Commit graph

14417 commits

Author SHA1 Message Date
Michael Boulding 79662d0842
Patch to support VAULT_HTTP_PROXY variable (#12582)
* patch to support VAULT_HTTP_PROXY variable

* simplify the proxy replacement

* internal code review

* rename to VAULT_HTTP_PROXY, apply within ReadEnvironment

* clean up some unintended whitespace changes

* add docs for the new env variable and a changelog entry

Co-authored-by: Dave Du Cros <davidducros@gmail.com>
2021-10-06 09:40:31 -07:00
VAL 1549af7e53
Add links to vault-examples repo (#12740) 2021-10-05 10:15:01 -07:00
Anner J. Bonilla 8c29f49e1a
Add support for ed25519 (#11780)
* update azure instructions

Update instructions in regards to azure AD Authentication and OIDC

* Initial pass of ed25519

* Fix typos on marshal function

* test wip

* typo

* fix tests

* missef changelog

* fix mismatch between signature and algo

* added test coverage for ed25519

* remove pkcs1 since does not exist for ed25519

* add ed25519 support to getsigner

* pull request feedback

Signed-off-by: Anner J. Bonilla <abonilla@hoyosintegrity.com>

* typo on key

Signed-off-by: Anner J. Bonilla <abonilla@hoyosintegrity.com>

* cast mistake

Signed-off-by: Anner J. Bonilla <abonilla@hoyosintegrity.com>

Co-authored-by: Jim Kalafut <jkalafut@hashicorp.com>
2021-10-05 11:28:49 -04:00
Sam Salisbury b979b52ed8
Update builder base image (#12709)
* build: update base image: debian:bullseye-20210927
2021-10-05 16:21:26 +01:00
Lars Lehtonen 838e20778d
builtin/logical/consul: fix dropped test error (#12733) 2021-10-05 12:09:13 +01:00
claire bontempo 42ae96ed1c
UI/ PKI UI Redesign (#12541)
* installs node-forge

* correctly displays and formats cert metadata

* removes labels

* uses helper in hbs file

* adds named arg to helper

* pki-ca-cert displays common name, issue & expiry date

* alphabetizes some attrs

* adds test for date helper
2021-10-04 14:31:36 -07:00
Scott Miller b84100d4a0
Upgrade go-kms-wrapping to pickup oci-go-sdk update (#12724)
* Upgrade go-kms-wrapping to pickup oci-go-sdk update

* changelog
2021-10-04 16:21:38 -05:00
Steven Clark fa57ba0ccf
Fix 1.8 regression preventing email addresses being used as common name within pki certificates (#12336) (#12716)
* Fix 1.8 regression preventing email addresses being used as common name within pki certs (#12336)

* Add changelog
2021-10-04 14:02:47 -04:00
hghaf099 a3796997d9
Fix a Deadlock on HA leadership transfer (#12691)
* Fix a Deadlock on HA leadership transfer when standby
was actively forwarding a request
fixes GH #12601

* adding the changelog
2021-10-04 13:55:15 -04:00
Chelsea Shaw c84bdbf1f6
Auth method role edit form should be valid by default (#12646)
* isFormInvalid should be false by default and update on keyup

* Add changelog
2021-10-04 11:53:24 -06:00
Ian Ferguson afb501a0d4
Upgrade pq to fix connection failure cleanup bug (v1.8.0 => v1.10.3) (#12413)
* Upgrade pq to fix connection failure cleanup bug (v1.8.0 => v1.10.3)

* Run go mod tidy after `go get -u github.com/lib/pq`

* include changelog/12413.txt
2021-10-01 14:35:51 -07:00
Calvin Leung Huang 752e4a48a1
docs: add plugin limits and lifecycle sections (#12697)
* docs: add plugin limits and lifecycle sections

* remove extranous comments on the limits page

* add more lifecycle cases, review feedback

* address follow-up review feedback

* rename section to "External plugin limits"
2021-10-01 11:59:13 -07:00
Calvin Leung Huang f56654ef56
gomod: run go mod tidy (#12712) 2021-10-01 11:38:24 -07:00
vinay-gopalan 680e8515fa
[VAULT-3472] Cap Client id_token_ttl field to associated Key's verification_ttl (#12677) 2021-10-01 10:47:40 -07:00
Matt Greenfield 8577602395
Fix entity group associations (#10085)
- When two entities are merged, remove the from entity ID in any
  associated groups.
- When two entities are merged, also merge their associated group
  memberships.

