Commit graph

13067 commits

Author SHA1 Message Date
Mark Gritter fd55aa8378
Implement sys/seal-status and sys/leader in system backend (#10725)
* Implement sys/seal-status and sys/leader as normal API calls
(so that they can be used in namespaces.)
* Added changelog.
2021-01-20 14:04:24 -06:00
Meggie 9a5920ba7a
changelog++
Broken link
2021-01-20 15:03:03 -05:00
Josh Black 2cc9e2d914
Update to go 1.15.7 (#10730)
* Update to go 1.15.6

* Just kidding, how about 1.15.7

* And the associated CI config

* Add changelog and update go version in more places
2021-01-20 11:02:33 -08:00
Chelsea Shaw 8d8577c60e
UI: Temporarily skip flaky tests on test-ui (#10728)
* Skip secrets/pki/list?tab=certs

* Skip redirect_to acceptance test

* Skip access/identity/entities/create acceptance test

* Skip settings/configure/secrets/pki/cert
2021-01-20 10:03:29 -06:00
Nick Cabatoff b93c5ff304
Spell out how to configure credentials for GCS. (#10589) 2021-01-20 09:09:23 -05:00
Nick Cabatoff 8cbc63d572
Add configuration to specify a TLS ServerName to use in the TLS handshake when performing a raft join. (#10698) 2021-01-19 17:54:28 -05:00
Nick Cabatoff c2bdeb9e7d
Minimal change to ensure that the bulky leaseEntry isn't kept in memory. (#10726) 2021-01-19 17:51:41 -05:00
Hridoy Roy 0becd555cf
Protect part of emitMetrics from panic behavior during post-seal (#10708)
* vault/core_metrics.go

* changelog

* comments
2021-01-19 14:06:50 -08:00
Hridoy Roy 0e3bddf295
Revert "allow create to create transit keys (#10706)" (#10724)
This reverts commit 4144ee0d3da10fbfef4d081aa72529f2e513f8e2.
2021-01-19 11:49:57 -08:00
Gunjan 4900283ad5
Fix: handle max_request_size<=0 (#10072)
* Fix: handle max_request_size<=0

Signed-off-by: guacamole <gunjanwalecha@gmail.com>

* created test cases for listener

Signed-off-by: guacamole <gunjanwalecha@gmail.com>

* added test case for negative value of MaxRequestSize

Signed-off-by: guacamole <gunjanwalecha@gmail.com>

Co-authored-by: Hridoy Roy <roy@hashicorp.com>
2021-01-19 11:28:28 -08:00
Nick Cabatoff ffe301a5df
Don't list certs if we were told which cert to use. (#10616) 2021-01-19 08:39:59 -05:00
Jeff Escalante 5e60bd9677
add vercel config (#10707) 2021-01-15 15:44:28 -05:00
Jeff Escalante f48841c6ea
Docs: prepare for vercel hosting move (#10598)
* prepare for move to vercel hosting

* update readme

* add back netlify files for hosting transition
2021-01-15 15:29:22 -05:00
Hridoy Roy e8164ad09a
allow create to create transit keys (#10706)
* allow create to create transit keys

* changelog
2021-01-15 12:20:32 -08:00
Nick Cabatoff 792ea778dc
Use 1.15.4 in CI and Dockerfile. (#10587) 2021-01-15 12:39:33 -05:00
Chelsea Shaw 5ec08a469a
UI: refactor flaky test (#10697)
* refactor flaky test

* Replace is-present with dom assertions

* Skip test for now
2021-01-14 14:26:01 -06:00
Mike Wickett b4d0403ef1
website: update alert banner for HCP Vault public beta (#10699) 2021-01-14 14:03:41 -05:00
Brandon Romano 339b8d62c2
Website StackMenu updates for 1/14 (#10690) 2021-01-14 09:19:09 -08:00
Lauren Voswinkel 1ec64fd010
Update Snowflake docs (#10691)
* Update Snowflake docs

Snowflake docs had an issue, `DEFAULT ROLE` should be `DEFAULT_ROLE`

* Update docs to show an actual username
2021-01-13 14:59:16 -08:00
Michael Golowka 6bf38198fd
Remove duplicate funcs, add timestamp with format (#10686) 2021-01-13 10:49:17 -07:00
Calvin Leung Huang eaaa2421a9
changelog: add PR 10131 to the changelog (#10688) 2021-01-12 18:24:04 -08:00
Eugene R 331529fc94
Aerospike storage backend (#10131)
* add an Aerospike storage backend

