* fixes issue with distributed kmse key not appearing on provider until after refresh
* updates provider-edit test and adds enterprise to kmse acceptance test module name
* updates keymgmt acceptance test module name
- If the timing is correct, a delay in the test's select might see the
doneCh signal before the renew channels signal. If that happens, the
test fails as it assumes we will receive signals across different
channels in order.
- Rework the test to make sure that we read from the renew channel if expected
and the done channel so that any errors might not be escaping from detection
on a renew.
* Update containerd/containerd indirect test dep
This dependency is pulled in from our testing infra and not in our final
Vault version. However, updating this dep pulls in newer versions of
other deps (such as protobuf) which are used at runtime. Updated via:
$ go get github.com/containerd/containerd@v1.5.13 && go mod tidy
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
* Update moby/moby direct test dep
Since docker/docker has an indirect dep on containerd, I've updated it
as well:
$ go get github.com/docker/docker@v20.10.17 && go mod tidy
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
* VAULT-6091 Document duration format
* VAULT-6091 Document duration format
* VAULT-6091 Update wording
* VAULT-6091 Update to duration format string, replace everywhere I've found so far
* VAULT-6091 Add the word 'string' to the nav bar
* VAULT-6091 fix link
* VAULT-6091 fix link
* VAULT-6091 Fix time/string, add another reference
* VAULT-6091 add some misses for references to this format
* Allow reading Nomad CA/Client cert configuration
In the Nomad secret engine, writing to /nomad/config/access allows users
to specify a CA certificate and client credential pair. However, these
values are not in the read of the endpoint, making it hard for operators
to see if these values were specified and if they need to be rotated.
Add `ca_cert` and `client_cert` parameters to the response, eliding the
`client_key` parameter as it is more sensitive (and should most likely
be replaced at the same time as `client_cert`).
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
* Add changelog
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
* Fix tests to expect additional fields
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
* Add test with existing CA/client cert+key
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
* Handle func
* Update - check if key_type and key_bits are allowed
* Update - fields
* Generating keys based on provided key_type and key_bits
* Returning signed key
* Refactor
* Refactor update to common logic function
* Descriptions
* Tests added
* Suggested changes and tests added and refactored
* Suggested changes and fmt run
* File refactoring
* Changelog file
* Update changelog/15561.txt
Co-authored-by: Alexander Scheel <alexander.m.scheel@gmail.com>
* Suggested changes - consistent returns and additional info to test messages
* ssh issue key pair documentation
Co-authored-by: Alexander Scheel <alexander.m.scheel@gmail.com>
By default, ember build fingerprint all the static assets such as
'js', 'css', 'png', 'jpg', 'gif', 'map' during compilation. As a result the image
referenced in mfa landing page was not loading in binary. For now, exclude fingerprinting
for all the files which exists under images directory.
This was causing failures when running `vault server -dev`:
> panic: runtime error: invalid memory address or nil pointer dereference
> [signal SIGSEGV: segmentation violation code=0x2 addr=0x20 pc=0x105c41c1c]
>
> goroutine 1 [running]:
> github.com/hashicorp/vault/command.(*ServerCommand).parseConfig(0x140005a2180)
> .../vault/command/server.go:429 +0x5c
Interestingly, we do not have a test case for running the dev
sever.
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
- Selecting a constant default value exposed a possible edge case
that the migration would fail if a previous migration contained the
same issuer or key name.
* Overhaul consul docs and api-docs for new 1.11 features
Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>
Co-authored-by: Calvin Leung Huang <1883212+calvn@users.noreply.github.com>
Co-authored-by: John-Michael Faircloth <fairclothjm@users.noreply.github.com>
This adds a note that manual_chain is required for cross-signed
intermediates, as Vault will not automatically associate the
cross-signed pair during chain construction. During issuance, the chain
is used verbatim from the issuer, so no chain detection will be used
then.
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
* Add PutMetadata and PatchMetadata KV helpers
* Refactor tests, stop needlessly converting zero values to nil
* Merge fix for delete-version-after zero value bug
* Cast nils to zero value on Put
* Use 2 different structs for put/patch metadata input, clarity fixes
* Use local constants and simplify stringification