* RSA3072 implementation in transit secrets engine
* moved new KeyType at the end of the list
So already stored keys still work properly
Co-authored-by: Jim Kalafut <jim@kalafut.net>
* adding support for TLS 1.3 for TCP listeners
* removed test as CI uses go 1.12
* removed Cassandra support, added deprecation notice
* re-added TestTCPListener_tls13
* fix#7623: add missed description field for GET /sys/auth/:path/tune endpoint
* fix#7623: allow empty description
* fix#7623: update tests with description field
* provide vault server flag to exit on core shutdown
* Update command/server.go
Co-Authored-By: Jeff Mitchell <jeffrey.mitchell@gmail.com>
Co-authored-by: Jeff Mitchell <jeffrey.mitchell@gmail.com>
Co-authored-by: Brian Kassouf <briankassouf@users.noreply.github.com>
* rename UseAutoAuthForce to ForceAutoAuth, because I think it reads better
* Document 'ForceAuthAuthToken' option for Agent Cache
* Update website/pages/docs/agent/caching/index.mdx
Co-Authored-By: Jim Kalafut <jkalafut@hashicorp.com>
* Add additional tests around use_auto_auth=force and add documentation
* remove note, it's no longer correct
Co-authored-by: Jim Kalafut <jim@kalafut.net>
* Guard against using Raft as a seperate HA Storage
* Document that Raft cannot be used as a seperate ha_storage backend at this time
* remove duplicate imports from updating with master
* add placeholder for Key actions tab
* navigate to key items by default
* add placeholder key actions list page
* remove extra whitespace from component blueprint
* add SelectableCard
* move key actions from side nav to top nav
* make tabs active
* remove toolbar from key actions pages
* add divs to link to each key action on key actions page
* move preview-head to gitignore
* use selectable card css
* remove key actions
* use css grid
* update selectable card styling
* update Key Actions page header
* make cards clickable
* refactor supportedActions to include glyph
* make header black on hover
* rename selectable-card transit card and update styling
* add description and glyph for other key types
* use human readable titles for key action names
* update tests; still need to fix failing ones
* use datakey instead of data-key
* fix some failing tests
* fix more tests
* remove extra chevron from rotate button
* remove whitespace
* remove pauseTest
* use rename export to export key in the template instead of the model
* fix last few failing tests
* WIP
* link to key actions page by default
* test for transit action title
* only add query params when viewing a transit secret
* update structure icons
* add missing structure icons
* resolve merge conflicts from rebase
* use filter and map for supported actions
* only add query params for transit secrets
AWS client object caches are by region. Some AWS API calls don't care
what region's client they use, but the existing getAnyRegionForAwsPartition
scheme was returning a random region, which in turn triggered maintaining many
more client objects than are necessary (e.g. 18 regions in the main AWS
partition). This can be an issue for heavy STS users bumping up against
STS rate limits, since 18 sets of creds are being cached and renewed per
STS role.
* Mark deprecated plugins as deprecated
* Add redaction capability to database plugins
* Add x509 client auth
* Update vendored files
* Add integration test for x509 client auth
* Remove redaction logic pending further discussion
* Update vendored files
* Minor updates from code review
* Updated docs with x509 client auth
* Roles are required
* Disable x509 test because it doesn't work in CircleCI
* Add timeouts for container lifetime
* Fix typos
* Update Oracle DB secrets docs to show support for Static Roles
* Add warning about username case sensitivity
* Remove warning about casing
* Fix typo
Co-Authored-By: Becca Petrin <beccapetrin@gmail.com>
Co-authored-by: Becca Petrin <beccapetrin@gmail.com>
* Seal migration after unsealing
* Refactor migration fields migrationInformation in core
* Perform seal migration as part of postUnseal
* Remove the sleep logic
* Use proper seal in the unseal function
* Fix migration from Auto to Shamir
* Fix the recovery config missing issue
* Address the non-ha migration case
* Fix the multi cluster case
* Avoid re-running seal migration
* Run the post migration code in new leaders
* Fix the issue of wrong recovery being set
* Address review feedback
* Add more complete testing coverage for seal migrations. (#8247)
* Add more complete testing coverage for seal migrations. Also remove VAULT_ACC gate from some tests that just depend on docker, cleanup dangling recovery config in storage after migration, and fix a call in adjustCoreForSealMigration that seems broken.
