Commit graph

12716 commits

Author SHA1 Message Date
Angel Garbarino 9d7b042fd3
Mask LDAP bindpass while typing (#10087)
* use input field type password when maskWhileTyping is passed which returns true when it is bindpass

* setup testing for type password and unmasking

* add back original spacing

* remove is
2020-10-07 10:27:41 -06:00
Scott Miller 4bc458c1ee
Add a helper function for safely grabbing a keyEntry by version (#10080)
* Add a helper function for safely grabbing a keyEntry by version

* Return by value
2020-10-07 08:21:31 -05:00
Ivan Lemeshev 8a2842b467
Fix panic in handleAuditNonLogical if vault is sealed (#9310) (#10103) 2020-10-07 08:30:36 -04:00
Sam Salisbury 8f8c4b32c5
Packagespec0.1.5/master (#10090)
* packagespec upgrade -version 0.1.5

* remove meta.POST_PROCESSORS - no longer needed

* make ci-config: remove old prereq
2020-10-07 09:35:26 +01:00
Josh Black 53e5531634
Add README.md to api (#10088) 2020-10-06 14:27:59 -07:00
Scott Miller dfec27df87
Revert unnecessary changes to api/go.mod (#10097)
* restore api's go.mod

* sdk too

* root level go mod vendor
2020-10-06 14:25:46 -05:00
Josh Black 3e278b33dc
Clarify docs around audit non-hmac request and response keys (#10018) 2020-10-06 10:43:32 -07:00
Calvin Leung Huang 7c3a08af8a
changelog++ 2020-10-05 14:40:40 -07:00
Jonas-Taha El Sesiy 9b599c8162
Migrate to azure-storage-blob-go (#9577)
The azure sdk for go is maintenance-only for storage, see https://github.com/Azure/azure-sdk-for-go/tree/master/storage\#azure-storage-sdk-for-go-preview
Migrate to new azure-storage-blob-go SDK
Minor test improvements

Fix #9661
2020-10-05 14:37:13 -07:00
Chelsea Shaw 2d244f6817
Ui/pricing metrics params (#10083)
metrics route takes start and end params and passes to the date display field, as well as the route's API call
2020-10-05 16:34:52 -05:00
Hridoy Roy 27d68e7df2
Flaky Test Fix: TestSink [VAULT-720] (#10086)
* fixed

* test sink fix

* remove print statements used for debugging

* remove print statements used for debugging

Co-authored-by: HridoyRoy <hridoyroy@Hridoys-MacBook-Pro.local>
Co-authored-by: HridoyRoy <hridoyroy@Hridoys-MBP.hitronhub.home>
2020-10-05 10:29:08 -07:00
Angel Garbarino a161fc7047
Test Fix: test for default TTL instead of date timestamp (#10070)
* fix test to check not for date but for ttl default of 1800s instead to avoid 1 second off issue

* change const name

* add another test to check when set specific ttl
2020-10-05 10:55:38 -06:00
Michel Vocks dc5a0da770
Pull latest raft updates (#10055)
* Implement raft peers metric

* Remove old peers metric

* Update vault raft dependency

* Add peer_id docs
2020-10-05 16:36:48 +02:00
Tom Proctor f35835bc25
Remove duplicate "ad" schema log 2020-10-05 15:25:40 +01:00
Michael Golowka 65a5e866e5
DBPW - Update MongoDB to adhere to v5 Database interface (#10053) 2020-10-02 15:35:11 -06:00
Meggie da82b2096d
Adding an UG note on primary_cluster_addr behavior (#10071) 2020-10-02 13:25:09 -04:00
Scott Miller b513af3851
Expose generic versions of KDF and symmetric crypto (#10076)
* Support salt in DeriveKey

* Revert "Support salt in DeriveKey"

This reverts commit b295ae42673308a2d66d66b53527c6f9aba92ac9.

