Commit graph

14382 commits

Author SHA1 Message Date
Sai Hemanth Bheemreddy 73160cd074
Add vault-api module (#13048) 2021-12-14 13:32:26 -05:00
Nick Cabatoff 6f99a410be
Bump yarn cache key version so that it uses the new disk layout we've adopted for using cimg/go. (#13420) 2021-12-14 12:43:52 -05:00
Meggie c0b962ecfa
Main go version bump (#13408)
* Go 1.17.2 -> 1.17.5
* Switching to cimg
2021-12-14 11:11:13 -05:00
Mark Lewis 7ee982cb31
Update raftautosnapshots.mdx (#13412) 2021-12-14 08:29:03 -05:00
Pratyoy Mukhopadhyay c6bb8f2767
Add docs about path param restrictions (#13413)
* Add docs about path param restrictions

* Update website/content/api-docs/auth/userpass.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* Update with review suggestion

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>
2021-12-13 17:02:39 -08:00
Steven Clark 0bb0996072
Fix logging statement using formatting args (#13407) 2021-12-13 15:28:35 -05:00
Alexander Scheel 31ff2be589
Add universal default key_bits value for PKI endpoints (#13080)
* Allow universal default for key_bits

This allows the key_bits field to take a universal default value, 0,
which, depending on key_type, gets adjusted appropriately into a
specific default value (rsa->2048, ec->256, ignored under ed25519).

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Handle universal default key size in certutil

Also move RSA < 2048 error message into certutil directly, instead of in
ca_util/path_roles.

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add missing RSA key sizes to pki/backend_test.go

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Switch to returning updated values

When determining the default, don't pass in pointer types, but instead
return the newly updated value.

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add changelog entry

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Re-add fix for ed25519 from #13254

Ed25519 internally specifies a hash length; by changing the default from
256 to 0, we fail validation in ValidateSignatureLength(...) unless we
specify the key algorithm.

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2021-12-13 15:26:42 -05:00
Jason O'Donnell 9674a75a4d
auth/azure: add note about debug env (#13405)
* auth/azure: add note about debug env

* Update azure.mdx

* Update azure.mdx
2021-12-13 14:16:45 -05:00
Ben Ash fc51516ee0
Docs: fix invalid link in the kubernetes auth api doc. (#13399)
* Clean up whitespace
2021-12-13 12:02:52 -05:00
Ben Ash 6ec3367648
Support clearing an identity alias' custom_metadata (#13395)
* Support clearing an identity alias' custom_metadata

Previously, an update to an entity alias supported updating the
custom_metadata as long as the update was not empty, which makes it
impossible to clear the metadata values completely.

Fixes:
- empty custom_metadata parameters are honoured on entity alias update
- update related tests
- drop dependency on mapstructure
- reformat with gofumpt
2021-12-10 18:07:47 -05:00
Chelsea Shaw fe718e99d4
UI/fix client count partial (#13396)
* Initial fix

* Add fallback zero values

* Add changelog

* Fix client count current test
2021-12-10 16:14:57 -06:00
Meggie 5fef269e03
changelog++
Working on a new workflow for generating the preview so I thought I'd leave a note that it's still coming.
2021-12-10 17:08:18 -05:00
Meggie 7c70c4ebf1
Some changelog tidying for 1.10 preview (#13385)
* Some changelog tidying for 1.10 preview

* PR accounted for by different CL entry
2021-12-10 16:23:20 -05:00
Chelsea Shaw ab2ee75701
Fix managed namespace test (#13394)
* Fix managed namespace test

* Remove log
2021-12-10 15:17:54 -06:00
Steven Clark 834f0bd8ee
Fix test validating convergent encryption behaviour across key types (#13371)
- The test was attempting to test the convergent encryption behaviour
  with several key types but the common function never used the passed
  in key type. So we ran the test with the default aes256-gcm96 only.
2021-12-10 12:55:50 -05:00
John-Michael Faircloth 04ce02057a
auth/jwt: update changelog for pkce improvement (#13392) 2021-12-10 11:15:22 -06:00
divyapola5 3488948ccd
CLI changes for new mount tune config parameter allowed_managed_keys (#13255)
* CLI changes for new mount tune config parameter allowed_managed_keys

* Correct allowed_managed_keys description in auth and secrets

* Documentation update for secrets and removed changes for auth

* Add changelog and remove documentation changes for auth

* removed changelog

* Correct the field description
2021-12-10 11:08:28 -06:00
Nick Cabatoff fed74de3fe
Remove another use gopsutil/host. (#13390) 2021-12-10 09:59:52 -05:00
Nick Cabatoff f729dfc18f
Use os.Hostname instead of a dependency that doesn't work on OpenBSD. (#13389) 2021-12-10 08:57:15 -05:00
Meggie 61f1536f3b
Updating website for 1.9.1 (#13378) 2021-12-09 14:51:32 -08:00
Brandon Romano 0726d9445e
Update alert banner (#13375) 2021-12-09 12:09:17 -05:00
Meggie e918ab2034
changelog++ 2021-12-09 12:07:59 -05:00
John-Michael Faircloth 7f78f3357f
auth/jwt: Update plugin to v0.11.3 (#13365)
* auth/jwt: Update plugin to v0.11.3

