add dev-tls flag (#16421) 
* command/server: add dev-tls flag

* Add website documentation

* changelog

* Lower file permissions

* Update cert gen per review

* Add dev-tls-cert-dir flag and cert clean up

* fmt

* Update cert generation per review

* Remove unused function

* Add better error messages

* Log errors in cleanup, fix directory not existing bug

* Remove hidden flag from -dev-tls-cert-dir

* Add usage

* Update 16421.txt

* Update variable names for files

* Remove directory on cleanup
 2022-07-22 14:04:03 -04:00
Christopher Swenson 45be51df49
Add changelog for #15933 (#16425) 2022-07-22 09:50:28 -07:00
Steven Clark 7634f5a9a1
update semgrep to 0.106.0 (#16420) 
* Update semgrep to 0.106.0

* Add required deps to build new semgrep dependency ujson

 - New Python dependency ujson for semgrep requires gcc, g++ and python3-dev.
 - python3-dev to pull in Python.h
 2022-07-22 09:58:11 -04:00
Matt Schultz 31151671ab
Transform tokenization key auto-rotate docs (#16410) 
* Document auto rotate fields for transform tokenization endpoints.

* Update Transform tokenization docs to mention key auto-rotation.
 2022-07-21 15:48:58 -05:00
Jason O'Donnell d25a3526af
command/audit: improve audit enable type missing error message (#16409) 
* command/audit: improve audit enable type missing error message

* changelog
 2022-07-21 16:43:50 -04:00
Steven Zamborsky c0b0c4fde7
Add an "Important Note" regarding EKS CSR approval. (#16406) 2022-07-21 13:34:03 -07:00
Austin Gebauer 5fd479a55a
deps: updates google.golang.org/api via plugins (#16405) 2022-07-21 13:07:57 -07:00
Violet Hynes 8163271ee2
VAULT-7046 Allow trailing globbing at the end of a path suffix quota (#16386) 
* VAULT-7046 OSS changes for trailing glob quotas

* VAULT-7046 allow glob of 'a*' to match 'a'

* VAULT-7046 Add changelog

* VAULT-7046 fix minor typo
 2022-07-21 15:31:23 -04:00
Pratyoy Mukhopadhyay 77ca499c6e
oss changes (#16407) 2022-07-21 10:53:42 -07:00
Austin Gebauer 5062502756
auth/oidc: documents the client_nonce parameter (#16403) 2022-07-21 09:34:46 -07:00
Rachel Culpepper 133535fabe
add paths for import endpoints (#16401) 2022-07-21 11:19:13 -05:00
Austin Gebauer bafc630b12
auth/oidc: fix changelog entry for SecureAuth groups parsing (#16388) 2022-07-21 08:24:11 -07:00
Alexander Scheel aba72d7f7a
Add next-step warning on import without AIA URLs (#16392) 
This tells the user that the next step should be to configure AIA URLs
on this newly imported issuer/mount point. Ideally this should occur
before any leaves are issued such that they have the correct
information.

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
 2022-07-21 11:05:19 -04:00
Wojtek Czekalski d05e8d1222
Fix typo in the docs (#16323) 
It's very confusing, `Volumes` are very similar to `volumes` and can cause confusion 😄
 2022-07-21 10:42:46 -04:00