Commit Graph

380 Commits

Author SHA1 Message Date
Austin Gebauer d1c090fe63
secrets/database: fixes external plugin reconnect after shutdown for v4 and v5 interface (#12087)
* secrets/database: fixes external plugin shutdown reconnect for v5 interface

* adds changelog entry

* fixes handling of plugin shutdown for password generation on v4 interface
2021-07-15 13:41:04 -07:00
Jason O'Donnell 03788bdba2
secrets/ad: change improvement to feature in changelog (#12095)
* secrets/ad: change improvement to feature in changelog

* Update per feature requirements
2021-07-15 15:55:40 -04:00
vinay-gopalan c20b5f1040
[VAULT-1986] Cap AWS Token TTL based on Default Lease TTL (#12026)
* fix: cap token TTL at login time based on default lease TTL

* add changelog file

* patch: update warning messages to not include 'at login'

* patch: remove default lease capping and test

* update changelog

* patch: revert warning message
2021-07-15 10:05:38 -07:00
Nick Cabatoff f027a1b1ff
Revert #12061 due to failures in TestLogical_RequestSizeLimit (#12093) 2021-07-15 12:55:09 -04:00
Tom Proctor 491c0ca78b
Update kubernetes auth plugin with AliasLookahead fix (#12073) 2021-07-15 14:35:40 +01:00
Angel Garbarino 84da2424a7
Fix KV Version History queryParams on the component LinkedBlock (#12079)
* fix the issue

* add test coverage

* add documentation to link-block

* add changelog

* modify for browserstack
2021-07-14 15:38:55 -06:00
hghaf099 f7635ec1b8
Add namespace in error (#12061)
* hghaf099-VAULT-1303-Adding namespace in error when it is set

* casting ResponseWriter in handleMonitor to logical.NamespaceResponseWriter

* Casting ResponseWriter conditionally for http.Flusher
Adding changelog

* Improving changlog message
2021-07-14 15:55:55 -04:00
Chelsea Shaw 50e5e2f48a
UI: Automatically refresh page on logout (#12035) 2021-07-14 10:01:14 -05:00
Scott Miller ec4b1b69d3
Enable building darwin arm64 for 1.8.x (#11855) (#12071)
* Enable building darwin arm64 for 1.8.x (#11855)

* Changelog

Co-authored-by: Vishal Nayak <vishalnayak@users.noreply.github.com>
2021-07-14 09:26:37 -05:00
Martin Lee 10f29e0503
base32.DecodeString expects length 8 for the buffer (#11887)
Add padding to the input key to ensure it reaches that length.
2021-07-14 07:38:10 -04:00
Arnav Palnitkar d1cc297cd9
Handle form validation for open api form (#11963)
* Handle form validation for open api form

- Added required validator for all the default fields

* Fixed field group error and adedd comments

* Fixed acceptance tests

* Added changelog

* Fix validation in edit mode

- Handle read only inputs during edit mode

* Minor improvements

* Restrict validation only for userpass
2021-07-13 15:50:27 -07:00
Yong Wen Chua 7ea650bc06
Update Documentation for GCP Static Account (#12027)
* Update API Docs for Static Account

* Update CHANGELOGs

* Update guide

* Clarify IAM

* More refinement

* Fix missing replace of roleset while copy/pasting

Co-authored-by: Austin Gebauer <34121980+austingebauer@users.noreply.github.com>

* Remove CHANGELOG

* Fix some double ticks

* Apply suggestions from code review

Co-authored-by: Austin Gebauer <34121980+austingebauer@users.noreply.github.com>

* Update examples

Co-authored-by: Austin Gebauer <34121980+austingebauer@users.noreply.github.com>
2021-07-13 09:36:05 -07:00
Chelsea Shaw b1a9e4fe58
UI/control group db cred (#12024) 2021-07-12 12:50:30 -05:00
Chris Capurso 505e3f9a89
[VAULT-2825] Fix erroneous 500 resp for field validation errors (#12042)
* [VAULT-2825] Correctly respond with 400 rather than 500 for field validation errors

* [VAULT-2825] Add changelog entry

* [VAULT-2825] Simplify test assertion
2021-07-12 13:39:28 -04:00
Pratyoy Mukhopadhyay 9b5e89bd34
[VAULT-2776] Add prefix_filter option to Vault (#12025)
* [VAULT-2776] Add prefix_filter support to vault

* [VAULT-2776] Add filter_default config, update docs

* [VAULT-2776] Add changelog file

* [VAULT-2776] Update telemetry tests and error handling

* [VAULT-2776] Add test fixtures, update test

* [VAULT-2776] Update gitignore hcl filter
2021-07-09 14:49:53 -05:00
Nick Cabatoff a3ac49aa05
VAULT-2809: Tweak creation of vault.db file (#12034) 2021-07-09 14:45:50 -04:00
Nick Cabatoff 518944c599
Make the `list` and `kv list` commands work with wrapping, e.g. for controlgroups (#12031) 2021-07-09 12:08:58 -04:00
Chris Capurso 349378454a
[VAULT-1836] Support kv-v1 generic mounts for vault.kv.secret.count metric (#12020)
* [VAULT-1836] Support kv-v1 generic mounts for vault.kv.secret.count metric

* [VAULT-1836] Add changelog entry
2021-07-09 11:05:05 -04:00
Austin Gebauer f54338977d
secrets/gcp: update to v0.10.1 for static accounts (#12023) 2021-07-08 13:53:45 -07:00
Jason O'Donnell af51033214
secrets/openldap: add schema config to rotate-root (#12019)
* update go mod & go mod tidy

* Changelog
2021-07-08 13:53:17 -04:00
MilenaHC 3c3b6529fd
Redshift - Add username customization (#12016)
* username customization for redshift

* adding changelog and updating api-docs
2021-07-08 10:29:12 -05:00
claire bontempo 72e3d29abc
Truncate Secret Engine Description Text (#11995)
Co-authored-by: hashishaw <cshaw@hashicorp.com>
2021-07-08 08:21:10 -07:00
claire bontempo 08d117ae5b
Adds transform secrets engine to feature (#12003)
* adds transform secrets engine to features list
2021-07-07 16:14:54 -07:00
Pratyoy Mukhopadhyay adbaad17db
[VAULT-708] Zero out request counter on preSeal (#11970)
* [VAULT-708] Zero out request counter on preSeal

* [VAULT-708] Added changelog entry

* [VAULT-708] Add comment clarifying request counter zeroing
2021-07-07 14:03:39 -05:00
Angel Garbarino 5fe59a685b
Reverting fix on KV 2 for duplicate paths (#12008)
* revert changes

* changelog

* add test coverage for max versions
2021-07-07 11:50:00 -06:00
MilenaHC 4430a11bc5
Update SnowflakeDB plugin to v0.2.0 (#11997)
* update snowflake database plugin to v0.2.0

* add changelog

* update api-docs
2021-07-06 13:23:03 -05:00
Nick Cabatoff a2dcb131ee
`vault delete` should allow the same output options as `vault write`,… (#11992)
* `vault delete` and `vault kv delete` should allow the same output options as `vault write`, as delete operations can similarly return data.  This is needed if you want to use control groups with deletion.
2021-07-06 10:36:07 -04:00
John-Michael Faircloth aa6afd50f6
Update mongodb atlas plugin version (#11956)
* Update mongodb atlas plugin version

* go.mod was missing mongodbatlas plugin

* add changelog

* update build-go-dev circle ci job GOPROXY

* Revert "update build-go-dev circle ci job GOPROXY"

This reverts commit 0e6f339c779dac65ecb036735199f72d3d9e6a4a.

