Commit graph

15127 commits

Author SHA1 Message Date
Robert 738753b187
secrets/consul: Add support for generating tokens with service and node identities (#15295)
Co-authored-by: Thomas L. Kula <kula@tproa.net>
2022-05-09 20:07:35 -05:00
Loann Le 0dc6728228
capped perf replication (#15338) 2022-05-09 14:38:35 -07:00
claire bontempo 999d243544
UI/filter monthly graphs (#15279)
* alphabetize utils

* add util to add namespace key

* finish filtering

* add fake data for filtering

* address comments

* add empty state for no new client counts, when filtered by namespace

* fix mirage clients linting

* re-add namespaces to month object

* clean up filtering

* add tests and refactor accordingly

* fix tooltip bug and chart new month client chart not rendering

* filter out undefined

* optional method chaining

* add filter and fix ticks for line chart

* fix axes domains

* fix average calculation
2022-05-09 12:16:32 -07:00
John-Michael Faircloth 45efa37c4a
unit test: fix oidc periodicfunc flaky test (#15320)
* unit test: fix oidc periodicfunc flaky test

* update cycle 1 for two test cases
2022-05-09 13:43:23 -05:00
Loann Le 6985a39740
added note about parameters (#15334) 2022-05-09 11:05:39 -07:00
Loann Le d336600b77
Vault documentation: added disable parameter to seal stanza-related doc pages (#15329)
* add disable parameter

* modified note
2022-05-09 10:12:30 -07:00
claire bontempo 261f165452
fix linting (#15326) 2022-05-09 09:17:54 -07:00
davidadeleon 9e869c52fa
Add DR Metric scraping capability to debug command (#15316)
* Add server information as well as ability to collect metrics from DR secondary

* Update debug docs

Adding additional information around ability to gather metrics from DR secondary

* Fix broken link in updated doc

* Create 15316.txt

Create changelog entry

* Fix Formatting

* Update website/content/docs/commands/debug.mdx

Co-authored-by: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com>

* Update changelog/15316.txt

Co-authored-by: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com>

* Trigger Build

Co-authored-by: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com>
2022-05-06 16:04:08 -04:00
TylerGelinas 4be45db85b
Add ForgeRock to OIDC Providers (#15294) 2022-05-06 12:24:36 -07:00
Hamid Ghaf 2ee602cfdd
removing prem/pro references as part of removing some build targets (#15278) 2022-05-06 09:09:42 -04:00
Hamid Ghaf 0fc7a363cc
loading MFA configs upont restart (#15261)
* loading MFA configs upont restart

* Adding CL

* feedback

* Update vault/core.go

Co-authored-by: Chris Capurso <1036769+ccapurso@users.noreply.github.com>

Co-authored-by: Chris Capurso <1036769+ccapurso@users.noreply.github.com>
2022-05-05 18:53:57 -04:00
John-Michael Faircloth 36f1938b30
update go-plugin to v1.4.4 (#15297) 2022-05-05 16:26:42 -05:00
Christopher Swenson 0affe226ad
Update deps for consul-template 0.29.0 (#15293)
This requires bumping https://github.com/mitchellh/go-testing-interface.
For this new version, we have to create a wrapper to convert
the stdlib `testing.TB` interface to the
`mitchellh/go-testing-interface` `T` interface, since it uses
`Parallel()` now, which is not supported by `testing.TB`. This had to be
added to a new package, `benchhelpers`, to avoid a circular dependency
in `testhelpers`.

