Commit graph

17305 commits

Author SHA1 Message Date
Alexander Scheel 364a639cca
Integrate acme config enable/disable into tests (#20407)
* Add default ACME configuration, invalidate on write

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add enforcment of ACME enabled

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Validate requested role against ACME config

Co-authored-by: kitography <khaines@mit.edu>
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add validation of issuer restrictions with ACME

Co-authored-by: kitography <khaines@mit.edu>
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add validation around allowed config lenghts

Co-authored-by: kitography <khaines@mit.edu>
Co-authored-by: Steven Clark <steven.clark@hashicorp.com>
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Prune later deemed unnecessary config options

Co-authored-by: kitography <khaines@mit.edu>
Co-authored-by: Steven Clark <steven.clark@hashicorp.com>
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* make fmt

---------

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
Co-authored-by: kitography <khaines@mit.edu>
Co-authored-by: Steven Clark <steven.clark@hashicorp.com>
2023-04-27 20:31:13 +00:00
Angel Garbarino dcff8c2a07
Remove the Bulma CSS Framework (#19878)
* Step one: remove bulma (#19587)

* remove bulma and get app running

* add back in each statments from bulma variables

* remove space

* address pr comments

* add back copyright headedr

* Step two: add back and organize relevant Bulma classes (#19664)

* VAULT-14566 copy/paste bulma css for classes that it defines and we do not.

* add three new helper files and move helpers.scss to a new directory called helper-classes

* rename utils/colors to color_variables

* integrate all bulma sizing into previous utils/spacing doc, address obvious duplicates and rename to spacing_variables.

* small class name issues

* clean up

* comment clean up

* Step three: add Bulma classes to relevant component styles (#19683)

* add in bulma classes used in global-flash component

* add in bulma classes used in the modal component

* remaining bulma classes that can integrate into the vault css

* remove replication-header.scss and replace with helper.

* add bulma tabs classes to tabs component scss file

* remove ui-wizard style

* only do bulma explicit classes for now

* add in breadcrumb styling from bulma

* integrate bulma into css

* remove unecessary tabs bulma styling

* remove non-relevant bulma classes

* remove non relevant bulma css

* Step three cont. Bulma classes to component files (#19691)

* return box-label to as before now that you have those bulma classes

* missing modal bulma classes

* add bulma class to box component

* missed some bulma box classes

* remove scss unecessary

* add in bulma classes to icon component.

* move up icon

* missed modal class

* clean up

* size vars to icon

* Step four: address core directory files (#19719)

* move some basic helpers over to typography helper.

* rename helpers to other

* moveing generic classes to other relevant scss files.

* rename generic to link

* clean up

* clean up

* address core/box

* remove hero because the class is not used anywhere.

* add in level bulma css

* welp forgot a file.

* add in missing bulma classes into core/menu

* UI/step four core files 2 (#19754)

* address issue with input border and box shadow

* remove the is-white class, it was being used very poorly, replaced with exisiting helpers.

* organizing the forms and button core files

* small amount of clean up

* hot mess of colors dealing with just danger for now

* removed moved over bulma classes

* use helper for this one off

* clean up

* wip on the buttons

* fix select select:: after

* clean up select from bulma-classes.

* clean up

* clean up

* small fix

* Cleaning up the last of the core files (welp there's still more) (#19779)

* one missing thing for level core.

* replace no-underline and link-item with helper text-decoration-none

* core/menu double check

* handle core/message

* create and add to bulma classes for core/columns

* add in bulma-classes columns and column... not fun to qa later.

* remove core/notification

* core/progress bar

* revert the hbs changes

* fix over revert

* Core files cont. Focus on core/form (#19794)

* create input and textarea core files, move charts

* remove input and textarea classes from bulma classes

* remove input-hint component file, never a component

* fix the mess that is help-text:

* help and is-help and sub-text are a mess...

