Commit Graph

1309 Commits

Author SHA1 Message Date
Jordan Reimer 43fae50512
MFA Create Enforcement Bug (#20603)
* fixes issue creating mfa enforcement from method enforcement tab toolbar action

* adds changelog entry
2023-05-16 10:38:53 -06:00
miagilepner f14a039a65
VAULT-14733: Split logic of precomputedQueryWorker (#20073)
* split precomputed query worker and add unit tests

* add new client delete method and test

* add changelog

* fixes from pr review

* add missing comment

* fix comparison
2023-05-16 16:29:18 +02:00
Angel Garbarino 00e06301f1
Filter Secret Engine List view by engineType and/or name (#20481)
* initial WIP glimmerize the controller

* wip got the filter engine type by supported backends working

* got filter by engine type working

* wip need to refactor but working ish for name

* wip working state with both filters, does not work if both fiters are set

* fixed when you have two selected filters, but broken for multiples of the same type with different names

* remove repeated engineTypes in filter list

* add disabled to power select

* fix bug of glimmer for the concurrency task.

* wording fix

* remove linkableItem and the nested contextual compnents to help with loading speed.

* add changelog

* fix some tests

* add test coverage

* Update 20481.txt

update changelog text

* test fixes 🤞

* test fix?

* address a pr comment and save

* address pr comment
2023-05-15 16:57:27 +00:00
Gabriel Santos 05f3236c15
Provide public key encryption via transit engine (#17934)
* import rsa and ecdsa public keys

* allow import_version to update public keys - wip

* allow import_version to update public keys

* move check key fields into func

* put private/public keys in same switch cases

* fix method in UpdateKeyVersion

* move asymmetrics keys switch to its own method - WIP

* test import public and update it with private counterpart

* test import public keys

* use public_key to encrypt if RSAKey is not present and failed to decrypt
if key version does not have a private key

* move key to KeyEntry parsing from Policy to KeyEntry method

* move extracting of key from input fields into helper function

* change back policy Import signature to keep backwards compatibility and
add new method to import private or public keys

* test import with imported public rsa and ecdsa keys

* descriptions and error messages

* error messages, remove comments and unused code

* changelog

* documentation - wip

* suggested changes - error messages/typos and unwrap public key passed

* fix unwrap key error

* fail if both key fields have been set

* fix in extractKeyFromFields, passing a PolicyRequest wouldn't not work

* checks for read, sign and verify endpoints so they don't return errors when a private key was not imported and tests

* handle panic on "export key" endpoint if imported key is public

* fmt

* remove 'isPrivateKey' argument from 'UpdateKeyVersion' and
'parseFromKey' methods

also: rename 'UpdateKeyVersion' method to 'ImportPrivateKeyForVersion' and 'IsPublicKeyImported' to 'IsPrivateKeyMissing'

* delete 'RSAPublicKey' when private key is imported

* path_export: return public_key for ecdsa and rsa when there's no private key imported

* allow signed data validation with pss algorithm

* remove NOTE comment

* fix typo in EC public key export where empty derBytes was being used

* export rsa public key in pkcs8 format instead of pkcs1 and improve test

* change logic on how check for is private key missing is calculated

---------

Co-authored-by: Alexander Scheel <alex.scheel@hashicorp.com>
2023-05-11 11:56:46 +00:00
Hamid Ghaf 3553e75335
disable printing flags warning message for the ssh command (#20502)
* disable printing flags warning message for the ssh command

* adding a test

* CL

* add go doc on the test
2023-05-08 16:15:44 +00:00
Christopher Swenson 42f7def9aa
Keep symbols by default (#20519)
By reversing the logic and adding a `REMOVE_SYMBOLS` environment
variable that, when set, will remove symbols.

This has been requested to re-enable Dynatrace support, which
requires symbols are intact.

Sadly this increases the size (on my mac) from 192,609,682 bytes
to 236,696,722 bytes (+23% increase).

