Commit Graph

15367 Commits

Author SHA1 Message Date
Gabriel Santos 57eeb33faa
SSH secrets engine - Enabled creation of key pairs (CA Mode) (#15561)
* Handle func

* Update - check if key_type and key_bits are allowed

* Update - fields

* Generating keys based on provided key_type and key_bits

* Returning signed key

* Refactor

* Refactor update to common logic function

* Descriptions

* Tests added

* Suggested changes and tests added and refactored

* Suggested changes and fmt run

* File refactoring

* Changelog file

* Update changelog/15561.txt

Co-authored-by: Alexander Scheel <alexander.m.scheel@gmail.com>

* Suggested changes - consistent returns and additional info to test messages

* ssh issue key pair documentation

Co-authored-by: Alexander Scheel <alexander.m.scheel@gmail.com>
2022-06-10 09:48:19 -04:00
Angel Garbarino 17eed2a814
Quick Bug Fix: missing database icon on overview page (#15921)
* fix missing icon

* fix:
2022-06-09 19:43:36 -06:00
Angel Garbarino ccc584efa1
Glimmerize mount-backend-form (#15911)
* glimmerize

* clean up

* fix
2022-06-09 19:15:49 -06:00
Dave May 0f42131350
Fix debug bundle panic on Windows (#14399)
* Fix debug bundle panic on Windows

* Add changelog entry
2022-06-09 15:57:45 -07:00
Austin Gebauer 1bd49383cd
secrets/db: documents credential types and snowflake key pair auth (#15892) 2022-06-09 15:56:50 -07:00
akshya96 8f115a9904
Parse ha_storage in config (#15900)
* parsing values in config ha_storage

* adding changelog

* adding test to parse storage
2022-06-09 15:55:49 -07:00
Austin Gebauer 4cfec18bae
docs/postgres: replaces lib/pq with pgx (#15901) 2022-06-09 14:37:14 -07:00
VAL 19a195aae7
Use latest api version (#15917) 2022-06-09 13:47:04 -07:00
VAL 1fe2a2ddd2
Update minimum required go version for api (#15915)
* Update minimum required go version for api

* Update root go.mod to use latest sdk
2022-06-09 13:15:18 -07:00
VAL bbcd47b10a
Update minimum required go version for sdk (#15913) 2022-06-09 12:25:24 -07:00
claire bontempo 5ed7a01b32
UI: Fix tooltip hover for vertical bar chart (#15909)
* fix tooltip

* remove unnecessary test attr
2022-06-09 11:03:29 -07:00
Jordan Reimer 26b8de8286
Remove deprecated core-js version from production builds (#15898)
* updates deps and build to exclude deprecated core-js version and adds eslint compatibility plugin

* removes eslint compat plugin config from eslintrc and updates browserslistrc targets

* adds changelog entry
2022-06-09 09:12:59 -06:00
Peter Wilson bb55a1127f
Removed IRC reference in architecture internals doc (#15904)
* Removed IRC reference in architecture internals doc
2022-06-09 15:41:14 +01:00
Tom Proctor ae711a4c81
Add change release note for Kubernetes auth (#15891) 2022-06-09 10:07:43 +01:00
VAL 48ed15c445
Use KV helpers in docs and dev quickstart guide (#15902) 2022-06-08 17:37:02 -07:00
akshya96 fbda6d5110
Kv cas parameter documentation (#15885)
* adding cas documentation changes

* remove extra space

* remove -
2022-06-08 16:51:08 -07:00
bhowe34 763f9ad732
pass context to postgres queries (#15866)
* pass context to postgres queries

* add changelog

* Update changelog/15866.txt

Co-authored-by: Alexander Scheel <alexander.m.scheel@gmail.com>

Co-authored-by: Alexander Scheel <alexander.m.scheel@gmail.com>
2022-06-08 17:54:19 -04:00
Chris Capurso 75aa55eb57
add OSS noop check for valid ent storage (#15894) 2022-06-08 17:15:28 -04:00
Hridoy Roy 934989809b
Limit SSCT WAL Check on Perf Standbys to Raft Backends Only (#15879)
* ensure that ssct wal check only occurs for non-raft storage on perf standbys

* changelog
2022-06-08 13:58:22 -07:00
Arnav Palnitkar d7c62dc2e7
Remove fingerprinting for images (#15888)
By default, ember build fingerprint all the static assets such as
'js', 'css', 'png', 'jpg', 'gif', 'map' during compilation. As a result the image
referenced in mfa landing page was not loading in binary. For now, exclude fingerprinting
for all the files which exists under images directory.
2022-06-08 13:48:24 -07:00
Alexander Scheel 8d8a95cbf6
Add missing nil check to FIPS EA verification (#15883)
This was causing failures when running `vault server -dev`:

> panic: runtime error: invalid memory address or nil pointer dereference
> [signal SIGSEGV: segmentation violation code=0x2 addr=0x20 pc=0x105c41c1c]
>
> goroutine 1 [running]:
> github.com/hashicorp/vault/command.(*ServerCommand).parseConfig(0x140005a2180)
> 	.../vault/command/server.go:429 +0x5c

Interestingly, we do not have a test case for running the dev
sever.

