Commit Graph

16726 Commits

Author SHA1 Message Date
Steven Clark a4aee2fc95
Revert URL encoding OCSP GET fix #18938 (#19037)
- This fix was incorrect as now the tests and program are double
   URL encoding the OCSP GET requests, so the base64 + characters
   when using Vault proper are becoming space characters.
2023-02-08 11:24:26 -05:00
Steven Clark e599068323
Add OCSP GET known issue (#19066) 2023-02-08 15:06:44 +00:00
Max Coulombe d9a2f33b69
update vault-plugin-secrets-kv to v0.14.0 (#19056)
* update vault-plugin-secrets-kv to v0.14.0

* + added changelog
2023-02-08 09:48:46 -05:00
Tom Crayford 532f4ab60a
Docs: Remove duplicated, outdated raft information (#11620)
Co-authored-by: Mehdi Ahmadi <aphorise@gmail.com>
2023-02-08 13:37:54 +00:00
Theron Voran 79d87b415b
secrets/gcpkms: upgrade to v0.14.0 (#19063) 2023-02-07 18:30:53 -08:00
Robert d52149ed60
secrets/ad: update plugin version (#19061)
* Update ad secrets plugin version
2023-02-07 20:06:53 -06:00
Robert a595dbd072
secrets/terraform: update plugin version (#19059) 2023-02-07 20:04:03 -06:00
Jordan Reimer 65c0f39282
updates k8s changelog entry to feature format (#19062) 2023-02-07 23:38:39 +00:00
John-Michael Faircloth 85438435c4
fix: upgrade vault-plugin-auth-kerberos to v0.9.0 (#19060) 2023-02-07 17:07:09 -06:00
Meggie e286654a84
changelog++
The 1.13 preview
2023-02-07 17:40:39 -05:00
Max Coulombe f28e973a7d
fix: upgrade vault-plugin-database-elasticsearch to v0.13.0 (#19050) 2023-02-07 17:11:44 -05:00
Jordan Reimer 4371face65
Wrapped token login bug (#19036)
* fixes issue logging in with wrapped_token via logout route when not logged in

* adds changelog entry

* fixes cluster route mixin test
2023-02-07 14:22:22 -07:00
Max Coulombe 788c4aff67
fix: upgrade vault-plugin-auth-gcp to v0.15.0 (#19049) 2023-02-07 16:12:32 -05:00
Max Coulombe 3bce13e5fc
upgrade vault-plugin-database-redis-elasticache to v0.2.0 (#19044)
* fix: upgrade vault-plugin-database-redis-elasticache to v0.2.0

* + added cahngelog
2023-02-07 16:11:52 -05:00
Alexander Scheel 06e950b40e
Fix documentation on CRL fixed version (#19046)
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2023-02-07 20:51:03 +00:00
claire bontempo aef0296472
UI: add error-handling and validation to pki cross-signing (#19022)
* return signed ca_chain if request fails, check for existing issuer name

* update docs

* add error border class to input
2023-02-07 12:09:17 -08:00
Meggie 8fd9c9df0d
changelog++ 2023-02-07 14:59:54 -05:00
akshya96 6b96bd639c
adding emit duration for telemetry (#19027) 2023-02-07 11:26:38 -08:00
Alexander Scheel 3f8aaedc2a
Add suggested root rotation procedure (#19033)
* Add suggested root rotation procedure

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Clarify docs heading

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

---------

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2023-02-07 13:51:33 -05:00
Max Coulombe 5e91770d51
fix: upgrade vault-plugin-secrets-gcp to v0.15.0 (#19018)
* upgrade vault-plugin-secrets-gcp to v0.15.0
2023-02-07 13:46:07 -05:00
Angel Garbarino 03ae8d54a4
remove duplicate adapter methods (#19038) 2023-02-07 18:27:44 +00:00
Alexander Scheel 9130a786bb
Document pki cross cluster behavior (#19031)
* Add documentation on cross-cluster CRLs

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add missing revocation queue safety buffer

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

---------

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2023-02-07 11:11:33 -05:00
Angel Garbarino 4e160284b3
Add updateRecord to role adapter (#18993)
* add updateRecord to role adapter to correctly handle the query when the the is not new.

* wip

* update and cancel test

* clean up

* wip

* final

* clean up

* split test in two

* clean up
2023-02-07 08:53:40 -07:00
kpcraig 5d1869d6fe
fix: upgrade vault-plugin-database-snowflake to v0.7.0 (#18985) 2023-02-07 10:24:46 -05:00
Max Winslow 54a4b9c4d3
docs: Typo (#18541) 2023-02-07 11:35:41 +00:00
miagilepner c49d180bc8
VAULT-13169 Require go docs for all new test functions (#18971)
* example for checking go doc tests

* add analyzer test and action

* get metadata step

* install revgrep

* fix for ci

* add revgrep to go.mod

* clarify how analysistest works
2023-02-07 10:41:04 +01:00
Bryce Kalow f33e779d5d
update learn links to point to developer locations (#19026) 2023-02-06 20:34:51 -08:00
Scott Miller 78aaa3ca92
Add a note that multi-cluster ENT setups can avoid this risk (#19024)
* wip

* all-seals

* typo

* add note about unreplicated items

* italics

* word-smithing
2023-02-06 19:25:14 -06:00
John-Michael Faircloth d0bf019be5
fix: upgrade vault-plugin-secrets-mongodbatlas to v0.9.0 (#19012) 2023-02-06 16:54:18 -06:00
Scott Miller acee981753
Remove accidental addition of a hackweek file (#19016) 2023-02-06 16:45:55 -06:00
Theron Voran 4278ed606c
docs/vault-k8s: 1.2.0 release updates (#19010) 2023-02-06 22:35:12 +00:00
Scott Miller b43e4fbd9c
Add a stronger warning about the usage of recovery keys (#19011)
* Add a stronger warning about the usage of recovery keys

