Commit graph

13635 commits

Author SHA1 Message Date
swayne275 597c3d1296
Vault-1983: Use fairsharing to distribute workers between queues (#11789)
* prelim fairshare prototype, untested and prototype status

* add tests for new fairshare infra - this likely fails tests for being racy

* probably fix races for code and test

* one more lock to fix for races

* fairsharing queue work distribution, tests, fixes, etc

* comment, shorten wait time

* typos and comments

* fix inverted worker count logic

* Update helper/fairshare/jobmanager.go

typo

* Update helper/fairshare/jobmanager.go

clarify comment

* move back to round robin between queues

* improvements from self review

* add job manager stress test
2021-06-25 14:06:49 -06:00
Jason O'Donnell b2c9b3c344
plugins/ad: Add rotate-role endpoint (#11942)
* plugins/ad: add rotate-role

* Add doc

* changelog

* Add note about rotate-role in overview
2021-06-25 14:00:03 -04:00
Sam Salisbury d4fa62e979
ci: cache go modules (#11935) 2021-06-25 17:17:05 +01:00
Theron Voran 5c5a57626e
docs: vault-helm add license update steps (#11911)
Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com>
2021-06-25 08:49:48 -07:00
Kendall Strautman 2b71472d37
chore: upgrade react-head and deps (#11938) 2021-06-25 11:38:17 -04:00
hghaf099 6d7dbc85b5
diagnose: Add seal transit tls check (#11922)
* diagnose: Add seal transit tls check

* Fixing the path to the config file and the path to the cert files

* Addressing comment

* Addressing seal transit tls check comments
2021-06-24 18:30:42 -04:00
Jason O'Donnell b2b25be0ce
agent/template: add static_secret_render_interval configurable (#11934)
* agent/template: add default_lease_duration config

* go mod tidy

* Add changelog

* Fix panic

* Add documentation

* Change to static_secret_render_interval

* Update doc

* Update command/agent/template/template.go

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

* Update changelog/11934.txt

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

* Update website/content/docs/agent/template-config.mdx

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>
2021-06-24 15:40:31 -04:00
Hridoy Roy a8cc5e4557
TLS Verification Bugfixes (#11910)
* tls verification bugfix

* tls verification bugfix

* allow diagnose fail to report status when there are also warnings

* allow diagnose fail to report status when there are also warnings

* Update vault/diagnose/helpers_test.go

Co-authored-by: swayne275 <swayne275@gmail.com>

* comments

Co-authored-by: swayne275 <swayne275@gmail.com>
2021-06-24 10:43:49 -07:00
mr-miles 9e031b5766
Mongo doesnt allow periods in usernames (#11872)
* mongo doesnt allow periods in usernames

* Update mongodb.mdx

Update template in docs

* Move replace to the end

* Adding a test for dot replacement

* Create 11872.txt
2021-06-24 13:26:31 -04:00
Marc Boudreau 3c35a25d36
Fix for Issue 11863 - Panic when creating/updating approle role with token_type (#11864)
* initializing resp variable with aa *logical.Response before using it to add warning for default-service or default-batch token type.  Also adding guard around code that sets resp to a new logical.Response further on in the function.

* adding changelog entry

* renaming changelog file to match PR number
2021-06-24 13:03:41 -04:00
Hridoy Roy e2614979f7
Diagnose Storage Panic Bugfixes (#11923)
* partial

* fix raft panics and ensure checks are skipped if storage isnt initialized

* cleanup directories

* newline

* typo in nil check

* another nil check
2021-06-24 09:56:38 -07:00
Mike Wickett 6b5d1ab4dc
update content param for improved attribution (#11929) 2021-06-24 11:12:37 -04:00
hghaf099 4495b932d8
Fix diagnose panic when configuration file does not exist (#11932)
* Fix diagnose panic when configuration file does not exist

* Addressing comments

* Update command/operator_diagnose.go

Co-authored-by: Hridoy Roy <roy@hashicorp.com>

Co-authored-by: Hridoy Roy <roy@hashicorp.com>
2021-06-23 18:35:52 -04:00
Nick Cabatoff ccae681628
Remove fragile link to docs from code. (#11928) 2021-06-23 15:43:44 -04:00
Zachary Shilton c15945cfc9
website: bump use-cases to latest (#11930)
* website: bump use-cases to latest

