Commit graph

17856 commits

Author SHA1 Message Date
hc-github-team-secure-vault-core dcb99aea75
backport of commit 25bebfa91c4797d5a958c8d7f4c5330c9c845b0b (#23385)
Co-authored-by: Peter Wilson <peter.wilson@hashicorp.com>
2023-09-28 18:32:06 +00:00
hc-github-team-secure-vault-core 4ab34ef66e
Bump versions within transit managed key known issues (#23375) (#23377)
* Bump versions within transit managed key known issues

* Link in partials into 1.15.x upgrade release notes

Co-authored-by: Steven Clark <steven.clark@hashicorp.com>
2023-09-28 16:49:30 +00:00
hc-github-team-secure-vault-core fd05101133
backport of commit 460b5de47b2b75b9cbeab06933f15774b7819d50 (#23358)
Co-authored-by: Ryan Cragun <me@ryan.ec>
2023-09-27 23:42:57 +00:00
hc-github-team-secure-vault-core 302284aafa
backport of commit 5cdce48a6a8380c185cf962a8e0768be006230e2 (#23347)
Co-authored-by: Ryan Cragun <me@ryan.ec>
2023-09-27 17:07:51 -06:00
hc-github-team-secure-vault-core d2465da3fd
[VAULT-20073] Docs: update upgrade guide for 1.15 with information on Sentinel RGP group policy application (#23296) (#23350)
Co-authored-by: Kuba Wieczorek <kuba.wieczorek@hashicorp.com>
Co-authored-by: Peter Wilson <peter.wilson@hashicorp.com>
2023-09-27 21:06:07 +00:00
Sarah Chavis 486865f704
[DOCS] Fix restricted endpoint info (#23333) (#23344)
* Update restricted API list and alert tags
* add cli commands w/o public endpoints
2023-09-27 13:52:31 -07:00
hc-github-team-secure-vault-core 1a707dc75c
backport of commit 6685565b7ed184afd0627781b2cd86788620bdf8 (#23341)
Co-authored-by: Kuba Wieczorek <kuba.wieczorek@hashicorp.com>
2023-09-27 21:41:03 +01:00
hc-github-team-secure-vault-core d8d5e440fe
backport of commit 547bff752e056ff81d4359267e0f8afa4629f505 (#23321) 2023-09-27 16:03:53 -04:00
hc-github-team-secure-vault-core fb88d3e4ec
backport of commit 7725117846a47dbd4faeecefa03c181251cbb371 (#23326)
Co-authored-by: Ryan Cragun <me@ryan.ec>
2023-09-27 12:59:02 -06:00
hc-github-team-secure-vault-core 4ccb3281f0
backport of commit d7e4447ec054ad9b8ce2dbdad6111f1587b325f8 (#23318)
Co-authored-by: Steven Clark <steven.clark@hashicorp.com>
2023-09-27 10:31:57 -07:00
claire bontempo b7dca10a06
Fix typo OSCP -> OCSP (#22586) (#23316)
Co-authored-by: Thomas Schweizer-Bolzonello <thomas@schweizerbolzonello.net>
2023-09-27 17:15:53 +00:00
Ryan Cragun d2db7fbcdd
Backport [QT-602] Run proxy and agent test scenarios (#23176) into release/1.14.x (#23302)
* [QT-602] Run `proxy` and `agent` test scenarios (#23176)

Update our `proxy` and `agent` scenarios to support new variants and
perform baseline verification and their scenario specific verification.
We integrate these updated scenarios into the pipeline by adding them
to artifact samples.

We've also improved the reliability of the `autopilot` and `replication`
scenarios by refactoring our IP address gathering. Previously, we'd ask
vault for the primary IP address and use some Terraform logic to determine
followers. The leader IP address gathering script was also implicitly
responsible for ensuring that a found leader was within a given group of
hosts, and thus waiting for a given cluster to have a leader, and also for
doing some arithmetic and outputting `replication` specific output data.
We've broken these responsibilities into individual modules, improved their
error messages, and fixed various races and bugs, including:
* Fix a race between creating the file audit device and installing and starting
  vault in the `replication` scenario.
* Fix how we determine our leader and follower IP addresses. We now query
  vault instead of a prior implementation that inferred the followers and sometimes
  did not allow all nodes to be an expected leader.
* Fix a bug where we'd always always fail on the first wrong condition
  in the `vault_verify_performance_replication` module.

