Commit Graph

15853 Commits

Author SHA1 Message Date
Jason O'Donnell 87350f927f
agent/auto-auth: add exit_on_err configurable (#17091)
* agent/auto-auth: add exit_on_err configurable

* changelog

* Update backoff function to quit

* Clarify doc

* Fix test
2022-09-15 11:00:31 -07:00
Scott Miller 39af76279d
Populate during renew calls also (#17143) 2022-09-15 10:50:43 -05:00
Mike Palmiotto d23b57ea4c
semgrep: Enforce no loop vars in goroutines (#17145) 2022-09-15 10:13:51 -04:00
Scott Miller 2152a933ff
Load existing CRLs on startup and after invalidate (#17138)
* Load existing CRLs on startup and after invalidate

* changelog
2022-09-14 15:30:44 -05:00
Jaymala 2231f588a5
Refactor Enos scenario matrix generation (#17060)
* Refactor Enos scenario matrix generation

* Generate scenario matrix based on artifact edition to test
* Configure Vault license for testing Ent artifact
* Run Autopilot scenario for Ent

Signed-off-by: Jaymala Sinha <jaymala@hashicorp.com>

Cleanup Enos runtime

Signed-off-by: Jaymala Sinha <jaymala@hashicorp.com>

Fix syntax

Signed-off-by: Jaymala Sinha <jaymala@hashicorp.com>

Use script to generate Enos scenario matrix

Signed-off-by: Jaymala Sinha <jaymala@hashicorp.com>

Checkout repo to generate matrix

Signed-off-by: Jaymala Sinha <jaymala@hashicorp.com>

Fix matrix syntax

Signed-off-by: Jaymala Sinha <jaymala@hashicorp.com>

Fix json format

Signed-off-by: Jaymala Sinha <jaymala@hashicorp.com>

Update Enos scenario license condition

Signed-off-by: Jaymala Sinha <jaymala@hashicorp.com>

* Address review feedback

Signed-off-by: Jaymala Sinha <jaymala@hashicorp.com>

* Fix syntax

Signed-off-by: Jaymala Sinha <jaymala@hashicorp.com>

* Update json format for scenario matrix

Signed-off-by: Jaymala Sinha <jaymala@hashicorp.com>

* Address review comments

Signed-off-by: Jaymala Sinha <jaymala@hashicorp.com>

Signed-off-by: Jaymala Sinha <jaymala@hashicorp.com>
2022-09-14 14:17:07 -04:00
Angel Garbarino f6de4f75b4
PKI Role's model and List view (#17134)
* working state for list, maybe issue with model connection?

* list view with opneAPI on the model and dynamic linking to edit and details pages.

* cleanup for PR review

* cleanup for PR review
2022-09-14 11:18:37 -06:00
Austin Gebauer f9af44a0bb
auth/oidc: update docs for google workspace config (#17128)
* auth/oidc: update docs for google workspace config

* make fmt
2022-09-14 08:42:02 -07:00
Steven Clark 637576b9d2
Remove enos provider from build_local enos module (#17102)
- The provider isn't needed and there is an error in the source
   anyways.

❯ enos scenario validate managed_keys
Scenario: managed_keys [arch:arm64 backend:raft builder:local distro:ubuntu edition:ent seal:awskms]
  Generate: 
 Init: 

Error: Invalid provider registry host

The host "hashicorp.com" given in in provider source address
"hashicorp.com/qti/enos" does not offer a Terraform provider registry.
2022-09-14 11:34:10 -04:00
Steven Clark 12242d1a97
make fmt (#17131) 2022-09-14 07:45:50 -05:00
Josh Black 14c8008181
Enforce a minimum version for protoc (#17122) 2022-09-13 19:46:35 -07:00
Devon Powley bb0f93044f
Update Vault Azure Secrets docs for permanent deletion feature (#17045)
* Update Vault Azure Secrets docs for permanent deletion feature