* chore: bump use-cases to stable release
2021-06-23 15:20:05 -04:00
Austin Gebauer 920b75540e
docs: corrects json and issuer for identity tokens (#11924) 2021-06-23 09:04:23 -07:00
Zachary Shilton 1ae5953e27
website: upgrade code block (#11903) 2021-06-22 17:39:02 -04:00
hghaf099 658a4ea276
Checking Validity of all Certs in the chain [VAULT-2114] (#11883)
* Checking Validity of all Certs in the chain

* Addressing Comments for TLS cert validation

* Fixing tls_verification tests

* Fixing minor issue in tls_verification tests

* Addressing Comments, Rebasing with main

* Adding comment on top of a test
2021-06-22 16:23:55 -04:00
MilenaHC 5483eba5fc
RabbitMQ - Add username customization (#11899)
* add username customization for rabbitmq

* add changelog for rabbitmq

* Update builtin/logical/rabbitmq/path_config_connection.go

Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com>

* updating API docs

* moved to changelog folder

Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com>
2021-06-22 14:50:46 -05:00
Nick Cabatoff 022ccc2657
Document vault.core.expiration_time_epoch metric. (#11919) 2021-06-22 14:31:08 -04:00
Vishal Nayak 12e5f5045e
Update contributing guidelines (#11917) 2021-06-22 14:06:34 -04:00
Hridoy Roy bbfd450319
remove prints (#11918) 2021-06-22 09:40:53 -07:00
Nick Cabatoff 9bcb480cb7
Fixes #11914. (#11915) 2021-06-22 12:39:23 -04:00
Angel Garbarino 94e11af37a
UI/cp validations kv duplicate path (#11878)
* setup check when secret-v2 record is populated

* return network request of full paths

* modify/amend test

* remove console log

* fix test

* add changelog

* attempt to fix browserstack test issue

* remove find

* add trim

* another attempt
2021-06-22 10:34:00 -06:00
Calvin Leung Huang c1a2a939f9
agent: restart template runner on retry for unlimited retries (#11775)
* agent: restart template runner on retry for unlimited retries

* template: log error message early

* template: delegate retries back to template if param is set to true

* agent: add and use the new template config stanza

* agent: fix panic, fix existing tests

* changelog: add changelog entry

* agent: add tests for exit_on_retry_failure

* agent: properly check on agent exit cases, add separate tests for missing key vs missing secrets

* agent: add note on difference between missing key vs missing secret

* docs: add docs for template_config

* Update website/content/docs/agent/template-config.mdx

Co-authored-by: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com>

* Update website/content/docs/agent/template-config.mdx

Co-authored-by: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com>

* Update website/content/docs/agent/template-config.mdx

Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com>

* Update website/content/docs/agent/template-config.mdx

Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com>

* Update website/content/docs/agent/template-config.mdx

Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com>

* docs: fix exit_on_retry_failure, fix Functionality section

* docs: update interaction title

* template: add internal note on behavior for persist case

* docs: update agent, template, and template-config docs

* docs: update agent docs on retry stanza

* Apply suggestions from code review

Co-authored-by: Jim Kalafut <jkalafut@hashicorp.com>
Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

* Update changelog/11775.txt

Co-authored-by: Brian Kassouf <briankassouf@users.noreply.github.com>

* agent/test: rename expectExit to expectExitFromError

* agent/test: add check on early exits on the happy path

* Update website/content/docs/agent/template-config.mdx

Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com>

Co-authored-by: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com>
Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com>
Co-authored-by: Jim Kalafut <jkalafut@hashicorp.com>
Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>
Co-authored-by: Brian Kassouf <briankassouf@users.noreply.github.com>
2021-06-21 16:10:15 -07:00
claire bontempo 3ec17429e8
Updates license state copy and link (#11900)
* changes license state copy and updates read more link (also updates test)
2021-06-21 12:44:28 -07:00
Brian Kassouf a794a6244f
raft: Set BatchApplyCh for more consistent batch sizes (#11907)
* raft: Set BatchApplyCh for more consistent batch sizes

* Add changelog file
2021-06-21 12:00:41 -07:00
John-Michael Faircloth 096a354626
approle: convert Callbacks to Operations (#11893)
* approle: convert Callbacks to Operations

The usage of oldstyle "Callbacks" is causing the `cannot write to readonly
storage` error message when `login` is attempted against a performance standby.

