Commit graph

15431 commits

Author SHA1 Message Date
Chelsea Shaw f6841806f3
UI: Fix metadata tab not showing given policy (#15824)
* Update path that metadata tab checks capabilities against

* Add changelog

* Update test to handle this case

* Fix tests url

Co-authored-by: claire bontempo <68122737+hellobontempo@users.noreply.github.com>
2022-06-07 10:56:44 -05:00
Alexander Scheel 2884141dd9
Add support notes, Entropy Augmentation notes, RH repo (#15843)
* Add support notes, Entropy Augmentation notes, RH repo

This adds a known-panic w.r.t. Entropy Augmentation due to restrictions
in how BoringCrypto's RNG works. Additionally adds the RH Access
container repository and adds a note about restricted support scenarios.

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Wording changes per Scott

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2022-06-07 11:23:26 -04:00
Brian Candler e912ccaa66
Fixes for -listing-visibility flag values in CLI tools (#15838)
See also: #15833, #15209

Signed-off-by: Brian Candler <b.candler@pobox.com>
2022-06-07 09:49:13 -04:00
Tom Proctor 4ee10e4809
docs: Update CSI Provider command line arguments (#15810) 2022-06-07 10:20:47 +01:00
Alexander Scheel ea6452757f
Add parsing for NSS-wrapped Ed25519 keys (#15742)
* Add parsing for NSS-wrapped Ed25519 keys

NSS wraps Ed25519 using the PKCS#8 standard structure. The Go standard
library as of Go 1.18.x doesn't support parsing this key type with the
OID used by NSS; it requires the 1.3.101.112/RFC 8410 format, rather
than the RFC 5915-esque structure supported here.

Co-authored-by: Rachel Culpepper <84159930+rculpepper@users.noreply.github.com>
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add integration test with NSS-created wrapped key

Co-authored-by: Rachel Culpepper <84159930+rculpepper@users.noreply.github.com>
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add changelog

Co-authored-by: Rachel Culpepper <84159930+rculpepper@users.noreply.github.com>
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

Co-authored-by: Rachel Culpepper <84159930+rculpepper@users.noreply.github.com>
2022-06-06 18:09:21 -04:00
modrake 6490a9c1f7
add codeowners to protect release dirs (#15711) 2022-06-06 15:06:49 -07:00
Steven Clark 9a0e4a9c2b
Rename the go version changelog (#15834) 2022-06-06 16:45:12 -04:00
Alexander Scheel b3ad79fb70
Fix listing_visibility value documentation (#15833)
* Match listing_visibility in system/auth with system/mounts

See also: #15209

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Fix path-help for listing_visibility

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2022-06-06 16:44:46 -04:00
Michael Williams 69fbba5a52
Update documentation to reduce confusion about default_extensions. (#14069) 2022-06-06 15:53:05 -04:00
Scott Miller 6bfdfa0a4d
Document Convergent Tokenization and Token Lookup (#15819)
* Document Convergent Tokenization and Token Lookup

