Commit graph

13128 commits

Author SHA1 Message Date
Jim Kalafut 4b1557e6ab
Minor update to Secrets engine overview docs (#10977)
The reference to API calls and link to code isn't a good fit here.

Reverts eb3e34d
2021-02-23 07:17:44 -08:00
Jason O'Donnell 458061d43b
agent: route templating server through cache (#10927)
* agent: route templating server through cache

* Remove TemplateRetry, fix unix path

* Remove mtls comment, remove redundant tls enable

* Fix test

* Refactor vault address logic

* Fix cert/key for mtls

* Update command/agent/template/template_test.go

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

* Update command/agent/template/template_test.go

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

* Update command/agent/template/template_test.go

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

* Update command/agent/template/template_test.go

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

* Update command/agent/template/template_test.go

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

* Update command/agent/template/template_test.go

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

* Reject mtls listeners

* changelog

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>
2021-02-23 09:36:11 -05:00
Michele Degges b54bc22f9e
Upgrading packagespec to 0.2.1 (#10954) 2021-02-23 14:30:25 +00:00
Hridoy Roy 0c17cb5a79
upgrade consul template (#10973) 2021-02-22 14:24:27 -08:00
swayne275 38a647c6e5
remove noisy log, simplify job interface (#10975) 2021-02-22 15:00:24 -07:00
Austin Gebauer f33fda0d87
Adds method for rotating a policy without a persist (#10941) 2021-02-22 11:09:13 -08:00
Josh Black bc44d19bbe
Add ParseCapacityString (#10956) 2021-02-22 10:44:55 -08:00
Brian Kassouf 34a7fc0286
replication: Don't write request coutners on DR Secondary nodes (#10936) 2021-02-22 09:04:41 -08:00
Clint f998f96451
Add documentation for upcoming Terraform Cloud secret engine (#10823)
* add side navigation for Terraform Cloud Secret Engine

* terraform cloud engine docs

* add api-docs for terraform cloud secret engine

* fix some typos and improve wording, now with less management

* fix capitalization

* change text->shell-session

* clarify rotating user roles returns an error
2021-02-22 10:57:52 -06:00
Chelsea Shaw f89968a12b
UI/add usage metrics description (#10951)
* Add description to metrics usage page

* Add changelog
2021-02-22 09:35:15 -06:00
Jim Kalafut 7e54bc15c2
Add TOTP support to Okta Auth (#10942) 2021-02-21 21:18:17 -08:00
Clint 2aff402279
Bundle new Vault plugin: Terraform secrets (#10931)
* Bundle Terraform secrets engine

* update go.mod/sum

* vendor update

* add changelog entry

* add secrets terraform
2021-02-19 16:38:56 -06:00
Austin Gebauer 0017b78919
Adds API docs for max_age role parameter of JWT/OIDC auth method (#10916) 2021-02-19 13:39:58 -08:00
Chelsea Shaw 889d82aca5
UI/Database Secrets Engine cleanup (#10949)
* Update role toolbar, serialization for special mongo values

* Only show defaultShown if no value on info table row

* Remove root_rotation_statements from mongo connection fields

* Wrap this.router in try/catch if in then statement

* Add changelog
2021-02-19 14:04:51 -06:00
Brian Kassouf 6f3d179635
helper/metricsutil: Prevent potential Ticker leak (#10913) 2021-02-18 20:31:53 -08:00
Brian Kassouf 0ad63e5a20
core/expiration: Add backoff jitter to the expiration retries (#10937) 2021-02-18 20:20:01 -08:00
Hridoy Roy 4a96126d5a
Revert "Vault Dependency Upgrades [VAULT-871] (#10903)" (#10939)
This reverts commit eb74ca61fc4dcb7038f39defb127d5d639ba0ca1.
2021-02-18 15:40:18 -05:00
Hridoy Roy a26d1300e8
Vault Dependency Upgrades [VAULT-871] (#10903)
* upgrade vault dependency set

* etcd and grpc issues:

* better for tests

* testing

* all upgrades for hashicorp deps

* kubernetes plugin upgrade seems to work

* kubernetes plugin upgrade seems to work

* etcd and a bunch of other stuff

* all vulnerable packages upgraded

* k8s is broken in linux env but not locally

* test fixes

* fix testing

* fix etcd and grpc

* fix etcd and grpc

* use master branch of go-testing-interface

* roll back etcd upgrade

* have to fix grpc since other vendors pull in grpc 1.35.0 but we cant due to etcd

