Commit graph

15647 commits

Author SHA1 Message Date
Steven Clark 29099f2ef9
Do not mask RSA verification misuse errors as verification failures (#16695)
- Found by @trishankatdatadog in PR #16549, we were masking errors
   coming out of the rsa verification calls as verfication errors and
   not returning when they were usage errors.
2022-08-12 13:53:25 -04:00
mallika-hc 9e340ed7f8
Update health.mdx (#16645)
* Update health.mdx

Added sample request and response for customizing the status code being returned from the sys/health endpoint

* Update website/content/api-docs/system/health.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>
2022-08-12 10:39:51 -07:00
mallika-hc 4c0ccf28ec
Update replication-dr.mdx (#16665)
Updated the Revoke DR Secondary token section with detail about from where the command needs to be run
2022-08-12 09:10:40 -07:00
Jason O'Donnell c97b982043
secret/database: fix bug where too many wal deletes are deferred (#16686)
* secret/database: fix bug where too many wal deletes are deferred

* changelog

* Update changelog/16686.txt

Co-authored-by: Calvin Leung Huang <1883212+calvn@users.noreply.github.com>

Co-authored-by: Calvin Leung Huang <1883212+calvn@users.noreply.github.com>
2022-08-11 16:22:53 -04:00
claire labry eed4bdb050
add a note clarifying to leave website event in oss only (#16687) 2022-08-11 14:41:15 -05:00
John-Michael Faircloth bb58775bb5
secrets/auth: fix bug with aliased backends (#16673)
* secrets/auth: fix bug with aliased backends

* add changelog

* update changelog to include affected backends
2022-08-10 20:02:05 -05:00
Austin Gebauer 7bda58a1fd
secrets/db: update documentation on password policies (#16679) 2022-08-10 17:52:20 -07:00
Calvin Leung Huang 42de4a40b2
docs: update agent template certificate section (#16573)
* docs: update agent template certificate section

* extend template language section

* make recommendation to use pkiCert over secret
2022-08-10 19:38:56 -04:00
John-Michael Faircloth dd4fb82b5d
unit test: remove postgres dependecy from testing.go (#16675) 2022-08-10 17:01:24 -05:00
Tom Proctor 2d167b3427
Docs: Update Vault CSI Provider SecretProviderClass config options (#16506) 2022-08-10 21:30:20 +01:00
linda9379 5cd1a12178
UI Support for Okta Number Challenge (#15998)
* Imported uuid library for initial commit to push a clean branch.

* Removed import statement in auth-form file since it was causing UI tests to fail as the import was not being used.

* Added nonce field to payload for okta sign in. (#16001)

* Added nonce field to payload for okta sign in.

* Added missing yarn package for uuid

* Fixed failing ui tests in cluster-test file to take into account of nonce field in the payload of okta login

* Removed uuid library and used crypto.randomUUID() to generate unique uuid values instead

* Fixed indent in package.json

* Removed uuid library since decided to use crypto.randomUUID() instead to generate unique uuid values

* Create polling function for correct answer in okta number challenge (#16070)

* Implemented polling function to get correct answer for okta number challenge.

* Disabled polling function for testing as it was causing acceptance test to fail in auth-test.js

* Changed API call to be the auth mount path instead of being static and created a variable to store the oktaNumberChallengeAnswer to be used later for the display screens

* Create component for okta number challenge screen (#16195)

* Implemented loading screen and display screen for correct answer for Okta Number Challenge

* Fixed linting issues on hbs files

* Added periods to parameter descriptions and made parameters optional

* Removed optional parameters from calling AuthForm component if authMethod is not Okta

* Implement error handling and screens for okta number challenge (#16276)

* Implemented loading screen and display screen for correct answer for Okta Number Challenge

* Fixed linting issues on hbs files

* Temporary changes to include error screen in okta number challenge

* Created error screen tests and made minor fixes

* Fixed error for wrong parameter name being passed in

* Fixed linting issues causing ui tests to fail

* Added periods at the end of param descriptions

* Imported uuid library for initial commit to push a clean branch.