* tweaks

* Fix sample response

* Update website/content/api-docs/secret/transform.mdx

Co-authored-by: Matt Schultz <975680+schultz-is@users.noreply.github.com>

* Update website/content/api-docs/secret/transform.mdx

Co-authored-by: Matt Schultz <975680+schultz-is@users.noreply.github.com>

* Update website/content/api-docs/secret/transform.mdx

Co-authored-by: Matt Schultz <975680+schultz-is@users.noreply.github.com>

* Update website/content/api-docs/secret/transform.mdx

Co-authored-by: Matt Schultz <975680+schultz-is@users.noreply.github.com>

* Update website/content/api-docs/secret/transform.mdx

Co-authored-by: Matt Schultz <975680+schultz-is@users.noreply.github.com>

* Update website/content/api-docs/secret/transform.mdx

Co-authored-by: Matt Schultz <975680+schultz-is@users.noreply.github.com>

* Update website/content/docs/secrets/transform/index.mdx

Co-authored-by: Matt Schultz <975680+schultz-is@users.noreply.github.com>

* Update website/content/docs/secrets/transform/tokenization.mdx

Co-authored-by: Matt Schultz <975680+schultz-is@users.noreply.github.com>

* Update website/content/docs/secrets/transform/tokenization.mdx

Co-authored-by: Matt Schultz <975680+schultz-is@users.noreply.github.com>

* Update website/content/docs/secrets/transform/tokenization.mdx

Co-authored-by: Matt Schultz <975680+schultz-is@users.noreply.github.com>

* Update website/content/docs/secrets/transform/tokenization.mdx

Co-authored-by: Matt Schultz <975680+schultz-is@users.noreply.github.com>

* Update website/content/docs/secrets/transform/tokenization.mdx

Co-authored-by: Matt Schultz <975680+schultz-is@users.noreply.github.com>

* Update website/content/docs/secrets/transform/tokenization.mdx

Co-authored-by: Matt Schultz <975680+schultz-is@users.noreply.github.com>

* Update website/content/api-docs/secret/transform.mdx

Co-authored-by: Matt Schultz <975680+schultz-is@users.noreply.github.com>

* Update website/content/docs/secrets/transform/tokenization.mdx

Co-authored-by: Matt Schultz <975680+schultz-is@users.noreply.github.com>

* Update website/content/api-docs/secret/transform.mdx

Co-authored-by: Matt Schultz <975680+schultz-is@users.noreply.github.com>

* update awkward text

Co-authored-by: Matt Schultz <975680+schultz-is@users.noreply.github.com>
2022-06-06 13:34:08 -05:00
Steven Clark a97da32b4b
Update Go to 1.17.11 (#15818)
* Update Go to 1.17.11

 See https://go.dev/doc/devel/release#go1.17.minor for release notes
2022-06-06 13:18:24 -04:00
Angel Garbarino 78c9d3c59a
Move Mfa components to MFA folder (#15813)
* move mfa end user setup

* move remaining files

* fix import on tests
2022-06-06 10:49:03 -06:00
Austin Gebauer 18d25ca4d1
db/snowflake: updates plugin to v0.5.1 (#15814) 2022-06-06 09:28:06 -07:00
Tom Proctor 2f653f0c5d
Ignore CRT builds on docs branches (#15811) 2022-06-06 16:47:55 +01:00
Josh Black 9c48c62d6e
Use the incoming request version to populate follower state (#15806) 2022-06-06 08:44:24 -07:00
Alexander Scheel 54b6cb9afe
Add more documentation on changelogs (#15701)
* Add more documentation on changelogs

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add description of modes
2022-06-06 10:04:48 -04:00
Tom Proctor cf3e245302
Add upgrade and config docs for MSSQL EKM Provider (#13859) 2022-06-06 11:28:48 +01:00
Angel Garbarino 999503c0b5
Glimmer continued (#15786)
* generated item list

* home link glimmerization

* hover copy button

* clean up

* clean up

* copy change
2022-06-03 18:34:42 -06:00
Austin Gebauer 66fae8b72a
secrets/db: fix structpb conversion for external plugins using alternative cred types (#15801) 2022-06-03 16:15:09 -07:00
claire bontempo 55dba55bbe
UI/1.11 client count component tests (#15748)
* add line chart test

* add empty state option to line chart

* add empty state test

* add tooltip coverage

* add test files

* add monthly usage tests

* finish tests

* tidying

* address comments, add average test

* finish tests broken from calendar
2022-06-03 15:47:19 -07:00
Chelsea Shaw 7f7ef1cfe9
UI: calendar widget fix (#15789)
* Months after current are disabled, regardless of endTimeFromResponse

* move tracked values to getters for consistency

* months for widget are calculated in getter and then rendered

* Styling for current month is mix of hover and readonly

* Fix tests

* Add changelog

* Reset display year to endTimeFromResponse on toggle calendar

* update resetDisplayYear and naming

* Add test for displayYear when opened
2022-06-03 14:22:50 -07:00
Chris Capurso 073cd369b6
bump vault-plugin-secrets-kv to v0.12.1 (#15792)
* bump vault-plugin-secrets-kv to v0.12.1

* add changelog entry
2022-06-03 16:01:35 -04:00
Violet Hynes d62b140b7c
VAULT-6371 Fix issue with lease quotas on read requests that generate leases (#15735)
* VAULT-6371 Fix issue with lease quotas on non-auth mounts

* VAULT-6371 Add changelog

* VAULT-6371 Amend changelog given new understanding
2022-06-03 15:45:21 -04:00
Chris Capurso 76bc7a25b8
add missing patch capability to policy docs (#15704) 2022-06-03 15:40:47 -04:00
Kit Haines 4f532ecc4d
Support for CPS URLs in Custom Policy Identifiers. (#15751)
* Support for CPS URLs in Custom Policy Identifiers.

* go fmt

* Add Changelog

* Fix panic in test-cases.