* fix switch alignment issues

* deal with file-name

* clean file out of bulma-classes

* create layout helper and move out some remaining button classes

* deal with core/title

* is-marginless move to helper

* helper layout add to core

* clean up

* remove core/tables

* test

* Revert "test"

This reverts commit e695dedfe933d71320cd7eeee33f6b21a8d54b37.

* Core files continued (#19896)

* test

* combine input and textarea

* clean up navbar brannd

* clean up the single instance delete class used on the modal and match with flight icon

* add back autocomplete to component

* create core/file

* alphabetize file css blocks

* core/checkboxes create and address

* combine b-checkboxes classes and remove from core the utils

* address duplicate helper

* Core files continued (#19930)

* clean up helper and remove duplicate class

* more clean up of the other helper

* fix pagination, hot mess

* add radio to checkbox styling

* tag to tags rename singular

* container core file

* finally... changing forms to one element, field

* finally remove bulma-classes

* cleanup

* comment cleanup

* add comment about pagination

* Consolidating our size variables with Bulma's (#19951)

* remove bulma-size variables that are duplicates of our own

* remove unused is-size-xx and duplicate font weights

* remove duplicate class

* ahh this is madness

* remove column-gap var

* remove  duplicate sizing of

* clean up breakpoints

* replace border-radius:2px for var so folks know the common border-radius

* replace header-height with new spacing var

* replace body-size and console-size vars with other sizing vars

* clean up final of size vars

* radius override things blah fixed

* last size var

* add back

* Finish size var clean up (#19970)

* remove size-small, etc.

* fix size-small things

* remove label unused classes

* move out font-family utils

* Update Color Vars (remove bulma color vars and overrides) (#20031)

* remove bulma_variables file

* remove duplicate helper

* replace hardcoded with color vars when appropriate

* broaden font-family utils

* add back box-link-hover-shadow

* welp

* fix pagination coloring

* Small fixes post var and core file work (#20035)

* fix auth-login splash container

* fix some splash page issues

* fix status menu

* fix menu-list regression

* fix regression on button text-decoration

* fix tag regression

* fix regression on select select

* fix regression on field field

* regression on textarea

* button focus state regression

* fix inputs

* fix is-outlined buttons

* Remove bulma switch (#20065)

* remove bulma/switch

* fix disbled style

* Bulma removal: starting the clean up process (#20066)

* remove unused class name

* add todo

* wip shamir-modal-flow usage of file styling

* final fix

* fix message type message-body css

* better match

* fix a.active on popup-menu-content

* VAULT-14625 fix

* blah overrides overrides and oh another override

* fix breadcrumb link

* fixes

* fix readonly state and hover on inputs.scss

* fix button style issue

* fix modal title spacing issue

* clean up

* fix switch

* fix checkbox issue and pr comment

* fix issue with tabs

* pr comment

* Bulma clean up cont. (#20119)

* gotta use rem on page container... it makes a difference, can't switch to px

* missing helper for background color

* fix textarea with icon

* can't seem to replace rem with px ;/

* fix table issues

* clean up columns.scss file

* fix

* fix rem vs px issues

* address some todos

* fix todo on help is-danger

* best effort for sizing var clean up

* reomve duplicate

* clearify

* welp forgot a word

* address sr-only class definition

* move to helper

* replaced single use class with helper and cleaned up flexbox

* move to make more sense

* move around layout and container

* color things

* things

* Cleanup 🧹 (#20196)

* remove carry over classes from bulma

* clean up title.scss

* clean up title is-5 has-top-padding-m and box.scss

* clean up breadcrumbs, buttons, c&r, columns

* clean up core files

* clean up cont looking at component files

* clean up remaining component files

* fix pagination

* pr comments, thank you

* add in merge color helper

* Remove out of scope changes (#20218)

* remove out of scope changes

* fix test

* add changelog

* remove scope creep

* fix scope creep cont

* qa fixes

* Fixes found while QA'ing Secret Engines (#20264)

