Commit graph

16670 commits

Author SHA1 Message Date
Robert a595dbd072
secrets/terraform: update plugin version (#19059) 2023-02-07 20:04:03 -06:00
Jordan Reimer 65c0f39282
updates k8s changelog entry to feature format (#19062) 2023-02-07 23:38:39 +00:00
John-Michael Faircloth 85438435c4
fix: upgrade vault-plugin-auth-kerberos to v0.9.0 (#19060) 2023-02-07 17:07:09 -06:00
Meggie e286654a84
changelog++
The 1.13 preview
2023-02-07 17:40:39 -05:00
Max Coulombe f28e973a7d
fix: upgrade vault-plugin-database-elasticsearch to v0.13.0 (#19050) 2023-02-07 17:11:44 -05:00
Jordan Reimer 4371face65
Wrapped token login bug (#19036)
* fixes issue logging in with wrapped_token via logout route when not logged in

* adds changelog entry

* fixes cluster route mixin test
2023-02-07 14:22:22 -07:00
Max Coulombe 788c4aff67
fix: upgrade vault-plugin-auth-gcp to v0.15.0 (#19049) 2023-02-07 16:12:32 -05:00
Max Coulombe 3bce13e5fc
upgrade vault-plugin-database-redis-elasticache to v0.2.0 (#19044)
* fix: upgrade vault-plugin-database-redis-elasticache to v0.2.0

* + added cahngelog
2023-02-07 16:11:52 -05:00
Alexander Scheel 06e950b40e
Fix documentation on CRL fixed version (#19046)
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2023-02-07 20:51:03 +00:00
claire bontempo aef0296472
UI: add error-handling and validation to pki cross-signing (#19022)
* return signed ca_chain if request fails, check for existing issuer name

* update docs

* add error border class to input
2023-02-07 12:09:17 -08:00
Meggie 8fd9c9df0d
changelog++ 2023-02-07 14:59:54 -05:00
akshya96 6b96bd639c
adding emit duration for telemetry (#19027) 2023-02-07 11:26:38 -08:00
Alexander Scheel 3f8aaedc2a
Add suggested root rotation procedure (#19033)
* Add suggested root rotation procedure

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Clarify docs heading

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

---------

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2023-02-07 13:51:33 -05:00
Max Coulombe 5e91770d51
fix: upgrade vault-plugin-secrets-gcp to v0.15.0 (#19018)
* upgrade vault-plugin-secrets-gcp to v0.15.0
2023-02-07 13:46:07 -05:00
Angel Garbarino 03ae8d54a4
remove duplicate adapter methods (#19038) 2023-02-07 18:27:44 +00:00
Alexander Scheel 9130a786bb
Document pki cross cluster behavior (#19031)
* Add documentation on cross-cluster CRLs

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add missing revocation queue safety buffer

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

---------

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2023-02-07 11:11:33 -05:00
Angel Garbarino 4e160284b3
Add updateRecord to role adapter (#18993)
* add updateRecord to role adapter to correctly handle the query when the the is not new.

* wip

* update and cancel test

* clean up

* wip

* final

* clean up

* split test in two

* clean up
2023-02-07 08:53:40 -07:00
kpcraig 5d1869d6fe
fix: upgrade vault-plugin-database-snowflake to v0.7.0 (#18985) 2023-02-07 10:24:46 -05:00
Max Winslow 54a4b9c4d3
docs: Typo (#18541) 2023-02-07 11:35:41 +00:00
miagilepner c49d180bc8
VAULT-13169 Require go docs for all new test functions (#18971)
* example for checking go doc tests

* add analyzer test and action

* get metadata step

* install revgrep

* fix for ci

* add revgrep to go.mod

* clarify how analysistest works
2023-02-07 10:41:04 +01:00
Bryce Kalow f33e779d5d
update learn links to point to developer locations (#19026) 2023-02-06 20:34:51 -08:00
Scott Miller 78aaa3ca92
Add a note that multi-cluster ENT setups can avoid this risk (#19024)
* wip

