Commit graph

16985 commits

Author SHA1 Message Date
Tom Proctor fa298906b2
Events API uses consistent error codes (#19246) 2023-02-20 16:24:27 +00:00
Max Winslow 3a132c2428
Add vault print token to commands in Vault docs (#19183)
* doc-update

* Update website/content/docs/commands/print.mdx

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>

---------

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>
2023-02-17 20:51:48 -08:00
Anton Averchenkov e5770359b5
Simplify gen_openapi.sh script (#19245)
* Simplify gen_openapi.sh script

* Update scripts/gen_openapi.sh

Co-authored-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* use correct import

---------

Co-authored-by: Daniel Huckins <dhuckins@users.noreply.github.com>
2023-02-17 14:48:05 -05:00
Christopher Swenson 404d7a57bb
events: WS protobuf messages should be binary (#19232)
The [WebSockets spec](https://www.rfc-editor.org/rfc/rfc6455) states
that text messages must be valid UTF-8 encoded strings, which protobuf
messages virtually never are. This now correctly sends the protobuf events
as binary messages.

We change the format to correspond to CloudEvents, as originally intended,
and remove a redundant timestamp and newline.

We also bump the eventlogger to fix a race condition that this code triggers.
2023-02-17 11:38:03 -08:00
Scott Miller 0a5f3208fd
Document the 'convergent' tokenization transform option (#19249) 2023-02-17 13:15:40 -06:00
Anton Averchenkov 76d8d2b88a
Stop vault on exit in gen_openapi.sh (#19252) 2023-02-17 13:06:00 -05:00
Alexander Scheel dd3356752a
Add note on client cert definition (#19248)
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2023-02-17 11:36:41 -05:00
AnPucel 4c0895188a
Adding PKI Responses 3 (#18596) 2023-02-16 17:31:45 -08:00
John-Michael Faircloth 9c837ef4b5
docs/upgrade guide: add changes to plugin loading (#19231)
* docs/upgrade guide: add changes to plugin loading

* clarify this is for external plugins
2023-02-16 22:47:29 +00:00
Chelsea Shaw 698a652a92
UI: Remove Wizard (#19220)
* Remove UI Wizard temporarily [GH-19000]
2023-02-16 22:44:33 +00:00
claire bontempo a5a80b895d
replace whitelist with allow (#19217) 2023-02-16 14:35:30 -08:00
John-Michael Faircloth 678556f3df
plugin/secrets/auth: enable multiplexing (#19215)
* plugin/auth: enable multiplexing

- the plugin will be multiplexed when run as an external plugin
  by vault versions that support secrets/auth plugin multiplexing (> 1.12)
- we continue to set the TLSProviderFunc to maintain backwards
  compatibility with vault versions that don't support AutoMTLS (< 1.12)

* enable multiplexing for secrets engines

* add changelog

* revert call to ServeMultiplex for pki and transit

* Revert "revert call to ServeMultiplex for pki and transit"

This reverts commit 755be28d14b4c4c4d884d3cf4d2ec003dda579b9.
2023-02-16 22:25:15 +00:00
John-Michael Faircloth eca810d06e
test/plugin: test external database plugin workflows (#19191)
* test/plugin: test external db plugin

* use test helper to get cluster and plugins

* create test helper to create a vault admin user

* add step to revoke lease

* make tests parallel and add reload test

* use more descriptive name for test group; check response
2023-02-16 15:52:24 -06:00
Tony Wittinger ef367ecc90
Update changelog 1.13.0-rc1 (#19221)
* Update changelog 1.13.0-rc1

* Remove 1.13.0 Unreleased content
2023-02-16 16:30:12 -05:00
Daniel Huckins 448f5dd33e
VAULT-12112: add openapi response structures for /sys/config and /sys/generate-root endpoints (#18472)
* some config responses

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* added response structs

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* added changelog

* add test for config/cors

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* add (failing) tests

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* copy-pasta err

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* update tests for /sys/config/ui/headers/{header}

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

---------

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>
2023-02-16 15:06:26 -05:00
Daniel Huckins 60488687ad
VAULT-12112: add openapi response structures for /sys/capabilities* endpoints (#18468)
* add capabilities

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* added change log

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* add test

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* use nil for dynamic fields

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

---------

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>
2023-02-16 15:04:37 -05:00
Daniel Huckins a9d15f1252
VAULT-12112: add openapi response structures for /sys/auth/* endpoints (#18465)
* added responses to /sys/auth/.../tune

* add response structure for auth/...

