Commit graph

17819 commits

Author SHA1 Message Date
hc-github-team-secure-vault-core 4d910a3b43
backport of commit 5123ea933a1d8e4df0af2aefb049c3556f843b72 (#23505)
Co-authored-by: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com>
2023-10-04 15:19:12 -04:00
hc-github-team-secure-vault-core c9919d599c
backport of commit b5ff3f81134f6d980c7380cb3eda995e6296f891 (#23499)
Co-authored-by: xka5h <74259424+xka5h@users.noreply.github.com>
2023-10-04 13:58:58 -04:00
hc-github-team-secure-vault-core c90b7cddb7
backport of commit 9019203e9f052b6e58a14cbfab4a559d5e7e5883 (#23491)
Co-authored-by: Conor McCullough <103977699+conor-mccullough@users.noreply.github.com>
2023-10-04 09:13:33 -05:00
hc-github-team-secure-vault-core 7624576e39
backport of commit 9afd5e52ae31d6c3b7ab6833836647392bb318e6 (#23478)
Co-authored-by: Ryan Cragun <me@ryan.ec>
2023-10-03 19:29:40 +00:00
hc-github-team-secure-vault-core 92997859cd
[VAULT-20630] CI: Use 'ref' (not 'base_ref') as a default git reference to check out code in the test-go GHA workflow (#23458) (#23469)
Co-authored-by: Kuba Wieczorek <kuba.wieczorek@hashicorp.com>
2023-10-03 17:47:44 +00:00
hc-github-team-secure-vault-core 86159f0382
[VAULT-20630] CI: Fix the CI workflow issue where we check out base ref instead of the ref that triggered the workflow run (#23453) (#23456)
Co-authored-by: Kuba Wieczorek <kuba.wieczorek@hashicorp.com>
2023-10-03 14:29:31 +01:00
hc-github-team-secure-vault-core 28f2585da3
backport of commit 0fa36a36ae1b4842d96623eef0d20af5dea557c0 (#23443)
Co-authored-by: Paul Banks <pbanks@hashicorp.com>
2023-10-02 09:49:05 -07:00
hc-github-team-secure-vault-core 15e85d26df
backport of commit 1b321e3e7ecf487741e722b1c9b224cbe1f3146e (#23413)
Co-authored-by: Ryan Cragun <me@ryan.ec>
2023-09-28 23:33:24 +00:00
hc-github-team-secure-vault-core b9e0d4666e
backport of commit 807bacbc9c0d499de206cfc1f901cea464d94195 (#23410)
Co-authored-by: Ryan Cragun <me@ryan.ec>
2023-09-28 22:51:49 +00:00
hc-github-team-secure-vault-core dd47cfdf2f
backport of commit 305d6d9b675339c300d5ce1ae697a71a8e17d92c (#23404)
Co-authored-by: Hamid Ghaf <83242695+hghaf099@users.noreply.github.com>
2023-09-28 15:14:53 -07:00
hc-github-team-secure-vault-core 611860780e
backport of commit a6ee197a73798ed3d578cab03512b774b5088f0b (#23399)
Co-authored-by: Ben Ash <32777270+benashz@users.noreply.github.com>
2023-09-28 17:02:49 -04:00
hc-github-team-secure-vault-core b81816ce08
backport of commit 9ffea8aee557da186bfa142af6fb217c2b967699 (#23395)
Co-authored-by: Ben Ash <32777270+benashz@users.noreply.github.com>
2023-09-28 16:42:17 -04:00
hc-github-team-secure-vault-core f761e5c1ee
backport of commit a3936f14679e34b5b84e88e94cc301704cf1df10 (#23372)
Co-authored-by: Marc Boudreau <marc.boudreau@hashicorp.com>
2023-09-28 13:16:28 -07:00
hc-github-team-secure-vault-core dcb99aea75
backport of commit 25bebfa91c4797d5a958c8d7f4c5330c9c845b0b (#23385)
Co-authored-by: Peter Wilson <peter.wilson@hashicorp.com>
2023-09-28 18:32:06 +00:00
hc-github-team-secure-vault-core 4ab34ef66e
Bump versions within transit managed key known issues (#23375) (#23377)
* Bump versions within transit managed key known issues