* Add changelog for vault azure doc update

* Update CL based on PR feedback

Co-authored-by: Devon Powley <dpowley@users.noreply.github.com>
2022-09-13 16:25:19 -07:00
claire bontempo 3163309130
UI: Fix KV engine deleting latest version instead of specified version depending on policy (#17124)
* update modal copy to clarify when a user is unable to delete a specific version

* add tests

* cleanup tests, move console commands into helper function

* cleanup hbs

* add changelog
2022-09-14 00:11:08 +02:00
Josh Black 1e6401a8eb
make proto (#17120) 2022-09-13 16:06:11 -04:00
Scott Miller 12a8ef1cfd
Implement partial_failure_response_code_override for batch requests (#17118)
* Implement partial_failure_response_code_override for batch requests

* docs

* changelog

* one more test case
2022-09-13 12:51:09 -05:00
Josh Black 6d94dd991d
merkle sync undo logs (#17103) 2022-09-13 10:03:19 -07:00
Jordan Reimer da7cd37674
Replace Non-Inclusive Terms in UI (#17116)
* removes non-inclusive terms from UI

* adds changelog entry
2022-09-13 10:42:34 -06:00
georgethebeatle f9439a9c41
Make key completion work for both kv-v1 and kv-v2 (#16553)
Co-authored-by: Kieron Browne <kbrowne@vmware.com>
Co-authored-by: Georgi Sabev <georgethebeatle@gmail.com>
Co-authored-by: Danail Branekov <danailster@gmail.com>
2022-09-13 12:11:00 -04:00
claire bontempo fcf6467cbf
UI: OIDC config cleanup (#17105)
* cleanup infotableitemarray, add render name option to component

* wait until items fetched before rendering child component

* update test

* finish tests for info table item array

* remove unused capability checks

* remove unnecessary path alias

* fix info table row arg

* fix wildcards getting info tooltip
2022-09-13 09:06:19 -07:00
Hamid Ghaf ed0a9feb7f
running make proto (#17106) 2022-09-13 09:40:12 -04:00
Alexander Scheel 1bbabf19d7
Add more docs on revocation changes (#17085)
* Add more notes about issuer revocation

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Note BYOC in considerations

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add note about http access to CRLs, OCSP

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Recommend enabling auto-tidy & crl rebuilding

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add missing paths to personas

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2022-09-12 11:46:01 -05:00
Hamid Ghaf 77ec84cfb1
updating hcp link structs, and fix diagnose (#17097) 2022-09-12 11:10:01 -04:00
Steven Clark cfb56105b8
A PKI test to verify our defaults are the same for creates and update apis (#17094) 2022-09-12 09:22:56 -04:00
Angel Garbarino e420ef0413
Setup Routing for PKI tabs (#17054)
* setup PKI Ember engine

* clean up SecretListHeader and add documentation.

* move secret-list-header to addon folder

* move options-for-backend helper

* fix all for SecretListHeader to work

* use secretListHeaderTab by moving to adodn.

* add overview empty state

* clean up

* the tabs template and hbs route files

* routing for tidy and configure, still some questions for design

* wip

* clean up from merge and past pr

* add create index route

* clean up comment

* routing rework after discussion with Jordan

* cleanup

* remove app folder

* change names on js files for debugging
2022-09-09 18:01:47 -06:00
Mike Palmiotto 3e5f570c5e
CI: prune docker networks before creation (#17092) 2022-09-09 16:39:51 -04:00
Max Coulombe 6b2f4e5354
+ added redis elasticache as a built-in plugin (#17075)
* added redis elasticache as a built-in plugin
2022-09-09 16:16:30 -04:00
Mike Palmiotto 9849af8663
Add deprecation status to plugin api and cli (#17077)
* api: Add deprecation status to plugin endpoints

* cli: Add -detailed flag to `plugin list`

* docs: Update plugin list/info docs
2022-09-09 16:03:07 -04:00
Hamid Ghaf 102f5f6832
node status as a module to be importable by HCP cloud (#17089) 2022-09-09 14:51:05 -04:00
Milena Zlaticanin 0977bd1ddc
Import Redis OSS database plugin into Vault (#17070)
* Import Redis OSS database plugin into Vault

* update the total number of db plugins

* small nit for testing

* adding changelog
2022-09-09 13:42:25 -05:00
Alexander Scheel 6d90586ad6
Update issuer usage with ocsp-signing by default (#17087)
This option was elided from the default value for the usage field. This
results in issuers "losing" ocsp-signing when they're POST updated. Most
issuers will want OCSP signing by default, so it makes sense to add this
as the default.

