Commit graph

15015 commits

Author SHA1 Message Date
hghaf099 361646ab26
add MFA validation support to vault login command (#14425)
* add MFA validation support to vault login command

* correctly report new totp code availability period
2022-03-14 15:54:41 -04:00
Alexander Scheel d9c1314552
Fix description of StringSliceVar options (#14439)
These options must be specified multiple times in order to be properly
parsed. However, the present description suggests that a comma-separated
list would work as well, however this isn't the case and results in a
slice containing a single string (with all comma-separated values) in
the API request. Clarify the argument help text to make this clearer.

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2022-03-14 14:11:49 -04:00
Vinny Mannello 2290ca5e83
[VAULT-5003] Use net/http client in Sys().RaftSnapshotRestore (#14269)
Use net/http client when body could be too big for retryablehttp client
2022-03-14 10:13:33 -07:00
Michele Degges 528a6847a4
Temporarily turn nvd sec scanning off (#14466) 2022-03-14 10:06:06 -07:00
Victor Rodriguez e78cca413d
Document the managed key PKCS#11 parameter key_id. (#14476) 2022-03-14 12:08:14 -04:00
Anton Averchenkov c425078008
Change OpenAPI code generator to extract request objects (#14217) 2022-03-11 19:00:26 -05:00
claire bontempo ce0c872478
UI/Hide empty masked PKI row values (#14400)
* fix empty masked inputs displaying

* Revert "fix empty masked inputs displaying"

This reverts commit 8b297df7cf971bce32d73c07fea2b1b8112c2f4b.

* fix empty masked inputs displaying

* fix info banner conditional

* add test coverage

* adds changelog

* fixes tests

* change other canParse conditional
2022-03-11 13:55:01 -08:00
claire bontempo 8844895745
fix flaky clients current test (#14471) 2022-03-11 13:52:02 -08:00
swayne275 ec4d013047
add tip for how to force a secrets engine disable (#14363)
* add tip for how to force a secrets engine disable

* add warning to force disable secrets instructions

* clean up wording

* add force secrets engine disable info to api doc

* Update website/content/api-docs/system/mounts.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* Update website/content/api-docs/system/mounts.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* Update website/content/api-docs/system/mounts.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* Update website/content/api-docs/system/mounts.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* Update website/content/api-docs/system/mounts.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* Update website/content/docs/commands/secrets/disable.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* Update website/content/docs/commands/secrets/disable.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* feedback updates

* impl taoism feedback

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>
2022-03-11 11:43:59 -07:00
Peter Sonnek c3dea33e92
added add_basic_constraints parameter to PKI API docs (#14457)
* added add_basic_constraints parameter to PKI API docs

Added add_basic_constraints parameter to PKI API docs for Generate Intermediate. 

Copied description from ba533d006f/builtin/logical/pki/path_intermediate.go (L34-L37)
2022-03-11 10:52:26 -05:00
Guillaume 6178f4e060
Added Enigma Vault secret plugin. Designed to be simple but complete, a good starting point for plugin developers (#14389) 2022-03-11 08:33:48 -05:00
Nick Cabatoff 57c6064863
Update error codes that are retried. (#14447) 2022-03-10 15:09:45 -05:00
Peter-Gess 5497f5e8d2
Fixing typo from "fo" to "of" (#14445) 2022-03-10 11:56:28 -08:00
Nick Cabatoff 6fc5a5d165
Add a place for us to link to external plugin examples/guides. (#14414) 2022-03-10 14:29:29 -05:00
Jim Kalafut c2f4dbc83a
Revert "Remove docs changes from CODEOWNERS" (#14442)
It was determined that it would be better to have these changes alert
the docs team. Additional guidance is in place to not approve docs+code
PRs ahead of code review.

This reverts commit 6d16840f605c1b58ce0b572274edf96c6d0e0b7f.
2022-03-10 11:21:35 -08:00
Jordan Reimer b49f77fa91
updates mfa-form to show push methods with placeholder for multi method enforcements (#14430) 2022-03-10 07:59:22 -07:00
Chelsea Shaw c6318713ee
UI/add managed ns redirect prefix (#14422)
* The UI redirects to properly prefixed namespace if some other namespace is passed instead, with tests

* Fix ordering

* Add changelog
2022-03-10 08:26:33 -06:00
Alvin Huang 40e24f3688
rename Dockerfile build-arg VERSION to PRODUCT_VERSION (#14369) 2022-03-10 12:59:30 +00:00
Austin Gebauer d016b67915
identity/oidc: prevent key rotation on performance secondary clusters (#14426) 2022-03-09 15:41:02 -08:00
naseemkullah 0667cb8b76
Update index.mdx (#14161) 2022-03-09 14:15:05 -08:00
VAL 94fcca09e3
Remove unneeded comments (#14423) 2022-03-09 11:37:18 -08:00
hghaf099 b358bd6ffa
remove mount accessor from MFA config (#14406)
* remove mount accessor from MFA config

