Commit Graph

17366 Commits

Author SHA1 Message Date
Gabriel Santos 05f3236c15
Provide public key encryption via transit engine (#17934)
* import rsa and ecdsa public keys

* allow import_version to update public keys - wip

* allow import_version to update public keys

* move check key fields into func

* put private/public keys in same switch cases

* fix method in UpdateKeyVersion

* move asymmetrics keys switch to its own method - WIP

* test import public and update it with private counterpart

* test import public keys

* use public_key to encrypt if RSAKey is not present and failed to decrypt
if key version does not have a private key

* move key to KeyEntry parsing from Policy to KeyEntry method

* move extracting of key from input fields into helper function

* change back policy Import signature to keep backwards compatibility and
add new method to import private or public keys

* test import with imported public rsa and ecdsa keys

* descriptions and error messages

* error messages, remove comments and unused code

* changelog

* documentation - wip

* suggested changes - error messages/typos and unwrap public key passed

* fix unwrap key error

* fail if both key fields have been set

* fix in extractKeyFromFields, passing a PolicyRequest wouldn't not work

* checks for read, sign and verify endpoints so they don't return errors when a private key was not imported and tests

* handle panic on "export key" endpoint if imported key is public

* fmt

* remove 'isPrivateKey' argument from 'UpdateKeyVersion' and
'parseFromKey' methods

also: rename 'UpdateKeyVersion' method to 'ImportPrivateKeyForVersion' and 'IsPublicKeyImported' to 'IsPrivateKeyMissing'

* delete 'RSAPublicKey' when private key is imported

* path_export: return public_key for ecdsa and rsa when there's no private key imported

* allow signed data validation with pss algorithm

* remove NOTE comment

* fix typo in EC public key export where empty derBytes was being used

* export rsa public key in pkcs8 format instead of pkcs1 and improve test

* change logic on how check for is private key missing is calculated

---------

Co-authored-by: Alexander Scheel <alex.scheel@hashicorp.com>
2023-05-11 11:56:46 +00:00
Jonathan Frappier 82427e355f
Add requested generated secret example (#20556)
* Add requested generated secret example

* Fix code block types

* Update website/content/docs/secrets/kv/kv-v1.mdx

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>

* Update website/content/docs/secrets/kv/kv-v2.mdx

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>

---------

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>
2023-05-10 18:21:26 -04:00
Jaymala b5606770f6
Update verify-changes to support external docs branches (#20535)
* Update verify-changes to support external docs branches

Signed-off-by: Jaymala Sinha <jaymala@hashicorp.com>

* Revert QT-545 as it Enos workflow is not a workflow_run event

Signed-off-by: Jaymala Sinha <jaymala@hashicorp.com>

---------

Signed-off-by: Jaymala Sinha <jaymala@hashicorp.com>
2023-05-08 15:03:23 -04:00
Hamid Ghaf 3553e75335
disable printing flags warning message for the ssh command (#20502)
* disable printing flags warning message for the ssh command

* adding a test

* CL

* add go doc on the test
2023-05-08 16:15:44 +00:00
claire bontempo c3c67f68da
UI: pki cross-signing acceptance tests (#20495)
* move selectors to helper file

* wip cross sign acceptance tests

* finish tests
2023-05-05 12:35:57 -07:00
Josh Black 726512b4e0
use internal docker mirror for CI (#20435)
* use internal docker mirror for CI

* maybe it needs to be https

* no just kidding it's docker://

* apparently overriding it globally causes creates to fail. time to override each image individually lol

* maybe this works
2023-05-05 09:37:31 -07:00
Kit Haines edbbd3106c
Structure of ACME Tidy (#20494)
* Structure of ACME Tidy.

* The tidy endpoints/call information.

* Counts for status plumbing.

* Update typo calls, add information saving date of account creation.

* Missed some field locations.

* Set-up of Tidy command.

* Proper tidy function; lock to work with

* Remove order safety buffer.

* Missed a field.

* Read lock for account creation; Write lock for tidy (account deletion)

* Type issues fixed.

* fix range operator.

* Fix path_tidy read.

* Add fields to auto-tidy config.

* Add (and standardize) Tidy Config Response

* Test pass, consistent fields

* Changes from PR-Reviews.

* Update test to updated default due to PR-Review.
2023-05-05 15:14:41 +00:00
Jens Hofmann b8ac5ec2da
Update elasticdb.mdx (#20437)
* Update elasticdb.mdx

Remove success message of vault write operations from text blocks to better support copy&paste to console

* Update code block types

---------

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>
2023-05-04 16:17:57 -07:00
Pratyoy Mukhopadhyay 7b807a9bb0
add ns path to granting_policies (#20522) 2023-05-04 15:08:22 -07:00
claire bontempo 949979dd14
UI: add info banner for not parsable certs (#20518)
* remove undefined payload.issuer_id

* add info banner to parsed display view

* add tests

* clean up conditional, add specific banner test selector

* check for undefined length
2023-05-04 20:54:10 +00:00
Christopher Swenson 42f7def9aa
Keep symbols by default (#20519)
By reversing the logic and adding a `REMOVE_SYMBOLS` environment
variable that, when set, will remove symbols.

