Commit Graph

14457 Commits

Author SHA1 Message Date
Steven Clark f158382f56
Warn user supplying nonce values in FIPS mode for transit encryption requests (#13366)
* Warn user supplying nonce values in FIPS mode for transit encryption requests

 - Send back a warning within the response if an end-user supplies nonce
   values that we use within the various transit encrypt apis.
 - We do not send a warning if an end-user supplies a nonce value but we
   don't use it.
 - Affected api methods are encrypt, rewrap and datakey
 - The warning is only sent when we are operating in FIPS mode.
2021-12-08 14:37:25 -05:00
Theron Voran bfa008d78f
agent/cache: differentiate open log messages (#13362)
Changes the error output for the second open of the persistent cache
file, to differentiate it from the c.UI.Error message for the initial
open of the cache file, just to make it easier to tell where a problem
occurred.
2021-12-08 10:32:49 -08:00
Matt Schultz 85f5cfc356
Adds support for SHA-3 to transit (#13367)
* Adding support for SHA3 in the transit backend.

* Adds SHA-3 tests for transit sign/verify path. Adds SHA-3 tests for logical system tools path hash functionality. Updates documentation to include SHA-3 algorithms in system tools path hashing.

* Adds changelog entry.

Co-authored-by: robison jacka <robison@packetized.io>
2021-12-08 12:29:33 -06:00
Tom Proctor be07a202d9
Docs to clarify k8s auth options with short-lived tokens (#13275)
* Rework 1.21 content into one heading and add note at top
* Add notes about extended k8s token duration
* Add example of ClusterRoleBinding for using client JWTs
2021-12-08 18:20:24 +00:00
Noel Quiles 19cbda7f90
Update @hashicorp/react-hashi-stack-menu (#13354) 2021-12-07 15:51:10 -05:00
Mike Green 05da506dea
clarify more sink options (#12586) 2021-12-07 12:16:14 -08:00
Calvin Leung Huang 0c5662770d
docs: update custom database sample code (#13211) 2021-12-07 11:10:02 -08:00
mickael-hc 36207b5668
docs: winsvc update recommendations (#13280) 2021-12-07 10:35:13 -08:00
Jordan Reimer c1df15e790
Incorporate Ember Flight Icons (#12976)
* adds ember-flight-icons dependecy

* adds inline-json-import babel plugin

* adds flight icon styling

* updates Icon component to support flight icons

* updates Icon component usages to new api and updates name values to flight icon set when available

* fixes tests

* updates icon story with flight mappings and fixes issue with flight icons not rendering in storybook

* adds changelog

* fixes typo in sign action glyph name in transit-key model

* adds comments to icon-map

* updates Icon component to use only supported flight icon sizes

* adds icon transform codemod

* updates icon transform formatting to handle edge case

* runs icon transform on templates

* updates Icon usage in toolbar-filter md and story

* updates tests
2021-12-07 10:05:14 -07:00
Loann Le 8f7dd0c291
modifed note (#13351) 2021-12-07 08:46:46 -08:00
Steven Clark 94e6a688ff
Add kms_library configuration stanza (#13352)
- Add the kms_library configuration stanza to Vault's command/server
 - Provide validation of keys and general configuration.
 - Add initial kms_library configuration documentation
 - Attempt at startup to verify we can read the configured HSM Library
 - Hook in KmsLibrary config into the Validate to detect typo/unused keys
2021-12-07 09:58:23 -05:00
Harsimran Singh Maan 7178e2c4be
Fix typo (#13355) 2021-12-06 17:23:03 -08:00
Jim Kalafut 22c4ae5933
Rename master key to root key (#13324)
* See what it looks like to replace "master key" with "root key".  There are two places that would require more challenging code changes: the storage path `core/master`, and its contents (the JSON-serialized EncodedKeyringtructure.)

* Restore accidentally deleted line

* Add changelog

* Update root->recovery

* Fix test

Co-authored-by: Nick Cabatoff <ncabatoff@hashicorp.com>
2021-12-06 17:12:20 -08:00
Heather Simon 04d634d9d2 Merge branch 'main' of https://github.com/hashicorp/vault 2021-12-06 10:09:49 -08:00
Anthony (Ryo) Wright bcd29f2b68
Fix null token type bug (#13236)
* Fixed null token panic from 'v1/auth/token/' endpoints and returned proper error response

* Fixed panic resulting from null token_type in /auth/token/roles/{role_name} to returne proper error response

* added changelog entry for PR #13236

* edit changelog entry for PR #13236
2021-12-06 09:38:53 -08:00
claire labry b59f8b8b4c
adding CRT to main branch (#13088)
* adding CRT to main branch