Fixes #10084
2021-10-01 10:22:52 -04:00
Jim Kalafut 187a15faf2
Update CODEOWNERS (#12695)
Route plugin portal changes to `acahn` as well.
2021-09-30 12:51:47 -07:00
Ben Ash dda2c1ed88
upgrade vault-plugin-auth-kubernetes (#12688)
* fix: upgrade vault-plugin-auth-kubernetes

-  on alias look ahead, validate JWT token against the role's configuration
2021-09-30 14:25:09 -04:00
Siddharth 97914173fe
Update plugin-portal.mdx (#12681) 2021-09-30 11:00:44 -07:00
Loann Le 037c538ed0
Updated documentation: added new code example and reference (#12693)
* added new code example

* Update website/content/docs/concepts/auth.mdx

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>

* Update website/content/docs/concepts/lease.mdx

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>

* Update lease.mdx

* Update website/content/docs/concepts/lease.mdx

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>
2021-09-30 10:46:01 -07:00
Jim Kalafut 06d53f1b18
Highlight that password policies are defined in a namespace (#12692) 2021-09-30 09:41:45 -07:00
Theron Voran 1210a9d319
docs: vault-k8s-0.13.1 vault-helm-0.16.1 (#12680)
Vault K8s 0.13.1 and Vault Helm 0.16.1 updated the default Vault
image, so making the corresponding docs updates here.
2021-09-30 08:49:56 -07:00
Mayo 0bd0339c0b
cleanup unused code and fix t.Fatal usage in goroutine in testing (#11694) 2021-09-30 07:33:14 -04:00
Brian Kassouf 39a9727c8b
Update protobuf & grpc libraries and protoc plugins (#12679) 2021-09-29 18:25:15 -07:00
vinay-gopalan 447fdf624a
Upgrade awsutil package version to 0.1.5 (#12621)
* upgrade awsutil version to 0.1.5

* add changelog

* update changelog
2021-09-29 14:45:35 -07:00
Jim Kalafut c944222f2a
Update changelog checker to catch invalid "fix" type (#12674) 2021-09-29 14:02:03 -07:00
Chelsea Shaw e77e65d1b3
Docfix: "Fix" is not a valid release-note type (#12676) 2021-09-29 14:54:58 -06:00
Angel Garbarino 92223b600e
KV search box when no list access to metadata (#12626)
* get credentials card test and setup

* call getcrednetials card and remove path test error

* configuration

* metadata search box

* changelog

* checking if it is noReadAccess

* try removing test

* blah

* a test

* blah

* stuff

* attempting a clean up to solve issue

* Another attempt

* test1

* test2

* test3

* test4

* test5

* test6

* test7

* finally?

* clean up
2021-09-29 14:35:00 -06:00
Meggie 33cca7586a
changelog++
Added missing UI item
2021-09-29 16:26:39 -04:00
Meggie 464d286780
Updating website latest to 1.8.3 (#12671) 2021-09-29 15:10:15 -04:00
Meggie a4ca479d2e
changelog++ 2021-09-29 14:45:03 -04:00
Tero Saarni 944332d12d
Update Go client libraries for etcd (#11980)
* Update Go client libraries for etcd

* Added etcd server container to run etcd3 tests automatically.

* Removed etcd2 test case: it fails the backend tests but the failure is
  unrelated to the uplift.  The etcd2 backend implementation does not
  remove empty nested nodes when removing leaf (see comments in #11980).
2021-09-29 14:28:13 -04:00
Scott Miller 0c7cdaf5f8
Document transform batch reference field (#12664) 2021-09-29 13:20:39 -05:00
Michael Golowka bee49a4c49
Update Azure secrets engine to use MS Graph (#12629) 2021-09-29 11:28:13 -06:00
jweissig f854b4446f
docs: updated enterprise package name (#12667)
Updated docs to align with Enterprise package name.
2021-09-29 10:17:31 -04:00
Blake Covarrubias 0963230b8c
docs: Remove permissive policies in Consul ACL examples (#12454)
The ACL policy examples documented on the Consul Storage Backend and
Consul Service Registration pages are too permissive. Both policies
unnecessarily grant agent:write and node:write access for all agents
within the Consul datacenter. When Consul is used solely for service
registration, `service:write` is only required permission.

