Commit graph

17106 commits

Author SHA1 Message Date
Violet Hynes a2f457e10c
VAULT-12940 Vault Agent uses Vault Agent specific User-Agent header when issuing requests (#19776)
* VAULT-12940 test for templating user agent

* VAULT-12940 User agent work so far

* VAULT-12940 Vault Agent uses Vault Agent specific User-Agent header when issuing requests

* VAULT-12940 Clean-up and godocs

* VAULT-12940 changelog

* VAULT-12940 Fix test checking headers

* VAULT-12940 Fix test checking headers

* VAULT-12940 Fix test checking headers

* VAULT-12940 Fix test checking headers

* VAULT-12940 copy/paste typos

* VAULT-12940 improve comments, use make(http.Header)

* VAULT-12940 small typos and clean-up
2023-04-03 14:14:47 -04:00
Alain Chiasson 9ee73e38fb
Update replication-dr.mdx (#19604)
In testing, disabling the dr secondary requires a DR Operations token, not a vault token.
2023-04-03 13:35:16 -04:00
Marc Boudreau 1bcaa0c0d9
Add dependabot Configuration (#19792)
* add dependabot configuration

* Add missing newline at end of file

Co-authored-by: Kuba Wieczorek <kuba.wieczorek@hashicorp.com>

---------

Co-authored-by: Kuba Wieczorek <kuba.wieczorek@hashicorp.com>
2023-04-03 12:29:11 -04:00
Peter Wilson a2bdf7250b
VAULT-14048: raft-autopilot appears to refuse to remove a node which has left and wouldn't impact stability (#19472)
* ensure we supply the node type when it's for a voter
* bumped autopilot version back to v0.2.0 and ran go mod tidy
* changed condition in knownservers and added some comments
* Export GetRaftBackend
* Updated tests for autopilot (related to dead server cleanup)
* Export Raft NewDelegate

Co-authored-by: Nick Cabatoff <ncabatoff@hashicorp.com>
2023-04-03 11:58:57 -04:00
Marc Boudreau 6e2f1cdcaf
fix inconsistencies in test-go.yml between OSS and ENT repositories (#19943) 2023-04-03 10:26:55 -04:00
Steven Clark 8ddead7a17
Rework the ACME test suite to use full Vault cluster to validate behavior (#19874)
- Instead of using tests that just test the plugin storage/interface
   layer, use a full Vault instance to validate that we can send/receive
   the proper headers and responses back to a client.
 - Found an issue with HEAD new-nounce api calls returning 500 errors.
 - Add the /acme/ suffix to the baseUrl in the acme context so we don't
   have to keep adding it a bit everywhere.
2023-04-03 09:38:20 -04:00
Steven Clark b1c557bd73
Extend expiration of diagnose test-fixture certificate (#19868)
- Regenerated with
    - openssl x509 -x509toreq -in xxx.crt -signkey xxx -out xxx.csr
    - openssl x509 -req -in xxx.csr -signkey xxx.pem -days 18250 -out xxx.crt
2023-04-03 09:34:58 -04:00
claire bontempo 069b00b031
UI: pki rotate root cert (#19739)
* add rotate root route

* add page component

* add modal

* fix modal image styling

* add radio buttons

* add jsonToCert function to pki parser

* add verify function

* add verify to details route

* nest rotate-root under issuer/

* copy values from old root ca

* pull detail info rows into a separate component

* add type declaration files

* add parsing error warning to rotate root component file

* add comments

* add capabilities to controller

* update icon

* revert issuer details

* refactor pki info table rows

* add parsedparameters to pki helper

* add alert banner

* update attrs, fix info rows

* add endpoint to action router

* update alert banner

* hide toolbar from generate root display

* add download buttons to toolbar

* add banner getter

* fix typo in issuer details

* fix assertion

* move alert banner after generating root to parent

* rename issuer index route file

* refactor routing so model can be passed from route

* add confirmLeave and done button to use existin settings done form

* rename serial number to differentiate between two types

* fix links, update ids to issuerId not response id

* update ts declaration

* change variable names add comments

* update existing tests

* fix comment typo

* add download button test

* update serializer to change subject_serial_number to serial_number for backend

* remove pageTitle getter

* remove old arg

* round 1 of testing complete..

