Commit graph

12716 commits

Author SHA1 Message Date
Jim Kalafut b61f080daf
Update docs to add EdDSA to supported algorithms (#9854) 2020-08-29 10:30:05 -07:00
Jim Kalafut 1044021b03
changelog++ 2020-08-29 10:22:50 -07:00
Chelsea Shaw 7662de315a
Ui/transform roles list create (#9852)
* Can see list of roles, templates, and alphabets when you click on corresponding tab inside a transform secrets engine

* Cannot click on items in list other than transformations

* Can create a new transform role from the empty state or toolbar

* Creating a role redirects to the view of that role

* Breadcrumb links on transform roles work

* Role create form handles error
2020-08-28 15:38:00 -05:00
Michael Golowka acda64aa35
Add Database v5 interface with gRPC client & server (#9641)
* Add new Database v5 interface with gRPC client & server
This is primarily for making password policies available to the DB engine, however since there are a number of other problems with the current interface this is getting an overhaul to a more gRPC request/response approach for easier future compatibility.

This is the first in a series of PRs to add support for password policies in the combined database engine
2020-08-28 11:20:49 -06:00
Tom Proctor f6284dde23
Remove incorrect couchbase command (#9851) 2020-08-28 16:34:00 +01:00
Calvin Leung Huang 0d723e54a9
docs: add tls settings on cert auto-auth's config page (#9848) 2020-08-27 19:21:32 -07:00
Michael Ethridge a71798a445
TLS Cert Authentication example updates (#9735)
* TLS Cert Authentication example updates

- Updated the Cert Auth example description to clarify which CA
should issue the certificate.
- Removed `-ca-cert` parameter from examples as this caused
confusion.  Is this the auth CA or the CA of the listener?

* Return CA parameter to examples, add Note

- Returned CA parameter to login examples
- Added note above examples to explain which CA is being used in CLI
- Updated examples in API doc to use httpS
- Added note above login example to explain wich CA is being used

Co-authored-by: Calvin Leung Huang <cleung2010@gmail.com>
2020-08-27 17:47:16 -07:00
Jim Kalafut ba1adb6d22
Update Known Issues (#9847)
Provide information about AWS IAM fix versions.
2020-08-27 16:48:44 -07:00
Meggie f1fb18ce8b
Changelog updates for 1.5.3 etc (#9845) 2020-08-27 16:36:35 -07:00
Chelsea Shaw bc5091f32c
Fix templates on transformation being saved as array of array (#9846) 2020-08-27 16:42:05 -05:00
Angel Garbarino a3a9ca4132
Ui/transform delete v2 (#9842)
* first cherry pick

* fix cli clipboard copy text for masking vs fpe

* dynamically setup copy commands for cli copy button

* add backend to cli clipboard text

* add capabilities cherry pick

* setup modal

* handle error response in Modal

* pass in type to info table row so can handle array specific

* remove todo
2020-08-27 15:23:24 -06:00
Scott Miller 0dc0a8233f
Update go.mod to reference latest public gcp-auth plugin (#9813)
* Point to the public, recent version of vault-plugin-auth-gcp

* Vendor the subsequent changes
2020-08-27 13:34:41 -05:00
Austin Gebauer b96f073e23
docs: fixes rollback_statements description and some punctuation (#9836) 2020-08-26 16:49:17 -07:00
Jim Kalafut 2c737182e4
Import vault-plugin-mock (#9839)
Support testing of CI and GitHub actions by creating a real dependency
between Vault and a plugin. The plugin itself is a no-op.
2020-08-26 12:51:46 -07:00
Mark Gritter 6d1b71962f
Add date/time argument type. (#9817)
* Add date/time argument type.
* Add an argument to select which time formats are valid.
* Increase minimum date for epoch timestamps to avoid ambiguity.
2020-08-26 14:40:23 -05:00
Calvin Leung Huang 3a5c7a6946
secrets/ssh: allow algorithm_signer to use the key's default algo (#9824)
* secrets/ssh: allow algorithm_signer to use the key's default algo

* add test for ed25519 key signing

* test: add role upgrade test case

* test: rename and add more test cases

* test: clean up tests cases, fix broken test case on expected error

* test: fix broken test case on expected error
2020-08-26 12:31:56 -07:00
Chelsea Shaw 5c64846225
UI: Transform secrets engine with transformations
* Ui/transform enable (#9647)

* Show Transform on engines list if enterprise

* Add box-radio component

* Add is-disabled styling for box-radio and fix tooltip styling when position: above

* Add KMIP and Transform to possible features on has feature helper

* Sidebranch: Transform Secret Engine Initial setup (#9625)

* WIP // list transforms, console.logs and all

* setup LIST transformations ajax request and draft out options-for-backend options

* change from plural to singluar and add transform to secret-edit

* create two transform edit components

* modify transform model with new attrs

* add adapterFor to connect transform adapter to transform-edit-form component

* setup Allowed roles searchSelect component to search over new transform/role adapter and model.