* Update website/content/docs/concepts/seal.mdx

Co-authored-by: Nick Cabatoff <ncabatoff@hashicorp.com>

* Keep the mitigation text in the warning box

---------

Co-authored-by: Nick Cabatoff <ncabatoff@hashicorp.com>
2023-02-06 16:23:05 -06:00
John-Michael Faircloth aacaddc3c4
fix: upgrade vault-plugin-auth-alicloud to v0.14.0 (#19005)
* fix: upgrade vault-plugin-auth-alicloud to v0.14.0

* add changelog
2023-02-06 16:15:26 -06:00
Mike Baum 225fbb78d2
[QT-304] Ensure Chrome is only installed for vault-enterprise UI Test workflows (#19003) 2023-02-06 16:29:33 -05:00
Kyle Schochenmaier e5af4d34c1
update annotation docs for agent telemetry stanza (#18681)
* update annotation docs for telemetry stanza
Co-authored-by: Kendall Strautman <36613477+kendallstrautman@users.noreply.github.com>
2023-02-06 13:47:50 -06:00
Kianna 809757ac69
VAULT-13192 only validate form on submit instead of onChange (#19004) 2023-02-06 10:10:23 -08:00
miagilepner e873932bce
VAULT-8436 remove <-time.After statements in for loops (#18818)
* replace time.After with ticker in loops

* add semgrep rule

* update to use timers

* remove stop
2023-02-06 17:49:01 +01:00
Nick Cabatoff 53afd2627b
Make API not depend on SDK (#18962) 2023-02-06 09:41:56 -05:00
miagilepner 9d09dba7ac
VAULT-13061: Fix mount path discrepancy in activity log (#18916)
* use single function to convert mount accessor to mount path

* add changelog

* more context and comments for the tests
2023-02-06 10:26:32 +01:00
Matt Schultz 6bfebc3ce3
Transit Managed Keys Documentation (#18994)
* Document 'managed_key' key type for transit. Document new 'usages' parameter when creating a managed key in the system backend.

* Document new managed key parameters for transit managed key rotation.
2023-02-03 18:49:02 -06:00
Ben Ash e87e4f01d7
fix: upgrade vault-plugin-database-couchbase to v0.9.0 (#18999) 2023-02-03 23:17:44 +00:00
Jordan Reimer 9dc187ef5b
removes hardcoded pki mount path conditional (#18998) 2023-02-03 15:49:46 -07:00
John-Michael Faircloth 14e4d67026
test/plugin: refactor compilePlugin for reuse (#18952)
* test/plugin: refactor compilePlugin for reuse

- move compilePlugin to helper package
- make NewTestCluster use compilePlugin

* do not overwrite plugin directory in CoreConfig if set

* fix getting plugin directory path for go build
2023-02-03 16:27:11 -06:00
Alexander Scheel 660979d58b
Document Cross-Cluster CRLs/OCSP for Vault Enterprise (#18970)
* Add documentation on fetching unified CRLs

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add documentation on unified OCSP

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Clarify that OCSP requests need to be URL encoded

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Document new CRL config parameters

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Clarify notes about cross-cluster options

Co-authored-by: Steven Clark <steven.clark@hashicorp.com>
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

---------

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
Co-authored-by: Steven Clark <steven.clark@hashicorp.com>
2023-02-03 16:30:23 -05:00
Christopher Swenson 5864075c30
Add events sending routed from plugins (#18834)
This isn't perfect for sure, but it's solidifying and becoming a useful
base to work off.

This routes events sent from auth and secrets plugins to the main
`EventBus` in the Vault Core. Events sent from plugins are automatically
tagged with the namespace and plugin information associated with them.
2023-02-03 13:24:16 -08:00
Christopher Swenson dfdeca7b5d
docs: Remove XKS proxy TLS setup note (#18988)
The TLS settings should not need to be modified as xks-proxy should
generate the certificate and key itself for listening.
2023-02-03 13:22:04 -08:00
claire bontempo 4426372f27
UI: add issuerRef getter in case issuer is nameless (#18968)
* add issuerRef getter in case issuer is nameless

* declare as getter

* remove changes to test, oops!
2023-02-03 13:07:59 -08:00
Alexander Scheel cb2f6ff7fe
Add docs on cross-cluster listing endpoints (#18987)
* Add docs on cross-cluster listing endpoints

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Update website/content/api-docs/secret/pki.mdx

Co-authored-by: Steven Clark <steven.clark@hashicorp.com>

---------

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
Co-authored-by: Steven Clark <steven.clark@hashicorp.com>
2023-02-03 20:01:10 +00:00
Alexander Scheel 8b331fa769
Add notes on cross cluster CRLs (#18986)
* Group CRL related sections

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Fix casing

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add notes about cluster size and revocation

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Apply suggestions from code review

Thanks Yoko!

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>

---------

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>
2023-02-03 19:51:30 +00:00
Steven Clark 9e9d5d5645
Use the unified CRL on local CRL paths if UnifiedCRLOnExistingPaths is set (#18989)
* Use the unified CRL on legacy CRL paths if UnifiedCRLOnExistingPaths is set

 - If the crl configuration option unified_crl_on_existing_paths is set
   to true along with the unified_crl feature, provide the unified crl
   on the existing CRL paths.
 - Added some test helpers to help debugging, they are being used by
   the ENT test that validates this feature.

* Rename method to shouldLocalPathsUseUnified
2023-02-03 14:38:36 -05:00