* finish endpoint tests

* finish component tests

* move toolbars to parent route

* add acceptance test for rotate route

* add const to hold radio button string values

* remove action, fix link
2023-03-31 15:47:23 -06:00
Chelsea Shaw 0eac17a91f
UI: Remove custom service (#19925) 2023-03-31 21:27:20 +00:00
Alexander Scheel a94541080f
Clarify that other operations run while tidy is paused (#19914)
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2023-03-31 16:09:37 -04:00
Mike Baum 38101792cb
Download Application log files and upload as an artifact when enos scenarios fail (#19860) 2023-03-31 14:31:35 -04:00
Kuba Wieczorek 77105a27bd
Add DataDog test visibility to the test-go job in CI (#19890) 2023-03-31 18:15:57 +01:00
Jaymala 6a62e99fdd
[QT-488] Fix Enos testing workflow name (#19905)
Signed-off-by: Jaymala Sinha <jaymala@hashicorp.com>
2023-03-31 13:15:19 -04:00
Marc Boudreau 4528689486
use correct commit hash from latest branch of browser-actions/setup-chrome (#19876) 2023-03-31 12:17:16 -04:00
John-Michael Faircloth 72f5ed8fe1
fix race condition in string generator helper (#19875)
* fix race condition in string generator helper

* add changelog
2023-03-31 15:19:45 +00:00
miagilepner de56c728a1
VAULT-13191: OSS changes (#19891)
* add open source changes for reporting

* fix function signature

* add changelog
2023-03-31 15:05:16 +00:00
Max Coulombe af20d4a6aa
Bumping ad dependencies (#19829)
* bumping ad dependencies
2023-03-31 11:01:02 -04:00
Jaymala 337adbb4c9
Add workflow summary to Enos tests (#19858)
* Add workflow summary to Enos tests

Signed-off-by: Jaymala Sinha <jaymala@hashicorp.com>

* Fix GHA lint errors for setup outputs

Signed-off-by: Jaymala Sinha <jaymala@hashicorp.com>

---------

Signed-off-by: Jaymala Sinha <jaymala@hashicorp.com>
2023-03-31 09:21:08 -04:00
Mark Lewis d90f6daee9
Update kubernetes.mdx (#19567)
Correct 2 typos
2023-03-30 16:42:25 -07:00
Mark Lewis b4fe913795
Fix broken link to counters API doc (#19491)
* Fix broken link to counters API doc

* Fix broken link fix
2023-03-30 16:41:23 -07:00
Anthony Burke 95472e0ae5
fixes oracle plugin whitespace (#19470) 2023-03-30 16:40:25 -07:00
Chip Stepowski 256e20e862
Added note about Autopilot default values. (#19515)
* Added note about Autopilot default values.

* Update website/content/docs/concepts/integrated-storage/autopilot.mdx

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>

---------

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>
2023-03-30 16:30:29 -07:00
Kuba Wieczorek bbeb8b8a47
Update the if conditions for test-go jobs in CI (#19809)
* Update the if conditions for test-go jobs in CI

* Fix errors in comments

* Update the if condition for the UI tests
2023-03-30 16:27:42 -04:00
Kuba Wieczorek 818d89645b
Make the suffix for CI Go test matrix jobs optional (#19752) 2023-03-30 15:09:57 -04:00
Milena Zlaticanin 73edda4d1f
secrets/mongodbatlas: upgrade dependencies (#19861)
* secrets/mongodbatlas: upgrade dependencies

