* Add generation support for other SSH CA key types
This adds two new arguments to config/ca, mirroring the values of PKI
secrets engine but tailored towards SSH mounts. Key types are specified
as x/crypto/ssh KeyAlgo identifiers (e.g., ssh-rsa or ssh-ed25519)
and respect current defaults (ssh-rsa/4096). Key bits defaults to 0,
which for ssh-rsa then takes a value of 4096.
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
* Add documentation on key_type, key_bits for ssh/config/ca
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
* Add changelog
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
* store version history as utc; add self-heal logic
* add sys/version-history endpoint
* change version history from GET to LIST, require auth
* add "vault version-history" CLI command
* add vault-version CLI error message for version string parsing
* adding version-history API and CLI docs
* add changelog entry
* some version-history command fixes
* remove extraneous cmd args
* fix version-history command help text
* specify in docs that endpoint was added in 1.10.0
Co-authored-by: Nick Cabatoff <ncabatoff@hashicorp.com>
* enforce UTC within storeVersionTimestamp directly
* fix improper use of %w in logger.Warn
* remove extra err check and erroneous return from loadVersionTimestamps
* add >= 1.10.0 warning to version-history cmd
* move sys/version-history tests
Co-authored-by: Nick Cabatoff <ncabatoff@hashicorp.com>
* save billing start in local storage
* customize enterprise vs oss copy
* change stored date from requested to response date
* delete license date from local storage when navigating away from parent route
* initial reshuffle to use outlet and remove dashboard and index replace with higher level parent clients
* loading
* clean up
* test clean up
* clean up
* adds date picker if no license start date found
* handle permissions denied for license endpoint
* handle permissions errors if no license start date
* change empty state copy for OSS
* fix tests and empty state view
* update nav links
* remove ternary
Co-authored-by: Chelsea Shaw <82459713+hashishaw@users.noreply.github.com>
* simplify hbs boolean
Co-authored-by: Chelsea Shaw <82459713+hashishaw@users.noreply.github.com>
* organize history file
* organize current file
* rerun tests
* fix conditional to show attribution chart
* match main
Co-authored-by: Chelsea Shaw <82459713+hashishaw@users.noreply.github.com>
* first tooltip for next year disabled
* workable for left tooltip
* styling
* make dry
* forgot this one
* remove right tooltip
* clean up
* bug fix
* add bullets when two error messages in one
* fix to isAfter on range comparisons
* remove
* update message per design
* only warning for startTime
* fix for firefox
* added TestDeleteUserContainedDB | testContainedDBCredsExist helper function
* unit test contained db sanitization
Co-authored-by: Gary Frederick <imtahghost@protonmail.com>
* Clarify subject of this w.r.t. TLS configuration
Thanks to @aphorise for pointing this out internally.
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
* Clarify vague this in secrets/gcp docs
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
* Clarify vague this in secrets/aws docs
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
* Clarify vague this in secrets/database/oracle.mdx
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
* Clarify vague this in seal/pkcs11 docs
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
* Clarify vague this in agent/autoauth docs
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
* Add format-ttl helper
* Add autoRotateInterval to model and serializer for transit key
* Add goSafeTimeString to object returned from TtlPicker2 component
* Add auto rotate interval to transit key components
* clean up unit calculator on ttl-picker, with tests
* Fix tests, cleanup
* Add changelog
* Allow all other_sans in sign-intermediate and sign-verbatim
/sign-verbatim and /sign-intermediate are more dangerous endpoints in
that they (usually) do not have an associated role. In this case, a
permissive role is constructed during execution of these tests. However,
the AllowedOtherSANs field was missing from this, prohibiting its use
when issuing certificates.
Resolves: #13157
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
* Add changelog
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
* updates data with response returned after dates queried
* alphabetize todo
* clarify comments
* change dashboard.js to history.js
* separate clients route, add history and config
* add loading to config template
* Add failsafes for no data
* remove commented code
* update all LinkTos with new routes, remove params
* return response if no data
* fix tests
* cleanup
* fixes template with namespace filter
* fixes tests with namespace filter merged
* fix namespace array mapping
* add version history to test object
Co-authored-by: hashishaw <cshaw@hashicorp.com>
* Add documentation for Managed Keys
- Add concept, sys/api and pki updates related to managed keys
* Review feedback
- Reworked quite a bit of the existing documentation based on feedback
and a re-reading
- Moved the managed keys out of the concepts section and into the
enterprise section
* Address broken links and a few grammar tweaks
Alexander Scheel