Commit graph

13829 commits

Author SHA1 Message Date
John-Michael Faircloth 39c744ca4e
identity: do not allow a role's token_ttl to be longer than verification_ttl (#12151)
* do not allow token_ttl to be longer than verification_ttl

* add verification when updating an existing key

When updating a key, ensure any roles referencing the key do not already
have a token_ttl greater than the key's verification_ttl

* add changelog

* remove unneeded UT check and comment

* refactor based on PR comments

- remove make slice in favor of var delcaration
- remove unneeded if check
- validate expiry value during token generation
- update changelog as bug

* refactor get roles referencing target key names logic

* add note about thread safety to helper func

* update func comment

* sort array and refactor func names

* add warning to return response

* remove unnecessary code from unit test

* Update vault/identity_store_oidc.go

Co-authored-by: Austin Gebauer <34121980+austingebauer@users.noreply.github.com>

Co-authored-by: Austin Gebauer <34121980+austingebauer@users.noreply.github.com>
2021-07-28 20:34:52 -05:00
Pratyoy Mukhopadhyay fa29e780f0
[NO-TICKET] Upgrade protoc-gen-go to 1.26, upgrade protoc to 3.17.3 (#12171)
* [NO-TICKET] Set protoc-gen-go to 1.23, upgrade protoc to 3.17.3

* [NO-TICKET] Upgrade version of protoc-gen-go to 1.26
2021-07-28 14:51:36 -07:00
Lars Lehtonen 7f6602d017
builtin/credential/cert: fix dropped test error (#12184) 2021-07-28 13:19:23 -07:00
SaintMalik 4223ddf6fd
Docs: Fix broken link (#12192)
* Docs: Fix broken link

What does this PR do

Fix dead or broken links in this docs page, making navigation easy for others.

* fixing broken link

* fixing broken links
2021-07-28 13:18:54 -07:00
akosuadenell 5f57fa205f
Update template.mdx (#11913)
Deleted duplicate text
2021-07-28 11:54:15 -07:00
Mike Green 94689c9fe5
Update license.mdx (#10841)
Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>
2021-07-28 11:50:30 -07:00
Jim Kalafut f503946568
Add website redirect to fix faqs -> faq issue (#12195) 2021-07-28 09:37:21 -07:00
Jim Kalafut cabeaa5af4
Update website download link (#12187) 2021-07-28 08:54:39 -07:00
Jim Kalafut 64b7f8eb1a
Add 1.8 release notes (#12190) 2021-07-28 08:54:09 -07:00
Jim Kalafut a0082b4b5b
Update changelog for 1.8 release (#12189) 2021-07-28 08:51:49 -07:00
Jim Kalafut f86cede572
Add 1.8 upgrade guide (#12186) 2021-07-28 08:46:40 -07:00
Scott Miller 653bfef52e
Forward cert signing requests to the primary on perf secondaries as well as perf standbys (#12180) 2021-07-28 10:21:01 -05:00
Bryce Kalow 45dfa2dd02
web: migrate to web platform- packages (#12118)
* migrate usages of nextjs-scripts to platform packages

* Updates hashi packages
2021-07-27 18:43:40 -04:00
claire bontempo 23001efffe
UI: minor typo changes/fixes (#12181)
* removes redundant .scss

* fixes typo

* clarifies storybook
2021-07-27 12:43:39 -07:00
Nick Cabatoff a8422dba4e
Log shipper changes came in 1.7.0. (#12179) 2021-07-27 13:42:06 -04:00
John-Michael Faircloth fa9c5dc67c
docs: Update Database Capabilities to include username customization (#12172)
* docs: Update Database Capabilities to include username customization

* add operator/diagnose to the index file
2021-07-27 10:33:12 -05:00
claire bontempo ea65001679
removes shadow line for secret form key/value input fields (#12164) 2021-07-27 08:18:37 -07:00
Nick Cabatoff 6016e86115
Fix vault debug so that captured logs include newlines. (#12175) 2021-07-27 09:15:24 -04:00
Nick Cabatoff 03b2208f04
Pin RabbitMQ and Cassandra docker image versions (#12174)
* Work around rabbitmq regression with UserInfo.Tags in rabbitmq 3.9: use v3.8 docker image in tests.

* Also pin cassandra docker image version to 3.11 (4.00 was making tests fail)
2021-07-27 08:45:32 -04:00
Bartek d3df499b8c
Disable 'You will not be able to access these later' warning for static database credentials (#12148) 2021-07-26 11:40:15 -07:00
Hridoy Roy fff7dc7a40
Diagnose docs + changelog (#12159)
* save

* diagnose docs

* changelog

* changelog formatting
2021-07-26 08:45:12 -07:00
Nick Cabatoff f7ecb978a6
Use a mode when opening the db file that won't result in excessive perms. (#12160) 2021-07-23 13:43:50 -04:00
Angel Garbarino 5181d024f7
Add fallback font for masked-input (#12152)
* add fallback font for higher unicode coverage

* remove extra mixin and fix color issue that was not working on binary
2021-07-23 10:11:53 -06:00
Bryce Kalow d2fe8efa58
website: fix release notes link (#12145) 2021-07-23 09:54:11 -04:00
Arnav Palnitkar c71a6b6312
Update node to latest stable version (#12049)
* Update node to latest stable version

- v10 has reached EOL so upgrading node to v14 which is the latest
stable build

* Added changelog

* Resolve merge conflicts
2021-07-22 14:09:12 -07:00
Pratyoy Mukhopadhyay 11a3c3d72d
[VAULT-2807] Count entity tokens on use (#12153) 2021-07-22 14:01:49 -07:00
Mike Green ac37d0e5a9
Clarify sudo req'd for remount (#12139) 2021-07-22 16:09:26 -04:00
Jacob e579cf4ad1
docs/update replication seal table (#12147)
* Update replication.mdx 

Add separate secondary seal and recovery key columns to better distinguish what is updated in each scenario.