* rolling back in the replace directives

* a few more testing dependencies to clean up

* fix go mod vendor
2021-02-18 12:31:57 -08:00
Nick Cabatoff 81105274d1
Add docs for Agent's template_retry option added in #10644, based on those from consul-template configuration. Also fix some existing config docs that weren't adhering to our conventions. (#10911) 2021-02-18 11:24:36 -08:00
Angel Garbarino 59e83e2e6d
UI Database Secrets Engine (MongoDB) (#10655)
* move the ttls on enable for db to default and not as options

* refactor form field to angle brackets

* add database to supported backend

* initial setup of components and models

* setup selectable cards, need to make own component

* styling setup

* subtext and links

* number styling

* search select put in place and button, all pretty things

* search label text

* messy but closer to data configuration. making models and fetching those models on routes

* connection adapter and serializer that is pulled in by the overview route

* clean up and add new model params connections and roles to overview route hbs

* setting up overview as route with SecretHeader component.  TODO, show Overview tab, but have link to route.  It's going be on the secret header list component

* setup overview tab on secret-list-header to go to overview page

* setup id in overview route

* Correct link on secrets engine list for database and others

* Roles tab on database fetches correct model

* Update options for backend with hasOverview param so overview tab is rendered conditionally on secret list header

* create new getCrendentialsComponent

* Rename database connection parent component and start working on display

* setup routing to credentials route for database from overview page

* setup network request for the credentials of role

* setup serializer for credentials

* redirect previous route

* fix border color on button disable

* add margin to back button

* change to glimmer component

* glimmerize and clean up the get-credentials-card

* Begin database connection show and create form

* add component test for the get-credentials-card

* Database connection model and field groups

* add static roles to searhSelect

* add staticRoles on overview page

* Toolbar and tabs on database connection show view looks correct

* combine static and dynamic role models for pagination

* Update database-list-item with real link to connection

* Add support for optionalText edit type on form-field

* handle situation when no static and/or dynamic roles

* turn partial into component so can handle computed and eventually click actions, similar to transform

* glimmerize database-list-item

* use lazy capabilities on list role and static-role actions

* Create connection works and redirects to show page

* creds request based on dynamic or static and unload the store by record creds when they transition away.

* dynamcially add in backend for queries

* fixes on overview page for get credentials with hardcoded backend and layout for static creds

* Rotate and Reset connection actions working on connection

* get credentials set the query params

* setup async for handling permission errors on overivew

* Move query logic to store for getting both types of role

* Filtering works on combined role models

* cleanup

* Fix no meta on connections list

* better handle the situation where you don't have access to list roles but do to generate

* implment updated empty state component and add to credentials page when roleType is noRoleType

* glimmerize the input search component

* move logic for generate credentials urlto the generate creds component

* remove query param for role type

* handle permissions on the overview page

* permissions for role list

* New roles route for backends

* handle different permissions for empty return on 404 vs 403 on overview page

* fix links on overview page

* Connetions WIP

* setup lazy caps for the connections model and list

* add computed to role and static role models to clean up permissions

* setup actions for connections list

* Update form-field to show password type and update json input to angle bracket syntax with optional theme option

* setup capabilities on overview for empty state

* fix hardcoded on the backend

* toggle inner label has width 100%

* Add custom update password togglable input on database connection edit form, and only submit defined attrs

* Add updateRecord to connection adapter

* glimmerize secret list header and make new component which either shows or does not show the tab based on permissions

* Remove tabs on show connection

* add peek record

* Update database role to get both models on a single model, remove static-role model and adapter, remove roles route

* fix creds permissions on database-list-item

* add component info and rename for secret-list-header-tab

* fix issues on overview page

* Add path to individual role on serializer

* add accetpance test for testing the engine

* fix transform test

* test fix

* Update connection before role created, disable button with tooltip if user cannot update path

* Add add-to-array and remove-from-array helpers with tests

* Clean up connection update on delete or create role, cleanup logs, role create link works

* Database role create and edit forms with readonly fields and validation. Add readonly-form-field

* Add field div around ttl picker for correct spacing on form-field

* fix the breadcrumbs

* PLaceholder test for readonly form field

* create new helper to format time duration

* tooltip and formatting on static role

* more on static roles time stuff

* clean up

* clean up

* fixes on the test and addition of another helper test

* fix secrets machine test

* Add modal to connection creation flow

* fix issue with readonly form field test

* Add is-empty-object helper and tests

* Role error handling

* Remove Atlas option from connection list, add defaults to db role form

* clean up stuff though might have made it uglier

* clean up

* Add capabilities checks on connection actions

* Fix jsdocs on readonly-form-field

* Fix json editor height on form field

* Readonly form has notallowed cursor, readonly form field updates

* Add blank field rendering to info-table-row

* Start writing readonly form field tests

* Address some PR comments

* fix fallback action on search select

* cleanup per comments

* fix readonly form field test and lint

* Cleanup string helpers

* Replace renderBlank with alwaysRender logic

* re-humanize label on readonly form field

* Show defaultShown value on info-table-row if no value and always render

* Show default on role and connection show table

* Add changelog

Co-authored-by: Chelsea Shaw <chelshaw.dev@gmail.com>
2021-02-18 10:36:31 -06:00
Michael Golowka 52845525e9
OpenAPI - Don't panic if field isn't found (#10929) 2021-02-17 15:45:45 -07:00
swayne275 e4119a6a8a
Vault-1403 Switch Expiration Manager to use Fairsharing Backpressure (#1709) (#10932)
* basic pool and start testing