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2022-06-08 15:45:46 -04:00
Steven Clark 3b9f29fedd
pki: Do not use a static issuer/key name within the migration (#15886)
- Selecting a constant default value exposed a possible edge case
   that the migration would fail if a previous migration contained the
   same issuer or key name.
2022-06-08 15:31:30 -04:00
Robert 91b298d274
Update Consul secrets features docs, api-docs for 1.11 (#15854)
* Overhaul consul docs and api-docs for new 1.11 features

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>
Co-authored-by: Calvin Leung Huang <1883212+calvn@users.noreply.github.com>
Co-authored-by: John-Michael Faircloth <fairclothjm@users.noreply.github.com>
2022-06-08 13:54:55 -05:00
VAL 5259cd0ab2
Make KV structs public so the KV helper methods show in godoc (#15880) 2022-06-08 11:14:55 -07:00
Victor Rodriguez d922225fcd
Update KMIP documentation to reflect Vault 1.11 changes. (#15868)
Update documentation to reflect new KMIP features in Vault 1.11.

Co-authored-by: Steven Clark <steven.clark@hashicorp.com>
2022-06-08 13:58:45 -04:00
Alexander Scheel 5c03fe6a30
Use manual_chain for cross-signed intermediates (#15876)
This adds a note that manual_chain is required for cross-signed
intermediates, as Vault will not automatically associate the
cross-signed pair during chain construction. During issuance, the chain
is used verbatim from the issuer, so no chain detection will be used
then.

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2022-06-08 13:13:45 -04:00
VAL 98ed9c7ab9
Add PutMetadata and PatchMetadata KV helpers (#15755)
* Add PutMetadata and PatchMetadata KV helpers

* Refactor tests, stop needlessly converting zero values to nil

* Merge fix for delete-version-after zero value bug

* Cast nils to zero value on Put

* Use 2 different structs for put/patch metadata input, clarity fixes

* Use local constants and simplify stringification
2022-06-08 09:29:22 -07:00
Nick Cabatoff e18e8c3677
Fix broken rabbithole dep exposed by wiping my module cache. (#15867) 2022-06-08 10:31:43 -04:00
Ikko Ashimine dc6924e764
docs: fix typo in configurations.mdx (#15863)
paramters -> parameters
2022-06-08 09:03:45 -04:00
Alexander Scheel dd6c339440
Add warning about EA in FIPS mode (#15858)
* Add warning about EA in FIPS mode

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add changelog

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2022-06-08 08:57:48 -04:00
Robert 770a91ab83
Update GCP auth docs (#15855)
* Add automatic GCE identity token login
2022-06-07 18:22:09 -05:00
Josh Black 99ea53daaf
Autopilot enterprise docs (#15589) 2022-06-07 14:32:45 -07:00
Christopher Swenson 9754629a2b
Update AWS auth docs for SHA-1 deprecation (#15741)
Update AWS auth docs for SHA-1 deprecation

We now recommend `/rsa2048` as the preferred AWS signature moving
foward, as `/pkcs7` and `/signature` will stop working by default in
Vault 1.12 without setting `GODEBUG=x509sha1=1` in the Vault deployment
due to the move to Go 1.18.

I also took this oppoturnity to try to make the docs less confusing
and more consistent with all of the usages of signature, PKCS#7, DSA,
and RSA terminology.

Co-authored-by: Ben Ash <32777270+benashz@users.noreply.github.com>
Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>
2022-06-07 12:45:46 -07:00
Angel Garbarino a86644968b
Change tooltip for token_bound_certs and glimmerize string-list component (#15852)
* wip

* wip

* glimmerization done?

* fix tests

* tooltip and test

* changelog

* clean up

* cleanup

* cleanup
2022-06-07 13:15:25 -06:00
Calvin Leung Huang 426e3a5583
docs: add pkiCert example on agent template docs (#15836) 2022-06-07 10:33:17 -07:00
Loann Le a4d86d503f
updated table (#15850) 2022-06-07 10:22:21 -07:00
Chelsea Shaw f6841806f3
UI: Fix metadata tab not showing given policy (#15824)
* Update path that metadata tab checks capabilities against

* Add changelog

* Update test to handle this case

* Fix tests url

Co-authored-by: claire bontempo <68122737+hellobontempo@users.noreply.github.com>
2022-06-07 10:56:44 -05:00
Alexander Scheel 2884141dd9
Add support notes, Entropy Augmentation notes, RH repo (#15843)
* Add support notes, Entropy Augmentation notes, RH repo

This adds a known-panic w.r.t. Entropy Augmentation due to restrictions
in how BoringCrypto's RNG works. Additionally adds the RH Access
container repository and adds a note about restricted support scenarios.