* cleanup

* um i dont know how that got removed but heres the fix

* add vault.service

Co-authored-by: Kyle Penfound <kpenfound11@gmail.com>
2021-12-06 11:06:22 -05:00
Noel Prince b4d86a13c1
improve "x_forwarded_for_hop_skips" example (#12463)
Currently the example given results in 2.3.4.5 if it is indexed from other side. This new example prevents confusion because it is now clear which side x_forwarded_for_hop_skips is indexing from
2021-12-06 10:56:51 -05:00
Heather Simon f44dbce609 Typo fix in 1.9 Release Notes
Fixes a typo in "Vault Agent improvements"
2021-12-03 14:02:16 -08:00
Angel Garbarino 283dcd0aef
GetCredentials Bug fix (#13336)
* the fix

* test coverage
2021-12-03 14:59:42 -07:00
Zachary Shilton c562977522
website: fix print styles by bumping deps (#12894)
* website: fix print styles by bumping deps

* website: remove old highlight js prints style code

* fix: hashi-stack-menu selector
2021-12-03 11:51:49 -05:00
Loann Le 21b01b71a6
Vault documentation: updated client count FAQ document (#13330)
* modified based on feedback

* Update faq.mdx

fixed text
2021-12-02 11:21:56 -08:00
Jim Kalafut 9ed05c3ff5
Fix doc build (#13329)
path-help.mdx is now the reference for help.
2021-12-02 08:31:56 -08:00
Eugene R c2a92cd351
Fix possible nil pointer dereference (#13318) 2021-12-02 08:23:41 -05:00
Jim Kalafut f0f4c2886a
Unhide or remove docs sidebar elements (#13198)
A few sidebar elements are hidden for unknown reasons. If we have a
reason to keep them hidden (vs deleting the element and associated docs),
maybe we could add `"_comment":"Hidden because ..."` to them.

A few other elements were definitely obsolete so I've removed them.
2021-12-01 16:58:28 -08:00
Rowan Smith a78721dbfe
update custom headers to mention 1.9 is required (#13155)
* update custom headers to mention 1.9 is required

Per https://github.com/hashicorp/vault/blob/main/CHANGELOG.md#190-rc1 the custom response headers are a new feature introduced in 1.9, meaning we should explicitly call out this version requirement in documentation, otherwise users of earlier versions of Vault will unable to use the functionality and may consider it a bug.

* Update website/content/docs/configuration/listener/tcp.mdx

reads better, agreed

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>
2021-12-01 10:48:06 -08:00
Theron Voran 81e8ad438e
aws/logical: fix backend test (#13323)
Remove the `[:64]` from
`TestAcceptanceBackend_AssumedRoleWithPolicyDoc()` since max length is
handled in `generateUniqueRoleName()`
2021-12-01 10:44:22 -08:00
Angel Garbarino 43148ed9f2
UI/kv codemirror diff (#13000)
* staying with jsondiff

* routing setup

* send compare against data to component after using new adapater method to return the version data.

* functionality

* fix issue on route transition not calling model hook

* formatting

* update version

* changelog

* glimmerize the json-editor component

* catch up

* passing tracked property from child to parent

* pull out of jsonEditor

* fix issue with message

* icon

* fix some issues with right selection

* changes and convert to component

* integration test

* tests

* fixes

* cleanup

* cleanup 2

* fixes

* fix test by spread attributes

* remove log

* remove
2021-12-01 11:41:49 -07:00
VAL 82d49a08fb
Use real version of auth modules in root go.mod (#13321)
* Use real version of auth modules

* Keep replaces
2021-12-01 10:02:40 -08:00
Pavlos Tzianos 0abc8f43fa
Add helper for encoding/decoding root tokens and OTP generation in SDK module (#10504) (#10505) 2021-12-01 08:05:49 -05:00
Angel Garbarino b4d9ee60d8
KV spelling error on destroy (#13313)
* fix spelling error

* add test coverage

* whoops

* browserstack fail
2021-11-30 15:31:02 -07:00
Nick Cabatoff a47a2c9fc4
Add "operator members" command to list nodes in the cluster. (#13292) 2021-11-30 14:49:58 -05:00
Hridoy Roy 1ff2e8d9d0
some small version test changes (#13310) 2021-11-30 09:52:33 -08:00
Michele Degges 736e0b51db
Update 1.9.0-rc1 changelog (#13075)
Co-authored-by: Meggie <meggie@hashicorp.com>
Co-authored-by: Kyle Penfound <kpenfound11@gmail.com>
2021-11-30 09:37:17 -08:00
Theron Voran 8353c27c24
tests: Add `iam_tags` to expected responses (#13150)
Update the AWS auth backend acceptance tests to account for the new
`iam_tags` field that comes back on responses.

* marked only tests requiring creds as acceptance

Renamed TestBackend_* to TestAcceptanceBackend_* if the test requires
AWS credentials. Otherwise left the name as TestBackend_* and set
`AcceptanceTest: false`.