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2022-09-09 13:28:45 -04:00
Tom Proctor 65adf42d48
Support running versioned plugins from the catalog (#17015) 2022-09-09 18:14:26 +01:00
Tom Proctor aa50e42fca
Support version selection for database plugins (#16982)
* Support version selection for database plugins
* Don't consider unversioned plugins for version selection algorithm
* Added version to 'plugin not found' error
* Add PluginFactoryVersion function to avoid changing sdk/ API
2022-09-09 17:32:28 +01:00
Nick Cabatoff 3075c5bd65
Do not attempt to write a new TLS keyring at startup if raft is already setup (#17079) 2022-09-09 12:19:57 -04:00
Steven Clark 5b5699e9b0
Update PKI documentation to clear up PKCS8 marshalling behavior (#17080)
- Update the documentation in regards to the private_key_format
   argument only controls the behavior of the private_key response field
   and does not modify the encoding of the private key within the
   pem_bundle.
2022-09-09 11:31:08 -04:00
claire bontempo 83fc61c16b
UI: OIDC Config for Vault as a provider (#17071)
* OIDC Config Routing (#16028)

* adds oidc config routes

* renames oidc applications route to clients

* UI/vault 6646/landing page (#16069)

* add to sidebar

* add landing image and text

* add permissions

* add permissions to permissions service

* remove comment

* fix.

* UI/OIDC models (#16091)

* add models and fix routing

* add ClientsCreate route

* remove form functions from client model

* update comment

* address comments, cleanup models

* add comment

* OIDC Adapters and Serializers (#16120)

* adds named-path base adapter

* adds oidc adapters with tests

* adds oidc serializers

* fixes issue with supported_scopes relationship in oidc provider model

* make radio card size flex (#16125)

* OIDC config details routes (#16126)

* adds details routes for oidc config resources

* adds details templates for oidc config resources

* OIDC parent route and index redirection (#16139)

* adds parent oidc route with header and adds redirection if clients have been created

* updates learn link

* adds findRecord override to named-path adapter (#16145)

* OIDC Scope Create/Edit View (#16174)

* adds oidc scope-form to create and edit views

* moves oidc header set logic from route to controller

* OIDC Scope Details View (#16191)

* adds oidc scope details view

* removes disabled arg from scope delete confirm action

* updates oidc scope template params link to use DocLink and adds success message on scope create success

* updates oidc scope delete confirm action copy

* adds oidc scopes list (#16196)

* UI/vault 6655/OIDC create view (#16331)

* setup header

* wip

* wip

* wip

* validations

* error validations

* cleanup

* wip

* fix error

* clean up

* handle modelValidations

* add documentation on the decorator

* remove spread attrs

* first test and some fixes

* halfway with test

* fix error where the data object was sending param entiyIds and not entity_ids

* validations or situation

* fix test

* small nit:

* test if this fixes the test

* fix

* cleanup

* nit

* Assignments Update/Edit View  (#16412)

* wip

* fix

* render search-select after promise is fulfilled

* add test coverage

Co-authored-by: clairebontempo@gmail.com <cbontempo@hashicorp.com>

* Added list view for keys (#16454)

* Added list view for providers (#16442)

* Added list view for providers

* Removed check for model data length

* Added new line at end of file

* Fixed linting issues causing ui tests to fail

* Added list view for application (#16469)

* UI/remove has many relationship (#16470)

* remove hasMany from models

* remove relationships from assignments create form

* update tests

* Assignment list view (#16340)