* Refactor out key derivation, symmetric encryption, and symmetric decryption into generic functions

* comments

* comments

* go mod vendor

* bump both go.mods

* This one too

* bump

* bump

* bump

* Make the lesser used params of symmetric ops a struct

* go fmt

* Call GetKey instead of DeriveKey

* Address feedback

* Wrong rv

* Rename calls

* Assign the nonce field

* trivial change

* Check nonce len instead

* go mod vendor
2020-10-01 21:04:36 -05:00
Troy Fluegge 2b9b41115a
Update index.mdx (#10064)
Reworded disable_mlock to remove confusion regarding what is acceptable for production deployments.  Disabling mlock is alright for production given the additional security recommendations are implemented.  Disabling mlock is also recommended for integrated storage
2020-10-01 15:31:03 -07:00
Lauren Voswinkel 4dfa7bdd39
Changelog++ 2020-10-01 13:39:59 -07:00
Chelsea Shaw 27f6988c3f
Ui/pricing metrics page setup (#10049)
* Create model and adapter for metrics/activity

* Query activity and return fake data on adapterError

* Add stub of pricing metrics cards and search form elements to metrics template

* Metrics page has pricing metrics rather than all-time tokens and requests

* update metrics config model

* Add metrics-config route and page

* Remove metrics/http-requests route and template

* remove log

* Add alert banner for when tracking disabled, and add result dates

* Small edits
2020-10-01 14:37:33 -05:00
Aleksandr Bezobchuk a3cfa7c447
Merge PR #10059: Port OSS changes from #1497 2020-10-01 15:15:20 -04:00
Chelsea Shaw 20cc59ea25
Ui/transform handle delete (#10035)
* Add hasDataChanges hook on persist for delete and save

* Reverse order of disconnecting transformations then deleting role

* Update get functions to be in line with impending ember upgrade
2020-10-01 10:27:45 -05:00
Michael Golowka fc0ed96066
DBPW - Revert AutoMTLS (#10065) 2020-09-30 17:08:37 -06:00
Hridoy Roy 649cef00f8
updated changelog to reflect Enterprise fix [VAULT-507] (#10056)
* updated changelog

* fix changelog

Co-authored-by: HridoyRoy <hridoyroy@Hridoys-MacBook-Pro.local>
Co-authored-by: HridoyRoy <hridoyroy@Hridoys-MBP.hitronhub.home>
2020-09-30 14:39:43 -07:00
Calvin Leung Huang d903095b3b
changelog++ 2020-09-29 18:10:44 -07:00
Calvin Leung Huang 90a3f32771
agent: return a non-zero exit code on error (#9670)
* agent: return a non-zero exit code on error

* agent/template: always return on template server error, add case for error_on_missing_key

* agent: fix tests by updating Run params to use an errCh

* agent/template: add permission denied test case, clean up test var

* agent: use unbuffered errCh, emit fatal errors directly to the UI output

* agent: use oklog's run.Group to schedule subsystem runners (#9761)

* agent: use oklog's run.Group to schedule subsystem runners

* agent: clean up unused DoneCh, clean up agent's main Run func

* agent/template: use ts.stopped.CAS to atomically swap value

* fix tests

* fix tests

* agent/template: add timeout on TestRunServer

* agent: output error via logs and return a generic error on non-zero exit

* fix TestAgent_ExitAfterAuth

* agent/template: do not restart ct runner on new incoming token if exit_after_auth is set to true

* agent: drain ah.OutputCh after sink exits to avoid blocking on the channel

* use context.WithTimeout, expand comments around ordering of defer cancel()
2020-09-29 18:03:09 -07:00
Michael Golowka 3a03be14e1
Make username generation in SQLCredentialsProducer available without an instance (#10050) 2020-09-29 16:54:34 -06:00
Andy Assareh ab7cd4f8db
corrected typo in "certificate" (#9916) 2020-09-28 17:39:01 -07:00
Andy Assareh 818120b401
corrected a missing noun (#9917) 2020-09-28 17:38:39 -07:00
aphorise 101855f365
UI - Added success message to core for the copy-buttn action in masked-inputs view. Resolves: #7321 (#9808) 2020-09-28 16:52:06 -07:00
Wacław Schiller 5d419f73c3
Minor fix to audit documentation (#10047) 2020-09-28 16:04:45 -07:00
Theron Voran 33971407ad
changelog++ 2020-09-28 14:08:52 -07:00
Theron Voran 52581cd472
Add logging during awskms auto-unseal (#9794)
Adds debug and warn logging around AWS credential chain generation,
specifically to help users debugging auto-unseal problems on AWS, by
logging which role is being used in the case of a webidentity token.

