Commit graph

14879 commits

Author SHA1 Message Date
Scott Miller 423f1b949b
Clarify certificate storage in Vault clustering (#14055)
* Clarify certificate storage in Vault clustering

* no_store clarification

* Update docs again, with new understanding of LocalStorage
2022-03-04 14:50:53 -06:00
claire bontempo 2fa1e6c9a9
UI/ Fix version check typo (#14379)
* make oss all caps
2022-03-04 12:48:24 -08:00
Meggie e62cb69279
Updating website for 1.9.4 (#14373) 2022-03-04 11:19:03 -05:00
Jason O'Donnell 1199a7a9f5
docs: fix typo in CF auth ca maintenance (#14366) 2022-03-03 18:25:57 -05:00
Angel Garbarino 8203865cfc
LinkTo remove tagName lint warning (#14344)
* removal stage 1

* remove unused roles file

* more changes and glimmerize toggle

* clean up

* fix

* fixes

* remove layout
2022-03-03 15:31:16 -07:00
Scott Miller f753db2783
OSS side changes for PKI HSM type handling fix (#14364) 2022-03-03 15:30:18 -06:00
Jamie Finnigan 003d8fb1fe
update vault login docs to cover stdin default (#14336) 2022-03-03 12:45:41 -05:00
Alexander Scheel 97a86e1bd5
Remove duplicated certificates from chains (#14348)
As reported by Steve Clark, building an intermediate mount in PKI (and
calling /intermediate/set-signed) results in a duplicate intermediate CA
certificate in the full chain output (ca_chain field of the
/cert/ca_chain API endpoint response).

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2022-03-03 09:47:34 -05:00
John-Michael Faircloth 14e231563f
db plugin multiplexing: add test coverage (#14330)
* db plugin multiplexing: add test coverage

* refactor: pass factory func directly
2022-03-03 08:40:46 -06:00
ldilalla-HC 230d668144
Update CHANGELOG.md (#14352) 2022-03-03 09:26:23 -05:00
claire bontempo eba23efc9e
fix accidental deletion (#14347) 2022-03-02 14:29:37 -08:00
Chris Capurso 617fbc4caf
specify LIST method in version-history API doc example (#14346) 2022-03-02 16:58:04 -05:00
claire bontempo c8077e52a5
UI/ Client count permissions empty states (#14313)
* fix no data empty states

* add comment

* handle error in component

* adds tests for empty state template

* tidy and fix tests

* Empty state for current tab (#14319)

* update ci.hcl to remove 1.6.x and add in 1.10.x (#14310)

* Fix autoseal health check race by passing metrics sink in CoreConfig (#14196)

* Add empty state for current tab, config off, no read permissions on config

Co-authored-by: Hridoy Roy <roy@hashicorp.com>
Co-authored-by: Scott Miller <smiller@hashicorp.com>

* update selector

* fix test

* remove helper

Co-authored-by: Chelsea Shaw <82459713+hashishaw@users.noreply.github.com>
Co-authored-by: Hridoy Roy <roy@hashicorp.com>
Co-authored-by: Scott Miller <smiller@hashicorp.com>
2022-03-02 10:44:41 -08:00
Jordan Reimer 01738c8a0f
Logout with wrapped token (#14329)
* fixes issue passing wrapped_token query param to logout route

* adds changelog entry
2022-03-02 09:45:53 -07:00
swayne275 d3b579d850
fix ent changelog check (#14312)
* fix ent changelog check

* update for consistency but verify

* undo test

* add logging
2022-03-02 08:54:02 -07:00
Josh Black 214329636b
update MFA changelog (#14326)
* update MFA changelog

* Update changelog/14025.txt

Co-authored-by: Meggie <meggie@hashicorp.com>

Co-authored-by: Meggie <meggie@hashicorp.com>
2022-03-01 15:13:39 -08:00
Sean Ellefson 98d00d5c9d
Correcting API documentation to show status endpoints are unauthenticated (#13943) 2022-03-01 14:41:47 -08:00
Hridoy Roy d8155aa7c4
SSCT Optimizations (OSS) (#14323)
* update ci.hcl to remove 1.6.x and add in 1.10.x

* SSCT OSS PR review comments and optimizations

* check errors in populate token entry calls
2022-03-01 12:24:45 -08:00
Angel Garbarino ed8240fb05
Mirage clean up (#14320)
* remove uneeded endpoints in base mirage