We also have to *unbump* https://github.com/armon/go-metrics since
updating it breaks our usage of
https://github.com/google/go-metrics-stackdriver

I verified that the new `pkiCert` template function works with agent
injection using annotations like:

```yaml
vault.hashicorp.com/agent-inject-secret-sample.crt: "pki/issue/example-dot-com"
vault.hashicorp.com/agent-inject-template-sample.crt: |
  {{ pkiCert "pki/issue/example-dot-com" "common_name=foo.example.com" "ttl=1h" }}
```
2022-05-05 10:30:40 -07:00
Vinayak 988468a67b
Skip metric increment during existence check (#12763)
* Skip metric increment during existence check

Signed-off-by: Vinayak Kadam <kadamvinayak03@gmail.com>

* Adding changelog.txt

Signed-off-by: Vinayak Kadam <kadamvinayak03@gmail.com>

* Updated changelog text

Signed-off-by: Vinayak Kadam <kadamvinayak03@gmail.com>
2022-05-05 10:22:19 -07:00
Nick Cabatoff 1a21b00bf1
Fix bogus duration string: "1hr" should be "1h". (#15301) 2022-05-05 10:15:50 -04:00
Chris Capurso 353246655a
base sys/license/status mock times based on current timestamp (#15286)
* base sys/license/status mock times based on current timestamp

* add missing trailing commas

* license specific test selector

Co-authored-by: Claire Bontempo <cbontempo@hashicorp.com>
2022-05-05 08:20:40 -04:00
Loann Le c5cf149f3c
added helm for install--no-verify (#15287) 2022-05-04 13:58:25 -07:00
Christopher Swenson 6c3c79c3a1
GOPATH is being set incorrectly in latest CircleCI machine image (#15288)
For some reason, GOPATH is being overridden in the `go mod download`
step after the latest machine image update in #15215.

This causes all of the modules to be downloaded to the
`/home/circleci/.go_workspace` cache instead of `/home/circleci/go` like
we require for the build (which will otherwise fail since we build with
`GOPROXY=off`).

Without this fix, the build will start to fail once the existing cache
is no longer used (after the root `go.mod`) is updated.
2022-05-04 13:39:23 -07:00
Nick Cabatoff d90ab7ef87
Add upgrade note for #15108. (#15275) 2022-05-04 09:56:37 -04:00
Jeanne Angeles Franco 6745d79669
Add release metadata config key (#15270) 2022-05-03 20:34:29 -07:00
Hridoy Roy 9a5b46436e
change ordering of activity log month data to sort by ascending order… (#15259)
* change ordering of activity log month data to sort by ascending order of timestamp

* changelog

* changelog
2022-05-03 13:39:29 -07:00
Chris Capurso 5e6437ab70
Add build_date to CLI and API docs (#15268)
* update version cmd docs

* update status cmd docs

* update version-history cmd docs

* update sys/seal-status docs

* update sys/version-history docs
2022-05-03 16:37:55 -04:00
Chris Capurso 5f3d63a03a
clone vault agent client with headers (#15274) 2022-05-03 16:27:53 -04:00
Steven Clark d80de5d9bb
Fix fmt error (#15266) 2022-05-03 10:07:23 -04:00
Alexander Tischenko b89fc5af96
When running under systemd, send ready when server completed reloading config #7028 (#15041) 2022-05-03 08:34:11 -04:00
Angel Garbarino 33de0a0a49
CSV Export include monthly data (#15169)
* setup

* add new clients to attribution

* refactor serializers, move to util folder

* cleanup export csv generator

* fix isDateRange getter

* remove new chart from partial/current month

* fix export modal text

* update version history text

* update variable naming, remove new client data from current/partial month

* add filtering by namespace to month over month charts

* remove filtering for namespace by month, need to change serializer

* add checks

* update horizontal bar chart test

* update tests

* cleanup

* address comments

* fix flakey test

* add new counts to export

Co-authored-by: Claire Bontempo <cbontempo@hashicorp.com>
2022-05-02 18:37:09 -07:00
Scott Miller bef350c916
Allow callers to choose the entropy source for the random endpoints. (#15213)
* Allow callers to choose the entropy source for the random endpoints

