* fix raft tls key rotation panic when rotation time in past
* add changelog entry
* push out next raft TLS rotation time in case close to elapsing
* consolidate tls key rotation duration calculation
* reduce raft getNextRotationTime padding to 10 seconds
* move tls rotation ticker reset to where its duration is calculated
* handle current warning
* handle history
* match the two flows
* clean up
* Refactor to account for chart indicator (#15121)
* refactor for charts
* revert handler changes
* clarify variable
* add 1.10 to version history
* woops add key
* handle mock query end date
* update current template
* add date
* fix tests
* fix fake version response
* address comments, cleanup
* change word
* add TODO
* revert selector
Co-authored-by: claire bontempo <68122737+hellobontempo@users.noreply.github.com>
Co-authored-by: Claire Bontempo <cbontempo@hashicorp.com>
* Add command help info
* Explain CLI and API correlation
* Update the heading level
* Updated the command example with more description
* Update website/content/docs/commands/index.mdx
Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>
* Update website/content/docs/commands/index.mdx
Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>
* Update website/content/docs/commands/index.mdx
Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>
* Incorporate review feedback
Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>
* KMSE: Key Model / Adapter / Serializer setup (#13638)
* First pass model
* KMS key adapter (create/update), serializer, model
* Add last rotated and provider to key
* KeyEdit secret-edit component, and more key model stuff
* add formatDate param support to infotablerow
* Add keymgmt key to routes and options-for-backend
* Rename keymgmt-key to keymgmt/key
* Add test, cleanup
* Add mirage handler for kms
* Address PR comments
* KMS Providers (#13797)
* adds pagination-controls component
* adds kms provider model, adapter and serializer
* adds kms provider-edit component
* updates secrets routes to handle itemType query param for kms
* updates kms key adapter to query by provider
* adds tests for provider-edit component
* refactors kms provider adapter to account for dynamic path
* adds model-validations-helper util
* removes keymgmt from supported-secret-backends
* fixes issue generating url for fetching keys for a provider
* updates modelType method on secret-edit route to accept options object as arg rather than transition
* adds additional checks to ensure queryParams are defined in options object for modelType method
* UI/keymgmt distribute key (#13840)
* Add distribution details on key page, and empty states if no permissions
* Allow search-select component to return object so parent can tell when new item was created
* Add stringarray transform
* Distribute component first pass
* Refactor distribute component for use with internal object rather than ember-data model
* Specific permission denied errors on key edit
* Allow inline errors on search-select component
* Style updates for form errors
* Styling and error messages on distribute component
* Allow block template on inline alert so we can add doc links
* Add distribute action, flash messages, cleanup
* Cleanup & Add tests
* More cleanup
* Address PR comments
* Move disable operations logic to commponent class
* KMSE Enable/Config (#14835)
* adds keymgmt secrets engine as supported backend
* adds comment to check on keymgmt as member of adp module
* updates kms provider to use model-validations decorator
* fixes lint errors and tests
Co-authored-by: Chelsea Shaw <82459713+hashishaw@users.noreply.github.com>
* Bootstrap Nomad ACL system if no token is given
Similar to the [Bootstrap the Consul ACL system if no token is given][boostrap-consul]
it would be very useful to bootstrap Nomads ACL system and manage it in
Vault.
[boostrap-consul]:https://github.com/hashicorp/vault/pull/10751
* Add changelog entry
* Remove debug log line
* Remove redundant else
* Rename Nomad acl bootstrap param
* Replace sleep with attempt to list nomad leader, setup will retry until successful
* fmt
- As part of the PKI rotation project we need to hook into some of the functions
that were factored out for managed keys in regards to key handling within the
CA bundles.
- Refactor the codebase so that we only extract managed key stuff from oss/ent
and not additional business logic.