* fix active tab issue for both secret and auth mounts

* use helper instead of :not last on content margin which causes problems

* fix missing disabled on b-checkbox

* quick fix

* deal with body-size issue

* fix order of other helper

* small fixes from qa

* update comments on the core files and change desktop font size from px back to rem

* missed 16px replaced with 1rem

* address chelseas comments

* fixes that jordan noticed

* remove unstable flexbox test

* test fix

* rename other to general

* address claires qa comments

* add in missing helper must have missed in earlier merge

* fix button

* small small small fix
2023-04-27 14:23:17 -06:00
Ben Ash 2f63318cea
api-docs/pki: common_name is no longer required. (#20403) 2023-04-27 16:11:49 -04:00
Steven Clark 8f4fb42439
Add PKI ACME IP SANS test case (#20398)
* Add PKI ACME IP SANS test case

 - Leveraging the new Vault docker based tests along with nginx and
   the Go ACME library, verify that Vault can properly perform ACME
   validations for IP identifiers

* Formatting
2023-04-27 16:05:23 -04:00
Alexander Scheel e42fd09b47
Add custom DNS resolver to ACME configuration (#20400)
* Handle caching of ACME config

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add DNS resolvers to ACME configuration

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add custom DNS resolver to challenge verification

This required plumbing through the config, reloading it when necessary,
and creating a custom net.Resolver instance.

Not immediately clear is how we'd go about building a custom DNS
validation mechanism that supported multiple resolvers. Likely we'd need
to rely on meikg/dns and handle the resolution separately for each
container and use a custom Dialer that assumes the address is already
pre-resolved.

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Improvements to Docker harness

 - Expose additional service information, allowing callers to figure out
   both the local address and the network-specific address of the
   service container, and
 - Allow modifying permissions on uploaded container files.

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add infrastructure to run Bind9 in a container for tests

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Validate DNS-01 challenge works

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

---------

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2023-04-27 15:30:29 -04:00
Yoko Hyakuna 155a32fc77
Fix the GDPR link (#20382) 2023-04-27 08:57:23 -07:00
Nick Cabatoff a816ef6c15
Use a dedicated runner for the binary-based tests. (#20377) 2023-04-27 09:41:49 -04:00
Josh Black 80a9d7d4ce
Correct an oversight re: skip_flush in the docs (#20383) 2023-04-26 17:30:09 -07:00
Brian Shumate 7fcdb23376
Docs: DR replication API updates (#20373)
* Docs: DR replication API updates

- Add clarification for secondary_public_key parameter
- Update section header

* During activation
2023-04-26 16:15:46 -07:00
Cinthia Conti 7007797b07
changelog: updates for 1.13.2, 1.12.6, 1.11.10 (#20381)
Update changelog for 1.13.2, 1.12.6, 1.11.10 releases
2023-04-26 18:38:35 -04:00
davidadeleon 0d621ea47e
add nil check for mfa enforcement config namespace on login (#20375)
* add nil check for mfa enforcement config ns

* move nil check and add changelog
2023-04-26 16:52:39 -04:00
Jaymala 5164069708
Fail completed successfully check for failing Enos tests (#20335)
* Force required completed-successfully check to fail when builds or tests fail

Signed-off-by: Jaymala Sinha <jaymala@hashicorp.com>

* Update to fail cancelled workflows

Signed-off-by: Jaymala Sinha <jaymala@hashicorp.com>

---------

Signed-off-by: Jaymala Sinha <jaymala@hashicorp.com>
2023-04-26 15:16:31 -04:00
Nick Cabatoff f5b5662122
Don't require every test to specify a VaultLicense field (#20372) 2023-04-26 18:39:48 +00:00
Steven Clark cbb5b2fa22
Add the ability to disable ACME through an OS environment variable (#20369)
* Add the ability to disable ACME through an OS environment variable

 - Disable ACME through the VAULT_DISABLE_PUBLIC_ACME environment
   variable.

* PR feedback

 - Switch to using t.Setenv instead of manually doing it
 - Remove t.Parallel from the test not to influence others

* make fmt
2023-04-26 17:21:00 +00:00
Kit Haines 0538fc37dd
Vault 13349 acme create new global configuration endpoints (#20228)
* Base: Add configuration to ACME.