* all-seals

* typo

* add note about unreplicated items

* italics

* word-smithing
2023-02-06 19:25:14 -06:00
John-Michael Faircloth d0bf019be5
fix: upgrade vault-plugin-secrets-mongodbatlas to v0.9.0 (#19012) 2023-02-06 16:54:18 -06:00
Scott Miller acee981753
Remove accidental addition of a hackweek file (#19016) 2023-02-06 16:45:55 -06:00
Theron Voran 4278ed606c
docs/vault-k8s: 1.2.0 release updates (#19010) 2023-02-06 22:35:12 +00:00
Scott Miller b43e4fbd9c
Add a stronger warning about the usage of recovery keys (#19011)
* Add a stronger warning about the usage of recovery keys

* Update website/content/docs/concepts/seal.mdx

Co-authored-by: Nick Cabatoff <ncabatoff@hashicorp.com>

* Keep the mitigation text in the warning box

---------

Co-authored-by: Nick Cabatoff <ncabatoff@hashicorp.com>
2023-02-06 16:23:05 -06:00
John-Michael Faircloth aacaddc3c4
fix: upgrade vault-plugin-auth-alicloud to v0.14.0 (#19005)
* fix: upgrade vault-plugin-auth-alicloud to v0.14.0

* add changelog
2023-02-06 16:15:26 -06:00
Mike Baum 225fbb78d2
[QT-304] Ensure Chrome is only installed for vault-enterprise UI Test workflows (#19003) 2023-02-06 16:29:33 -05:00
Kyle Schochenmaier e5af4d34c1
update annotation docs for agent telemetry stanza (#18681)
* update annotation docs for telemetry stanza
Co-authored-by: Kendall Strautman <36613477+kendallstrautman@users.noreply.github.com>
2023-02-06 13:47:50 -06:00
Kianna 809757ac69
VAULT-13192 only validate form on submit instead of onChange (#19004) 2023-02-06 10:10:23 -08:00
miagilepner e873932bce
VAULT-8436 remove <-time.After statements in for loops (#18818)
* replace time.After with ticker in loops

* add semgrep rule

* update to use timers

* remove stop
2023-02-06 17:49:01 +01:00
Nick Cabatoff 53afd2627b
Make API not depend on SDK (#18962) 2023-02-06 09:41:56 -05:00
miagilepner 9d09dba7ac
VAULT-13061: Fix mount path discrepancy in activity log (#18916)
* use single function to convert mount accessor to mount path

* add changelog

* more context and comments for the tests
2023-02-06 10:26:32 +01:00
Matt Schultz 6bfebc3ce3
Transit Managed Keys Documentation (#18994)
* Document 'managed_key' key type for transit. Document new 'usages' parameter when creating a managed key in the system backend.

* Document new managed key parameters for transit managed key rotation.
2023-02-03 18:49:02 -06:00
Ben Ash e87e4f01d7
fix: upgrade vault-plugin-database-couchbase to v0.9.0 (#18999) 2023-02-03 23:17:44 +00:00
Jordan Reimer 9dc187ef5b
removes hardcoded pki mount path conditional (#18998) 2023-02-03 15:49:46 -07:00
John-Michael Faircloth 14e4d67026
test/plugin: refactor compilePlugin for reuse (#18952)
* test/plugin: refactor compilePlugin for reuse

- move compilePlugin to helper package
- make NewTestCluster use compilePlugin

* do not overwrite plugin directory in CoreConfig if set

* fix getting plugin directory path for go build
2023-02-03 16:27:11 -06:00
Alexander Scheel 660979d58b
Document Cross-Cluster CRLs/OCSP for Vault Enterprise (#18970)
* Add documentation on fetching unified CRLs

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add documentation on unified OCSP

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Clarify that OCSP requests need to be URL encoded

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Document new CRL config parameters

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Clarify notes about cross-cluster options

Co-authored-by: Steven Clark <steven.clark@hashicorp.com>
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

---------

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
Co-authored-by: Steven Clark <steven.clark@hashicorp.com>
2023-02-03 16:30:23 -05:00
Christopher Swenson 5864075c30
Add events sending routed from plugins (#18834)
This isn't perfect for sure, but it's solidifying and becoming a useful
base to work off.