This has been requested to re-enable Dynatrace support, which
requires symbols are intact.

Sadly this increases the size (on my mac) from 192,609,682 bytes
to 236,696,722 bytes (+23% increase).

I confirmed that this adds symbols back, and that `dlv` will load
the Vault binary.
2023-05-04 13:23:06 -07:00
Victor Rodriguez 2656c020ae
Convert seal.Access struct into a interface (OSS) (#20510)
* Move seal barrier type field from Access to autoSeal struct.

Remove method Access.SetType(), which was only being used by a single test, and
which can use the name option of NewTestSeal() to specify the type.

* Change method signatures of Access to match those of Wrapper.

* Turn seal.Access struct into an interface.

* Tweak Access implementation.

Change `access` struct to have a field of type wrapping.Wrapper, rather than
extending it.

* Add method Seal.GetShamirWrapper().

Add method Seal.GetShamirWrapper() for use by code that need to perform
Shamir-specific operations.
2023-05-04 14:22:30 -04:00
Alex Cahn 976881954a
Update interoperability-matrix.mdx (#20501)
* Update interoperability-matrix.mdx

* Update interoperability-matrix.mdx

Added MySQL as well
2023-05-04 08:58:00 -07:00
Hamid Ghaf bf96f63649
CLI to take days as a unit of time (#20477)
* CLI to take days as a unit of time

* CL
2023-05-04 08:03:37 -07:00
Alexander Scheel 544ae3461f
Allow ensuring ticker is stopped multiple times (#20509)
When executing multi-stage, multi-namespace tests, stopping the ticker
multiple times (via closing the StopTicker channel) results in a panic.

Store whether or not we've stopped it once, and do not close it again.

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2023-05-04 14:14:06 +00:00
Alexander Scheel c1bc341b88
Add note about cross-cluster write failures (#20506)
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2023-05-04 13:05:14 +00:00
Chelsea Shaw 898bc50a76
UI: Stabilize KV secret tests (#20491) 2023-05-04 05:02:07 +00:00
Alexander Scheel c50de2ec0c
Add DNS wildcard tests to ACME test suite (#20486)
* Refactor setting local addresses

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Validate wildcard domains in ACME test suite

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add locking to DNS resolver

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Better removal semantics for records

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

---------

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2023-05-03 20:23:44 +00:00
Kianna 650743e18f
UI: PKI error handling + some small bugs! (#20478) 2023-05-03 13:00:46 -07:00
Anton Averchenkov 3ff2b011ab
Clarify deprecation comments for RawRequest* functions (#20497) 2023-05-03 19:47:54 +00:00
claire bontempo f0ea1f5ed8
UI: update setting version service for sidebar frame test (#20496)
* refactor sidebar test

* swap out setFeatures

* make version test glimmery
2023-05-03 19:03:28 +00:00
Anton Averchenkov 11c92e9565
Move TestWalkSecretsTree to the correct file. (#20493) 2023-05-03 18:24:23 +00:00
Hamid Ghaf 148263084d
adding support for four cluster docker based test scenario (#20492) 2023-05-03 10:49:45 -07:00
Alexander Scheel d8c5456f8a
Add dns resolver to PKI Binary Cluster (#20485)
* Export DockerAPI for use by other consumers

As usage of DockerCluster gets more advanced, some users may want to
interact with the container nodes of the cluster. While, if you already
have a DockerAPI instance lying around you can reuse that safely, for
use cases where an existing e.g., docker/testhelpers's runner instance
is not available, reusing the existing cluster's DockerAPI is easiest.

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add ability to exec commands without runner

When modifying DockerTestCluster's containers manually, we might not
have a Runner instance; instead, expose the ability to run commands via
a DockerAPI instance directly, as they're awfully convenient.

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add DNS resolver into ACME tests

This updates the pkiext_binary tests to use an adjacent DNS resolver,
allowing these tests to eventually be extended to solve DNS challenges,
as modifying the /etc/hosts file does not allow this.

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Fix loading DNS resolver onto network

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Fix bug with DNS configuration validation

Both conditionals here were inverted: address being empty means a bad
specification was given, and the parse being nil means that it was not a
valid IP address.

