* Slight cleanup around mysql ha lock implementation
* Removes some duplication around lock table naming
* Escapes lock table name with backticks to handle weird characters
* Lock table defaults to regular table name + "_lock"
* Drop lock table after tests run
* Add `ha_enabled` option for mysql storage
It defaults to false, and we gate a few things like creating the lock
table and preparing lock related statements on it
* add namespace sidebar item
* depend on ember-inflector directly
* list-view and list-item components
* fill out components and render empty namespaces page
* list namespaces in access
* add menu contextual component to list item
* popup contextual component
* full crud for namespaces
* add namespaces service and picker component
* split application and vault.cluster templates and controllers, add namespace query param, add namespace-picker to vault.namespace template
* remove usage of href-to
* remove ember-href-to from deps
* add ember-responsive
* start styling the picker and link to appropriate namespaces, use ember-responsive to render picker in different places based on the breakpoint
* get query param working and save ns to authdata when authenticating, feed through ns in application adapter
* move to observer on the controller for setting state on the service
* set state in the beforeModel hook and clear the ember data model cache
* nav to secrets on change and make error handling more resilient utilizing the method that atlas does to eagerly update URLs
* add a list of sys endpoints in a helper
* hide header elements if not in the root namespace
* debounce namespace input on auth, fix 404 for auth method fetch, move auth method fetch to a task on the auth-form component and refretch on namespace change
* fix display of supported engines and exclusion of sys and identity engines
* don't fetch replication status if you're in a non-root namespace
* hide seal sub-menu if not in the root namespace
* don't autocomplete auth form inputs
* always send some requests to the root namespace
* use methodType and engineType instead of type in case there it is ns_ prefixed
* use sys/internal/ui/namespaces to fetch the list in the dropdown
* don't use model for namespace picker and always make the request to the token namespace
* fix header handling for fetch calls
* use namespace-reminder component on creation and edit forms throughout the application
* add namespace-reminder to the console
* add flat
* add deepmerge for creating the tree in the menu
* delayed rendering for animation timing
* design and code feedback on the first round
* white text in the namespace picker
* fix namespace picker issues with root keys
* separate path-to-tree
* add tests for path-to-tree util
* hide picker if you're in the root ns and you can't access other namespaces
* show error message if you enter invalid characters for namespace path
* return a different model if we dont have the namespaces feature and show upgrade page
* if a token has a namespace_path, use that as the root user namespace and transition them there on login
* use token namespace for user, but use specified namespace to log in
* always renew tokens in the token namespace
* fix edition-badge test
This commit changes the selected text background color to a more
contrasting one. It also unifies colors of focused/not focused editor.
Focused editor is now indicated by the blinking cursor, which is a
more popular solution.
etcd storage stores all Vault data under a prefix.
The default prefix is "/vault/" according to source codes.
However, the default prefix shown in the website is "vault/".
If the access to etcd is restricted to this wrong prefix, vault
cannot use etcd.
* Make AWS credential types more explicit
The AWS secret engine had a lot of confusing overloading with role
paramemters and how they mapped to each of the three credential types
supported. This now adds parameters to remove the overloading while
maintaining backwards compatibility.
With the change, it also becomes easier to add other feature requests.
Attaching multiple managed policies to IAM users and adding a policy
document to STS AssumedRole credentials is now also supported.
Fixes#4229Fixes#3751Fixes#2817
* Add missing write action to STS endpoint
* Allow unsetting policy_document with empty string
This allows unsetting the policy_document by passing in an empty string.
Previously, it would fail because the empty string isn't a valid JSON
document.
* Respond to some PR feedback
* Refactor and simplify role reading/upgrading
This gets rid of the duplicated role upgrade code between both role
reading and role writing by handling the upgrade all in the role
reading.
* Eliminate duplicated AWS secret test code
The testAccStepReadUser and testAccStepReadSTS were virtually identical,
so they are consolidated into a single method with the path passed in.
* Switch to use AWS ARN parser
* Initial work on templating
* Add check for unbalanced closing in front
* Add missing templated assignment
* Add first cut of end-to-end test on templating.
* Make template errors be 403s and finish up testing
* Review feedback
While following along with the usage section in the kv-v1 docs I noticed this error.
Running the given command gives:
```text
$ vault kv list kv/my-secret
No value found at kv/my-secret/
```
Running `vault kv list kv/` gives the desired output.
Also, I removed some trailing whitespace.
* storage/gcs: fix race condition in releasing lock
Previously we were deleting a lock without first checking if the lock we were deleting was our own. There existed a small period of time where vault-0 would lose leadership and vault-1 would get leadership. vault-0 would delete the lock key while vault-1 would write it. If vault-0 won, there'd be another leader election, etc.
This fixes the race by using a CAS operation instead.
* storage/gcs: properly break out of loop during stop
* storage/spanner: properly break out of loop during stop
We support this in the API as of 0.10.2 so read should support it too.
Trivially tested with some log info:
`core: data: data="map[string]interface {}{"zip":[]string{"zap", "zap2"}}"`
when use mysql storage, set` database = "dev-dassets-bc"` , create database and create table will throw exceptions as follows:
Error initializing storage of type mysql: failed to create mysql database: Error 1064: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '-dassets-bc' at line 1
Error initializing storage of type mysql: failed to create mysql table: Error 1046: No database selected
cause of `-` is a MySQL built-in symbol. so add backtick for create database sql\create table sql \dml sqls.
The backwards compatibility logic was preventing updates to role
statements from taking effect. This change removes persistence of
deprecated statement fields.