* go mod vendor

* add Aerospike storage configuration docs

* review fixes

* bump aerospike client to v3.1.1

* rename the defaultHostname variable

* relocate the docs page
2021-01-12 15:26:07 -08:00
Chelsea Shaw 5a05a1b39f
UI: Fix shape of response anticipated from feature-flags endpoint (#10684)
* Fix shape of response anticipated from feature-flags endpoint

* Add changelog
2021-01-11 14:44:52 -06:00
Mike Wickett d72c4d5235
website: add alert banner to promote webinar (#10683) 2021-01-11 11:17:03 -05:00
Hridoy Roy f6bdda8c9c
add variable entropy readers to cert gen helpers [VAULT-1179] (#10653)
* move entropy augmentation in cert gen to oss

* changelog

* go mod vendor

* updated helpers to allow custom entropy

* comments

* comments
2021-01-08 09:48:27 -08:00
Scott Miller 77d27cb968
Add NIST guidance on rotating keys used for AES-GCM encryption (#10612)
* Add NIST guidance on rotating keys used for AES-GCM encryption

* Capture more places barrier encryption is used

* spacing issue

* Probabilistically track an estimated encryption count by key term

* Un-reorder imports

* wip

* get rid of sampling
2021-01-07 15:37:37 -06:00
Theron Voran c788e98a16
Adding documentation for multiple vault-k8s replicas (#10659)
Describes the setup and config for using multiple injector replicas
with auto and manual TLS.

Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com>
2021-01-07 12:22:21 -08:00
Chelsea Shaw 70d3185d3a
UI/managed namespace changes (#10588)
* Redirect to url with namespace param if user logged into root namespace without permission

* Feature flag service for managing flags

* Redirect with namespace query param if no current namespace param AND managed root namespace set

* Test coverage for managed namespace changes

* Handle null body case on feature-flag response, add pretender route for feature-flags on shamir test
2021-01-07 14:18:36 -06:00
Zachary Shilton 6ed50b5df9
Move code highlighting to build time (#10614)
* Bump react-scripts to v14
* Pull in latest dependencies
* Replace text-and-content on home page
* WIP replace text-and-content on use case pages
* Finish removing text-and-content from use-case pages
* Remove text-and-content completely
* Add logo-grid dep, fix style import
* Remove unneeded indirect deps
2021-01-07 14:40:35 -05:00
Scott Miller c3e0d06216
Make the error response to the sys/internal/ui/mounts with no client token consistent (#10650)
* Make the error response to the sys/internal/ui/mounts with no client token consistent

* changelog

* Don't test against an empty mount path

* One other spot

* Instead, do all token checks first and early out before even looking for the mount
2021-01-07 11:46:08 -06:00
Lauren Voswinkel 7189a67a33
Adding snowflake as a bundled database secrets plugin (#10603)
* Adding snowflake as a bundled database secrets plugin

* Add snowflake-database-plugin to expected bundled plugins

* Add snowflake plugin name to the mockBuiltinRegistry
2021-01-07 09:30:24 -08:00
Mark Gritter d076d95d37
Feature flags API (#10613)
* Added sys/internal/ui/feature-flags endpoint.
* Added documentation for new API endpoint.
* Added integration test.
Co-authored-by: swayne275 <swayne@hashicorp.com>
2021-01-06 16:05:00 -06:00
Angel Garbarino ad42d8f6ec
Bug: Fix namespace test (#10662)
* cannot do full refresh of page, so set the current URL instead of using the toggle

* add comment remove pauseTest

* remove

* check for namespace in toggle
2021-01-06 14:33:43 -07:00
Jim Kalafut 9064097c5d
Make example Okta creds more obviously fake (#10639) 2021-01-06 10:05:23 -08:00
Lauren Voswinkel ce90acd68d
Add Snowflake docs to the website (#10617)
* Add snowflake docs to the website

