Commit graph

14375 commits

Author SHA1 Message Date
Loann Le 42abf7ed2e
Updated Vault 1.9 documentation (#13194)
* post 1-9 doc changes

* fixed endpoint sample

* Update website/content/docs/release-notes/1.9.0.mdx

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>
2021-11-17 14:23:48 -08:00
VAL f6d8904540
Use new auth modules + Login method in Go client docs (#13189) 2021-11-17 11:52:38 -08:00
Meggie 176fae22cc
changelog++ 2021-11-17 14:05:11 -05:00
Meggie 5af1db7992
Removing draft note (#13187) 2021-11-17 13:22:55 -05:00
Meggie d9e3dde39a
Prep work for docs cutover (#13186)
* Some prep work for docs cutover

* Rerun Vercel
2021-11-17 13:09:18 -05:00
Jordan Reimer f7a7b4a32b
Raft Snapshot Restore Bug (#13107)
* fixes issue restoring raft snapshot

* adds changelog entry
2021-11-17 10:30:59 -07:00
Jordan Reimer d9d9a7353e
Form field component ttl picker not initially enabling (#13177)
* fixes issue with ttl picker not initially enabling in form field component

* adds changelog entry

* updates test

* updates initial ttl toggle state for default 0s value
2021-11-17 10:21:17 -07:00
Joseph Crosland dd11865597
Return a UserError if aead.Open() fails to align with documentation (#10914)
Return a UserError is aead.Open() fails and assume by that stage there is a problem with the user input for said decryption
2021-11-17 11:40:43 -05:00
Austin Gebauer a01e1a4101
docs/identity: fix template parameter for groups (#13176) 2021-11-17 08:25:37 -08:00
swayne275 3458c22df0
Vault-2257: don't log token error on DR Secondary (#13137)
* don't log token error on DR Secondary

* stop gauge collector expiration errors on dr secondary

* don't check dr secondary for token create

* see if CI hits panic

* Revert "don't check dr secondary for token create"

This reverts commit c036a1a544d3a20d29d046f1ee239ab1563ce4d9.

* don't check dr secondary for token create

* Revert "see if CI hits panic"

This reverts commit 1e15aa535cac6e4d1684aaf47c8746c094068eb8.

* remove condition on log
2021-11-17 09:21:54 -07:00
Tom Proctor 46adcccfea
Website docs for Vault EKM provider for MS SQL (#13175) 2021-11-17 13:46:07 +00:00
claire bontempo c8bfbbdf7e
UI/Update blueprints to glimmer components (#13149)
* updates generator to glimmer

* adds changelog

* accounts for addon vs reg components

* moves imports to the top of components
2021-11-16 13:14:16 -08:00
Nick Cabatoff eda9607c8a
Revert more downgrades from #12975. (#13168) 2021-11-16 15:07:03 -05:00
Nick Cabatoff 1ec904976a
Note that versionTimestamps are only loaded on the active node. 2021-11-16 15:05:59 -05:00
Nick Cabatoff c2d9215d1d
Fix startup failures when aliases from a pre-1.9 vault version exist (#13169)
* Add AllowMissing to local_bucket_key schema, preventing startup failures in post-unseal when aliases from an older version exist.
2021-11-16 14:56:34 -05:00
Nick Cabatoff 9e27ccbae1
Fix 1.9 regression with raft and stored time values (#13165) 2021-11-16 14:43:00 -05:00
Austin Gebauer b73815f966
identity/oidc: Adds section to 1.9 upgrade guide for ACL policy requirements (#13154) 2021-11-16 11:27:31 -08:00
Austin Gebauer d75db00dcb
Adds documentation for GCP Cloud KMS support in key management secrets engine (#13153) 2021-11-16 11:27:08 -08:00
Chelsea Shaw c105c58bce
Hide verify-connection attribute on connection config show page (#13152)
* Hide verify-connection attribute on connection config show page

* Add changelog
2021-11-16 12:56:42 -06:00
Yoko Hyakuna 5864e0a523
Remove old guides folder and its contents (#13156)
* Remove old guides folder and its contents

* Remove the guide-nav file

* Remove the guides page
2021-11-16 08:15:42 -08:00
Loann Le 764c10ded7
[Doc Assembly Branch] Vault 1.9 release (#12944)
* new document for feature deprecation notice

