Commit graph

14626 commits

Author SHA1 Message Date
Loann Le 296fee0193
changed to upper-case for integrated storage (#14037) 2022-02-14 08:38:06 -08:00
Angel Garbarino eba46e0d4d
Some folder restructuring to help with route loading states (#14022)
* initial reshuffle to use outlet and remove dashboard and index replace with higher level parent clients

* loading

* clean up

* test clean up

* clean up
2022-02-11 15:15:12 -07:00
Jason O'Donnell b686d727a9
docs/azure: add note about identities (#14020) 2022-02-11 17:09:35 -05:00
Austin Gebauer 88a8103ad6
identity/oidc: use inherited group membership for client assignments (#14013) 2022-02-11 11:40:44 -08:00
Yoko Hyakuna 4ac997561f
Add 'Integrated Storage vs. Consul' comparison (#13999)
* Add IS vs. external storage section

* Update website/content/docs/configuration/storage/index.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* Update website/content/docs/configuration/storage/index.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* Update website/content/docs/configuration/storage/index.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* Update website/content/docs/configuration/storage/index.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* Update website/content/docs/configuration/storage/index.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* Update website/content/docs/configuration/storage/index.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* Update website/content/docs/configuration/storage/index.mdx

Co-authored-by: Meggie <meggie@hashicorp.com>

* Update website/content/docs/configuration/storage/index.mdx

Co-authored-by: Meggie <meggie@hashicorp.com>

* Add a cross-referencing link

* Update website/content/docs/configuration/storage/index.mdx

Co-authored-by: Lauren Dunnevant <84867887+hashildy@users.noreply.github.com>

* Update website/content/docs/configuration/storage/index.mdx

Co-authored-by: David Adams <daveadams@gmail.com>

* Update website/content/docs/configuration/storage/index.mdx

Co-authored-by: David Adams <daveadams@gmail.com>

* Update website/content/docs/concepts/storage.mdx

Co-authored-by: David Adams <daveadams@gmail.com>

* Update website/content/docs/configuration/storage/index.mdx

Co-authored-by: Lauren Dunnevant <84867887+hashildy@users.noreply.github.com>

* Update website/content/docs/configuration/storage/index.mdx

Co-authored-by: Lauren Dunnevant <84867887+hashildy@users.noreply.github.com>

* Update website/content/docs/configuration/storage/index.mdx

Co-authored-by: Lauren Dunnevant <84867887+hashildy@users.noreply.github.com>

* Update website/content/docs/configuration/storage/index.mdx

Co-authored-by: Lauren Dunnevant <84867887+hashildy@users.noreply.github.com>

* Update website/content/docs/configuration/storage/index.mdx

Co-authored-by: Lauren Dunnevant <84867887+hashildy@users.noreply.github.com>

* Incorporate review feedback

* Incorporate review feedback

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>
Co-authored-by: Meggie <meggie@hashicorp.com>
Co-authored-by: Lauren Dunnevant <84867887+hashildy@users.noreply.github.com>
Co-authored-by: David Adams <daveadams@gmail.com>
2022-02-11 08:07:35 -08:00
Lars Lehtonen e4c1877552
vault/external_tests/approle: fix dropped test error (#13947) 2022-02-10 19:41:45 -05:00
Shohei Maeda 4073f6663b
KV v2 doc - fix format and update examples (#14003) 2022-02-10 13:20:36 -08:00
claire bontempo 70da9500a1
UI/Client counts view if no license (#13964)
* adds date picker if no license start date found

* handle permissions denied for license endpoint

* handle permissions errors if no license start date

* change empty state copy for OSS

* fix tests and empty state view

* update nav links

* remove ternary

Co-authored-by: Chelsea Shaw <82459713+hashishaw@users.noreply.github.com>

* simplify hbs boolean

Co-authored-by: Chelsea Shaw <82459713+hashishaw@users.noreply.github.com>

* organize history file

* organize current file

* rerun tests

* fix conditional to show attribution chart

* match main

Co-authored-by: Chelsea Shaw <82459713+hashishaw@users.noreply.github.com>
2022-02-10 12:51:50 -08:00
Kabu 92549d6855
Update terraform.mdx (#11478)
write terraform/roles may be write terraform/role

Co-authored-by: Gary Frederick <imthaghost@protonmail.com>
2022-02-10 11:08:06 -08:00
Ben Ash 7aaee22e07
auth/kubernetes: Update plugin to v0.11.5 (#13925) 2022-02-10 12:23:19 -05:00
Angel Garbarino ccba717a93
Calendar widget tooltip (#13937)
* first tooltip for next year disabled

