Commit graph

16196 commits

Author SHA1 Message Date
Nick Cabatoff d5e0353696
Fix unsafe access to perf standby status from systemview (#17186)
Ensure that we don't try to access Core.perfStandby or Core.PerfStandby() from dynamicSystemView, which might be accessed with or without stateLock held.
2022-10-05 08:56:36 -04:00
Tom Proctor 3aa2fe8d8f
Plugins: Tighten requirements for multiplexing (#17403)
Change the multiplexing key to use all `PluginRunner` config (converted to a struct which is comparable), so that plugins with the same name but different env, args, types, versions etc are not incorrectly multiplexed together.

Co-authored-by: Christopher Swenson <christopher.swenson@hashicorp.com>
2022-10-05 09:29:29 +01:00
Peter Wilson 138c516498
Update plugin consul template v0.29.5 (#17419)
* Updated consul-template to v0.29.5
2022-10-04 22:34:28 +01:00
Jaymala 2321226d82
Update Vault version verification integration test (#17377)
* Update Vault version verification integration test

Signed-off-by: Jaymala Sinha <jaymala@hashicorp.com>

* Refactor to validate artifact build date

Signed-off-by: Jaymala Sinha <jaymala@hashicorp.com>

* Address review comments

Signed-off-by: Jaymala Sinha <jaymala@hashicorp.com>

* Fix capitalization in variable descriptions

Signed-off-by: Jaymala Sinha <jaymala@hashicorp.com>

Signed-off-by: Jaymala Sinha <jaymala@hashicorp.com>
2022-10-04 16:08:26 -04:00
Angel Garbarino 345c65ff04
Bug Fix for Kymgmt keyType on default (#17407)
* the fix

* add test coverage

* changelog

* removes comment
2022-10-04 13:14:25 -06:00
Mike Palmiotto 805843beaa
changelog: fix 1.12.0-rc1, 1.11.4, 1.10.7, 1.9.10 (#17408)
* Update changelog with correct SHAs.
* Clean up some formatting.
2022-10-04 14:51:47 -04:00
Josh Black c7d8e7c7f6
Raft index telemetry and docs (#17397)
* add raft index to telemetry

* add definitions and defaults to both autopilot pages

* adjust messages

* Revert "add raft index to telemetry"

This reverts commit 010b091c7e35c1da677567746db90b490ca707ab.
2022-10-04 11:46:11 -07:00
Violet Hynes 6fddb953e9
VAULT-8631 Upgrade vault-plugin-secrets to v0.13.3, to enable synchronous KVV2 creation (#17406)
* VAULT-8631 Upgrade vault-plugin-secrets to v0.13.2

* VAULT-8631 Update version, go mod tidy

* VAULT-8631 Add changelog
2022-10-04 13:54:38 -04:00
Renato Costa ea1257be2e
fix incorrect use of loop variable (#16872)
This fixes a couple of references to loop variables in parallel tests
and deferred functions. When running a parallel test (calling
`t.Parallel()`) combined with the table-driven pattern, it's necessary
to copy the test case loop variable, otherwise only the last test case
is exercised. This is documented in the `testing` package:

https://pkg.go.dev/testing#hdr-Subtests_and_Sub_benchmarks

`defer` statements that invoke a closure should also not reference a
loop variable directly as the referenced value will change in each
iteration of the loop.

Issues were automatically found with the `loopvarcapture` linter.
2022-10-04 09:23:37 -04:00
Christopher Swenson ff8d8338cc
docs: Add docs for PKCS#11 provider (#17312)
docs: Add docs for PKCS#11 provider

The PKCS#11 provider is being released shortly.
This moves over the preliminary docs and cleans them up.

I added them as a new section under "Vault Enterprise" ->
"PKCS#11 Provider", but I am open to suggestion on if there is a
better place for them, e.g., "Platforms", or somehow merging
with "Vault Enterprise" -> "HSM"?