This routes events sent from auth and secrets plugins to the main
`EventBus` in the Vault Core. Events sent from plugins are automatically
tagged with the namespace and plugin information associated with them.
2023-02-03 13:24:16 -08:00
Christopher Swenson dfdeca7b5d
docs: Remove XKS proxy TLS setup note (#18988)
The TLS settings should not need to be modified as xks-proxy should
generate the certificate and key itself for listening.
2023-02-03 13:22:04 -08:00
claire bontempo 4426372f27
UI: add issuerRef getter in case issuer is nameless (#18968)
* add issuerRef getter in case issuer is nameless

* declare as getter

* remove changes to test, oops!
2023-02-03 13:07:59 -08:00
Alexander Scheel cb2f6ff7fe
Add docs on cross-cluster listing endpoints (#18987)
* Add docs on cross-cluster listing endpoints

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Update website/content/api-docs/secret/pki.mdx

Co-authored-by: Steven Clark <steven.clark@hashicorp.com>

---------

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
Co-authored-by: Steven Clark <steven.clark@hashicorp.com>
2023-02-03 20:01:10 +00:00
Alexander Scheel 8b331fa769
Add notes on cross cluster CRLs (#18986)
* Group CRL related sections

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Fix casing

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add notes about cluster size and revocation

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Apply suggestions from code review

Thanks Yoko!

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>

---------

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>
2023-02-03 19:51:30 +00:00
Steven Clark 9e9d5d5645
Use the unified CRL on local CRL paths if UnifiedCRLOnExistingPaths is set (#18989)
* Use the unified CRL on legacy CRL paths if UnifiedCRLOnExistingPaths is set

 - If the crl configuration option unified_crl_on_existing_paths is set
   to true along with the unified_crl feature, provide the unified crl
   on the existing CRL paths.
 - Added some test helpers to help debugging, they are being used by
   the ENT test that validates this feature.

* Rename method to shouldLocalPathsUseUnified
2023-02-03 14:38:36 -05:00
Alexander Scheel fcb24ad8bc
Add support for missing attributes in PKI UI (#18953)
* Add additional OIDs for extKeyUsage

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Allow ignoring AIA info on issuers

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Tell users which extension OIDs are not allowed

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add commentary on cross-signing failure modes

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add parsing of keyUsage

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Remove ext_key_usage parsing - doesn't exist on API

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add support for parsing ip_sans attribute

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Use Uint8Array directly for key_usage parsing

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add error on unknown key usage values

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Fix typing of IPv6 SANs, verficiation of keyUsages

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Correctly format ip addresses

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* add ip_sans to details page

* fix typo

* update tests

* alphabetize attrs

* hold off on ip compression

* rename model attrs

* parse other_names

* is that illegal

* add parenthesis to labels

* update tests to account for other_sans

---------

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
Co-authored-by: clairebontempo@gmail.com <clairebontempo@gmail.com>
Co-authored-by: claire bontempo <68122737+hellobontempo@users.noreply.github.com>
2023-02-03 11:36:02 -08:00
Alexander Scheel 1a2eef482d
Add docs on cross cluster tidy operations (#18979)
* List tidy parameters in one place

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add new tidy status outputs

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add docs on new tidy parameters

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

---------

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2023-02-03 14:27:18 -05:00
Kianna 98c521c12c
UI: VAULT-13136 Update textfile to use native ember Textarea (#18990)
* VAULT-13136 Update use native ember Textarea instead of html textarea to avoid bugs!

* Add on change to Textarea

* Change back to on input
2023-02-03 11:10:32 -08:00
Rowan Smith 6c53845db9
docs allow_forwarding_via_token syntax update (#18956)
* allow_forwarding_via_token syntax update

the example syntax used for `allow_forwarding_via_token` marks the option as an array when it does not need to be, this updates the format on the page to be a code block and removes the square braces

* another update to `allow_forwarding_via_token` syntax
2023-02-03 10:58:19 -08:00
Jordan Reimer 8edfb21521
OpenAPI attributes not populating on pki/role model (#18980)
* fixes issue populating pki/role model with openAPI attributes

* adds missing service injections formerly inherited from parent class
2023-02-03 11:42:41 -07:00
Sascha Marcel Schmidt 544f07de66
docs: Change default value for ha_enabled to false (#18983)
see: https://github.com/hashicorp/vault/blob/main/physical/mysql/mysql.go#L132
2023-02-03 18:20:14 +00:00