Use the newstyle "Operations" and additionally set the Forward
parameters to forward the request to the Active vault node.

* add changelog

* do not forward for alias lookahead operation

* remove forward fields and remove changelog

- Because this request is an UpdateOperation, it should have automatically been
routed to the primary/active by the router before it reaches the backend.
- changelog should not be needed as this change is only a refactor with
no user-facing behavior changes.
2021-06-21 13:38:22 -05:00
Josh Black 8c069936e9
Add new boltdb options (#11895) 2021-06-21 11:35:40 -07:00
Michael Golowka 7f6a1739a3
Cassandra: Refactor PEM parsing logic (#11861)
* Refactor TLS parsing

The ParsePEMBundle and ParsePKIJSON functions in the certutil package assumes
both a client certificate and a custom CA are specified. Cassandra needs to
allow for either a client certificate, a custom CA, or both. This revamps the
parsing of pem_json and pem_bundle to accomodate for any of these configurations
2021-06-21 11:38:08 -06:00
Kendall Strautman ccee88180b
feat(website): A11y updates (#11869)
* adds lang attribute

* fixes: empty anchor tag

* adds alt attributes

* alt tag logo grid updates

* fix footer contrast color

* only render header if it exists

* adds `main` element to page

* testing pre-releases

* fix: button aria-label updates

* chore: update deps

* fix: adds `main` element to all pages

* chore: formatting

* fix: adds alts to use-cases page

* chore: update headline element

* chore: adds alt text

* fix: adds alt tags

* style: fix height issue

* fix: use h1 at top of page

* fix: remove main to avoid duplicate tag

* chore: fix deps

* main is already defined in docs page component

* Update website/components/footer/style.css

Co-authored-by: Jimmy Merritello <7191639+jmfury@users.noreply.github.com>

Co-authored-by: Jimmy Merritello <7191639+jmfury@users.noreply.github.com>
2021-06-21 12:50:59 -04:00
hghaf099 38b753046b
Tls check client certs [VAULT-2117] (#11860)
* add expiration warning to certificate checking for diagnose

* Adding TLS Client CA checks to diagnose
Adding checks for tls_disable_client_certs and tls_require_and_verify_client_cert flags

* Check validity of TLSClientCAFile
Adding related tests

* Addressing comments

* Fixing some tls tests

* Addressing comments

Co-authored-by: HridoyRoy <roy@hashicorp.com>
2021-06-18 19:35:38 -04:00
MilenaHC 545c423f8a
add changelog to influxdb (#11896) 2021-06-18 14:56:41 -05:00
Mike Green fe56eaa1b7
Clarify upgrade steps and shutdown behavior (#11881)
* Clarify upgrade steps and shutdown behavior

* add mlock to standby as well
2021-06-18 11:42:55 -07:00
Jim Kalafut 3d9036e663
Rename some references from master to main (#11897)
* Rename some references from master to main

* Update changelog-checker
2021-06-18 11:24:54 -07:00
Nick Cabatoff 515f41558d
Docs for license autoloading. (#11886) 2021-06-18 12:19:18 -04:00
Meggie 33f6530529
Adding github action to check for changelog file (#11894)
* Adding github action to check for changelog file

This might have to be slightly different on ENT, where changelog files
should be prefixed with an underscore.

* Fixing comment

* Adding release branches, enhancement more specific

Also tidying my rusty bash

* More descriptive error messages

I also un-nested some if statements.

* Reference this PR too
2021-06-18 11:36:36 -04:00
Yoko Hyakuna ed8511f8bf
Updated 'plus' > 'pro' (#11892) 2021-06-17 13:58:16 -07:00
Chelsea Shaw 565871f63c
UI/fix safari oidc login (#11884)
* use window.postMessage instead of localStorage on oidc callback
2021-06-17 15:56:04 -05:00
Theron Voran e47be738b2
docs: update for vault-helm v0.13.0 (#11890) 2021-06-17 12:25:19 -07:00
Brian Kassouf 9dbdc4050d
Diagnose: Skip test-access-storage on raft storage (#11889) 2021-06-17 12:15:19 -07:00
Theron Voran b9d0b1a457
docs: vault-helm license support for enterprise (#11848) 2021-06-17 11:46:21 -07:00
Scott Miller ee0d6603f3
Wire configuration checks into diagnose and fix resulting bugs. (#11854)
* Actually call config.Validate in diagnose

* Wire configuration checks into diagnose and fix resulting bugs.

