Commit graph

15920 commits

Author SHA1 Message Date
Luis (LT) Carbonell a0f4c18f44
Add links for service registration provides (#17170) 2022-09-16 15:28:18 -05:00
Austin Gebauer 7b862f33c3
secrets/gcp: updates plugin to v0.14.0 (#17174)
* secrets/gcp: updates plugin to v0.14.0

* adds changelog
2022-09-16 12:42:37 -07:00
Mike Palmiotto fc87471580
docs: Add faq for deprecation status (#17096) 2022-09-16 15:38:40 -04:00
vinay-gopalan ec76c2c8a3
update auth/gcp to v0.14.0 (#17160) 2022-09-16 09:39:34 -07:00
Josh Black 04a2396573
Adjust raft transactions to be safer with get operations (#17151) 2022-09-16 09:35:48 -07:00
Max Coulombe a3f7a8c487
+ upgrade redis-elasticache plugin to v0.1.0 (#17163) 2022-09-16 12:32:12 -04:00
Theron Voran c9e5bee8d0
docs/vault-k8s: update for v1.0.0 release (#17165) 2022-09-16 08:46:39 -07:00
Theron Voran 81ea92459c
secrets/kubernetes: upgrade to v0.2.0 (#17164) 2022-09-16 08:31:53 -07:00
Nick Cabatoff b7c5dbd713
Reduce time taken to run the vault test package (#17157)
Factored out some plugin related tests into their own test package, and added a bunch of parallelism.  Moved some non-plugin tests that were in logical_system_integ_test into another file (keeping them in vault package) just for cohesion.
2022-09-16 09:53:16 -04:00
Steven Clark 7f31d68d86
Update semgrep to 0.113.0 (#17168)
* Update semgrep to 0.113.0
* Print semgrep version in CI
2022-09-16 14:41:58 +01:00
Theron Voran 37b30337a0
auth/kubernetes: upgrade to v0.14.0 (#17161) 2022-09-16 02:03:21 -04:00
Austin Gebauer c1f51417b0
Adds ldap secrets to plugin registry and updates to v0.9.0 (#17152)
* Adds ldap secrets to plugin registry and updates to v0.9.0

* adds changelog

* fix test
2022-09-15 22:19:24 -07:00
Christopher Swenson b136a7ecd8
Add plugin version to GRPC interface (#17088)
Add plugin version to GRPC interface

Added a version interface in the sdk/logical so that it can be shared between all plugin types, and then wired it up to RunningVersion in the mounts, auth list, and database systems.

I've tested that this works with auth, database, and secrets plugin types, with the following logic to populate RunningVersion:

If a plugin has a PluginVersion() method implemented, then that is used
If not, and the plugin is built into the Vault binary, then the go.mod version is used
Otherwise, the it will be the empty string.
My apologies for the length of this PR.

* Placeholder backend should be external

We use a placeholder backend (previously a framework.Backend) before a
GRPC plugin is lazy-loaded. This makes us later think the plugin is a
builtin plugin.

So we added a `placeholderBackend` type that overrides the
`IsExternal()` method so that later we know that the plugin is external,
and don't give it a default builtin version.
2022-09-15 16:37:59 -07:00
Christopher Swenson aa503ef7ff
fix: upgrade vault-plugin-database-snowflake to v0.6.0 (#17159)
fix: upgrade vault-plugin-database-snowflake to v0.6.0
2022-09-15 16:01:56 -07:00
Austin Gebauer c87954e7e3
auth/jwt: updates plugin to v0.14.0 (#17154) 2022-09-15 13:44:50 -07:00
Kit Haines 71d9c33802
Add "plumbing" for surfacing warnings, and warning overwriting ttl (#17073)
* Add "plumbing" for surfacing warnings, and add warning about TTL > maxTTL when issuing a cert.
2022-09-15 12:38:33 -07:00
Jordan Reimer d258740f24
Prevent Requests to resultant-acl Endpoint When Unauthenticated (#17139)
* prevents requests to resultant-acl endpoint when not logged in

* removes unauthenticated mentions from resultant-acl api doc

* adds changelog entry
2022-09-15 12:45:33 -06:00
Jason O'Donnell 87350f927f
agent/auto-auth: add exit_on_err configurable (#17091)
* agent/auto-auth: add exit_on_err configurable

