mcollao-hc
0de8ac58c2
update changelog for HCSEC-2022-15
2022-07-29 15:19:06 -05:00
Steven Clark
639fa64ce5
secret/ssh: Return errors for bad templates in roles as we did previously ( #16505 )
2022-07-29 15:18:22 +01:00
Chris Capurso
36e20779bc
VAULT-7256 - Add CustomMetadata to Namespace type ( #16491 )
...
* remove CustomMetadata type
* add custom metadata to namespace struct
2022-07-29 10:04:57 -04:00
Ian Ferguson
dc603b4f7f
Allow identity templates in ssh backend default_user
field ( #16351 )
...
* Allow identity templates in ssh backend `default_user` field
* use correct test expected value
* include api docs for `default_user_template` field
2022-07-29 09:45:52 -04:00
Theron Voran
4dc7b71a28
docs/vault-k8s: updated for v0.17.0 release ( #16492 )
2022-07-28 14:23:47 -07:00
Jason O'Donnell
e3f942f51c
agent: add disable_keep_alives configurable ( #16479 )
...
agent: add disable_keep_alives config
Co-authored-by: Christopher Swenson <christopher.swenson@hashicorp.com>
2022-07-28 12:59:49 -07:00
linda9379
6be7c6610e
Lookup, wrap, rewrap and unwrap token rename with description ( #16489 )
...
* Changed wrapping token to wrapped token
* Added descriptions and changed rewrap and unwrap labels
* Added changelog
* Fixed changelog
2022-07-28 14:33:47 -04:00
Chris Capurso
d814ab3825
ignore leading slash in kv get command ( #16443 )
...
* ignore leading slash in kv get command
* add changelog entry
2022-07-28 14:11:58 -04:00
Austin Gebauer
b3f138679c
identity/oidc: allow filtering the list providers response by an allowed_client_id ( #16181 )
...
* identity/oidc: allow filtering the list providers response by an allowed_client_id
* adds changelog
* adds api documentation
* use identity store view in list provider test
2022-07-28 09:47:53 -07:00
Christopher Swenson
b04d6e6720
Remove SHA1 for certs in prep for Go 1.18 ( #16455 )
...
Remove SHA1 for certs in prep for Go 1.18
* Remove certs with SHA1 from tests
* Use default SHA-256 with PKCS7 in AWS
* Update SHA1 deprecation note
Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>
2022-07-28 09:14:33 -07:00
Chris Capurso
013e1d12b1
move custom metadata validation logic to its own package ( #16464 )
...
* move custom metadata validation logic to its own package
* add comments
* add custom metadata Validate unit tests
2022-07-28 10:40:38 -04:00
Nick Cabatoff
488858e919
Clone created entities that were inserted into memdb... ( #16487 )
...
* Clone created entities that were inserted into memdb to prevent possibility of data race.
2022-07-28 09:43:24 -04:00
Nick Cabatoff
b9181077fd
Fix a panic at cleanup time in an expiration restore lease benchmark. ( #16485 )
2022-07-28 05:54:03 -07:00
Calvin Leung Huang
6c87ff92b4
changelog: Add entry for AD secrets engine bug fix ( #16480 )
2022-07-27 15:51:53 -07:00
claire bontempo
9ea4c8b037
UI/vault 7196/search select with modal ( #16456 )
...
* add validator
* generate search select with modal component
* finish tests
* remove store from test
* address comments, add tests
2022-07-27 14:18:22 -07:00
Chelsea Shaw
e0961cd2c4
UI: fix jwt auth failure ( #16466 )
...
* only OIDC type gets token
* Add acceptance test for JWT login flow
* Add acceptance test for JWT login flow
* Add changelog
* maybe fix pki tests
2022-07-27 15:22:38 -05:00
Max Coulombe
aa3e1c8a2f
Added a small utility method to display warnings when parsing command arguments. ( #16441 )
...
* Added a small utility method to display warnings when parsing command arguments
Will print warning if flag is passed after arguments e.g.
vault <command> -a b -c
In this example -c will be interpreted as an argument which may be misleading
2022-07-27 14:00:03 -04:00
Scott Miller
1b1c6fe168
Correct the Transit HMAC key source in docs ( #16463 )
...
