Commit graph

12676 commits

Author SHA1 Message Date
DevOps Rob 230656ccf4
adding a note to the docs to make it clear that the token needs to be unlimited to create child tokens (#9397) 2020-07-03 09:00:14 -07:00
Calvin Leung Huang 80ea138b9e
scripts: make build.sh gocmd aware (#9394) 2020-07-02 17:45:41 -07:00
Brian Kassouf a6a5e951e9
changelog++ 2020-07-02 16:59:30 -07:00
Meggie 866576cde8
Changing changelog headers and update version (#9393) 2020-07-02 19:46:41 -04:00
Brian Kassouf 90ed4d7eac
Fix UI in dev mode 2020-07-02 15:18:57 -07:00
Mike Jarmy 804106904b
Update CHANGELOG.md 2020-07-02 17:57:45 -04:00
Noelle Daley d93249b2ca
Update CHANGELOG.md 2020-07-02 14:26:48 -07:00
Mike Jarmy 769cfbfadb
Update CHANGELOG.md 2020-07-02 17:22:44 -04:00
Jeff Escalante a3371f6242
🌷Website Maintenance (#9140)
* another round of maintenance

- apply stylelint
- run eslint across all files
- remove unneeded font import
- add jsconfig and import from absolute pahts
- remove unneeded experimental nextjs config
- update all dependencies

* refreshing with the latest dep updates
2020-07-02 14:24:34 -04:00
Geoffrey Grosenbach 93b37de1bc
Mention Linux packages on install page (#9314)
* Update install docs to mention Linux packages

We now build packages for Debian, Ubuntu, CentOS, etc. This removes language
about "we have no plans to build packages" and adds links to step by step guides
for adding a GPG key and the official repository.

* Fix URL to Learn Vault install page

A Linux section previously existed but now it is in the general install section.

* Fix Markdown for multi-step compile from source

The steps were previously marked up as an ordered list but the numbers didn't
display correctly. This outdents the code so it's a series of paragraphs instead
of an ordered list.
2020-07-02 13:51:02 -04:00
Roger Berlind 15d8ed3f82
request.connection.remote_addr only has IP (#9326)
* request.connection.remote_addr only has IP

The request.connection.remote_addr property exposed to Sentinel only has an IP.
It does not include a port.
I tested this in a policy with `print("remote address:", request.connection.remote_addr)` and got back 150.10.0.26.

* Update website/pages/docs/enterprise/sentinel/properties.mdx

Co-authored-by: Calvin Leung Huang <cleung2010@gmail.com>

Co-authored-by: Calvin Leung Huang <cleung2010@gmail.com>
2020-07-02 10:47:44 -07:00
Jim Kalafut 0cd66b516f
Update README.md (#9378) 2020-07-02 08:58:08 -07:00
Jim Kalafut bb8242119a
Update bug_report.md (#9385) 2020-07-02 08:55:33 -07:00
Chelsea Shaw d282a2071c
DR secondary generate operation token styling updates (#9355)
* Match spacing, content, and styling better to designs on DR secondary generate operation token

* Clarify language around OTP and DR secondary operation token
2020-07-02 10:52:06 -05:00
Alexander Bezobchuk f1534a0ed0
Add nil check for quota manager (#9379)
* Add nil check for quota manager

* Add missing nil checks
2020-07-01 18:14:33 -07:00
Noelle Daley cf94e19b03
Update CHANGELOG.md 2020-07-01 17:28:59 -07:00
Noelle Daley bd8281b4ae
upgrade storybook and babel deps (#9371) 2020-07-01 16:28:16 -07:00
Chelsea Shaw 1f55f5d602
Add dr_operation_token_primary to hashed submit value (#9370) 2020-07-01 16:03:57 -05:00
Alexander Bezobchuk fb9cd9db2a
Merge PR #9372: Fix Unauthenticated list 2020-07-01 16:02:14 -04:00
Mark Gritter 707fdea702
Don't return quota error on revoke. (#9374)
Changed log messages to be clearer about quota operations.
This should fix enterprise unit test failures.
2020-07-01 14:41:42 -05:00
Calvin Leung Huang 37c0e51142
logical/system: re-introduce ns-awareness in pathInternalUIMountsRead (#9373) 2020-07-01 12:37:11 -07:00
Jim Kalafut 6e605c0995
Update plugin dependencies (#9367) 2020-07-01 12:03:47 -07:00
Austin Gebauer e8d972c2ec
changelog++ 2020-07-01 11:32:20 -07:00
Brian Kassouf 50cd031798
Update go-kms-deps & run go mod vendor (#9366) 2020-07-01 10:54:50 -07:00
Chelsea Shaw dfa9b7021b
Update TTL picker on add replication secondary (#9271)
* Update TTL picker on add replication secondary