* Removed import statement in auth-form file since it was causing UI tests to fail as the import was not being used.

* Removed uuid library since decided to use crypto.randomUUID() instead to generate unique uuid values

* Added nonce field to payload for okta sign in. (#16001)

* Added nonce field to payload for okta sign in.

* Added missing yarn package for uuid

* Fixed failing ui tests in cluster-test file to take into account of nonce field in the payload of okta login

* Removed uuid library and used crypto.randomUUID() to generate unique uuid values instead

* Fixed indent in package.json

* Create polling function for correct answer in okta number challenge (#16070)

* Implemented polling function to get correct answer for okta number challenge.

* Disabled polling function for testing as it was causing acceptance test to fail in auth-test.js

* Changed API call to be the auth mount path instead of being static and created a variable to store the oktaNumberChallengeAnswer to be used later for the display screens

* Create component for okta number challenge screen (#16195)

* Implemented loading screen and display screen for correct answer for Okta Number Challenge

* Fixed linting issues on hbs files

* Added periods to parameter descriptions and made parameters optional

* Removed optional parameters from calling AuthForm component if authMethod is not Okta

* Implement error handling and screens for okta number challenge (#16276)

* Implemented loading screen and display screen for correct answer for Okta Number Challenge

* Fixed linting issues on hbs files

* Temporary changes to include error screen in okta number challenge

* Created error screen tests and made minor fixes

* Fixed error for wrong parameter name being passed in

* Fixed linting issues causing ui tests to fail

* Added periods at the end of param descriptions

* UI/vault 7312/fix vault enterprise error for okta number challenge (#16568)

* Fixed bug with okta not working when selecting okta tab after being on other tab

* Fixed vault enterprise errors

* Fixed error when logging in with Okta in 'Other' tab

* Removed namespace parameter in option to use the default

* Added changelog
2022-08-10 15:46:04 -04:00
Michele Degges 5c4b1cc4ac
[CI-only] Use pattern matching for release_branches (#16375)
Pattern matching was [recently added](https://github.com/hashicorp/crt-orchestrator/pull/51) so that teams no longer have to explicitly list every branch that should trigger the CRT pipeline. This simplifies release preparation- anytime a new release branch is created, it will produce releasable artifacts and exercise the full pipeline.
2022-08-10 11:25:10 -07:00
Christopher Swenson c7c9abff32
Update OSS workflow so not all issues get put in the UI board (#16666)
If we don't guard against pull_request being null, we do a lot of extra
checkout and path filtering, and it ends up putting everything in the UI
board.

I tested this in another repo, and it seems to behave correctly.
2022-08-10 08:53:45 -07:00
Violet Hynes 398d51bb3d
VAULT-6818 Docs for entity merge functionality (#16593)
* VAULT-6818 Docs for entity merge functionality

* VAULT-6818 Elaborate more on what happens to non-kept aliases
2022-08-10 09:10:10 -04:00
Violet Hynes 4850a3ff0e
VAULT-6818 - Restrict ability to merge entities with mount-accessor-conflicting aliases unless one is explicitly chosen to be kept (#16539)
* VAULT-6818 delete unmerged entity aliases instead of orphaning them

* VAULT-6818 Prevent merge with clashing aliases, allow for resolution of clashing entity aliases

* VAULT-6818 Small updates

* VAULT-6818 Restrict to only one clash merge at once

* VAULT-6818 changelog

* VAULT-6818 use strutil package instead of slices

* VAULT-6818 Update variable names for clarity

* VAULT-6818 Update test

* VAULT-6818 update error message

* VAULT-6818 Use helper method

* VAULT-6818 validate entityIds

* VAULT-6818 group imports better

* VAULT-6818 use change instead of bug

* VAULT-6818 use multierror instead of custom struct

* VAULT-6818 Use multierror properly

* VAULT-6818 Small refactor based on feedback
2022-08-10 09:10:02 -04:00
claire bontempo a1cef4a72a
UI/ fix tooltip submitting form (#16659)
* fix tooltip submitting form

* add changelog

* add changelog actually
2022-08-09 20:51:29 -07:00
Christopher Swenson 8b1a9da460
Update project auto-triage to use new token (#16660) 2022-08-09 19:29:39 -04:00
Loann Le 6d3cd5249e
modified wording (#16655) 2022-08-09 15:09:49 -07:00
Christopher Swenson 18d336b16c
Add Open Source project workflow (#16653)
Add Open Source project workflow

This will help us triage open source issues into our various internal
project boards.