* workable for left tooltip

* styling

* make dry

* forgot this one

* remove right tooltip

* clean up

* bug fix

* add bullets when two error messages in one

* fix to isAfter on range comparisons

* remove

* update message per design

* only warning for startTime

* fix for firefox
2022-02-10 09:43:40 -07:00
Loann Le c360d5ad45
fixed steps (#13993) 2022-02-09 17:25:33 -08:00
Loann Le bfd49bc16d
added link to hcpv docs (#13992) 2022-02-09 16:15:17 -08:00
Robert 74bdf5f006
Formatting: Remove blank line (#13994) 2022-02-09 18:09:20 -06:00
Gary Frederick ac4804eae8
contained_db DeleteUser unit test (#13895)
* added TestDeleteUserContainedDB | testContainedDBCredsExist helper function

* unit test contained db sanitization

Co-authored-by: Gary Frederick <imtahghost@protonmail.com>
2022-02-09 15:23:13 -08:00
EsbenDalgaard 2489c958f5
Update approle.mdx (#13967) 2022-02-09 18:22:10 -05:00
Robert d0832a1993
secret/consul: Add support for consul namespaces and admin partitions (#13850)
* Add support for consul namespaces and admin partitions
2022-02-09 15:44:00 -06:00
Ray Ryjewski 571804390e
Update gcp.mdx (#13438)
Updated the example for oauth.  In my testing I had to use the project-id for both the project attribute as well as within the bindings attribute.
2022-02-09 12:09:01 -08:00
Niklas Wagner 8199437a4b
Fix Environment Variables in Kubernetes config (#13969)
The Environment Variables seems wrong as you can see:
$ echo "https://$KUBERNETES_SERVICE_HOST:$KUBERNETES_PORT"
https://172.20.0.1:tcp://172.20.0.1:443
2022-02-09 11:16:33 -08:00
Loann Le 622c24f60f
Vault documentation: Updated Licensing FAQ page (#13959)
* updated license faq doc

* fixed typo

* Update website/content/docs/enterprise/license/faq.mdx

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>

* Update website/content/docs/enterprise/license/faq.mdx

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>

* fixed spelling error

* removed a step and added a new one

* fixed note

* added a new link to TDE

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>
2022-02-09 11:14:36 -08:00
Samori Gorse 0f588bc159
Formatting touch ups on storage/dynamodb.mdx (#13948)
Following my previous fix, those are some small formatting touch ups.
2022-02-09 10:36:09 -08:00
Alexander Scheel 386ef0eb6b
Add clarification around vague "this" references (#13968)
* Clarify subject of this w.r.t. TLS configuration

Thanks to @aphorise for pointing this out internally.

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Clarify vague this in secrets/gcp docs

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Clarify vague this in secrets/aws docs

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Clarify vague this in secrets/database/oracle.mdx

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Clarify vague this in seal/pkcs11 docs

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Clarify vague this in agent/autoauth docs

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2022-02-09 13:02:44 -05:00
Jason O'Donnell fc69112f9a
secrets/gcp: update to v0.11.2 (#13974)
* secrets/gcp: update to v0.11.2

* Changelog
2022-02-09 12:57:53 -05:00
Rudy Gevaert d11bc6d316
Use secret_id_bound_cidrs instead of bound_cidr_list in approle docs (#12658)
bound_cidr_list has been deprecated since 1.2.0
2022-02-09 09:34:13 -08:00
Loann Le 2b66cca52d
Vault documentation: added a warning message to vault ui browser support doc (#13961)
* added a warning about using ie browswer

* added Vault UI at the end
2022-02-09 09:10:24 -08:00
Jason O'Donnell 9218e8126e
secrets/azure: update to v0.11.3 (#13973)
* secrets/azure: update to v0.11.3

* Changelog
2022-02-09 11:58:53 -05:00
Chelsea Shaw b00d966054
UI/transit auto rotate interval (#13970)
* Add format-ttl helper

* Add autoRotateInterval to model and serializer for transit key

* Add goSafeTimeString to object returned from TtlPicker2 component

* Add auto rotate interval to transit key components

* clean up unit calculator on ttl-picker, with tests

* Fix tests, cleanup

* Add changelog
2022-02-09 10:56:49 -06:00
Alexander Scheel 26c993107d
Allow all other_sans in sign-intermediate and sign-verbatim (#13958)
* Allow all other_sans in sign-intermediate and sign-verbatim

/sign-verbatim and /sign-intermediate are more dangerous endpoints in
that they (usually) do not have an associated role. In this case, a
permissive role is constructed during execution of these tests. However,
the AllowedOtherSANs field was missing from this, prohibiting its use
when issuing certificates.