* Link in partials into 1.15.x upgrade release notes

Co-authored-by: Steven Clark <steven.clark@hashicorp.com>
2023-09-28 16:49:30 +00:00
hc-github-team-secure-vault-core fd05101133
backport of commit 460b5de47b2b75b9cbeab06933f15774b7819d50 (#23358)
Co-authored-by: Ryan Cragun <me@ryan.ec>
2023-09-27 23:42:57 +00:00
hc-github-team-secure-vault-core 302284aafa
backport of commit 5cdce48a6a8380c185cf962a8e0768be006230e2 (#23347)
Co-authored-by: Ryan Cragun <me@ryan.ec>
2023-09-27 17:07:51 -06:00
hc-github-team-secure-vault-core d2465da3fd
[VAULT-20073] Docs: update upgrade guide for 1.15 with information on Sentinel RGP group policy application (#23296) (#23350)
Co-authored-by: Kuba Wieczorek <kuba.wieczorek@hashicorp.com>
Co-authored-by: Peter Wilson <peter.wilson@hashicorp.com>
2023-09-27 21:06:07 +00:00
Sarah Chavis 486865f704
[DOCS] Fix restricted endpoint info (#23333) (#23344)
* Update restricted API list and alert tags
* add cli commands w/o public endpoints
2023-09-27 13:52:31 -07:00
hc-github-team-secure-vault-core 1a707dc75c
backport of commit 6685565b7ed184afd0627781b2cd86788620bdf8 (#23341)
Co-authored-by: Kuba Wieczorek <kuba.wieczorek@hashicorp.com>
2023-09-27 21:41:03 +01:00
hc-github-team-secure-vault-core d8d5e440fe
backport of commit 547bff752e056ff81d4359267e0f8afa4629f505 (#23321) 2023-09-27 16:03:53 -04:00
hc-github-team-secure-vault-core fb88d3e4ec
backport of commit 7725117846a47dbd4faeecefa03c181251cbb371 (#23326)
Co-authored-by: Ryan Cragun <me@ryan.ec>
2023-09-27 12:59:02 -06:00
hc-github-team-secure-vault-core 4ccb3281f0
backport of commit d7e4447ec054ad9b8ce2dbdad6111f1587b325f8 (#23318)
Co-authored-by: Steven Clark <steven.clark@hashicorp.com>
2023-09-27 10:31:57 -07:00
claire bontempo b7dca10a06
Fix typo OSCP -> OCSP (#22586) (#23316)
Co-authored-by: Thomas Schweizer-Bolzonello <thomas@schweizerbolzonello.net>
2023-09-27 17:15:53 +00:00
Ryan Cragun d2db7fbcdd
Backport [QT-602] Run proxy and agent test scenarios (#23176) into release/1.14.x (#23302)
* [QT-602] Run `proxy` and `agent` test scenarios (#23176)

Update our `proxy` and `agent` scenarios to support new variants and
perform baseline verification and their scenario specific verification.
We integrate these updated scenarios into the pipeline by adding them
to artifact samples.

We've also improved the reliability of the `autopilot` and `replication`
scenarios by refactoring our IP address gathering. Previously, we'd ask
vault for the primary IP address and use some Terraform logic to determine
followers. The leader IP address gathering script was also implicitly
responsible for ensuring that a found leader was within a given group of
hosts, and thus waiting for a given cluster to have a leader, and also for
doing some arithmetic and outputting `replication` specific output data.
We've broken these responsibilities into individual modules, improved their
error messages, and fixed various races and bugs, including:
* Fix a race between creating the file audit device and installing and starting
  vault in the `replication` scenario.
* Fix how we determine our leader and follower IP addresses. We now query
  vault instead of a prior implementation that inferred the followers and sometimes
  did not allow all nodes to be an expected leader.
* Fix a bug where we'd always always fail on the first wrong condition
  in the `vault_verify_performance_replication` module.