* ci: more complete go mod cache

* ci: doc use of go list ./... to populate mod cache

Co-authored-by: Sam Salisbury <samsalisbury@gmail.com>
2021-07-06 08:24:10 -05:00
John-Michael Faircloth 9832517d27
[ldap] auth method fix request_timeout (#11975)
* [ldap] auth method fix request_timeout

* add changelog

* Update sdk/helper/ldaputil/config_test.go

Co-authored-by: Calvin Leung Huang <1883212+calvn@users.noreply.github.com>

* Update sdk/helper/ldaputil/config_test.go

Co-authored-by: Calvin Leung Huang <1883212+calvn@users.noreply.github.com>

* Update changelog/11975.txt

Co-authored-by: Calvin Leung Huang <1883212+calvn@users.noreply.github.com>

Co-authored-by: Calvin Leung Huang <1883212+calvn@users.noreply.github.com>
2021-07-01 13:33:01 -05:00
Austin Gebauer b34e24fa64
docs: AWS KMS updates for key management secrets engine (#11958) 2021-06-29 10:31:25 -07:00
MilenaHC 02d45f3a66
Update ElasticSearch DB plugin to v0.8.0 (#11957)
* update elasticsearch database plugin to v0.8.0

* add changelog

* update api-docs
2021-06-29 08:07:00 -05:00
Theron Voran 52f78f1d54
Adding changelog for #11502 (#11944) 2021-06-25 15:41:08 -07:00
Jason O'Donnell b2c9b3c344
plugins/ad: Add rotate-role endpoint (#11942)
* plugins/ad: add rotate-role

* Add doc

* changelog

* Add note about rotate-role in overview
2021-06-25 14:00:03 -04:00
Jason O'Donnell b2b25be0ce
agent/template: add static_secret_render_interval configurable (#11934)
* agent/template: add default_lease_duration config

* go mod tidy

* Add changelog

* Fix panic

* Add documentation

* Change to static_secret_render_interval

* Update doc

* Update command/agent/template/template.go

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

* Update changelog/11934.txt

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

* Update website/content/docs/agent/template-config.mdx

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>
2021-06-24 15:40:31 -04:00
mr-miles 9e031b5766
Mongo doesnt allow periods in usernames (#11872)
* mongo doesnt allow periods in usernames

* Update mongodb.mdx

Update template in docs

* Move replace to the end

* Adding a test for dot replacement

* Create 11872.txt
2021-06-24 13:26:31 -04:00
Marc Boudreau 3c35a25d36
Fix for Issue 11863 - Panic when creating/updating approle role with token_type (#11864)
* initializing resp variable with aa *logical.Response before using it to add warning for default-service or default-batch token type.  Also adding guard around code that sets resp to a new logical.Response further on in the function.

* adding changelog entry

* renaming changelog file to match PR number
2021-06-24 13:03:41 -04:00
MilenaHC 5483eba5fc
RabbitMQ - Add username customization (#11899)
* add username customization for rabbitmq

* add changelog for rabbitmq

* Update builtin/logical/rabbitmq/path_config_connection.go

Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com>

* updating API docs

* moved to changelog folder

Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com>
2021-06-22 14:50:46 -05:00
Nick Cabatoff 9bcb480cb7
Fixes #11914. (#11915) 2021-06-22 12:39:23 -04:00
Angel Garbarino 94e11af37a
UI/cp validations kv duplicate path (#11878)
* setup check when secret-v2 record is populated

* return network request of full paths

* modify/amend test

* remove console log

* fix test

* add changelog

* attempt to fix browserstack test issue

* remove find

* add trim

* another attempt
2021-06-22 10:34:00 -06:00
Calvin Leung Huang c1a2a939f9
agent: restart template runner on retry for unlimited retries (#11775)
* agent: restart template runner on retry for unlimited retries

* template: log error message early

* template: delegate retries back to template if param is set to true

* agent: add and use the new template config stanza

* agent: fix panic, fix existing tests

* changelog: add changelog entry

* agent: add tests for exit_on_retry_failure

* agent: properly check on agent exit cases, add separate tests for missing key vs missing secrets

* agent: add note on difference between missing key vs missing secret

* docs: add docs for template_config

* Update website/content/docs/agent/template-config.mdx

Co-authored-by: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com>

* Update website/content/docs/agent/template-config.mdx

Co-authored-by: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com>

* Update website/content/docs/agent/template-config.mdx

Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com>

* Update website/content/docs/agent/template-config.mdx

Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com>

* Update website/content/docs/agent/template-config.mdx

Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com>

* docs: fix exit_on_retry_failure, fix Functionality section

* docs: update interaction title

* template: add internal note on behavior for persist case

* docs: update agent, template, and template-config docs

* docs: update agent docs on retry stanza

* Apply suggestions from code review

Co-authored-by: Jim Kalafut <jkalafut@hashicorp.com>
Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

* Update changelog/11775.txt

Co-authored-by: Brian Kassouf <briankassouf@users.noreply.github.com>

* agent/test: rename expectExit to expectExitFromError

* agent/test: add check on early exits on the happy path

* Update website/content/docs/agent/template-config.mdx

Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com>

Co-authored-by: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com>
Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com>
Co-authored-by: Jim Kalafut <jkalafut@hashicorp.com>
Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>
Co-authored-by: Brian Kassouf <briankassouf@users.noreply.github.com>
2021-06-21 16:10:15 -07:00
Brian Kassouf a794a6244f
raft: Set BatchApplyCh for more consistent batch sizes (#11907)
* raft: Set BatchApplyCh for more consistent batch sizes

* Add changelog file
2021-06-21 12:00:41 -07:00
Josh Black 8c069936e9
Add new boltdb options (#11895) 2021-06-21 11:35:40 -07:00
Michael Golowka 7f6a1739a3
Cassandra: Refactor PEM parsing logic (#11861)
* Refactor TLS parsing

The ParsePEMBundle and ParsePKIJSON functions in the certutil package assumes
both a client certificate and a custom CA are specified. Cassandra needs to
allow for either a client certificate, a custom CA, or both. This revamps the
parsing of pem_json and pem_bundle to accomodate for any of these configurations
2021-06-21 11:38:08 -06:00
MilenaHC 545c423f8a
add changelog to influxdb (#11896) 2021-06-18 14:56:41 -05:00
Chelsea Shaw 565871f63c
UI/fix safari oidc login (#11884)
* use window.postMessage instead of localStorage on oidc callback
2021-06-17 15:56:04 -05:00
Angel Garbarino d99742c6c5
Implement ember-cp-validations on KV secret engine (#11785)
* initial setup

* initial validation setup for empty path object.

