Commit graph

14301 commits

Author SHA1 Message Date
Jordan Reimer 516f18f736
KV automatic delete state issue in UI (#13166)
* converts secret-v2-version model to native class -- fixes issues with cached values for deleted prop

* adds changelog entry

* adds disabled state to ToolbarLink component and disables create new version action when users cannot read metadata

* updates secret-edit acceptance test
2021-11-23 14:17:37 -07:00
Navaneeth Rameshan 201526e983
skip hash bits verification for ed25519 (#13254)
* skip hash bits verification for ed25519 #13253

The default value or *hashBits is 0 and will fail
at ValidateSignatureLength for ed25519. ed25519
specifies its own hash, so avoid hashBits validation for
ed25519 curve.
2021-11-23 15:28:18 -05:00
hghaf099 9640d35136
Unify HTTPResponseWriter and StatusHeaderResponseWriter (#13200)
* Unify NewHTTPResponseWriter ant NewStatusHeaderResponseWriter to fix ResponseWriter issues

* adding changelog

* removing unnecessary function from the WrappingResponseWriter interface

* changing logical requests responseWriter type

* reverting change to HTTPResponseWriter
2021-11-23 14:30:25 -05:00
Chris Capurso 15b06780ab
remove nil response to 404 translation for PatchOperation (#13167)
* remove nil response to 404 translation for PatchOperation

* go get vault-plugin-secrets-kv@master
2021-11-23 13:57:22 -05:00
claire bontempo e8c9affee1
UI/Fix node-forge EC error (#13238)
* add catch for node-forge error handling

* update comment

* adds changelog

* alphabetize attrs and add canParse attr

* show alert banner if unable to parse metadata

* add test to check info banner renders
2021-11-23 13:51:02 -05:00
Josh Black d7c54b50e7
fix bolt 32 bit test (#13249) 2021-11-23 10:50:15 -08:00
akshya96 3c6f68f9c4
Docs/custom metadata updates (#13244)
* adding custom_metadata read and update changes

* adding custom metadata changes
2021-11-23 09:40:44 -08:00
Nick Cabatoff 0082cc4a5b
Correct flag name: -dev-kv-v1, not dev-kv-1. (#13250) 2021-11-23 12:17:51 -05:00
Nick Cabatoff c01b993bd3
Fix regression in returning empty value for approle cidrlist. (#13235) 2021-11-23 12:13:47 -05:00
Josh Black fe0dd6f867
Add InitialMmapSize to bolt options (#13178) 2021-11-22 20:16:57 -08:00
akshya96 f77223bfe5
Authenticate to "login" endpoint for non-existent mount path bug (#13162)
* changing response from missing client token to permission denied

* removing todo comment

* fix tests

* adding changelog

* fixing changelog
2021-11-22 17:06:59 -08:00
Austin Gebauer d5f4fbecc1
identity/oidc: optional nonce parameter for authorize request (#13231) 2021-11-22 09:42:22 -08:00
Alexander Scheel 3bad83f76f
Prevent CWE-190/AllocationSizeOverflow in KDF (#13237)
In the Counter-mode KBKDF implementation, due to the nature of the PRF
(being implemented as a function rather than a hash.Hash instance), we
need to allocate a buffer capable of storing the entire input to the
PRF. This consists of the user-supplied context with 8 additional bytes
(4 before and 4 after) of encoded integers.

If the user supplies a maximally-sized context, the internally allocated
buffer's size computation will overflow, resulting in a runtime panic.
Guard against this condition.

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2021-11-22 12:25:50 -05:00
divyapola5 5236fe93aa
Add a new parameter "allowed_managed_keys" to mount config (#13202)
* Add a new parameter "allowed_managed_keys" to mount config

* Adjust formatting in mount.go

* Add changelog entry
2021-11-21 19:08:38 -06:00
aphorise 19fe708fc6
README.md of website/ with WARNING on rebuilding (#13027)
* README.md of website/ with WARNING on rebuilding

* Update README.md
2021-11-19 13:15:37 -08:00
Jim Kalafut 3818adf3f8
Fix missing changelog (#13230) 2021-11-19 12:59:00 -08:00
Loann Le 10d146125a
Updates to 1.9 documentation (#13228)
* incorporated feedback