Resolves: #13157

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add changelog

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2022-02-09 10:09:19 -05:00
Robert 89b8c84928
Remove old binary before copying new one to GOPATH/bin (#13966) 2022-02-09 08:32:10 -05:00
Andy Assareh c292dbaf4d
mysql is also supported for transform external storage (#13104)
per https://www.vaultproject.io/api/secret/transform#driver and https://www.vaultproject.io/docs/secrets/transform/tokenization#external-sql-stores
2022-02-08 16:40:58 -08:00
claire bontempo 5f5bd1126e
UI/Update Routing and Handle response from API (#13885)
* updates data with response returned after dates queried

* alphabetize todo

* clarify comments

* change dashboard.js to history.js

* separate clients route, add history and config

* add loading to config template

* Add failsafes for no data

* remove commented code

* update all LinkTos with new routes, remove params

* return response if no data

* fix tests

* cleanup

* fixes template with namespace filter

* fixes tests with namespace filter merged

* fix namespace array mapping

* add version history to test object

Co-authored-by: hashishaw <cshaw@hashicorp.com>
2022-02-08 13:07:04 -08:00
Steven Clark 12b0e2a56b
Add documentation for Managed Keys (#13856)
* Add documentation for Managed Keys

 - Add concept, sys/api and pki updates related to managed keys

* Review feedback

 - Reworked quite a bit of the existing documentation based on feedback
   and a re-reading
 - Moved the managed keys out of the concepts section and into the
   enterprise section

* Address broken links and a few grammar tweaks
2022-02-08 14:01:19 -05:00
Angel Garbarino 10e0c1d537
Client counts version-history endpoint (#13907)
* setup

* add catch for when no payload

* clean up

* pr comments

* wip

* finish findAll fixes

* clean up

* remove console log
2022-02-08 11:12:23 -07:00
VAL ccf3c549fb
Correct return value explanation in docstring (#13931) 2022-02-08 09:54:59 -08:00
Chelsea Shaw 4545643be2
UI: Add check for renewal time before triggering renew-self (#13950) 2022-02-08 11:43:42 -06:00
Austin Gebauer 5804da7490
auth/okta: documentation improvements (#13944) 2022-02-08 09:21:19 -08:00
Jason O'Donnell 702399a156
go-mssqldb: update to v0.12.0 (#13951) 2022-02-08 11:45:55 -05:00
Scott Miller f226d0103f
Add duration/count metrics to PKI issue and revoke flows (#13889)
* Add duration/count metrics to PKI issue and revoke flows

* docs, changelog

* tidy

* last tidy

* remove err

* Update callsites

* Simple returns

* Handle the fact that test cases don't have namespaces

* Add mount point to the request

* fmt

* Handle empty mount point, and add it to unit tests

* improvement

* Turns out sign-verbatim is tricky, it can take a role but doesn't have to

* Get around the field schema problem
2022-02-08 10:37:40 -06:00
Alexander Scheel a0feefb2fa
Use application/pem-certificate-chain for PEMs (#13927)
* Use application/pem-certificate-chain for PEMs

As mentioned in #10948, it appears we're incorrectly using the
`application/pkix-cert` media type for PEM blobs, when
`application/x-pem-file` is more appropriate. Per RFC 5280 Section
4.2.1.13, `application/pkix-crl` is only appropriate when the CRL is in
DER form. Likewise, Section 4.2.2.1 states that `application/pkix-cert`
is only applicable when a single DER certificate is used.

Per recommendation in RFC 8555 ("ACME"), Section 7.4.2 and 9.1, we use
the newer `application/pem-certificate-chain` media type for
certificates. However, this is not applicable for CRLs, so we use fall
back to `application/x-pem-file` for these. Notably, no official IETF
source is present for the latter. On the OpenSSL PKI tutorial
(https://pki-tutorial.readthedocs.io/en/latest/mime.html), this type is
cited as coming from S/MIME's predecessor, PEM, but neither of the main
PEM RFCs (RFC 934, 1421, 1422, 1423, or 1424) mention this type.

