Commit graph

10938 commits

Author SHA1 Message Date
Michael Gaffney aac9f87a73
Exit ScanView if context has been cancelled (#7419) 2019-09-04 09:18:19 -04:00
Aaron Bennett 9994307c6c update dependencies (#7390) 2019-09-03 16:08:50 -04:00
Matthew Irish a237d66213
fix typo (#7394) 2019-09-03 14:15:57 -05:00
Jim Kalafut 7919bfb3de
Fix sidebar order (#7409) 2019-09-03 09:32:44 -07:00
ncabatoff ed147b7ae7
Make clusterListener an atomic.Value to avoid races with getGRPCDialer. (#7408) 2019-09-03 11:59:56 -04:00
Jeff Malnick 8fdb5f62c4
feat: bump vault-plugin-auth-kubernetes to pick up support for projected tokens feature (#7386) 2019-08-30 11:53:06 -07:00
Calvin Leung Huang bcb0109e26
http/raft: fix JoinRequest.LeaderCACert json tag (#7393) 2019-08-29 14:37:01 -07:00
Yoko 17ea1fb294
Fixed typo - --> _ (#7391) 2019-08-29 12:44:31 -07:00
Noelle Daley d52d324df4
Ui/fix component story generators (#7377)
* remove ember-cli-valid-component-name since we no longer need it

* component names no longer need to contain a hyphen

* remove Husky from README since we no longer use it

* update Storybook example

* update JSDoc examples and fix params table header
2019-08-28 14:47:43 -07:00
Noelle Daley 716f25162a
Ui/redesign delete confirmation (#7271)
* add initial Confirm component to secrets list page

* use ember-wormholes to render confirmation message

* use maybe-in-element instead of ember-wormhole

* hide overlay initially

* animate confirm overlay left and right on click

* hide overlay in the DOM to properly set height

* adjust height when showing/hiding confirm-overlay

* disable confirmation buttons until trigger has been rendered

* adjust height of confirm-wrapper instead of confirm

* move Confirm/ to core

* only add style attribute when a height property exists

* fix indentation

* wip - use new Confirm inside status menu

* add Confirm to Storybook

* ensure confirm links have proper styling in Storybook and outside popup-menu

* fix height transition

* disable no-inline-styles

* add test selector

* remove comment

* consolidate Message into Trigger to make Confirm easier to use

* use new Trigger API in status menu

* remove height transition

* fix binding inline style warning

* rename confirmMessage to message

* update Confirm for Storybook

* fix indentation

* do not pass in onCancel from outer template because it is static

* add jsdoc comments to Trigger

* wip - add trigger and confirm to storybook

* fix status menu styling

* fix styling of confirm stories

* use new Confirm on secrets engine list

* use bulma speed variable

* fix indentation

* re-renable eslint no-inline-styles

* showConfirm when rendered trigger matches id

* fix background color on namespace picker

* do not expose onTrigger

* Revert "re-renable eslint no-inline-styles"

This reverts commit c7b2a9097f177a2876afaaec6020f73b07bad3c7.

* rename Confirm Trigger to Message

* add tests

* update JSDocs

* focus trigger after cancelling the confirm message

* update Confirm JSDocs

* differentiate between ConfirmAction and Confirm

* add Message to Storybook

* re-enable eslint import/extensions

* update confirmButtonText to Revoke token

* remove linebreak and extra whitespace

* fix typo

* add loading to empty button

* fix more typos

* only show Message contents when showConfirm is true

* no need to disable the confirm buttons since they only render in the DOM when showConfirm is true