* add changelog
2023-03-30 11:24:31 -07:00
Kuba Wieczorek 312b6d3c82
Update tests-completed job in CI to appear as success when one of the… (#19806)
* Update tests-completed job in CI to appear as success when one of the required checks is skipped (but not cancelled)

* Fix typo in tests-completed

---------

Co-authored-by: Marc Boudreau <marc.boudreau@hashicorp.com>
2023-03-30 14:24:05 -04:00
Anton Averchenkov 1b8dd129ab
Remove 'oidc' from gen_openapi.sh (#19839) 2023-03-30 13:38:56 -04:00
Angel Garbarino 150ee4b93d
quick fix disabling linting error (#19830) 2023-03-30 17:33:49 +00:00
Kuba Wieczorek 71c54c909d
Add larger runners for CI (#19857) 2023-03-30 17:58:32 +01:00
Kuba Wieczorek 61254d9af8
Add a new category of runners to the CI workflow… (#19807)
* Add a new category of runners to the CI workflow; use new, dedicated runners on OSS; adjust runner sizes for jobs

Co-authored-by: Marc Boudreau <marc.boudreau@hashicorp.com>
2023-03-30 16:41:40 +01:00
Peter Wilson 538e66ffea
Add available types to API documentation for enable audit (#19850) 2023-03-30 15:30:35 +00:00
John-Michael Faircloth ebd97f1fb2
plugin/secrets/alicloud: upgrade dependencies (#19846)
* plugin/secrets/alicloud: upgrade dependencies

* add changelog
2023-03-30 11:11:15 -04:00
Kit Haines d2ecf8ffc5
Add PKI-CLI to docs (#19669)
* Add pki-cli docs.

* Tiny updates.

* Whitespace fix, include description

* Closing-tags.

* Update website/content/docs/commands/pki/verify-sign.mdx

Title Code as Shell

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>

* Update website/content/docs/commands/pki/reissue.mdx

Title More Code as Shell

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>

* Update website/content/docs/commands/pki/list-intermediates.mdx

Title code block as shell

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>

* Update website/content/docs/commands/pki/issue.mdx

Title code-block as shell

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>

* Apply suggestions from code review

Label Code-Blocks as Shell-Session

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>

* Apply suggestions from code review

Comma and Period Changes.

Co-authored-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Apply suggestions from code review

ascheels highlighting-1

Co-authored-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Fix highlighting throughout.

* Update website/content/docs/commands/pki/list-intermediates.mdx

Co-authored-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Update website/content/docs/commands/pki/reissue.mdx

Clarifying note on why unknown fields might be there.

Co-authored-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Update website/content/docs/commands/pki/reissue.mdx

cipherboy request

Co-authored-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add Key-ID RFC link.

* k=v add link

* correct link

---------

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>
Co-authored-by: Alexander Scheel <alex.scheel@hashicorp.com>
2023-03-30 07:31:48 -04:00
Alexander Scheel 733e851c51
Remove acme from CI test_packages (#19841)
Of course, forgetting to add it, I forgot to remove it...

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2023-03-30 07:20:58 -04:00
Calvin Leung Huang cf99323884
changelog: updates for 1.13.1, 1.12.5, 1.11.9 (#19834) 2023-03-29 16:14:38 -07:00
Theron Voran f0391962a2
docs/vault-secrets-operator: update for beta install (#19835)
Update the helm commands to work with the beta release.
2023-03-29 22:51:34 +00:00
Alexander Scheel b4c3aca7a1
Merge ACME package back into the PKI package (#19826)
* Squash pki/acme package down to pki folder

Without refactoring most of PKI to export the storage layer, which we
were initially hesitant about, it would be nearly impossible to have the
ACME layer handle its own storage while being in the acme/ subpackage
under the pki package.

Thus, merge the two packages together again.

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Properly format errors for missing parameters

When missing required ACME request parameters, don't return Vault-level
errors, but drop into the PKI package to return properly-formatted ACME
error messages.