* Put source in the URL for sys as well

* changelog

* docs

* Fix unit tests, and add coverage

* refactor to use a single common implementation

* Update documentation

* one more tweak

* more cleanup

* Readd lost test expected code

* fmt
2022-05-02 14:42:07 -05:00
Steven Clark 6d9888e09b
Allow looking up mount entries by their backend UUIDs (#15217) 2022-04-29 16:15:29 -04:00
Meggie 03db502c6b
changelog++ 2022-04-29 15:55:05 -04:00
Calvin Leung Huang 888248f9cc
docs: update agent sections around auto-auth, caching, and templating (#15195)
* docs: update agent sections around auto-auth, caching, and templating

* Update website/content/docs/agent/template.mdx

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>

* address review feedback

* Example snippet updates

* review feedback on example note

* address review feedback

* use hcl syntax highlight on code blocks

* simplify exec param description

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>
2022-04-29 12:10:48 -07:00
Jason O'Donnell e9535bda2f
agent/auto-auth: Add min_backoff to set first backoff value (#15204)
* Add initial_backoff to auto-auth method

* Disable retries in client

* Fix bug

* Thread initial backoff to CT

* Add comment

* Change to min_backoff

* changelog

* remove initial references, review

* fix test

* Thread max_backoff through

* Add doc note for max_backoff/templating
2022-04-29 12:31:32 -04:00
Hamid Ghaf c332e578fc
Upgrade CircleCI machine image (#15215)
* Upgrade CircleCI machine image

* setting the path for ci-verify

* create GOPATH/bin
This is because CI failed with
cp: cannot create regular file '/home/circleci/go/bin/': Not a directory

* Update .circleci/config/jobs/pre-flight-checks.yml

Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com>

* updating config.yml

* source BASH_ENV

Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com>
2022-04-29 12:28:43 -04:00
Chris Capurso 15bad36e83
Fix sentence under Integrated Storage (Raft) Autopilot docs (#15231)
Co-authored-by: Peter Zujko <peter.zujko@klaviyo.com>
2022-04-29 11:26:32 -04:00
VAL a06c8a139f
Add enterprise sudo paths to api.SudoPaths map (#15219)
* Add enterprise sudo paths to api.SudoPaths map

* add comment to denote ent-only sudo paths

* go fmt

Co-authored-by: Chris Capurso <1036769+ccapurso@users.noreply.github.com>
2022-04-29 10:09:25 -04:00
Peter Wilson 43bb764808
Do sockaddr template parsing only when needed (#15224) 2022-04-29 09:57:17 -04:00
Nick Cabatoff c5928c1d15
Raft: use a larger initial heartbeat/election timeout (#15042) 2022-04-29 08:32:16 -04:00
Sergey Lanzman 90b12f1386
Add AWS_DYNAMODB_REGION Environment variable (#15054)
Added AWS_DYNAMODB_REGION env
2022-04-28 12:29:51 -07:00
VAL 0ef529b710
Global flag that outputs minimum policy HCL required for an operation (#14899)
* WIP: output policy

* Outputs example policy HCL for given request

* Simplify conditional

* Add PATCH capability

* Use OpenAPI spec and regex patterns to determine if path is sudo

* Add test for isSudoPath

* Add changelog

* Fix broken CLI tests

* Add output-policy to client cloning code

* Smaller fixes from PR comments

* Clone client instead of saving and restoring custom values

* Fix test

* Address comments

* Don't unset output-policy flag on KV requests otherwise the preflight request will fail and not populate LastOutputPolicyError

* Print errors saved in buffer from preflight KV requests

* Unescape characters in request URL

* Rename methods and properties to improve readability

* Put KV-specificness at front of KV-specific error

* Simplify logic by doing more direct returns of strings and errors

* Use precompiled regexes and move OpenAPI call to tests

* Remove commented out code

* Remove legacy MFA paths

* Remove unnecessary use of client

* Move sudo paths map to plugin helper

* Remove unused error return

* Add explanatory comment

* Remove need to pass in address

* Make {name} regex less greedy

* Use method and path instead of info from retryablerequest

* Add test for IsSudoPaths, use more idiomatic naming

* Use precompiled regexes and move OpenAPI call to tests (#15170)

