Commit graph

14813 commits

Author SHA1 Message Date
Alexander Scheel ec4deb12ef
Add infrastructure for exposing FIPS status (#14127)
In future Vault Enterprise versions, we'll be building Vault with
FIPS-validated cryptography. To help operators understand their
environment, we'll want to expose information about their FIPS status
when they're running a FIPS version of Vault.

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2022-02-17 13:03:57 -05:00
Chris Capurso 797f11b0e5
update G Suite to Google Workspace in docs (#14126)
* update G Suite to Google Workplace in docs

* fix Google Workplace to Workspace typo
2022-02-17 13:01:45 -05:00
Jordan Reimer 36ccfaa3aa
MFA (#14049)
* adds development workflow to mirage config

* adds mirage handler and factory for mfa workflow

* adds mfa handling to auth service and cluster adapter

* moves auth success logic from form to controller

* adds mfa form component

* shows delayed auth message for all methods

* adds new code delay to mfa form

* adds error views

* fixes merge conflict

* adds integration tests for mfa-form component

* fixes auth tests

* updates mfa response handling to align with backend

* updates mfa-form to handle multiple methods and constraints

* adds noDefault arg to Select component

* updates mirage mfa handler to align with backend and adds generator for various mfa scenarios

* adds tests

* flaky test fix attempt

* reverts test fix attempt

* adds changelog entry

* updates comments for todo items

* removes faker from mfa mirage factory and handler

* adds number to word helper

* fixes tests

* Revert "Merge branch 'main' into ui/mfa"

This reverts commit 8ee6a6aaa1b6c9ec16b985c10d91c3806819ec40, reversing
changes made to 2428dd6cca07bb41cda3f453619646ca3a88bfd0.

* format-ttl helper fix from main
2022-02-17 09:10:56 -07:00
Chelsea Shaw a77899d276
UI: Switch usage of localStorage to sessionStorage (#14054)
* Switch usage of localStorage to sessionStorage in UI

* Add changelog
2022-02-17 10:04:53 -06:00
Matt Schultz 10f19c66a7
Return the input from format-duration helper when it can't be parsed as an int. (#14118) 2022-02-17 10:01:11 -06:00
Alexander Scheel 7278479856
Document vault write JSON request parameters (#14087)
As mentioned by Steve Clark. :-)

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2022-02-17 10:07:41 -05:00
John-Michael Faircloth 1cf74e1179
feature: multiplexing support for database plugins (#14033)
* feat: DB plugin multiplexing (#13734)

* WIP: start from main and get a plugin runner from core

* move MultiplexedClient map to plugin catalog
- call sys.NewPluginClient from PluginFactory
- updates to getPluginClient
- thread through isMetadataMode

* use go-plugin ClientProtocol interface
- call sys.NewPluginClient from dbplugin.NewPluginClient

* move PluginSets to dbplugin package
- export dbplugin HandshakeConfig
- small refactor of PluginCatalog.getPluginClient

* add removeMultiplexedClient; clean up on Close()
- call client.Kill from plugin catalog
- set rpcClient when muxed client exists

* add ID to dbplugin.DatabasePluginClient struct

* only create one plugin process per plugin type

* update NewPluginClient to return connection ID to sdk
- wrap grpc.ClientConn so we can inject the ID into context
- get ID from context on grpc server

* add v6 multiplexing  protocol version

* WIP: backwards compat for db plugins

* Ensure locking on plugin catalog access

- Create public GetPluginClient method for plugin catalog
- rename postgres db plugin

* use the New constructor for db plugins

* grpc server: use write lock for Close and rlock for CRUD

* cleanup MultiplexedClients on Close

* remove TODO

* fix multiplexing regression with grpc server connection

* cleanup grpc server instances on close

* embed ClientProtocol in Multiplexer interface

* use PluginClientConfig arg to make NewPluginClient plugin type agnostic

* create a new plugin process for non-muxed plugins

* feat: plugin multiplexing: handle plugin client cleanup (#13896)

* use closure for plugin client cleanup

* log and return errors; add comments

* move rpcClient wrapping to core for ID injection

* refactor core plugin client and sdk

* remove unused ID method

* refactor and only wrap clientConn on multiplexed plugins

* rename structs and do not export types

* Slight refactor of system view interface

* Revert "Slight refactor of system view interface"

This reverts commit 73d420e5cd2f0415e000c5a9284ea72a58016dd6.