* removal console logs

* validation on keyup for kv

* in progress

* making some progress

* more progress

* closer

* done with create page now to fix edit page that I broke

* fix secret edit display on create

* test and final touches

* cleanup mountbackendform

* cleanup

* add changelog

* address pr comments

* address styling pr comment
2021-06-15 09:21:54 -06:00
claire bontempo 58a5f17288
Displays Auth Method description on Vault UI login page (#11795)
* Displays Auth Method description on login page

* working on auth login form

* Keeps path name as LinkTo label adds description to paths

* removes commented and unused code

* removes trailing white space

* removes prettier package

* adds test for description

* removes extra white spaces

* adds changelog file
2021-06-14 13:03:49 -07:00
Jason O'Donnell 4cc1402e52
mod: update vault-plugin-secrets-ad@v0.9.1 (#11837)
* mod: update vault-plugin-secrets-ad@v0.9.1

* changelog
2021-06-11 13:40:51 -04:00
Calvin Leung Huang 1239217cd5
dep: update consul-template to v0.26.0 (#11838)
* dep: update consul-template to v0.26.0

* changelog: add a CL entry
2021-06-11 10:29:40 -07:00
Jason O'Donnell 36cc4d8e87
db/cassandra: Adding changelog and documentation (#11822)
* db/cassandra: add tls_server_name

* Remove changes from deprecated engine

* Add changelog and doc
2021-06-10 19:06:40 -04:00
Brian Kassouf b42529dd17
Omit wrapping tokens and control groups from client counts (#11826)
* Omit wrapping tokens and control groups from client counts

* add changelog note
2021-06-10 15:57:51 -07:00
Vishal Nayak c11c771737
Udate to Go 1.16.5 (#11802)
* Udate to Go 1.16.5

* Add CL

* Update packages-oss.yml

* Update go_test.yml
2021-06-09 10:38:52 -04:00
Austin Gebauer cdc56809a2
Updates the JWT/OIDC auth plugin to v0.9.4 (#11784) 2021-06-07 16:02:57 -07:00
Chelsea Shaw 468331fa61
UI/license page with autoload (#11778) 2021-06-07 12:44:39 -05:00
Hridoy Roy 1782b4e880
oss part of control groups upgrade (#11772)
* oss part of control groups upgrade

* changelog and docs

* formatting

* formatting
2021-06-07 09:15:35 -07:00
Chelsea Shaw f9ccd941ad
UI/license banners (#11759) 2021-06-03 15:30:26 -05:00
swayne275 9724f59180
Vault 1979: Query API for Irrevocable Leases (#11607)
* build out lease count (not fully working), start lease list

* build out irrevocable lease list

* bookkeeping

* test irrevocable lease counts for API/CLI

* fix listIrrevocableLeases, test listIrrevocableLeases, cleanup

* test expiration API limit

* namespace tweaks, test force flag on lease list

* integration test leases/count API, plenty of fixes and improvements

* test lease list API, fixes and improvements

* test force flag for irrevocable lease list API

* i guess this wasn't saved on the last refactor...

* fixes and improvements found during my review

* better test error msg

* Update vault/logical_system_paths.go

Co-authored-by: Brian Kassouf <briankassouf@users.noreply.github.com>

* Update vault/logical_system_paths.go

Co-authored-by: Brian Kassouf <briankassouf@users.noreply.github.com>

* return warning with data if more than default leases to list without force flag

* make api doc more generalized

* list leases in general, not by mount point

* change force flag to include_large_results

* sort leases by LeaseID for consistent API response

* switch from bool flag for API limit to string value

* sort first by leaseID, then stable sort by expiration

* move some utils to be in oss and ent

* improve sort efficiency for API response

Co-authored-by: Brian Kassouf <briankassouf@users.noreply.github.com>
2021-06-02 10:11:30 -06:00
Chelsea Shaw cef14f0236
UI: allow reset on database json fields (#11708) 2021-05-27 16:25:58 -05:00
rerorero 9ebb14bab3
Fix: Transit encrypt batch does not honor key_version (#11628)
* fix(secret/transit): #10232 Transit encrypt batch does not honor key_version

* add changelog for 11628
2021-05-27 14:05:20 -05:00
Calvin Leung Huang 3d94bcade5
changelog: add entry for #11696 (#11715)
* changelog: add entry for #11696

* Update 11696.txt

* Update 11696.txt
2021-05-27 10:57:59 -07:00
Arnav Palnitkar f2552b708b
Update cluster status partial to component (#11680)
* Update cluster status partial to component

* Added changelog

* Close menu when link is clicked

* Upgraded to glimmer components

* Fixed indentations
Added back activeCluster
Updated changelog
2021-05-27 09:52:51 -07:00
Chelsea Shaw 36c8366d5d
UI unseal screen updates (#11705)
* Styling for empty-state and splash-page

* Update shamir-flow language and trigger onError on non-400 error

* Add license terminated screen to unseal

* Add changelog
2021-05-26 13:59:11 -05:00
Angel Garbarino cf511a895b
UI/tools partial (#11672)
* hash tools from partial to component

* initial setup of tools random, but issue remaining with bytes

* rewrap

* unwrap

* final two partials

* fix issues with actions on tool wrap

* fix hash

* changelog

* address pr comments

* fix onClear

* trigger run

* triggering test suite
2021-05-24 10:45:35 -06:00
Vishal Nayak 6ec8cd8f28
Tokenutil: Perform num uses check earlier (#11647)
* Perform num uses check earlier

* Add CL

* Ensure that login works
2021-05-19 14:06:08 -04:00
Angel Garbarino 8f5d62139c
KV 2 Toolbar delete redesign (#11530)
* initial setup, modify toolbar header

* footer buttons setup

* setup first delete version delete method

* clean up

* handle destory all versions

* handle undelete

* conditional for modal and undelete

* remove delete from version area

* modelForData in permissions

* setup for soft delete and modify adpater to allow DELETE in additon to POST

* dropdown for soft delete

* stuck

* handle all soft deletes

* conditional for destroy all versions

* remove old functionality from secret-version-menu

* glimmerize secret-version-menu

* Updated secret version menu and version history

* Updated icons and columns in version history

* create new component

* clean up

* glimmerize secret delete menu

* fix undelete

* Fixed radio labels in version delete menu

* handle v1 delete

* refining

* handle errors with flash messages

* add changelog

* fix test

* add to test

* amend test

* address PR comments

* whoopies

* add urlEncoding

Co-authored-by: Arnav Palnitkar <arnav@hashicorp.com>
2021-05-19 10:43:55 -06:00
Scott Miller 6b8d7fe2e6
Patch expiration fix over from ENT (#11650)
* Patch expiration fix over from ENT

* Rename changelog
2021-05-18 14:55:38 -07:00
Chelsea Shaw 19c5f27434
UI/fix identity model (#11641) 2021-05-17 16:41:39 -05:00
Michael Golowka 10b1ff8f69
AWS Auth: Update error message to include underlying error (#11638) 2021-05-17 13:56:35 -06:00
Ricardo Cardenas d02a20bd2b
feat(aws): add ability to provide a role session name when generating STS credentials (#11345)
* feat(aws): add ability to provide a sessionName to sts credentials

Co-authored-by: Brad Vernon <bvernon@nvidia.com>
Co-authored-by: Jim Kalafut <jim@kalafut.net>
Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com>
2021-05-17 11:03:09 -07:00
Michael Golowka 056a59859f
Add ability to customize some timeouts in MongoDB database plugin (#11600) 2021-05-17 11:40:35 -06:00
Robison Jacka 491f71faf0
Add support for templated values in SSH CA DefaultExtensions. (#11495)
* Add support for templated values in SSH CA DefaultExtensions.