I confirmed that this adds symbols back, and that `dlv` will load
the Vault binary.
2023-05-04 13:23:06 -07:00
Hamid Ghaf bf96f63649
CLI to take days as a unit of time (#20477)
* CLI to take days as a unit of time

* CL
2023-05-04 08:03:37 -07:00
Anton Averchenkov b4bec9bd30
Improve addPrefixToKVPath helper (#20488) 2023-05-03 17:10:55 +00:00
Jordan Reimer c84d267c61
Sidebar Navigation (#19296)
* Add Helios Design System Components (#19278)

* adds hds dependency

* updates reset import path

* sets minifyCSS advanced option to false

* Remove node-sass (#19376)

* removes node-sass and fixes sass compilation

* fixes active tab li class

* Sidebar Navigation Components (#19446)

* links ember-shared-components addon and imports styles

* adds sidebar frame and nav components

* updates HcNav component name to HcAppFrame and adds sidebar UserMenu component

* adds tests for sidebar components

* fixes tests

* updates user menu styling

* fixes typos in nav cluster component

* changes padding value in sidebar stylesheet to use variable

* Replace and remove old nav components with new ones (#19447)

* links ember-shared-components addon and imports styles

* adds sidebar frame and nav components

* updates activeCluster on auth service and adds activeSession prop for sidebar visibility

* replaces old nav components with new ones in templates

* fixes sidebar visibility issue and updates user menu label class

* removes NavHeader usage

* adds clients index route to redirect to dashboard

* removes unused HcAppFrame footer block and reduces page header top margin

* Nav component cleanup (#19681)

* removes nav-header components

* removes navbar styling

* removes status-menu component and styles

* removes cluster and auth info components

* removes menu-sidebar component and styling

* fixes tests

* Console Panel Updates (#19741)

* updates console panel styling

* adds test for opening and closing the console panel

* updates console panel background color to use hds token

* adds right margin to console panel input

* updates link-status banner styling

* updates hc nav components to new API

* Namespace Picker Updates (#19753)

* updates namespace-picker

* updates namespace picker menu styling

* adds bottom margin to env banner

* updates class order on namespace picker link

* restores manage namespaces refresh icon

* removes manage namespaces nav icon

* removes home link component (#20027)

* Auth and Error View Updates (#19749)

* adds vault logo to auth page

* updates top level error template

* updates loading substate handling and moves policies link from access to cluster nav (#20033)

* moves console panel to bottom of viewport (#20183)

* HDS Sidebar Nav Components (#20197)

* updates nav components to hds

* upgrades project yarn version to 3.5

* fixes issues in app frame component

* updates sidenav actions to use icon button component

* Sidebar navigation acceptance tests (#20270)

* adds sidebar navigation acceptance tests and fixes other test failures

* console panel styling tweaks

* bumps addon version

* remove and ignore yarn install-state file

* fixes auth service and console tests

* moves classes from deleted files after bulma merge

* fixes sass syntax errors blocking build

* cleans up dart sass deprecation warnings

* adds changelog entry

* hides namespace picker when sidebar nav panel is minimized

* style tweaks

* fixes sidebar nav tests

* bumps hds addon to latest version and removes style override

* updates modify-passthrough-response helper

* updates sidebar nav tests

* mfa-setup test fix attempt

* fixes cluster mfa setup test

* remove deprecated yarn ignore-optional flag from makefile

* removes another instance of yarn ignore-optional and updates ui readme

* removes unsupported yarn verbose flag from ci-helper

* hides nav headings when user does not have access to any sub links

* removes unused optional deps and moves lint-staged to dev deps

* updates has-permission helper and permissions service tests

* fixes issue with console panel not filling container width
2023-05-02 19:36:15 -06:00
Anton Averchenkov 8e19338ef5
Add walkSecretsTree helper function (#20464) 2023-05-02 15:23:43 -04:00
Chelsea Shaw 59ff9c2eea
UI: glimmerize masked input (#20431)
* Glimmerize masked-input