* Correct the Transit HMAC key source in docs
* Update website/content/api-docs/secret/transit.mdx
Co-authored-by: Alexander Scheel <alex.scheel@hashicorp.com>
Co-authored-by: Alexander Scheel <alex.scheel@hashicorp.com>
2022-07-27 11:48:41 -05:00
Kaevon
8c3acac173
Fixed grammar errors ( #16459 )
2022-07-27 07:30:55 -04:00
Theron Voran
66ef22b735
docs/k8s: adding terraform config examples ( #16121 )
...
Adding a terraform examples page for configuring vault-helm.
Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com>
2022-07-26 20:43:26 -04:00
Hridoy Roy
3429d7dfc5
Current Month Activity Estimate, Probabilistic Tests, And Bugfixes ( #16447 )
...
* bugfixes and probabilistic hll tests
* changelog
* changelog fix
* remove activity log test and keep in ent
* update cl
2022-07-26 13:00:27 -07:00
Tom Proctor
bd0461619c
Docs: Add list of supported k8s versions for agent injector ( #16433 )
2022-07-26 15:59:27 +01:00
akshya96
6e0c04d602
vault-951Documentation ( #16434 )
2022-07-25 16:53:03 -07:00
Yoko Hyakuna
7b43bf4c68
Add a note referring to automated upgrade ( #16444 )
...
* Add a note referring to automated upgrade
* Update website/content/docs/upgrading/upgrade-to-1.11.x.mdx
Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>
* Update website/content/docs/upgrading/upgrade-to-1.11.x.mdx
Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>
* Update website/content/docs/upgrading/upgrade-to-1.11.x.mdx
Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>
Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>
2022-07-25 15:03:55 -07:00
akshya96
6e5b4ec8c9
Validate parameters for vault operator init ( #16379 )
...
* adding code changes to check parameters for vault operator init
* fixing defaults in cli
* fixing comments
* remove unused consts
* adding validate parameters test
* add changelog
* adding changes to validation
* adding fmt changes
* fixing test
* add test for auto unseal
2022-07-25 12:45:04 -07:00
Steven Clark
96a355c53d
Leverage upstream docker image returntocorp/semgrep in CircleCI ( #16440 )
...
- Instead of installing semgrep through PyPI on every run, leverage
the upstream docker image.
- This should isolate us from dependency updates required to run newer
versions of semgrep
2022-07-25 14:04:12 -04:00
tdsacilowski
887e77c2ae
Agent JWT auto auth remove_jwt_after_reading
config option ( #11969 )
...
Add a new config option for Vault Agent's JWT auto auth
`remove_jwt_after_reading`, which defaults to true. Can stop
Agent from attempting to delete the file, which is useful in k8s
where the service account JWT is mounted as a read-only file
and so any attempt to delete it generates spammy error logs.
When leaving the JWT file in place, the read period for new
tokens is 1 minute instead of 500ms to reflect the assumption
that there will always be a file there, so finding a file does not
provide any signal that it needs to be re-read. Kubernetes
has a minimum TTL of 10 minutes for tokens, so a period of
1 minute gives Agent plenty of time to detect new tokens,
without leaving it too unresponsive. We may want to add a
config option to override these default periods in the future.
Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com>
2022-07-25 07:42:09 -06:00
Meggie
16c0e4cbd2
changelog++
2022-07-25 08:34:04 -04:00
Robert
36c2c11023
auth/gcp: add support for GCE regional instance groups ( #16435 )
...
* Update GCP auth to add support for regional instance groups
* Add changelog file
2022-07-22 17:31:25 -05:00
Anton Averchenkov
166c618589
Fix linter issues in policy.go & acl.go ( #16366 )
2022-07-22 14:13:14 -04:00
Jason O'Donnell
140406143e
command/server: add dev-tls flag ( #16421 )
...
* command/server: add dev-tls flag
* Add website documentation
* changelog
* Lower file permissions
* Update cert gen per review
* Add dev-tls-cert-dir flag and cert clean up
* fmt
* Update cert generation per review
* Remove unused function
* Add better error messages
* Log errors in cleanup, fix directory not existing bug
* Remove hidden flag from -dev-tls-cert-dir
* Add usage
* Update 16421.txt
* Update variable names for files
* Remove directory on cleanup
2022-07-22 14:04:03 -04:00
Christopher Swenson
45be51df49
Add changelog for #15933 ( #16425 )
2022-07-22 09:50:28 -07:00
Steven Clark
7634f5a9a1
update semgrep to 0.106.0 ( #16420 )
...
