Commit graph

15308 commits

Author SHA1 Message Date
Chris Capurso 76bc7a25b8
add missing patch capability to policy docs (#15704) 2022-06-03 15:40:47 -04:00
Kit Haines 4f532ecc4d
Support for CPS URLs in Custom Policy Identifiers. (#15751)
* Support for CPS URLs in Custom Policy Identifiers.

* go fmt

* Add Changelog

* Fix panic in test-cases.

* Update builtin/logical/pki/path_roles.go

Fix intial nil identifiers.

Co-authored-by: Steven Clark <steven.clark@hashicorp.com>

* Make valid policy OID so don't break ASN parse in test.

* Add test cases.

* go fmt.

Co-authored-by: Steven Clark <steven.clark@hashicorp.com>
2022-06-03 14:50:46 -04:00
Arnav Palnitkar f293d112e4
Integration tests for mfa method form (#15777)
* Integration tests for mfa method form

* Fix radio value in tests

* Update tests
2022-06-03 11:08:57 -07:00
VAL 3cfafe619b
KV helpers for DeleteMetadata, Undelete, Destroy, and Rollback (#15637)
* KV helpers for DeleteMetadata, Undelete, Destroy, and Rollback

* Allow rollback when no secret data on latest version, and update error messages
2022-06-03 10:42:43 -07:00
Hridoy Roy e64d7df041
refactor some code in modifyResponseMonths and ensure that the last mo… (#15767)
* refactr some code in modifyResponseMonths and ensure that the last month comparison with end is comparing end of month with end of month

* calibrate end of month apropriately and fix parens issue for lastmonth
2022-06-03 10:34:54 -07:00
Hridoy Roy 671aaf1fe0
iterate through all available logs for precomputation and query gets (#15768) 2022-06-03 09:53:53 -07:00
akshya96 fece4cf9ac
File Audit Mode 0000 bug (#15759)
* adding file mode changes

* add changelog

* adding error

* adding fmt changes
2022-06-03 09:17:41 -07:00
Alexander Scheel 03efc71e62
Update to fixed parseutil v0.1.6 (#15774)
Note that this only really applies to the SSH engine, nothing else uses
this helper. Other go.mod's updated for consistency.

See also: https://github.com/hashicorp/go-secure-stdlib/pull/40

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2022-06-02 17:31:45 -04:00
Angel Garbarino 178292f807
Glimmerize components using outer-html (#15744)
* alert-popup glimmerize:

* glimmerize block-error

* logo splash and wizard section

* remove template only

* pr comments
2022-06-02 14:40:17 -06:00
Angel Garbarino dc2f1f98b2
Glimmerizing StatusMenu/SelectableCard/PkiCertPopup (#15716)
* glimmerize status-menu

* selectable card start

* finish selectable card

* test fix

* pki-cert-popup glimmerize

* cleanup

* small fix

* nit

* one more nit

* pr comments
2022-06-02 14:40:04 -06:00
Chelsea Shaw c67f4927b2
Revert UI: replace localStorage with sessionStorage (#15769)
* Revert UI: replace localStorage with sessionStorage

* Add changelog
2022-06-02 15:19:57 -05:00
Nick Cabatoff c15f524993
Add details to CHANGELOG and 1.10 upgrade note regarding new 412 error response resulting from SSCTs. (#15770) 2022-06-02 16:16:28 -04:00
Loann Le e576a8fc48
update sample code (#15765) 2022-06-02 10:58:50 -07:00
Alexander Scheel 9a3a7d40ca
Fix copy/paste typo in PKI key generation docs (#15761)
As caught by Ivana, thank you!

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2022-06-02 13:21:35 -04:00
Loann Le 6201506456
added link to tutorial (#15762) 2022-06-02 10:15:21 -07:00
Steven Clark 0b6781e3b9
PKI: Only set issuers with an associated key as default on import (#15754)
- Do not set the first issuer we attempt to import as the default issuer unless
   it has a corresponding key.
 - Add the ability to set a default issuer if none exist and we import it's corresponding key after the fact.
 - Add a warning to an end-user if we imported multiple issuers with keys and we
   choose one of them as the default value.
2022-06-02 12:59:07 -04:00
Alexander Scheel ab10435ab7
More PKI docs updates (#15757)
* Add missing key_ref parameter to gen root docs

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add API docs section on key generation

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add note about managed key access

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2022-06-02 12:42:56 -04:00
Arnav Palnitkar ad1796680e
Fixed mfa method acceptance tests (#15756) 2022-06-02 10:33:24 -06:00
Loann Le da09b3d62d
Vault documentation: vault overview page proposal (#15569)
* updated vault overview page

* add images

* replace the image with clearer one

* removed video

* testing image size

* modified based on writer feedback

* Add more description about HCP Vault (#15588)