* Update secret-create-or-update to change masked-input value

* Use maskedInput for ssh configure privateKey

* Add download button to masked input and v2 secrets. Resolves #6364

* Add changelog
2023-05-01 16:43:05 +00:00
Alexander Scheel 32a7f8250a
Update to tidy status and docs (#20442)
* Add missing tidy-status state values

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add docs on auto-tidy reading

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add missing tidy status field revocation_queue_safety_buffer

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Include pause_duration in tidy-status docs

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add date of last auto-tidy operation to status

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add changelog entry

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

---------

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2023-05-01 14:26:29 +00:00
Chelsea Shaw b743ada5ab
UI: fix secret with % in path (#20430)
* Use encode/decode uri component instead of route-recognizer. Fixes #11616

* Remove route-recognizer explicit dependency

* Add changelog
2023-05-01 09:18:45 -05:00
Alexander Scheel 91481143af
Show existing keys, issuers on PKI import (#20441)
* Add additional existing keys response field

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Update tests for validating existing keys

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Update docs for import to include new fields

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add changelog entry

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Update website/content/api-docs/secret/pki.mdx

Co-authored-by: Steven Clark <steven.clark@hashicorp.com>

---------

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
Co-authored-by: Steven Clark <steven.clark@hashicorp.com>
2023-05-01 14:07:31 +00:00
miagilepner 4cd982554e
VAULT-15840: Allow updates of only entity-alias custom-metadata (#20368)
* allow updates of only custom metadata

* add changelog
2023-05-01 12:42:30 +02:00
Thy Ton 94d8fb8029
update release-note from feature to improvement (#20414) 2023-04-28 09:33:09 -07:00
Peter Wilson a592e3a023
Fix panic when Vault enters recovery mode, added test (#20418)
* Fix panic when Vault enters recovery mode, added test

* Added changelog
2023-04-28 12:41:19 +00:00
Chet Lemon 4a9e8f2f9d
Pipe MountPoint to audit logs (#20411)
* MountPoint piped to audit logs
---------
Co-authored-by: Nick Cabatoff <ncabatoff@hashicorp.com>
2023-04-27 15:29:24 -07:00
Angel Garbarino dcff8c2a07
Remove the Bulma CSS Framework (#19878)
* Step one: remove bulma (#19587)

* remove bulma and get app running

* add back in each statments from bulma variables

* remove space

* address pr comments

* add back copyright headedr

* Step two: add back and organize relevant Bulma classes (#19664)

* VAULT-14566 copy/paste bulma css for classes that it defines and we do not.

* add three new helper files and move helpers.scss to a new directory called helper-classes

* rename utils/colors to color_variables

* integrate all bulma sizing into previous utils/spacing doc, address obvious duplicates and rename to spacing_variables.

* small class name issues

* clean up

* comment clean up

* Step three: add Bulma classes to relevant component styles (#19683)

* add in bulma classes used in global-flash component

* add in bulma classes used in the modal component

* remaining bulma classes that can integrate into the vault css

* remove replication-header.scss and replace with helper.

* add bulma tabs classes to tabs component scss file

* remove ui-wizard style

* only do bulma explicit classes for now

* add in breadcrumb styling from bulma

* integrate bulma into css

* remove unecessary tabs bulma styling

* remove non-relevant bulma classes

* remove non relevant bulma css

* Step three cont. Bulma classes to component files (#19691)

* return box-label to as before now that you have those bulma classes

* missing modal bulma classes

* add bulma class to box component

* missed some bulma box classes

* remove scss unecessary

* add in bulma classes to icon component.

* move up icon

* missed modal class

* clean up

* size vars to icon

* Step four: address core directory files (#19719)

* move some basic helpers over to typography helper.

* rename helpers to other

* moveing generic classes to other relevant scss files.

* rename generic to link

* clean up

* clean up

* address core/box

* remove hero because the class is not used anywhere.