* fixed errors

* Update website/content/docs/feature-deprecation-notice.mdx

Co-authored-by: Meggie <meggie@hashicorp.com>

* Update website/content/docs/feature-deprecation-notice.mdx

Co-authored-by: Meggie <meggie@hashicorp.com>

* Update website/content/docs/feature-deprecation-notice.mdx

Co-authored-by: Rosemary Wang <915624+joatmon08@users.noreply.github.com>

* Update website/content/docs/feature-deprecation-notice.mdx

Co-authored-by: Rosemary Wang <915624+joatmon08@users.noreply.github.com>

* Update feature-deprecation-notice.mdx

* added new faq page

* added content for faq

* updated faq page based on aarti's feedback

* added client count faq

* fixed a broken link

* added links

* fixed spacing issue

* added new release notes page

* edited the client count faq

* edited the feature deprecation faq

* edited the featue deprecation notice and plans

* edited the release notes

* added new oidc provider doc

* Update website/content/docs/concepts/oidc-provider.mdx

Co-authored-by: John-Michael Faircloth <fairclothjm@users.noreply.github.com>

* Update website/content/docs/concepts/oidc-provider.mdx

Co-authored-by: John-Michael Faircloth <fairclothjm@users.noreply.github.com>

* Update website/content/docs/concepts/oidc-provider.mdx

Co-authored-by: John-Michael Faircloth <fairclothjm@users.noreply.github.com>

* Update website/content/docs/concepts/oidc-provider.mdx

Co-authored-by: John-Michael Faircloth <fairclothjm@users.noreply.github.com>

* Update website/content/docs/concepts/oidc-provider.mdx

Co-authored-by: John-Michael Faircloth <fairclothjm@users.noreply.github.com>

* Update website/content/docs/concepts/oidc-provider.mdx

Co-authored-by: John-Michael Faircloth <fairclothjm@users.noreply.github.com>

* Update website/content/docs/concepts/oidc-provider.mdx

Co-authored-by: John-Michael Faircloth <fairclothjm@users.noreply.github.com>

* Update website/content/docs/concepts/oidc-provider.mdx

Co-authored-by: John-Michael Faircloth <fairclothjm@users.noreply.github.com>

* Update website/content/docs/concepts/oidc-provider.mdx

Co-authored-by: John-Michael Faircloth <fairclothjm@users.noreply.github.com>

* incorporated feedback

* Update website/content/docs/concepts/oidc-provider.mdx

Co-authored-by: John-Michael Faircloth <fairclothjm@users.noreply.github.com>

* Update website/content/docs/concepts/oidc-provider.mdx

Co-authored-by: John-Michael Faircloth <fairclothjm@users.noreply.github.com>

* Update website/content/docs/concepts/oidc-provider.mdx

Co-authored-by: John-Michael Faircloth <fairclothjm@users.noreply.github.com>

* Update website/content/docs/concepts/oidc-provider.mdx

Co-authored-by: John-Michael Faircloth <fairclothjm@users.noreply.github.com>

* changed mnt_acc to mount_accessor

* rewritting content

* added doc link

* fixed link error

* fixed spacing error

* incorporate additional feedback

* more feedback

* incorporated more feedback

* fixed headings

* fixed a heading

* incorproate changes

* incorporate feedback

* modified RN based on feedback

* Update website/content/docs/concepts/oidc-provider.mdx

Co-authored-by: Austin Gebauer <34121980+austingebauer@users.noreply.github.com>

* updated final release notes

* updated image

* fixed link

* added a new hyperlink to the etcd document

* add and modify notes; update scope template

* break identity docs into separate pages

* fix nav for identity token

* fix nav links; add links on overview

* use real example IDs

* fix typos

* incorporated additional feedback

Co-authored-by: Meggie <meggie@hashicorp.com>
Co-authored-by: Rosemary Wang <915624+joatmon08@users.noreply.github.com>
Co-authored-by: John-Michael Faircloth <fairclothjm@users.noreply.github.com>
Co-authored-by: Austin Gebauer <34121980+austingebauer@users.noreply.github.com>
Co-authored-by: JM Faircloth <jmfaircloth@hashicorp.com>
2021-11-15 18:02:36 -08:00
Matt Schultz 0abd248c9f
Return non-retryable errors on transit encrypt and decrypt failures (#13111)
* Return HTTP 400s on transit decrypt requests where decryption fails. (#10842)

* Don't abort transit batch encryption when a single batch item fails.

* Add unit tests for updated transit batch decryption behavior.

* Add changelog entry for transit encrypt/decrypt batch abort fix.

* Simplify transit batch error message generation when ciphertext is empty.

* Return error HTTP status codes in transit on partial batch decrypt failure.

* Return error HTTP status codes in transit on partial batch encrypt failure.

