Commit graph

16739 commits

Author SHA1 Message Date
Max Coulombe 2c32190eed
Fix database sample payload doc (#19170)
* * fix database static-user rotation statement in sample payload

* + added changelog
2023-02-14 08:29:27 -05:00
Theron Voran dda2df25db
docs/vault-helm: fix multi-line block copy (#19119)
Add a `$` before the command in shell blocks that include command
output, so that the "Copy" button on the website only copies the
command and not the output.
2023-02-13 22:21:11 -08:00
Christopher Swenson 98513eb784
Update namespace.FromContext comment (#18840)
It looks like namespace context caching was removed in
https://github.com/hashicorp/vault/pull/5200
but this comment was left referencing it, which I found confusing
at first glance.
2023-02-13 11:04:32 -08:00
Kuba Wieczorek 04729162e3
Update version to 1.14.0 and version prerelease to beta1 (#19163) 2023-02-13 16:37:45 +00:00
mickael-hc f144c8c239
bump dev depenendencies (#19140)
reduces alert noise
2023-02-13 10:31:43 -05:00
Ellie 08ef61cc00
add error message when trying to rotate mssql root without password in configuration (#19103)
* add error message when trying to rotate mssql root without password in configuration

* add changelog
2023-02-13 07:31:13 -05:00
Austin Gebauer 1b4bbe2b5b
upgrade vault-plugin-database-mongodbatlas to v0.9.0 (#19153) 2023-02-11 00:57:18 +00:00
Tom Proctor eb1d58257c
Bump kv plugin v0.14.0->v0.14.2 (#19145) 2023-02-10 21:42:05 +00:00
claire bontempo 0860961223
UI: sets operationNone for a kmip role if no checkboxes are selected (#19139)
* fix operationNon not being set on save

* add changelog

* fix overriding operationAll

* remove mirage file
2023-02-10 21:38:31 +00:00
Kit Haines 14adb3b825
Telemetry Metrics Configuration. (#18186)
* Telemetry Metrics Configuration.

* Err Shadowing Fix (woah, semgrep is cool).

* Fix TestBackend_RevokePlusTidy_Intermediate

* Add Changelog.

* Fix memory leak.  Code cleanup as suggested by Steve.

* Turn off metrics by default, breaking-change.

* Show on tidy-status before start-up.

* Fix tests

* make fmt

* Add emit metrics to periodicFunc

* Test not delivering unavailable metrics + fix.

* Better error message.

* Fixing the false-error bug.

* make fmt.

* Try to fix race issue, remove confusing comments.

* Switch metric counter variables to an atomic.Uint32

 - Switch the metric counter variables to an atomic variable type
   so that we are forced to properly load/store values to it

* Fix race-issue better by trying until the metric is sunk.

* make fmt.

* empty commit to retrigger non-race tests that all pass locally

---------

Co-authored-by: Steve Clark <steven.clark@hashicorp.com>
2023-02-10 21:31:56 +00:00
ram-parameswaran 7dff0e6ae4
Update PKI Secret Engine doc for auto-tidy (#19122)
PKI Secret Engine documentation for auto-tidy(https://developer.hashicorp.com/vault/api-docs/secret/pki#configure-automatic-tidy) has a parameter interval_duration(https://developer.hashicorp.com/vault/api-docs/secret/pki#interval_duration). This needs to explicitly call out the default value to be 12 hours.
2023-02-10 15:57:58 -05:00
Christopher Swenson 7a977fd6ea
events: Check token and ACLs on request (#19138)
This checks the request against the `read` permission for
`sys/events/subscribe/{eventType}` on the initial subscribe.

Future work includes moving this to its own verb (`subscribe`)
and periodically rechecking the request.

Tested locally by minting a token with the wrong permissions
and verifying that they are rejected as expected, and that
they work if the policy is adjusted to `sys/event/subscribe/*`
(or the specific topic name) with `read` permissions.

I had to change the `core.checkToken()` to be publicly accessible,
as it seems like the easiest way to check the token on the
`logical.Request` against all relevant policies, but without
going into all of the complex logic further in `handleLogical()`.

Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com>
2023-02-10 20:56:00 +00:00
Chelsea Shaw 54c863c747
UI: Fix cancel button on role transform form (#19135) 2023-02-10 20:37:22 +00:00
Kit Haines 674d56d9c7
Vault 11799 Vault CLI Re-Issue (Templating based on existing certificate) (#18499)
* The verify-sign command in it's cleanest existing form.

* Working state

* Updates to proper verification syntax

Co-authored-by: 'Alex Scheel' <alex.scheel@hashicorp.com>

* make fmt

* Base functionality.

* make fmt; changelog

* pki issue command.