* Update login_mfa_duo_test.go

* DUO test with entity templating

* using identitytpl.PopulateString to perform templating

* minor refactoring

* fixing fmt failures in CI

* change username format to username template

* fixing username_template example
2022-03-09 09:14:30 -08:00
Ricky Grassmuck dac2a02570
Set service type to notify in systemd unit. (#14385)
Updates the systemd service shipped with Linux packages to `Type=notify`
2022-03-09 08:13:45 -05:00
Jan Klaas Kollhof 756d0f0750
fix spelling of identity (#14318) 2022-03-08 15:59:15 -08:00
VAL 63a2ed296b
Output full secret path in certain kv commands (#14301)
* Full secret path in table output of get and put

* Add path output to KV patch and metadata get

* Add changelog

* Don't print secret path for kv-v1

* Make more readable

* Switch around logic to not swallow error

* Add test for secret path

* Fix metadata test

* Add unit test for padequalsigns

* Remove wonky kv get tests
2022-03-08 13:17:27 -08:00
Lars Lehtonen b9a6ec67c9
vault: fix dropped test errors (#14402) 2022-03-08 12:32:27 -07:00
Rémi Lapeyre e89bbd51d9
Add support for PROXY protocol v2 in TCP listener (#13540)
* Add support for PROXY protocol v2 in TCP listener

I did not find tests for this so I added one trying to cover different
configurations to make sure I did not break something. As far as I know,
the behavior should be exactly the same as before except for one thing
when proxy_protocol_behavior is set to "deny_unauthorized", unauthorized
requests were previously silently reject because of https://github.com/armon/go-proxyproto/blob/7e956b284f0a/protocol.go#L81-L84
but it will now be logged.

Also fixes https://github.com/hashicorp/vault/issues/9462 by adding
support for `PROXY UNKNOWN` for PROXY protocol v1.

Closes https://github.com/hashicorp/vault/issues/3807

* Add changelog
2022-03-08 12:13:00 -05:00
John-Michael Faircloth baafd9ff38
plugin multiplexing: add catalog test coverage (#14398)
* plugin client and plugin catalog tests

* add v5 plugin cases and more checks

* improve err msg

* refactor tests; fix test err msg
2022-03-08 10:33:24 -06:00
Mike Baum e03a8b43d5
[QTI-188] Add test-ember-enos Makefile target, update enos-test-ember script to accept additional paramters (#14403) 2022-03-08 10:58:28 -05:00
Josh Black 1f8d282c2b
fix version check (#14395) 2022-03-07 15:42:06 -08:00
Mike Baum ae1949b0a3
[QTI-188] Update the UI tests to be able to run against a cluster deployed to AWS. Add build hooks (package.json/Makefile) to execute ui tests with a real backend. (#14396) 2022-03-07 17:44:57 -05:00
hghaf099 0bf9a38b36
Login MFA docs (#14317)
* MFA config docs

* correcting some issues

* feedback

* add a note about deleting methods

* Login MFA docs

* rename and mdx

* adding missing docs nav data

* some fixes

* interactive login request

* Apply suggestions from code review

Co-authored-by: Josh Black <raskchanky@users.noreply.github.com>

* feedback

* feedback

* Apply suggestions from code review

Co-authored-by: Pratyoy Mukhopadhyay <35388175+pmmukh@users.noreply.github.com>

* feedback on mount accessor

* Apply suggestions from code review

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>
Co-authored-by: Pratyoy Mukhopadhyay <35388175+pmmukh@users.noreply.github.com>

* Apply suggestions from code review

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* Update login-mfa.mdx

Co-authored-by: Josh Black <raskchanky@gmail.com>
Co-authored-by: Josh Black <raskchanky@users.noreply.github.com>
Co-authored-by: Pratyoy Mukhopadhyay <35388175+pmmukh@users.noreply.github.com>
Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>
2022-03-07 16:26:00 -05:00
Rachel Culpepper 8aa18a20a2
Vault-4964: Update Managed Key documentation for AWS KMS (#14378)
* Add documentation for Managed Keys

 - Add concept, sys/api and pki updates related to managed keys

* Review feedback

 - Reworked quite a bit of the existing documentation based on feedback
   and a re-reading
 - Moved the managed keys out of the concepts section and into the
   enterprise section

* Address broken links and a few grammar tweaks

* add documentation for AWS KMS managed keys

* a couple small fixes

* # Conflicts:
#	website/content/api-docs/secret/pki.mdx
#	website/content/api-docs/system/managed-keys.mdx
#	website/content/docs/enterprise/managed-keys.mdx

* docs updates

* # Conflicts:
#	sdk/version/version_base.go
#	vault/seal_autoseal_test.go
#	website/content/api-docs/system/managed-keys.mdx
#	website/content/docs/enterprise/managed-keys.mdx

* remove endpoint env var

* Document Azure Key Vault parameters for managed keys.