* use Confirm to delete aws roles

* use Confirm to delete pki roles

* use Confirm to delete ssh roles

* add Confirm to entity alias page

* fix confirm button text on Revoke token in status menu

* ensure you can use tab to revoke a token from status menu

* reset the open trigger after the confirm has been confirmed

* use Confirm on identity list pages

* fix Disable engine confirmation text

* use <PopupMenu /> angle brack syntax

* use Confirm on policies list page

* use Confirm for namespaces

* use Confirm for kmip scopes

* use Confirm for deleting kmip roles

* use Confirm for revoking KMIP credentials

* fix Revoke token triggerText
2019-08-27 15:50:53 -07:00
Calvin Leung Huang 3a81e41983
salt: fix DidGenerate docstring (#7372) 2019-08-27 14:41:23 -07:00
Noelle Daley f1c1d47b34 fix ciphertext typo (#7366) 2019-08-26 19:40:00 -04:00
Jeff Mitchell 0d39d0507a Update api 2019-08-26 15:49:51 -04:00
Jeff Mitchell faa4f6bb77 Bump retryablehttp again 2019-08-26 15:39:27 -04:00
Jeff Mitchell be5a2bde22 Bump go-retryablehttp version 2019-08-26 14:44:03 -04:00
Becca Petrin 98491079b5
Update CHANGELOG.md 2019-08-26 09:58:49 -07:00
Becca Petrin 9c498f2f4c
Update CHANGELOG.md 2019-08-26 09:58:13 -07:00
Becca Petrin 64ecf46fb6
rename pcf to cf maintaining backwards compat (#7346) 2019-08-26 09:55:08 -07:00
Jeff Mitchell 9816963355
Move SudoPrivilege out of SystemView (#7266)
* Move SudoPrivilege out of SystemView

We only use this in token store and it literally doesn't work anything
that isn't the token store or system mount, so we should stop exposing
something that doesn't work.

* Reconcile extended system view with sdk/logical a bit and put an explanation for why SudoPrivilege isn't moved over
2019-08-26 10:23:46 -04:00
ncabatoff 366add2979
Generalization of the PhysicalFactory notion introduced by Raft (#7217)
Generalization of the PhysicalFactory notion introduced by Raft, so it can be used by other storage backends in tests.  These are the OSS changes needed for my rework of the ent integ tests and cluster helpers.
2019-08-23 15:51:25 -04:00
ncabatoff ec2a1a11a6
Make -dev-four-cluster an ent-only option and remove ent-specific testhelpers (#7215) 2019-08-23 11:53:18 -04:00
Matthew Irish d9894e5505
changelog++ 2019-08-22 16:45:07 -05:00
Matthew Irish ca80c9fa79
fix namespace picker so that it always expands into an object when co… (#7333)
* fix namespace picker so that it always expands into an object when constructing a tree

* sort namespaces lexicographically

* fix linting
2019-08-22 14:00:53 -05:00
Matthew Irish 9147ae64bc
Ui search select fix (#7338)
* update to latest ember-power-select-with-create

* guard against options and model not being defined

* add test for select with no options
2019-08-22 13:57:02 -05:00
Becca Petrin efba500548
describe API calls made by the cf client (#7351) 2019-08-22 11:53:27 -07:00
Jason O'Donnell a23f7e71b6
docs: update vault helm doc (#7348)
* docs: update vault helm doc

* Update wording per review
2019-08-22 13:09:22 -04:00
Jeff Mitchell 21ccbdeffe Update vendor folder 2019-08-22 11:07:25 -04:00
Jeff Malnick ba4fbd4df8
Allow setting file mode on vault agent sink file (#7275)
* feat: enable setting mode on vault agent sink file

* doc: update vault agent file sink with mode configuration
2019-08-21 20:41:55 -07:00
Jim Kalafut e330c72be6
changelog++ 2019-08-21 12:25:52 -07:00
mhobbs-ibm cd2356fe7c plugging file descriptor leak in couchdb backend (#7345) 2019-08-21 12:23:20 -07:00
Michael Gaffney 9da6460f4d
Add docs for Vault Agent Auto-auth Certificate Method (#7344)
Closes #7343
2019-08-21 10:34:26 -04:00
Michael Gaffney b1d249a42b
changelog - add missing 1.2 improvement 2019-08-21 10:13:13 -04:00
Chris Hoffman f6a58fc812
changelog++ 2019-08-20 18:14:53 -04:00
Tommy Murphy fc3f1896ad telemetry: add stackdriver metrics sink (#6957)
* telemetry: add stackdriver metrics sink