This change updates the TTL picker to the new version to match most updated designs. The component also allows the default value to be more obvious

* Remove erroneous else

* Add changeOnInit param for TtlPicker2 and use it on add secondary page

* Update ttlPicker2 docs and add tests for new param

* Calculate value in unit provided on init for ttl-picker2, with tests

* Cleanup and make ttl-picker2 test more specific
2020-07-01 12:50:02 -05:00
Scott Miller a6f62359a9
Don't setup plugin reload on perf standbys (#9352) 2020-06-30 17:32:06 -05:00
Mike Jarmy 4b2cdfee72
re-enable seal migration (#9351)
Co-authored-by: Vishal Nayak <vishalnayak@users.noreply.github.com>
2020-06-30 18:21:18 -04:00
Scott Miller 2aa90105d3
Address feedback on Plugin Reload: OSS Side (#9350)
* just use an error string

* Switch command to use new struct
2020-06-30 16:26:38 -05:00
Scott Miller ad292bec73
Fix wrong err return value in plugin reload status command (#9348)
* Fix wrong return value (discovered when merging to ENT)

* go.mod

* go mod vendor

* Add setup plugin reload hook

* All reloads return something now
2020-06-30 13:33:30 -05:00
Scott Miller 001ee861bd
Global Plugin Reload: OSS Changes Take II (#9347)
* Carefully move changes from the plugin-cluster-reload branch into this clean branch off master.

* Don't test this at this level, adequately covered in the api level tests

* Change PR link

* go.mod

* Vendoring

* Vendor api/sys_plugins.go
2020-06-30 10:26:52 -05:00
Theron Voran 32bf4b6e00
changelog++ 2020-06-29 15:47:45 -07:00
Jason O'Donnell 142b47fe5e
auth/k8s: update go.mod (#9328)
Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>
2020-06-29 15:44:33 -07:00
Scott Miller e92f8f5a81
Revert global plugin reload commits (#9344)
* Revert "Some of the OSS changes were clobbered when merging with quotas out of, master (#9343)"

This reverts commit 8719a9b7c4d6ca7afb2e0a85e7c570cc17081f41.

* Revert "OSS side of Global Plugin Reload (#9340)"

This reverts commit f98afb998ae50346849050e882b6be50807983ad.
2020-06-29 17:36:22 -05:00
Josh Black 44a7e3661d
Update replication status API docs with new fields (#9215) 2020-06-29 15:11:17 -07:00
Scott Miller cc51427584
Some of the OSS changes were clobbered when merging with quotas out of, master (#9343)
* OSS side of Global Plugin Reload
2020-06-29 16:58:51 -05:00
Scott Miller a83fe0fc6d
OSS side of Global Plugin Reload (#9340)
* OSS side of Global Plugin Reload

* changelog++
2020-06-29 16:23:28 -05:00
ncabatoff d42ee4f7ef
Ensure "initialized" service registration tag is also present whenever Vault is unsealed, on both Consul and K8s (#8990)
* Add the initialized tag to Consul registration for parity with k8s (and for easy automated testing).  Ensure that whenever we flag Vault as unsealed, we also flag it as initialized.

* Update API docs.

Co-authored-by: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com>
2020-06-29 16:02:49 -04:00
Calvin Leung Huang babaa93a0f
monitor: watch for seal state during monitor request (#9341)
* monitor: watch for seal state during monitor request

* monitor: return error regardless of how upstream handles it
2020-06-29 12:58:41 -07:00
Josh Black dc2b5c1830
Add docs for vault monitor (#9218) 2020-06-29 12:23:31 -07:00
Mark Gritter 873acbefbd
Unit test that fails to demonstrate identity store problem. (#9339)
Fix test compilation error.
2020-06-29 13:33:25 -05:00
Theron Voran 06700a7110
Adding docs for azure-specific handling in jwt-oidc (#9287)
Co-authored-by: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com>
2020-06-29 10:46:41 -07:00
Theron Voran 6dfe8d966a
changelog++ 2020-06-29 10:25:18 -07:00
Theron Voran c943235288
Update auth-jwt to v0.7.0 (#9320)
Adds support for distributed groups claims on Azure, necessary when a
user is a member of more than 200 groups.
2020-06-29 10:23:32 -07:00
Vishal Nayak 6bd5674345
Reset quota manager during shutdown (#9331) 2020-06-29 13:23:10 -04:00
ncabatoff 4a5d8fc212
Remove two unreliable tests from TestTransit_SignVerify_P256. (#7499)
* Remove two tests from TestTransit_SignVerify_P256.  These verify that
you can't verify something signed using JWS marshaling when claiming
it's ASN1, and vice versa.  The problem is that we rely on unmarshaling
failing, and it doesn't always.  Both encodings use base64, one with
padding, one without, so depending on the data sometimes unmarshaling
will work when we expect it to fail.  It would be nice to preserve
these tests if they could be made reliable, but I didn't see an easy way,
and I don't think they add enough value to warrant greater effort.