* inital setup

* handle default allow all

* add learn more link

* Fixed the default allow_all for assignment list view to match Figma design

* Fixed linting

* Fixed hbs file syntax

Co-authored-by: linda9379 <linda.jiang@hashicorp.com>

* configure mirage and helper (#16482)

* UI/OIDC client form (#16131)

* WIP client form

* wip

* still WIP

* fix form!;

* remove computeds, cache form attrs instead

* update scope form component name

* add white space validation

* add validations, cleanup

* add edit form

* fix link to in edit form

* disable edit form

* fix linkto

* wip/ search select filter

* WIP/search-select bug

* fix assignment save

* delete old modal js file

* glimmerize/create new search select modal component

* component cleanup

* fix bugginess

* fix search select and radio select action

* add tests

* revert some test changes

* oops, removed test tag

* add key list to response

* fix test

* move search select component to separate PR, revert changes

* one more revert

* remove oidc helper from this pr

* remove hasMany relationship

* minor cleanup

* update assignment form to use fallback

* fix allow_all appearing in dropdown on edit (#16508)

* UI/ OIDC Application (client) details view (#16507)

* fix test

* finish details page

* finish details view

* clean u[

* fix typo

* configure oidc mirage handler for tests

* remove params, add new route instead

* fix headers

* remove console.log

* remove controller/template reliance on tracked variable

* rename variable

* UI/Client route acceptance tests - fixed branch (#16654)

* WIP client route tests

* refactor client form so clientType is not edit-able

* fix ttl in client form

* wip// more acceptance tests and tags for hbs files

* fix typo

* fix syntax error

* finish tests

* fix client form test

* resolve commits

* update form test

* OIDC Assignments Details view. (#16511)

* setup

* cleanup

* view all fix

* wip setting up tabs

* wip

* revert to no queryParam or tabs

* add the read more component and styling

* rename folder

* cleanup

* fix

* UI/OIDC providers create/edit route (#16612)

* update to use DocLink component

* provider create form

* cleaup

* add formt est

* revert label text

* update doclink test

* disallow new scopes from ss

* fix test typo

* fix provider form flash message

* add period

* test new form field attr

* refactor form input

* fix edit portion of issuer field

* add test selector to new input field

* add comment

* Cleanup OIDC Config Mirage handler (#16674)

* cleaup mirage

* change to .then

* pull out into config file

* Scope acceptance tests (#16707)

* Started writing acceptance tests

* Added some more acceptance tests

* Added tags for hbs and more tests

* Modified variable names in scope form test

* Fixed tests and linting

* UI/OIDC Provider read view  (#16632)

* add providers/provider/client route

* provider details view

* add disabled button and tooltip for default

* add toolbar separators

* revert unrelated change

* query all client records and filter by allowed client id"

* refactor adapter to filter for clientId

* cleanup adapter method

* update test

* refactor test

* fix tests to accommodate for serializer change

* update empty state message

* fix linting

* metadata for client list view (#16725)

* Added metadata for list view in clients

* Fixed linting

* Fixed failing ui test

* fix scopes and clients tests (#16768)

* Initial fix of tests

* Fixed failing scopes and clients acceptance tests

* Fixed linting

* UI: Key create/edit form (#16729)

* add route models

* add forms

* add test

* remove helperText attr

* metadata for provider list view (#16738)

* Added meta-data for provider list view

* Added comment for serializer

* Fixed import path for scopes and clients acceptance test files

* UI/Add client ids to search select (#16744)

* WIP use clientID instead of name

* add client ids to search select

* remove provider form component changes

* fix search select on edit

* cleanup comments and method

* fix adapter query method

* clean up comments

* add test

* remove destructuring so linting passes

* fix tests

* add accidentally deleted param

* add clarifying comments

* cleanup

* change how shouldRenderName is set

* cleanup tests

* address comments

* OIDC Assignment Acceptance tests (#16741)

* test and fixes

* merge stuff

* fix

* fixes

* add waituntil

* inconsistent nav issue

* fixes

* blah

* UI/Key details view (#16776)

