Commit graph

14501 commits

Author SHA1 Message Date
Jason O'Donnell 974dbf6082
auth/ldap: Add username to alias.metadata.name (#13669)
* Fix upndomain bug causing alias name to change

* Fix nil map

* Add changelog

* revert

* Update changelog

* Add test for alias metadata name

* Fix code comment
2022-01-20 12:30:26 -05:00
Rémi Lapeyre 3773ade7c6
Accept both -f and --force in the web terminal (#13683)
* Accept both -f and --force in the web terminal

This aligns the behavior of the web terminal with the `vault write ...`
command to make it a bit more user friendly.

* Add changelog

* Use === instead of ==
2022-01-20 10:17:53 -07:00
Matt Schultz fc7deabfd7
Time-based transit key autorotation (#13691)
* Add auto_rotate_interval field to transit key creation path.

* Add auto_rotate_interval field to transit key config update path.

* Implement transit automatic key rotation on an hourly interval.

* Fixes transit key autorotation key listing typo.

* Add unit tests for transit key autorotation.

* Add unit tests for transit key creation with autorotation interval.

* Add unit tests for transit key config update with autorotation interval.

* Document new auto_rotate_interval fields in key creation and key config update endpoints.

* Add changelog for transit key autorotation.

* Wrap individual transit key autorotation in a policy lock.

* Add a safeguard to transit key autorotation to ensure only one execution happens simultaneously.
2022-01-20 09:10:15 -06:00
Nick Cabatoff 279e0d4332
Add the duration and start time to logged completed requests. (#13682) 2022-01-20 08:55:30 -05:00
Nick Cabatoff 4230749d9e
Revert #13679 since TestCluster_ListenForRequest now fails intermittently in alarming ways. (#13714) 2022-01-20 08:34:40 -05:00
Sung Hon Wu 194c9e32d3
Enhance sys/raw to read and write values that cannot be encoded in json (#13537) 2022-01-20 07:52:53 -05:00
Mike Green 364d7a9be1
Add algo signer to support openssl as of recent (#12438)
"algorithm_signer": "rsa-sha2-256"
to prevent /var/log/auth.log `userauth_pubkey: certificate signature algorithm ssh-rsa: signature algorithm not supported [preauth]` due to vault defaulting to ssh-rsa which is insecure
2022-01-19 15:37:00 -08:00
Calvin Leung Huang bd25ed1294
docs: add known issues section to 1.9.x upgrade guide (#13662)
* docs: add known issues section to 1.9.x upgrade guide

* minor rephrasing on oidc known issue

* use relative references for URLs

* Update website/content/docs/upgrading/upgrade-to-1.9.x.mdx

Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com>

* update known issues section for id token

Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com>
2022-01-19 11:21:10 -08:00
Pratyoy Mukhopadhyay 85725ba3ec
OSS changes for ent pr (#13696) 2022-01-19 09:43:12 -08:00
Scott Miller f7e3ab72a8
OSS side of the managed key interfaces (#13699)
* OSS side of the managed key interfaces

* Not needed in OSS
2022-01-19 11:15:33 -06:00
Jason O'Donnell 17ca494be3
docs/oracle: fix typo in connection_url example (#13708) 2022-01-19 11:59:30 -05:00
Nick Cabatoff 21be98ee7a
Support go-sockaddr templates in top-level cluster_addr config (#13678)
In doing some testing I found that the listener clusteraddr isn't really used, or at least isn't as important as the top-level clusteraddr setting.  As such, go-sockaddr templating needs to be implemented for the top-level `cluster_addr` setting or it's unusable for HA.

Also fix a nil pointer panic I discovered at the same time.
2022-01-19 10:56:04 -05:00
Nick Cabatoff d96298461f
Don't say we've shut down cluster listener before having done so (#13679) 2022-01-19 10:51:40 -05:00
Nick Cabatoff 07555c8bfc
Depend explicitly on go-msgpack v1.1.5 (#13693) 2022-01-19 10:32:19 -05:00
divyapola5 d9c9d06710
Add validation for nonce size when we aren't in convergent encryption mode within transit backend (#13690)
* Add validation for nonce size when we aren't in convergent encryption mode within transit backend

* Add changelog entry
2022-01-19 13:02:49 +05:30
claire bontempo be3a9b2571
UI/Update activity response with mock data (#13673)
* makes more mock data