* add in level bulma css

* welp forgot a file.

* add in missing bulma classes into core/menu

* UI/step four core files 2 (#19754)

* address issue with input border and box shadow

* remove the is-white class, it was being used very poorly, replaced with exisiting helpers.

* organizing the forms and button core files

* small amount of clean up

* hot mess of colors dealing with just danger for now

* removed moved over bulma classes

* use helper for this one off

* clean up

* wip on the buttons

* fix select select:: after

* clean up select from bulma-classes.

* clean up

* clean up

* small fix

* Cleaning up the last of the core files (welp there's still more) (#19779)

* one missing thing for level core.

* replace no-underline and link-item with helper text-decoration-none

* core/menu double check

* handle core/message

* create and add to bulma classes for core/columns

* add in bulma-classes columns and column... not fun to qa later.

* remove core/notification

* core/progress bar

* revert the hbs changes

* fix over revert

* Core files cont. Focus on core/form (#19794)

* create input and textarea core files, move charts

* remove input and textarea classes from bulma classes

* remove input-hint component file, never a component

* fix the mess that is help-text:

* help and is-help and sub-text are a mess...

* fix switch alignment issues

* deal with file-name

* clean file out of bulma-classes

* create layout helper and move out some remaining button classes

* deal with core/title

* is-marginless move to helper

* helper layout add to core

* clean up

* remove core/tables

* test

* Revert "test"

This reverts commit e695dedfe933d71320cd7eeee33f6b21a8d54b37.

* Core files continued (#19896)

* test

* combine input and textarea

* clean up navbar brannd

* clean up the single instance delete class used on the modal and match with flight icon

* add back autocomplete to component

* create core/file

* alphabetize file css blocks

* core/checkboxes create and address

* combine b-checkboxes classes and remove from core the utils

* address duplicate helper

* Core files continued (#19930)

* clean up helper and remove duplicate class

* more clean up of the other helper

* fix pagination, hot mess

* add radio to checkbox styling

* tag to tags rename singular

* container core file

* finally... changing forms to one element, field

* finally remove bulma-classes

* cleanup

* comment cleanup

* add comment about pagination

* Consolidating our size variables with Bulma's (#19951)

* remove bulma-size variables that are duplicates of our own

* remove unused is-size-xx and duplicate font weights

* remove duplicate class

* ahh this is madness

* remove column-gap var

* remove  duplicate sizing of

* clean up breakpoints

* replace border-radius:2px for var so folks know the common border-radius

* replace header-height with new spacing var

* replace body-size and console-size vars with other sizing vars

* clean up final of size vars

* radius override things blah fixed

* last size var

* add back

* Finish size var clean up (#19970)

* remove size-small, etc.

* fix size-small things

* remove label unused classes

* move out font-family utils

* Update Color Vars (remove bulma color vars and overrides) (#20031)

* remove bulma_variables file

* remove duplicate helper

* replace hardcoded with color vars when appropriate

* broaden font-family utils

* add back box-link-hover-shadow

* welp

* fix pagination coloring

* Small fixes post var and core file work (#20035)

* fix auth-login splash container

* fix some splash page issues

* fix status menu

* fix menu-list regression

* fix regression on button text-decoration

* fix tag regression

* fix regression on select select

* fix regression on field field

* regression on textarea

* button focus state regression

* fix inputs

* fix is-outlined buttons

* Remove bulma switch (#20065)

* remove bulma/switch

* fix disbled style

* Bulma removal: starting the clean up process (#20066)

* remove unused class name

* add todo

* wip shamir-modal-flow usage of file styling

* final fix

* fix message type message-body css

* better match

* fix a.active on popup-menu-content

* VAULT-14625 fix

* blah overrides overrides and oh another override

* fix breadcrumb link

* fixes

* fix readonly state and hover on inputs.scss

* fix button style issue

* fix modal title spacing issue

* clean up

* fix switch

* fix checkbox issue and pr comment

* fix issue with tabs

* pr comment

* Bulma clean up cont. (#20119)

