* Add support for client certificates to -output-curl-string
I did not write tests for this feature as -output-curl-string was not
already tested and this is a simple change. Because the name of the
certificates would be lost once loaded I added fields to Config to keep
track of them. I did not add a public method for the user to set them
explicitely as I don't think anyone would need this functionnality
outside of the Vault CLI.
Closes https://github.com/hashicorp/vault/issues/13376
* Add changelog
* Add lock in ConfigureTLS
* Fix upndomain bug causing alias name to change
* Fix nil map
* Add changelog
* revert
* Update changelog
* Add test for alias metadata name
* Fix code comment
* Accept both -f and --force in the web terminal
This aligns the behavior of the web terminal with the `vault write ...`
command to make it a bit more user friendly.
* Add changelog
* Use === instead of ==
* Add auto_rotate_interval field to transit key creation path.
* Add auto_rotate_interval field to transit key config update path.
* Implement transit automatic key rotation on an hourly interval.
* Fixes transit key autorotation key listing typo.
* Add unit tests for transit key autorotation.
* Add unit tests for transit key creation with autorotation interval.
* Add unit tests for transit key config update with autorotation interval.
* Document new auto_rotate_interval fields in key creation and key config update endpoints.
* Add changelog for transit key autorotation.
* Wrap individual transit key autorotation in a policy lock.
* Add a safeguard to transit key autorotation to ensure only one execution happens simultaneously.
"algorithm_signer": "rsa-sha2-256"
to prevent /var/log/auth.log `userauth_pubkey: certificate signature algorithm ssh-rsa: signature algorithm not supported [preauth]` due to vault defaulting to ssh-rsa which is insecure
* docs: add known issues section to 1.9.x upgrade guide
* minor rephrasing on oidc known issue
* use relative references for URLs
* Update website/content/docs/upgrading/upgrade-to-1.9.x.mdx
Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com>
* update known issues section for id token
Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com>
In doing some testing I found that the listener clusteraddr isn't really used, or at least isn't as important as the top-level clusteraddr setting. As such, go-sockaddr templating needs to be implemented for the top-level `cluster_addr` setting or it's unusable for HA.
Also fix a nil pointer panic I discovered at the same time.
* makes more mock data
* sort month by clients
* fix mock data
* fix typo
* adds serializer for payload to format data for charts
* remove console logs
* change key from month_year to timestamp
* add comments/todos
* change dates to UTC iso timestamp
* revert serializer changes - moving to a new PR
* fire off network for query with Start time from license and return endDate and display
* startDate
* comment change
* saving wip
* change from startDate to startTime
* comment cleanup
* Address comments
* fixing small comments
The auth/token/revoke will not error out if the token does not exists, it
always tries to revoke the token and return success to the client whether
or not the token exists. This makes the behavior of
auth/token/revoke-accessor coherent with this and remove the need to
check whether the token still exists.
* auth/kubernetes: support for short-lived tokens
* Uplift new version of Kubernetes auth plugin that does not store the
service account token persistently to Vault storage.
* Update the documentation to recommend local token again when running
Vault inside cluster.
Signed-off-by: Tero Saarni <tero.saarni@est.tech>
* Added changelog entry
Signed-off-by: Tero Saarni <tero.saarni@est.tech>
* clarification to changelog entry, executed go mod tidy
* clarifications and added targeted release version
* distinguish between single month and range attribution views, add export csv modal and action
* adds activity handler for mirage testing with client count work against new API
* adds class for grey subtitle in modal
* akes data detail titles dynamic
* fix passing of glyph type
* clarify mirage responses
* cleanup todos
* go get vault-plugin-secrets-kv@vault-4290-patch-metadata
* add kv metadata patch command
* add changelog entry
* success tests for kv metadata patch flags
* add more kv metadata patch flags tests
* add kv metadata patch cas warning test
* add kv-v2 key metadata patch API docs
* add kv metadata patch to docs
* prevent unintentional field overwriting in kv metadata put cmd
* like create/update ops, prevent patch to paths ending in /
* fix kv metadata patch cmd in docs
* fix flag defaults for kv metadata put
* go get vault-plugin-secrets-kv@vault-4290-patch-metadata
* fix TestKvMetadataPatchCommand_Flags test
* doc fixes
* go get vault-plugin-secrets-kv@master; go mod tidy
* use GetOkErr in patch handler so unknown fields result in error response
* do not error on unknown fields for patch handling
* godoc update for HandlePatchOperation
* Remove unnecessary branch filters; we rely instead on exiting the jobs on inappropriate branches, since otherwise GH's required checks won't be satisfied.
* Add a parameter that disables escaping characters in the username or password fields for secrets engines database connections
* Always disallow template variables inside the username or password