* sort month by clients

* fix mock data

* fix typo

* adds serializer for payload to format data for charts

* remove console logs

* change key from month_year to timestamp

* add comments/todos

* change dates to UTC iso timestamp

* revert serializer changes - moving to a new PR
2022-01-18 14:56:59 -08:00
Angel Garbarino 987a4033bd
Client Count - startDate (#13637)
* fire off network for query with Start time from license and return endDate and display

* startDate

* comment change

* saving wip

* change from startDate to startTime

* comment cleanup

* Address comments

* fixing small comments
2022-01-18 13:17:24 -07:00
Tony Pulickal 908a1c1178
Update http requests API link to versioned docs (#13692) 2022-01-18 14:16:02 -05:00
VAL 6652203569
Distinguish LIST-only paths in OpenAPI (#13643)
* Distinguish LIST-only paths in OpenAPI

* add changelog

* Put enum field inside schema
2022-01-18 09:21:44 -08:00
James Bayer daefbd0a54
Remove extra commas (#13684)
The payload json example is invalid syntax.
2022-01-18 12:15:52 -05:00
Rémi Lapeyre 0d6c2acbd9
Make auth/token/revoke-accessor idempotent (#13661)
The auth/token/revoke will not error out if the token does not exists, it
always tries to revoke the token and return success to the client whether
or not the token exists. This makes the behavior of
auth/token/revoke-accessor coherent with this and remove the need to
check whether the token still exists.
2022-01-18 06:56:38 -05:00
Nick Cabatoff 400996ef0d
Parallel retry join (#13606) 2022-01-17 10:33:03 -05:00
Tero Saarni e2b17ca96b
auth/kubernetes: support for dynamically reloading short-lived tokens (#13595)
* auth/kubernetes: support for short-lived tokens

* Uplift new version of Kubernetes auth plugin that does not store the
  service account token persistently to Vault storage.

* Update the documentation to recommend local token again when running
  Vault inside cluster.

Signed-off-by: Tero Saarni <tero.saarni@est.tech>

* Added changelog entry

Signed-off-by: Tero Saarni <tero.saarni@est.tech>

* clarification to changelog entry, executed go mod tidy

* clarifications and added targeted release version
2022-01-14 19:55:15 -08:00
akshya96 319a76d8d1
Vault-3991 Code Scanning Alerts Changes (#13667)
* code scanning alerts changes

* adding changelog
2022-01-14 15:35:27 -08:00
Jordan Reimer 529e619bb5
Flaky Replication Tests (#13668)
* update pollCluster helper

* bypasses problematic assertion for now
2022-01-14 14:16:38 -07:00
Jason O'Donnell 33b9db2d26
docs: update oracle tls examples (#13659)
* docs: update oracle tls examples

* Add warnings

* Add notes

* Add missing note
2022-01-14 10:03:58 -05:00
Austin Gebauer 691e440fac
auth/azure: Documents config env vars and fixes resource used in examples (#13641) 2022-01-13 10:41:40 -08:00
Austin Gebauer e5dd039c4f
secrets/keymgmt: Adds documentation for using Azure Private Link (#13640) 2022-01-13 10:41:05 -08:00
akshya96 df53f43ee0
updating response for partial month client count (#13634)
* updating custom response for partial month count

* Update website/content/api-docs/system/internal-counters.mdx

Co-authored-by: Pratyoy Mukhopadhyay <35388175+pmmukh@users.noreply.github.com>

* removing new line

Co-authored-by: Pratyoy Mukhopadhyay <35388175+pmmukh@users.noreply.github.com>
2022-01-13 10:40:42 -08:00
claire bontempo f6dac0158f
UI/Attribution component updates (#13642)
* distinguish between single month and range attribution views, add export csv modal and action

* adds activity handler for mirage testing with client count work against new API

* adds class for grey subtitle in modal

* akes data detail titles dynamic

* fix passing of glyph type

* clarify mirage responses

* cleanup todos
2022-01-13 10:32:14 -08:00
claire bontempo 8930a45482
fixes flash message styling (#13603) 2022-01-13 10:01:48 -08:00
claire bontempo ece79f1695
UI/Clients single month template (#13635)
* create SingleMonth template

