Commit graph

16985 commits

Author SHA1 Message Date
Chip Stepowski 256e20e862
Added note about Autopilot default values. (#19515)
* Added note about Autopilot default values.

* Update website/content/docs/concepts/integrated-storage/autopilot.mdx

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>

---------

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>
2023-03-30 16:30:29 -07:00
Kuba Wieczorek bbeb8b8a47
Update the if conditions for test-go jobs in CI (#19809)
* Update the if conditions for test-go jobs in CI

* Fix errors in comments

* Update the if condition for the UI tests
2023-03-30 16:27:42 -04:00
Kuba Wieczorek 818d89645b
Make the suffix for CI Go test matrix jobs optional (#19752) 2023-03-30 15:09:57 -04:00
Milena Zlaticanin 73edda4d1f
secrets/mongodbatlas: upgrade dependencies (#19861)
* secrets/mongodbatlas: upgrade dependencies

* add changelog
2023-03-30 11:24:31 -07:00
Kuba Wieczorek 312b6d3c82
Update tests-completed job in CI to appear as success when one of the… (#19806)
* Update tests-completed job in CI to appear as success when one of the required checks is skipped (but not cancelled)

* Fix typo in tests-completed

---------

Co-authored-by: Marc Boudreau <marc.boudreau@hashicorp.com>
2023-03-30 14:24:05 -04:00
Anton Averchenkov 1b8dd129ab
Remove 'oidc' from gen_openapi.sh (#19839) 2023-03-30 13:38:56 -04:00
Angel Garbarino 150ee4b93d
quick fix disabling linting error (#19830) 2023-03-30 17:33:49 +00:00
Kuba Wieczorek 71c54c909d
Add larger runners for CI (#19857) 2023-03-30 17:58:32 +01:00
Kuba Wieczorek 61254d9af8
Add a new category of runners to the CI workflow… (#19807)
* Add a new category of runners to the CI workflow; use new, dedicated runners on OSS; adjust runner sizes for jobs

Co-authored-by: Marc Boudreau <marc.boudreau@hashicorp.com>
2023-03-30 16:41:40 +01:00
Peter Wilson 538e66ffea
Add available types to API documentation for enable audit (#19850) 2023-03-30 15:30:35 +00:00
John-Michael Faircloth ebd97f1fb2
plugin/secrets/alicloud: upgrade dependencies (#19846)
* plugin/secrets/alicloud: upgrade dependencies

* add changelog
2023-03-30 11:11:15 -04:00
Kit Haines d2ecf8ffc5
Add PKI-CLI to docs (#19669)
* Add pki-cli docs.

* Tiny updates.

* Whitespace fix, include description

* Closing-tags.

* Update website/content/docs/commands/pki/verify-sign.mdx

Title Code as Shell

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>

* Update website/content/docs/commands/pki/reissue.mdx

Title More Code as Shell

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>

* Update website/content/docs/commands/pki/list-intermediates.mdx

Title code block as shell

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>

* Update website/content/docs/commands/pki/issue.mdx

Title code-block as shell

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>

* Apply suggestions from code review

Label Code-Blocks as Shell-Session

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>

* Apply suggestions from code review

Comma and Period Changes.

Co-authored-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Apply suggestions from code review

ascheels highlighting-1

Co-authored-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Fix highlighting throughout.

* Update website/content/docs/commands/pki/list-intermediates.mdx

Co-authored-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Update website/content/docs/commands/pki/reissue.mdx

Clarifying note on why unknown fields might be there.

Co-authored-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Update website/content/docs/commands/pki/reissue.mdx

cipherboy request

Co-authored-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add Key-ID RFC link.

* k=v add link

* correct link

---------

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>
Co-authored-by: Alexander Scheel <alex.scheel@hashicorp.com>
2023-03-30 07:31:48 -04:00
Alexander Scheel 733e851c51
Remove acme from CI test_packages (#19841)
Of course, forgetting to add it, I forgot to remove it...

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2023-03-30 07:20:58 -04:00
Calvin Leung Huang cf99323884
changelog: updates for 1.13.1, 1.12.5, 1.11.9 (#19834) 2023-03-29 16:14:38 -07:00
Theron Voran f0391962a2
docs/vault-secrets-operator: update for beta install (#19835)
Update the helm commands to work with the beta release.
2023-03-29 22:51:34 +00:00
Alexander Scheel b4c3aca7a1
Merge ACME package back into the PKI package (#19826)
* Squash pki/acme package down to pki folder

Without refactoring most of PKI to export the storage layer, which we
were initially hesitant about, it would be nearly impossible to have the
ACME layer handle its own storage while being in the acme/ subpackage
under the pki package.