* clean up for PR

* clean up linting errors

* restructure adapter call, now it works.

* remove console

* setup template model for SearchSelect component

* add props to form field and search select for styling

Co-authored-by: Chelsea Shaw <chelshaw.dev@gmail.com>

* Ui/transform language fixes (#9666)

* Update casing and wording on Transform list route. Use generic list item for transformations

* Add back js file for transformation-edit

* Set up transform for tabs

* Ui/create edit transformation fixes (#9668)

* add conditional for masking vs tweak source based on type, and update text for create transformation

* change order

* fix error with stringArray

* setup the edit/delete transformation view

* clean up toolbar links

* setup serializer to change response of mask character from keycode to character

* change styling of label and sub-text size, confirmed with design

* temp fix on templates vs template

* add clickable list item

* add space between template list

* setup styling and structure for the rest of the show transformation.  TODO: turn into components.

* create transform-show-transformation component

* add attachCapabilities to transform model and update transform-transformation-itme list accordingly

* clean up liniting errors

* address pr comments

* remove leftover

* clean up

* Sidebranch: UI transform create and edit clean up (#9778)

* clean up some of the TODOs

* setup edit view with read only attributes for name and template

* setup initial selected for search select component

* fixes

* hide templates form field for now

* set selectLimit for search select component

* hide power select if the select limit is greater than or equal to the selectedOptions length

* clean up failing linting

* address pr comments

* Ui/fix list roles transformation (#9788)

* Update search-select to pass backend to query if exists

* Update role and template adapters

* cleanup

* Fix replace with static string

* Ui/transform cleanup 2 (#9789)

* amend encode/decode commands for now until design gets back with more details

* restrict character count on masking input field

* clean up selectLimit

* show backend instead of transform in cli copy command

* Show KMIP un-selectable if enterprise but no ADP module (#9780)

* New component transform-edit-base

* Duplicate RoleEdit as TransformEditBase and swap in all transform components

* Roll back role-edit changes

* Update to transform edit base

* Remove extraeneous set backend type on transform components

* formatting

* Revert search-select changes

* Update template/templates data on transformation (#9838)

Co-authored-by: Angel Garbarino <Monkeychip@users.noreply.github.com>
2020-08-26 11:31:18 -05:00
Scott Miller 4c4fb54806
Aws auth fixes (#9825)
* Bring over PSIRT-37 changes from ENT

* Add additional allowed headers

* Already had this one

* Change to string slice comma separated parsing

* Add allowed_sts_header_values to read output

* Only validate AWS related request headers

* one per line

* Import ordering

* Update test

* Add X-Amz-Credential

* Reorder imports
2020-08-25 17:37:59 -05:00
Calvin Leung Huang 8b7a3812dc
agent: support providing certificate information in cert's config map (#9819)
* agent: support providing certificate information in cert's config map

* update TestCertEndToEnd

* remove URL reference on warning message
2020-08-25 14:26:06 -07:00
Jason O'Donnell 052dea6e57
doc: update vault-helm to 0.7.0 (#9810)
* doc: update vault-helm to 0.7.0

* Fix typo in agent image

* Remove doc from sidebar

* Update website/pages/docs/platform/k8s/helm/configuration.mdx

Co-authored-by: Clint <catsby@users.noreply.github.com>

* Update website/pages/docs/platform/k8s/helm/configuration.mdx

Co-authored-by: Clint <catsby@users.noreply.github.com>

* Add note about prometheus

Co-authored-by: Clint <catsby@users.noreply.github.com>
2020-08-24 19:03:36 -04:00
Meggie 844bb0b69a
changelog++ (#9812)
* changelog++

* Keep Clint's changes

* Tired of typing versions
2020-08-24 16:27:02 -04:00
Clint 7f78ff5a6a
Update CHANGELOG.md 2020-08-24 15:07:01 -05:00
Jason O'Donnell dfd5e2d532
vault-k8s: add new annotations for 0.5.0 (#9804)
* vault-k8s: add new annotations for 0.5.0

* feedback revision
2020-08-24 13:20:29 -04:00
Jim Kalafut 8815905114
Add Known Issue for AWS IAM logins (#9798)
* Add Known Issue for AWS IAM logins

* Add note about license issue
2020-08-21 15:21:56 -07:00
Andy Baran dffd0dfa4b
K8s docs cross reference (#9795)
* add links to commonly reference Learn site docs