* Fix the issue of wrong recovery key being set
* Adapt tests to work with multiple cores.
* Add missing line to disable raft join.
Co-authored-by: Vishal Nayak <vishalnayak@users.noreply.github.com>
* Fix all known issues
* Remove warning
* Review feedback.
* Revert my previous change that broke raft tests. We'll need to come back and at least comment
this once we better understand why it's needed.
* Don't allow migration between same types for now
* Disable auto to auto tests for now since it uses migration between same types which is not allowed
* Update vault/core.go
Co-Authored-By: Brian Kassouf <briankassouf@users.noreply.github.com>
* Add migration logs
* Address review comments
* Add the recovery config check back
* Skip a few steps if migration is already done
* Return from waitForLeadership if migration fails
Co-authored-by: ncabatoff <nick.cabatoff@gmail.com>
Co-authored-by: Brian Kassouf <briankassouf@users.noreply.github.com>
* external_tests: ensure derived cores are stable before proceeding on tests
* testhelpers: add min duration tolerance when checking stability on derived core
* thread backend through requests so that the transit-key model has it on list responses
* add tests for transit-key menu and serializer handling of backend
* remove changes to preview-head
Co-authored-by: Noelle Daley <noelledaley@users.noreply.github.com>
* Core usage metrics v1 (merge to side-branch) (#8238)
* restructure menu layout per designs
* setup new routing that will set the stage for a metrics landing page
* fix formatting
* Revert "fix formatting"
This reverts commit e77cdec5e58cdcea49aa1b97f80238433c4f7d1e.
* fix formatting
* small styling changes
* change request routing to metrics
* rename route js file
* Core usage metrics v2 (#8263)
* restructure menu layout per designs
* setup new routing that will set the stage for a metrics landing page
* fix formatting
* Revert "fix formatting"
This reverts commit e77cdec5e58cdcea49aa1b97f80238433c4f7d1e.
* fix formatting
* small styling changes
* change request routing to metrics
* rename route js file
* setup selectable card component and api request
* add token and http request models to route and template
* add entities to route and template
* clean up
* add breadcrumbs and some clean up work
* remove unused selectable-card component
* refactor to a serializer
* move adapters, serializers, and models into metrics folder
* remove unused file
* address pr comments
* address pr comments
* Core Usage Metrics V3 (#8316)
* restructure menu layout per designs
* setup new routing that will set the stage for a metrics landing page
* fix formatting
* Revert "fix formatting"
This reverts commit e77cdec5e58cdcea49aa1b97f80238433c4f7d1e.
* fix formatting
* small styling changes
* change request routing to metrics
* rename route js file
* setup selectable card component and api request
* add token and http request models to route and template
* add entities to route and template
* clean up
* add breadcrumbs and some clean up work
* remove unused selectable-card component
* setup smaller http request bar chart
* refactor to a serializer
* move adapters, serializers, and models into metrics folder
* remove unused file
* setup change part of component
* fix broken model
* add conditional class
* setting up computed properties in new component
* small fixes
* setup components
* minor fixes
* rename
* clean up
* firefox fix
* remove shadow bars
* move out of metrics folders
* modify permissions to show difference between token entities and requests
* make tests
* fix class names and associated tests
* clean up
* fix text overflow in non-chrome browsers
* address pr comments, specifically class names and tests
* move into one component
* clean up component descriptions in comments
* small wording changes
* fix for accessibility
* address pr comments around component examples for storybook
* fix test
* fix failing test
* fix test