Thus, merge the two packages together again.

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Properly format errors for missing parameters

When missing required ACME request parameters, don't return Vault-level
errors, but drop into the PKI package to return properly-formatted ACME
error messages.

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Error type clarifications

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Fix GetOk with type conversion calls

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

---------

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2023-03-29 21:08:31 +00:00
Brian Shumate f4fbca8050
Docs: API: Update token_period description (#19821)
- Clarify token_period per feedback in SPE-34
2023-03-29 13:53:16 -07:00
Ben Ash 7322dd952b
Add vault-secrets-operator beta docs. (#19827)
Co-authored-by: Kyle Schochenmaier <kschoche@gmail.com>
Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com>
Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>
2023-03-29 20:33:06 +00:00
Alexander Scheel 73c468787b
Add ACME new account creation handlers (#19820)
* Identify whether JWKs existed or were created, set KIDs

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Reclassify ErrAccountDoesNotExist as 400 per spec

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add additional stub methods for ACME accounts

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Start adding ACME newAccount handlers

This handler supports two pieces of functionality:

 1. Searching for whether an existing account already exists.
 2. Creating a new account.

One side effect of our JWS parsing logic is that we needed a way to
differentiate between whether a JWK existed on disk from an account or
if it was specified in the request. This technically means we're
potentially responding to certain requests with positive results (e.g.,
key search based on kid) versus erring earlier like other
implementations do.

No account storage has been done as part of this commit.

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Unify path fields handling, fix newAccount method

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

---------

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2023-03-29 19:06:09 +00:00
Mike Palmiotto 853e0e0fc1
changelog: Drop entry for no-op (#19819) 2023-03-29 14:53:49 -04:00
Steven Clark 91d1628bb5
Initial ACME new-nonce API (#19822)
* Initial ACME new-nonce API implementation

* Return proper HTTP status codes for ACME new-nonce API handler
2023-03-29 18:22:48 +00:00
Robert 71071fd954
docs: Change wording for AssumeRole permissions in AWS secrets (#19823)
Co-authored-by: wernerwws <wernerwws@users.noreply.github.com>
2023-03-29 13:03:26 -05:00
Steven Clark bc57865998
PKI: Initial ACME directory API support (#19803)
* PKI: Initial ACME directory API support along with basic tests for error handler and the directory itself across various paths.
2023-03-29 16:29:19 +00:00
vinay-gopalan f2a4b23b7f
Update pseudo-version for Secrets Terraform plugin (#19798) 2023-03-29 09:01:35 -07:00
Alexander Scheel e95fadd8f0
Add mechanism to disable automatic rollbacks (#19748)
When testing the rollback mechanism, there's two categories of tests
typically written:

 1. Ones in which the rollback manager is entirely left alone, which
    usually are a bit slower and less predictable. However, it is still
    sufficient in many scenarios.
 2. Ones in which the rollback manager is explicitly probed by tests
    and "stepped" to achieve the next rollback.

Here, without a mechanism to fully disable the rollback manager's
periodic ticker (without affecting its ability to work!) we'll continue
to see races of the sort:

>     --- FAIL: TestRevocationQueue (50.95s)
>     panic: sync: WaitGroup is reused before previous Wait has returned [recovered]
>         panic: sync: WaitGroup is reused before previous Wait has returned

This allows us to disable the ticker, returning control to the test
suite entirely.

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2023-03-29 08:59:01 -04:00
Raymond Ho 554674fb59
add docs for VAULT_RUN_MODE (#19808) 2023-03-28 21:18:45 -07:00
claire labry 2531f721c7
fix github ref (#19805)
* fix github ref

* udpate comment
2023-03-28 15:59:27 -05:00
Alexander Scheel 27f670abd5
Tighten JWS algorithm lists (#19797)
* Add new PKI ACME subpackage to test_packages list

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Restrict JWS keys to specified algorithms

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

---------

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2023-03-28 20:49:07 +00:00
Chelsea Shaw 6d19f47732
UI: Remove out of date blueprint (#19795) 2023-03-28 14:59:54 -05:00
Daniel Huckins 243c86b2c5
VAULT-12144: add openapi responses for /sys/rotate endpoints (#18624)
* responses for rotate endpoints

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* added changelog

* add test for rotate config

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* update to use newer function

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* use new func

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

---------

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>
2023-03-28 15:40:48 -04:00
Daniel Huckins 4b52cea28c
VAULT-12144: add openapi responses for /sys/seal endpoints (#18625)
* added responses to seal/unseal endpoints

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* add response for /seal-status