* Reworking the logic per feedback, adding basic test.

* Adding test, so we cover both default extension templating & ignoring default when user-provided extensions are present.

* Fixed up an unintentional extension handling defect, added test to cover the case.

* Refactor Default Extension tests into `enabled` and `disabled`.
2021-05-13 14:37:22 -07:00
Pierce Bartine e56982f782
Add ServerName to Vault Agent template config (#11288)
* Add ServerName to Vault Agent template config

* Remove newline

* Add changelog for 11288

* Update changelog/11288.txt

Co-authored-by: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com>

Co-authored-by: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com>
2021-05-13 07:18:15 -07:00
Jason O'Donnell 502cf3b212
core: updates to password policy generator (#11596)
* core: fix bug in password policies not using namespaces

* Add changelog
2021-05-13 09:55:46 -04:00
Michael Golowka b27a3e9f70
DB engine: Check ErrPluginStaticUnsupported in rollback code (#11601) 2021-05-12 17:09:56 -06:00
Calvin Leung Huang 8b7cd1bff7
agent/cert: properly return the cached client on AuthClient (#11576)
* agent/cert: properly return the cached client on AuthClient

* test: pass in nil client config, check on pointer values directly

* test: pass in nil client config

* changelog: add changelog entry
2021-05-12 14:59:07 -07:00
Chelsea Shaw 6567066d26
Fix: link on database role item goes to correct URL (#11597)
* Fix: link on database role item goes to correct URL

* Add changelog
2021-05-12 14:33:35 -05:00
Scott Miller f0c3192f20
Add an exponential backoff to TCP listeners to avoid fast loops in error scenarios (#11588)
* Add an exponential backoff to TCP listeners to avoid fast loops in error scenarios

* reset loop delay

* changelog
2021-05-12 10:47:38 -05:00
Chelsea Shaw d65947134d
UI: Regex validation on transform templates (#11586)
* Add regex validator component with tests, add to form-field, use in transform template

* Update tests with data-test selectors

* Add changelog
2021-05-12 10:12:33 -05:00
Calvin Leung Huang 91ed71c296
changelog: add changelog for #11562 (#11564) 2021-05-07 11:43:09 -07:00
Angel Garbarino 7012aab272
UI/okta duo push notification (#11442)
* initial setup

* add delay and modify message

* test

* changing to different style because unable to interrupt the yield of authentication

* cleanup

* more consitency in messssage placement

* fix test

* clean up test notification

* clean up

* remove click

* changelog

* Update 11442.txt

* revert changes so a message is delayed by not calling yield

* amend test

* remove padding-bottom as no longer needed with reposition of message location
2021-05-06 12:29:39 -06:00
Chelsea Shaw 977b6e3bbb
UI/database mysql (#11532)
* Add MySQL DB Support

* Add other versions of MySQL to database options

* Save incoming root_credentials_rotate_statements as root_rotation_statements for display

* Handle errors correctly on database connection form for edit

* Add tests for mysql database

* Add UI feature changelog
2021-05-06 13:22:40 -05:00
Arnav Palnitkar 1d26f056bc
Updated code mirror component for consistency (#11500)
* Updated code mirror component for consistency

- Hide gutters, line number and selection while read only
- Show toolbar with copy functionality for all instances

* Moved toolbar and actions to json editor component

* Updated form-field-from-model template

* Added test for toolbar
2021-05-06 09:59:15 -07:00
Scott Miller 4fc6e8b366
Fix barrier key autoration config edge cases (#11541)
* Add an Int64 type

* Use the new Int64 type so that even 32 bit builds can specify max_operations above 2^31

* Missed a spot

* go mod vendor

* fix cast

* changelog

* Update unit test to ensure this works on both 32 and 64-bit archs
2021-05-05 14:39:04 -05:00
Scott Miller 52930c5614
When running under systemd, send notifications about server startup, shutdown, and config reload (#11517) 2021-05-04 14:47:16 -05:00
Vishal Nayak 1e61f799ca
Use correct mount accessor when refreshing external group memberships (#11506)
* Use correct mount accessor when refreshing external group memberships

* Add CL

* Handle the renew case properly
2021-05-03 08:23:59 -04:00
Clint 59870ee0d3
Update Agent Auth with GCP to use new SignJWT endpoint (#11473)
* Update Agent Auth with GCP to use new SignJWT endpoint

* use iamcredentials name instead of renaming the package on import

* add changelog

* Update changelog/11473.txt

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>
2021-04-30 15:45:06 -05:00
Vishal Nayak 406abc19dc
Autopilot: Return leader info via delegate (#11247)
* Autopilot: Return leader info via delegate

* Pull in the new raft-autopilot lib dependencies

* update deps

* Add CL
2021-04-27 15:54:26 -04:00
Josh Black ec105f288f
Switch to shared raft-boltdb library and add metrics (#11269) 2021-04-26 16:01:26 -07:00
Chelsea Shaw 1810edf428
UI/update UI deps (#11447) 2021-04-26 11:23:57 -05:00
Hridoy Roy 22cab6185d
[VAULT-1441] Fix race that allowed remounting on path used by another mount (#11453)
* remount concurrent test fix

* changelog

* Update changelog/11453.txt

Co-authored-by: Nick Cabatoff <ncabatoff@hashicorp.com>

Co-authored-by: Nick Cabatoff <ncabatoff@hashicorp.com>
2021-04-24 09:05:41 -07:00
Austin Gebauer 490474a502
secrets/database: Fixes marshalling bug for json.Number types (#11451) 2021-04-23 14:07:26 -07:00
Angel Garbarino 2e35e9578c
UI/obscure secret on input (#11284)
* new font and add as font-family to be used in masked-input

* clean up logic

* refactor for displayOnly

* start cert masking

* work on certificates

* upload cert work

* fix global styling

* fix styling for class no longer used

* make mask by default and remove option

* glimmerize start and certificate on LDAP a file field

* glimmerize actions

* first part of glimmerizing text-file still need to do some clean up

* not doing awesome over here

* getting ready to un-glimmer

* unglimmerize

* remove placeholder based on conversations with design

* clean up text-file

* cleanup

* fix class bindings

* handle class binding

* set up for test

* fix elementId

* track down index

* update masked-input test

* add more to the masked-input test

* test-file test

* fix broken test

* clear old style

* clean up

* remove pgp key masked font, this really needs to be refactored to text-file component

* changelog

* cover other certificate view

* add allowCopy

* address some pr styling comments

* improve test coverage

* fix some issues

* add attr.options.masked
2021-04-22 08:58:37 -06:00
Josh Black 06809930a3
Add HTTP response headers for hostname and raft node ID (if applicable) (#11289) 2021-04-20 15:25:04 -07:00
Arnav Palnitkar a43ea992a9
Updated search select component styling (#11360)
* Updated search select component styling

- Fixed styling for better readability and access to delete action

* Added changelog file
2021-04-19 15:40:18 -07:00
Nick Cabatoff 474c4e8134
Make cubbyhole revocation/tidying compatible with cubbys in namespaces. (#11408) 2021-04-19 17:28:04 -04:00
Chelsea Shaw 449a45baaa
Add root rotation statement support to mongoDB (#11404)
* Add root rotation statement support to mongoDB

* Add changelog
2021-04-19 15:40:44 -05:00
Nick Cabatoff a8023e0fdb
Add support for unauthenticated pprof access on a per-listener basis,… (#11324)
* Add support for unauthenticated pprof access on a per-listener basis, as we do for metrics.

