Commit graph

14234 commits

Author SHA1 Message Date
swayne275 95e5cdd000
VAULT 2844: remove legacy lease revocation strategy (#12888)
* remove legacy lease revocation strategy

* add deprecation change log note

* remove VAULT_16_REVOKE_PERMITPOOL

* update changelog
2021-10-22 17:37:01 -06:00
hghaf099 442b5920e2
Entities may have duplicate policies (#12812)
* Entities may have duplicate plicies

* Adding changelog

* removing duplicates on reading entity policies

* fix changelog
2021-10-22 19:28:31 -04:00
Ben Ash e44dbb01ba
fix: upgrade vault-plugin-auth-kubernetes to v0.11.2 (#12913)
* Update k8s.io/client-go to v0.22.2
2021-10-22 18:02:41 -04:00
hghaf099 c79cd1c744
fixing a bug for cli when namespace is in both arg and path (#12911)
* fixing a bug for cli when namespace is in both arg and path

* Add a changelog
2021-10-22 17:47:16 -04:00
Theron Voran 96c49ee528
docs: updates for vault-k8s and vault-helm (#12901)
Documentation updates for vault-k8s 0.14.0 and vault-helm 0.17.0
releases.
2021-10-22 14:26:13 -07:00
Jordan Reimer d098bb19f1
Info table row typography (#12908)
* updates info table row value font

* adds changelog

* updates tests

* attempts to fix flaky mount-secret-backend acceptance test
2021-10-22 15:16:02 -06:00
djvs bfde3eddbc
Vertical resize on .cm-s-hashi.CodeMirror (#12906)
* Vertical resize on .cm-s-hashi.CodeMirror

* changelog

* update other file

* undo other change

* fix
2021-10-22 14:58:04 -06:00
Ben Ash f8914a273a
fix: upgrade vault-plugin-secrets-terraform to v0.3.0 (#12909) 2021-10-22 16:34:22 -04:00
swayne275 fe9da20d67
oss components of vault-3372 (#12898) 2021-10-22 14:22:49 -06:00
Chris Capurso 9c8fe62818
add patch section to kv-v2 api and CLI docs (#12689)
* add data patch section to kv-v2 api docs

* fix trucated output for kv put command with cas cmd in kv-v2 docs

* wip vault kv patch CLI docs

* add new flags to 'vault kv patch' CLI command docs

* fix cas_required formatting

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* fix cas formatting

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* additional format fixes

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>
2021-10-22 15:31:03 -04:00
Angel Garbarino a71938dddf
Update KV V2 docs to remove default on max_versions for config (#12845)
* remove default to ten

* explain default

* language change:
2021-10-22 10:17:36 -06:00
Andreas Gruhler 8f6e4f1923
Clarify docs for CSI provider secretArgs (#12570) 2021-10-22 16:27:24 +01:00
Nick Cabatoff 83076bb58d
Set Cassandra connect timeout, not just regular timeout (#12903) 2021-10-22 11:02:28 -04:00
Jordan Reimer 702a275ccc
adds divider to toolbars with destructive actions (#12895)
* adds divider to toolbars with destructive actions

* adds changelog
2021-10-22 08:11:14 -06:00
Nick Cabatoff de0a56bd44
Fix TestParseSockaddrTemplate to take into account CustomResponseHeaders. (#12902) 2021-10-22 08:50:12 -04:00
hghaf099 b472d7ed3f
CLI request when namespace is in argument and part of the path (#12720)
* CLI makes request to incorrect URL when namespace is both provided as argument and part of the path
fixes #12675

* adding change log

* removing a switch and addressing a possibility of out of bound index
2021-10-21 22:35:13 -04:00
Oliver fa5ea438c1
Fix header for Login's Parameters (#9731)
The header for parameters was the same as "Sample Payload"
2021-10-21 13:15:42 -07:00
Jordan Reimer 16be98fa1c UI Conditionally Copy Tooltips (#12890)
* adds conditional tooltip copying to InfoTableRow component