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Fix specifying TXT records, allow removing records

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

---------

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2023-05-03 17:32:39 +00:00
Anton Averchenkov b4bec9bd30
Improve addPrefixToKVPath helper (#20488) 2023-05-03 17:10:55 +00:00
Chelsea Shaw 973555cb9c
UI: Handle edge cases for PKI import results (#20474) 2023-05-03 12:02:39 -05:00
claire bontempo 5768ae4f9b
UI: add enterprise only pki/config/crl parameters to edit configuration form (#20479)
* update version service

* render enterprise groups

* render enterprise params

* move group headers to within loop

* cleanup template

* update form tests

* change version service references to hasFeature to hasControlGroups getter

* add params to details view

* update version service test
2023-05-03 09:48:08 -07:00
Nick Cabatoff 3eb5fb3eb7
Use newer version of backport-assistant (#20484) 2023-05-03 12:40:01 -04:00
Steven Clark aa3c61c85b
In ACME responses only return Type, Value fields (#20480)
- Do not serialize the entire internal object, instead return
   just the Type and Value fields back to the caller.
 - Also within authorization responses, return the base domain
   on wildcard queries, dropping the *. as the RFC requests.
 - Update tests to reflect/test this logic.
2023-05-03 09:53:33 -04:00
Jordan Reimer c84d267c61
Sidebar Navigation (#19296)
* Add Helios Design System Components (#19278)

* adds hds dependency

* updates reset import path

* sets minifyCSS advanced option to false

* Remove node-sass (#19376)

* removes node-sass and fixes sass compilation

* fixes active tab li class

* Sidebar Navigation Components (#19446)

* links ember-shared-components addon and imports styles

* adds sidebar frame and nav components

* updates HcNav component name to HcAppFrame and adds sidebar UserMenu component

* adds tests for sidebar components

* fixes tests

* updates user menu styling

* fixes typos in nav cluster component

* changes padding value in sidebar stylesheet to use variable

* Replace and remove old nav components with new ones (#19447)

* links ember-shared-components addon and imports styles

* adds sidebar frame and nav components

* updates activeCluster on auth service and adds activeSession prop for sidebar visibility

* replaces old nav components with new ones in templates

* fixes sidebar visibility issue and updates user menu label class

* removes NavHeader usage

* adds clients index route to redirect to dashboard

* removes unused HcAppFrame footer block and reduces page header top margin

* Nav component cleanup (#19681)

* removes nav-header components

* removes navbar styling

* removes status-menu component and styles

* removes cluster and auth info components

* removes menu-sidebar component and styling

* fixes tests

* Console Panel Updates (#19741)

* updates console panel styling

* adds test for opening and closing the console panel

* updates console panel background color to use hds token

* adds right margin to console panel input

* updates link-status banner styling

* updates hc nav components to new API

* Namespace Picker Updates (#19753)

* updates namespace-picker

* updates namespace picker menu styling

* adds bottom margin to env banner

* updates class order on namespace picker link

* restores manage namespaces refresh icon

* removes manage namespaces nav icon

* removes home link component (#20027)

* Auth and Error View Updates (#19749)

* adds vault logo to auth page

* updates top level error template

* updates loading substate handling and moves policies link from access to cluster nav (#20033)

* moves console panel to bottom of viewport (#20183)

* HDS Sidebar Nav Components (#20197)

* updates nav components to hds

* upgrades project yarn version to 3.5

* fixes issues in app frame component

* updates sidenav actions to use icon button component

* Sidebar navigation acceptance tests (#20270)