* remove factory

* remove unusage page
2022-03-01 12:57:44 -07:00
Scott Miller ba49365ecb
Fix autoseal health check race by passing metrics sink in CoreConfig (#14196) 2022-03-01 09:00:39 -05:00
Hridoy Roy 679b563027
update ci.hcl to remove 1.6.x and add in 1.10.x (#14310) 2022-02-28 15:58:42 -08:00
Hridoy Roy 4ce49f1415
update VersionPreRelease to prepare for next release (#14309) 2022-02-28 12:06:21 -08:00
Loann Le c7a0dd41ea
fixed broken link (#14305) 2022-02-28 11:49:25 -08:00
Alexander Scheel 630c6bf915
Add warning when generate_lease=no_store=true when writing PKI role (#14292)
* Add warning when generate_lease=no_store=true

When no_store=true, the value of generate_lease is ignored completely
(and set to false). This means that when generate_lease=true is
specified by the caller of the API, it is silently swallowed. While
changing the behavior could break callers, setting a warning on the
response (changing from a 204->200 in the process) seems to make the
most sense.

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add changelog entry

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2022-02-28 13:55:12 -05:00
Pratyoy Mukhopadhyay 69c22b8078
Fix raft paralle retry bug (#14303) 2022-02-28 10:38:34 -08:00
tomthetommy 0b31c4a404
English Grammar. (#14247)
* English Grammar.

Simply missing a "to".

* English Grammar
2022-02-28 10:05:32 -05:00
Nick Cabatoff a9e29b8dc2
Fix LifetimeWatcher test using a buffered channel to ensure that we don't miss a renewal notice. (#14298) 2022-02-28 09:24:19 -05:00
Calvin Leung Huang 149b54932b
deps: update plugin versions for Vault 1.10 (#14293)
* deps: update plugin versions for Vault 1.10

* update vault-plugin-secrets-alicloud to v0.11.1

* downgrade alibaba-cloud-sdk-go

* update auth-jwt and auth-gcp, revert non-plugin deps
2022-02-25 16:36:06 -08:00
Robert 2ea8be0567
docs: consul secret engine improvements, database secrets engine disable_escaping parameter (#14260)
* Update consul secrets engine docs and api-docs
* Update databases secrets engine docs and api-docs
2022-02-25 17:43:18 -06:00
Josh Black c9d5734924
Add login enforcement listing (#14284) 2022-02-25 13:48:28 -08:00
Steven Clark 6f8e3c618b
Address slow CI causing failures in TestRateLimitQuota_Allow_WithBlock (#14042)
* Address slow CI causing failures in TestRateLimitQuota_Allow_WithBlock

 - An attempt to fix CI runs that are extremely slow and the for loop
   runs across two BlockIntervals within the rate limit window of operation.
 - Increasing BlockInterval was looked at but the normal test times would
   be increased due to us also validating that we are releasing clients post
   BlockInterval.

* Address TestRateLimitQuota_Allow_WithBlock slowness issue (take 2)

 - Increase the overall Interval value within the blocking test so that we
   should always be able to request at least 17 requests within the interval
   value.
 - Tested by changing the time.Sleep within the for loop to 20 from 2
   and could see that within the response, coming back from the rlq.allow,
   that we were no longer being rate limited by going over the 1 second
   interval value per host.

* Limit the number of active go routines in TestRateLimitQuota_Allow_WithBlock
2022-02-25 16:05:44 -05:00
Hridoy Roy b55da8e4ab
update api to v0.4.1 (#14291) 2022-02-25 12:24:53 -08:00
Hridoy Roy e2e3e2452c
update sdk in api and vault (#14289) 2022-02-25 11:54:24 -08:00
Alexander Scheel 6d18c3adaa
Sync PKI API and FrameworkField descriptions (#14286)
As pointed out internally, a lot of the API docs and FrameworkField
descriptions of parameters were out of date. This syncs a number of
them, updating their descriptions where relevant.