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>
Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>
2022-10-03 11:11:46 -07:00
claire bontempo 9cc2f52bc1
UI: Glimmerize search select component (#17276)
* initial commit for glimmerizing search-select

* fix credentials card tests

* WIP/fixing manually passed in options

* note for small change made in other PR

* still a work in progress, but maybe fixed some tests...maybe

* fix path filter config tests

* remove comments

* clean up merge conflicts

* remove redundant subLabel

* remove subLabel, change default label to form field size

* split up format method

* cleanup, try to keep types consistent

* change logic for ss lable

* remove comment

* cleanup naming

* fix incorrect glimmer change

* refactor to allow for parent handling selected options

* update jsdoc and reogranize functions

* add test to path filter config

* address comments, small cleanup

* add test for path filter config ss

* rearrange functions so git diff is easier to compare

* change isNotSectionHeader to isSectionHeader

* add more explicit test coverage, tidying for search select

* small doc tidy

* add comments, one more test! last cleanup!

* fix search select tests
2022-10-03 11:01:34 -07:00
Divya Pola bc9be4064b
Add documentation for KMIP features implemented in 1.12 (#17294)
* Add documentation for KMIP features implemented in 1.12

* Add documentation for kmip-profiles

* Address PR review feedback

* PR review feedback - update links, add intro and remove collapsed tables

* Add PR review feedback
2022-10-03 12:39:04 -05:00
Steven Clark 10ecf10248
PKI: Add support for signature_bits param to the intermediate/generate api (#17388)
* PKI: Add support for signature_bits param to the intermediate/generate api

 - Mainly to work properly with GCP backed managed keys, we need to
   issue signatures that would match the GCP key algorithm.
 - At this time due to https://github.com/golang/go/issues/45990 we
   can't issue PSS signed CSRs, as the libraries in Go always request
   a PKCS1v15.
 - Add an extra check in intermediate/generate that validates the CSR's
   signature before providing it back to the client in case we generated
   a bad signature such as if an end-user used a GCP backed managed key
   with a RSA PSS algorithm.
   - GCP ignores the requested signature type and always signs with the
     key's algorithm which can lead to a CSR that says it is signed with
     a PKCS1v15 algorithm but is actually a RSA PSS signature

* Add cl

* PR feedback
2022-10-03 12:39:54 -04:00
Austin Gebauer fdc6e2e46a
auth/oidc: fix documentation link anchors for Google Workspace integration (#17379) 2022-10-03 09:09:35 -07:00
Loann Le b7bcd61a42
Vault documentation: release notes for 1.12 (#17237)
* added new release notes

* new rns

* added changelog link

* incorporated feeedback

* Update website/content/docs/release-notes/1.12.0.mdx

Co-authored-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Incorporated additional changes

* Update website/content/docs/release-notes/1.12.0.mdx

Co-authored-by: Calvin Leung Huang <1883212+calvn@users.noreply.github.com>

* Update website/content/docs/release-notes/1.12.0.mdx

Co-authored-by: Calvin Leung Huang <1883212+calvn@users.noreply.github.com>

* Removed TFVP and added Redis and Elasticache to the release highlights

* Update website/content/docs/release-notes/1.12.0.mdx

Co-authored-by: Calvin Leung Huang <1883212+calvn@users.noreply.github.com>

* Update website/content/docs/release-notes/1.12.0.mdx

Co-authored-by: Calvin Leung Huang <1883212+calvn@users.noreply.github.com>

* Update website/content/docs/release-notes/1.12.0.mdx

Co-authored-by: Calvin Leung Huang <1883212+calvn@users.noreply.github.com>

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>
Co-authored-by: Alexander Scheel <alex.scheel@hashicorp.com>
Co-authored-by: Calvin Leung Huang <1883212+calvn@users.noreply.github.com>
2022-10-03 08:36:02 -07:00
Steven Clark bb1d36f401
PKI: Do not load revoked certificates if CRL has been disabled (#17385)
* PKI: Do not load revoked certificates if CRL has been disabled

 - Restore the prior behavior of not reading in all revoked certificates
   if the CRL has been disabled as there might be performance issues
   if a customer had or is still revoking a lot of certificates.