* add changelog
2021-12-09 07:44:52 -06:00
hghaf099 65845c7531
VAULT-1564 report in-flight requests (#13024)
* VAULT-1564 report in-flight requests

* adding a changelog

* Changing some variable names and fixing comments

* minor style change

* adding unauthenticated support for in-flight-req

* adding documentation for the listener.profiling stanza

* adding an atomic counter for the inflight requests
addressing comments

* addressing comments

* logging completed requests

* fixing a test

* providing log_requests_info as a config option to determine at which level requests should be logged

* removing a member and a method from the StatusHeaderResponseWriter struct

* adding api docks

* revert changes in NewHTTPResponseWriter

* Fix logging invalid log_requests_info value

* Addressing comments

* Fixing a test

* use an tomic value for logRequestsInfo, and moving the CreateClientID function to Core

* fixing go.sum

* minor refactoring

* protecting InFlightRequests from data race

* another try on fixing a data race

* another try to fix a data race

* addressing comments

* fixing couple of tests

* changing log_requests_info to log_requests_level

* minor style change

* fixing a test

* removing the lock in InFlightRequests

* use single-argument form for interface assertion

* adding doc for the new configuration paramter

* adding the new doc to the nav data file

* minor fix
2021-12-08 17:34:42 -05:00
Pratyoy Mukhopadhyay c97c8687f4
[VAULT-3252] Add entity-alias behavior change to docs (#13370)
* Add entity-alias behavior change to docs

* Add upgrade note about entity-alias mapping change

* Rename 1.7-9 upgrade pages, shuffle upgrade note position

* Update website/content/partials/entity-alias-mapping.mdx

Co-authored-by: Meggie <meggie@hashicorp.com>

* Add incorrect policy issue to the docs

* Add example about entity-alias restriction

Co-authored-by: Meggie <meggie@hashicorp.com>
2021-12-08 13:52:51 -08:00
Steven Clark f158382f56
Warn user supplying nonce values in FIPS mode for transit encryption requests (#13366)
* Warn user supplying nonce values in FIPS mode for transit encryption requests

 - Send back a warning within the response if an end-user supplies nonce
   values that we use within the various transit encrypt apis.
 - We do not send a warning if an end-user supplies a nonce value but we
   don't use it.
 - Affected api methods are encrypt, rewrap and datakey
 - The warning is only sent when we are operating in FIPS mode.
2021-12-08 14:37:25 -05:00
Theron Voran bfa008d78f
agent/cache: differentiate open log messages (#13362)
Changes the error output for the second open of the persistent cache
file, to differentiate it from the c.UI.Error message for the initial
open of the cache file, just to make it easier to tell where a problem
occurred.
2021-12-08 10:32:49 -08:00
Matt Schultz 85f5cfc356
Adds support for SHA-3 to transit (#13367)
* Adding support for SHA3 in the transit backend.

* Adds SHA-3 tests for transit sign/verify path. Adds SHA-3 tests for logical system tools path hash functionality. Updates documentation to include SHA-3 algorithms in system tools path hashing.

* Adds changelog entry.

Co-authored-by: robison jacka <robison@packetized.io>
2021-12-08 12:29:33 -06:00
Tom Proctor be07a202d9
Docs to clarify k8s auth options with short-lived tokens (#13275)
* Rework 1.21 content into one heading and add note at top
* Add notes about extended k8s token duration
* Add example of ClusterRoleBinding for using client JWTs
2021-12-08 18:20:24 +00:00
Noel Quiles 19cbda7f90
Update @hashicorp/react-hashi-stack-menu (#13354) 2021-12-07 15:51:10 -05:00
Mike Green 05da506dea
clarify more sink options (#12586) 2021-12-07 12:16:14 -08:00
Calvin Leung Huang 0c5662770d
docs: update custom database sample code (#13211) 2021-12-07 11:10:02 -08:00
mickael-hc 36207b5668
docs: winsvc update recommendations (#13280) 2021-12-07 10:35:13 -08:00
Jordan Reimer c1df15e790
Incorporate Ember Flight Icons (#12976)
* adds ember-flight-icons dependecy

* adds inline-json-import babel plugin

* adds flight icon styling

* updates Icon component to support flight icons

* updates Icon component usages to new api and updates name values to flight icon set when available