* changelog

* Update backoff function to quit

* Clarify doc

* Fix test
2022-09-15 11:00:31 -07:00
Scott Miller 39af76279d
Populate during renew calls also (#17143) 2022-09-15 10:50:43 -05:00
Mike Palmiotto d23b57ea4c
semgrep: Enforce no loop vars in goroutines (#17145) 2022-09-15 10:13:51 -04:00
Scott Miller 2152a933ff
Load existing CRLs on startup and after invalidate (#17138)
* Load existing CRLs on startup and after invalidate

* changelog
2022-09-14 15:30:44 -05:00
Jaymala 2231f588a5
Refactor Enos scenario matrix generation (#17060)
* Refactor Enos scenario matrix generation

* Generate scenario matrix based on artifact edition to test
* Configure Vault license for testing Ent artifact
* Run Autopilot scenario for Ent

Signed-off-by: Jaymala Sinha <jaymala@hashicorp.com>

Cleanup Enos runtime

Signed-off-by: Jaymala Sinha <jaymala@hashicorp.com>

Fix syntax

Signed-off-by: Jaymala Sinha <jaymala@hashicorp.com>

Use script to generate Enos scenario matrix

Signed-off-by: Jaymala Sinha <jaymala@hashicorp.com>

Checkout repo to generate matrix

Signed-off-by: Jaymala Sinha <jaymala@hashicorp.com>

Fix matrix syntax

Signed-off-by: Jaymala Sinha <jaymala@hashicorp.com>

Fix json format

Signed-off-by: Jaymala Sinha <jaymala@hashicorp.com>

Update Enos scenario license condition

Signed-off-by: Jaymala Sinha <jaymala@hashicorp.com>

* Address review feedback

Signed-off-by: Jaymala Sinha <jaymala@hashicorp.com>

* Fix syntax

Signed-off-by: Jaymala Sinha <jaymala@hashicorp.com>

* Update json format for scenario matrix

Signed-off-by: Jaymala Sinha <jaymala@hashicorp.com>

* Address review comments

Signed-off-by: Jaymala Sinha <jaymala@hashicorp.com>

Signed-off-by: Jaymala Sinha <jaymala@hashicorp.com>
2022-09-14 14:17:07 -04:00
Angel Garbarino f6de4f75b4
PKI Role's model and List view (#17134)
* working state for list, maybe issue with model connection?

* list view with opneAPI on the model and dynamic linking to edit and details pages.

* cleanup for PR review

* cleanup for PR review
2022-09-14 11:18:37 -06:00
Austin Gebauer f9af44a0bb
auth/oidc: update docs for google workspace config (#17128)
* auth/oidc: update docs for google workspace config

* make fmt
2022-09-14 08:42:02 -07:00
Steven Clark 637576b9d2
Remove enos provider from build_local enos module (#17102)
- The provider isn't needed and there is an error in the source
   anyways.

❯ enos scenario validate managed_keys
Scenario: managed_keys [arch:arm64 backend:raft builder:local distro:ubuntu edition:ent seal:awskms]
  Generate: 
 Init: 

Error: Invalid provider registry host

The host "hashicorp.com" given in in provider source address
"hashicorp.com/qti/enos" does not offer a Terraform provider registry.
2022-09-14 11:34:10 -04:00
Steven Clark 12242d1a97
make fmt (#17131) 2022-09-14 07:45:50 -05:00
Josh Black 14c8008181
Enforce a minimum version for protoc (#17122) 2022-09-13 19:46:35 -07:00
Devon Powley bb0f93044f
Update Vault Azure Secrets docs for permanent deletion feature (#17045)
* Update Vault Azure Secrets docs for permanent deletion feature

* Add changelog for vault azure doc update

* Update CL based on PR feedback

Co-authored-by: Devon Powley <dpowley@users.noreply.github.com>
2022-09-13 16:25:19 -07:00
claire bontempo 3163309130
UI: Fix KV engine deleting latest version instead of specified version depending on policy (#17124)
* update modal copy to clarify when a user is unable to delete a specific version

* add tests

* cleanup tests, move console commands into helper function

* cleanup hbs

* add changelog
2022-09-14 00:11:08 +02:00
Josh Black 1e6401a8eb
make proto (#17120) 2022-09-13 16:06:11 -04:00
Scott Miller 12a8ef1cfd
Implement partial_failure_response_code_override for batch requests (#17118)
* Implement partial_failure_response_code_override for batch requests

* docs

* changelog

* one more test case
2022-09-13 12:51:09 -05:00
Josh Black 6d94dd991d
merkle sync undo logs (#17103) 2022-09-13 10:03:19 -07:00
Jordan Reimer da7cd37674
Replace Non-Inclusive Terms in UI (#17116)
* removes non-inclusive terms from UI