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2022-02-25 14:06:41 -05:00
Steven Clark e7edaaffee
Force certain PKI operations to go to the Primary Performance cluster immediately (#14287) 2022-02-25 13:26:34 -05:00
Jordan Reimer c06e77f43c
Client Count Testing (#14288)
* updates clients mirage handler activity endpoint

* fixes issue removing auth method filter after clearing namespace filter
2022-02-25 11:21:15 -07:00
Chelsea Shaw 67ba021e36
UI: add Database static role password rotation (#14268)
* Add UI feature allowing database role credential rotation

* Only show the 'rotate credentials' option for static roles

* rotate role path uses id for permissions

* Add rotate credentials button to show page on static role

* Mirage handlers for role for simple testing

* Add changelog

* lint rules

* fix lint

Co-authored-by: Bartek Marczak <bartek.marczak@gmail.com>
2022-02-25 12:16:54 -06:00
Angel Garbarino 13f9de3845
Fix KV permissions error (#14276)
* the fix

* add test coverage

* add more coverage

* spelling
2022-02-25 10:51:00 -07:00
Sarah Thompson a0d0442dd8
Adding promotion and post publish events to the ci.hcl. (#14128) 2022-02-25 17:12:16 +00:00
Jim Kalafut 8347d94114
Fix missing quote in docs (#14277) 2022-02-25 09:02:08 -08:00
Jim Kalafut 75caf59093
Replace docs references to PUT with POST (#14270)
The operations are handled identically, but ~85% of the references were
POST, and having a mix of PUT and POST was a source of questions.

A subsequent commit will update the internal use of "PUT" such as by
the API client and -output-curl-string.
2022-02-25 06:52:24 -08:00
Tom Proctor 3668275903
Quit agent endpoint with config (#14223)
* Add agent/v1/quit endpoint
  * Closes https://github.com/hashicorp/vault/issues/11089
* Agent quit API behind config setting
* Normalise test config whitespace
* Document config option

Co-authored-by: Rémi Lapeyre <remi.lapeyre@lenstra.fr>
Co-authored-by: Ben Ash <32777270+benashz@users.noreply.github.com>
2022-02-25 10:29:05 +00:00
Hridoy Roy c2d7386be4
sdk changes for 1.10.0 release branch (#14264) 2022-02-24 16:39:14 -08:00
Zachary Shilton 932c5e9c65
chore: bump to latest docs-page (#14240) 2022-02-24 15:54:26 -05:00
hghaf099 671cdbcadb
interactive CLI for mfa login (#14131)
* Login MFA

* ENT OSS segragation (#14088)

* Delete method id if not used in an MFA enforcement config (#14063)

* Delete an MFA methodID only if it is not used by an MFA enforcement config

* Fixing a bug: mfa/validate is an unauthenticated path, and goes through the handleLoginRequest path

* adding use_passcode field to DUO config (#14059)

* add changelog

* preventing replay attack on MFA passcodes (#14056)

* preventing replay attack on MFA passcodes

* using %w instead of %s for error

* Improve CLI command for login mfa (#14106)

CLI prints a warning message indicating the login request needs to get validated

* adding the validity period of a passcode to error messages (#14115)

* interactive CLI for mfa login

* minor fixes

* bail if no input was inserted

* change label name

* interactive CLI when single methodID is returned from login request

* minor fix

* adding changelog

* addressing feedback

* a user with a terminal should be able to choose between interactive and non-interactive.  A user without a terminal should not be able to use the interactive mode.

Co-authored-by: Josh Black <raskchanky@gmail.com>
2022-02-24 15:16:15 -05:00
Chelsea Shaw 9bb4920497
UI/client count tests (#14162) 2022-02-24 14:04:40 -06:00
John-Michael Faircloth a0101257ed
update changelog to include db config connection return value change (#14256) 2022-02-24 14:03:11 -06:00
Hridoy Roy 3438f5dbae
Fix ent diff check 2022/02/23 (#14237)
* achieve parity with ent in core.go

* add VAULT_DISABLE_LOCAL_AUTH_MOUNT_ENTITIES

* parity in build.yml with ent but without adding the +ent

* pass base version to ldflags

Co-authored-by: Kyle Penfound <kpenfound11@gmail.com>
2022-02-24 11:57:40 -08:00
Angel Garbarino c60e349cba
Client Count Styling fixes after design review (#14250)
* some styling changes

* a few more after design review

* chart fix

* address important

* remove

* translate hard copy
2022-02-24 12:12:02 -07:00
Dave Rawks 35ec91f1ca
Increase column width of vault_key on mysql (#14231)
* resolves The default schema used in the mysql backend is insufficient for KVv2 storage #14114
* increases column width of vault_key from 512 to 3072 in mysql physical backend
* updates changelog
2022-02-24 09:21:57 -05:00