* Remove unused endpoint

* Commit todo.

* Allow Read of Configuration.

* make fmt.

* parse config.

* Don't panic.
2023-04-26 17:16:09 +00:00
Steven Clark 6cfce7bf29
Enforce ACME accounts to a specific directory path (#20363)
* Enforce ACME accounts to a specific directory path

 - Accounts and correspondingly orders, authz should not cross
   the path boundaries. So we now tag an ACME account with a specific
   directory based on the requested role/issuer values in the path.
 - If an operation occurs on a different acme directory path it will
   cause a failure of the request.
 - Add some go doc to a few places and reorder the methods in the
   acme_wrappers.go class to highlight the wrappers and not intertwine
   the helper functions
 - Rename path_acme_new_account.go to path_acme_account.go as it has
   several account related methods now.

* Get rid of bad test case

 - The previous commit contained a bug fix for us properly
   loading issuers within the ACME path, that exposed
   this broken/bad test case. Simply remove it.
2023-04-26 12:47:31 -04:00
Kuba Wieczorek 2445637829
Run DataDog-related steps every time test-go CI workflow runs (#20364) 2023-04-26 16:28:39 +01:00
claire bontempo 76f1971126
UI: pki configuration edit form (#20245)
* setup routing, move queries in ConfigurationIndex to parent resource route

* finish building out form, add model attrs build ttls

* add types

* update model attribute values, fix default ttl states

* remove defaults and use openApi, group with booleans

* add model to application route"

* add save functionality

* add error banner

* add transition after save

* use defaults from open api

* fix empty state language

* pass engine data

* change model attrs to ttl objects

* update types

* add invalid form alert to error block

* move data manipulation to serialize

* fix serializer, add comments

* add test for serializer

* edit configuration details view

* update details test

* change to updateRecord so POST request is made

* config/urls use POST instead of PUT

* add edit tests, update details

* add model hooks back to routes

* rearrange to remove dif

* remove createRecord for urls

* update comment

* wip sample ttl transform

* Revert "wip sample ttl transform"

This reverts commit 59fc179b5cd2994c4258e553e56667e29b3d6b72.

* revert changes, move model updates back to component

* simplify model fetches

* address comments;

* update pki/urls test

* update adapter test
2023-04-25 21:50:19 +00:00
Nick Cabatoff ad18fc6398
Docker testing: handle licensing, different images per node (#20347) 2023-04-25 17:11:46 -04:00
Alexander Scheel d3722a33c8
Add ACME revocation handlers (#20340)
* Add ACME revocation handlers

This refactors path_revoke to expose Proof of Possession verification,
which is reused by ACME to allow methods 1 and 2:

 1. Revocation of a certificate issued by the account, using account
    signature as sufficient proof.
 2. Revocation of a certificate via proving possession of its private
    key, using this private key to create the JWS signature.

We do not support the third mechanism, completing challenges equivalent
to those on the existing certificate and then performing a revocation
under an account which didn't issue the certificate but which did solve
those challenges.

We additionally create another map account->cert->order, allowing us to
quickly look up if a cert was issued by this particular account. Note
that the inverse lookup of cert->(account, order) lookup isn't yet
possible due to Vault's storage structure.

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Update ACME pkiext tests to revoke certs

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add auth handler checks

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Address review feedback

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

---------

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2023-04-25 16:48:30 -04:00
Alexander Scheel 3a995707b5
Fix reading issuer's enable_aia_url_templating value (#20354)
* Add enable_aia_url_templating to read issuer

This field was elided from read issuer responses, though the value
otherwise persisted correctly.

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add comprehensive test for patching issuers

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add changelog entry

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add missing OpenAPI scheme definition

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

---------

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2023-04-25 16:48:05 -04:00
Alexander Scheel a32342507f
Enforce proper URL in ACME headers (#20357)
See RFC 8555 Section 6.4.