* Restore the tests I removed, and improve the verify function to broaden the notion of errExpected.

Co-authored-by: Vishal Nayak <vishalnayak@users.noreply.github.com>
2020-06-29 12:22:22 -04:00
Vitaly Velikodny 1bb9992c92
fix #8092: add the note to docs about impossible to create a custom token with 's.' prefix (#8195)
Co-authored-by: Vishal Nayak <vishalnayak@users.noreply.github.com>
2020-06-29 12:20:23 -04:00
Josh Black 6306faa3d2
Update documentation with more details for allowed_parameters (#9279) 2020-06-29 09:01:33 -07:00
Kevin Pruett 4a48b57546
Add Algolia indexing script to CI (#9332) 2020-06-29 16:39:08 +01:00
Clint cbecc40e48
Stepwise docker env (#9292)
* add first stepwise test env, Docker, with example transit test

* update transit stepwise test

* add other tests that use stepwise

* cleanup test, make names different than just 'transit'

* return the stderr if compile fails with error

* minor cleanups

* minor cleanups

* go mod vendor

* cleanups

* remove some extra code, and un-export some fields/methods

* update vendor

* remove reference to vault.CoreConfig, which really wasn't used anyway

* update with go mod vendor

* restore Precheck method to test cases

* clean up some networking things; create networks with UUID, clean up during teardown

* vendor stepwise

* Update sdk/testing/stepwise/environments/docker/environment.go

haha thanks :D

Co-authored-by: Michael Golowka <72365+pcman312@users.noreply.github.com>

* Update sdk/testing/stepwise/environments/docker/environment.go

Great catch, thanks

Co-authored-by: Michael Golowka <72365+pcman312@users.noreply.github.com>

* fix redundant name

* update error message in test

* Update builtin/credential/userpass/stepwise_test.go

More explicit error checking and responding

Co-authored-by: Michael Golowka <72365+pcman312@users.noreply.github.com>

* Update builtin/logical/aws/stepwise_test.go

`test` -> `testFunc`

Co-authored-by: Michael Golowka <72365+pcman312@users.noreply.github.com>

* Update builtin/logical/transit/stepwise_test.go

Co-authored-by: Michael Golowka <72365+pcman312@users.noreply.github.com>

* fix typos

* update error messages to provide clarity

* Update sdk/testing/stepwise/environments/docker/environment.go

Co-authored-by: Michael Golowka <72365+pcman312@users.noreply.github.com>

* update error handling / collection in Teardown

* panic if GenerateUUID returns an error

* Update sdk/testing/stepwise/environments/docker/environment.go

Co-authored-by: Michael Golowka <72365+pcman312@users.noreply.github.com>

* Update builtin/credential/userpass/stepwise_test.go

Co-authored-by: Calvin Leung Huang <cleung2010@gmail.com>

* Update builtin/logical/aws/stepwise_test.go

Co-authored-by: Calvin Leung Huang <cleung2010@gmail.com>

* Update builtin/logical/transit/stepwise_test.go

Co-authored-by: Calvin Leung Huang <cleung2010@gmail.com>

* Update sdk/testing/stepwise/environments/docker/environment.go

Co-authored-by: Calvin Leung Huang <cleung2010@gmail.com>

* import ordering

* standardize on dc from rc for cluster

* lowercase name

* CreateAPIClient -> NewAPIClient

* testWait -> ensure

* go mod cleanup

* cleanups

* move fields and method around

* make start and dockerclusternode private; use better random serial number

* use better random for SerialNumber

* add a timeout to the context used for terminating the docker container

* Use a constant for the Docker client version

* rearrange import statements

Co-authored-by: Michael Golowka <72365+pcman312@users.noreply.github.com>
Co-authored-by: Calvin Leung Huang <cleung2010@gmail.com>
2020-06-26 17:52:31 -05:00
Vishal Nayak c6876fe00f
Resource Quotas: Rate Limiting (#9330) 2020-06-26 17:13:16 -04:00