* gotta use rem on page container... it makes a difference, can't switch to px

* missing helper for background color

* fix textarea with icon

* can't seem to replace rem with px ;/

* fix table issues

* clean up columns.scss file

* fix

* fix rem vs px issues

* address some todos

* fix todo on help is-danger

* best effort for sizing var clean up

* reomve duplicate

* clearify

* welp forgot a word

* address sr-only class definition

* move to helper

* replaced single use class with helper and cleaned up flexbox

* move to make more sense

* move around layout and container

* color things

* things

* Cleanup 🧹 (#20196)

* remove carry over classes from bulma

* clean up title.scss

* clean up title is-5 has-top-padding-m and box.scss

* clean up breadcrumbs, buttons, c&r, columns

* clean up core files

* clean up cont looking at component files

* clean up remaining component files

* fix pagination

* pr comments, thank you

* add in merge color helper

* Remove out of scope changes (#20218)

* remove out of scope changes

* fix test

* add changelog

* remove scope creep

* fix scope creep cont

* qa fixes

* Fixes found while QA'ing Secret Engines (#20264)

* fix active tab issue for both secret and auth mounts

* use helper instead of :not last on content margin which causes problems

* fix missing disabled on b-checkbox

* quick fix

* deal with body-size issue

* fix order of other helper

* small fixes from qa

* update comments on the core files and change desktop font size from px back to rem

* missed 16px replaced with 1rem

* address chelseas comments

* fixes that jordan noticed

* remove unstable flexbox test

* test fix

* rename other to general

* address claires qa comments

* add in missing helper must have missed in earlier merge

* fix button

* small small small fix
2023-04-27 14:23:17 -06:00
davidadeleon 0d621ea47e
add nil check for mfa enforcement config namespace on login (#20375)
* add nil check for mfa enforcement config ns

* move nil check and add changelog
2023-04-26 16:52:39 -04:00
Alexander Scheel 3a995707b5
Fix reading issuer's enable_aia_url_templating value (#20354)
* Add enable_aia_url_templating to read issuer

This field was elided from read issuer responses, though the value
otherwise persisted correctly.

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add comprehensive test for patching issuers

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add changelog entry

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add missing OpenAPI scheme definition

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

---------

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2023-04-25 16:48:05 -04:00
Alexander Scheel 918305d450
Fix issuer patch of leaf_not_after_behavior (#20341)
* Fix patching issuer leaf_not_after_behavior

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add tests for patching leaf_not_after_behavior

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add changelog entry

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

---------

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2023-04-25 11:02:13 -04:00
Nick Cabatoff 22b00eba12
Add support for docker testclusters (#20247) 2023-04-24 14:25:50 -04:00
Nick Cabatoff 313957b911
Add tests based on vault binary (#20224)
First steps towards docker-based tests: tests using vault binary in -dev or -dev-three-node modes.
2023-04-24 09:57:37 -04:00
Marc Boudreau 895564d615
Provide Descriptive Error when Enterprise-only Paths Called in Open-source Version (#18870)
* define ent paths in OSS codebase with common handler

* fixup! define ent paths in OSS codebase with common handler

* add missing path

* retain existing behaviour for replication/status path

* remove commented out path
2023-04-21 16:14:40 -04:00
Alexander Scheel d7f67b8856
Add additional fields to LIST issuers for Web UI (#20276)
* Add additional fields to LIST issuers for Web UI

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add changelog entry

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

---------

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2023-04-21 18:16:16 +00:00
Christopher Swenson 1415d47da8
Add symbols back to the build to fix Dynatrace support (#20294) 2023-04-21 17:15:56 +00:00
Anton Averchenkov 3c76d90156
Small fixes for OpenAPI display attributes (#20285) 2023-04-21 17:04:12 +00:00
miagilepner 564a7227e4
VAULT-15668: fix windows issues with -dev-tls flag (#20257)
* fix -dev-tls flag on windows