* Use precompiled regexes and move OpenAPI call to tests

* Remove commented out code

* Remove legacy MFA paths

* Remove unnecessary use of client

* Move sudo paths map to plugin helper

* Remove unused error return

* Add explanatory comment

* Remove need to pass in address

* Make {name} regex less greedy

* Use method and path instead of info from retryablerequest

* Add test for IsSudoPaths, use more idiomatic naming

* Make stderr writing more obvious, fix nil pointer deref
2022-04-27 16:35:18 -07:00
Loann Le 48a4c01b97
updated KI for upgrade guides (#15202) 2022-04-27 13:26:45 -07:00
Christopher Swenson 7713b67c15
fix: upgrade vault-plugin-database-snowflake to v0.4.1 (#15199) 2022-04-27 10:55:10 -07:00
Theron Voran 3d70b41049
docs: update the vault-lambda-extension docs (#15190)
Updates the layer version for the new release, and renames the docs
page from lambda-extension-cache -> lambda-extension, and includes a
redirect.
2022-04-27 08:27:18 -07:00
Rémi Lapeyre 089b6ea970
Remove dead code in setupCredentials() (#15194)
This should have been removed as part of f09e39ea42 but somehow got
forgotten.
2022-04-27 10:47:04 -04:00
Loann Le cca8244040
Vault documentation: applied new guidelines to code blocks (#15191)
* applied new guidelines to codeblock

* updated text
2022-04-26 14:12:52 -07:00
Christopher Swenson aa6d61477e
VAULT-5827 Don't prepare SQL queries before executing them (#15166)
VAULT-5827 Don't prepare SQL queries before executing them

We don't support proper prepared statements, i.e., preparing once and
executing many times since we do our own templating. So preparing our
queries does not really accomplish anything, and can have severe
performance impacts (see
https://github.com/hashicorp/vault-plugin-database-snowflake/issues/13
for example).

This behavior seems to have been copy-pasted for many years but not for
any particular reason that we have been able to find. First use was in
https://github.com/hashicorp/vault/pull/15

So here we switch to new methods suffixed with `Direct` to indicate
that they don't `Prepare` before running `Exec`, and switch everything
here to use those. We maintain the older methods with the existing
behavior (with `Prepare`) for backwards compatibility.
2022-04-26 12:47:06 -07:00
Jordan Reimer 9eaea7bc14
KMSE Wizard Steps (#15171)
* fixes issues in key-edit component

* adds capabilities checks for keys and providers

* adds distribute component to key and provider edit

* adds wizard steps for kmse
2022-04-26 13:17:42 -06:00
Loann Le 5a47db75cc
Vault documentation: updated docs to include a note about seal requirement (#15172)
* add note about seal requirement

* fixed spelling error

* updated notes

* Update website/content/docs/configuration/seal/pkcs11.mdx

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>

* Update website/content/docs/concepts/seal.mdx

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>
2022-04-26 12:13:03 -07:00
kitography 87fa42db66
Fix the AllowedValues and description on "key_type" on the roles endpoint. (#15184) 2022-04-26 13:26:43 -04:00
Josh Black a4593e8913
When tainting a route during setup, pre-calculate the namespace specific path (#15067) 2022-04-26 09:13:45 -07:00
Jordan Reimer d6933e9ef4
KMSE Capabilities & Phase 1 Cleanup (#15143)
* fixes issues in key-edit component

* adds capabilities checks for keys and providers

* adds distribute component to key and provider edit
2022-04-26 08:23:31 -06:00
Chris Capurso cc531c793d
fix raft tls key rotation panic when rotation time in past (#15156)
* fix raft tls key rotation panic when rotation time in past

* add changelog entry

* push out next raft TLS rotation time in case close to elapsing

* consolidate tls key rotation duration calculation

* reduce raft getNextRotationTime padding to 10 seconds

* move tls rotation ticker reset to where its duration is calculated
2022-04-25 21:48:34 -04:00