* Add missing pprof sub-targets like 'allocs' and 'block'.  Capture the goroutine subtarget a second time in text form.  This is mostly a convenience, but also I think the pprof format might be a bit lossy?
2021-04-19 14:30:59 -04:00
Calvin Leung Huang a8cafab083
pki: fix tidy removal on revoked entries (#11367)
* pki: fix tidy removal on revoked entries

* add CL entry
2021-04-19 09:40:40 -07:00
Austin Gebauer 18999489d9
Updates the JWT/OIDC auth plugin to v0.9.3 (#11388) 2021-04-19 09:14:17 -07:00
Michael Golowka 4279bc8b34
Validate hostnames when using TLS in Cassandra (#11365) 2021-04-16 15:52:35 -06:00
Nick Cabatoff 541ae8636c
On lease deletion, also delete non-orphan batch token parent index (#11377) 2021-04-16 17:03:22 -04:00
Michael Golowka 771b963a04
Cassandra DB plugin: Allow special chars in usernames (#11262) 2021-04-16 14:01:15 -06:00
Nick Cabatoff 684ebf0928
Don't cut off stack traces at 32MB. (#11364) 2021-04-16 15:55:05 -04:00
Nick Cabatoff b07a10331f
Add metrics for requests forwarded by standbys. (#11366) 2021-04-16 14:02:20 -04:00
Nick Cabatoff 242d258e94
Fix goroutine leak caused by updating rate quotas (#11371)
Make sure that when we modify a rate quota, we stop the existing goroutine before starting the new one.
2021-04-16 14:00:01 -04:00
Nick Cabatoff 7a359ef658
Add CL for #11252. (#11368) 2021-04-16 09:33:47 -04:00
Jim Kalafut 917633e89d
Update Changelog (#11358)
These two C/L were not backported to the 1.7 release branch.
2021-04-14 16:42:09 -07:00
Chelsea Shaw a3c396991c
UI/database mssql (#11231)
Add MSSQL plugin support in database secrets engine
2021-04-14 16:07:07 -05:00
Vishal Nayak 9bf4fe2f64
Add HA only autopilot to changelog (#11339) 2021-04-12 09:57:45 -04:00
Angel Garbarino 5d53bccdbf
Bug: DB secret engine not showing "Select one" in role select options (#11294)
* fix issue on mongo db where the select one was not showing

* add changelog
2021-04-08 13:46:40 -06:00
Meggie bd0fefe47f
Changing from "changelog" to "release-note" (#11303) 2021-04-07 18:21:01 -04:00
Angel Garbarino ea7e77cb4e
Bug Fix: OIDC with hcp flag (#11283)
* add conditional

* add changelog
2021-04-07 10:46:06 -06:00
Scott Miller 2e0c1fb9dc
Add a Changelog entry for 10181 (#11293) 2021-04-07 11:44:19 -05:00
Arnav Palnitkar e598f6d5c2
Updated show lease with toggle ttl picker (#11256)
* Updated show lease with toggle ttl picker

For lease renewal, pass increment param instead of interval

* Fixed formatting

* Added changelog
2021-04-02 13:23:56 -07:00
Chelsea Shaw f9ade25674
UI/fix kvv2 version (#11258)
* Update default form values for kv

* Group kv version option in 'Method Options' group

* Fix tests, explicitly set if select input does not have default

* Handle array of objects from adapterError.errors in MessageError component

* Add changelog
2021-04-02 15:17:42 -05:00
Scott Miller 70c71b37f4
Changelog for 11259 (#11266) 2021-04-02 11:07:34 -05:00
Nick Cabatoff 72a172bce9
Add support for tls_max_version in listener config. (#11226) 2021-03-29 14:39:14 -04:00
Angel Garbarino 9097ee0bed
UI: Fix status menu bug (#11213)
* change null to empty string

* add changelog

* add conditional

* amend to set path
2021-03-26 09:53:33 -06:00
Angel Garbarino f158fd31a2
UI/namespace bug (#11182)
* fix with console to confirm showing

* remove console

* move order

* add changelog
2021-03-23 14:55:31 -06:00
Angel Garbarino b52620e039
UI/control groups kv (#11143)
* forced reload causing issues removed and tested

* better logging for handling controlGroup error

* cleanup

* add changelog

* address pr comments
2021-03-22 10:03:47 -06:00
Austin Gebauer 6f88333334
Adds a changelog entry for key management secrets engine (#11164) 2021-03-19 15:45:35 -07:00
Chelsea Shaw 51508987c4
Update MMMM Do yyyy to MMMM do yyyy per date-fns format docs (#11142)
* Update MMMM Do yyyy to MMMM do yyyy per date-fns format docs

* Add changelog
2021-03-19 12:08:33 -05:00
Josh Black efd2571016
Add changelog entry for ent PR 1691 (#11139) 2021-03-19 10:07:48 -07:00
Mark Gritter f42093f64f
Changelog for orphan status fix (#11137) 2021-03-19 11:38:07 -05:00
Nick Cabatoff 9c5f018938
Rework agent retry config, extend it to cover proxy cache as well (#11113)
Remove template_retry config section.  Add new vault.retry section which only has num_retries field; if num_retries is 0 or absent, default it to 12 for backwards compat with pre-1.7 template retrying.  Setting num_retries=-1 disables retries.

Configured retries are used for both templating and api proxy, though if template requests go through proxy (currently requires persistence enabled) we'll only configure retries for the latter to avoid duplicate retrying.  Though there is some duplicate retrying already because whenever the template server does a retry when not going through the proxy, the Vault client it uses allows for 2 behind-the-scenes retries for some 400/500 http error codes.
2021-03-18 14:14:09 -04:00
Clint 5353279e75
Add command to look up a lease by ID (#11129)
* snapshot

* basic test

* update command and add documentation

* update help text

* typo

* add changelog for lease lookup command

* run go mod vendor

* remove tabs from help output
2021-03-18 11:11:09 -05:00
Chelsea Shaw 509c31604d
UI/fix backend db connection (#11127)
* Update adapter so any named database backend will work

* Add test for deleting database connection
2021-03-17 15:48:40 -05:00
Chelsea Shaw a17edd9d0f
UI: Connection "Add Role" automatically populates database in form (#11119)
* Database role create form sets url param itemKey as database on init

* add test for new functionality

* Add changelog
2021-03-17 11:32:27 -05:00
Scott Miller 47570ca490
Add transform upgrade bug fix changelog (#11090) 2021-03-12 09:52:41 -06:00
Chelsea Shaw 994d48c892
UI: Add null check before getting userRootNamespace from storage (#11094)
* Add null check before getting userRootNamespace from storage