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Error type clarifications

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Fix GetOk with type conversion calls

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

---------

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2023-03-29 21:08:31 +00:00
Brian Shumate f4fbca8050
Docs: API: Update token_period description (#19821)
- Clarify token_period per feedback in SPE-34
2023-03-29 13:53:16 -07:00
Ben Ash 7322dd952b
Add vault-secrets-operator beta docs. (#19827)
Co-authored-by: Kyle Schochenmaier <kschoche@gmail.com>
Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com>
Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>
2023-03-29 20:33:06 +00:00
Alexander Scheel 73c468787b
Add ACME new account creation handlers (#19820)
* Identify whether JWKs existed or were created, set KIDs

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Reclassify ErrAccountDoesNotExist as 400 per spec

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add additional stub methods for ACME accounts

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Start adding ACME newAccount handlers

This handler supports two pieces of functionality:

 1. Searching for whether an existing account already exists.
 2. Creating a new account.

One side effect of our JWS parsing logic is that we needed a way to
differentiate between whether a JWK existed on disk from an account or
if it was specified in the request. This technically means we're
potentially responding to certain requests with positive results (e.g.,
key search based on kid) versus erring earlier like other
implementations do.

No account storage has been done as part of this commit.

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Unify path fields handling, fix newAccount method

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

---------

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2023-03-29 19:06:09 +00:00
Mike Palmiotto 853e0e0fc1
changelog: Drop entry for no-op (#19819) 2023-03-29 14:53:49 -04:00
Steven Clark 91d1628bb5
Initial ACME new-nonce API (#19822)
* Initial ACME new-nonce API implementation

* Return proper HTTP status codes for ACME new-nonce API handler
2023-03-29 18:22:48 +00:00
Robert 71071fd954
docs: Change wording for AssumeRole permissions in AWS secrets (#19823)
Co-authored-by: wernerwws <wernerwws@users.noreply.github.com>
2023-03-29 13:03:26 -05:00
Steven Clark bc57865998
PKI: Initial ACME directory API support (#19803)
* PKI: Initial ACME directory API support along with basic tests for error handler and the directory itself across various paths.
2023-03-29 16:29:19 +00:00
vinay-gopalan f2a4b23b7f
Update pseudo-version for Secrets Terraform plugin (#19798) 2023-03-29 09:01:35 -07:00
Alexander Scheel e95fadd8f0
Add mechanism to disable automatic rollbacks (#19748)
When testing the rollback mechanism, there's two categories of tests
typically written:

 1. Ones in which the rollback manager is entirely left alone, which
    usually are a bit slower and less predictable. However, it is still
    sufficient in many scenarios.
 2. Ones in which the rollback manager is explicitly probed by tests
    and "stepped" to achieve the next rollback.

Here, without a mechanism to fully disable the rollback manager's
periodic ticker (without affecting its ability to work!) we'll continue
to see races of the sort:

>     --- FAIL: TestRevocationQueue (50.95s)
>     panic: sync: WaitGroup is reused before previous Wait has returned [recovered]
>         panic: sync: WaitGroup is reused before previous Wait has returned

This allows us to disable the ticker, returning control to the test
suite entirely.

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2023-03-29 08:59:01 -04:00
Raymond Ho 554674fb59
add docs for VAULT_RUN_MODE (#19808) 2023-03-28 21:18:45 -07:00
claire labry 2531f721c7
fix github ref (#19805)
* fix github ref

* udpate comment
2023-03-28 15:59:27 -05:00
Alexander Scheel 27f670abd5
Tighten JWS algorithm lists (#19797)
* Add new PKI ACME subpackage to test_packages list

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Restrict JWS keys to specified algorithms

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

---------

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2023-03-28 20:49:07 +00:00
Chelsea Shaw 6d19f47732
UI: Remove out of date blueprint (#19795) 2023-03-28 14:59:54 -05:00