* added more content

* testing diagram size

* added new image file

* marketing-modified-image

* cleaned up text

* updated link

* Update what-is-vault.mdx

updated text

* incorporated feedback

* Update website/content/docs/what-is-vault.mdx

Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>

* Update website/content/docs/what-is-vault.mdx

Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>

* Update website/content/docs/what-is-vault.mdx

Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>

* Update website/content/docs/what-is-vault.mdx

Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>

* Update website/content/docs/what-is-vault.mdx

Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>
Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
2022-06-01 15:32:30 -07:00
Christopher Swenson 9de0dbaef9
Add note about X.509 SHA-1 deprecation to relevant plugins (#15672)
Add note about X.509 SHA-1 deprecation to relevant plugins

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>
2022-06-01 12:41:11 -07:00
Arnav Palnitkar 5bd83196dc
Option to show radio button in form field (#15715)
* Option to show radio button in form field

- For possible value, now we can render either dropdown or radio buttons
- Drop down will be used for larger data set, whereas radio buttons should
  be used when we have only couple of options (example totp mfa)
- Added test for radio button functionality
- Added missing test for ttl without toggle

* Dasherize radio button ids

* Fix tests
2022-06-01 12:10:15 -07:00
Steven Clark 95b1971193
Only use additional entropy source when configured within transit and sys random (#15734)
- When an end-user specifies the all source type within
   transit/random and sys/tools/random, only use the additional source
   if we are actually configured with an external entropy source
2022-06-01 14:56:39 -04:00
claire bontempo c07ab7047e
UI/1.11 client tests (#15658)
* date formatters test

* add mirage to client history test

* use mirage for client tests

* update assertions

* convert to using pretender

* finish client history tests

* remove pretender, use mirage

* re-add flaky test

* add todos

* finish tests

* update month response

* update plot count
2022-06-01 11:42:05 -07:00
Hridoy Roy a5f70d7fe0
fix off by one error in activity log nil padding for month data (#15731) 2022-06-01 11:09:06 -07:00
Christopher Swenson a49f1b9e6b
Update AWS auth method certificates (#15719)
Update AWS auth method certificates

Add tests that the `rsa2048` document can also be verified using the
`pkcs7` field for AWS auth.

Due to the use of SHA-1-based signatures for the `identity` and `pkcs7`
methods, we want to encourage moving toward using the RSA 2048 workflow,
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/verify-rsa2048.html

This doesn't require code changes for Vault necessarily, but adding in
the (many) certificates will help end users.

Also adds `rsa2048` option to API to fetch the RSA 2048 signature.

I will make a PR to update to the AWS auth docs to document the RSA 2048
flow soon after this.
2022-06-01 10:26:17 -07:00
amcbarnett 413cc2e4c0
Update fips1402.mdx (#15598)
* Update fips1402.mdx

Added Link to new Compliance letter and details on what makes this different from Seal Wrap

* Update website/content/docs/enterprise/fips/fips1402.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* Update website/content/docs/enterprise/fips/fips1402.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* Update website/content/docs/enterprise/fips/fips1402.mdx

* Update website/content/docs/enterprise/fips/fips1402.mdx

* Update website/content/docs/enterprise/fips/fips1402.mdx

* Update website/content/docs/enterprise/fips/fips1402.mdx

* Update website/content/docs/enterprise/fips/fips1402.mdx

Co-authored-by: Alexander Scheel <alexander.m.scheel@gmail.com>
Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>
2022-06-01 11:02:11 -04:00
VAL ed7c1d4800
Add Patch KV helper (#15587)
* Add Read methods for KVClient

* KV write helper

* Add changelog

* Add Delete method

* Use extractVersionMetadata inside extractDataAndVersionMetadata

* Return nil, nil for v1 writes

* Add test for extracting version metadata

* Split kv client into v1 and v2-specific clients

* Add ability to set options on Put

* Add test for KV helpers

* Add custom metadata to top level and allow for getting versions as sorted slice

* Update tests

* Separate KV v1 and v2 into different files

* Add test for GetVersionsAsList, rename Metadata key to VersionMetadata for clarity

* Move structs and godoc comments to more appropriate files

* Add more tests for extract methods

* Rework custom metadata helper to be more consistent with other helpers

* Remove KVSecret from custom metadata test now that we don't append to it as part of helper method

* Add Patch KV helper

* Add godoc comment and use WithOption ourselves in other KVOption functions

* Clean up options-handling and resp parsing logic; add more tests

* Add constants and more patch tests
2022-06-01 07:50:56 -07:00
claire bontempo eaf5aabd2c
UI/client history binary bug (#15714)
* fix null mapping bug