* Add changelog
2021-03-11 13:09:43 -06:00
Lauren Voswinkel 809d127488
Add changelog entry for Snowflake DB support being added (#11078) 2021-03-10 16:09:13 -08:00
Lauren Voswinkel 30b9f5d379
Add changelog entry for #10953 (#11077) 2021-03-10 15:54:15 -08:00
Liwei Fu 170a0800e6
Make cert domain name validation case insensitive (#10959)
* make cert domain name validation case insensitive

* reafctor TestPki_PermitFQDNs mutliple cases

* TestPki_PermitFQDNS: fail uppercase alt_name

* add change log

* fix tests

* use EqualFold for potential utf-8 string comparison

Co-authored-by: Freyert <Freyert@users.noreply.github.com>
2021-03-09 21:28:27 -08:00
Theron Voran 1fdf08b149
agent: persistent caching support (#10938)
Adds the option of a write-through cache, backed by boltdb

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>
Co-authored-by: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com>
Co-authored-by: Calvin Leung Huang <cleung2010@gmail.com>
2021-03-03 14:01:33 -08:00
swayne275 d74f82346b
Add Partial Month Client Count API for Activity Log (#11022)
* sketch out partial month activity log client API

* unit test partialMonthClientCount

* cleanup api

* add api doc, fix test, update api nomenclature to match existing

* cleanup

* add PR changelog file

* integration test for API

* report entities and tokens separately
2021-03-01 16:15:59 -07:00
Hridoy Roy 2da7de2fec
Minimal changes to solve Dependency CVEs [VAULT-871] (#11015)
* minimal changes to solve most of the cves

* cleanup

* finished go mod vendor upgrades
2021-03-01 14:35:40 -08:00
Chelsea Shaw 7e35bd56b0
Add test for db role setting form component (#11018)
* Add test for db role setting form component

* fix test, add changelog
2021-03-01 12:52:46 -06:00
Scott Miller 1e1f7eff46
Documentation for barrier autorotation (#11027)
* Documentation for barrier autorotation

* changelog

* 1.7 upgrade notes
2021-03-01 10:45:22 -06:00
Michael Golowka 302cc4870e
Add Username Templating Concepts page (#10935) 2021-02-26 16:04:12 -07:00
Jim Kalafut 1785b1bd00
Replace deprecated terms in AWS Auth (#10997)
* Replace deprecated terms in AWS Auth

This PR is part of an effort to remove non-inclusive language throughout
Vault. The AWS Auth backend uses the "whitelist" and "blacklist" term
extensively, and these are the focus of the PR:

* Add new API endpoints that use the preferred terminology, while
  deprecating the old endpoints. These endpoints offer identical
  functionality and are basically aliases. This is the only functional
  change in the PR except for terms in error messages.
* Replace "whitelist" -> "access list", "blacklist" -> "deny list" in
  variable names, comments, etc.

Note that storage locations were *not* changed at this time, as that is
a more complex process involving versioning that we may tackle in a future
revision. We have reduced the occurrences of non-inclusive language,
however.

Reviewers should be sure to "Ignore Whitespace" in diffs, especially for
the tests, which were basically indented one level as part of looping
over the tests with both the old and new names.
2021-02-25 23:23:34 -08:00
Angel Garbarino efd3677c58
UI: fix KMIP bug and test (#11011)
* fix KMIP test that was failing and clean modal on configuration page.

* add changelog

* remove uncessary unload

* remove async
2021-02-25 15:13:00 -07:00
Michael Golowka 00c1acf0e1
Vendor OpenLDAP v0.4.0 (#10996) 2021-02-25 13:00:00 -07:00
Michael Golowka eb891db72d
Vendor Couchbase DB plugin v0.3.0 (#10995) 2021-02-25 12:59:45 -07:00
Nick Cabatoff c9ae15bd95
Make metrics access unauthenticated when in dev mode. (#10992) 2021-02-24 14:04:23 -05:00
Meggie 9d2e2b1d09
Update 10689.txt
@vishalnayak , just FYI, this needs to be "release-note:bug" and not "changelog:bug"
2021-02-24 13:29:09 -05:00
Angel Garbarino af2b9af24e
UI: Add the wizard to the database secret engine (#10982)
* wizard setup

* cleanup

* add changelog

* fix names from save to create role and create database

* fix missing progress bar
2021-02-23 13:52:39 -07:00
Jim Kalafut e60cc11f33
Add configurable exponential backoff to Agent auto-auth (#10964) 2021-02-23 12:04:21 -08:00
Hridoy Roy 0574f5aac7
Changelog: Agent Retry Stanza (#10981)
* changelog for retry stanza

* changelog for retry stanza

* changelog for retry stanza
2021-02-23 09:04:02 -08:00
Chelsea Shaw 92fd820de2
UI: Show error when connection roles fail to update on role create (#10980)
* Show error  when connection roles fail to update on role create

* Clean up errors for role, remove bad state setting after transition

* Add changelog
2021-02-23 10:47:02 -06:00
Clint b0b121753a
update docs related to OCI alias changes (#10952)
* update docs related to OCI alias changes

* covert CHANGELOG update to a changelog/ entry
2021-02-23 10:08:15 -06:00
Jason O'Donnell 458061d43b
agent: route templating server through cache (#10927)
* agent: route templating server through cache

* Remove TemplateRetry, fix unix path

* Remove mtls comment, remove redundant tls enable

* Fix test

* Refactor vault address logic

* Fix cert/key for mtls

* Update command/agent/template/template_test.go

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

* Update command/agent/template/template_test.go

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

* Update command/agent/template/template_test.go

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

* Update command/agent/template/template_test.go

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

* Update command/agent/template/template_test.go

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

* Update command/agent/template/template_test.go

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

* Reject mtls listeners

* changelog

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>
2021-02-23 09:36:11 -05:00
Chelsea Shaw f89968a12b
UI/add usage metrics description (#10951)
* Add description to metrics usage page

* Add changelog
2021-02-22 09:35:15 -06:00
Jim Kalafut 7e54bc15c2
Add TOTP support to Okta Auth (#10942) 2021-02-21 21:18:17 -08:00
Clint 2aff402279
Bundle new Vault plugin: Terraform secrets (#10931)
* Bundle Terraform secrets engine

* update go.mod/sum

* vendor update

* add changelog entry

* add secrets terraform
2021-02-19 16:38:56 -06:00
Chelsea Shaw 889d82aca5
UI/Database Secrets Engine cleanup (#10949)
* Update role toolbar, serialization for special mongo values

* Only show defaultShown if no value on info table row

* Remove root_rotation_statements from mongo connection fields

* Wrap this.router in try/catch if in then statement

* Add changelog
2021-02-19 14:04:51 -06:00
Angel Garbarino 59e83e2e6d
UI Database Secrets Engine (MongoDB) (#10655)
* move the ttls on enable for db to default and not as options

* refactor form field to angle brackets

* add database to supported backend

* initial setup of components and models

* setup selectable cards, need to make own component

* styling setup

* subtext and links

* number styling

* search select put in place and button, all pretty things

* search label text

* messy but closer to data configuration. making models and fetching those models on routes

