Commit Graph

17256 Commits

Author SHA1 Message Date
Christopher Swenson 42f7def9aa
Keep symbols by default (#20519)
By reversing the logic and adding a `REMOVE_SYMBOLS` environment
variable that, when set, will remove symbols.

This has been requested to re-enable Dynatrace support, which
requires symbols are intact.

Sadly this increases the size (on my mac) from 192,609,682 bytes
to 236,696,722 bytes (+23% increase).

I confirmed that this adds symbols back, and that `dlv` will load
the Vault binary.
2023-05-04 13:23:06 -07:00
Victor Rodriguez 2656c020ae
Convert seal.Access struct into a interface (OSS) (#20510)
* Move seal barrier type field from Access to autoSeal struct.

Remove method Access.SetType(), which was only being used by a single test, and
which can use the name option of NewTestSeal() to specify the type.

* Change method signatures of Access to match those of Wrapper.

* Turn seal.Access struct into an interface.

* Tweak Access implementation.

Change `access` struct to have a field of type wrapping.Wrapper, rather than
extending it.

* Add method Seal.GetShamirWrapper().

Add method Seal.GetShamirWrapper() for use by code that need to perform
Shamir-specific operations.
2023-05-04 14:22:30 -04:00
Alex Cahn 976881954a
Update interoperability-matrix.mdx (#20501)
* Update interoperability-matrix.mdx

* Update interoperability-matrix.mdx

Added MySQL as well
2023-05-04 08:58:00 -07:00
Hamid Ghaf bf96f63649
CLI to take days as a unit of time (#20477)
* CLI to take days as a unit of time

* CL
2023-05-04 08:03:37 -07:00
Alexander Scheel 544ae3461f
Allow ensuring ticker is stopped multiple times (#20509)
When executing multi-stage, multi-namespace tests, stopping the ticker
multiple times (via closing the StopTicker channel) results in a panic.

Store whether or not we've stopped it once, and do not close it again.

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2023-05-04 14:14:06 +00:00
Alexander Scheel c1bc341b88
Add note about cross-cluster write failures (#20506)
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2023-05-04 13:05:14 +00:00
Chelsea Shaw 898bc50a76
UI: Stabilize KV secret tests (#20491) 2023-05-04 05:02:07 +00:00
Alexander Scheel c50de2ec0c
Add DNS wildcard tests to ACME test suite (#20486)
* Refactor setting local addresses

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Validate wildcard domains in ACME test suite

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add locking to DNS resolver

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Better removal semantics for records

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

---------

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2023-05-03 20:23:44 +00:00
Kianna 650743e18f
UI: PKI error handling + some small bugs! (#20478) 2023-05-03 13:00:46 -07:00
Anton Averchenkov 3ff2b011ab
Clarify deprecation comments for RawRequest* functions (#20497) 2023-05-03 19:47:54 +00:00
claire bontempo f0ea1f5ed8
UI: update setting version service for sidebar frame test (#20496)
* refactor sidebar test

* swap out setFeatures

* make version test glimmery
2023-05-03 19:03:28 +00:00
Anton Averchenkov 11c92e9565
Move TestWalkSecretsTree to the correct file. (#20493) 2023-05-03 18:24:23 +00:00
Hamid Ghaf 148263084d
adding support for four cluster docker based test scenario (#20492) 2023-05-03 10:49:45 -07:00
Alexander Scheel d8c5456f8a
Add dns resolver to PKI Binary Cluster (#20485)
* Export DockerAPI for use by other consumers

As usage of DockerCluster gets more advanced, some users may want to
interact with the container nodes of the cluster. While, if you already
have a DockerAPI instance lying around you can reuse that safely, for
use cases where an existing e.g., docker/testhelpers's runner instance
is not available, reusing the existing cluster's DockerAPI is easiest.

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add ability to exec commands without runner

When modifying DockerTestCluster's containers manually, we might not
have a Runner instance; instead, expose the ability to run commands via
a DockerAPI instance directly, as they're awfully convenient.

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add DNS resolver into ACME tests

This updates the pkiext_binary tests to use an adjacent DNS resolver,
allowing these tests to eventually be extended to solve DNS challenges,
as modifying the /etc/hosts file does not allow this.