* fixed link

* fixed link again

* found another error
2021-11-19 12:46:47 -08:00
Gary Frederick 980cc8f182
auth/kubernetes: add changelog for issuer deprecation (#13221)
* add kubenetes issuer config deprecation

* changelog++

* add Vault specific PR in deprecation section

* ordering
2021-11-19 09:50:31 -08:00
Theron Voran 79ec6b7f3d
docs: updated for vault-k8s 0.14.1 vault-helm 0.18.0 (#13199)
* version bumps

* updated chart options
2021-11-18 18:08:35 -08:00
Gary Frederick 9622e36b82
Docs deprecate token issuer validation (#13019)
* change default vaule for disable_iss_validation to be true

* mark as deprecated | remove issuer from sample

* deprecation section

* additional informaiton about when fields will be removed

* additional deprecation note under csi provider

* punctuation

* make the deprecation note more noticable

* missing issuer sentence | remove whitespace

* Update website/content/docs/platform/k8s/csi/index.mdx

Co-authored-by: Ben Ash <32777270+benashz@users.noreply.github.com>

* cleanup

* additional deprecation comments

* fix discovery link

* highlight

* no need to configure the issuer

Co-authored-by: Ben Ash <32777270+benashz@users.noreply.github.com>
2021-11-18 15:16:54 -08:00
John-Michael Faircloth 73d3204b8f
OIDC: add note on PKCE support for code flow (#13206)
* OIDC: add note on PKCE support for code flow

* add changelog

* remove changelong
2021-11-18 13:46:34 -06:00
Loann Le 4127092fdd
fixed errors in file (#13205) 2021-11-18 10:50:26 -08:00
jweissig d563882933
docs: move deprecation notices down the navbar (#13201)
Moved from one of the first items in the navbar down to one of the last. They are not high priority information and should be grouped with upgrade and release notes.
2021-11-18 10:26:30 -08:00
claire bontempo ba5ad97e78
UI/Make revocation time and credential dates human-readable (#13196)
* adds date time helper to generated creds

* makes revocation time human-readable
2021-11-18 10:14:48 -08:00
Amy Lam e43f2bb80c
Add sb extract to enable Storybook composition (#12808)
* Add sb extract to enable Storybook composition

Ref: hashicorp/cloud-ui#1457 and https://github.com/hashicorp/design-system-website/blob/main/taskbox/.storybook/main.js

* Add metadata to enable SB extract

* Change dir location

* Change location of stories

* Move cp stories.json to build:storybook step
2021-11-18 09:19:46 -06:00
Martin Hristov c933664eeb
docs: fixing the injector.webhookAnnotations annotation (#13181) 2021-11-17 18:19:33 -08:00
Loann Le 42abf7ed2e
Updated Vault 1.9 documentation (#13194)
* post 1-9 doc changes

* fixed endpoint sample

* Update website/content/docs/release-notes/1.9.0.mdx

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>
2021-11-17 14:23:48 -08:00
VAL f6d8904540
Use new auth modules + Login method in Go client docs (#13189) 2021-11-17 11:52:38 -08:00
Meggie 176fae22cc
changelog++ 2021-11-17 14:05:11 -05:00
Meggie 5af1db7992
Removing draft note (#13187) 2021-11-17 13:22:55 -05:00
Meggie d9e3dde39a
Prep work for docs cutover (#13186)
* Some prep work for docs cutover

* Rerun Vercel
2021-11-17 13:09:18 -05:00
Jordan Reimer f7a7b4a32b
Raft Snapshot Restore Bug (#13107)
* fixes issue restoring raft snapshot

* adds changelog entry
2021-11-17 10:30:59 -07:00
Jordan Reimer d9d9a7353e
Form field component ttl picker not initially enabling (#13177)
* fixes issue with ttl picker not initially enabling in form field component