* add details view

* reformat model file

* todo for when listing applications

* add comment

* update key form with refactored search select

* add applications list

* update test

* update test

* add names to flash messages

* add rollbackAttributes to delete catch (#16796)

* UI: Checks if records exists before creating record when URL contains :name (#16823)

* check for record existing in createRecord

* use error banner instead of flash messages for forms

* add inline form message for validations

* add error count message to inlinealert

* add test for adapter

* add tests

* remove unused vars

* UI: Disable limiting clients when creating key, filter clients when editing (#16926)

* add tooltip to disabled radio button

* pass query object to search select

* update copy

* add comment

* cleanup console log and comment

* fix tests

* revert change because addressed in other pr

* fix diff

* fix test

* UI: Add redirect when last client is deleted  (#16927)

* afterModel redirect if no models exist

* fix test

* change space

* fix incorrect text

* UI:  Add InfoTooltip to selected 'ghost' client_ids (#16942)

* return option if undefined

* add info tooltip to search select

* change word

* add test

* UI: OIDC config keys acceptance tests (#16968)

* add keys test

* update other oidc tests

* remove-search select comment

* UI: Filter Client providers list view (#17027)

* pass param to adapter

* add test

* UI: OIDC Config Acceptance Tests (#17050)

* WIP/provider acceptance tests"

* WIP/this commit breaks lots of things

* fix tests

* update test selectors

* combine key and client tests

* cleanup clients and keys test

* finish tests

* small tidying

* UI: Remove trailing comma from scopes, provider details page (#17069)

* use info table row to cleanup scope logic

* infotableitemarray cleanup

* tidying

* add changelog

* teeny little empty state

* fix wildcard string helper not working

Co-authored-by: Jordan Reimer <zofskeez@gmail.com>
Co-authored-by: Angel Garbarino <Monkeychip@users.noreply.github.com>
Co-authored-by: Angel Garbarino <argarbarino@gmail.com>
Co-authored-by: linda9379 <57650314+linda9379@users.noreply.github.com>
Co-authored-by: linda9379 <linda.jiang@hashicorp.com>
2022-09-08 19:06:05 -06:00
Christopher Swenson 2c11121c19
Update docs for helm 0.22.0 (#17072)
Update docs for helm 0.22.0

Including Prometheus Operator support.

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>
2022-09-08 15:30:32 -07:00
deidra.prado ea8c6a32a8
Update validate.mdx (#17023)
Removed reference of ``` --header "X-Vault-Token: ..." \``` in Sample request. X-Vault-Token is not required for this endpoint.
2022-09-08 12:50:42 -07:00
Christopher Swenson 1926f71b0d
Update deprecation notice related to SHA-1 in Go 1.18+ (#17066)
Update deprecation notice related to SHA-1 in Go 1.18+

Go 1.19 has not removed SHA-1 support, and it is not clear yet when
they will remove support, so we need to slightly adjust our docs.
2022-09-08 11:58:44 -07:00
Kevin Wang bc568c4dea
Update index.mdx to fix broken link (#17052) 2022-09-08 14:04:02 -04:00
Max Coulombe f9b5d1a563
Multiplexing opt out flag (#16972)
* added mplexing opt-out flag
2022-09-08 11:32:46 -04:00
Jason O'Donnell ced0109c41
docs/k8s: use pod labels for upgrades (#17059)
* docs/helm: use pod labels for upgrades

* Grammar

* Update website/content/docs/platform/k8s/helm/run.mdx

Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com>

* Update website/content/docs/platform/k8s/helm/run.mdx

Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com>

Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com>
2022-09-08 11:13:11 -04:00
Mike Palmiotto 403fdd77be
api: Add deprecation warnings to secrets/auth POST endpoints (#17058)
* api: Add deprecation warnings to endpoints
* Add changelog
2022-09-08 09:15:10 -04:00
Josh Black d8e0a13aae
update gofumpt to 0.3.1 and reformat the repo (#17055)
* update gofumpt to 0.3.1 and reformat the repo