* added changelog

* Update vault/logical_system_paths.go

Co-authored-by: Anton Averchenkov <84287187+averche@users.noreply.github.com>

* its TypeString

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* use nil for dynamic fields

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* test auth endpoint schema

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* kicking off ci

---------

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>
Co-authored-by: Anton Averchenkov <84287187+averche@users.noreply.github.com>
2023-02-16 15:03:19 -05:00
Angel Garbarino c48d36eb8a
add test coverage (#19226) 2023-02-16 12:28:19 -07:00
Angel Garbarino 18043a05e8
Show generate creds for static-roles when you have read permissions (#19190)
* fix, need to test and write test for

* the fix

* add test coverage

* changelog:

* woops param already existed

* remove test coverage

* Delete database-role-edit-test.js
2023-02-16 18:10:56 +00:00
Tom Proctor 2472029a0a
Support event subscriptions with glob wildcards (#19205) 2023-02-16 17:22:56 +00:00
Scott Miller ccab6ab676
Update go-kms-wrapping and it's gcpc wrapper to pick up google-cloud-go migration (#19219) 2023-02-16 11:21:25 -06:00
Tom Proctor 3324217f43
Add changelog entry for alpha event system feature (#19194) 2023-02-16 17:21:12 +00:00
claire bontempo b3d75d5bce
UI/add allowed response headers secret mount (#19216)
* add allowed_response_headers

* fix empty state text

* add spaces

* add changelog

* updates skipped mount-secret-backend test to run

---------

Co-authored-by: Jordan Reimer <zofskeez@gmail.com>
2023-02-16 17:03:15 +00:00
Peter Wilson d109bf1108
Use MaxInt vs. MaxInt64 to prevent overflow on 32bit architectures (#19213) 2023-02-16 16:40:52 +00:00
Peter Wilson 70f1d3c217
Remove incorrect information about being able to set environment variables for certain log config (#19208) 2023-02-16 13:37:59 +00:00
AnPucel 2d58144620
PKI Response Structures Part 2 (#18479)
Response structures from intermediate --> manage_keys
2023-02-15 15:09:57 -08:00
AnPucel e05c8931b9
Adding Response Structures to PKI Config (#18376) 2023-02-15 14:51:27 -08:00
Raymond Ho 91446e129e
Add rotate root docs for azure secrets (#19187) 2023-02-15 13:07:42 -08:00
Raymond Ho c6a455c92f
fix TestBackendAcc_LoginWithCallerIdentity (#19201) 2023-02-15 12:40:49 -08:00
Leland Ursu 0704127020
added OpenAPI response objects for sys endpoints (#18633)
* added response objects for sys 3 section

* Update vault/logical_system_paths.go

Co-authored-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* Update vault/logical_raw.go

Co-authored-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* Update vault/logical_system_paths.go

Co-authored-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* Update vault/logical_system_quotas.go

Co-authored-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* Update vault/logical_system_quotas.go

Co-authored-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* Update vault/logical_system_quotas.go

Co-authored-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* add tests and update based on reviews

* added changelog file

* finally got make fmt to work...

* fixed copy pasta test case

* updated based on review

* Update vault/logical_system_quotas.go

Co-authored-by: Anton Averchenkov <84287187+averche@users.noreply.github.com>

* Update vault/logical_system_test.go

Co-authored-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* Update vault/logical_system_test.go

Co-authored-by: Daniel Huckins <dhuckins@users.noreply.github.com>

---------

Co-authored-by: lursu <leland.ursu@hashicorp.com>
Co-authored-by: Daniel Huckins <dhuckins@users.noreply.github.com>
Co-authored-by: Anton Averchenkov <84287187+averche@users.noreply.github.com>
2023-02-15 15:02:21 -05:00
Leland Ursu 6425130605
Added OpenAPI response structures for sys endpoints (#18515)
* added response objects to all of the endpoints laid out by the ticket linked