* clean up activity serailizer
* fix line chart so only plot months with data
* cleanup monthly serializer
* account for empty months in vertical bar chart
* tidy version upgrade info
* fix version history model typo
* extract const into helper
* add upgrade indicator to line chart
* fix tests
* add todos
VAULT-5827 Update mongodb, brotli
Closes https://github.com/hashicorp/vault-plugin-secrets-mongodbatlas/issues/11
* `brotli` 1.0.1 was withdrawn
* `go-client-mongodb-atlas` has an old dependency on a renamed repo, and
has been renamed twice. This caused issues in
https://github.com/hashicorp/vault-plugin-secrets-mongodbatlas/issues/11
for example.
* VAULT-5827 Set unwrap token during database tests
The unwrap token is necessary for the plugins to start correctly when
running when running acceptance tests locally, e.g.,
```
$ VAULT_MONGODBATLAS_PROJECT_ID=... VAULT_MONGODBATLAS_PRIVATE_KEY=... VAULT_MONGODBATLAS_PUBLIC_KEY=... TEST='-run TestBackend_StaticRole_Rotations_MongoDBAtlas github.com/hashicorp/vault/builtin/logical/database' make test
--- FAIL: TestBackend_StaticRole_Rotations_MongoDBAtlas (5.33s)
rotation_test.go:818: err:%!s(<nil>) resp:&logical.Response{Secret:<nil>, Auth:<nil>, Data:map[string]interface {}{"error":"error creating database object: invalid database version: 2 errors occurred:\n\t* Unrecognized remote plugin message: PASS\n\nThis usually means that the plugin is either invalid or simply\nneeds to be recompiled to support the latest protocol.\n\t* Incompatible API version with plugin. Plugin version: 5, Client versions: [3 4]\n\n"}, Redirect:"", Warnings:[]string(nil), WrapInfo:(*wrapping.ResponseWrapInfo)(nil), Headers:map[string][]string(nil)}
```
Note the `PASS` message there, which indicates that the plugin exited
before starting the RPC server.
* add BuildDate to version base
* populate BuildDate with ldflags
* include BuildDate in FullVersionNumber
* add BuildDate to seal-status and associated status cmd
* extend core/versions entries to include BuildDate
* include BuildDate in version-history API and CLI
* fix version history tests
* fix sys status tests
* fix TestStatusFormat
* remove extraneous LD_FLAGS from build.sh
* add BuildDate to build.bat
* fix TestSysUnseal_Reset
* attempt to add build-date to release builds
* add branch to github build workflow
* add get-build-date to build-* job needs
* fix release build command vars
* add missing quote in release build command
* Revert "add branch to github build workflow"
This reverts commit b835699ecb7c2c632757fa5fe64b3d5f60d2a886.
* add changelog entry
* website: rm content moved to learn
* fix: delete intro page file and data
* fix: restore page file so build works, need to make change in dev-dot
* fix: avoid empty sidebar data error
* fix: proper rm now that hashicorp/dev-portal#287 has landed
* update /monthly endpoint
* change object key names to match API
* update serializers
* add optional no data mesage for horizontal chart
* add split chart option for attribution component
* wire up filtering namespaces and auth methods
* update clients current tests
* update todos and address comments
* fix attribution test
* fix dev-plugin-dir when backend is builtin
* use builtinRegistry.Contains
* revert aa76337
* use correct plugin type for logical backend after revert
* fix factory func default setting after revert
* add ut coverage for builtin plugin with plugin directory set
* add coverage for secrets plugin type
* use totp in tests to avoid test import cycle in ssh package
* use nomad in tests to avoid test import cycle
* remove secrets mount tests due to unavoidable test import cycle
* VAULT-5422: Add rate limit for TOTP passcode attempts
* fixing the docs
* CL
* feedback
* Additional info in doc
* rate limit is done per entity per methodID
* refactoring a test
* rate limit OSS work for policy MFA
* adding max_validation_attempts to TOTP config
* feedback
* checking for non-nil reference