* telemetry: stackdriver go mod tidy
2019-08-20 14:47:08 -07:00
Joel Thompson ac18a44fae secret/aws: Pass policy ARNs to AssumedRole and FederationToken roles (#6789)
* secret/aws: Pass policy ARNs to AssumedRole and FederationToken roles

AWS now allows you to pass policy ARNs as well as, and in addition to,
policy documents for AssumeRole and GetFederationToken (see
https://aws.amazon.com/about-aws/whats-new/2019/05/session-permissions/).
Vault already collects policy ARNs for iam_user credential types; now it
will allow policy ARNs for assumed_role and federation_token credential
types and plumb them through to the appropriate AWS calls.

This brings along a minor breaking change. Vault roles of the
federation_token credential type are now required to have either a
policy_document or a policy_arns specified. This was implicit
previously; a missing policy_document would result in a validation error
from the AWS SDK when retrieving credentials. However, it would still
allow creating a role that didn't have a policy_document specified and
then later specifying it, after which retrieving the AWS credentials
would work. Similar workflows in which the Vault role didn't have a
policy_document specified for some period of time, such as deleting the
policy_document and then later adding it back, would also have worked
previously but will now be broken.

The reason for this breaking change is because a credential_type of
federation_token without either a policy_document or policy_arns
specified will return credentials that have equivalent permissions to
the credentials the Vault server itself is using. This is quite
dangerous (e.g., it could allow Vault clients access to retrieve
credentials that could modify Vault's underlying storage) and so should
be discouraged. This scenario is still possible when passing in an
appropriate policy_document or policy_arns parameter, but clients should
be explicitly aware of what they are doing and opt in to it by passing
in the appropriate role parameters.

* Error out on dangerous federation token retrieval

The AWS secrets role code now disallows creation of a dangerous role
configuration; however, pre-existing roles could have existed that would
trigger this now-dangerous code path, so also adding a check for this
configuration at credential retrieval time.

* Run makefmt

* Fix tests

* Fix comments/docs
2019-08-20 12:34:41 -07:00
Matthew Irish 9182b0590a
ci install ui deps (#7340)
* don't ignore-optional on yarn install for the ui dep ci job

* update circle yaml
2019-08-20 10:22:55 -05:00
Noelle Daley 44e7bd040c
Update CHANGELOG.md 2019-08-19 14:41:07 -07:00
Noelle Daley 1e58c46ca9
Ui/dismiss status menu click (#7337)
* dismiss status menu on click instead of hover

* allow redirect on 204
2019-08-19 14:36:22 -07:00
Noelle Daley b11a2e3136
README: add command for building enterprise binary (#7336)
* README: add command for building enterprise binary

* README: add warning about built-in license
2019-08-19 14:21:05 -07:00
Matthew Irish 4a1013e915
Update ui dependencies (#7244)
* be more specific about node version, and specify a yarn version

* update ember, ember-cli, ember-data, ember-data-model-fragments

* use router handlers to access transition information

* fix shadowing of component helper

* update ivy-codemirror, ember-cli-inject-live-reload

* remove custom router service

* don't use transition.queryParams

* update ember-cli-deprecation-workflow

* refactor kv v1 to use 'path' instead of 'id' on creation

* fix auth-jwt-test and toolbar-link-test

* update ember composable helpers

* remove Ember.copy from test file

* no more deprecations in the workflow

* fix more secret tests

* fix remaining failed tests

* move select component to core because it's used by ttl-picker

* generate new model class for each test instead of reusing an existing one

* fix selectors on kmip tests

* refactor how control groups construct urls from the new transition objects

* add router service override back in, and have it be evented so that we can trigger router events on it