* Revert "Revert "Slight refactor of system view interface""

This reverts commit f75527008a1db06d04a23e04c3059674be8adb5f.

* only provide pluginRunner arg to the internal newPluginClient method

* embed ClientProtocol in pluginClient and name logger

* Add back MLock support

* remove enableMlock arg from setupPluginCatalog

* rename plugin util interface to PluginClient

Co-authored-by: Brian Kassouf <bkassouf@hashicorp.com>

* feature: multiplexing: fix unit tests (#14007)

* fix grpc_server tests and add coverage

* update run_config tests

* add happy path test case for grpc_server ID from context

* update test helpers

* feat: multiplexing: handle v5 plugin compiled with new sdk

* add mux supported flag and increase test coverage

* set multiplexingSupport field in plugin server

* remove multiplexingSupport field in sdk

* revert postgres to non-multiplexed

* add comments on grpc server fields

* use pointer receiver on grpc server methods

* add changelog

* use pointer for grpcserver instance

* Use a gRPC server to determine if a plugin should be multiplexed

* Apply suggestions from code review

Co-authored-by: Brian Kassouf <briankassouf@users.noreply.github.com>

* add lock to removePluginClient

* add multiplexingSupport field to externalPlugin struct

* do not send nil to grpc MultiplexingSupport

* check err before logging

* handle locking scenario for cleanupFunc

* allow ServeConfigMultiplex to dispense v5 plugin

* reposition structs, add err check and comments

* add comment on locking for cleanupExternalPlugin

Co-authored-by: Brian Kassouf <bkassouf@hashicorp.com>
Co-authored-by: Brian Kassouf <briankassouf@users.noreply.github.com>
2022-02-17 08:50:33 -06:00
Robert 91f5069c03
secret/consul: Add Consul ACL roles support (#14014)
Co-authored-by: Brandon Ingalls <brandon@ingalls.io>
2022-02-16 19:31:08 -06:00
Loann Le 8e504f59e8
Vault documentation: created new developer quick start guide (#14038)
* new developer quick start

* fixed typo

* fixed placement of guide

* modified descr

* Add Ruby quickstart code

* incorporated feedback

* spelling error

* changed word to caps

* Some format edits (#14065)

* Split install instructions into tabs (#14092)

Co-authored-by: Valerie Conklin <val@hashicorp.com>
Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>
2022-02-16 15:25:36 -08:00
Chris Capurso 6059b65ed9
fix approle login IPBelongsToCIDRBlocksSlice err handling (#14107)
* fix approle login IPBelongsToCIDRBlocksSlice err handling

* add changelog entry
2022-02-16 16:30:11 -05:00
Matt Schultz c379e41c4c
Rename transit's auto_rotate_interval to auto_rotate_period for consistency and to achieve formatting benefits in CLI output. Update UI handling of the renamed field to account for recent data type change from time string to integral seconds. (#14103) 2022-02-16 14:33:13 -06:00
Alexander Scheel dab1ac4650
Update plugin-portal.mdx (#13229) (#14108)
Add a Vault plugin to allow authentication via SSH certificates and public keys

Co-authored-by: Wim <wim@42.be>
2022-02-16 12:32:43 -08:00
Alexander Scheel f45ad6e284
Fix ed25519 generated SSH key marshalling (#14101)
* Ensure we can issue against generated SSH CA keys

This adds a test to ensure that we can issue leaf SSH certificates using
the newly generated SSH CA keys. Presently this fails because the
ed25519 key private is stored using PKIX's PKCS8 PrivateKey object
format rather than using OpenSSH's desired private key format:

> path_config_ca_test.go:211: bad case 12: err: failed to parse stored CA private key: ssh: invalid openssh private key format, resp: <nil>

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add dependency on edkey for OpenSSH ed25519 keys

As mentioned in various terraform-provider-tls discussions, OpenSSH
doesn't understand the standard OpenSSL/PKIX ed25519 key structure (as
generated by PKCS8 marshalling). Instead, we need to place it into the
OpenSSH RFC 8709 format. As mentioned in this dependency's README,
support in golang.org/x/crypto/ssh is presently lacking for this.
When the associated CL is merged, we should be able to remove this dep
and rely on the (extended) standard library, however, no review progress
appears to have been made since the CL was opened by the author.