* Update semgrep to 0.106.0
* Add required deps to build new semgrep dependency ujson
- New Python dependency ujson for semgrep requires gcc, g++ and python3-dev.
- python3-dev to pull in Python.h
2022-07-22 09:58:11 -04:00
Matt Schultz
31151671ab
Transform tokenization key auto-rotate docs ( #16410 )
...
* Document auto rotate fields for transform tokenization endpoints.
* Update Transform tokenization docs to mention key auto-rotation.
2022-07-21 15:48:58 -05:00
Jason O'Donnell
d25a3526af
command/audit: improve audit enable type missing error message ( #16409 )
...
* command/audit: improve audit enable type missing error message
* changelog
2022-07-21 16:43:50 -04:00
Steven Zamborsky
c0b0c4fde7
Add an "Important Note" regarding EKS CSR approval. ( #16406 )
2022-07-21 13:34:03 -07:00
Austin Gebauer
5fd479a55a
deps: updates google.golang.org/api via plugins ( #16405 )
2022-07-21 13:07:57 -07:00
Violet Hynes
8163271ee2
VAULT-7046 Allow trailing globbing at the end of a path suffix quota ( #16386 )
...
* VAULT-7046 OSS changes for trailing glob quotas
* VAULT-7046 allow glob of 'a*' to match 'a'
* VAULT-7046 Add changelog
* VAULT-7046 fix minor typo
2022-07-21 15:31:23 -04:00
Pratyoy Mukhopadhyay
77ca499c6e
oss changes ( #16407 )
2022-07-21 10:53:42 -07:00
Austin Gebauer
5062502756
auth/oidc: documents the client_nonce parameter ( #16403 )
2022-07-21 09:34:46 -07:00
Rachel Culpepper
133535fabe
add paths for import endpoints ( #16401 )
2022-07-21 11:19:13 -05:00
Austin Gebauer
bafc630b12
auth/oidc: fix changelog entry for SecureAuth groups parsing ( #16388 )
2022-07-21 08:24:11 -07:00
Alexander Scheel
aba72d7f7a
Add next-step warning on import without AIA URLs ( #16392 )
...
This tells the user that the next step should be to configure AIA URLs
on this newly imported issuer/mount point. Ideally this should occur
before any leaves are issued such that they have the correct
information.
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2022-07-21 11:05:19 -04:00
Wojtek Czekalski
d05e8d1222
Fix typo in the docs ( #16323 )
...
It's very confusing, `Volumes` are very similar to `volumes` and can cause confusion 😄
2022-07-21 10:42:46 -04:00
Francois BAYART
24b9fa39bc
Update s3.mdx ( #13630 )
...
fix IAM requirements to use KMS key
2022-07-21 10:41:33 -04:00
Jason Peng
08b0cf40d5
Update reload.mdx ( #14207 )
...
To match with the API version of docs- https://www.vaultproject.io/api-docs/system/plugins-reload-backend#sys-plugins-reload-backend .
2022-07-21 10:39:25 -04:00
Barak BD
164d37b11a
Add section for Engine V2 requests ( #14381 )
...
This may be a related issue: https://github.com/hashicorp/vault/issues/7161
2022-07-21 10:38:57 -04:00
Pratik Khasnabis
3e4f4fdd55
Change AWS to Azure in Tutorial section ( #15206 )
...
* Change AWS to Azure in Tutorial section
* trigger ci
Co-authored-by: taoism4504 <loann@hashicorp.com>
2022-07-21 10:36:27 -04:00
Austin Gebauer
7df39640e0
Update gopsutil to v3 to fix MacOS deprecation warnings ( #16321 )
...
* Update gopsutil to v3
* Adds v2 field names in host-info response to allow eventual deprecation in favor of v3 field names
* Map v3 to v2 field names to keep host-info api compat
* copy gopsutil license into source
2022-07-20 16:37:10 -07:00
Brian Kassouf
d6bb62a0ab
Increase the allowed concurrent gRPC streams ( #16327 )
...
* Increase the allowed concurrent gRPC streams
* Add a env override for the max streams setting
* Add changelog
* go fmt
* fix builds on 32bit systems
2022-07-20 15:26:52 -04:00