* ensure generated names aren't too long

IAM roles and users have a 64 character limit, and adding Acceptance
to the test names was putting some over the length limit, so modified
generateUniqueName() to take a max length parameter and added
functions for each type of name generation (user, role, group).
2021-11-29 16:00:42 -08:00
Nicola Kabar b5f1027d07
docs: added minor recommendation for k8s agent annotations (#13239)
Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>
2021-11-29 14:57:19 -08:00
Arnav Palnitkar 0a11076322
Add pagination to namespace list view (#13195)
* Add client side pagination to namespaces

* Update namespace list after delete operation

* Added changelog

* Added tests

* Clean up

* Added comment for test

* Try ember run loop

* Run test only in enterprise

* Fixed test
2021-11-29 13:11:14 -08:00
John-Michael Faircloth 32152e10fd
Identity: check NextSigningKey existence during key rotation (#13298)
* oidc: fix key rotation panic

* refactor and update unit tests

* add changelog
2021-11-29 15:10:58 -06:00
Mike 4fd241c3d3
Fix case typo in docs (#13259) 2021-11-29 15:55:46 -05:00
Jason O'Donnell 660a7be134
sdk/queue: move lock before checking queue length (#13146)
* sdk/queue: move lock before checking queue length

* Add changelog
2021-11-29 14:54:00 -05:00
Eugene R f39f1ce8de
Aerospike backend update (#12165)
* upgrade aerospike-client-go to v5.2.0

* use strings.Contains to check an error

* add changelog file

* go mod tidy

* go mod tidy

* update the changelog

* revert .gitignore update

* go mod tidy
2021-11-29 11:09:12 -08:00
Austin Gebauer 0ca08038d5
secrets/azure: Update plugin to v0.11.2 (#13277) 2021-11-29 09:05:23 -08:00
Austin Gebauer 78b4a2c04e
secrets/azure: Fixes use_microsoft_graph_api parameter description in API docs (#13287) 2021-11-27 09:27:11 -08:00
Nick Cabatoff 997a5ace91
Prevent raft transactions from containing overlarge keys. (#13286) 2021-11-26 08:38:39 -05:00
Nick Cabatoff f85908e1df
Return an error when trying to store a too-large key with Raft (#13282) 2021-11-25 14:07:03 -05:00
Lars Lehtonen 8b6477a0f0
http: fix dropped test error (#13247) 2021-11-24 14:08:22 -08:00
Yoko Hyakuna 6ea0df030e
Update Vault Agent intro (#13267)
* Update Vault Agent intro

* Update website/content/docs/agent/index.mdx

Co-authored-by: Brian Shumate <brianshumate@users.noreply.github.com>

* Update website/content/docs/agent/index.mdx

Co-authored-by: Brian Shumate <brianshumate@users.noreply.github.com>

* Update website/content/docs/agent/index.mdx

Co-authored-by: Brian Shumate <brianshumate@users.noreply.github.com>

* Update website/content/docs/agent/index.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* Update website/content/docs/agent/index.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* Update website/content/docs/agent/index.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* Update website/content/docs/agent/index.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* Update website/content/docs/agent/index.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* Update website/content/docs/agent/index.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* Update website/content/docs/agent/index.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* Update website/content/docs/agent/index.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* Update website/content/docs/agent/index.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* Update website/content/docs/agent/index.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* Update website/content/docs/agent/index.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* Update website/content/docs/agent/index.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* Update website/content/docs/agent/index.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* Update website/content/docs/agent/index.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* Update website/content/docs/agent/index.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* Update website/content/docs/agent/index.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* Update website/content/docs/agent/index.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* Update website/content/docs/agent/index.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

Co-authored-by: Brian Shumate <brianshumate@users.noreply.github.com>
Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>
2021-11-24 12:41:11 -08:00
Navaneeth Rameshan 4e05632881
recognize ed25519 key type and return PKCS8 format (#13257)
* return pkcs8 format for ed25519 curve

convertRespToPKCS8 does not recognize the ed25519 key. Changes
to recognize ed25519 key and return its PKCS8 format
2021-11-24 14:24:06 -05:00
hghaf099 fe981470ad
Update 13200.txt changelog (#13263)
* Update 13200.txt
2021-11-24 13:38:15 -05:00
AnPucel eeb41dc76e
Allowing Unwrap w/ Newline files (#13044) 2021-11-24 10:13:45 -08:00
Scott Miller f1b18bd990
Don't claim that Vault obfuscates the environment variable for sensitive values, this doesn't work at least in recent version of Go, as Go makes a copy of the environment, so we're only modifying that one, and not the one visible to the rest of the system (#13252) 2021-11-24 11:50:34 -06:00