* adds changelog entry

* updates test

* updates initial ttl toggle state for default 0s value
2021-11-17 10:21:17 -07:00
Joseph Crosland dd11865597
Return a UserError if aead.Open() fails to align with documentation (#10914)
Return a UserError is aead.Open() fails and assume by that stage there is a problem with the user input for said decryption
2021-11-17 11:40:43 -05:00
Austin Gebauer a01e1a4101
docs/identity: fix template parameter for groups (#13176) 2021-11-17 08:25:37 -08:00
swayne275 3458c22df0
Vault-2257: don't log token error on DR Secondary (#13137)
* don't log token error on DR Secondary

* stop gauge collector expiration errors on dr secondary

* don't check dr secondary for token create

* see if CI hits panic

* Revert "don't check dr secondary for token create"

This reverts commit c036a1a544d3a20d29d046f1ee239ab1563ce4d9.

* don't check dr secondary for token create

* Revert "see if CI hits panic"

This reverts commit 1e15aa535cac6e4d1684aaf47c8746c094068eb8.

* remove condition on log
2021-11-17 09:21:54 -07:00
Tom Proctor 46adcccfea
Website docs for Vault EKM provider for MS SQL (#13175) 2021-11-17 13:46:07 +00:00
claire bontempo c8bfbbdf7e
UI/Update blueprints to glimmer components (#13149)
* updates generator to glimmer

* adds changelog

* accounts for addon vs reg components

* moves imports to the top of components
2021-11-16 13:14:16 -08:00
Nick Cabatoff eda9607c8a
Revert more downgrades from #12975. (#13168) 2021-11-16 15:07:03 -05:00
Nick Cabatoff 1ec904976a
Note that versionTimestamps are only loaded on the active node. 2021-11-16 15:05:59 -05:00
Nick Cabatoff c2d9215d1d
Fix startup failures when aliases from a pre-1.9 vault version exist (#13169)
* Add AllowMissing to local_bucket_key schema, preventing startup failures in post-unseal when aliases from an older version exist.
2021-11-16 14:56:34 -05:00
Nick Cabatoff 9e27ccbae1
Fix 1.9 regression with raft and stored time values (#13165) 2021-11-16 14:43:00 -05:00
Austin Gebauer b73815f966
identity/oidc: Adds section to 1.9 upgrade guide for ACL policy requirements (#13154) 2021-11-16 11:27:31 -08:00
Austin Gebauer d75db00dcb
Adds documentation for GCP Cloud KMS support in key management secrets engine (#13153) 2021-11-16 11:27:08 -08:00
Chelsea Shaw c105c58bce
Hide verify-connection attribute on connection config show page (#13152)
* Hide verify-connection attribute on connection config show page

* Add changelog
2021-11-16 12:56:42 -06:00
Yoko Hyakuna 5864e0a523
Remove old guides folder and its contents (#13156)
* Remove old guides folder and its contents

* Remove the guide-nav file

* Remove the guides page
2021-11-16 08:15:42 -08:00
Loann Le 764c10ded7
[Doc Assembly Branch] Vault 1.9 release (#12944)
* new document for feature deprecation notice

