Commit graph

11501 commits

Author SHA1 Message Date
Jeff Mitchell df43802f14 Vendor 2019-10-28 11:34:28 -04:00
ncabatoff 4d82540683
Restore changelog entries lost in 319fe8ea37ec9b89eb3c529d4bdb236f3eb7fdb1 (#7746) 2019-10-28 10:09:52 -04:00
Brian Kassouf caad02412a
changelog++ 2019-10-27 23:07:55 -07:00
Brian Kassouf ba6b8528b5
changelog++ 2019-10-27 23:06:55 -07:00
Brian Kassouf a20e73c2da
Port filtered paths changes back to OSS (#7741)
* Port filtered paths changes back to OSS

* Fix build
2019-10-27 13:30:38 -07:00
Matthew Irish f982899f1e
embed yarn (#7740)
* embed yarn binary using yarn policies set-version and loosen the restriction on yarn in the dockerfile and the package.json

* don't lint the embedded yarn package
2019-10-25 16:00:45 -05:00
Matthew Irish eae5e114ba
UI - replication path filtering (#7620)
* rename mount-filter-config models, components, serializer, adapters to path-filter-config

* move search-select component to core addon

* add js class for search-select-placeholder and sort out power-select deps for moving to the core component

* expose oninput from powerselect through search-select

* don't fetch mounts in the replication routes

* remove toggle from add template

* start cross-namespace fetching

* group options and set up for namespace fetch via power-select search prop

* add and style up radio-card CSS component

* add xlm size for icons between l and xl

* copy defaults so they're not getting mutated

* finalize cross-namespace fetching and getting that to work with power-select

* when passing options but no models, format the options in search select so that they render properly in the list

* tint the background of a selected radio card

* default to null mode and uniq options in search-select

* finish styling radio-card

* format inputValues when first rendering the component if options are being passed from outside

* treat mode:null as deleting existing config which simplifies save logic

* correctly prune the auto complete list since path-filter-config-list handles all of that and finish styling

* remove old component

* add search debounce and fix linting

* update search-select docs

* updating tests

* support grouped options for when to show the create prompt

* update and add tests for path-filter-config-list

* fix tests for search-select and path-filter-config-list

* the new api uses allow/deny instead of whitelist/blacklist
2019-10-25 13:16:45 -05:00
Mike Jarmy ee2e3fd75d
add docs for new replication metrics (#7729)
* add docs for new replication metrics

* add docs for new replication metrics
2019-10-25 12:46:56 -04:00
Matt Morrison 1e7acd0800 path-help missing or incorrect for raft paths (#7326) 2019-10-25 12:37:48 -04:00
Brian Shumate a83160617e Docs: Add version command (#7719)
* Docs: Add version command

* adding to
2019-10-25 12:25:04 -04:00
spiff efb2751e00 Change "Generate Intermediate" example to exported (#7515)
The example request for "Generate Intermediate" was type "internal", but the example response contained the private key, which "internal" doesn't do. This patch fixes the example request to be type "exported" to match the example response.
2019-10-25 12:21:55 -04:00
Jim Kalafut b6952df1b8
changelog++ 2019-10-25 09:03:22 -07:00
will-quan-bird 6456fd6222 allows emails@sign to be within the aws secrets engine path (#7553) 2019-10-25 09:01:01 -07:00
Chris Hoffman 0d3054d80a
changelog++ 2019-10-25 11:45:32 -04:00
Chris Hoffman 17569c95f9
changelog++ 2019-10-25 11:41:25 -04:00
Mike Jarmy 56725e694f
fix token counter test so the token won't time out (#7737) 2019-10-25 10:55:38 -04:00
Chris Hoffman 714ba931e5
changelog++ 2019-10-25 09:50:17 -04:00
Chris Hoffman c640a2c6fb
changelog++ 2019-10-25 09:45:27 -04:00
Chris Hoffman ca2935c519
changelog++ 2019-10-25 09:40:21 -04:00
Chris Hoffman 6298c03dfd
changelog++ 2019-10-25 09:33:52 -04:00
Sam Salisbury 8f0c38f78d
run go mod vendor (#7736) 2019-10-25 13:35:22 +01:00
Matthew Irish e3450dddeb
update yarn to 1.19.1 (#7731) 2019-10-24 17:08:23 -05:00
Jeff Escalante 00564a77a1 Update ruby dependencies (#7720)
* update ruby dependencies

* add specific version bundler dep

* remove ruby-version

* remove extra gemfile dep
2019-10-24 17:41:40 -04:00
Chris Hoffman 70468e4cbf
changelog++ 2019-10-24 15:14:45 -04:00
Chris Hoffman d1441ecad0
changelog++ 2019-10-24 14:58:40 -04:00
Chris Hoffman 85ee5decb7
changelog++ 2019-10-24 14:54:09 -04:00
Noelle Daley c87ec96b8e
indicate that secret version is deleted even when it is the current version (#7714) 2019-10-24 11:35:25 -07:00
ncabatoff 20b8f8d7d0
Don't try to use req if we got a nonzero status, it'll be nil. (#7728) 2019-10-24 13:37:13 -04:00
ncabatoff 7c6cc95a24
Fix a regression introduced in #7698 that breaks root token generation. (#7727) 2019-10-24 10:23:31 -04:00
Mike Jarmy ce2866a29a changelog++ 2019-10-24 10:19:01 -04:00
ncabatoff 99f337d9d4
changelog++ 2019-10-23 15:58:02 -04:00
Noelle Daley 9ae200279e
Update CHANGELOG.md 2019-10-23 12:05:15 -07:00
Vishal Nayak 23b0fb62de Abstract generate-root authentication into the strategy interface (#7698)
* Abstract generate-root authentication into the strategy interface

* Generate root strategy ncabatoff (#7700)

* Adapt to new shamir-as-kek reality.