* changelog

* fix only hcl config

* fix import

* fmt
2023-04-21 10:54:38 +02:00
Luis (LT) Carbonell d308c31cbf
Add Configurable LDAP Max Page Size (#19032)
* Add config flag for LDAP max page size

* Add changelog

* move changelog to correct file

* cleanup

* Default to non-paged searching for with -1

* Update website/content/api-docs/auth/ldap.mdx

Co-authored-by: Austin Gebauer <34121980+austingebauer@users.noreply.github.com>

* Update website/content/docs/auth/ldap.mdx

Co-authored-by: Austin Gebauer <34121980+austingebauer@users.noreply.github.com>

* Update tests

---------

Co-authored-by: Austin Gebauer <34121980+austingebauer@users.noreply.github.com>
2023-04-20 20:39:27 +00:00
Austin Gebauer eaf67b7c0e
Add OIDC provider docs for IBM ISAM (#19247)
* Add OIDC provider docs for IBM ISAM

* Add changelog, api docs and docs-nav-data

---------

Co-authored-by: Benjamin Voigt <benjamin.voigt@god.dev>
2023-04-20 11:30:59 -07:00
Chelsea Shaw 879844d300
UI: OIDC provider logo fix (#20263)
* glimmerize role-jwt model, update test for use new case

* Fix issue #8949

* Update test

* Add changelog
2023-04-19 14:30:18 -05:00
Nick Cabatoff 9e34c0b543
Add new method to access a client config's TLSConfig. (#20265) 2023-04-19 15:14:18 -04:00
Nick Cabatoff 21f3977639
Use a current version of etcd (#20261)
Use a current version of etcd, remove the replace hack in go.mod that was intended to be temporary.
2023-04-19 14:17:11 -04:00
Alexander Scheel 189a776307
Add warnings to crl rebuilds, allowing notifying operator of empty issuer equivalency sets (#20253)
* Add infrastructure for warnings on CRL rebuilds

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add warning on issuer missing KU for CRL Signing

When an entire issuer equivalency class is missing CRL signing usage
(but otherwise has key material present), we should add a warning so
operators can either correct this issuer or create an equivalent version
with KU specified.

Resolves: https://github.com/hashicorp/vault/issues/20137

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add tests for issuer warnings

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add changelog entry

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Fix return order of CRL builders

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

---------

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2023-04-19 16:55:37 +00:00
claire bontempo 5f64520dac
UI: remove references to comma separation for string array edit types (#20163)
* remove intercepting helpText

* add subtext directly to StringList input component

* update tests and add coverage for new openapi-attrs util

* update test

* add warning validation to input

* lol is this right i dont know go

* literally no idea what im doing

* add Description to display attrs struct

* update struct comment

* add descriptions to remaining go fields

* add missing comma

* remaining commas..."

* add description to display attrs

* update tests

* update tests

* add changelog;

* Update ui/app/utils/openapi-to-attrs.js

* update tests following backend changes

* clearly name variable

* format files

* no longer need to test for modified tooltip since coming from backend now
2023-04-19 16:16:30 +00:00
Chelsea Shaw d115fda4e0
UI: Remove usage of htmlSafe (#20235) 2023-04-19 15:40:33 +00:00
Jason O'Donnell b5822e612b
cli/namespace: add detailed flag to namespace list (#20243)
* cli/namespace: add detailed flag to namespace list

* changelog
2023-04-19 09:31:51 -04:00
Alexander Scheel 45acac0e64
Return OCSP errors on cert auth login failures (#20234)
* Return OCSP errors on cert auth login failures

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Switch to immediately returning the first match

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add changelog entry

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

---------

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2023-04-19 08:54:45 -04:00
Nathan Handler ad1c669d4b
Fix Indentation in Kubernetes Auth Example (#20216)
In the Kubernetes Auth Code Example, the indentation for the `auth` import is off, causing it to not be indented the same amount as the previous `vault` import. This change ensures that both imports use the same indentation.
2023-04-18 15:23:25 -07:00
Yura Shutkin 7de8a3bc31
Update wrapping-unwrap.mdx (#20109)
* Update wrapping-unwrap.mdx

It is possible to unwrap data without authentication in Vault. I've added an example of a curl request.