* output the version of the formatter we're using
2022-09-07 17:31:20 -07:00
akshya96 ab1e264f0b
updating go to 1.19.1 (#17053) 2022-09-07 16:13:33 -07:00
Angel Garbarino 41164a462f
Move SecretListHeader and SecretListHeaderTab to addon folder (#16981)
* move two components to add on and create new helper for engines

* change nmae of options-for-backend. will need conditional in template

* move options for backend

* pass through isEngine to secretListHeaderTab

* secret list header remove comments

* conditional options-for-backend

* missing part for documentation

* pr comments cleanup

* cleanup

* cleanup

* cleanup
2022-09-07 15:04:41 -06:00
Alexander Scheel e9768b6bc6
Fix radiusd network connection limitations (#17049)
* Allow exposing access to the underlying container

This exposes the Container response from the Docker API, allowing
consumers of the testhelper to interact with the newly started running
container instance. This will be useful for two reasons:

 1. Allowing radiusd container to start its own daemon after modifying
    its configuration.
 2. For loading certificates into a future similar integration test
    using the PKI secrets engine.

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Allow any client to connect to test radiusd daemon

This fixes test failures of the following form:

> 2022-09-07T10:46:19.332-0400 [TRACE] core: adding local paths: paths=[]
> 2022-09-07T10:46:19.333-0400 [INFO]  core: enabled credential backend: path=mnt/ type=test
> 2022-09-07T10:46:19.334-0400 [WARN]  Executing test step: step_number=1
> 2022-09-07T10:46:19.334-0400 [WARN]  Executing test step: step_number=2
> 2022-09-07T10:46:29.334-0400 [WARN]  Executing test step: step_number=3
> 2022-09-07T10:46:29.335-0400 [WARN]  Executing test step: step_number=4
> 2022-09-07T10:46:39.336-0400 [WARN]  Requesting RollbackOperation
> --- FAIL: TestBackend_acceptance (28.56s)
>     testing.go:364: Failed step 4: erroneous response:
>
>         &logical.Response{Secret:<nil>, Auth:<nil>, Data:map[string]interface {}{"error":"context deadline exceeded"}, Redirect:"", Warnings:[]string(nil), WrapInfo:(*wrapping.ResponseWrapInfo)(nil), Headers:map[string][]string(nil)}
> FAIL
> FAIL	github.com/hashicorp/vault/builtin/credential/radius	29.238s

In particular, radiusd container ships with a default clients.conf which
restricts connections to ranges associated with the Docker daemon. When
creating new networks (such as in CircleCI) or when running via Podman
(which has its own set of network ranges), this initial config will no
longer be applicable. We thus need to write a new config into the image;
while we could do this by rebuilding a new image on top of the existing
layers (provisioning our config), we then need to manage these changes
and give hooks for the service setup to build it.

Thus, post-startup modification is probably easier to execute in our
case.

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2022-09-07 13:43:22 -04:00
Jordan Reimer 5163bf2853
HCP Link Status (#16959)
* adds LinkStatus component to NavHeader to display banner with HCP link status

* adds changelog entry

* adds period to connected status message

* updates hcp link status to current cluster polling to automatically update state
2022-09-07 10:21:23 -06:00
Angel Garbarino ae0ab25069
the fix (#17037) 2022-09-07 09:44:27 -06:00
Mike Palmiotto 991c574660
Mark database-specific secrets engines Pending Removal (#17038)
* plugins: Mark standalone database plugins Pending Removal
* Add changelog
2022-09-07 10:45:09 -04:00
Troy Ready a79dc6c1e9
Minor doc grammar update (#17032)
Update to clarify present perfect tense.
2022-09-07 10:04:18 -04:00
Tom Proctor 4750387510
CI: Delete duplicate vaulttest docker networks to improve reliability (#16993)
* Use dynamic container ID instead of static testcontainer name
* Use network name based on job ID and node index
2022-09-07 10:03:30 -04:00