* Properly account for non-batch transit decryption failure return. Simplify transit batch decryption test data. Ensure HTTP status codes are expected values on batch transit batch decryption partial failure.

* Properly account for non-batch transit encryption failure return. Actually return error HTTP status code on transit batch encryption failure (partial or full).
2021-11-15 15:53:22 -06:00
Chelsea Shaw 3d46021d4e
Prevent constant-refresh UI bug (#12896) 2021-11-15 15:45:55 -06:00
Rémi Lapeyre 677e2a1ca5
Fix some typos (#12289) 2021-11-15 14:52:04 -05:00
Yoko Hyakuna ff145d3a4f
Fix out-dated hyperlink (#13145) 2021-11-15 09:53:49 -08:00
Steven Clark 2d21c00476
Add extra debugging to help identify failures within mssql test (#13142)
* Add extra debugging to help identify failures within mssql test
* Switch up the AssertInitialized method for mssql tests by marking the test as failed instead of
   immediately failing, this will also allow us to see what happens even if this assertion fails to the rest
   of the test.
2021-11-15 12:51:16 -05:00
Jordan Reimer a3862bcf97
OIDC Auth Bug (#13133)
* fixes issue with oidc auth method when MetaMask chrome extenstion is used

* adds changelog entry

* updates auth-jwt integration tests

* fixes race condition in runCommands ui-panel helper method where running multiple commands would not always result in the same output order
2021-11-15 08:48:11 -07:00
Steven Clark 8b869dde70
Revert "OSS parts to support new kms_library configuration stanza. (#13132)" (#13138)
This reverts commit 82d6662787c181b16bfdec315f96e4a81d123178.
2021-11-15 09:58:50 -05:00
Scott Miller a5e55f6b05
Fix a data race in the new autoseal health check (#13136)
* Move the ctx capture outside the goroutine to avoid a race

* refactor the toggleable wrapper to avoid races

* Move the capture back outside the goroutine

* defer
2021-11-12 15:58:46 -06:00
Hridoy Roy 1279413ea2
Docs Updates for Client Counting non-entity tokens (#13134)
* some client count docs updates

* Update website/content/docs/concepts/client-count.mdx

Co-authored-by: swayne275 <swayne275@gmail.com>

* remove full link path

* more path shortening for urls

Co-authored-by: swayne275 <swayne275@gmail.com>
2021-11-12 13:12:23 -08:00
Steven Clark ae04eda675
OSS parts to support new kms_library configuration stanza. (#13132)
- Add a new top level configuration stanza named kms_library with
   Vault's SharedConfig struct
2021-11-12 13:39:22 -05:00
Hridoy Roy 1fc0a699d9
Docs for counting non-entity tokens in the Activity Log (#13007)
* docs for counting tokens without entities

* Update website/content/docs/concepts/client-count.mdx

Co-authored-by: swayne275 <swayne275@gmail.com>

* remove parens in docs

* Update website/content/docs/concepts/client-count.mdx

Co-authored-by: Nick Cabatoff <ncabatoff@hashicorp.com>

* Update website/content/docs/concepts/client-count.mdx

Co-authored-by: Nick Cabatoff <ncabatoff@hashicorp.com>

* update documentation to be consistent with the non-entity token terminology

* Update website/content/docs/concepts/client-count.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* Update website/content/docs/concepts/client-count.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* add line about client ids to the api docs

* syntax and grammar

Co-authored-by: swayne275 <swayne275@gmail.com>
Co-authored-by: Nick Cabatoff <ncabatoff@hashicorp.com>
Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>
2021-11-12 09:59:50 -08:00
VAL e18f180609
GCP and Azure Login methods for Go client library (#13022)
* Add native Login method for GCP auth backend

* Add native Login method for Azure auth backend

* Add changelog entry

* Use official azure library Environment struct rather than passing string, add timeouts

* Use v1.3.0 which now has interface definition

* Don't throw away error and close resp body

* Back to WithResource so we can support non-Azure URLs for aud
2021-11-12 09:32:05 -08:00
Alexander Scheel cd213f5fca
Restrict ECDSA/NIST P-Curve hash function sizes for cert signing (#12872)
* Restrict ECDSA signatures with NIST P-Curve hashes

When using an ECDSA signature with a NIST P-Curve, we should follow
recommendations from BIS (Section 4.2) and Mozilla's root store policy
(section 5.1.2) to ensure that arbitrary selection of signature_bits
does not exceed what the curve is capable of signing.

Related: #11245

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Switch to certutil.ValidateKeyTypeSignatureLength(...)