* refactor a bit for testing

* workFunc, start/stop safety, testing

* cleanup function for worker quit, more tests

* redo public/private members

* improve tests, export types, switch uuid package

* fix loop capture bug, cleanup

* cleanup tests

* update worker pool file name, other improvements

* add job manager prototype

* remove remnants

* add functions to wait for job manager and worker pool to stop, other fixes

* test job manager functionality, fix bugs

* encapsulate how jobs are distributed to workers

* make worker job channel read only

* add job interface, more testing, fixes

* set name for dispatcher

* fix test races

* wire up expiration manager most of the way

* dispatcher and job manager constructors don't return errors

* logger now dependency injected

* make some members private, test fcn to get worker pool size

* make GetNumWorkers public

* Update helper/fairshare/jobmanager_test.go

Co-authored-by: Brian Kassouf <briankassouf@users.noreply.github.com>

* update fairsharing usage, add tests

* make workerpool private

* remove custom worker names

* concurrency improvements

* remove worker pool cleanup function

* remove cleanup func from job manager, remove non blocking stop from fairshare

* update job manager for new constructor

* stop job manager when expiration manager stopped

* unset env var after test

* stop fairshare when started in tests

* stop leaking job manager goroutine

* prototype channel for waking up to assign work

* fix typo/bug and add tests

* improve job manager wake up, fix test typo

* put channel drain back

* better start/pause test for job manager

* comment cleanup

* degrade possible noisy log

* remove closure, clean up context

* improve revocation context timer

* test: reduce number of revocation workers during many tests

* Update vault/expiration.go

Co-authored-by: Brian Kassouf <briankassouf@users.noreply.github.com>

* feedback tweaks

Co-authored-by: Brian Kassouf <briankassouf@users.noreply.github.com>

Co-authored-by: Brian Kassouf <briankassouf@users.noreply.github.com>
2021-02-17 14:30:27 -08:00
Brian Fox 7f6ec265a1
Update KV Secrets Engine index (#10933)
Just a suggestion on how to perhaps improve the language as I found myself re-reading the sentences due to the missing "either ... or ..." having been _told_ that it `can be run in two modes`.
2021-02-17 14:27:37 -08:00
Austin Gebauer a7531a11ea
Updates the JWT/OIDC auth plugin (#10919) 2021-02-16 17:21:35 -08:00
Michael Golowka e494e8a141
Cassandra - Add username customization (#10906) 2021-02-16 12:39:24 -07:00
Nick Cabatoff 1b789f5ae5
Note that all local mounts are impacted, including on primary. (#10807) 2021-02-16 10:37:37 -05:00
Rosemary Wang a48db957ca
docs: Update Azure AD OIDC documentation (#10853)
Addresses #8191 with clearer external groups configuration.
2021-02-12 17:28:00 -08:00
swayne275 3994579603
VAULT-1401 and 1402 - preliminary fair sharing (#1701) (#10917)
* basic pool and start testing

* refactor a bit for testing

* workFunc, start/stop safety, testing

* cleanup function for worker quit, more tests

* redo public/private members

* improve tests, export types, switch uuid package

* fix loop capture bug, cleanup

* cleanup tests

* update worker pool file name, other improvements

* add job manager prototype

* remove remnants

* add functions to wait for job manager and worker pool to stop, other fixes

* test job manager functionality, fix bugs

* encapsulate how jobs are distributed to workers

* make worker job channel read only

* add job interface, more testing, fixes

* set name for dispatcher

* fix test races

* dispatcher and job manager constructors don't return errors

* logger now dependency injected

* make some members private, test fcn to get worker pool size

* make GetNumWorkers public

* Update helper/fairshare/jobmanager_test.go

Co-authored-by: Brian Kassouf <briankassouf@users.noreply.github.com>

* make workerpool private

* remove custom worker names

* concurrency improvements

* remove worker pool cleanup function

* remove cleanup func from job manager, remove non blocking stop from fairshare

* stop fairshare when started in tests

* stop leaking job manager goroutine

* prototype channel for waking up to assign work

* fix typo/bug and add tests

* improve job manager wake up, fix test typo

* put channel drain back

* better start/pause test for job manager

* go mod vendor

Co-authored-by: Brian Kassouf <briankassouf@users.noreply.github.com>

Co-authored-by: Brian Kassouf <briankassouf@users.noreply.github.com>
2021-02-12 14:51:52 -07:00
swayne275 6e1b183f79
Shutdown Test Cores when Tests Complete (#10912)
* Shutdown Test Cores when Tests Complete