* adds changelog entry
2022-09-13 10:42:34 -06:00
georgethebeatle f9439a9c41
Make key completion work for both kv-v1 and kv-v2 (#16553)
Co-authored-by: Kieron Browne <kbrowne@vmware.com>
Co-authored-by: Georgi Sabev <georgethebeatle@gmail.com>
Co-authored-by: Danail Branekov <danailster@gmail.com>
2022-09-13 12:11:00 -04:00
claire bontempo fcf6467cbf
UI: OIDC config cleanup (#17105)
* cleanup infotableitemarray, add render name option to component

* wait until items fetched before rendering child component

* update test

* finish tests for info table item array

* remove unused capability checks

* remove unnecessary path alias

* fix info table row arg

* fix wildcards getting info tooltip
2022-09-13 09:06:19 -07:00
Hamid Ghaf ed0a9feb7f
running make proto (#17106) 2022-09-13 09:40:12 -04:00
Alexander Scheel 1bbabf19d7
Add more docs on revocation changes (#17085)
* Add more notes about issuer revocation

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Note BYOC in considerations

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add note about http access to CRLs, OCSP

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Recommend enabling auto-tidy & crl rebuilding

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add missing paths to personas

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2022-09-12 11:46:01 -05:00
Hamid Ghaf 77ec84cfb1
updating hcp link structs, and fix diagnose (#17097) 2022-09-12 11:10:01 -04:00
Steven Clark cfb56105b8
A PKI test to verify our defaults are the same for creates and update apis (#17094) 2022-09-12 09:22:56 -04:00
Angel Garbarino e420ef0413
Setup Routing for PKI tabs (#17054)
* setup PKI Ember engine

* clean up SecretListHeader and add documentation.

* move secret-list-header to addon folder

* move options-for-backend helper

* fix all for SecretListHeader to work

* use secretListHeaderTab by moving to adodn.

* add overview empty state

* clean up

* the tabs template and hbs route files

* routing for tidy and configure, still some questions for design

* wip

* clean up from merge and past pr

* add create index route

* clean up comment

* routing rework after discussion with Jordan

* cleanup

* remove app folder

* change names on js files for debugging
2022-09-09 18:01:47 -06:00
Mike Palmiotto 3e5f570c5e
CI: prune docker networks before creation (#17092) 2022-09-09 16:39:51 -04:00
Max Coulombe 6b2f4e5354
+ added redis elasticache as a built-in plugin (#17075)
* added redis elasticache as a built-in plugin
2022-09-09 16:16:30 -04:00
Mike Palmiotto 9849af8663
Add deprecation status to plugin api and cli (#17077)
* api: Add deprecation status to plugin endpoints

* cli: Add -detailed flag to `plugin list`

* docs: Update plugin list/info docs
2022-09-09 16:03:07 -04:00
Hamid Ghaf 102f5f6832
node status as a module to be importable by HCP cloud (#17089) 2022-09-09 14:51:05 -04:00
Milena Zlaticanin 0977bd1ddc
Import Redis OSS database plugin into Vault (#17070)
* Import Redis OSS database plugin into Vault

* update the total number of db plugins

* small nit for testing

* adding changelog
2022-09-09 13:42:25 -05:00
Alexander Scheel 6d90586ad6
Update issuer usage with ocsp-signing by default (#17087)
This option was elided from the default value for the usage field. This
results in issuers "losing" ocsp-signing when they're POST updated. Most
issuers will want OCSP signing by default, so it makes sense to add this
as the default.

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2022-09-09 13:28:45 -04:00
Tom Proctor 65adf42d48
Support running versioned plugins from the catalog (#17015) 2022-09-09 18:14:26 +01:00
Tom Proctor aa50e42fca
Support version selection for database plugins (#16982)
* Support version selection for database plugins
* Don't consider unversioned plugins for version selection algorithm
* Added version to 'plugin not found' error
* Add PluginFactoryVersion function to avoid changing sdk/ API
2022-09-09 17:32:28 +01:00
Nick Cabatoff 3075c5bd65
Do not attempt to write a new TLS keyring at startup if raft is already setup (#17079) 2022-09-09 12:19:57 -04:00
Steven Clark 5b5699e9b0
Update PKI documentation to clear up PKCS8 marshalling behavior (#17080)
- Update the documentation in regards to the private_key_format
   argument only controls the behavior of the private_key response field
   and does not modify the encoding of the private key within the
   pem_bundle.
2022-09-09 11:31:08 -04:00