* connection adapter and serializer that is pulled in by the overview route

* clean up and add new model params connections and roles to overview route hbs

* setting up overview as route with SecretHeader component.  TODO, show Overview tab, but have link to route.  It's going be on the secret header list component

* setup overview tab on secret-list-header to go to overview page

* setup id in overview route

* Correct link on secrets engine list for database and others

* Roles tab on database fetches correct model

* Update options for backend with hasOverview param so overview tab is rendered conditionally on secret list header

* create new getCrendentialsComponent

* Rename database connection parent component and start working on display

* setup routing to credentials route for database from overview page

* setup network request for the credentials of role

* setup serializer for credentials

* redirect previous route

* fix border color on button disable

* add margin to back button

* change to glimmer component

* glimmerize and clean up the get-credentials-card

* Begin database connection show and create form

* add component test for the get-credentials-card

* Database connection model and field groups

* add static roles to searhSelect

* add staticRoles on overview page

* Toolbar and tabs on database connection show view looks correct

* combine static and dynamic role models for pagination

* Update database-list-item with real link to connection

* Add support for optionalText edit type on form-field

* handle situation when no static and/or dynamic roles

* turn partial into component so can handle computed and eventually click actions, similar to transform

* glimmerize database-list-item

* use lazy capabilities on list role and static-role actions

* Create connection works and redirects to show page

* creds request based on dynamic or static and unload the store by record creds when they transition away.

* dynamcially add in backend for queries

* fixes on overview page for get credentials with hardcoded backend and layout for static creds

* Rotate and Reset connection actions working on connection

* get credentials set the query params

* setup async for handling permission errors on overivew

* Move query logic to store for getting both types of role

* Filtering works on combined role models

* cleanup

* Fix no meta on connections list

* better handle the situation where you don't have access to list roles but do to generate

* implment updated empty state component and add to credentials page when roleType is noRoleType

* glimmerize the input search component

* move logic for generate credentials urlto the generate creds component

* remove query param for role type

* handle permissions on the overview page

* permissions for role list

* New roles route for backends

* handle different permissions for empty return on 404 vs 403 on overview page

* fix links on overview page

* Connetions WIP

* setup lazy caps for the connections model and list

* add computed to role and static role models to clean up permissions

* setup actions for connections list

* Update form-field to show password type and update json input to angle bracket syntax with optional theme option

* setup capabilities on overview for empty state

* fix hardcoded on the backend

* toggle inner label has width 100%

* Add custom update password togglable input on database connection edit form, and only submit defined attrs

* Add updateRecord to connection adapter

* glimmerize secret list header and make new component which either shows or does not show the tab based on permissions

* Remove tabs on show connection

* add peek record

* Update database role to get both models on a single model, remove static-role model and adapter, remove roles route

* fix creds permissions on database-list-item

* add component info and rename for secret-list-header-tab

* fix issues on overview page

* Add path to individual role on serializer

* add accetpance test for testing the engine

* fix transform test

* test fix

* Update connection before role created, disable button with tooltip if user cannot update path

* Add add-to-array and remove-from-array helpers with tests

* Clean up connection update on delete or create role, cleanup logs, role create link works

* Database role create and edit forms with readonly fields and validation. Add readonly-form-field

* Add field div around ttl picker for correct spacing on form-field

* fix the breadcrumbs

* PLaceholder test for readonly form field

* create new helper to format time duration

* tooltip and formatting on static role

* more on static roles time stuff

* clean up

* clean up

* fixes on the test and addition of another helper test

* fix secrets machine test

* Add modal to connection creation flow

* fix issue with readonly form field test

* Add is-empty-object helper and tests

* Role error handling

* Remove Atlas option from connection list, add defaults to db role form

* clean up stuff though might have made it uglier

* clean up

* Add capabilities checks on connection actions

* Fix jsdocs on readonly-form-field

* Fix json editor height on form field

* Readonly form has notallowed cursor, readonly form field updates

* Add blank field rendering to info-table-row

* Start writing readonly form field tests

* Address some PR comments

* fix fallback action on search select

* cleanup per comments

* fix readonly form field test and lint

* Cleanup string helpers

* Replace renderBlank with alwaysRender logic

* re-humanize label on readonly form field

* Show defaultShown value on info-table-row if no value and always render

* Show default on role and connection show table

* Add changelog

Co-authored-by: Chelsea Shaw <chelshaw.dev@gmail.com>
2021-02-18 10:36:31 -06:00
Austin Gebauer a7531a11ea
Updates the JWT/OIDC auth plugin (#10919) 2021-02-16 17:21:35 -08:00
Angel Garbarino 681a86f6eb
UI: Upgrade storybook (#10904)
* upgrade storybook

* add changelog
2021-02-11 12:16:00 -07:00
Nick Cabatoff 2108bb8e00
Use an atomic to avoid a race in runEventDemuxer. (#10901) 2021-02-11 11:50:41 -05:00
Jason O'Donnell ba9b3318d8
agent: allow auto-auth to use an existing token (#10850)
* agent/auto-auth: add use_existing_token

* Add better logging for lookup errors

* Fix test

* changelog

* Remove preload config, add token var

* Update filename

* Update changelog

* Revert test name

* Remove unused function

* Remove redundant error message

* Short circuit authenticate for preloaded token

* Add comment for auto-auth login
2021-02-11 09:36:03 -05:00
Ian Ferguson 865df63c76
Correct lock acquisition order in the `pathEntityMergeID` identity to fix deadlock condition (#10877) 2021-02-10 11:05:16 -05:00
Vishal Nayak bbfbb87115
cl++ (#10870) 2021-02-09 15:11:18 -05:00
Vishal Nayak 8613ba88a6
Fix quota enforcing old path issue (#10689)
* Fix db indexing issue

* Add CL update
2021-02-09 05:46:09 -05:00
Angel Garbarino 5ce35d1c52
Updating date-fns library from 1.x to 2.x (#10848)
* first round of fixes and setup

* test fixes

* fix dumb options on new method

* test fix

* clean up

* fixes

* clean up

* handle utc time

* add changelog
2021-02-08 13:13:00 -07:00
Mark Gritter d0994340fb
Fill in missing lease ID deterministically. Generate a UUID on creation. (#10855) 2021-02-08 13:46:59 -06:00
Theron Voran c62ce48b5b
Set TokenParent in the Index to be cached (#10833)
Co-authored-by: Calvin Leung Huang <cleung2010@gmail.com>
2021-02-03 18:30:41 -08:00
Calvin Leung Huang b1c4b86d7f
approle: add ttl to the secret ID generation response (#10826)
* approle: add ttl to the secret ID generation response

* approle: move TTL derivation into helper func

* changelog: add changelog entry

* docs: update approle docs and api-docs pages
2021-02-03 16:32:16 -08:00
Josh Black a04faad8fe
Add changelog entry for ent PR 1705 (#10827) 2021-02-03 09:35:14 -08:00
Chelsea Shaw b02533e89b
UI: Update dependencies (#10677)
* Address dependabot deps

* Add changelog
2021-02-01 13:38:03 -06:00
Mark Gritter 3ec15c4927
Fix use of identity/group endpoint to edit group by name (#10812)
* Updates identity/group to allow updating a group by name (#10223)
* Now that lookup by name is outside handleGroupUpdateCommon, do not
use the second name lookup as the object to update.
* Added changelog.