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2023-04-25 16:47:52 -04:00
Alexander Scheel 000df9559a
Start container-based PKI ACME tests (#20320)
* Start ACME containerized test suite

This starts a containerized ACME test suite using containers, running
both Vault and Certbot (in standalone mode) in the container to ensure
we successfully issue certificates.

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Switch to using hashicorp mirror

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

---------

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2023-04-25 19:11:35 +00:00
Ryan Cragun 33098fd1ae
enos: use initial version variable in autopilot (#20349)
Signed-off-by: Ryan Cragun <me@ryan.ec>
2023-04-25 12:37:11 -06:00
Braulio Gomes Rodrigues 627fe60044
Vault change doc main couchbase (#20314)
* changing chouchbase host variable

* Alterando linha 82 couchbase

* Changing couchbase host address in main document
2023-04-25 10:21:25 -07:00
Alexander Scheel 918305d450
Fix issuer patch of leaf_not_after_behavior (#20341)
* Fix patching issuer leaf_not_after_behavior

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add tests for patching leaf_not_after_behavior

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add changelog entry

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

---------

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2023-04-25 11:02:13 -04:00
Nick Cabatoff 1e433add83
Add ent-specific test binary build rules (#20334)
This fixes the binary building on ent, except because I ran into problems with the binary-based tests there, I've included a bunch of `github.repository != 'hashicorp/vault-enterprise'` conditions to disable the binary building.  I'll fix the test problems in a future PR and remove those repo conditions.
2023-04-25 10:49:34 -04:00
Luis (LT) Carbonell 8b4ce9c1c2
Re-run Milestone Check when Milestones are Applied (#20299)
* re-run when milestones are applied

* update milestone check conditions
2023-04-25 08:49:43 -05:00
Steven Clark 47605c0d48
Add support to load roles and issuers within ACME wrapper (#20333)
* Add support to load roles and issuers within ACME wrapper

* Add missing go doc to new test

* PR feedback

 - Move field definitions into fields.go
 - Update wording and associated errors to some role failures.
 - Add missing ':' to error messages
2023-04-25 13:29:07 +00:00
miagilepner 7d631cb44f
VAULT-15791: Update docs to use vault-java-driver fork (#20316) 2023-04-25 11:08:05 +02:00
Ryan Cragun b74e4bc781
enos: use artifactory release for auto-pilot upgrade (#20332)
Signed-off-by: Ryan Cragun <me@ryan.ec>
2023-04-24 18:57:08 +00:00
Nick Cabatoff 22b00eba12
Add support for docker testclusters (#20247) 2023-04-24 14:25:50 -04:00
Ryan Cragun a889ba1205
enos: always use the initial release during upgrades (#20321)
Signed-off-by: Ryan Cragun <me@ryan.ec>
2023-04-24 18:00:44 +00:00
Jaymala 2893342c60
Fix script to verify docs changes (#20317)
Signed-off-by: Jaymala Sinha <jaymala@hashicorp.com>
2023-04-24 13:16:01 -04:00
Nick Cabatoff 3ddb69bd2b
Fix docs-nav-data.json that I broke in #20312 (#20322) 2023-04-24 13:10:53 -04:00
Nick Cabatoff 4d42b08644
Add guidelines for agent/server version compatibility (#20312) 2023-04-24 11:49:50 -04:00
Nick Cabatoff b7e6090a21
Move all checkout@v2 users to v3. (#20315) 2023-04-24 15:25:58 +00:00
Nick Cabatoff 313957b911
Add tests based on vault binary (#20224)
First steps towards docker-based tests: tests using vault binary in -dev or -dev-three-node modes.
2023-04-24 09:57:37 -04:00
Braulio Gomes Rodrigues 03fa9432a4
changing chouchbase host variable (#19812)
* changing chouchbase host variable