* Make fmt. Changelog.

* Error Handling Is Almost A Tutorial

* Issue and ReIssue are Almost the Same Command

* Make Fmt + Changelog.

* Make some of the tests go.

* make fmt

* Merge fix (take 2)

* Fix existing support, add support for use_pss, max_path_length, not_after, permitted_dns_domains and skid

* Good Test which Fails

* Test-correction.

* Fix update to key_type key_bits; allow "," in OU or similar

* More specific includeCNinSANs

* Add tests around trying to use_pss on an ec key.

* GoDoc Test Paragraph thing.

---------

Co-authored-by: 'Alex Scheel' <alex.scheel@hashicorp.com>
2023-02-10 20:27:36 +00:00
Chelsea Shaw 604239a4ac
UI: Fix id fields not allowing update (#19117) 2023-02-10 13:31:47 -06:00
Tom Proctor a099375f36
events: Allow subscribing to events in namespaces (#19134) 2023-02-10 19:02:42 +00:00
Tom Proctor bd592120e2
Convert events metadata type to google.protobuf.Struct (#19130) 2023-02-10 18:58:03 +00:00
Jordan Reimer caa06f267a
fixes issue saving edited k8s role (#19133) 2023-02-10 18:38:23 +00:00
claire bontempo 4af59fd6cd
UI/vault 13506/pki attr cleanup (#19121)
* add show page for generated CSR

* fix typo, make key-id copyable

* add tests

* move pki tests to designated folder

* list keys when in between state after CSR generation

* uses customTTL for generateing role cert and adds privateKeyFormat

* Revert "move pki tests to designated folder"

This reverts commit 82b60e4beab0717bbace8dee64cc0863a5488079.

* Revert "add tests"

This reverts commit 3c90fc9abacf8309d2cf9f1b90299a5153b743da.

* Revert "fix typo, make key-id copyable"

This reverts commit 8e6f5a1f4580229e6de8f6e919945f03ee29ac3d.

* revert accidental parent commits

* Revert "list keys when in between state after CSR generation"

This reverts commit c01d7852a46d41a72e5eace28aafed5daa93f70f.

* fix empty arrays removed when serialized

* fix comment;
g

* update test
2023-02-10 18:12:40 +00:00
claire bontempo 052c175ce5
UI: display CSR after generation (#19114)
* add show page for generated CSR

* fix typo, make key-id copyable

* add tests

* move pki tests to designated folder

* list keys when in between state after CSR generation

* update tests
2023-02-10 10:05:57 -08:00
Jordan Reimer a682852afb
updates k8s config validation (#19123) 2023-02-10 09:33:26 -08:00
Austin Gebauer 12871c1974
upgrade vault-plugin-secrets-alicloud to v0.14.1 (#19128) 2023-02-10 09:32:46 -08:00
Austin Gebauer cf5abe021f
upgrade vault-plugin-secrets-alicloud to v0.14.0 (#19118) 2023-02-10 09:13:04 -08:00
Hamid Ghaf 4822d4ab6d
replace existing zookeeper import with an actively maintained one (#19086)
* replace existing zookeeper import with an actively maintained one

* remove empty lines
2023-02-10 11:56:27 -05:00
Kuba Wieczorek 51004568aa
update vault auth submodules to new version of API (#19127) 2023-02-10 08:12:10 -08:00
Jordan Reimer 35f1c5cb06
fixes issue with kubernetes config prompt appearing when it shouldn't (#19115) 2023-02-10 07:59:10 -08:00
Kuba Wieczorek db6cb78a22
Use new sdk and api versions (#19126) 2023-02-10 10:40:47 -05:00
kpcraig 5b5f575d1c
fix: upgrade vault-plugin-secrets-kubernetes to v0.3.0 (#19084)
* fix: upgrade vault-plugin-secrets-kubernetes to v0.3.0

* add changelog
2023-02-10 10:23:31 -05:00
kpcraig e83bb669e0
fix: upgrade vault-plugin-auth-kubernetes to v0.15.0 (#19094)
* fix: upgrade vault-plugin-auth-kubernetes to v0.15.0

* add changelog
2023-02-10 10:23:11 -05:00
Jordan Reimer f86b12c68d
updates kubernetes host form field description (#19113) 2023-02-09 16:16:24 -07:00
Austin Gebauer 98b8f5e126
upgrade vault-plugin-database-redis to v0.2.0 (#19112) 2023-02-09 14:39:15 -08:00
John-Michael Faircloth 3d79a13976
fix: upgrade vault-plugin-secrets-mongodbatlas to v0.9.1 (#19111)
* fix: upgrade vault-plugin-secrets-mongodbatlas to v0.9.1

* add changelog

* Update changelog/19111.txt

Co-authored-by: Max Coulombe <109547106+maxcoulombe@users.noreply.github.com>

* use correct plugin type in changelog

---------

Co-authored-by: Max Coulombe <109547106+maxcoulombe@users.noreply.github.com>
2023-02-09 15:55:42 -06:00
Christopher Swenson 7d3d404ee2
events: Add websockets and command (#19057)
Also updates the event receieved to include a timestamp.
Websockets support both JSON and protobuf binary formats.