Adds a deferred call to flush the log output as well, to ensure logs
are output in the event of an initialization failure.
2020-09-28 14:06:49 -07:00
Hridoy Roy d7a673321d
Retry Logic to Mssql Tests [VAULT-637] (#10039)
* added retry to mssql testing

* setting num retry to 3

* removed a comment and moved svc into loop

Co-authored-by: HridoyRoy <hridoyroy@Hridoys-MacBook-Pro.local>
Co-authored-by: HridoyRoy <hridoyroy@Hridoys-MBP.hitronhub.home>
2020-09-28 09:03:23 -07:00
Sam Salisbury 98fe5029b0
Packagespec v0.1.2/master (#9995)
* packagespec v0.1.2 - prep: remove unneeded code

* packagespec v0.1.2 - packagespec init

* packagespec v0.1.2 - make packages

* packagespec v0.1.3 - make packages
2020-09-28 13:53:39 +01:00
Jim Kalafut d6cf73e6cd
changelog++ 2020-09-25 17:21:43 -07:00
Billy Keyes 26e8627cfc
Use us-gov-west-1 for global APIs in aws-us-gov (#9947)
* Use us-gov-west-1 for global APIs in aws-us-gov

Certain partition-global AWS services, like IAM, seem to require
specific regions. In the regular 'aws' partition, this is us-east-1. In
the 'aws-us-gov' partition, this is us-gov-west-1. Providing
us-gov-east-1 returns an error from AWS:

  SignatureDoesNotMatch: Credential should be scoped to a valid region, not 'us-gov-east-1'.

This resolves a problem where AWS authentication could randomly fail
depending on the value cached by Vault at startup.
2020-09-25 17:13:26 -07:00
Meggie 1d1011bc9f
changelog++
1.5.5 section
2020-09-25 15:18:27 -04:00
ncabatoff a1a9889f81
changelog++ 2020-09-25 14:32:49 -04:00
Theron Voran 2ba19c3f16
Update k8s auth docs for new parameter (#9992)
Adds info about the disable_local_ca_jwt parameter.

Co-authored-by: Clint <catsby@users.noreply.github.com>
2020-09-25 11:17:28 -07:00
Meggie 44b255ab61
Updating version for website to 1.5.4 (#10040) 2020-09-25 13:50:09 -04:00
Theron Voran 8b20c04eb1
Update to vault-plugin-auth-kubernetes@master (#10004) 2020-09-24 15:44:06 -07:00
Scott Miller a8cbda1713
Add retry to TestPostgresqlBackend (#10032) 2020-09-24 16:19:11 -05:00
Meggie 34b7b4bde6
changelog++
Updated with security content for new 1.5.4 and 1.4.7.
2020-09-24 16:46:10 -04:00
Josh Black da34497041
changelog++ 2020-09-24 13:37:48 -07:00
mgritter db99f5a14f Move entries to correct release. 2020-09-23 16:23:33 -07:00
Jim Kalafut 427cca9ce9
changelog++ 2020-09-23 16:10:27 -07:00
Scott G. Miller 0bf207f96c changelog++ 2020-09-23 18:04:12 -05:00
Josh Black 7c34eeada8
changelog++ 2020-09-23 15:59:00 -07:00
Michael Golowka 41d8c89169
[DBPW 5/X] Use AutoMTLS with DB plugins (#10008) 2020-09-23 16:08:03 -06:00