* docs changes for aws kms managed keys

Co-authored-by: Steve Clark <steven.clark@hashicorp.com>
Co-authored-by: Victor Rodriguez <vrizo@hashicorp.com>
2022-03-07 14:22:42 -06:00
Josh Black cbfd2353c6
MFA docs for config endpoints (#14302) 2022-03-07 11:44:15 -08:00
Pratyoy Mukhopadhyay a85d4fe128
[VAULT-5268] Add mount move docs (#14314)
* add mount move docs

* add missed word

* Update website/content/api-docs/system/remount.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* one clarification

* docs changes from feedback

* couple things i missed

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>
2022-03-04 14:38:15 -08:00
Josh Black 5c43bf4864
Only create new batch tokens if we're on at least 1.10.0 (#14370) 2022-03-04 14:16:51 -08:00
Scott Miller 423f1b949b
Clarify certificate storage in Vault clustering (#14055)
* Clarify certificate storage in Vault clustering

* no_store clarification

* Update docs again, with new understanding of LocalStorage
2022-03-04 14:50:53 -06:00
claire bontempo 2fa1e6c9a9
UI/ Fix version check typo (#14379)
* make oss all caps
2022-03-04 12:48:24 -08:00
Meggie e62cb69279
Updating website for 1.9.4 (#14373) 2022-03-04 11:19:03 -05:00
Jason O'Donnell 1199a7a9f5
docs: fix typo in CF auth ca maintenance (#14366) 2022-03-03 18:25:57 -05:00
Angel Garbarino 8203865cfc
LinkTo remove tagName lint warning (#14344)
* removal stage 1

* remove unused roles file

* more changes and glimmerize toggle

* clean up

* fix

* fixes

* remove layout
2022-03-03 15:31:16 -07:00
Scott Miller f753db2783
OSS side changes for PKI HSM type handling fix (#14364) 2022-03-03 15:30:18 -06:00
Jamie Finnigan 003d8fb1fe
update vault login docs to cover stdin default (#14336) 2022-03-03 12:45:41 -05:00
Alexander Scheel 97a86e1bd5
Remove duplicated certificates from chains (#14348)
As reported by Steve Clark, building an intermediate mount in PKI (and
calling /intermediate/set-signed) results in a duplicate intermediate CA
certificate in the full chain output (ca_chain field of the
/cert/ca_chain API endpoint response).

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2022-03-03 09:47:34 -05:00
John-Michael Faircloth 14e231563f
db plugin multiplexing: add test coverage (#14330)
* db plugin multiplexing: add test coverage

* refactor: pass factory func directly
2022-03-03 08:40:46 -06:00
ldilalla-HC 230d668144
Update CHANGELOG.md (#14352) 2022-03-03 09:26:23 -05:00
claire bontempo eba23efc9e
fix accidental deletion (#14347) 2022-03-02 14:29:37 -08:00
Chris Capurso 617fbc4caf
specify LIST method in version-history API doc example (#14346) 2022-03-02 16:58:04 -05:00
claire bontempo c8077e52a5
UI/ Client count permissions empty states (#14313)
* fix no data empty states

* add comment

* handle error in component

* adds tests for empty state template

* tidy and fix tests

* Empty state for current tab (#14319)

* update ci.hcl to remove 1.6.x and add in 1.10.x (#14310)

* Fix autoseal health check race by passing metrics sink in CoreConfig (#14196)

* Add empty state for current tab, config off, no read permissions on config

Co-authored-by: Hridoy Roy <roy@hashicorp.com>
Co-authored-by: Scott Miller <smiller@hashicorp.com>

* update selector

* fix test

* remove helper

Co-authored-by: Chelsea Shaw <82459713+hashishaw@users.noreply.github.com>
Co-authored-by: Hridoy Roy <roy@hashicorp.com>
Co-authored-by: Scott Miller <smiller@hashicorp.com>
2022-03-02 10:44:41 -08:00
Jordan Reimer 01738c8a0f
Logout with wrapped token (#14329)
* fixes issue passing wrapped_token query param to logout route

* adds changelog entry
2022-03-02 09:45:53 -07:00