* fixed errors

* Update website/content/docs/feature-deprecation-notice.mdx

Co-authored-by: Meggie <meggie@hashicorp.com>

* Update website/content/docs/feature-deprecation-notice.mdx

Co-authored-by: Meggie <meggie@hashicorp.com>

* Update website/content/docs/feature-deprecation-notice.mdx

Co-authored-by: Rosemary Wang <915624+joatmon08@users.noreply.github.com>

* Update website/content/docs/feature-deprecation-notice.mdx

Co-authored-by: Rosemary Wang <915624+joatmon08@users.noreply.github.com>

* Update feature-deprecation-notice.mdx

* added new faq page

* added content for faq

* updated faq page based on aarti's feedback

* added client count faq

* fixed a broken link

* added links

* fixed spacing issue

* added new release notes page

* edited the client count faq

* edited the feature deprecation faq

* edited the featue deprecation notice and plans

* edited the release notes

* added new oidc provider doc

* Update website/content/docs/concepts/oidc-provider.mdx

Co-authored-by: John-Michael Faircloth <fairclothjm@users.noreply.github.com>

* Update website/content/docs/concepts/oidc-provider.mdx

Co-authored-by: John-Michael Faircloth <fairclothjm@users.noreply.github.com>

* Update website/content/docs/concepts/oidc-provider.mdx

Co-authored-by: John-Michael Faircloth <fairclothjm@users.noreply.github.com>

* Update website/content/docs/concepts/oidc-provider.mdx

Co-authored-by: John-Michael Faircloth <fairclothjm@users.noreply.github.com>

* Update website/content/docs/concepts/oidc-provider.mdx

Co-authored-by: John-Michael Faircloth <fairclothjm@users.noreply.github.com>

* Update website/content/docs/concepts/oidc-provider.mdx

Co-authored-by: John-Michael Faircloth <fairclothjm@users.noreply.github.com>

* Update website/content/docs/concepts/oidc-provider.mdx

Co-authored-by: John-Michael Faircloth <fairclothjm@users.noreply.github.com>

* Update website/content/docs/concepts/oidc-provider.mdx

Co-authored-by: John-Michael Faircloth <fairclothjm@users.noreply.github.com>

* Update website/content/docs/concepts/oidc-provider.mdx

Co-authored-by: John-Michael Faircloth <fairclothjm@users.noreply.github.com>

* incorporated feedback

* Update website/content/docs/concepts/oidc-provider.mdx

Co-authored-by: John-Michael Faircloth <fairclothjm@users.noreply.github.com>

* Update website/content/docs/concepts/oidc-provider.mdx

Co-authored-by: John-Michael Faircloth <fairclothjm@users.noreply.github.com>

* Update website/content/docs/concepts/oidc-provider.mdx

Co-authored-by: John-Michael Faircloth <fairclothjm@users.noreply.github.com>

* Update website/content/docs/concepts/oidc-provider.mdx

Co-authored-by: John-Michael Faircloth <fairclothjm@users.noreply.github.com>

* changed mnt_acc to mount_accessor

* rewritting content

* added doc link

* fixed link error

* fixed spacing error

* incorporate additional feedback

* more feedback

* incorporated more feedback

* fixed headings

* fixed a heading

* incorproate changes

* incorporate feedback

* modified RN based on feedback

* Update website/content/docs/concepts/oidc-provider.mdx

Co-authored-by: Austin Gebauer <34121980+austingebauer@users.noreply.github.com>

* updated final release notes

* updated image

* fixed link

* added a new hyperlink to the etcd document

* add and modify notes; update scope template

* break identity docs into separate pages

* fix nav for identity token

* fix nav links; add links on overview

* use real example IDs

* fix typos

* incorporated additional feedback

Co-authored-by: Meggie <meggie@hashicorp.com>
Co-authored-by: Rosemary Wang <915624+joatmon08@users.noreply.github.com>
Co-authored-by: John-Michael Faircloth <fairclothjm@users.noreply.github.com>
Co-authored-by: Austin Gebauer <34121980+austingebauer@users.noreply.github.com>
Co-authored-by: JM Faircloth <jmfaircloth@hashicorp.com>
2021-11-15 18:02:36 -08:00
Matt Schultz 0abd248c9f
Return non-retryable errors on transit encrypt and decrypt failures (#13111)
* Return HTTP 400s on transit decrypt requests where decryption fails. (#10842)

* Don't abort transit batch encryption when a single batch item fails.

* Add unit tests for updated transit batch decryption behavior.

* Add changelog entry for transit encrypt/decrypt batch abort fix.

* Simplify transit batch error message generation when ciphertext is empty.

* Return error HTTP status codes in transit on partial batch decrypt failure.

* Return error HTTP status codes in transit on partial batch encrypt failure.

* Properly account for non-batch transit decryption failure return. Simplify transit batch decryption test data. Ensure HTTP status codes are expected values on batch transit batch decryption partial failure.

* Properly account for non-batch transit encryption failure return. Actually return error HTTP status code on transit batch encryption failure (partial or full).
2021-11-15 15:53:22 -06:00
Chelsea Shaw 3d46021d4e
Prevent constant-refresh UI bug (#12896) 2021-11-15 15:45:55 -06:00
Rémi Lapeyre 677e2a1ca5
Fix some typos (#12289) 2021-11-15 14:52:04 -05:00