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add changelog entry

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2022-02-08 08:12:33 -05:00
cr48 1a4dc03bf7
Typo: Corrected same typo in 2 locations (on-premise to on-premises) (#13402)
* Fixed 2 typos on-premise to on-premises.

* Added changelog file.

* Removed 13402.txt file from changelog.

* Update website/content/docs/secrets/terraform.mdx

Co-authored-by: hghaf099 <83242695+hghaf099@users.noreply.github.com>
2022-02-07 18:59:46 -05:00
Scott Miller 0da4d59e3c
OSS of the managed key consumer pattern (#13940)
* OSS of the managed key consumer pattern

* Wrong changes
2022-02-07 15:01:42 -06:00
Austin Gebauer 4c12c2bb42
identity/oidc: adds tests for validation of loopback IP redirect URIs (#13939)
* identity/oidc: adds tests for validation of loopback IP redirect URIs

* Update vault/identity_store_oidc_provider_test.go

Co-authored-by: John-Michael Faircloth <fairclothjm@users.noreply.github.com>

Co-authored-by: John-Michael Faircloth <fairclothjm@users.noreply.github.com>
2022-02-07 12:50:36 -08:00
Jordan Reimer e811821ac7
Transform Advanced Templating (#13908)
* updates regex-validator component to optionally show pattern input and adds capture groups support

* adds form-field-label component

* adds autocomplete-input component

* updates kv-object-editor component to yield block for value and glimmerizes

* updates transform template model

* adds transform-advanced-templating component

* updates form-field with child component changes

* updates transform template serializer to handle differences in regex named capture groups

* fixes regex-validator test

* adds changelog entry

* updates for pr review feedback

* reverts kv-object-editor guidFor removal
2022-02-07 13:07:53 -07:00
Alexander Scheel 33a9218115
Add full CA Chain to /pki/cert/ca_chain response (#13935)
* Include full chain in /cert/ca_chain response

This allows callers to get the full chain (including issuing
certificates) from a call to /cert/ca_chain. Previously, most endpoints
(including during issuance) do not include the root authority, requiring
an explicit call to /cert/ca to fetch. This allows full chains to be
constructed without without needing multiple calls to the API.

Resolves: #13489

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add test case for full CA issuance

We test three main scenarios:

 1. A root-only CA's `/cert/ca_chain`'s `.data.ca_chain` field should
    contain only the root,
 2. An intermediate CA (with root provide) should contain both the root
    and the intermediate.
 3. An external (e.g., `/config/ca`-provided) CA with both root and
    intermediate should contain both certs.

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add documentation for new ca_chain field

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add changelog entry

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add note about where to find the entire chain

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2022-02-07 14:37:01 -05:00
Joe 8d169d48d3
identity/oidc: loopback redirect dynamic port (#13871)
* Add check for OIDC provider to permit a non-exact redirect URI from OIDC client if it is the IPv4 or IPv6 loopback address.

* Update changelog/13871.txt

Co-authored-by: Austin Gebauer <34121980+austingebauer@users.noreply.github.com>

* Update redirectURI check to match that for the OIDC auth method.

Co-authored-by: Austin Gebauer <34121980+austingebauer@users.noreply.github.com>
2022-02-07 10:34:33 -08:00
Loann Le f85945d3aa
Vault documentation: updated What is a Client section (#13816)
* updated client doc

* fixed heading
2022-02-07 09:05:10 -08:00
Jason O'Donnell 7145fe49ff
docs/oracle: add wallet permissions example (#13924)
* docs/oracle: add wallet permissions example

* Update website/content/docs/secrets/databases/oracle.mdx

Co-authored-by: John-Michael Faircloth <fairclothjm@users.noreply.github.com>

Co-authored-by: John-Michael Faircloth <fairclothjm@users.noreply.github.com>
2022-02-07 11:17:33 -05:00
Sarah Thompson e3304380f4
Turning off binary secret scanning to allow builds to be processed until https://github.com/hashicorp/security-scanner/issues/166 is addressed. (#13920) 2022-02-07 15:31:18 +00:00
Andrew Briening ed457aeae7
Adds "raw(/pem)" format to individual cert routes (#10947) (#10948)
Similar to "/pki/ca(/pem)" routes to retrieve
certificates in raw or pem formats, this adds
"pki/cert/{serial}/raw(/pem)" routes for any
certificate.
2022-02-07 09:47:13 -05:00
claire bontempo e611842ce0
UI/Fix parsing CRL in PKI engine (#13913)
* fix parsing of CRLs

* removes tests

* update comment
2022-02-04 18:26:29 -08:00