Co-authored-by: dr-db <25711615+dr-db@users.noreply.github.com>
2021-01-29 16:50:08 -06:00
Hridoy Roy fa5784d789
Pull in newest consul-template from master and all corresponding dependencies [VAULT-1392] (#10756)
* pull in newest consul template with bugfix and all dependencies

* pull in newest consul template with bugfix and all dependencies

* Rename readme.md to README.md

* add changelog
2021-01-29 12:30:16 -08:00
Hridoy Roy 17e20bdaa6
docs change for max request size community PR (#10723) 2021-01-27 10:02:00 -08:00
Hridoy Roy 537189cab8
make token create case insensitive [VAULT-1021] (#10743)
* make token create case insensitive

* changelog

* comment update
2021-01-27 09:56:54 -08:00
Meggie 4518d8a82f
More CL notes for 1.6.2 (#10792)
* More CL notes for 1.6.2

* Update _2021Jan26.txt

* Update _2021Jan26.txt
2021-01-27 12:03:20 -05:00
Hridoy Roy d1241b5286
changelog for entropy augmentation PR [VAULT-1179] (#10755)
* changelog for entropy augmentation

* docs upgrade

* docs upgrade

* docs upgrade

* docs upgrade
2021-01-26 21:06:38 -08:00
Vishal Nayak 6ce93f8cbf
changelog++ (#10748)
Going to go ahead and merge this
2021-01-26 19:30:42 -05:00
Aleksandr Bezobchuk 2ec8f9a222
metrics: activity log (#10514)
* core: add vault.identity.entity.active.monthly log
* Fixed end-of-month metrics and unit test.
* Added metric covering month-to-date (not broken down by namespace.)
* Updated documentation
* Added changelog.

Co-authored-by: mgritter <mgritter@hashicorp.com>
2021-01-26 16:37:07 -06:00
Lauren Voswinkel 2a8dd7bba7
CHANGELOG update: GCP secrets WAL issue fix (#10776)
* CHANGELOG update: GCP secrets WAL issue fix

* Add changelog 10759.txt file
2021-01-26 13:50:39 -08:00
Calvin Leung Huang 8fe7b403ba
changelog: add entry for PR 10705 (#10785) 2021-01-26 12:54:15 -08:00
Vishal Nayak f539117255
changelog++ (#10775) 2021-01-26 12:45:54 -05:00
Vishal Nayak 2602675402
Set namespace for template server in agent (#10757)
* Set namespace for template server in agent

* cl++
2021-01-25 17:37:01 -05:00
Meggie e67964e870
Changelog notes for 1.6.2 (#10737) 2021-01-20 15:52:48 -05:00
Meggie e4a457f47f
Update _1622.txt
Fixing some formatting so the resulting changelog looks right.
2021-01-20 15:06:23 -05:00
Mark Gritter fd55aa8378
Implement sys/seal-status and sys/leader in system backend (#10725)
* Implement sys/seal-status and sys/leader as normal API calls
(so that they can be used in namespaces.)
* Added changelog.
2021-01-20 14:04:24 -06:00
Josh Black 2cc9e2d914
Update to go 1.15.7 (#10730)
* Update to go 1.15.6

* Just kidding, how about 1.15.7

* And the associated CI config

* Add changelog and update go version in more places
2021-01-20 11:02:33 -08:00
Nick Cabatoff c2bdeb9e7d
Minimal change to ensure that the bulky leaseEntry isn't kept in memory. (#10726) 2021-01-19 17:51:41 -05:00
Hridoy Roy 0becd555cf
Protect part of emitMetrics from panic behavior during post-seal (#10708)
* vault/core_metrics.go

* changelog

* comments
2021-01-19 14:06:50 -08:00
Hridoy Roy 0e3bddf295
Revert "allow create to create transit keys (#10706)" (#10724)
This reverts commit 4144ee0d3da10fbfef4d081aa72529f2e513f8e2.
2021-01-19 11:49:57 -08:00
Hridoy Roy e8164ad09a
allow create to create transit keys (#10706)
* allow create to create transit keys

* changelog
2021-01-15 12:20:32 -08:00
Calvin Leung Huang eaaa2421a9
changelog: add PR 10131 to the changelog (#10688) 2021-01-12 18:24:04 -08:00
Chelsea Shaw 5a05a1b39f
UI: Fix shape of response anticipated from feature-flags endpoint (#10684)
* Fix shape of response anticipated from feature-flags endpoint

* Add changelog
2021-01-11 14:44:52 -06:00
Hridoy Roy f6bdda8c9c
add variable entropy readers to cert gen helpers [VAULT-1179] (#10653)
* move entropy augmentation in cert gen to oss

* changelog

* go mod vendor

* updated helpers to allow custom entropy

* comments

* comments
2021-01-08 09:48:27 -08:00
Chelsea Shaw 70d3185d3a
UI/managed namespace changes (#10588)
* Redirect to url with namespace param if user logged into root namespace without permission

* Feature flag service for managing flags

* Redirect with namespace query param if no current namespace param AND managed root namespace set

* Test coverage for managed namespace changes

* Handle null body case on feature-flag response, add pretender route for feature-flags on shamir test
2021-01-07 14:18:36 -06:00
Scott Miller c3e0d06216
Make the error response to the sys/internal/ui/mounts with no client token consistent (#10650)
* Make the error response to the sys/internal/ui/mounts with no client token consistent

* changelog

* Don't test against an empty mount path

* One other spot

* Instead, do all token checks first and early out before even looking for the mount
2021-01-07 11:46:08 -06:00
Mark Gritter d076d95d37
Feature flags API (#10613)
* Added sys/internal/ui/feature-flags endpoint.
* Added documentation for new API endpoint.
* Added integration test.
Co-authored-by: swayne275 <swayne@hashicorp.com>
2021-01-06 16:05:00 -06:00
Scott Miller 9f150de08f
Fix ip disclosure (#10649)
* removing extra information from the returned error, to avoid leaking it to unauthenticated requests

* removing extra information from the returned error, to avoid leaking it to unauthenticated requests

* Changelog entry for #10516

* Change the error message in a way that is retains the HTTP status code

* Change changelog file num

* And right back where we started...

Co-authored-by: bruj0 <ramakandra@gmail.com>
2021-01-05 15:32:47 -06:00
Angel Garbarino feca115ef4
Bug: Fix issue with double encoding on space in secret history route (#10596)
* setup for concept it works, but probably not the best solution

* add comment and remove console and test var

* use normalize path higher up to fix issu

* add test for bug that fixing

* forgot a couple of changes

* changelog
2021-01-04 09:32:52 -07:00
Nick Cabatoff 05f1a429a8
Add changelog for #1663. (#10635) 2021-01-04 11:08:39 -05:00
Nick Cabatoff d2096b251d
Add log gathering to debug command. (#10609) 2020-12-22 15:15:24 -05:00
Nick Cabatoff ea36810d97
Add changelog for ent #1659. (#10600) 2020-12-18 15:06:54 -05:00