See also: https://go-review.googlesource.com/c/crypto/+/218620/

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2022-02-16 14:28:57 -05:00
Pratyoy Mukhopadhyay 0ceccaa51d
oss changes for cross ns remount (#14104) 2022-02-16 11:21:42 -08:00
claire bontempo c98c62be20
Ui/ Clients error handling (#14066)
* add error message to date selection

* adds dropdown to no billing error message

* add error template

* disabled months/years not allowed

* clean up ternary statements

* remove queues
2022-02-16 11:03:34 -08:00
Theron Voran 5d25d5c380
api/client: forward and inconsistent header const (#14067)
Adds constants for X-Vault-Forward and X-Vault-Inconsistent headers to
api/client.go
2022-02-16 10:02:32 -08:00
Pavel Ven Gulbin 57d27c29de
Update hanadb.mdx (#12215) 2022-02-16 09:06:51 -08:00
Chelsea Shaw c986e73de6
UI/client count auth filter (#14093)
* Add filter for auth mounts on history tab

* Fix normalizeResponse if enabled not a key on data

* Add auth filter to current tab, update clear filter behavior

* Fix failing tests
2022-02-16 09:52:51 -06:00
Bryce Kalow 9efddf0092
upgrades docs-page to latest with code tabs sync (#14089) 2022-02-15 17:36:07 -05:00
Matt Schultz 50b86240e8
Return integral seconds for transit auto_rotate_interval instead of a time string. (#14078)
* Return integral seconds for transit auto_rotate_interval instead of a time string.

* Fix transit unit tests around auto_rotate_interval.
2022-02-15 14:05:58 -06:00
Austin Gebauer 34d295e28f
identity/oidc: Adds proof key for code exchange (PKCE) support (#13917) 2022-02-15 12:02:22 -08:00
Alex Cahn 42bdcf0657
Vault Integration Program Update (#14031)
* Updating badges

* Updates to the VIP page

Updates to the VIP page to add Enterprise Badges

* Updated Eco Diagram

* Update Eco Image

* Fixing the images

* Fixing Badge Placement

* centering the badges

* Centering the badges - again

* Update website/content/docs/partnerships.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* Update website/content/docs/partnerships.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* Update partnerships.mdx

* trigger ci

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>
Co-authored-by: Jim Kalafut <jkalafut@hashicorp.com>
2022-02-15 11:19:51 -08:00
Alexander Scheel 3da261518b
Allow generation of other types of SSH CA keys (#14008)
* Add generation support for other SSH CA key types

This adds two new arguments to config/ca, mirroring the values of PKI
secrets engine but tailored towards SSH mounts. Key types are specified
as x/crypto/ssh KeyAlgo identifiers (e.g., ssh-rsa or ssh-ed25519)
and respect current defaults (ssh-rsa/4096). Key bits defaults to 0,
which for ssh-rsa then takes a value of 4096.

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add documentation on key_type, key_bits for ssh/config/ca

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add changelog

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2022-02-15 14:14:05 -05:00
Brian Kassouf e94455e608
Improve code comments on logical.Paths object (#14080)
* Improve code comments on logical.Paths object

* Update sdk/logical/logical.go

Co-authored-by: Nick Cabatoff <ncabatoff@hashicorp.com>

Co-authored-by: Nick Cabatoff <ncabatoff@hashicorp.com>
2022-02-15 11:00:48 -08:00
VAL 772cfcab91
Typo and clarity fixes (#14081) 2022-02-15 10:43:49 -08:00
Jordan Reimer 05f6b0ae97
Tool Tip Styling Issue (#14064)
* updates dropdown transform codemod to apply @defaultClass arg to Content component

* runs codemod and transforms class to @defaultClass on basic dropdown Content component

* adds changelog entry

* removes changelog entry
2022-02-15 10:43:37 -07:00
Victor Rodriguez 5ad48fc1c2
Restore tidy-status documentation. (#14075)
Restore tidy-status documentation.

