* remove Ember Logger
* remove jquery
* prevent setting ember string methods on string
* remove reopen class
* Revert "remove reopen class"
This reverts commit d6a48f148617694cf7b0fc95feb30771ef982c59.
* redo
* clean up
* fix test
* Update ui/app/styles/components/tabs.scss
Co-authored-by: Chelsea Shaw <82459713+hashishaw@users.noreply.github.com>
* fix test
* test clean up
* clean up cont.
Co-authored-by: Chelsea Shaw <82459713+hashishaw@users.noreply.github.com>
* fix duplicate rendering of chart elements
* organize SVG char elements into groups, give data-test attrs
* update tests
* tweak mirage
* add fake client counting start date
* fix test
* add waitUntil
* adds changelog
* add second waituntil
* KV fetches recent version on every page, no longer disallow new version without metadata access
* Don't flash no read permissions warning
* Send noMetadataVersion on destroy if version is undefined
* test coverage
* add changelog, fix tests
* Fix failing test
* Update mholt/archiver to v3.5.0
* Bump archiver to 3.5.1
* Vendor dependencies
* Use newer go
* go mod tidy
* Remove vendor
* Rm vendor
* Revert api and sdk sums
Co-authored-by: Jim Kalafut <jkalafut@hashicorp.com>
* Update description of certificate fetch API
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
* Clarify /config/crl and /config/url PKI are empty
GET-ing these URLs will return 404 until such time as a config is posted
to them, even though (in the case of CRL), default values will be used.
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
* Clarify usage of /pki/crl/rotate
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
* Update documentation around PKI key_bits
This unifies the description of key_bits to match the API description
(which is consistent across all usages).
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
* Fix indented field descriptions in PKI paths
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
* Clarify documentation around serial_number
Note that this field has no impact on the actual Serial Number field and
only an attribute in the requested certificate's Subject.
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
* Fix spelling of localdomain
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
Unlike fips_140_3, fips will be a (FIPS) version-agnostic build tag.
The listener support will remain in 140-3 only, but the IsFIPS() check
should apply regardless of FIPS version.
We add two FIPS-only build files which validate the constraints of FIPS
builds here: fips must be specified with either fips_140_2 or fips_140_3
build tags, and fips and cgo must also be specified together.
Additionally, using only a version-specific FIPS build tag without the
version-agnostic FIPS tag should be a failure.
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
These options must be specified multiple times in order to be properly
parsed. However, the present description suggests that a comma-separated
list would work as well, however this isn't the case and results in a
slice containing a single string (with all comma-separated values) in
the API request. Clarify the argument help text to make this clearer.
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
* add tip for how to force a secrets engine disable
* add warning to force disable secrets instructions
* clean up wording
* add force secrets engine disable info to api doc
* Update website/content/api-docs/system/mounts.mdx
Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>
* Update website/content/api-docs/system/mounts.mdx
Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>
* Update website/content/api-docs/system/mounts.mdx
Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>
* Update website/content/api-docs/system/mounts.mdx
Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>
* Update website/content/api-docs/system/mounts.mdx
Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>
* Update website/content/docs/commands/secrets/disable.mdx
Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>
* Update website/content/docs/commands/secrets/disable.mdx
Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>
* feedback updates
* impl taoism feedback
Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>
It was determined that it would be better to have these changes alert
the docs team. Additional guidance is in place to not approve docs+code
PRs ahead of code review.
This reverts commit 6d16840f605c1b58ce0b572274edf96c6d0e0b7f.
* remove mount accessor from MFA config
* Update login_mfa_duo_test.go
* DUO test with entity templating
* using identitytpl.PopulateString to perform templating
* minor refactoring
* fixing fmt failures in CI
* change username format to username template
* fixing username_template example
* Full secret path in table output of get and put
* Add path output to KV patch and metadata get
* Add changelog
* Don't print secret path for kv-v1
* Make more readable
* Switch around logic to not swallow error
* Add test for secret path
* Fix metadata test
* Add unit test for padequalsigns
* Remove wonky kv get tests
* Add support for PROXY protocol v2 in TCP listener
I did not find tests for this so I added one trying to cover different
configurations to make sure I did not break something. As far as I know,
the behavior should be exactly the same as before except for one thing
when proxy_protocol_behavior is set to "deny_unauthorized", unauthorized
requests were previously silently reject because of https://github.com/armon/go-proxyproto/blob/7e956b284f0a/protocol.go#L81-L84
but it will now be logged.
Also fixes https://github.com/hashicorp/vault/issues/9462 by adding
support for `PROXY UNKNOWN` for PROXY protocol v1.
Closes https://github.com/hashicorp/vault/issues/3807
* Add changelog