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Fix loading DNS resolver onto network

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Fix bug with DNS configuration validation

Both conditionals here were inverted: address being empty means a bad
specification was given, and the parse being nil means that it was not a
valid IP address.

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Fix specifying TXT records, allow removing records

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

---------

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2023-05-03 17:32:39 +00:00
Anton Averchenkov b4bec9bd30
Improve addPrefixToKVPath helper (#20488) 2023-05-03 17:10:55 +00:00
Chelsea Shaw 973555cb9c
UI: Handle edge cases for PKI import results (#20474) 2023-05-03 12:02:39 -05:00
claire bontempo 5768ae4f9b
UI: add enterprise only pki/config/crl parameters to edit configuration form (#20479)
* update version service

* render enterprise groups

* render enterprise params

* move group headers to within loop

* cleanup template

* update form tests

* change version service references to hasFeature to hasControlGroups getter

* add params to details view

* update version service test
2023-05-03 09:48:08 -07:00
Nick Cabatoff 3eb5fb3eb7
Use newer version of backport-assistant (#20484) 2023-05-03 12:40:01 -04:00
Steven Clark aa3c61c85b
In ACME responses only return Type, Value fields (#20480)
- Do not serialize the entire internal object, instead return
   just the Type and Value fields back to the caller.
 - Also within authorization responses, return the base domain
   on wildcard queries, dropping the *. as the RFC requests.
 - Update tests to reflect/test this logic.
2023-05-03 09:53:33 -04:00
Jordan Reimer c84d267c61
Sidebar Navigation (#19296)
* Add Helios Design System Components (#19278)

* adds hds dependency

* updates reset import path

* sets minifyCSS advanced option to false

* Remove node-sass (#19376)

* removes node-sass and fixes sass compilation

* fixes active tab li class

* Sidebar Navigation Components (#19446)

* links ember-shared-components addon and imports styles

* adds sidebar frame and nav components

* updates HcNav component name to HcAppFrame and adds sidebar UserMenu component

* adds tests for sidebar components

* fixes tests

* updates user menu styling

* fixes typos in nav cluster component

* changes padding value in sidebar stylesheet to use variable

* Replace and remove old nav components with new ones (#19447)

* links ember-shared-components addon and imports styles

* adds sidebar frame and nav components

* updates activeCluster on auth service and adds activeSession prop for sidebar visibility

* replaces old nav components with new ones in templates

* fixes sidebar visibility issue and updates user menu label class

* removes NavHeader usage

* adds clients index route to redirect to dashboard

* removes unused HcAppFrame footer block and reduces page header top margin

* Nav component cleanup (#19681)

* removes nav-header components

* removes navbar styling

* removes status-menu component and styles

* removes cluster and auth info components

* removes menu-sidebar component and styling

* fixes tests

* Console Panel Updates (#19741)

* updates console panel styling

* adds test for opening and closing the console panel

* updates console panel background color to use hds token

* adds right margin to console panel input

* updates link-status banner styling

* updates hc nav components to new API

* Namespace Picker Updates (#19753)

* updates namespace-picker

* updates namespace picker menu styling

* adds bottom margin to env banner

* updates class order on namespace picker link

* restores manage namespaces refresh icon

* removes manage namespaces nav icon

* removes home link component (#20027)

* Auth and Error View Updates (#19749)

* adds vault logo to auth page

* updates top level error template

* updates loading substate handling and moves policies link from access to cluster nav (#20033)

* moves console panel to bottom of viewport (#20183)

* HDS Sidebar Nav Components (#20197)

* updates nav components to hds

* upgrades project yarn version to 3.5

* fixes issues in app frame component

* updates sidenav actions to use icon button component

* Sidebar navigation acceptance tests (#20270)