* Add cl
2022-10-03 10:04:32 -04:00
Alex Cahn 9542cffa65
Updating the VIP..again (#17375)
* Updating the VIP..again

* Update website/content/docs/partnerships.mdx

Co-authored-by: Calvin Leung Huang <1883212+calvn@users.noreply.github.com>

Co-authored-by: Calvin Leung Huang <1883212+calvn@users.noreply.github.com>
2022-09-30 17:02:34 -07:00
Tony Wittinger 4d6ee9de61
Updated CHANGELOG.md
Updated the changelog with 1.9.10, 1.10.7, 1.11.4, and 1.12.0-rc1 changes
2022-09-30 16:39:12 -07:00
Angel Garbarino 4cfd47d5fb
Fix small TtlPIcker2 bug (#17376)
* fix

* add changelog

* wrong file name for changelog

* update from what core responded with re: type duration
2022-09-30 18:28:27 -04:00
Jordan Reimer 25f4cfac6b
removes hcp link ui changelog entry (#17373) 2022-09-30 12:10:13 -06:00
Tom Proctor 4bd5af87f4
Plugins: Fix file permissions check to always use the correct path (#17340)
* Add failing test for when command != plugin name
* wrapFactoryCheckPerms uses pluginCatalog.Get to fetch the correct command
* Use filepath.Rel for consistency with plugin read API handler
2022-09-30 10:33:31 +01:00
Peter Wilson 42ba1384ff
Added flag and env var which will disable client redirection (#17352)
* Added flag and env var which will disable client redirection

* Added changelog

* Docs fix for unsaved file, and test single request made

* Updated test for case when redirect is enabled, updated docs based on suggestions
2022-09-30 09:29:37 +01:00
vinay-gopalan c88d53c708
fix: remove premature GRPC client connection close from vault (#17321) 2022-09-29 14:11:34 -07:00
Mike Palmiotto ff793895c9
build: Update VAULT_BUILD_DATE to use product-metadata job output (#17366)
* Temporarily continue on error retruned from Enos destroy

Signed-off-by: Jaymala Sinha <jaymala@hashicorp.com>
Co-authored-by: Jaymala Sinha <jaymala@hashicorp.com>
2022-09-29 16:55:44 -04:00
Mike Palmiotto 0078822d1d
core: Parse VAULT_ALLOW_PENDING_REMOVAL_MOUNTS as bool (#17319)
* core: Parse VAULT_ALLOW_PENDING_REMOVAL_MOUNTS as bool

* docs: Update VAULT_ALLOW_PENDING_REMOVAL_MOUNTS doc
2022-09-29 14:35:52 -04:00
Loann Le e27204c57b
updated table for 1.12 release (#17362) 2022-09-29 10:47:58 -07:00
Tom Proctor 12ca81bc9b
cli/api: Update plugin listing to always include version info in the response (#17347) 2022-09-29 18:22:33 +01:00
Angel Garbarino e9c2332ee5
PKI role create view (#17263)
* dynamically render the secretlistheader in the parent route.

* start getting form setup even without openAPi working

* add in create and cancel

* making openAPI work

* add default openAPI params

* wip for new component with two radio options a ttl and input

* handle createRecord on pki-roles-form

* remove tooltips and cleanup

* move formfieldgroupsloop back to non addon

* cleanup

* move secretListHeader

* broadcast from radioSelectTtlOrString to parent

* cleanup

* cleanup from pr comments

* more cleanup

* addressing Jordans comments

* use formFieldGroupsLoop move into addon.