* Alterando linha 82 couchbase
2023-04-24 13:56:56 +00:00
Nick Cabatoff 75ad9a1de8
Bump the sdk go version to 1.20, document when go versions should be updated (#20278) 2023-04-24 08:44:39 -04:00
Hamid Ghaf 0cd138c0eb
use tab in Makefile instead of spaces (#20305) 2023-04-24 04:51:37 -07:00
Ryan Cragun deeb1ece5b
[QT-530] enos: allow-list all public IP addresses (#20304)
The security groups that allow access to remote machines in Enos
scenarios have been configured to only allow port 22 (SSH) from the
public IP address of machine executing the Enos scenario. To achieve
this we previously utilized the `enos_environment.public_ip_address`
attribute. Sometime in mid March we started seeing sporadic SSH i/o
timeout errors when attempting to execute Enos resources against SSH
transport targets. We've only ever seen this when communicating from
Azure hosted runners to AWS hosted machines.

While testing we were able to confirm that in some cases the public IP
address resolved using DNS over UDP4 to Google and OpenDNS name servers
did not match what was resolved when using the HTTPS/TCP IP address
service hosted by AWS. The Enos data source was implemented in a way
that we'd attempt resolution of a single name server and only attempt
resolving from the next if previous name server could not get a result.
We'd then allow-list that single IP address. That's a problem if we can
resolve two different public IP addresses depending our endpoint address.

This change utlizes the new `enos_environment.public_ip_addresses`
attribute and subsequent behavior change. Now the data source will
attempt to resolve our public IP address via name servers hosted by
Google, OpenDNS, Cloudflare, and AWS. We then return a unique set of
these IP addresses and allow-list all of them in our security group. It
is our hope that this resolves these i/o timeout errors that seem like
they're caused by the security group black-holing our attempted access
because the IP we resolved does not match what we're actually exiting
with.

Signed-off-by: Ryan Cragun <me@ryan.ec>
2023-04-23 16:25:32 -06:00
Josh Black 4b9599fddb
update website docs for new update-primary mode (#20302) 2023-04-21 15:21:28 -07:00
Marc Boudreau 895564d615
Provide Descriptive Error when Enterprise-only Paths Called in Open-source Version (#18870)
* define ent paths in OSS codebase with common handler

* fixup! define ent paths in OSS codebase with common handler

* add missing path

* retain existing behaviour for replication/status path

* remove commented out path
2023-04-21 16:14:40 -04:00
Mike Palmiotto 8001d76e28
Refactor reporter for unseal setup (#20296) 2023-04-21 15:29:37 -04:00
Alexander Scheel d7f67b8856
Add additional fields to LIST issuers for Web UI (#20276)
* Add additional fields to LIST issuers for Web UI

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add changelog entry

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

---------

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2023-04-21 18:16:16 +00:00
Christopher Swenson 1415d47da8
Add symbols back to the build to fix Dynatrace support (#20294) 2023-04-21 17:15:56 +00:00
John Children bebe6dcaa0
Docs: Fix k8s injector templating example (#20271)
From every other example I can find, the secret name in the template should match the one in the inject annotation. Indeed the same example appears in the examples page.

https://github.com/hashicorp/vault/blob/main/website/content/docs/platform/k8s/injector/examples.mdx#patching-existing-pods
2023-04-21 17:12:13 +00:00
Alexander Scheel dfb29f3b96
Add ACME DNS validator (#20293)
* Add DNS challenge validation to ACME

This allows us to validate against wildcard domain names, as the HTTP-01
challenge does not support wildcard validation.

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Properly delay challenge retry attempts

Previously we'd essentially semi-busy wait for a challenge to become
retry-able, as the queue itself had no knowledge of the retry after
value of the validation attempt. Now, we plumb through this value into
the queue itself, to aide selection of validations to attempt.

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

---------

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2023-04-21 13:08:27 -04:00
melmus c5d10e0b8b
doc/Update service_registration if use Vault HA (#19920)
* Update service_registration if use Vault HA

* Update protocol

* Minor updates for style consistency

---------

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>
2023-04-21 17:04:25 +00:00