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* added change log

---------

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>
2023-03-28 15:39:08 -04:00
Daniel Huckins e33b87a2c3
VAULT-12144: add openapi responses for assorted /sys endpoints (#18628)
* added response struct for version-history

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* add response struct for leader

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* add response struct for ha-status

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* add response struct for host-info

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* add response struct for in-flight-req

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* added changelog

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* Apply suggestions from code review

Co-authored-by: Anton Averchenkov <84287187+averche@users.noreply.github.com>

* make fmt

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

---------

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>
Co-authored-by: Anton Averchenkov <84287187+averche@users.noreply.github.com>
2023-03-28 15:38:35 -04:00
Daniel Huckins d8191e0a4b
mark internal/counters/requests as deprecated (#19359)
Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>
2023-03-28 15:31:20 -04:00
Victor Rodriguez bd76f6c539
Update Vault PKCS#11 Provider documentation for v0.2.0. (#19783) 2023-03-28 14:57:45 -04:00
Alexander Scheel cb8be1d8be
Add initial ACME server library to PKI (#19778)
* Add ACME package to provide a nonce service

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add JWS parsing helper

Using go-jose v2, we start building a JWS parsing helper, ensuring that
fields are properly validated w.r.t. the ACME spec's intersection with
JWS.

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add error context information

Start adding the ability to wrap errors returned by Vault to
ACME-specific errors.

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Make ACMEState exported

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

---------

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2023-03-28 17:29:54 +00:00
Daniel Huckins f34313e611
VAULT-12144: add openapi responses for /sys/wrapping endpoints (#18627)
* add response structures for /sys/wrapping endpoints

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* added changelog

* dynamic tests should be nil

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

---------

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>
2023-03-28 11:12:34 -04:00
Violet Hynes 44894253fc
VAULT-8337 OSS changes part 2 (#19698) 2023-03-28 10:32:30 -04:00
akshya96 c3b1c3188c
Github Action to check deprecations in PR (#19666)
* deprecation check

* adding script

* add execute permission to script

* revert changes

* adding the script back

* added working script for local and GHA

* give execute permissions

* updating revgrep

* adding changes to script, tools

* run go mod tidy

* removing default ref

* make bootstrap

* adding to makefile
2023-03-27 22:50:58 -07:00
Chelsea Shaw ea99048639
UI: Test business logic for oidc callback params (#19727)
Co-authored-by: claire bontempo <68122737+hellobontempo@users.noreply.github.com>
2023-03-27 15:05:26 -05:00
Anton Averchenkov fe53ebd19c
openapi: Remove 'ad' from gen_openapi.sh 2023-03-27 19:50:36 +00:00
Chelsea Shaw 1ec25ee93f
UI: secret-engine model octanified (#19750) 2023-03-27 13:58:21 -05:00
Anton Averchenkov 41466b9eca
docs: Fix duration format link in kv-v2 docs page (#19768) 2023-03-27 13:18:25 -04:00
Raymond Ho f725e151b8
add warning for vault lambda extension cache ttl (#19738) 2023-03-24 23:37:38 +00:00
Daniel Huckins e3d3d6e528
VAULT-12144: add openapi responses for /sys/tools endpoints (#18626)
* add struct for /sys/tools/hash

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* added responses for /sys/tools paths

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* add changelog

* verify respose structure for hash

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* verify respose structure for hash/random

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* use newer testing funct

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* use new test method

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

---------

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>
2023-03-24 23:11:39 +00:00
Marc Boudreau 27103f9908
Remove CircleCI Configuration (#19751)
* modify pre-commit hook to not look for circleci

* remove circleci configuration
2023-03-24 14:24:06 -04:00
Marc Boudreau c1a548d225
Marcboudreau/vault 13760/add test UI to completed (#19747)
* remove check of circleci configuration from pre-commit hook

* add dependency on test-ui for tests-completed job
2023-03-24 13:20:49 -04:00
Kuba Wieczorek 49fca89b1d
Add the FIPS testing job to GitHub Actions CI workflow (#19742) 2023-03-24 17:17:21 +00:00
Marc Boudreau 4749ef9e16
Create Job to Track All Required Test Jobs (#19743)
* add tests-completed job to track all matrix jobs completed successfully

* add dependency on setup job for tests-completed job
2023-03-24 10:39:17 -04:00
Nick Cabatoff fae3e31fda
Address regression introduced by #15493 for non-raft storage backends. (#19721) 2023-03-24 10:15:25 -04:00
ram-parameswaran f491cc8225
Update username template description for AWS (#19690)
Update username template description for AWS by calling out what DisplayName and PolicyName actually are placeholders for
2023-03-23 19:56:55 -07:00