* add test

* add test
2022-06-01 07:14:07 -07:00
Pratik Khasnabis af5e65e9bd
Update to fix the concept of root key, which is not sharded as written here. (#15726)
This explanation of root key is incorrect. Root key is not sharded and reconstructed. The root key is encrypted by the unseal key which is sharded and reconstructed back in the unsealing process.
The explanation differed from the correct one at https://www.vaultproject.io/docs/concepts/seal
2022-06-01 09:54:26 -04:00
Robert d3654dd55c
Update terraform secrets to v0.5 (#15721) 2022-05-31 20:26:50 -05:00
Loann Le 47fc5311e8
updated learn link (#15717) 2022-05-31 14:55:06 -07:00
linda9379 1996707b94
Removed red spellcheck underline that appears for sensitive values (#15681)
* Removed red spellcheck underline for sensitive and secret KV values

* Added changelog file

* Moved spellcheck change into masked-input component file so that spellcheck does not apply for all sensitive fields
2022-05-31 17:00:34 -04:00
Tom Proctor 1c2f3c8ddf
docs: Improve sample commands for querying k8s API (#15686) 2022-05-31 21:20:31 +01:00
Steven Clark 2e215975ff
Add integration tests for aliased PKI paths (root/rotate, root/replace) (#15703)
* Add integration tests for aliased PKI paths (root/rotate, root/replace)

 - Add tests for the two api endpoints
 - Also return the issuer_name field within the generate root api response

* Add key_name to generate root api endpoint response and doc updates

 - Since we are now returning issuer_name, we should also return key_name
 - Update the api-docs for the generate root endpoint responses and add
   missing arguments that we accept.
2022-05-31 15:00:20 -04:00
Hamid Ghaf bf087f9d0d
prevent deleting MFA method through an invalid path (#15482)
* prevent deleting MFA method through an invalid path

* Adding CL
2022-05-31 14:22:04 -04:00
Angel Garbarino e9595f8f5f
Glimmerize SplashPage component (#15697)
* glimmerize

* clean up
2022-05-31 11:28:52 -06:00
Austin Gebauer 7a88c86db2
auth/gcp: adds documentation for custom endpoint overrides (#15673) 2022-05-31 10:16:24 -07:00
Nick Cabatoff 69c5e8c946
Avoid deadlocking on stateLock in emitMetrics (#15693)
When stopCh is closed we should stop trying to get the lock.
2022-05-31 12:15:39 -04:00
Violet Hynes 4aac96238c
VAULT-6131 OpenAPI schema now includes /auth/token endpoints when explicit permission has been granted (#15552)
* VAULT-6131 OpenAPI schema now includes /auth/token endpoints when explicit permission has been granted

* VAULT-6131 add changelog

* VAULT-6131 Update changelog and fix related bug
2022-05-31 11:25:27 -04:00
Jim Kalafut c9a0fdb4ff
Fix K8s secrets docs typo (#15695) 2022-05-31 08:10:15 -07:00
Steven Clark 69296e9edf
Add a little more information about PKI and replicated data sets to the PKI docs. (#15683)
* Add a little more information about PKI and replicated data sets.

 - Add a TOC to the PKI considerations page
 - Merge in the existing certificate storage into a new Replicated DataSets
   section
 - Move the existing Cluster Scalability section from the api-docs into the
   considerations page.
2022-05-31 10:04:51 -04:00
Alexander Scheel 1331c2aa12
Add recommendations on key types and PKI performance (#15580)
* Add recommendations on key types and PKI performance

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Update website/content/docs/secrets/pki/considerations.mdx

Co-authored-by: Steven Clark <steven.clark@hashicorp.com>

Co-authored-by: Steven Clark <steven.clark@hashicorp.com>
2022-05-31 09:21:16 -04:00
Nick Cabatoff ea099fdffd
Like #15682 but this time fix the correct test, i.e. TestRateLimitQuota_Allow (#15684) 2022-05-30 15:08:01 -04:00
Nick Cabatoff 8c2b69f961
Spawn fewer goroutines to make TestRateLimitQuota_Allow less vulnerable to scheduler. (#15682) 2022-05-30 13:33:41 -04:00
akshya96 4c45c909ee
adding documentaion changes (#15656) 2022-05-27 15:08:19 -07:00
Jordan Reimer 5b1172ad7b
MFA method acceptance tests (#15665)
* adds acceptance tests for mfa config login enforcement workflows

* adds acceptance tests for mfa config method workflows

* reverts masked-input test selector changes

* fixes test failures
2022-05-27 14:49:44 -06:00
Robert 3c057205ab
secrets/openldap: Update plugin to v0.8.0 (#15667) 2022-05-27 14:29:02 -05:00
Matt Schultz 76086e2bb4
Updated base64 encoding of ciphertext for Transit BYOK import. (#15663) 2022-05-27 11:52:43 -05:00
Theron Voran e2a15cae83
secrets/kubernetes: update to v0.1.1 (#15655) 2022-05-26 15:44:03 -07:00
Angel Garbarino 5abe12f4a6
Test for MFA end user setup (#15578)
* test for status menu

* first test setup

* next test

* test1

* test2

* test3

* test4

* test5

* test6

* test7

* test8

* please:
2022-05-26 14:13:47 -06:00