* adds sidebar navigation acceptance tests and fixes other test failures

* console panel styling tweaks

* bumps addon version

* remove and ignore yarn install-state file

* fixes auth service and console tests

* moves classes from deleted files after bulma merge

* fixes sass syntax errors blocking build

* cleans up dart sass deprecation warnings

* adds changelog entry

* hides namespace picker when sidebar nav panel is minimized

* style tweaks

* fixes sidebar nav tests

* bumps hds addon to latest version and removes style override

* updates modify-passthrough-response helper

* updates sidebar nav tests

* mfa-setup test fix attempt

* fixes cluster mfa setup test

* remove deprecated yarn ignore-optional flag from makefile

* removes another instance of yarn ignore-optional and updates ui readme

* removes unsupported yarn verbose flag from ci-helper

* hides nav headings when user does not have access to any sub links

* removes unused optional deps and moves lint-staged to dev deps

* updates has-permission helper and permissions service tests

* fixes issue with console panel not filling container width
2023-05-02 19:36:15 -06:00
claire bontempo 00e43b88b4
fix typo (#20473) 2023-05-02 19:29:14 +00:00
Anton Averchenkov 8e19338ef5
Add walkSecretsTree helper function (#20464) 2023-05-02 15:23:43 -04:00
Yoko Hyakuna a56e4ca96a
Fix the title header - What is Vault (#20465) 2023-05-02 11:29:36 -07:00
Mike Palmiotto 410735e88c
Capture loop var in TestClientDisabledRedirects (#20466) 2023-05-02 17:53:30 +00:00
marcin-kulik fda0a731fc
Update installation.mdx (#17954) 2023-05-02 13:34:42 -04:00
Steven Clark 480f97a601
Skip OcspHigherLevel test failures if we trigger redirection bug (#20461)
- We have a known issue that is difficult to address in released versions of Vault that OCSP GET requests can contain consecutive / characters which the Golang HTTP mux will force a redirection.
  - Instead of failing various PRs and runs with this known issue, check to see if we are about to trigger it and if so skip the test. We have already at this point tested the POST version of the API.
2023-05-02 14:44:09 +00:00
miagilepner b6d768d36f
Fix testonly flag in Makefile (#20457) 2023-05-02 14:46:13 +02:00
Chelsea Shaw 61e72c2e56
Fix keyup trigger on masked input (#20454) 2023-05-01 22:15:41 +00:00
Steven Clark 504aaf5fe5
Update ACME order status on order fetch (#20451)
- When someone is fetching the order to get it's status, compute if we
   need to bump the status to Ready like we do in finalize handler
 - Add a wait state to the ACME docker test suite to deal with a race
   condition
2023-05-01 16:18:18 -04:00
Nick Cabatoff 120830681e
Don't run build workflow on draft PRs. (#20443) 2023-05-01 13:52:41 -04:00
Chelsea Shaw 59ff9c2eea
UI: glimmerize masked input (#20431)
* Glimmerize masked-input

* Update secret-create-or-update to change masked-input value

* Use maskedInput for ssh configure privateKey

* Add download button to masked input and v2 secrets. Resolves #6364

* Add changelog
2023-05-01 16:43:05 +00:00
Steven Clark 3ca73ad07e
Refactor ACME PKI binary tests to run against a single Vault Cluster (#20419)
* Initial refactoring of ACME PKI binary tests
 - Rework test suite to use a single Vault cluster with
   different mounts.
 - Refactor convenience methods to write PKI tests.

* Add ACME test cases for mixed IP and DNS, along with IP only identifier requests

* Parallelize the Vault PKI test suite
2023-05-01 16:01:24 +00:00
Jonathan Frappier 3c6e130ca2
Add HCP tabs, apply Vale suggestions, fix heading case (#20361)
* Add HCP tabs, apply Vale suggestions, fix heading case

* Apply feedback

* Apply PM feedback

* Update website/content/docs/secrets/databases/oracle.mdx

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>

* Update website/content/docs/secrets/databases/oracle.mdx

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>

* Update website/content/docs/secrets/databases/oracle.mdx

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>

---------

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>
2023-05-01 11:56:16 -04:00
Nick Cabatoff 9eee5f3438
CI tests should run on release branches as well as main (#20444) 2023-05-01 15:42:03 +00:00
Josh Black 1d307d48b6
Clarify origin of ID parameter for path filter creation (#20415)
* Clarify origin of ID parameter for path filter creation

* add additional note

* add additional info
2023-05-01 08:34:03 -07:00
Alexander Scheel 32a7f8250a
Update to tidy status and docs (#20442)
* Add missing tidy-status state values

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add docs on auto-tidy reading

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add missing tidy status field revocation_queue_safety_buffer

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Include pause_duration in tidy-status docs

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add date of last auto-tidy operation to status

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add changelog entry

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

---------

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2023-05-01 14:26:29 +00:00
Chelsea Shaw b743ada5ab
UI: fix secret with % in path (#20430)
* Use encode/decode uri component instead of route-recognizer. Fixes #11616

* Remove route-recognizer explicit dependency

* Add changelog
2023-05-01 09:18:45 -05:00
Alexander Scheel 91481143af
Show existing keys, issuers on PKI import (#20441)
* Add additional existing keys response field

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Update tests for validating existing keys

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Update docs for import to include new fields

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add changelog entry

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Update website/content/api-docs/secret/pki.mdx

Co-authored-by: Steven Clark <steven.clark@hashicorp.com>

---------

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
Co-authored-by: Steven Clark <steven.clark@hashicorp.com>
2023-05-01 14:07:31 +00:00
miagilepner 4cd982554e
VAULT-15840: Allow updates of only entity-alias custom-metadata (#20368)
* allow updates of only custom metadata

* add changelog
2023-05-01 12:42:30 +02:00
Ryan Cragun 190783a87f
release testing: always save the metadata (#20402)
Signed-off-by: Ryan Cragun <me@ryan.ec>
2023-04-28 15:15:03 -06:00