* move stories and markdown files to core if the component lives in core

* update ember-cli, ember-cli-babel, ember-auto-import

* update base64js, date-fns, deepmerge, codemirror, broccoli-asset-rev

* update linting rules

* fix test selectors

* update ember-api-actions, ember-concurrency, ember-load-initializers, escape-string-regexp, normalize.css, prettier-eslint-cli, jsdoc-to-markdown

* remove test-results dir

* update base64js, ember-cli-clipboard, ember-cli-sass, ember-cli-string-helpers, ember-cli-template-lint, ember-cli-uglify, ember-link-action

* fix linting

* run yarn install without restoring from cache

* refactor how tests are run and handle the vault server subprocess

* update makefile for new test task names

* update circle config to use the new yarn task

* fix writing the seal keys when starting the dev server

* remove optional deps from the lockfile

* don't ignore-optional on yarn install

* remove errant console.log

* update ember-basic-dropdown-hover, jsonlint, yargs-parser

* update ember-cli-flash

* add back optionalDeps

* update @babel/core@7.5.5, ember-basic-dropdown@1.1.3, eslint-plugin-ember@6.8.2

* update storybook to the latest release

* add a babel config with targets so that the ember babel plugin works properly

* update ember-resolver, move ember-cli-storybook to devDependencies

* revert normalize.css upgrade

* silence fetchadapter warning for now

* exclude 3rd party array helper now that ember includes one

* fix switch and entity lookup styling

* only add -root suffix if it's not in versions mode

* make sure drop always has an array on the aws role form

* fix labels like we did with the backport

* update eslintignore

* update the yarn version in the docker build file

* update eslint ignore
2019-08-19 15:45:39 -05:00
Jim Kalafut e4be09ead5
changelog++ 2019-08-19 11:57:36 -07:00
Jack Kleeman 1977305ffa Store less data in Cassandra prefix buckets (#7199)
* Store less data in Cassandra prefix buckets

The Cassandra physical backend relies on storing data for sys/foo/bar
under sys, sys/foo, and sys/foo/bar. This is necessary so that we
can list the sys bucket, get a list of all child keys, and then trim
this down to find child 'folders' eg food. Right now however, we store
the full value of every storage entry in all three buckets. This is
unnecessary as the value will only ever be read out in the leaf bucket
ie sys/foo/bar. We use the intermediary buckets simply for listing keys.

We have seen some issues around compaction where certain buckets,
particularly intermediary buckets that are exclusively for listing,
get really clogged up with data to the point of not being listable.
Buckets like sys/expire/id are huge, combining lease expiry data for
all auth methods, and need to be listed for vault to successfully
become leader. This PR tries to cut down on the amount of data stored
in intermediary buckets.

* Avoid goroutine leak by buffering results channel up to the bucket count
2019-08-19 11:50:00 -07:00
Jeff Mitchell 47024b4753 changelog++ 2019-08-19 12:33:13 -04:00
ncabatoff 8d4d6921ad
changelog++ 2019-08-19 09:21:39 -04:00
Vishal Nayak 9b878b0717 go fmt on aws path role files 2019-08-16 11:25:33 -04:00
Jim Kalafut 3ce3e40db7
Update role parameters in JWT API docs (#7328)
This is a temporary revert related to https://github.com/hashicorp/vault-plugin-auth-jwt/issues/66.
Once that change is in a released Vault, this docs change should be reverted back.
2019-08-16 08:09:15 -07:00
Jim Kalafut eaae12f782
changelog++ 2019-08-15 09:51:06 -07:00
Chris Hoffman 0a23fb8294
changelog++ 2019-08-15 10:32:43 -04:00
ncabatoff fb1dec0b98
changelog++ 2019-08-15 10:11:33 -04:00
ncabatoff fb225428ff
changelog++ 2019-08-15 10:07:43 -04:00