* Update builtin/logical/pki/path_roles.go

Fix intial nil identifiers.

Co-authored-by: Steven Clark <steven.clark@hashicorp.com>

* Make valid policy OID so don't break ASN parse in test.

* Add test cases.

* go fmt.

Co-authored-by: Steven Clark <steven.clark@hashicorp.com>
2022-06-03 14:50:46 -04:00
Arnav Palnitkar f293d112e4
Integration tests for mfa method form (#15777)
* Integration tests for mfa method form

* Fix radio value in tests

* Update tests
2022-06-03 11:08:57 -07:00
VAL 3cfafe619b
KV helpers for DeleteMetadata, Undelete, Destroy, and Rollback (#15637)
* KV helpers for DeleteMetadata, Undelete, Destroy, and Rollback

* Allow rollback when no secret data on latest version, and update error messages
2022-06-03 10:42:43 -07:00
Hridoy Roy e64d7df041
refactor some code in modifyResponseMonths and ensure that the last mo… (#15767)
* refactr some code in modifyResponseMonths and ensure that the last month comparison with end is comparing end of month with end of month

* calibrate end of month apropriately and fix parens issue for lastmonth
2022-06-03 10:34:54 -07:00
Hridoy Roy 671aaf1fe0
iterate through all available logs for precomputation and query gets (#15768) 2022-06-03 09:53:53 -07:00
akshya96 fece4cf9ac
File Audit Mode 0000 bug (#15759)
* adding file mode changes

* add changelog

* adding error

* adding fmt changes
2022-06-03 09:17:41 -07:00
Alexander Scheel 03efc71e62
Update to fixed parseutil v0.1.6 (#15774)
Note that this only really applies to the SSH engine, nothing else uses
this helper. Other go.mod's updated for consistency.

See also: https://github.com/hashicorp/go-secure-stdlib/pull/40

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2022-06-02 17:31:45 -04:00
Angel Garbarino 178292f807
Glimmerize components using outer-html (#15744)
* alert-popup glimmerize:

* glimmerize block-error

* logo splash and wizard section

* remove template only

* pr comments
2022-06-02 14:40:17 -06:00
Angel Garbarino dc2f1f98b2
Glimmerizing StatusMenu/SelectableCard/PkiCertPopup (#15716)
* glimmerize status-menu

* selectable card start

* finish selectable card

* test fix

* pki-cert-popup glimmerize

* cleanup

* small fix

* nit

* one more nit

* pr comments
2022-06-02 14:40:04 -06:00
Chelsea Shaw c67f4927b2
Revert UI: replace localStorage with sessionStorage (#15769)
* Revert UI: replace localStorage with sessionStorage

* Add changelog
2022-06-02 15:19:57 -05:00
Nick Cabatoff c15f524993
Add details to CHANGELOG and 1.10 upgrade note regarding new 412 error response resulting from SSCTs. (#15770) 2022-06-02 16:16:28 -04:00
Loann Le e576a8fc48
update sample code (#15765) 2022-06-02 10:58:50 -07:00
Alexander Scheel 9a3a7d40ca
Fix copy/paste typo in PKI key generation docs (#15761)
As caught by Ivana, thank you!

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2022-06-02 13:21:35 -04:00
Loann Le 6201506456
added link to tutorial (#15762) 2022-06-02 10:15:21 -07:00
Steven Clark 0b6781e3b9
PKI: Only set issuers with an associated key as default on import (#15754)
- Do not set the first issuer we attempt to import as the default issuer unless
   it has a corresponding key.
 - Add the ability to set a default issuer if none exist and we import it's corresponding key after the fact.
 - Add a warning to an end-user if we imported multiple issuers with keys and we
   choose one of them as the default value.
2022-06-02 12:59:07 -04:00
Alexander Scheel ab10435ab7
More PKI docs updates (#15757)
* Add missing key_ref parameter to gen root docs

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add API docs section on key generation

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add note about managed key access

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2022-06-02 12:42:56 -04:00
Arnav Palnitkar ad1796680e
Fixed mfa method acceptance tests (#15756) 2022-06-02 10:33:24 -06:00
Loann Le da09b3d62d
Vault documentation: vault overview page proposal (#15569)
* updated vault overview page

* add images

* replace the image with clearer one

* removed video

* testing image size

* modified based on writer feedback

* Add more description about HCP Vault (#15588)