Fixes VAULT-5113.
2022-02-15 11:04:21 -05:00
Viljo Viitanen 8b7b57f3ec
change cassandra db plugin timeout to 5s as in docs (#12443)
* fix cassandra db plugin timeout to 5s as in docs

Documentation says timeout is 5s, but code uses 0s, which is too short any any real world usage, causing issues.
https://www.vaultproject.io/api/secret/databases/cassandra#connect_timeout
issues: https://github.com/hashicorp/vault/issues/8527 https://github.com/hashicorp/vault/issues/9400

* Create 12443.txt

changelog entry
2022-02-15 07:35:44 -08:00
Chris Capurso dd0a2c15a3
fix fmt (#14062) 2022-02-14 18:06:02 -05:00
Victor Rodriguez 88e02feab0
Remove documentation for upcoming /pki/tidy-status endpoint. (#14044)
The documentation will be released along with the feature.
2022-02-14 15:41:50 -05:00
Chris Capurso 1b70677eba
add API docs for KVv2 subkeys endpoint (#13893)
* add API docs for KVv2 subkeys endpoint

* add changelog entry
2022-02-14 15:28:14 -05:00
Chris Capurso f9e9b4d327
Add sys/version-history endpoint and associated command (#13766)
* store version history as utc; add self-heal logic

* add sys/version-history endpoint

* change version history from GET to LIST, require auth

* add "vault version-history" CLI command

* add vault-version CLI error message for version string parsing

* adding version-history API and CLI docs

* add changelog entry

* some version-history command fixes

* remove extraneous cmd args

* fix version-history command help text

* specify in docs that endpoint was added in 1.10.0

Co-authored-by: Nick Cabatoff <ncabatoff@hashicorp.com>

* enforce UTC within storeVersionTimestamp directly

* fix improper use of %w in logger.Warn

* remove extra err check and erroneous return from loadVersionTimestamps

* add >= 1.10.0 warning to version-history cmd

* move sys/version-history tests

Co-authored-by: Nick Cabatoff <ncabatoff@hashicorp.com>
2022-02-14 15:26:57 -05:00
Jim Kalafut 0712ef13fc
Allow auto-detection of AWS region when using the vault CLI (#14051) 2022-02-14 12:01:27 -08:00
Angel Garbarino 687469552c
Client count: remove default period and extra controllers (#14050)
* remove controllerS

* remove default report months

* remove default months from the config page

* fix tests

* clean up edit config
2022-02-14 11:30:48 -07:00
claire bontempo 2a08838ed5
UI/ Save billing start date in local storage (#14026)
* save billing start in local storage

* customize enterprise vs oss copy

* change stored date from requested to response date

* delete license date from local storage when navigating away from parent route
2022-02-14 10:27:09 -08:00
Ashlee M Boyer c0fe9bf14d
Adding empty lines around codeblock in Tab (#14030)
Only docs changes so I'm admin merging it.
2022-02-14 13:21:23 -05:00
Loann Le f78d82ebe1
Vault documentation: added new warning to listener stanza parameters (#14036)
* added a new warning

* Update website/content/docs/configuration/listener/tcp.mdx

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>

* fixed word tense

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>
2022-02-14 08:54:43 -08:00
Loann Le 296fee0193
changed to upper-case for integrated storage (#14037) 2022-02-14 08:38:06 -08:00
Angel Garbarino eba46e0d4d
Some folder restructuring to help with route loading states (#14022)
* initial reshuffle to use outlet and remove dashboard and index replace with higher level parent clients

* loading

* clean up

* test clean up

* clean up
2022-02-11 15:15:12 -07:00
Jason O'Donnell b686d727a9
docs/azure: add note about identities (#14020) 2022-02-11 17:09:35 -05:00
Austin Gebauer 88a8103ad6
identity/oidc: use inherited group membership for client assignments (#14013) 2022-02-11 11:40:44 -08:00
Yoko Hyakuna 4ac997561f
Add 'Integrated Storage vs. Consul' comparison (#13999)
* Add IS vs. external storage section