* adds changelog entry
2021-10-21 09:26:56 -06:00
Nick Cabatoff d66fd98d4a
Add support for go-sockaddr templated addresses in config. (#9109) 2021-10-21 10:10:48 -04:00
claire bontempo 1898e6c301
UI/Remove spinner after token renew (#12887)
* fixes loading spinner

* adds changelog
2021-10-21 09:05:45 -05:00
Meggie fe3abd7e53
Adding upgrade note about request counters API (#12858)
* Adding upgrade note about request counters API

* Note on internal and new behavior
2021-10-21 09:58:28 -04:00
Nick Cabatoff ff74f49047
Move to go 1.17 (#12868)
Also ensure that the go 1.17 breaking changes to net.ParseCIDR don't make us choke on stored CIDRs that were acceptable to older Go versions.
2021-10-21 09:32:03 -04:00
Brandon Romano 2519aeec09
Update HashiConf alert-banner expiration (#12891)
Updates the HashiConf Alert Banner expiration to 10/20 @ 11pm (PT)
2021-10-20 22:21:11 -04:00
Scott Miller 9f62768cc7
Diagnose partial/missing telemetry configuration (#12802)
* Diagnose partial/missing telemetry configuration

* changelog

* fixup

* not sure which component?
2021-10-20 16:47:59 -05:00
vinay-gopalan 840af2ee36
[Docs] Update MSSQL DB Engine API docs with new contained_db field (#12889) 2021-10-20 13:18:36 -07:00
Chris Capurso 6e95c59762
change return in handler test to explicit nil (#12884) 2021-10-20 13:41:51 -04:00
vinay-gopalan 4834bb854c
[VAULT-3008] Update RabbitMQ dependency and fix regression in UserInfo.Tags in v3.9 (#12877) 2021-10-20 09:46:37 -07:00
Dave Du Cros ceac6e913d
operator generate-root -decode: allow token from stdin (#12881)
* operator generate-root -decode: allow token from stdin

Allow passing "-" as the value for -decode, causing the encoded token to
be read from stdin. This is intended to prevent leaking the encoded
token + otp into process logs in enterprise environments.

* add changelog entry for PR12881

* add check/test for empty decode value passed via stdin
2021-10-20 12:29:17 -04:00
Chelsea Shaw b76d2cd09c
UI/OIDC provider fix (#12871)
* Add cluster name to oidc-provider path

* Move oidc-provider route up on router

* Return base url for changelog if no version

* OIDC Provider check on targetRouteName instead of transitionToTargetRoute

* restore dynamic provider segment on route

* Fix redirect after auth issue

* handle permission denied
2021-10-20 09:38:29 -05:00
Chris Capurso eb6df00992
add retry logic when kv is upgrading in handler test (#12864)
* add retry logic when kv is upgrading in handler test

* make retry func for kv cli test more generic

* use ticker for kv retry logic in tests
2021-10-20 08:44:56 -04:00
Daniel Kimsey f9100dfb42
Add documentation for vault-plugin-auth-jwt skip_browser CLI option (#12833) 2021-10-19 15:55:24 -07:00
Austin Gebauer c797ed1b5c
Updates vault-plugin-auth-jwt to v0.11.0 (#12876) 2021-10-19 15:22:52 -07:00
Philipp Hossner 824f097a7d
Let allowed_users template mix templated and non-templated parts (#10886)
* Let allowed_users template mix templated and non-templated parts (#10388)

* Add documentation

* Change test function names

* Add documentation

* Add changelog entry
2021-10-19 15:00:15 -07:00
vinay-gopalan 1eb73d9ef4
[VAULT-3379] Add support for contained DBs in MSSQL root rotation and lease revocation (#12839) 2021-10-19 14:11:47 -07:00
Ben Ash 5be11c78d6
Update k8s-auth to v0.11.1 (#12865) 2021-10-19 15:30:02 -04:00
Vishal Nayak 6eead9f09b
Fix entity alias deletion (#12834)
* Fix entity alias deletion