* added changelog file and updated based on review

* added the required bool to the correct fields

* Update vault/logical_system_paths.go

Co-authored-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* Update vault/logical_system_paths.go

Co-authored-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* Update vault/logical_system_paths.go

Co-authored-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* Update vault/logical_system_paths.go

Co-authored-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* Update vault/logical_system_paths.go

Co-authored-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* Update vault/logical_system_paths.go

Co-authored-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* Update vault/logical_system_paths.go

Co-authored-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* updated based on review

* Update vault/logical_system_paths.go

Co-authored-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* Update vault/logical_system_paths.go

Co-authored-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* updated based on review and added test cases for validating response structures

* fix copy pasta issues breaking tests

* Update vault/logical_system_paths.go

Co-authored-by: Anton Averchenkov <84287187+averche@users.noreply.github.com>

* fix test failures

* fixed issue with refrencing the wrong req var name

* fixed another test case and double checked the rest

* updated based on review

* updated in all locations

* Update vault/logical_system_paths.go

Co-authored-by: Anton Averchenkov <84287187+averche@users.noreply.github.com>

* Update vault/logical_system_paths.go

Co-authored-by: Anton Averchenkov <84287187+averche@users.noreply.github.com>

* fixed my brain fart

* Update vault/logical_system_paths.go

Co-authored-by: Anton Averchenkov <84287187+averche@users.noreply.github.com>

* address fmt error

---------

Co-authored-by: lursu <leland.ursu@hashicorp.com>
Co-authored-by: Daniel Huckins <dhuckins@users.noreply.github.com>
Co-authored-by: Anton Averchenkov <84287187+averche@users.noreply.github.com>
2023-02-15 15:00:06 -05:00
Daniel Huckins 7fde5ecb83
Validate response schema for integration tests (#19043)
* add RequestResponseCallback to core/options

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* pass in router and apply function on requests

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* add callback

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* cleanup

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* Apply suggestions from code review

Co-authored-by: Anton Averchenkov <84287187+averche@users.noreply.github.com>

* Update vault/core.go

* bad typo...

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* use pvt interface, can't downcast to child struct

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* finer grained errors

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* trim path for backend

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* remove entire mount point instead of just the first part of url

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* Update vault/testing.go

Co-authored-by: Anton Averchenkov <84287187+averche@users.noreply.github.com>

* add doc string

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* update docstring

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* reformat

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* added changelog

---------

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>
Co-authored-by: Anton Averchenkov <84287187+averche@users.noreply.github.com>
2023-02-15 14:57:57 -05:00
Christopher Swenson 020a3903ff
events: Remove subscriptions on timeout and cancel (#19185)
When subscriptions are too slow to accept messages on their channels,
then we should remove them from the fanout so that we don't have
dead subscriptions using up resources.

In addition, when a subscription is explicitly canceled, we should
also clean up after it remove the corresponding pipeline.

We also add a new metrics, `events.subscriptions`, to keep track
of the number of active subscriptions. This also helps us test.

Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com>
2023-02-15 11:13:15 -08:00
Alexander Scheel 8e1e95b2e2
Allow listing health checks without mount path (#19199)
* Allow listing health checks without mount path

This allows the bare:

    $ vault pki health-check -list

without a corresponding mount path to complete. Otherwise, users would
be greeted with a prompt for the mount, which is less than ideal.