* go mod vendor
2021-02-12 13:04:48 -07:00
Jim Kalafut 42bae71806
Improve error messages (#10843)
- Fix: "bytes" should be less than %!s(int=131072) message
- Also add a missing openapi type that was throwing warnings
2021-02-11 19:51:12 -08:00
Mark Gritter a8d2e6e350
Added a table showing the entity alias name used by each auth method. (#10908)
* Also corrected the text about token auth method.
2021-02-11 18:34:45 -06:00
Zachary Shilton e45d81ff47
Use revised BeforeAfterDiagram, VerticalTextBlockList (#10907)
* Switch BeforeAfterDiagram implementation, pulled from www-next

* Bump vertical-text-block-list, update md to HTML

* Bump to latest case-study-slider
2021-02-11 16:29:38 -05:00
Michael Golowka 108d4c6a68
MySQL - Add username customization (#10834) 2021-02-11 14:08:32 -07:00
Michael Golowka 34c29a38e9
MongoDB - add username customization (#10858) 2021-02-11 14:07:58 -07:00
Angel Garbarino 681a86f6eb
UI: Upgrade storybook (#10904)
* upgrade storybook

* add changelog
2021-02-11 12:16:00 -07:00
aphorise 17003328ab
Docs - Namespace monitoring corrected examples (#10863)
Re-doing PR #10305
2021-02-11 11:32:52 -06:00
Nick Cabatoff 2108bb8e00
Use an atomic to avoid a race in runEventDemuxer. (#10901) 2021-02-11 11:50:41 -05:00
Tom Proctor 5f9891f992
auth/kubernetes docs: Correct default issuer (#10900)
As per 207d1b4c1c/path_login.go (L24), the default issuer when none is set is `kubernetes/serviceaccount`.
2021-02-11 15:26:34 +00:00
Jason O'Donnell ba9b3318d8
agent: allow auto-auth to use an existing token (#10850)
* agent/auto-auth: add use_existing_token

* Add better logging for lookup errors

* Fix test

* changelog

* Remove preload config, add token var

* Update filename

* Update changelog

* Revert test name

* Remove unused function

* Remove redundant error message

* Short circuit authenticate for preloaded token

* Add comment for auto-auth login
2021-02-11 09:36:03 -05:00
Chelsea Shaw acdf42dfbf
Fix KMIP tests failing after 1.6.2 (#10891) 2021-02-10 15:48:29 -06:00
Vishal Nayak 53cb1deb38
Revert "Read-replica instead of non-voter (#10875)" (#10890)
This reverts commit fc745670cf34821f5834357d9caebc3351dbc1e7.
2021-02-10 16:41:58 -05:00
Michael Golowka d22c6f9a7a
Update gopsutil & x/sys libraries (#10889) 2021-02-10 14:33:11 -07:00
Mark Gritter 85c1ae1002
Fix error in log; add additional log on conflicting quotas. (#10888) 2021-02-10 12:24:35 -06:00
Ian Ferguson 865df63c76
Correct lock acquisition order in the pathEntityMergeID identity to fix deadlock condition (#10877) 2021-02-10 11:05:16 -05:00
Vishal Nayak a2394e7353
Read-replica instead of non-voter (#10875) 2021-02-10 09:58:18 -05:00
Mark Gritter c5fd996a36
Fix flaky ActivityLog unit test (#10860)
* Wait for initial retention run to finish before adding segments.
2021-02-09 16:34:49 -06:00
Vishal Nayak bbfbb87115
cl++ (#10870) 2021-02-09 15:11:18 -05:00
Jim 7cb100e9a7
Update kubernetes.mdx (#10871)
Add suggestion to validate K8S cluster address and TCP port using cluster-info command and update sample config (line 77) to prompt for validation. Feedback from prospect was that doc is misleading since our sample uses TCP 8443.
2021-02-09 14:50:31 -05:00
jonZlotnik 541079dec3
both serviceaccount and namespace can be splat (#10829)
Needs to be changed in the docs.
Please see commit 70bc47384bedfc895d08d1df17a45b0c4ea8b6de
2021-02-09 11:14:13 -08:00
Nick Cabatoff e4b80ea334
changelog++ (#10867) 2021-02-09 13:56:03 -05:00