* fixed markdown links

* Moved Deployment Guide to "Guides" subs section
2020-08-21 15:03:01 -04:00
Mark Gritter 6cd00407ad
Add vault.metrics.collection.* metrics to documentation. (#9796) 2020-08-21 13:27:30 -05:00
Meggie 94f963b8b6
changelog++
Credit for Felix.
2020-08-20 19:25:13 -04:00
Meggie 275a34476c
Updates for 1.5.1, 1.4.4, 1.3.8, and 1.2.5 (#9793)
* Updates for 1.5.1, 1.4.4, 1.3.8, and 1.2.5

* Recommend against using these versions

* Re-running checks

* Update docs-navigation.js
2020-08-20 18:57:44 -04:00
ncabatoff e62c6fd2c7
Add ui build tag so we create binaries that serve a UI. (#9790) 2020-08-20 14:37:26 -04:00
Meggie 2f7c6db9b4
changelog++ 2020-08-20 13:57:25 -04:00
ncabatoff 7f7ac71746
Document allowed_domains_template. (#9751) 2020-08-20 09:54:52 -04:00
ncabatoff f20f3747c7
New seal migration strategy doesn't work in 1.4. (#9765) 2020-08-20 09:54:28 -04:00
Junya Ogasawara 0a13195450
Reduce a required permission for OIDC with AzureAD (#9785)
`Group.Read.All` is too permissive policy to achieve external groups
feature. `GroupMembers.Read.All` is enough for that purpose.

MicroSoft Graph API Permission reference follows
https://docs.microsoft.com/en-us/graph/permissions-reference#application-permissions-23
2020-08-20 00:00:31 -07:00
Josh Black 86c1a01c31
changelog++ 2020-08-19 17:53:42 -07:00
ncabatoff 1ca6694ef0
changelog++ 2020-08-19 15:46:58 -04:00
Calvin Leung Huang 3d69148378
changelog++ 2020-08-19 11:25:41 -07:00
ncabatoff d5f0567d4b
changelog++ 2020-08-19 14:03:55 -04:00
Clint 6af69d7d3d
Update hashicorp/vault-plugin-secrets-azure to v0.6.2 (#9768)
* Update hashicorp/vault-plugin-secrets-azure to v0.6.2

* update go mod vendor
2020-08-18 13:48:11 -05:00
Martin Hristov ac36da333d
Add note for AD domain usernames in MSSQL (#9743)
Adding a note that `vaultuser` might be part of the AD domain like `DOMAIN\vaultuser`.
2020-08-18 10:35:21 -06:00
Tom Proctor ba9d1b6fbf
Couchbase database plugin documentation (#9764) 2020-08-18 15:57:18 +01:00
Clint 4d00aca0d8
Move CHANGELOG entry for #9606 to 1.4.4 (#9741)
Moving the CL entry for #9606 to the `v1.4.4` section. It's implied that anything in 1.n is also in 1.n+1
2020-08-18 08:25:46 -05:00
Lauren Voswinkel b2a106a931
Add a section to the MySQL secrets plugin docs about x509 (#9757) 2020-08-17 16:29:51 -07:00
arnis fd6e0eb543
Update documentation for MySQL Secrets Engine (#9671)
* Update documentation for MySQL Secrets Engine

Update documentation for MySQL Database Secrets Engine to reflect changes introduced with https://github.com/hashicorp/vault/pull/9181

* Empty Commit to re-trigger tests

Co-authored-by: Lauren Voswinkel <lvoswinkel@hashicorp.com>
2020-08-17 15:30:33 -07:00
arnis 4deacf2b50
Conditionally overwrite TLS parameters for MySQL secrets engine (#9729)
* Conditionally overwrite TLS parameters in MySQL DSN

Overwrite MySQL TLS configuration in MySQL DSN only if have `tls_ca` or `tls_certificate_key` set
Current logic always overwrites it

* Add test for MySQL DSN with a valid TLS parameter in query string
2020-08-17 15:30:15 -07:00
Michael Golowka edc40a1767
Correctly mark Cassandra as not supporting static roles (#9750) 2020-08-17 14:36:32 -06:00
Lauren Voswinkel d32817b949 changelog++ 2020-08-17 11:44:46 -07:00
Artem Alexandrov 301ea4c0f0
pki: Allow to use not only one variable during templating in allowed_domains #8509 (#9498) 2020-08-17 11:37:00 -07:00
Jason O'Donnell e3fcb4c5b9
agent/templates: update consul-template to v0.25.1 (#9626) 2020-08-17 11:31:48 -07:00
Theron Voran f0f576f5bf
Restoring the example policies for blocking sha1 (#9677)
(In the transit api-docs)
2020-08-17 10:30:06 -07:00
ncabatoff 922dddf2c6
changelog++ 2020-08-17 13:17:06 -04:00