* go mod vendor

* Merge to vendorless version

* Remove sentinel section to allow diagnose_ok to pass

* Fix unit tests
2021-06-17 13:09:37 -05:00
Hridoy Roy e38f991054
Diagnose checks for raft quorum status and file backend permissions (#11771)
* raft file and quorum checks

* raft checks

* backup

* raft file checks test

* address comments and add more raft and file and process checks

* syntax issues

* modularize functions to compile differently on different os

* compile raft checks everywhere

* more build tag issues

* raft-diagnose

* correct file permission checks

* upgrade tests and add a getConfigOffline test that currently does not work

* comment

* update file checks method signature on windows

* Update physical/raft/raft_test.go

Co-authored-by: Brian Kassouf <briankassouf@users.noreply.github.com>

* raft tests

* add todo comment for windows root ownership

* voter count message

* raft checks test fixes

Co-authored-by: Brian Kassouf <briankassouf@users.noreply.github.com>
2021-06-17 10:04:21 -07:00
Luke Jolly 0779d260ec
Fix error log typo for failing to decrypt keys (#11873) 2021-06-17 10:12:13 -04:00
Jim Kalafut 50ac2d4293
Update website latest version (#11880) 2021-06-16 11:45:41 -07:00
Jim Kalafut d3929969aa
Update changelog for 1.8.0-rc1 and 1.7.3 (#11876) 2021-06-16 11:27:56 -07:00
Loann Le 81994cf795
Added new folder and files for Vault License FAQs (#11809)
* added new files for faqs

* added another question

* fixed a few typos

* Update website/content/docs/enterprise/license/index.mdx

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>

* added a link to FAQs page

* Update index.mdx

* Update website/content/docs/enterprise/license/faqs.mdx

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>

* Update website/content/docs/enterprise/license/faqs.mdx

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>

* Update website/content/docs/enterprise/license/faqs.mdx

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>

* Update website/content/docs/enterprise/license/faqs.mdx

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>

* Update website/content/docs/enterprise/license/faqs.mdx

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>

* Update website/content/docs/enterprise/license/faqs.mdx

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>

* Update website/content/docs/enterprise/license/faqs.mdx

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>

* Update website/content/docs/enterprise/license/faqs.mdx

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>

* Update website/content/docs/enterprise/license/faqs.mdx

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>

* Update website/content/docs/enterprise/license/faqs.mdx

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>

* Update website/content/docs/enterprise/license/faqs.mdx

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>

* Update website/content/docs/enterprise/license/faqs.mdx

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>

* Update website/content/docs/enterprise/license/faqs.mdx

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>

* Update website/content/docs/enterprise/license/faqs.mdx

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>

* Update website/content/docs/enterprise/license/faqs.mdx

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>

* Update website/content/docs/enterprise/license/faqs.mdx

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>

* Update website/content/docs/enterprise/license/faqs.mdx

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>

* Update website/content/docs/enterprise/license/faqs.mdx

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>

* Update website/content/docs/enterprise/license/faqs.mdx

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>

* Update website/content/docs/enterprise/license/faqs.mdx

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>

* incorporated feedback

* Update website/content/docs/enterprise/license/faqs.mdx

Co-authored-by: Jim Kalafut <jkalafut@hashicorp.com>

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>
Co-authored-by: Jim Kalafut <jkalafut@hashicorp.com>
2021-06-16 09:23:05 -07:00
Nick Cabatoff bddd2888e8
Make latency injector duration atomic. This is a prerequisite for a deadlock fix to the ent integ tests. (#11875) 2021-06-16 11:48:39 -04:00
Lars Lehtonen f390cad6e4
vault: fix dropped identity store test errors (#11867) 2021-06-16 11:32:20 -04:00