We also performed some maintenance tasks on Enos scenarios  byupdating our
references from `oss` to `ce` to handle the naming and license changes. We
also enabled `shellcheck` linting for enos module scripts.

* Rename `oss` to `ce` for license and naming changes.
* Convert template enos scripts to scripts that take environment
  variables.
* Add `shellcheck` linting for enos module scripts.
* Add additional `backend` and `seal` support to `proxy` and `agent`
  scenarios.
* Update scenarios to include all baseline verification.
* Add `proxy` and `agent` scenarios to artifact samples.
* Remove IP address verification from the `vault_get_cluster_ips`
  modules and implement a new `vault_wait_for_leader` module.
* Determine follower IP addresses by querying vault in the
  `vault_get_cluster_ips` module.
* Move replication specific behavior out of the `vault_get_cluster_ips`
  module and into it's own `replication_data` module.
* Extend initial version support for the `upgrade` and `autopilot`
  scenarios.

We also discovered an issue with undo_logs that has been described in
the VAULT-20259. As such, we've disabled the undo_logs check until
it has been fixed.

* actions: fix actionlint error and linting logic (#23305)

Signed-off-by: Ryan Cragun <me@ryan.ec>
2023-09-27 10:53:12 -06:00
hc-github-team-es-release-engineering be4f05ed25 Bumped product version to 1.14.5. 2023-09-26 18:09:22 -04:00
hc-github-team-secure-vault-core 6a15309a2e
Do not attempt to shutdown ACME thread on non-active nodes (#23293) (#23294)
Co-authored-by: Steven Clark <steven.clark@hashicorp.com>
2023-09-26 21:01:17 +00:00
hc-github-team-secure-vault-core c08d731634
backport of commit dbfaa6f81a156ec1dcb85d8d76941d4ac70c91fb (#23285)
Co-authored-by: Steven Clark <steven.clark@hashicorp.com>
2023-09-26 18:18:06 +00:00
claire bontempo ab1f3c8b83
cherry pick (#23264) 2023-09-22 21:29:05 +00:00
Chelsea Shaw 36452c0849
UI: add pagination to new PKI (#23193) (#23239)
* UI: add pagination to new PKI (#23193)

* fixes store type import

* fixes tests

---------

Co-authored-by: Jordan Reimer <zofskeez@gmail.com>
2023-09-22 10:47:55 -06:00
hc-github-team-secure-vault-core c29b24b07d
backport of commit 1d61aeb8aebc96eecbb6a35e10bd914b4d0f41f4 (#23250)
Co-authored-by: Sergey Kutovoy <kutovoy.s@gmail.com>
2023-09-22 09:06:23 -07:00
Sarah Chavis 86404bf211
[DOCS] Manual backport of Administrative namespace updates (#23208) (#23231)
* [DOCS] Administrative namespace updates (#23208)
2023-09-21 17:49:47 -04:00
hc-github-team-secure-vault-core b783dec8fd
backport of commit 8b126987807be3593f70ffd8b49b2d90406d7aea (#23235)
Co-authored-by: claire bontempo <68122737+hellobontempo@users.noreply.github.com>
2023-09-21 21:26:20 +00:00
hc-github-team-secure-vault-core 4bbc508695
backport of commit 758de878d61efbd53a7c4939981c1e061dc937a3 (#23221)
Co-authored-by: mickael-hc <86245626+mickael-hc@users.noreply.github.com>
2023-09-21 16:59:26 +00:00
Chelsea Shaw 0d6f76b98e
UI: Show unsupported screen if replication unsupported (#23178) (#23213) 2023-09-21 11:35:48 -05:00
hc-github-team-secure-vault-core 0596707993
backport of commit 55414e6a733bc7d746618ddd0723bac38b90cc7d (#23198)
Co-authored-by: Aram Mirzadeh <aram535@users.noreply.github.com>
2023-09-20 14:20:09 -07:00
Sarah Chavis 2110530c6e
Correct restricted endpoint tagging in current docs (#23201) 2023-09-20 13:28:40 -07:00
hc-github-team-secure-vault-core 3505868165
backport of UI: handle control group error on SSH (#23034)
Co-authored-by: Chelsea Shaw <82459713+hashishaw@users.noreply.github.com>
2023-09-20 16:18:57 +00:00
Kianna 3ba22f14e0
Backport 1.14.3: confirm delete modal for namespaces (#23109)
* Possible soln 1: add a class w/ min height instead of calculated height