I tested this on a separate repo, and it seems to work.
2022-08-09 17:52:07 -04:00
Rachel Culpepper c367f883a0
Vault-5626: add key wrapping guide for transit import (#16365)
* add key wrapping guide for transit import

* link to key wrap guide from transit overview

* add new page to nav

* fix formatting

* fix note format

* fix link
2022-08-09 16:14:15 -05:00
Josh Black 005903f1ae
Clarify upgrades post 1.11 (#16650) 2022-08-09 13:57:58 -07:00
Chris Capurso 52d6287d4b
update license FAQ docs with termination changes (#16634)
* update license FAQ docs with termination changes

* change intro statement

* change temp eval license issuance callout

* PR feedback

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>
2022-08-09 11:27:57 -07:00
Chris Capurso 707fcad006
Add custom metadata to namespace API and CLI docs (#16633)
* add custom_metadata to ns api docs

* update ns CLI docs to add custom-metadata flag
2022-08-09 14:10:41 -04:00
Kevin 9365250dfc
fix typo in Discovering the service account issuer (#16641) 2022-08-09 13:27:30 -04:00
Robert 4bbdf61f52
auth/kerberos: update plugin version to v0.7.2 (#16636)
* Update plugin version to v0.7.2
2022-08-09 11:02:41 -05:00
Chris Capurso a0c557f38a
VAULT-7256: Add custom_metadata to namespaces (#16640)
* add mapstructure tags to Namespace struct

* add custom metadata Parse helper

* add ns custom metadata and patch
2022-08-09 11:38:03 -04:00
Austin Gebauer e72b7a8938
identity/oidc: minor fixes to the API documentation (#16638) 2022-08-09 08:09:37 -07:00
Milena Zlaticanin 78e8c135fc
Hana - Add username customization (#16631)
* implement username customization feature

* adding changelog

* update database capabilities doc

* update database capabilities doc

Co-authored-by: Zlaticanin <milena@hashicorp.com>
2022-08-08 16:01:34 -05:00
Alexander Scheel a259978a3d
Add warning when generate_lease=true (#16398)
This option is known to cause problems with large numbers of issued
certificates. Ensure admins are warned about the impact of this field
and encourage them to disable it.

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2022-08-08 13:26:10 -04:00
Austin Gebauer ed143c5678
identity/oidc: reorder authorization endpoint validation for invalid redirect uris (#16601)
* identity/oidc: reorder authorization endpoint validation for invalid redirect uris

* adds changelog

* use provider.allowedClientID
2022-08-08 09:02:18 -07:00
claire labry 326936b1ef
introduces the post publish website event (#16328) 2022-08-08 16:51:03 +01:00
Austin Gebauer 59831a8d5c
identity/oidc: adds client_secret_post token endpoint authentication method (#16598)
* identity/oidc: adds client_secret_post token endpoint authentication method

* fix test

* adds changelog
2022-08-08 08:41:09 -07:00
Meggie b7365df464
Adding PGX change to release & upgrade notes (#16613)
Also some heading size tidying
2022-08-05 14:57:47 -04:00
Austin Gebauer 67339b71e8
identity/oidc: fixes validation of the request and request_uri parameters (#16600)
* identity/oidc: add request_parameter_supported to discovery document

* adds changelog
2022-08-05 11:55:15 -07:00
Austin Gebauer a2bc8cfb96
identity/oidc: change the state parameter to optional (#16599)
* identity/oidc: change the state parameter to optional

* adds changelog

* update docs
2022-08-05 11:37:24 -07:00
Hridoy Roy a02c02ea68
upgrade raft to 1.3.10 (#16609)
* upgrade raft to 1.3.10