* added more content

* testing diagram size

* added new image file

* marketing-modified-image

* cleaned up text

* updated link

* Update what-is-vault.mdx

updated text

* incorporated feedback

* Update website/content/docs/what-is-vault.mdx

Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>

* Update website/content/docs/what-is-vault.mdx

Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>

* Update website/content/docs/what-is-vault.mdx

Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>

* Update website/content/docs/what-is-vault.mdx

Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>

* Update website/content/docs/what-is-vault.mdx

Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>
Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
2022-06-01 15:32:30 -07:00
Christopher Swenson 9de0dbaef9
Add note about X.509 SHA-1 deprecation to relevant plugins (#15672)
Add note about X.509 SHA-1 deprecation to relevant plugins

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>
2022-06-01 12:41:11 -07:00
Arnav Palnitkar 5bd83196dc
Option to show radio button in form field (#15715)
* Option to show radio button in form field

- For possible value, now we can render either dropdown or radio buttons
- Drop down will be used for larger data set, whereas radio buttons should
  be used when we have only couple of options (example totp mfa)
- Added test for radio button functionality
- Added missing test for ttl without toggle

* Dasherize radio button ids

* Fix tests
2022-06-01 12:10:15 -07:00
Steven Clark 95b1971193
Only use additional entropy source when configured within transit and sys random (#15734)
- When an end-user specifies the all source type within
   transit/random and sys/tools/random, only use the additional source
   if we are actually configured with an external entropy source
2022-06-01 14:56:39 -04:00
claire bontempo c07ab7047e
UI/1.11 client tests (#15658)
* date formatters test

* add mirage to client history test

* use mirage for client tests

* update assertions

* convert to using pretender

* finish client history tests

* remove pretender, use mirage

* re-add flaky test

* add todos

* finish tests

* update month response

* update plot count
2022-06-01 11:42:05 -07:00
Hridoy Roy a5f70d7fe0
fix off by one error in activity log nil padding for month data (#15731) 2022-06-01 11:09:06 -07:00
Christopher Swenson a49f1b9e6b
Update AWS auth method certificates (#15719)
Update AWS auth method certificates

Add tests that the `rsa2048` document can also be verified using the
`pkcs7` field for AWS auth.

Due to the use of SHA-1-based signatures for the `identity` and `pkcs7`
methods, we want to encourage moving toward using the RSA 2048 workflow,
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/verify-rsa2048.html

This doesn't require code changes for Vault necessarily, but adding in
the (many) certificates will help end users.

Also adds `rsa2048` option to API to fetch the RSA 2048 signature.

I will make a PR to update to the AWS auth docs to document the RSA 2048
flow soon after this.
2022-06-01 10:26:17 -07:00
amcbarnett 413cc2e4c0
Update fips1402.mdx (#15598)
* Update fips1402.mdx

Added Link to new Compliance letter and details on what makes this different from Seal Wrap

* Update website/content/docs/enterprise/fips/fips1402.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* Update website/content/docs/enterprise/fips/fips1402.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* Update website/content/docs/enterprise/fips/fips1402.mdx

* Update website/content/docs/enterprise/fips/fips1402.mdx

* Update website/content/docs/enterprise/fips/fips1402.mdx

* Update website/content/docs/enterprise/fips/fips1402.mdx

* Update website/content/docs/enterprise/fips/fips1402.mdx

Co-authored-by: Alexander Scheel <alexander.m.scheel@gmail.com>
Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>
2022-06-01 11:02:11 -04:00
VAL ed7c1d4800
Add Patch KV helper (#15587)
* Add Read methods for KVClient

* KV write helper

* Add changelog

* Add Delete method

* Use extractVersionMetadata inside extractDataAndVersionMetadata

* Return nil, nil for v1 writes

* Add test for extracting version metadata

* Split kv client into v1 and v2-specific clients

* Add ability to set options on Put

* Add test for KV helpers

* Add custom metadata to top level and allow for getting versions as sorted slice

* Update tests

* Separate KV v1 and v2 into different files

* Add test for GetVersionsAsList, rename Metadata key to VersionMetadata for clarity

* Move structs and godoc comments to more appropriate files

* Add more tests for extract methods

* Rework custom metadata helper to be more consistent with other helpers

* Remove KVSecret from custom metadata test now that we don't append to it as part of helper method

* Add Patch KV helper

* Add godoc comment and use WithOption ourselves in other KVOption functions

* Clean up options-handling and resp parsing logic; add more tests

* Add constants and more patch tests
2022-06-01 07:50:56 -07:00