* updates stattext styling

* add flex helper and fix header margin

* rename variable in formatNumber helper

* update templates with size-specific margins

* clarify class name

* fix jsdoc param type
2022-01-13 10:00:50 -08:00
Loann Le 492eb0a2d6
Vault documentation: updated client count FAQ (#13633)
* include nomad vault question

* added link
2022-01-13 08:56:58 -08:00
Chris Capurso d52d69e4bb
Add HTTP PATCH support for KV key metadata (#13215)
* go get vault-plugin-secrets-kv@vault-4290-patch-metadata

* add kv metadata patch command

* add changelog entry

* success tests for kv metadata patch flags

* add more kv metadata patch flags tests

* add kv metadata patch cas warning test

* add kv-v2 key metadata patch API docs

* add kv metadata patch to docs

* prevent unintentional field overwriting in kv metadata put cmd

* like create/update ops, prevent patch to paths ending in /

* fix kv metadata patch cmd in docs

* fix flag defaults for kv metadata put

* go get vault-plugin-secrets-kv@vault-4290-patch-metadata

* fix TestKvMetadataPatchCommand_Flags test

* doc fixes

* go get vault-plugin-secrets-kv@master; go mod tidy
2022-01-12 12:05:27 -05:00
Jordan Reimer 2adf4df7d7
updates template lint config to override rules in test files for ember language server (#13632) 2022-01-12 08:20:11 -07:00
Chris Capurso fc75aabd03
use GetOkErr in patch handler so type coercion errors result in error response (#13191)
* use GetOkErr in patch handler so unknown fields result in error response

* do not error on unknown fields for patch handling

* godoc update for HandlePatchOperation
2022-01-12 09:32:59 -05:00
Jordan Reimer 3553e223ca
Mirage Dev Workflow (#13620)
* adds development workflow to mirage config

* adds example mirage dev handler

* adds changelog

* removes changelog entry

* adds base mirage handlers
2022-01-11 15:28:37 -07:00
Jim Kalafut daa7b43d01
Remove docs changes from CODEOWNERS 2022-01-11 12:09:50 -08:00
Angel Garbarino 026464852a
Client Count Calendar Widget for 1.10 (#13613)
* cherry pick my changes over

* clean up

* styling fix

* clean up

* address pr comments

* rename

* update comment
2022-01-11 11:05:38 -07:00
Jordan Reimer d4a3c449ec
updates to address flaky acceptance tests (#13628) 2022-01-11 10:15:22 -07:00
Nick Cabatoff 624128896f
If we get a 405 doing an HTTP PATCH, assume the server is pre-1.9 and fall back to old readThenWrite approach (#13615) 2022-01-11 11:52:24 -05:00
Nick Cabatoff a5bfd500ca
Skip tests on backported docs branches. (#13612)
* Remove unnecessary branch filters; we rely instead on exiting the jobs on inappropriate branches, since otherwise GH's required checks won't be satisfied.
2022-01-11 09:02:47 -05:00
Nick Cabatoff 150b1ac67a
Clarify the distinction between token and identity policies. (#13614) 2022-01-11 09:01:43 -05:00
Nick Cabatoff 4ee4374b3e
Use MAP_POPULATE for our bbolt mmaps (#13573)
* Use MAP_POPULATE for our bbolt mmaps, assuming the files fit in memory.  This should improve startup times when freelist sync is disabled.
2022-01-11 08:16:53 -05:00
claire bontempo 9956c051d2
UI/Fixes secrets list breadcrumb (#13604)
* fixes basekey param

* adds changelog
2022-01-10 11:00:47 -08:00
Robert 15bd5fd6b6
secrets/database: Add parameter to disable escaping username and password chars for DB connections (#13414)
* Add a parameter that disables escaping characters in the username or password fields for secrets engines database connections

* Always disallow template variables inside the username or password
2022-01-10 12:05:17 -06:00
Chelsea Shaw 53184684f6
UI/fix icon colors (#13601) 2022-01-10 11:08:05 -06:00
Nick Cabatoff 3828d4bf9d
Note that api_addr and cluster_addr can use go-sockaddr templates. (#13592) 2022-01-10 09:06:30 -05:00
Lars Lehtonen 8a3501b7f0
builtin/credential/aws: fix dropped test error (#13609) 2022-01-10 08:58:20 -05:00
Chris Capurso c925324057
add retry logic to TestKV_Patch_RootToken (#13586) 2022-01-07 14:46:26 -05:00