This commit modifies the policy for the Consul Storage Backend to
remove node:write access, and changes agent:write to agent:read.

The policy on the Consul Service Registration page is updated to
remove all KV-related privileges, and solely grant the necessary
service:write permission.
2021-09-28 14:13:41 -07:00
Angel Garbarino 1d18b0a7fa
UI/kv creation time (#12663)
* add created time for secret version view

* complete functionality

* test coverage

* changelog

* version per list item

* clean up
2021-09-28 13:15:43 -06:00
Loann Le e94ab7c1f5
Documentation update: Added tuner parameters to the Sensitive information section (#12655)
* added tuner parameter to doc

* reworded the text

* updated text based on feedback

* fine-tuning sentence

* changed to relative links
2021-09-28 11:44:46 -07:00
divyapola5 2a194a0804
Add missing read unlock calls in transit backend code (#12652)
* Add missing read unlock calls in transit backend code

* Correct formatting in changelog entry
2021-09-28 11:59:30 -05:00
Pratyoy Mukhopadhyay 92046f7d08
[VAULT-3248] Check api and sdk dirs in go_test (#12630)
* Check api and sdk dirs in go_test

* Update typo in script

* Append package names if non empty

* Don't fail command if no test packages found

* Add comments, clean up echoes

* Use pushd/popd, misc review fixes
2021-09-27 13:49:10 -07:00
claire bontempo 2081bf1357
UI/bar chart updates (#12622)
* testing bar chart changeS

* Added namespace search to client count

- Used existing search select component for namespace search

* Added changelog

* Added download csv component

- generate namespaces data in csv format
- Show root in top 10 namespaces
- Changed active direct tokens to non-entity tokens

* Added test for checking graph render

* Added documentation for the download csv component

* correctly updates chart when data changes

* Cleaned up template and tooltip

* Added changelog

* updates label tooltip and regroups dom elements

Co-authored-by: Arnav Palnitkar <arnav@hashicorp.com>
2021-09-27 13:48:44 -07:00
swayne275 af3136d393
move from static sleep to timed loop waiting for lease revocation (#12627) 2021-09-27 14:23:17 -06:00
Francisco Navarro Morales 5bff0d5fc3
Fix typo in command (#12619)
Add missing space after `cut -d`
2021-09-27 12:37:03 -07:00
Pratyoy Mukhopadhyay 73ae1fcfff
Update flaky expiration test (#12628)
* Update flaky expiration test

* Remove extraneous comment

Co-authored-by: swayne275 <swayne275@gmail.com>

Co-authored-by: swayne275 <swayne275@gmail.com>
2021-09-27 11:51:27 -07:00
Austin Gebauer b58913ad9f
Adds OIDC Authorization Endpoint to OIDC providers (#12538) 2021-09-27 10:55:29 -07:00
Ben Ash b48debda2b
fix: upgrade vault-plugin-auth-kubernetes (#12633)
* fix: upgrade vault-plugin-auth-kubernetes

- brings in the alias_name_source feature which allows for setting
  alternate alias names based on the service accounts's namespace and
  name
- document the seurity related aspects for the feature addition above.
2021-09-27 13:10:55 -04:00
Austin Gebauer da394f34b1
Adds additional OIDC discovery metadata (#12623) 2021-09-27 10:05:55 -07:00
Austin Gebauer 93f8d248d3
Use durations for ID and access token TTLs (#12632) 2021-09-27 10:05:28 -07:00
Calvin Leung Huang 7ad62f5be4
core: set namespace within GeneratePasswordFromPolicy (#12635)
* core: set namespace from the sysview's mount entry on GeneratePasswordFromPolicy

* test: update TestDynamicSystemView to be ns-aware, update tests

* add changelog entry
2021-09-27 09:08:07 -07:00
Calvin Leung Huang 3826042daf
test: pin docker image on postgres to 13.4-buster (#12636)
* test: pin docker image on postgres to 13.4-buster

* test: update all tests that uses postgres image to use 13.4-buster
2021-09-27 08:38:39 -07:00
Pav Mohan 398be5129d
docs : Update GoLang library link in docs (#12567)
Previous link was to outdated master branch, this one is to up-to-date main branch
2021-09-24 10:01:13 -07:00