* Update replication.mdx, fix caps.
2021-07-22 15:41:36 -04:00
Nicholas Seemiller 87ff4bfac8
Create Kubernetes Namespace (#11902)
If you're setting up vault for the first time on a cluster, the namespace may not exist.

Add a step to create the namespace.
2021-07-22 15:41:22 -04:00
Nick Cabatoff 20a8bb3a49
changelog++ (#12144) 2021-07-21 16:35:47 -04:00
Romain Aviolat c76a4e8bd1
fix: typo in function documentation (#11852) 2021-07-21 13:21:45 -07:00
Tor E Hagemann de2ee46525
fix: print consul svc addr in debug log (#12115)
* fix: print consul svc addr in debug log

* fix: add small change log 12115.txt
2021-07-21 13:12:49 -07:00
Nick Cabatoff 9a26209a9d
Fix a couple of broken links to api docs. (#12143)
* Fix a couple of broken links to api docs.

* Qualify deprecation.
2021-07-21 13:09:32 -07:00
claire bontempo b05ffa88d5
Improve Secret Empty States (#12084)
* adds conditional to render 'minus plain' icon when key doesn't exist

* shows a hyphen when KV secret doesn't have a key and/or value

* fixes tests
2021-07-21 12:47:52 -07:00
Meggie 892545e41d
Document timeout setting for raft snapshots (#12140)
* Document timeout setting for raft snapshots

We don't usually put this kind of information in the documentation, but
we are aware that snapshots can be slow and I could see this message
saving someone a lot of time. Open to closing this PR though if we
definitely don't want this kind of documentation.

* Fixing link
2021-07-21 15:14:08 -04:00
John-Michael Faircloth 877b8166f2
docs: Update Database Capabilities to include username customization (#12130)
* Update Database Capabilities docs page to include username customization column

* fix elasticdb entry, yes for 1.8+
2021-07-21 13:24:22 -05:00
Jeff Mitchell 33ff878946
Move awsutil over to the go-secure-stdlib version (#12128)
Unlike the other libraries that were migrated, there are no usages of
this lib in any of our plugins, and the only other known usage was in
go-kms-wrapping, which has been updated. Aliasing it like the other libs
would still keep the aws-sdk-go dep in the sdk module because of the
function signatures. So I've simply removed it entirely here.
2021-07-20 20:42:00 -04:00
Nick Cabatoff 9db6e16a2a
Document bootstrap API. (#12132) 2021-07-20 18:24:49 -04:00
Calvin Leung Huang 185905d110
docs: remove username_template until after Vault 1.8 (#12129) 2021-07-20 11:46:09 -07:00
Lars Lehtonen a9153d7348
builtin/logical/database: fix dropped test errors (#12123) 2021-07-20 11:13:50 -07:00
Jeff Mitchell fb473a8b9b
Swap out stepwise for external repo version (#12089) 2021-07-20 13:20:23 -04:00
vinay-gopalan 859b60cafc
[VAULT-1969] Add support for custom IAM usernames based on templates (#12066)
* add ability to customize IAM usernames based on templates

* add changelog

* remove unnecessary logs

* patch: add test for readConfig

* patch: add default STS Template

* patch: remove unnecessary if cases

* patch: add regex checks in username test

* patch: update genUsername to return an error instead of warnings

* patch: separate tests for default and custom templates

* patch: return truncate warning from genUsername and trigger a 400 response on errors

* patch: truncate midString to 42 chars in default template

* docs: add new username_template field to aws docs
2021-07-20 09:48:29 -07:00
Chelsea Shaw 4a9669a1bc
UI/database cg read role (#12111)
* Add type param to secret show, handle CG in database role show

* If roleType is passed to credential, only make one creds API call

* Clean up db role adapter and serializer

* url param roleType passed to credentials call

* Role list capabilities check for static and dynamic separately

* Add changelog

* Consistent adapter response for single or double call

* Prioritize dynamic response if control group on role/creds
2021-07-20 11:28:44 -05:00
swayne275 ed361ee8da
Fix minor typo in Internals/Plugins documentation (#12113)
* fix minor plugin doc typo

* fix limits of of typo and related

* forgot to save on this typo fix
2021-07-20 07:21:24 -06:00
Nick Cabatoff e98b45fc79
Fix license expiration metric name in docs. (#12125) 2021-07-19 19:19:32 -04:00
Pratyoy Mukhopadhyay 3990446e46
Update some metric types, fix some wording (#12122) 2021-07-19 14:54:24 -07:00
Ben Ash e899e2adfa
Add ability to optionally clone an api.Client's headers (#12117) 2021-07-19 17:15:31 -04:00
Meggie 08de78aedd
Elaborating on telemetry persistence (#12119)
* Elaborating on telemetry persistence

Some users understand how an aggregator relates to Vault telemetry, and
some users are approaching this concept for the first time. Those newer
to the concepts benefit from some extra clarification that the metrics
sourced directly from Vault aren't stored anywhere.

Sources:
https://prometheus.io/docs/concepts/metric_types/
https://github.com/OpenObservability/OpenMetrics/blob/main/specification/OpenMetrics.md
https://docs.splunk.com/observability/metrics-and-metadata/metric-types.html

* Updated summary note
2021-07-19 16:12:29 -04:00
Austin Gebauer f7586e475d
changelog: update feature formatting for gcp and key management secrets (#12120) 2021-07-19 12:16:27 -07:00
Jason O'Donnell afc33ba7aa
Change changelog type for openldap bug fix (#12112) 2021-07-16 16:37:21 -04:00