* Refactor TLS parsing
The ParsePEMBundle and ParsePKIJSON functions in the certutil package assumes
both a client certificate and a custom CA are specified. Cassandra needs to
allow for either a client certificate, a custom CA, or both. This revamps the
parsing of pem_json and pem_bundle to accomodate for any of these configurations
* initial setup
* initial validation setup for empty path object.
* removal console logs
* validation on keyup for kv
* in progress
* making some progress
* more progress
* closer
* done with create page now to fix edit page that I broke
* fix secret edit display on create
* test and final touches
* cleanup mountbackendform
* cleanup
* add changelog
* address pr comments
* address styling pr comment
* Displays Auth Method description on login page
* working on auth login form
* Keeps path name as LinkTo label adds description to paths
* removes commented and unused code
* removes trailing white space
* removes prettier package
* adds test for description
* removes extra white spaces
* adds changelog file
* build out lease count (not fully working), start lease list
* build out irrevocable lease list
* bookkeeping
* test irrevocable lease counts for API/CLI
* fix listIrrevocableLeases, test listIrrevocableLeases, cleanup
* test expiration API limit
* namespace tweaks, test force flag on lease list
* integration test leases/count API, plenty of fixes and improvements
* test lease list API, fixes and improvements
* test force flag for irrevocable lease list API
* i guess this wasn't saved on the last refactor...
* fixes and improvements found during my review
* better test error msg
* Update vault/logical_system_paths.go
Co-authored-by: Brian Kassouf <briankassouf@users.noreply.github.com>
* Update vault/logical_system_paths.go
Co-authored-by: Brian Kassouf <briankassouf@users.noreply.github.com>
* return warning with data if more than default leases to list without force flag
* make api doc more generalized
* list leases in general, not by mount point
* change force flag to include_large_results
* sort leases by LeaseID for consistent API response
* switch from bool flag for API limit to string value
* sort first by leaseID, then stable sort by expiration
* move some utils to be in oss and ent
* improve sort efficiency for API response
Co-authored-by: Brian Kassouf <briankassouf@users.noreply.github.com>
* Update cluster status partial to component
* Added changelog
* Close menu when link is clicked
* Upgraded to glimmer components
* Fixed indentations
Added back activeCluster
Updated changelog
* Styling for empty-state and splash-page
* Update shamir-flow language and trigger onError on non-400 error
* Add license terminated screen to unseal
* Add changelog
* hash tools from partial to component
* initial setup of tools random, but issue remaining with bytes
* rewrap
* unwrap
* final two partials
* fix issues with actions on tool wrap
* fix hash
* changelog
* address pr comments
* fix onClear
* trigger run
* triggering test suite
* initial setup, modify toolbar header
* footer buttons setup
* setup first delete version delete method
* clean up
* handle destory all versions
* handle undelete
* conditional for modal and undelete
* remove delete from version area
* modelForData in permissions
* setup for soft delete and modify adpater to allow DELETE in additon to POST
* dropdown for soft delete
* stuck
* handle all soft deletes
* conditional for destroy all versions
* remove old functionality from secret-version-menu
* glimmerize secret-version-menu
* Updated secret version menu and version history
* Updated icons and columns in version history
* create new component
* clean up
* glimmerize secret delete menu
* fix undelete
* Fixed radio labels in version delete menu
* handle v1 delete
* refining
* handle errors with flash messages
* add changelog
* fix test
* add to test
* amend test
* address PR comments
* whoopies
* add urlEncoding
Co-authored-by: Arnav Palnitkar <arnav@hashicorp.com>
* feat(aws): add ability to provide a sessionName to sts credentials
Co-authored-by: Brad Vernon <bvernon@nvidia.com>
Co-authored-by: Jim Kalafut <jim@kalafut.net>
Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com>
* Add support for templated values in SSH CA DefaultExtensions.
* Reworking the logic per feedback, adding basic test.
* Adding test, so we cover both default extension templating & ignoring default when user-provided extensions are present.
* Fixed up an unintentional extension handling defect, added test to cover the case.
* Refactor Default Extension tests into `enabled` and `disabled`.