* Add changelog record
2023-04-18 14:20:27 -07:00
Rachel Culpepper 074c9a5da2
add changelog for shamir change (#19566) 2023-04-18 16:34:43 +00:00
Max Bowsher 91abc177bb
Minor follow-ups to #16865 (#20220)
* Minor follow-ups to #16865

Fix PKI issuer upgrade logic when upgrading to 1.12 or later, to
actually turn off the issuer crl-signing usage when it intended to.

Fix minor typo in docs.

* changelog
2023-04-18 07:39:05 -04:00
Robert 750bc180ab
build: try creating the go bin directory (#19862)
* Try creating the output directory to ensure it always exists

* Use GOBIN path over GOPATH/bin if it is set
2023-04-17 22:57:17 +00:00
Alexander Scheel 4190212bbb
Remove extraneous certificate from OCSP response (#20201)
* Remove extraneous certificate from OCSP response

Since the issuer used to sign the certificate also signs the OCSP
response, no additional information is added by sending the issuer again
in the certs field of the BasicOCSPResponse structure. Removing it saves
bytes and avoids confusing Go-based OCSP verifiers which cannot handle
the cert issuer being duplicated in the certs field.

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add changelog entry

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

---------

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2023-04-17 16:40:26 +00:00
Alexander Scheel ef7dd8c1bb
Add fix for Go x/crypto/ocsp failure case (#20181)
* Add fix for Go x/crypto/ocsp failure case

When calling ocsp.ParseRequest(req, issue) with a non-nil issuer on a
ocsp request which _unknowingly_ contains an entry in the
BasicOCSPResponse's certs field, Go incorrectly assumes that the issuer
is a direct parent of the _first_ certificate in the certs field,
discarding the rest.

As documented in the Go issue, this is not a valid assumption and thus
causes OCSP verification to fail in Vault with an error like:

> bad OCSP signature: crypto/rsa: verification error

which ultimately leads to a cert auth login error of:

> no chain matching all constraints could be found for this login certificate

We address this by using the unsafe issuer=nil argument, taking on the
task of validating the OCSP response's signature as best we can in the
absence of full chain information on either side (both the trusted
certificate whose OCSP response we're verifying and the lack of any
additional certs the OCSP responder may have sent).

See also: https://github.com/golang/go/issues/59641

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add test case with Vault PKI

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add changelog entry

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

---------

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2023-04-17 11:48:19 -04:00
Chris Capurso e7c0d5744b
add max_entry_size to sanitized config output (#20044)
* add max_entry_size to sanitized config output

* add changelog entry

* add test parallelism

* add inmem test case

* use named struct fields for TestSysConfigState_Sanitized cases
2023-04-14 09:52:23 -04:00
Jordan Reimer c36ab935c4
Clients config updates for census reporting (#20125)
* updates clients config view for census reporting

* adds changelog entry

* fixes issue with modal staying open and error not showing on clients config save failure

* adds min retention months to clients config model and form validation
2023-04-13 15:57:12 -06:00
Kyle Schochenmaier 1b4ff1b1b4
Revert changes to STS leases but keep the ttl field (#20034)
* revert STS lease changes, now create a lease for STS credentials but keep the ttl
Co-authored-by: Calvin Leung Huang <1883212+calvn@users.noreply.github.com>
2023-04-13 15:02:39 -05:00
Alexander Scheel 10e02aca02
Add missing cert auth ocsp read data (#20154)
* Add missing OCSP cert auth fields

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add test to ensure OCSP values are persisted

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add changelog entry

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

---------

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2023-04-13 18:59:09 +00:00