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Wording changes per Scott

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2022-06-07 11:23:26 -04:00
Brian Candler e912ccaa66
Fixes for -listing-visibility flag values in CLI tools (#15838)
See also: #15833, #15209

Signed-off-by: Brian Candler <b.candler@pobox.com>
2022-06-07 09:49:13 -04:00
Tom Proctor 4ee10e4809
docs: Update CSI Provider command line arguments (#15810) 2022-06-07 10:20:47 +01:00
Alexander Scheel ea6452757f
Add parsing for NSS-wrapped Ed25519 keys (#15742)
* Add parsing for NSS-wrapped Ed25519 keys

NSS wraps Ed25519 using the PKCS#8 standard structure. The Go standard
library as of Go 1.18.x doesn't support parsing this key type with the
OID used by NSS; it requires the 1.3.101.112/RFC 8410 format, rather
than the RFC 5915-esque structure supported here.

Co-authored-by: Rachel Culpepper <84159930+rculpepper@users.noreply.github.com>
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add integration test with NSS-created wrapped key

Co-authored-by: Rachel Culpepper <84159930+rculpepper@users.noreply.github.com>
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add changelog

Co-authored-by: Rachel Culpepper <84159930+rculpepper@users.noreply.github.com>
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

Co-authored-by: Rachel Culpepper <84159930+rculpepper@users.noreply.github.com>
2022-06-06 18:09:21 -04:00
modrake 6490a9c1f7
add codeowners to protect release dirs (#15711) 2022-06-06 15:06:49 -07:00
Steven Clark 9a0e4a9c2b
Rename the go version changelog (#15834) 2022-06-06 16:45:12 -04:00
Alexander Scheel b3ad79fb70
Fix listing_visibility value documentation (#15833)
* Match listing_visibility in system/auth with system/mounts

See also: #15209

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Fix path-help for listing_visibility

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2022-06-06 16:44:46 -04:00
Michael Williams 69fbba5a52
Update documentation to reduce confusion about default_extensions. (#14069) 2022-06-06 15:53:05 -04:00
Scott Miller 6bfdfa0a4d
Document Convergent Tokenization and Token Lookup (#15819)
* Document Convergent Tokenization and Token Lookup

* tweaks

* Fix sample response

* Update website/content/api-docs/secret/transform.mdx

Co-authored-by: Matt Schultz <975680+schultz-is@users.noreply.github.com>

* Update website/content/api-docs/secret/transform.mdx

Co-authored-by: Matt Schultz <975680+schultz-is@users.noreply.github.com>

* Update website/content/api-docs/secret/transform.mdx

Co-authored-by: Matt Schultz <975680+schultz-is@users.noreply.github.com>

* Update website/content/api-docs/secret/transform.mdx

Co-authored-by: Matt Schultz <975680+schultz-is@users.noreply.github.com>

* Update website/content/api-docs/secret/transform.mdx

Co-authored-by: Matt Schultz <975680+schultz-is@users.noreply.github.com>

* Update website/content/api-docs/secret/transform.mdx

Co-authored-by: Matt Schultz <975680+schultz-is@users.noreply.github.com>

* Update website/content/docs/secrets/transform/index.mdx

Co-authored-by: Matt Schultz <975680+schultz-is@users.noreply.github.com>

* Update website/content/docs/secrets/transform/tokenization.mdx

Co-authored-by: Matt Schultz <975680+schultz-is@users.noreply.github.com>

* Update website/content/docs/secrets/transform/tokenization.mdx

Co-authored-by: Matt Schultz <975680+schultz-is@users.noreply.github.com>

* Update website/content/docs/secrets/transform/tokenization.mdx

Co-authored-by: Matt Schultz <975680+schultz-is@users.noreply.github.com>

* Update website/content/docs/secrets/transform/tokenization.mdx

Co-authored-by: Matt Schultz <975680+schultz-is@users.noreply.github.com>

* Update website/content/docs/secrets/transform/tokenization.mdx

Co-authored-by: Matt Schultz <975680+schultz-is@users.noreply.github.com>

* Update website/content/docs/secrets/transform/tokenization.mdx

Co-authored-by: Matt Schultz <975680+schultz-is@users.noreply.github.com>

* Update website/content/api-docs/secret/transform.mdx

Co-authored-by: Matt Schultz <975680+schultz-is@users.noreply.github.com>

* Update website/content/docs/secrets/transform/tokenization.mdx

Co-authored-by: Matt Schultz <975680+schultz-is@users.noreply.github.com>

* Update website/content/api-docs/secret/transform.mdx

Co-authored-by: Matt Schultz <975680+schultz-is@users.noreply.github.com>

* update awkward text

Co-authored-by: Matt Schultz <975680+schultz-is@users.noreply.github.com>
2022-06-06 13:34:08 -05:00
Steven Clark a97da32b4b
Update Go to 1.17.11 (#15818)
* Update Go to 1.17.11

 See https://go.dev/doc/devel/release#go1.17.minor for release notes
2022-06-06 13:18:24 -04:00
Angel Garbarino 78c9d3c59a
Move Mfa components to MFA folder (#15813)
* move mfa end user setup

* move remaining files

* fix import on tests
2022-06-06 10:49:03 -06:00
Austin Gebauer 18d25ca4d1
db/snowflake: updates plugin to v0.5.1 (#15814) 2022-06-06 09:28:06 -07:00
Tom Proctor 2f653f0c5d
Ignore CRT builds on docs branches (#15811) 2022-06-06 16:47:55 +01:00