* Fix tests

* Add CL
2021-10-19 15:05:06 -04:00
Loann Le 1347d4c534
Vault documentation: created new identity concepts page (#12825)
* created draft PR for identity doc

* relocated identity page

* fixed error in side nav

* Fix table format

* Add Learn tutorial link

* fixed typo

* Update identity.mdx

fixed typo

* modified intro

* Removed duplicated description about entity (#12861)

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>
2021-10-19 10:56:15 -07:00
ludewigh 0b95a394d4
Fix auth/aws so that config/rotate-root saves new key pair to vault (#12715)
* test:  add test to verify Vault storage is updated

* bug: fix config/rotate-root to store new key

* choir: fix changelog name to match PR
2021-10-19 10:26:47 -04:00
Brandon Romano c945c7b218
prep HashiConf live banner (#12856) 2021-10-19 09:59:54 -04:00
Steven Clark b75e990cb6
Update website docs regarding ssh role allowed_extensions parameter (#12857)
* Update website docs regarding ssh role allowed_extensions parameter

 - Add note within the upgrading to 1.9.0 about behaviour change
 - Prefix the important note block within the main documentation about
   signed ssh certificates that it applies pre-vault 1.9
 - Update api docs for the allowed_extensions parameter within the ssh
   role parameter.

* Apply suggestions from code review

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>
2021-10-19 09:30:06 -04:00
Brian Kassouf c705adc79c
Fix some linting errors (#12860) 2021-10-18 17:29:47 -07:00
Kevin Wang 172fa6d327
fix(website): install latest npm in Dockerfile (#12859) 2021-10-18 18:21:31 -04:00
Noel Quiles f6c048947c
Update alert banner for HashiConf Global 2021 (#12650) 2021-10-18 13:08:24 -04:00
Nick Cabatoff 16b3651e47
Add missing CL entry for #11122. (#12854) 2021-10-18 09:17:36 -04:00
Austin Gebauer 4e5b865c4f
Rename scopes to scopes_supported for OIDC providers (#12851) 2021-10-15 19:33:32 -07:00
Theron Voran ae79afdd26
agent: Use an in-process listener with cache (#12762)
Uses a bufconn listener between consul-template and vault-agent when
caching is enabled and either templates or a listener is defined. This
means no listeners need to be defined in vault-agent for just
templating. Always routes consul-template through the vault-agent
cache (instead of only when persistent cache is enabled).

Uses a local transportDialer interface in config.Cache{}. 

Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com>
Co-authored-by: Ben Ash <32777270+benashz@users.noreply.github.com>
2021-10-15 17:22:19 -07:00
Steven Clark 3428de017a
Forbid ssh key signing with specified extensions when role allowed_extensions is not set (#12847)
* Forbid ssh key signing with specified extensions when role allowed_extensions is not set

 - This is a behaviour change on how we process the allowed_extensions role
   parameter when it does not contain a value. The previous handling allowed
   a client to override and specify any extension they requested.
 - We now require a role to explicitly set this behaviour by setting the parameter
   to a '*' value which matches the behaviour of other keys such as allowed_users
   within the role.
 - No migration of existing roles is provided either, so operators if they truly
   want this behaviour will need to update existing roles appropriately.
2021-10-15 17:55:18 -04:00
Hridoy Roy 19822781cc
use IsRoot helper before clientID generation in activity log (#12846)
* use IsRoot helper in activity log

* use IsRoot helper in activity log
2021-10-15 14:04:55 -07:00
Jim Kalafut 74eba6fa56
Update mongo-driver dependency (#12842) 2021-10-15 12:47:33 -07:00
Vishal Nayak 476fb08e0d
Local aliases OSS patch (#12848)
* Local aliases OSS patch

* build fix
2021-10-15 15:20:00 -04:00