This can be used by either `wscat` or the new
`vault events subscribe`:

e.g.,
```sh
$ wscat -H "X-Vault-Token: $(vault print token)" --connect ws://127.0.0.1:8200/v1/sys/events/subscribe/abc?json=true
{"event":{"id":"5c5c8c83-bf43-7da5-fe88-fc3cac814b2e", "note":"testing"}, "eventType":"abc", "timestamp":"2023-02-07T18:40:50.598408Z"}
...
```

and

```sh
$ vault events subscribe abc
{"event":{"id":"5c5c8c83-bf43-7da5-fe88-fc3cac814b2e", "note":"testing"}, "eventType":"abc", "timestamp":"2023-02-07T18:40:50.598408Z"}
...
```

Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com>
2023-02-09 13:18:58 -08:00
Tom Proctor 78d83c9136
Make experiments API authenticated (#18966) 2023-02-09 20:18:14 +00:00
Angel Garbarino 219d77ace8
fix (#19110) 2023-02-09 20:08:37 +00:00
Christopher Swenson 7949d10177
fix: upgrade vault-plugin-auth-centrify to v0.14.0 (#19107) 2023-02-09 11:15:00 -08:00
Austin Gebauer 84c4c12dd9
upgrade vault-plugin-secrets-openldap to v0.10.0 (#19108) 2023-02-09 10:37:58 -08:00
Angel Garbarino 39123773c6
Glimmerize alert-banner (#19105)
* glimmerize alert-banner

* remove conditional commented out

* add assert to require type

* add assert for if message type not included

* amend alert-inline test
2023-02-09 18:25:16 +00:00
Scott Miller 78522ed923
Update specific wrappers to v2.0.7 (#19101)
* Update go-kms-wrapping to v2.0.7

* Update specific wrappers to v2.0.7

* Attempt to fix aead
2023-02-09 12:19:50 -06:00
Michael Dempsey 1582b743aa
Add default to allowed values for algorithm_signer (#17894)
* Add default to allowed values for algorithm_signer

* Add possible values for algorithm signer in ui
2023-02-09 13:03:53 -05:00
Tom Proctor b24e3cc6b0
Bump go-plugin version 1.4.5->1.4.8 (#19100) 2023-02-09 17:24:55 +00:00
Kianna fcf4b0092a
UI: VAULT-13419 Remove flash message for form errors and use MessageError instead (#19095)
* Remove flash message for form errors and use MessageError instead

* Add tests

* Use errorMessage instead
2023-02-09 09:07:52 -08:00
mickael-hc 67f7c470ec
update diagnose command to no longer use docker (#19102)
docker dependency should no longer be included in the binary
2023-02-09 11:59:46 -05:00
Theron Voran 892ad3ebf0
auth/cf: update plugin to v0.14.0 (#19098) 2023-02-09 08:40:51 -08:00
Steven Clark 5329b92793
Stop using title capitalization for PKI help (#19104)
- Match the existing vault kv capitalization scheme for Synopsis help of each sub-command.
 - A few small tweaks as well to the messages text in a few cases
2023-02-09 16:40:26 +00:00
Jordan Reimer 73e0a9fc4a
adds validation to kubernetes config form (#19097) 2023-02-09 09:38:39 -07:00
Jordan Reimer bc5a598d70
Kubernetes config state updates (#19074)
* hides roles toolbar actions when k8s is not configured

* adds error page component to core addon

* moves fetch-config to decorator

* updates kubernetes prompt config logic

* adds kubernetes error route

* fixes tests

* adds error handling for kubernetes roles list view

* removes unneeded arg to withConfig decorator
2023-02-09 09:18:02 -07:00
Michael Anthony 074312dde2
Move env var declaration to called workflow (#19085) 2023-02-09 09:17:33 -07:00
John-Michael Faircloth 34fd57ac08
test/plugin: test external plugin workflows (#19090)
* test/plugin: test external plugin workflows

* update secrets engine test
2023-02-09 10:16:16 -06:00
Steven Clark 720ab09feb
Add a comment around why we are grabbing a lock to update an atomic boolean (#19087) 2023-02-09 09:12:37 -05:00