* Don't try to verify the master key when we might still be sealed (in
recovery mode).  Instead, verify it in the authenticate methods.
2019-10-23 09:52:28 -07:00
Michael Gaffney 76825f2dfe
Changelog: clarify enterprise seal migration fix 2019-10-23 11:29:53 -04:00
ncabatoff 82a21325de
changelog++ 2019-10-23 10:49:43 -04:00
Jeff Mitchell 1a77ce36be
Update transit docs to add aes128/p384/p521 information (#7718) 2019-10-23 10:26:11 -04:00
Amitosh Swain Mahapatra cf12f549f3 Show versions that are active when delete_version_after is configured (#7685) 2019-10-22 15:45:20 -07:00
Calvin Leung Huang de7b094f19
changelog++ 2019-10-22 10:44:26 -07:00
Calvin Leung Huang fcda73eac8
agent: fix data race on inmemSink's token (#7707)
* agent: fix data race on inmemSink's token

* use uber/atomic instead
2019-10-22 10:42:56 -07:00
ncabatoff 13c00dfa38
Use docker instead of an external LDAP server that sometimes goes down (#7522) 2019-10-22 13:37:41 -04:00
ncabatoff 7c1da918dd
changelog++ 2019-10-22 10:47:42 -04:00
ncabatoff 68656a86cb
Fix a nil map pointer in mergeEntity. (#7711) 2019-10-22 09:57:24 -04:00
ncabatoff 5f13f0753c
changelog++ 2019-10-22 09:41:16 -04:00
ncabatoff 8543da27bd
TestSysRekey_Verification would fail sometimes when recovery=true (#7710)
because when unsealing it wouldn't wait for core 0 to come up and become
the active node. Much of our testing code assumes that core0 is the
active node.
2019-10-22 09:35:48 -04:00
Calvin Leung Huang 731c7042b0
changelog++ 2019-10-21 13:41:06 -07:00
Calvin Leung Huang 27acae7cea
cli: fix json output for namespace list command (#7705) 2019-10-21 13:38:37 -07:00
Clint e6eb98875d
Update CHANGELOG.md 2019-10-18 16:23:19 -05:00
Clint 245935447b
Vault Agent Template (#7652)
* Vault Agent Template: parse templates  (#7540)

* add template config parsing, but it's wrong b/c it's not using mapstructure

* parsing consul templates in agent config

* add additional test to configuration parsing, to cover basics

* another test fixture, rework simple test into table

* refactor into table test

* rename test

* remove flattenKeys and add other test fixture

* Update command/agent/config/config.go

Co-Authored-By: Jim Kalafut <jkalafut@hashicorp.com>

* return the decode error instead of swallowing it

* Update command/agent/config/config_test.go

Co-Authored-By: Jim Kalafut <jkalafut@hashicorp.com>

* go mod tidy

* change error checking style

* Add agent template doc

* TemplateServer: render secrets with Consul Template (#7621)

* add template config parsing, but it's wrong b/c it's not using mapstructure

* parsing consul templates in agent config

* add additional test to configuration parsing, to cover basics

* another test fixture, rework simple test into table

* refactor into table test

* rename test

* remove flattenKeys and add other test fixture

* add template package

* WIP: add runner

* fix panic, actually copy templates, etc

* rework how the config.Vault is created and enable reading from the environment

* this was supposed to be a part of the prior commit

* move/add methods to testhelpers for converting some values to pointers

* use new methods in testhelpers

* add an unblock channel to block agent until a template has been rendered

* add note

* unblock if there are no templates

* cleanups

* go mod tidy

* remove dead code

* simple test to starT

* add simple, empty templates test

* Update package doc, error logs, and add missing close() on channel

* update code comment to be clear what I'm referring to

* have template.NewServer return a (<- chan) type, even though it's a normal chan, as a better practice to enforce reading only

* Update command/agent.go

Co-Authored-By: Jim Kalafut <jkalafut@hashicorp.com>

* update with test

* Add README and doc.go to the command/agent directory (#7503)

* Add README and doc.go to the command/agent directory

* Add link to website

* address feedback for agent.go

* updated with feedback from Calvin

* Rework template.Server to export the unblock channel, and remove it from the NewServer function

* apply feedback from Nick

* fix/restructure rendering test

* Add pointerutil package for converting types to their pointers

* Remove pointer helper methods; use sdk/helper/pointerutil instead

* update newRunnerConfig to use pointerutil and empty strings

* only wait for unblock if template server is initialized

* drain the token channel in this test

* conditionally send on channel
2019-10-18 16:21:46 -05:00
Calvin Leung Huang ec00698866
hostutil: disable host info collection on openbsd (#7699) 2019-10-18 12:08:35 -07:00
ncabatoff 1c98152fa0
Shamir seals now come in two varieties: legacy and new-style. (#7694)
Shamir seals now come in two varieties: legacy and new-style. Legacy
Shamir is automatically converted to new-style when a rekey operation
is performed. All new Vault initializations using Shamir are new-style.

New-style Shamir writes an encrypted master key to storage, just like
AutoUnseal. The stored master key is encrypted using the shared key that
is split via Shamir's algorithm. Thus when unsealing, we take the key
fragments given, combine them into a Key-Encryption-Key, and use that
to decrypt the master key on disk. Then the master key is used to read
the keyring that decrypts the barrier.
2019-10-18 14:46:00 -04:00