We also performed some maintenance tasks on Enos scenarios  byupdating our
references from `oss` to `ce` to handle the naming and license changes. We
also enabled `shellcheck` linting for enos module scripts.

* Rename `oss` to `ce` for license and naming changes.
* Convert template enos scripts to scripts that take environment
  variables.
* Add `shellcheck` linting for enos module scripts.
* Add additional `backend` and `seal` support to `proxy` and `agent`
  scenarios.
* Update scenarios to include all baseline verification.
* Add `proxy` and `agent` scenarios to artifact samples.
* Remove IP address verification from the `vault_get_cluster_ips`
  modules and implement a new `vault_wait_for_leader` module.
* Determine follower IP addresses by querying vault in the
  `vault_get_cluster_ips` module.
* Move replication specific behavior out of the `vault_get_cluster_ips`
  module and into it's own `replication_data` module.
* Extend initial version support for the `upgrade` and `autopilot`
  scenarios.

We also discovered an issue with undo_logs that has been described in
the VAULT-20259. As such, we've disabled the undo_logs check until
it has been fixed.

* actions: fix actionlint error and linting logic (#23305)

Signed-off-by: Ryan Cragun <me@ryan.ec>
2023-09-27 10:53:12 -06:00
hc-github-team-es-release-engineering be4f05ed25 Bumped product version to 1.14.5. 2023-09-26 18:09:22 -04:00
hc-github-team-secure-vault-core 6a15309a2e
Do not attempt to shutdown ACME thread on non-active nodes (#23293) (#23294)
Co-authored-by: Steven Clark <steven.clark@hashicorp.com>
2023-09-26 21:01:17 +00:00
hc-github-team-secure-vault-core c08d731634
backport of commit dbfaa6f81a156ec1dcb85d8d76941d4ac70c91fb (#23285)
Co-authored-by: Steven Clark <steven.clark@hashicorp.com>
2023-09-26 18:18:06 +00:00
claire bontempo ab1f3c8b83
cherry pick (#23264) 2023-09-22 21:29:05 +00:00
Chelsea Shaw 36452c0849
UI: add pagination to new PKI (#23193) (#23239)
* UI: add pagination to new PKI (#23193)

* fixes store type import

* fixes tests

---------

Co-authored-by: Jordan Reimer <zofskeez@gmail.com>
2023-09-22 10:47:55 -06:00
hc-github-team-secure-vault-core c29b24b07d
backport of commit 1d61aeb8aebc96eecbb6a35e10bd914b4d0f41f4 (#23250)
Co-authored-by: Sergey Kutovoy <kutovoy.s@gmail.com>
2023-09-22 09:06:23 -07:00
Sarah Chavis 86404bf211
[DOCS] Manual backport of Administrative namespace updates (#23208) (#23231)
* [DOCS] Administrative namespace updates (#23208)
2023-09-21 17:49:47 -04:00
hc-github-team-secure-vault-core b783dec8fd
backport of commit 8b126987807be3593f70ffd8b49b2d90406d7aea (#23235)
Co-authored-by: claire bontempo <68122737+hellobontempo@users.noreply.github.com>
2023-09-21 21:26:20 +00:00
hc-github-team-secure-vault-core 4bbc508695
backport of commit 758de878d61efbd53a7c4939981c1e061dc937a3 (#23221)
Co-authored-by: mickael-hc <86245626+mickael-hc@users.noreply.github.com>
2023-09-21 16:59:26 +00:00
Chelsea Shaw 0d6f76b98e
UI: Show unsupported screen if replication unsupported (#23178) (#23213) 2023-09-21 11:35:48 -05:00
hc-github-team-secure-vault-core 0596707993
backport of commit 55414e6a733bc7d746618ddd0723bac38b90cc7d (#23198)
Co-authored-by: Aram Mirzadeh <aram535@users.noreply.github.com>
2023-09-20 14:20:09 -07:00
Sarah Chavis 2110530c6e
Correct restricted endpoint tagging in current docs (#23201) 2023-09-20 13:28:40 -07:00
hc-github-team-secure-vault-core 3505868165
backport of UI: handle control group error on SSH (#23034)
Co-authored-by: Chelsea Shaw <82459713+hashishaw@users.noreply.github.com>
2023-09-20 16:18:57 +00:00
Kianna 3ba22f14e0
Backport 1.14.3: confirm delete modal for namespaces (#23109)
* Possible soln 1: add a class w/ min height instead of calculated height