Replaces previous calls to certutil.ValidateKeyTypeLength(...) and
certutil.ValidateSignatureLength(...) with a single call, allowing for
curve<->hash validation.

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Switch to autodetection of signature_bits

This enables detection of whether the caller manually specified a value
for signature_bits or not; when not manually specified, we can provision
a value that complies with new NIST P-Curve policy.

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Select hash function length automatically

Due to our change in behavior (to default to -1 as the value to
signature_bits to allow for automatic hash selection), switch
ValidateKeyTypeSignatureLength(...) to accept a pointer to hashBits and
provision it with valid default values.

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Prevent invalid Curve size lookups

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Switch from -1 to 0 as default SignatureBits

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add changelog entry

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2021-11-12 12:18:38 -05:00
claire bontempo 7f67aa28bf
UI/Custom empty state messages for transit and transform (#13090)
* customizes empty state messages for transit and transform

* adds changelog

* clarifies key name
2021-11-11 16:53:53 -08:00
swayne275 12faa5227b
define batch token interaction with lease count quota (#13127) 2021-11-11 16:09:44 -07:00
Yoko Hyakuna 9ae3e5cdd6
Add troubleshooting guide (#13124)
* Redirect /guies to https://learn.hashicorp.com

* Add link to Troubleshooting guide
2021-11-11 13:38:10 -08:00
vinay-gopalan 762133a101
update changelog/12621.txt (#13117) 2021-11-10 16:39:27 -08:00
skhilar 7adacfaf03
Added notAfter and support Y10K expiry for IEEE 802.1AR-2018 (#12795) 2021-11-10 19:09:06 -05:00
vinay-gopalan 396f25e42c
Update CHANGELOG.md entry for #12621 (#13114) 2021-11-10 14:52:31 -08:00
Arnav Palnitkar 45058952b2
Add message while adding Oracle db connection (#13087)
* Add message while adding Oracle db connection

- Since UI currently doesn't have support for custom plugin names,
  inform user to use the default plugin name for oracle

* Updated warning message

* Updated message
2021-11-10 14:20:36 -08:00
Chelsea Shaw 843afedf45
UI/OIDC authz flow tests (#13106) 2021-11-10 15:19:40 -06:00
Scott Miller 10270b6985
Add a periodic test of the autoseal to detect loss of connectivity. (#13078)
* Add a periodic test of the autoseal to detect loss of connectivity

* Keep the logic adjacent to autoseal

* imports

* typo, plus unnecessary constant time compare

* changelog

* pr feedback

* More feedback

* Add locking and a unit test

* unnecessary

* Add timeouts to encrypt/decrypt operations, capture activeContext before starting loop

* Add a block scope for the timeout

* copy/paste ftl

* Refactor to use two timeouts, and cleanup the repetitive failure code

* Readd 0ing gauge

* use millis

* Invert the unit test logic
2021-11-10 14:46:07 -06:00
John-Michael Faircloth e6ffaaf835
OIDC: return full issuer uri on read provider (#13058)
* return full issuer uri on read provider

* remove err check

* simplify full issuer logic
2021-11-10 12:35:31 -06:00
Loann Le 6a5fc75ff5
fixed link error (#13103) 2021-11-10 09:38:02 -08:00
Jonas-Taha El Sesiy 811c7a8133
Add PutAutoPilotRaftConfiguration to api (#12428) 2021-11-10 12:10:15 -05:00
VAL 558672797e
Remove reference to local api module, use v1.3.0 (#13105) 2021-11-09 14:49:46 -08:00
swayne275 0604c12f27
Namespace API Lock docs (#13064)
* add api lock doc

* add docs nav data

* Update website/content/api-docs/system/namespaces.mdx

Co-authored-by: Chris Capurso <christopher.capurso@gmail.com>

* update command doc

* clarify locked http status code

* add example exempt path

* further exempt clarification

* link api locked response

* add x-vault-namespace api example

* Update website/content/docs/concepts/namespace-api-lock.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* review suggestions

* few other small tweaks

Co-authored-by: Chris Capurso <christopher.capurso@gmail.com>
Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>
2021-11-09 15:43:17 -07:00
Jordan Reimer 7c7d626420
Raft peer removal bug (#13098)
* fixes issue removing raft peer via cli not reflected in UI until refresh

* adds changelog entry
2021-11-09 15:05:25 -07:00
Chelsea Shaw b4129a1591
UI: Show detailed error response on failed secret-engine list call (#13035) 2021-11-09 14:42:46 -06:00