* Update website/content/docs/configuration/storage/index.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* Update website/content/docs/configuration/storage/index.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* Update website/content/docs/configuration/storage/index.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* Update website/content/docs/configuration/storage/index.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* Update website/content/docs/configuration/storage/index.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* Update website/content/docs/configuration/storage/index.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* Update website/content/docs/configuration/storage/index.mdx

Co-authored-by: Meggie <meggie@hashicorp.com>

* Update website/content/docs/configuration/storage/index.mdx

Co-authored-by: Meggie <meggie@hashicorp.com>

* Add a cross-referencing link

* Update website/content/docs/configuration/storage/index.mdx

Co-authored-by: Lauren Dunnevant <84867887+hashildy@users.noreply.github.com>

* Update website/content/docs/configuration/storage/index.mdx

Co-authored-by: David Adams <daveadams@gmail.com>

* Update website/content/docs/configuration/storage/index.mdx

Co-authored-by: David Adams <daveadams@gmail.com>

* Update website/content/docs/concepts/storage.mdx

Co-authored-by: David Adams <daveadams@gmail.com>

* Update website/content/docs/configuration/storage/index.mdx

Co-authored-by: Lauren Dunnevant <84867887+hashildy@users.noreply.github.com>

* Update website/content/docs/configuration/storage/index.mdx

Co-authored-by: Lauren Dunnevant <84867887+hashildy@users.noreply.github.com>

* Update website/content/docs/configuration/storage/index.mdx

Co-authored-by: Lauren Dunnevant <84867887+hashildy@users.noreply.github.com>

* Update website/content/docs/configuration/storage/index.mdx

Co-authored-by: Lauren Dunnevant <84867887+hashildy@users.noreply.github.com>

* Update website/content/docs/configuration/storage/index.mdx

Co-authored-by: Lauren Dunnevant <84867887+hashildy@users.noreply.github.com>

* Incorporate review feedback

* Incorporate review feedback

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>
Co-authored-by: Meggie <meggie@hashicorp.com>
Co-authored-by: Lauren Dunnevant <84867887+hashildy@users.noreply.github.com>
Co-authored-by: David Adams <daveadams@gmail.com>
2022-02-11 08:07:35 -08:00
Lars Lehtonen e4c1877552
vault/external_tests/approle: fix dropped test error (#13947) 2022-02-10 19:41:45 -05:00
Shohei Maeda 4073f6663b
KV v2 doc - fix format and update examples (#14003) 2022-02-10 13:20:36 -08:00
claire bontempo 70da9500a1
UI/Client counts view if no license (#13964)
* adds date picker if no license start date found

* handle permissions denied for license endpoint

* handle permissions errors if no license start date

* change empty state copy for OSS

* fix tests and empty state view

* update nav links

* remove ternary

Co-authored-by: Chelsea Shaw <82459713+hashishaw@users.noreply.github.com>

* simplify hbs boolean

Co-authored-by: Chelsea Shaw <82459713+hashishaw@users.noreply.github.com>

* organize history file

* organize current file

* rerun tests

* fix conditional to show attribution chart

* match main

Co-authored-by: Chelsea Shaw <82459713+hashishaw@users.noreply.github.com>
2022-02-10 12:51:50 -08:00
Kabu 92549d6855
Update terraform.mdx (#11478)
write terraform/roles may be write terraform/role

Co-authored-by: Gary Frederick <imthaghost@protonmail.com>
2022-02-10 11:08:06 -08:00
Ben Ash 7aaee22e07
auth/kubernetes: Update plugin to v0.11.5 (#13925) 2022-02-10 12:23:19 -05:00
Angel Garbarino ccba717a93
Calendar widget tooltip (#13937)
* first tooltip for next year disabled

* workable for left tooltip

* styling

* make dry

* forgot this one

* remove right tooltip

* clean up

* bug fix

* add bullets when two error messages in one

* fix to isAfter on range comparisons

* remove

* update message per design

* only warning for startTime

* fix for firefox
2022-02-10 09:43:40 -07:00
Loann Le c360d5ad45
fixed steps (#13993) 2022-02-09 17:25:33 -08:00
Loann Le bfd49bc16d
added link to hcpv docs (#13992) 2022-02-09 16:15:17 -08:00