* Remove confirm-height style

* Add changelog

* Fix changelog

* Possible soln 2: apply style using native js

* Remove copyright since 1.14 didnt have
2023-09-20 09:15:52 -06:00
hc-github-team-secure-vault-core 693ba0eddc
backport of commit c73eacbaf6ae6b5860e1ad9a3b6ce930c093a105 (#23174)
Co-authored-by: akshya96 <87045294+akshya96@users.noreply.github.com>
2023-09-19 19:54:42 +00:00
hc-github-team-secure-vault-core e5bee669e4
backport of commit d5f4243c9efe3970ccf0c6227c27bb2c03f02a31 (#23162)
Co-authored-by: Hamid Ghaf <83242695+hghaf099@users.noreply.github.com>
2023-09-19 16:03:52 +00:00
Ryan Cragun 9da2fc4b8b
test: wait for nc to be listening before enabling auditor (#23142) (#23150)
Rather than assuming a short sleep will work, we instead wait until netcat is listening of the socket. We've also configured the netcat listener to persist after the first connection, which allows Vault and us to check the connection without the process closing.

As we implemented this we also ran into AWS issues in us-east-1 and us-west-2, so we've changed our deploy regions until those issues are resolved.

Signed-off-by: Ryan Cragun <me@ryan.ec>
2023-09-18 15:10:37 -06:00
hc-github-team-secure-vault-core 7cf02909cc
backport of commit 2a46d492a3d15cfea8a492e29051a2451d47cdf5 (#23147)
Co-authored-by: Nicola Kabar <nicolaka@gmail.com>
2023-09-18 12:44:48 -07:00
hc-github-team-secure-vault-core bf9114d772
Backport of UI: [VAULT-18178] Fix filter/search bug in search secrets engines into release/1.14.x (#23130)
Co-authored-by: Kianna <30884335+kiannaquach@users.noreply.github.com>
2023-09-18 17:59:01 +00:00
Hamid Ghaf 34b2650ad7
update version to 1.14.4 (#23085)
Co-authored-by: Sarah Thompson <sthompson@hashicorp.com>
2023-09-18 07:07:16 -07:00
hc-github-team-secure-vault-core 0a443e1d34
backport of commit 3f9b6075aaa1ca3e4c4065b0a460c3bd80b1afd9 (#23127)
Backport of UI: add SSH role attribute allowed_domains_template
Co-authored-by: Chelsea Shaw <82459713+hashishaw@users.noreply.github.com>
2023-09-15 21:56:40 +00:00
hc-github-team-secure-vault-core dfc1385992
Backport of UI: Handle error from ResponseWithStatusCode (#23116)
Co-authored-by: Chelsea Shaw <82459713+hashishaw@users.noreply.github.com>
2023-09-15 15:38:22 -05:00
hc-github-team-secure-vault-core b83be1c01b
backport of commit 4b9b5d60e6401bb2338f88340befc7d8802c63c8 (#23110)
Co-authored-by: soly-hashicorp <106975916+soly-hashicorp@users.noreply.github.com>
2023-09-15 10:03:51 -07:00
hc-github-team-es-release-engineering 98d045548b Bumped product version to 1.14.5. 2023-09-15 09:45:47 -04:00
hc-github-team-es-release-engineering 5441926578 Bumped product version to 1.14.4. 2023-09-15 09:44:14 -04:00
hc-github-team-secure-vault-core 2970f245c5
backport of commit 37215ae
[VAULT-14497] Ensure Role Governing Policies are only applied down the namespace hierarchy (#23090)