* changelog
2022-08-05 10:27:37 -07:00
David Fleming f08143cec8
Fix Link: OIDC Provider Config - Okta (#16607)
Okta was pointing at /docs/auth/jwt/oidc-providers/kubernetes.  Updated to point at /docs/auth/jwt/oidc-providers/okta
2022-08-05 12:40:03 -04:00
Jason O'Donnell bc93baaaab
auth/kerberos: add remove_instance_name config (#16594)
* auth/kerberos: add remove_instance_name config

* Update website

* Fix doc

* Fix doc

* changelog
2022-08-04 16:38:12 -04:00
Loann Le 85539da102
vault documentation: updated architecture doc page (#16569)
* updated content

* fixed spelling error

* Update website/content/docs/internals/architecture.mdx

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>

* Update website/content/docs/internals/architecture.mdx

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>

* Update website/content/docs/internals/architecture.mdx

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>

* Update website/content/docs/internals/architecture.mdx

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>

* Update website/content/docs/internals/architecture.mdx

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>

* updated content

* italicized barrier

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>
2022-08-04 11:29:31 -07:00
Austin Gebauer e2d3846a25
identity/oidc: adds detailed listing capability for clients and providers (#16567)
* identity/oidc: adds detailed listing capability for clients and providers

* change approach to use ListResponseWithInfo

* adds changelog
2022-08-04 10:10:28 -07:00
Chris Capurso 1820b771ce
fix typo in certificate (#16588) 2022-08-04 13:01:34 -04:00
Violet Hynes ac582c86cd
VAULT-7432 Fix flaky expiration behaviour (#16586) 2022-08-04 10:47:14 -04:00
Robert de Bock 4a6218ca45
Update raft.mdx (#16579)
Explicitly explain that the content of a certificate or key is expected, not a path.
2022-08-04 09:56:23 -04:00
Nick Cabatoff 5e504944d7
Document how replication uses cluster addresses. (#16545) 2022-08-04 09:10:23 -04:00
Ikko Ashimine 49bfd3a944
Fix typo in managed-keys.mdx (#16578)
targetting -> targeting
2022-08-04 09:02:13 -04:00
Mike Palmiotto cd1157a905
Vault 7338/fix retry join (#16550)
* storage/raft: Fix cluster init with retry_join

Commit 8db66f4853abce3f432adcf1724b1f237b275415 introduced an error
wherein a join() would return nil (no error) with no information on its
channel if a joining node had been initialized. This was not handled
properly by the caller and resulted in a canceled `retry_join`.

Fix this by handling the `nil` channel respone by treating it as an
error and allowing the existing mechanics to work as intended.

* storage/raft: Improve retry_join go test

* storage/raft: Make VerifyRaftPeers pollable

* storage/raft: Add changelog entry for retry_join fix

* storage/raft: Add description to VerifyRaftPeers
2022-08-03 20:44:57 -05:00
Mike Palmiotto 42900b554b
storage/raft: Make raftInfo atomic (#16565)
* storage/raft: Make raftInfo atomic

This fixes some racy behavior discovered in parallel testing. Change the
core struct member to an atomic and update references throughout.
2022-08-03 18:40:49 -04:00
Eng Zer Jun 61262ad98e
refactor: replace strings.Replace with strings.ReplaceAll (#15392)
strings.ReplaceAll(s, old, new) is a wrapper function for
strings.Replace(s, old, new, -1). But strings.ReplaceAll is more
readable and removes the hardcoded -1.

Signed-off-by: Eng Zer Jun <engzerjun@gmail.com>
2022-08-03 15:22:48 -04:00
FalcoSuessgott f7cb95968e
Add vkv to related tools list (#16285) 2022-08-03 15:18:54 -04:00
Robert 7f8c849b35
Update Consul bootstrap test case to conditionally add token to config (#16560)
* Fix bootstrap test to conditionally add Consul token

* Refactor bootstrap variable name to be more clear
2022-08-03 13:43:43 -05:00