* adds sidebar navigation acceptance tests and fixes other test failures

* console panel styling tweaks

* bumps addon version

* remove and ignore yarn install-state file

* fixes auth service and console tests

* moves classes from deleted files after bulma merge

* fixes sass syntax errors blocking build

* cleans up dart sass deprecation warnings

* adds changelog entry

* hides namespace picker when sidebar nav panel is minimized

* style tweaks

* fixes sidebar nav tests

* bumps hds addon to latest version and removes style override

* updates modify-passthrough-response helper

* updates sidebar nav tests

* mfa-setup test fix attempt

* fixes cluster mfa setup test

* remove deprecated yarn ignore-optional flag from makefile

* removes another instance of yarn ignore-optional and updates ui readme

* removes unsupported yarn verbose flag from ci-helper

* hides nav headings when user does not have access to any sub links

* removes unused optional deps and moves lint-staged to dev deps

* updates has-permission helper and permissions service tests

* fixes issue with console panel not filling container width
2023-05-02 19:36:15 -06:00
claire bontempo 00e43b88b4
fix typo (#20473) 2023-05-02 19:29:14 +00:00
Anton Averchenkov 8e19338ef5
Add walkSecretsTree helper function (#20464) 2023-05-02 15:23:43 -04:00
Yoko Hyakuna a56e4ca96a
Fix the title header - What is Vault (#20465) 2023-05-02 11:29:36 -07:00
Mike Palmiotto 410735e88c
Capture loop var in TestClientDisabledRedirects (#20466) 2023-05-02 17:53:30 +00:00
marcin-kulik fda0a731fc
Update installation.mdx (#17954) 2023-05-02 13:34:42 -04:00
Steven Clark 480f97a601
Skip OcspHigherLevel test failures if we trigger redirection bug (#20461)
- We have a known issue that is difficult to address in released versions of Vault that OCSP GET requests can contain consecutive / characters which the Golang HTTP mux will force a redirection.
  - Instead of failing various PRs and runs with this known issue, check to see if we are about to trigger it and if so skip the test. We have already at this point tested the POST version of the API.
2023-05-02 14:44:09 +00:00
miagilepner b6d768d36f
Fix testonly flag in Makefile (#20457) 2023-05-02 14:46:13 +02:00
Chelsea Shaw 61e72c2e56
Fix keyup trigger on masked input (#20454) 2023-05-01 22:15:41 +00:00
Steven Clark 504aaf5fe5
Update ACME order status on order fetch (#20451)
- When someone is fetching the order to get it's status, compute if we
   need to bump the status to Ready like we do in finalize handler
 - Add a wait state to the ACME docker test suite to deal with a race
   condition
2023-05-01 16:18:18 -04:00
Nick Cabatoff 120830681e
Don't run build workflow on draft PRs. (#20443) 2023-05-01 13:52:41 -04:00
Chelsea Shaw 59ff9c2eea
UI: glimmerize masked input (#20431)
* Glimmerize masked-input

* Update secret-create-or-update to change masked-input value

* Use maskedInput for ssh configure privateKey

* Add download button to masked input and v2 secrets. Resolves #6364

* Add changelog
2023-05-01 16:43:05 +00:00
Steven Clark 3ca73ad07e
Refactor ACME PKI binary tests to run against a single Vault Cluster (#20419)
* Initial refactoring of ACME PKI binary tests
 - Rework test suite to use a single Vault cluster with
   different mounts.
 - Refactor convenience methods to write PKI tests.

* Add ACME test cases for mixed IP and DNS, along with IP only identifier requests

* Parallelize the Vault PKI test suite
2023-05-01 16:01:24 +00:00
Jonathan Frappier 3c6e130ca2
Add HCP tabs, apply Vale suggestions, fix heading case (#20361)
* Add HCP tabs, apply Vale suggestions, fix heading case

* Apply feedback

* Apply PM feedback

* Update website/content/docs/secrets/databases/oracle.mdx

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>

* Update website/content/docs/secrets/databases/oracle.mdx

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>

* Update website/content/docs/secrets/databases/oracle.mdx

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>

---------

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>
2023-05-01 11:56:16 -04:00
Nick Cabatoff 9eee5f3438
CI tests should run on release branches as well as main (#20444) 2023-05-01 15:42:03 +00:00
Josh Black 1d307d48b6
Clarify origin of ID parameter for path filter creation (#20415)
* Clarify origin of ID parameter for path filter creation

* add additional note

* add additional info
2023-05-01 08:34:03 -07:00
Alexander Scheel 32a7f8250a
Update to tidy status and docs (#20442)
* Add missing tidy-status state values

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add docs on auto-tidy reading