---------

Co-authored-by: Kuba Wieczorek <kuba.wieczorek@hashicorp.com>
2023-09-14 19:27:30 +00:00
hc-github-team-secure-vault-core 4ef29a1b2e
Add known issues around transit managed keys (#23080) (#23096)
* Add known issues around transit managed keys

 - Document known issue around managed key encryption failure with Cloud KMS backed keys and the failure to sign with managed keys

* Fix filename typos

* Update website/content/partials/known-issues/transit-managed-keys-sign-fails.mdx



* Update website/content/partials/known-issues/transit-managed-keys-panics.mdx



* Apply PR feedback

* Missed new line to force error on new-line.

---------

Co-authored-by: Steven Clark <steven.clark@hashicorp.com>
Co-authored-by: Alexander Scheel <alex.scheel@hashicorp.com>
2023-09-14 14:48:51 -04:00
hc-github-team-secure-vault-core dcf74888b7
backport of commit 854ea77f9e26fd6fc6302c7e6b9d86ab99096201 (#23083)
Co-authored-by: Meggie <meggie@hashicorp.com>
2023-09-14 13:21:08 -04:00
hc-github-team-secure-vault-core 721f144792
backport of commit 930b48882afb1a25f0409d53fc3200c47d12f5a5 (#23051)
Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com>
2023-09-14 10:17:35 -07:00
hc-github-team-secure-vault-core ea8dde9aa3
backport of commit f0fb07b0b2762a1f6df987b75e78c67ac6e323d2 (#23071)
Co-authored-by: Jonathan Frappier <92055993+jonathanfrappier@users.noreply.github.com>
2023-09-13 18:49:28 -04:00
hc-github-team-secure-vault-core d546c1000a
backport of commit 15a50b8959cbc6c368421c7f3a0257a587e99b55 (#23058)
Co-authored-by: Jonathan Frappier <92055993+jonathanfrappier@users.noreply.github.com>
2023-09-13 15:58:08 -04:00
Sarah Chavis 5802b4a02f
Manual backport of missing partial (#23048)
* Manual backport of missing partial
2023-09-13 09:10:17 -07:00
hc-github-team-secure-vault-core f8cc377db2
backport of commit 5a83838f1df3a2092119e1f7a7450795110c9e96 (#23020)
Co-authored-by: Chris Capurso <1036769+ccapurso@users.noreply.github.com>
2023-09-13 09:50:57 -04:00
hc-github-team-secure-vault-core cf35e72593
backport of commit 293e8b8ac5469fc18470b4fb03fa6618b796bb5f (#23045)
Co-authored-by: Steven Clark <steven.clark@hashicorp.com>
2023-09-13 12:39:58 +00:00
Nick Cabatoff da9cd4c878
Fix some duplication of partials, and add fix versions for update-primary data loss issue (#22182) (#23043) 2023-09-13 08:14:42 -04:00
hc-github-team-secure-vault-core 28c15e2a98
backport of commit e2ff1f1c7117574888db91b4b6027be24533d718 (#23030)
Co-authored-by: Alexander Scheel <alex.scheel@hashicorp.com>
2023-09-12 21:18:03 +00:00
hc-github-team-secure-vault-core e940a1dd82
backport of commit c63a84dc9f777f3d441203eb835c2a6f3121fea4 (#23023)
Co-authored-by: Andreas Gruhler <andreas.gruhler@adfinis.com>
2023-09-12 20:10:29 +00:00
hc-github-team-secure-vault-core 234c9ff772
Backport of UI: [VAULT-18040] List all features in license info into release/1.14.x (#23005)
Co-authored-by: Kianna <30884335+kiannaquach@users.noreply.github.com>
2023-09-12 09:48:06 -07:00