* cleanup
2022-09-28 15:11:13 -07:00
Jordan Reimer e5fea11a8d
adds title to modal background test selector -- fixes add secondary replication test (#17354) 2022-09-28 15:56:46 -06:00
Peter Wilson e307450c63
fix: upgrade vault-plugin-secrets-kv to v0.13.1 (#17339)
* fix: upgrade vault-plugin-secrets-kv to v0.13.1

* Added changelog

* Update changelog/17339.txt

Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com>

Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com>
2022-09-28 18:36:10 +01:00
mickael-hc e885ccfd8c
fix formatting for note in audit section (#17335) 2022-09-28 10:17:36 -07:00
Nick Cabatoff 3950abde9e
Fix incorrect Go version for next 1.12.0 2022-09-28 09:53:29 -04:00
Steven Clark 1f459a2df6
PKI: Fix managed key signatures when using specified signature_bits (#17328)
* PKI: Fix managed key signatures when using specified signature_bits

 - When calling sign-intermediate and other apis with signature_bits
   value overridden with a backing managed key we did not use that
   value as tests for the private key type were not working.

* Add cl
2022-09-28 09:08:23 -04:00
akshya96 542570c289
Return errInvalidCredentials when wrong credentials is provided for existent users (#17104)
* adding errInvalidCredentials

* fixing tests

* add changelog

* fixing fmt errors

* test if routeErr is seen externally and fixing error comment

* adding fmt changes

* adding comments
2022-09-27 16:49:14 -07:00
Alexander Scheel ccdd55529c
Remove delta indicator on main CRL (#17334)
When adding delta CRL support, we unconditionally added the delta
indicator extension to the main CRL. We shouldn't have done this, and
instead only added it conditionally when we were building delta CRLs.

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2022-09-27 17:44:38 -04:00
Alexander Scheel f463b3d3e8
Increase sleep to fix CI cert auth test failure (#17332)
The periodic function only runs every 50ms, so waiting 60ms means we
might not be done fetching the CRL on slower CI systems or with high
test parallelism.

Tested with:

> untilfail -parallel=-9 ../../../cert.test -test.run=TestCRLFetch -test.count=1 -test.v

And shown to reliably fail before, fixed after.

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2022-09-27 17:44:27 -04:00
Steven Clark c746befced
Update docs for new test/sign params for managed key api and GCP parameters (#17323)
* Update docs for new test/sign params for managed key api

 - The existing test/sign managed key api now has two new api params
   allowing an operator to specify to use RSA PSS signatures (use_pss)
   and to specify the hashing algorithm to use (hash_algorithm)

* Remove duplicate GCP signing algo entry

* Formatting nits and mention the key_ring for GCP needs to exist prior to usage

* Add some additional GCP environment vars
2022-09-27 16:17:44 -04:00
mickael-hc feddc21019
docs: clarify json types and workaround (#17318)
* docs: clarify json types and workaround

* Apply suggestions from code review

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>
2022-09-27 15:35:41 -04:00
Tom Proctor 6bad04908a
Plugin versioning changelog entries (#17322) 2022-09-27 16:24:21 +01:00
Violet Hynes 5bc85b08ef
VAULT-8144 Improve docs around exec (#17316)
* VAULT-8144 Improve docs around exec

* VAULT-8144 Add justification
2022-09-26 14:39:49 -04:00
Alexander Scheel 3eaa4b0d75
Write explicit -help output to stdout (#17308)
* Write explicit -help output to stdout

Per the consensus of most programs, and mirroring the GNU Coding
Standards for CLI design, when users request -help explicitly via the
CLI, this should be written to stdout to allow paging of output. stderr
is fine when an invalid usage triggers the help text however.

In our case, mitchellh/cli helpfully adds a HelpWriter that we
previously set to stderr explicitly. This writer is only called to print
user-requested help text; it is not called on error cases (e.g., bad
usage triggering additional help text to the user).

Thus it should safely be settable to stdout, enabling pagers without
additional redirects.

Notably, we do have to set ErrorWriter as it defaults to initializing to
the value of HelpWriter, which we want to set to stdout now, which is
less useful.