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add missing tidy status field revocation_queue_safety_buffer

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Include pause_duration in tidy-status docs

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add date of last auto-tidy operation to status

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add changelog entry

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

---------

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2023-05-01 14:26:29 +00:00
Chelsea Shaw b743ada5ab
UI: fix secret with % in path (#20430)
* Use encode/decode uri component instead of route-recognizer. Fixes #11616

* Remove route-recognizer explicit dependency

* Add changelog
2023-05-01 09:18:45 -05:00
Alexander Scheel 91481143af
Show existing keys, issuers on PKI import (#20441)
* Add additional existing keys response field

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Update tests for validating existing keys

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Update docs for import to include new fields

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add changelog entry

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Update website/content/api-docs/secret/pki.mdx

Co-authored-by: Steven Clark <steven.clark@hashicorp.com>

---------

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
Co-authored-by: Steven Clark <steven.clark@hashicorp.com>
2023-05-01 14:07:31 +00:00
miagilepner 4cd982554e
VAULT-15840: Allow updates of only entity-alias custom-metadata (#20368)
* allow updates of only custom metadata

* add changelog
2023-05-01 12:42:30 +02:00
Ryan Cragun 190783a87f
release testing: always save the metadata (#20402)
Signed-off-by: Ryan Cragun <me@ryan.ec>
2023-04-28 15:15:03 -06:00
Yoko Hyakuna ad96cf88e8
Update the command output example (#20427) 2023-04-28 13:46:20 -07:00
Nick Cabatoff e0093a2791
Simple perf replication test using docker containers (#20393) 2023-04-28 19:43:30 +00:00
Alexander Scheel 7781b037da
Validate identifiers against role when creating order (#20410)
* Validate identifiers against role when creating order

Perform some initial validation against the order's requested
identifiers during creation; this gives a client a heads up that their
request might be rejected by the server before they have to solve
challenges for these, only to find out during CSR submission time that
there is no way to request the specified certificate.

Co-authored-by: Steven Clark <steven.clark@hashicorp.com>
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add unit tests and switch errors to ErrRejectedIdentifier

 - Change the error messages from validating identifiers against the
   role to ErrRejectedIdentifier errors if they do occur
 - Add unit tests to validate that we validate against the various
   roles somewhat okay.

* go doc

* Fix typo in test godoc

---------

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
Co-authored-by: Steven Clark <steven.clark@hashicorp.com>
2023-04-28 19:21:26 +00:00
Nick Cabatoff f19f537a4f
Add support for restarting docker nodes, and for providing args (#20409) 2023-04-28 14:03:14 -04:00
Jason Peng 2a954ef072
Updated the HA Upgrade Instructions (#20206)
* Update index.mdx

Updated instructions for Vault Upgrade HA

* Create vault-ha-upgrade.mdx

Moved HA Vault upgrade instruction to a new page and added a Note for disabling automated upgrade procedure

* Add the new vault-ha-upgrade page to the side menu

* Format and wording edits

* Remove extra paracentesis

* Fix a typo

* Change the title appears on the navigation

---------

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>
2023-04-28 10:54:53 -07:00
Thy Ton 94d8fb8029
update release-note from feature to improvement (#20414) 2023-04-28 09:33:09 -07:00
Kianna 8cc9866f10
UI: VAULT-8429 Update query and serializer so that it includes parsedCertificate (#20246)
Co-authored-by: Kianna Quach <kianna.quach@hashicorp.com>
Co-authored-by: claire bontempo <68122737+hellobontempo@users.noreply.github.com>
2023-04-28 08:05:12 -07:00
Peter Wilson a592e3a023
Fix panic when Vault enters recovery mode, added test (#20418)
* Fix panic when Vault enters recovery mode, added test

* Added changelog
2023-04-28 12:41:19 +00:00
Tom Proctor 767dc6283f
docs: Set uniform supported Kubernetes versions for all integrations (#20010) 2023-04-28 10:33:37 +01:00
Chet Lemon 4a9e8f2f9d
Pipe MountPoint to audit logs (#20411)
* MountPoint piped to audit logs
---------
Co-authored-by: Nick Cabatoff <ncabatoff@hashicorp.com>
2023-04-27 15:29:24 -07:00