* Remove confirm-height style

* Add changelog

* Fix changelog

* Possible soln 2: apply style using native js

* Remove copyright since 1.14 didnt have
2023-09-20 09:15:52 -06:00
hc-github-team-secure-vault-core 693ba0eddc
backport of commit c73eacbaf6ae6b5860e1ad9a3b6ce930c093a105 (#23174)
Co-authored-by: akshya96 <87045294+akshya96@users.noreply.github.com>
2023-09-19 19:54:42 +00:00
hc-github-team-secure-vault-core e5bee669e4
backport of commit d5f4243c9efe3970ccf0c6227c27bb2c03f02a31 (#23162)
Co-authored-by: Hamid Ghaf <83242695+hghaf099@users.noreply.github.com>
2023-09-19 16:03:52 +00:00
Ryan Cragun 9da2fc4b8b
test: wait for nc to be listening before enabling auditor (#23142) (#23150)
Rather than assuming a short sleep will work, we instead wait until netcat is listening of the socket. We've also configured the netcat listener to persist after the first connection, which allows Vault and us to check the connection without the process closing.

As we implemented this we also ran into AWS issues in us-east-1 and us-west-2, so we've changed our deploy regions until those issues are resolved.

Signed-off-by: Ryan Cragun <me@ryan.ec>
2023-09-18 15:10:37 -06:00
hc-github-team-secure-vault-core 7cf02909cc
backport of commit 2a46d492a3d15cfea8a492e29051a2451d47cdf5 (#23147)
Co-authored-by: Nicola Kabar <nicolaka@gmail.com>
2023-09-18 12:44:48 -07:00
hc-github-team-secure-vault-core bf9114d772
Backport of UI: [VAULT-18178] Fix filter/search bug in search secrets engines into release/1.14.x (#23130)
Co-authored-by: Kianna <30884335+kiannaquach@users.noreply.github.com>
2023-09-18 17:59:01 +00:00
Hamid Ghaf 34b2650ad7
update version to 1.14.4 (#23085)
Co-authored-by: Sarah Thompson <sthompson@hashicorp.com>
2023-09-18 07:07:16 -07:00
hc-github-team-secure-vault-core 0a443e1d34
backport of commit 3f9b6075aaa1ca3e4c4065b0a460c3bd80b1afd9 (#23127)
Backport of UI: add SSH role attribute allowed_domains_template
Co-authored-by: Chelsea Shaw <82459713+hashishaw@users.noreply.github.com>
2023-09-15 21:56:40 +00:00
hc-github-team-secure-vault-core dfc1385992
Backport of UI: Handle error from ResponseWithStatusCode (#23116)
Co-authored-by: Chelsea Shaw <82459713+hashishaw@users.noreply.github.com>
2023-09-15 15:38:22 -05:00
hc-github-team-secure-vault-core b83be1c01b
backport of commit 4b9b5d60e6401bb2338f88340befc7d8802c63c8 (#23110)
Co-authored-by: soly-hashicorp <106975916+soly-hashicorp@users.noreply.github.com>
2023-09-15 10:03:51 -07:00
hc-github-team-es-release-engineering 98d045548b Bumped product version to 1.14.5. 2023-09-15 09:45:47 -04:00
hc-github-team-es-release-engineering 5441926578 Bumped product version to 1.14.4. 2023-09-15 09:44:14 -04:00