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Fix usage, use <mount> over pki

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

---------

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2023-02-15 19:08:19 +00:00
Austin Gebauer 5691ec3201
secrets/gcp: use feature format for changelog entry of impersonated accounts (#19200) 2023-02-15 11:06:50 -08:00
Anton Averchenkov 14316ea44e
Refactor approle response validation tests (#19188) 2023-02-15 12:29:15 -05:00
Steven Clark 95efc9b569
Add PKI unified-revocation changelog (#19196) 2023-02-15 09:54:14 -05:00
Steven Zamborsky 7534689818
Update raftautosnapshots.mdx (#18996)
Clarify that the `local_max_space` value for local automated snapshots is cumulative for all snapshots in the `file_prefix` path.
2023-02-14 22:46:41 -08:00
Jordan Reimer c3d4b2ff7b
Kubernetes config payload fix (#19184)
* unsets kubernetes manual config properties when saving local cluster option

* fixes test
2023-02-14 15:47:23 -07:00
John-Michael Faircloth fc13efc80e
docs/plugins: update upgrading plugins (#19109)
* docs/plugins: update upgrading plugins

* Update website/content/docs/upgrading/plugins.mdx

Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com>

---------

Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com>
2023-02-14 17:40:06 +00:00
Jaymala 99d4151a38
Fetch replication status in its own resource (#19132)
* Fix json decode errors for Enos replication verification module

Signed-off-by: Jaymala Sinha <jaymala@hashicorp.com>

* Rewrite the pr connection check script

Signed-off-by: Jaymala Sinha <jaymala@hashicorp.com>

* Do not fail on get replication status

Signed-off-by: Jaymala Sinha <jaymala@hashicorp.com>

---------

Signed-off-by: Jaymala Sinha <jaymala@hashicorp.com>
2023-02-14 12:21:29 -05:00
Angel Garbarino 3003ff85ce
Disabling License Banners (#19116)
* work in progress: got the expired banner set with license check

* wip: got the logic for both banners, need to test and write tests

* add notes

* prep for test writing

* test coverage

* add changelog

* clean up

* clarify dismissTypes and conditionals

* updates

* update comment

* update comment

* address pr comments

* update test

* small naming change

* small naming changes

* clean localStorage

* comment clean up

* another comment clean up

* remove meep

* add test coverage for new method in localStorage
2023-02-14 17:00:24 +00:00
Alexander Scheel d0925f3661
Add cryptosec as codeowners to relevant docs (#19070)
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2023-02-14 10:48:16 -05:00
Fulton Byrne 000e643ecf
LifeTimeWatcher SleepDuration calculation testing (#17919)
* factor out sleep duration calc
* property based sleep duration test

Co-authored-by: peteski22 <peter.wilson@hashicorp.com>
2023-02-14 14:57:25 +00:00
Steven Clark 9338c22c53
Trap errors related to vault pki list-intermediate issuer reading (#19165)
* Rename files to match test suite and existing pattern

* Factor out issuer loading into a dedicated function

 - Add a little more checks/validation when loading the a PKI issuer
 - Factor out the issuer loading into a dedicated function
 - Leverage existing health check code to parse issuer certificates

* Read parent issuer once instead of reloading it for every child

 - Read in our parent issuer once instead of running it for every child
   we want to compare against
 - Provides clearer error message that we have failed reading from which
   path to the end user

* PR Feedback

 - Rename a variable for clarity
 - Use readIssuer in the validation of the parent issuer within
   pkiIssuer
 - Add some missing return 1 statements in error handlers that had been
   missed
2023-02-14 08:51:44 -05:00
Steven Clark 225dd869d4
Attempt at fixing the memory usage in CI (#19171)
- Do not keep many intervals of the in memory sink metrics
   collector. Otherwise we fill up the CI's memory
2023-02-14 08:40:25 -05:00
Max Coulombe 2c32190eed
Fix database sample payload doc (#19170)
* * fix database static-user rotation statement in sample payload

* + added changelog
2023-02-14 08:29:27 -05:00
Theron Voran dda2df25db
docs/vault-helm: fix multi-line block copy (#19119)
Add a `$` before the command in shell blocks that include command
output, so that the "Copy" button on the website only copies the
command and not the output.
2023-02-13 22:21:11 -08:00
Christopher Swenson 98513eb784
Update namespace.FromContext comment (#18840)
It looks like namespace context caching was removed in
https://github.com/hashicorp/vault/pull/5200
but this comment was left referencing it, which I found confusing
at first glance.
2023-02-13 11:04:32 -08:00
Kuba Wieczorek 04729162e3
Update version to 1.14.0 and version prerelease to beta1 (#19163) 2023-02-13 16:37:45 +00:00