* fixes tests

* updates icon story with flight mappings and fixes issue with flight icons not rendering in storybook

* adds changelog

* fixes typo in sign action glyph name in transit-key model

* adds comments to icon-map

* updates Icon component to use only supported flight icon sizes

* adds icon transform codemod

* updates icon transform formatting to handle edge case

* runs icon transform on templates

* updates Icon usage in toolbar-filter md and story

* updates tests
2021-12-07 10:05:14 -07:00
Loann Le 8f7dd0c291
modifed note (#13351) 2021-12-07 08:46:46 -08:00
Steven Clark 94e6a688ff
Add kms_library configuration stanza (#13352)
- Add the kms_library configuration stanza to Vault's command/server
 - Provide validation of keys and general configuration.
 - Add initial kms_library configuration documentation
 - Attempt at startup to verify we can read the configured HSM Library
 - Hook in KmsLibrary config into the Validate to detect typo/unused keys
2021-12-07 09:58:23 -05:00
Harsimran Singh Maan 7178e2c4be
Fix typo (#13355) 2021-12-06 17:23:03 -08:00
Jim Kalafut 22c4ae5933
Rename master key to root key (#13324)
* See what it looks like to replace "master key" with "root key".  There are two places that would require more challenging code changes: the storage path `core/master`, and its contents (the JSON-serialized EncodedKeyringtructure.)

* Restore accidentally deleted line

* Add changelog

* Update root->recovery

* Fix test

Co-authored-by: Nick Cabatoff <ncabatoff@hashicorp.com>
2021-12-06 17:12:20 -08:00
Heather Simon 04d634d9d2 Merge branch 'main' of https://github.com/hashicorp/vault 2021-12-06 10:09:49 -08:00
Anthony (Ryo) Wright bcd29f2b68
Fix null token type bug (#13236)
* Fixed null token panic from 'v1/auth/token/' endpoints and returned proper error response

* Fixed panic resulting from null token_type in /auth/token/roles/{role_name} to returne proper error response

* added changelog entry for PR #13236

* edit changelog entry for PR #13236
2021-12-06 09:38:53 -08:00
claire labry b59f8b8b4c
adding CRT to main branch (#13088)
* adding CRT to main branch

* cleanup

* um i dont know how that got removed but heres the fix

* add vault.service

Co-authored-by: Kyle Penfound <kpenfound11@gmail.com>
2021-12-06 11:06:22 -05:00
Noel Prince b4d86a13c1
improve "x_forwarded_for_hop_skips" example (#12463)
Currently the example given results in 2.3.4.5 if it is indexed from other side. This new example prevents confusion because it is now clear which side x_forwarded_for_hop_skips is indexing from
2021-12-06 10:56:51 -05:00
Heather Simon f44dbce609 Typo fix in 1.9 Release Notes
Fixes a typo in "Vault Agent improvements"
2021-12-03 14:02:16 -08:00
Angel Garbarino 283dcd0aef
GetCredentials Bug fix (#13336)
* the fix

* test coverage
2021-12-03 14:59:42 -07:00
Zachary Shilton c562977522
website: fix print styles by bumping deps (#12894)
* website: fix print styles by bumping deps

* website: remove old highlight js prints style code

* fix: hashi-stack-menu selector
2021-12-03 11:51:49 -05:00
Loann Le 21b01b71a6
Vault documentation: updated client count FAQ document (#13330)
* modified based on feedback

* Update faq.mdx

fixed text
2021-12-02 11:21:56 -08:00
Jim Kalafut 9ed05c3ff5
Fix doc build (#13329)
path-help.mdx is now the reference for help.
2021-12-02 08:31:56 -08:00
Eugene R c2a92cd351
Fix possible nil pointer dereference (#13318) 2021-12-02 08:23:41 -05:00
Jim Kalafut f0f4c2886a
Unhide or remove docs sidebar elements (#13198)
A few sidebar elements are hidden for unknown reasons. If we have a
reason to keep them hidden (vs deleting the element and associated docs),
maybe we could add `"_comment":"Hidden because ..."` to them.

A few other elements were definitely obsolete so I've removed them.
2021-12-01 16:58:28 -08:00
Rowan Smith a78721dbfe
update custom headers to mention 1.9 is required (#13155)
* update custom headers to mention 1.9 is required

Per https://github.com/hashicorp/vault/blob/main/CHANGELOG.md#190-rc1 the custom response headers are a new feature introduced in 1.9, meaning we should explicitly call out this version requirement in documentation, otherwise users of earlier versions of Vault will unable to use the functionality and may consider it a bug.

* Update website/content/docs/configuration/listener/tcp.mdx

reads better, agreed

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>
2021-12-01 10:48:06 -08:00