* Update navs

* Add Snowflake to the DB Capabilities table
2021-01-05 14:44:28 -08:00
Jason O'Donnell abfb92173c
docs: update Vault Helm to 0.9.0 (#10656)
* docs: update vault-helm for 0.9.0

* Fix typo in leaderElector config

* Add default value to ttl

* Update website/content/docs/platform/k8s/helm/configuration.mdx

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

* Update website/content/docs/platform/k8s/helm/configuration.mdx

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

* Update website/content/docs/platform/k8s/helm/configuration.mdx

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

* Add affinity default for injector

* Update website/content/docs/platform/k8s/helm/configuration.mdx

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>
2021-01-05 16:46:20 -05:00
Scott Miller 9f150de08f
Fix ip disclosure (#10649)
* removing extra information from the returned error, to avoid leaking it to unauthenticated requests

* removing extra information from the returned error, to avoid leaking it to unauthenticated requests

* Changelog entry for #10516

* Change the error message in a way that is retains the HTTP status code

* Change changelog file num

* And right back where we started...

Co-authored-by: bruj0 <ramakandra@gmail.com>
2021-01-05 15:32:47 -06:00
Angel Garbarino fd8250adf9
Bug: switching between namespaces using the namespace-link caused the model not to refresh (#10572)
* fix issue with model not reloading on href-to previously tried to fix after upgrade.

* replace with normalizednamepsace and setup for testing

* add the same functionality to the switch namespace link

* meep, wrong branch

* wow it's friday, correct branch

* add changelog for upgrade, didn't do earlier.

* another friday move

* correct change to changelog for ember upgrade

* remove and make another pr

* remove href-to dep and add comment
2021-01-04 14:26:26 -07:00
Michael Golowka 075048ad27
Fix compilation of MySQL & Redshift plugins (#10640) 2021-01-04 13:44:11 -07:00
Angel Garbarino feca115ef4
Bug: Fix issue with double encoding on space in secret history route (#10596)
* setup for concept it works, but probably not the best solution

* add comment and remove console and test var

* use normalize path higher up to fix issu

* add test for bug that fixing

* forgot a couple of changes

* changelog
2021-01-04 09:32:52 -07:00
Nick Cabatoff 05f1a429a8
Add changelog for #1663. (#10635) 2021-01-04 11:08:39 -05:00
Nick Cabatoff 5c446d9d53
Clarify which seal/recovery config we mean. (#10634) 2021-01-04 10:31:36 -05:00
Nick Cabatoff e856174d15
Fix test for expiring root tokens creating non-expiring root tokens (#10632)
Test was failing (once we specified the expected error to check) because when we create a token via the TokenStore, without registering the lease in the expiration manager, lookupInternal will see that there is an expiring token with no lease and delete it immediately, yielding the "no parent found" error.
2021-01-04 09:48:22 -05:00
Nick Cabatoff 69e68c4d0d
Document constraints re primary vs secondary clusters. (#10527) 2021-01-04 08:35:17 -05:00
Jace Tan 74cadeb8e5
Fix typo in usage description of operator init -status flag (#10618)
This commit fixes a typo in the operator init -status flag's usage
description and aligns it with that found on https://www.vaultproject.io/docs/commands/operator/init#status.
2020-12-23 13:12:44 -07:00
Nick Cabatoff d2096b251d
Add log gathering to debug command. (#10609) 2020-12-22 15:15:24 -05:00
Scott Miller 2eafeee15f
Avoid disclosing IP addresses in unauthenticated requests (#10579)
* removing extra information from the returned error, to avoid leaking it to unauthenticated requests

* removing extra information from the returned error, to avoid leaking it to unauthenticated requests

* Change the error message in a way that is retains the HTTP status code

Co-authored-by: bruj0 <ramakandra@gmail.com>
2020-12-22 10:30:03 -06:00
Nick Cabatoff ea36810d97
Add changelog for ent #1659. (#10600) 2020-12-18 15:06:54 -05:00
swayne275 a961bdc318
Fix setting Activity Log enable flag through the API (#10594)
* fix setting enable, update tests

* improve wording

* fix typo - left the testing enabled set in originally

* improve warning handling

* move from nested if to switch - TIL
2020-12-18 11:20:32 -07:00
Angel Garbarino f6ad6e47aa
add to changelog (#10601) 2020-12-18 10:26:08 -07:00