See also: https://www.gnu.org/prep/standards/html_node/_002d_002dhelp.html
Resolves: #17004

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add changelog

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2022-09-26 12:15:48 -04:00
Violet Hynes 5bcd0c31cb
VAULT-6938 Remove license from being cache exempt (#17265)
* VAULT-6938 Remove license from being cache exempt

* VAULT-6938 Add changelog

* VAULT-6938 Typo in changelog name

* Update changelog/17265.txt

Co-authored-by: Nick Cabatoff <ncabatoff@hashicorp.com>

Co-authored-by: Nick Cabatoff <ncabatoff@hashicorp.com>
2022-09-26 10:26:07 -04:00
Josh Brand 6703c1e673
Enos: Add missing tags and use az_finder for AZs to Autopilot scenario (#17309) 2022-09-23 16:19:16 -04:00
Christopher Swenson 9d0e4986c2
Builtin plugins cannot be overridden in mounts (#17304)
Builtin plugins cannot be overridden in mounts

Before versioning, plugins with the same names as builtins (e.g., "kv")
could be registered, but trying to mount them would always use the
builtin versions.

With versioning, we still allow registering plugins with the same name
as a builtin. However, if the user tries to mount a versioned plugin
with the same name as a builtin, and specifies the non-builtin version
be used, we return an error.

Otherwise the user would see a confusing situation where the one or
both of the Version and RunningVersion would say they were using
the user-requested version, but in reality were using the builtin
version.

Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com>
2022-09-23 13:14:37 -07:00
Tom Proctor c778f2d822
Plugins: Handle plugins that may be registered with a slash in their name (#17301) 2022-09-23 20:00:10 +01:00
Milena Zlaticanin 89aa236bc5
docs/api-docs for Redis (#17029)
* docs/api-docs for Redis

* update doc

* add navigation to the docs

* Update website/content/api-docs/secret/databases/redis.mdx

Co-authored-by: Austin Gebauer <34121980+austingebauer@users.noreply.github.com>

* Update website/content/docs/secrets/databases/redis.mdx

Co-authored-by: Austin Gebauer <34121980+austingebauer@users.noreply.github.com>

* update setup list and lang tag for shell code blocks

* update language tag

* update based on suggestions

* update docs to include tls params

* add plugin to the plugin portal doc

* add -

* update api-docs-nav-data.json

* update field name

* Update website/content/docs/secrets/databases/redis.mdx

Co-authored-by: Robert <17119716+robmonte@users.noreply.github.com>

* Update website/content/docs/secrets/databases/redis.mdx

Co-authored-by: Robert <17119716+robmonte@users.noreply.github.com>

* Update website/content/docs/secrets/databases/redis.mdx

Co-authored-by: Robert <17119716+robmonte@users.noreply.github.com>

* Update website/content/docs/secrets/databases/redis.mdx

Co-authored-by: Robert <17119716+robmonte@users.noreply.github.com>

* Update website/content/api-docs/secret/databases/redis.mdx

Co-authored-by: Robert <17119716+robmonte@users.noreply.github.com>

* update docs

Co-authored-by: Austin Gebauer <34121980+austingebauer@users.noreply.github.com>
Co-authored-by: Robert <17119716+robmonte@users.noreply.github.com>
2022-09-23 10:25:43 -05:00
Chris Capurso 073018e372
fix namespace patch not found error message (#17242)
* fix namespace patch not found error message

* handle 404 in namespace patch cmd
2022-09-23 10:41:11 -04:00
Jordan Reimer efe5193a59
HCP Link Status Parsing and Modal Update (#17279)
* updates hcp link status parsing for new format and updates to modal view

* fixes missing wormhole in tests

* fixes transit backend tests

* reverts adding wormhole to LinkStatus for testing and instead adds it to impacted tests
2022-09-23 08:18:20 -06:00
Alexander Scheel 0c76168d3d
Add note about issuer naming and CRLs (#17298)
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2022-09-23 10:04:54 -04:00
Alexander Scheel 3015689848
Update tlsutil to v0.1.2 for ecdsa algo naming (#17282)
* Update tlsutil in sdk

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Update tlsutil in API

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Update tlsutil to v0.1.2 for ecdsa algo naming

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2022-09-23 08:28:40 -04:00