* Make backport assistant work with ENT backport tags
I want the regexp to include word characters and the plus sign on
enterprise. I'm confused about the levels of escaping required, because
this is a shell env var that gets passed to a go program as a regular
expression. I didn't escape the square brackets because the parens
weren't escaped. I matched what was done previously with the '.'s for
the '+' because I also want that literal, but it was unclear from
playing around with https://regex101.com/ and go regexps whether the
extra backslashes were required for the '+' char.
* Update .github/workflows/backport.yml
Co-authored-by: Nick Cabatoff <ncabatoff@hashicorp.com>
Co-authored-by: Nick Cabatoff <ncabatoff@hashicorp.com>
* add timestamp to attribution
* create usage stat component
* updates stat text boxes
* remove flex-header css
* remove comment
* add empty state if no data
* update monthly serializer
* remove empty state - unnecessary
* change tab to 'history'
* add usage stats to history view
* change css styling for upcased grey subtitle
* correctly exports namespace and auth data
* close modal on download
* test making a service?
* fix monthly attrs
* update csv content format
* remove component and make downloadCsv a service
* update function name
* wip//add warning labels, fixing up current and history tabs
* wip//clean up serializer fix with real data
* fix link styling:
* add conditionals for no data, add warning for 1.9 counting changes
* naming comment
* fix tooltip formatting
* fix number format and consolidate actions
* remove outdated test
* add revokeObjectURL and rename variable
* fix errors and empty state views when no activity data at all
* fix end time error
* fix comment
* return truncating to serializer
* PR review cleanup
* return new object
* setup
* handle current billing period
* handle billing period selection
* clean up
* clean up
* turn serializer to class
* change to classes
* placeholding, handles timezone issues for this.startTime
* put in depen
* fixing timezone issues for endTime
* clean up
* move formating on Get to the adapter. Still need to return formating from Get on serializer
* fix current billing period
* move all inside queryRecord to hit serilaizer
* move to serializer
* clean up
* calendar clean up
* clean up
* fix styling
* small fixes
* small fixes
Co-authored-by: Claire Bontempo <cbontempo@hashicorp.com>
* Support Y10K value in notAfter field when signing non-CA certificates
* Add changelog entry for 13736
* Add test for using not_after parameter for non-CA certificates that are being signed
* Fix CA value for test for not_after value when signing non-CA certs
* Address formatting
* Add changelog file
* Revert changelog entry commit f28b54e7b5ad21144c8a2da942d766e64a332caf
This change proposes adding [vaultrs](https://crates.io/crates/vaultrs) to the list of community-supported libraries. This crate has a mature base and is expected to expand to accommodate most of the API.
* Document new force_rw_session parameter within pkcs11 seals
* documentation for key_id and hmac_key_id fields
* Apply suggestions from code review
Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>
* Update website/content/docs/configuration/seal/pkcs11.mdx
Co-authored-by: Alexander Scheel <alex.scheel@hashicorp.com>
Co-authored-by: rculpepper <rculpepper@hashicorp.com>
Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>
Co-authored-by: Alexander Scheel <alex.scheel@hashicorp.com>
Calculate the Subject Key Identifier as suggested in RFC 5280, Section 4.2.1.2
> (1) The keyIdentifier is composed of the 160-bit SHA-1 hash of the
value of the BIT STRING subjectPublicKey (excluding the tag,
length, and number of unused bits).
fixes#11153
* Clarify that backend authors can specify that all or no values are sealwrapped rather than the vague statement that all values _may_ be seal wrapped
* typo
This function call was previously used to generate mappings from
potential subjects (or SANs) to certificates within the TLS client
object. However, newer Go versions have deprecated this method, instead
building the mapping automatically based on present certificates at
request time. Because the corresponding client configuration field is
not used in Vault (NameToCertificate), it is safe to remove this call
and leave it nil.
See also: 67d894ee65
See also: https://pkg.go.dev/crypto/tls#Config.BuildNameToCertificate
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
* add timestamp to attribution
* create usage stat component
* updates stat text boxes
* remove flex-header css
* remove comment
* add empty state if no data
* update monthly serializer
* remove empty state - unnecessary
* Fix a transit deadlock caused by indefinite lock holding in key autorotation.
* Move down manual policy locking in transit autorotation to avoid NPE.
* Wrap conditional transit key autorotation in a function to allow for cleaner policy lock management.
* Remove a dnagling continue statement from transit key autorotation.
Include recommendation to use Vault agent injector on OpenShift
instead of CSI due to production security constraints.
Additional instructions included for testing and development
clusters.
* adds serializer
* removes all 1.11 related work to monthly/new client counting
* move from new-init-activity to activity
* merge setup changes add monthly model/adapter
* delete new-init-activity files
* add graph to current month view
* influxdb v1 client has been split into a separate module from the main influxdb
code base. This changes uses the correct client, which also allows us to
get updates and avoids confusing some vulnerability scanners that flagged
previous version incorrectly.
Co-authored-by: Ben Ash <32777270+benashz@users.noreply.github.com>
* check for nil signing key on rotation
* add changelog
* Update nil signing key handling
- bypass setting ExpireAt if signing key is nil in rotate
- return err if singing key is nil in signPayload
* add comment; update error msg on signPayload; refactor UT