* initial setup
* add delay and modify message
* test
* changing to different style because unable to interrupt the yield of authentication
* cleanup
* more consitency in messssage placement
* fix test
* clean up test notification
* clean up
* remove click
* changelog
* Update 11442.txt
* revert changes so a message is delayed by not calling yield
* amend test
* remove padding-bottom as no longer needed with reposition of message location
* Add MySQL DB Support
* Add other versions of MySQL to database options
* Save incoming root_credentials_rotate_statements as root_rotation_statements for display
* Handle errors correctly on database connection form for edit
* Add tests for mysql database
* Add UI feature changelog
* Updated code mirror component for consistency
- Hide gutters, line number and selection while read only
- Show toolbar with copy functionality for all instances
* Moved toolbar and actions to json editor component
* Updated form-field-from-model template
* Added test for toolbar
* Add an Int64 type
* Use the new Int64 type so that even 32 bit builds can specify max_operations above 2^31
* Missed a spot
* go mod vendor
* fix cast
* changelog
* Update unit test to ensure this works on both 32 and 64-bit archs
* Update Agent Auth with GCP to use new SignJWT endpoint
* use iamcredentials name instead of renaming the package on import
* add changelog
* Update changelog/11473.txt
Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>
Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>
* new font and add as font-family to be used in masked-input
* clean up logic
* refactor for displayOnly
* start cert masking
* work on certificates
* upload cert work
* fix global styling
* fix styling for class no longer used
* make mask by default and remove option
* glimmerize start and certificate on LDAP a file field
* glimmerize actions
* first part of glimmerizing text-file still need to do some clean up
* not doing awesome over here
* getting ready to un-glimmer
* unglimmerize
* remove placeholder based on conversations with design
* clean up text-file
* cleanup
* fix class bindings
* handle class binding
* set up for test
* fix elementId
* track down index
* update masked-input test
* add more to the masked-input test
* test-file test
* fix broken test
* clear old style
* clean up
* remove pgp key masked font, this really needs to be refactored to text-file component
* changelog
* cover other certificate view
* add allowCopy
* address some pr styling comments
* improve test coverage
* fix some issues
* add attr.options.masked
* Add support for unauthenticated pprof access on a per-listener basis, as we do for metrics.
* Add missing pprof sub-targets like 'allocs' and 'block'. Capture the goroutine subtarget a second time in text form. This is mostly a convenience, but also I think the pprof format might be a bit lossy?
* Update default form values for kv
* Group kv version option in 'Method Options' group
* Fix tests, explicitly set if select input does not have default
* Handle array of objects from adapterError.errors in MessageError component
* Add changelog
Remove template_retry config section. Add new vault.retry section which only has num_retries field; if num_retries is 0 or absent, default it to 12 for backwards compat with pre-1.7 template retrying. Setting num_retries=-1 disables retries.
Configured retries are used for both templating and api proxy, though if template requests go through proxy (currently requires persistence enabled) we'll only configure retries for the latter to avoid duplicate retrying. Though there is some duplicate retrying already because whenever the template server does a retry when not going through the proxy, the Vault client it uses allows for 2 behind-the-scenes retries for some 400/500 http error codes.
* snapshot
* basic test
* update command and add documentation
* update help text
* typo
* add changelog for lease lookup command
* run go mod vendor
* remove tabs from help output
Adds the option of a write-through cache, backed by boltdb
Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>
Co-authored-by: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com>
Co-authored-by: Calvin Leung Huang <cleung2010@gmail.com>
* sketch out partial month activity log client API
* unit test partialMonthClientCount
* cleanup api
* add api doc, fix test, update api nomenclature to match existing
* cleanup
* add PR changelog file
* integration test for API
* report entities and tokens separately
* Replace deprecated terms in AWS Auth
This PR is part of an effort to remove non-inclusive language throughout
Vault. The AWS Auth backend uses the "whitelist" and "blacklist" term
extensively, and these are the focus of the PR:
* Add new API endpoints that use the preferred terminology, while
deprecating the old endpoints. These endpoints offer identical
functionality and are basically aliases. This is the only functional
change in the PR except for terms in error messages.
* Replace "whitelist" -> "access list", "blacklist" -> "deny list" in
variable names, comments, etc.
Note that storage locations were *not* changed at this time, as that is
a more complex process involving versioning that we may tackle in a future
revision. We have reduced the occurrences of non-inclusive language,
however.
Reviewers should be sure to "Ignore Whitespace" in diffs, especially for
the tests, which were basically indented one level as part of looping
over the tests with both the old and new names.
