Commit graph

11310 commits

Author SHA1 Message Date
Jeff Mitchell 6c02f7f616 changelog++ 2019-10-28 12:52:37 -04:00
Jeff Mitchell 4e1470f483
Handpick cluster cipher suites when they're not user-set (#7487)
* Handpick cluster cipher suites when they're not user-set

There is an undocumented way for users to choose cluster cipher suites
but for the most part this is to paper over the fact that there are
undesirable suites in TLS 1.2.

If not explicitly set, have the set of cipher suites for the cluster
port come from a hand-picked list; either the allowed TLS 1.3 set (for
forwards compatibility) or the three identical ones for TLS 1.2.

The 1.2 suites have been supported in Go until at least as far back as
Go 1.9 from two years ago. As a result in cases where no specific suites
have been chosen this _ought_ to have no compatibility issues.

Also includes a useful test script.
2019-10-28 12:51:45 -04:00
Daniel Lohse de2d3073d7 Allow Raft storage to be configured via env variables (#7745)
* Fix unordered imports

* Allow Raft node ID to be set via the environment variable `VAULT_RAFT_NODE_ID`

* Allow Raft path to be set via the environment variable `VAULT_RAFT_PATH`

* Prioritize the environment when fetching the Raft configuration values

Values in environment variables should override the config as per the
documentation as well as common sense.
2019-10-28 09:43:12 -07:00
Jeff Mitchell d9ca6e77eb changelog++ 2019-10-28 12:32:37 -04:00
Brian Kassouf d05b401cd8
Update token_store.go 2019-10-28 09:31:58 -07:00
Denis Subbotin e9cdd451d1 Don't allow duplicate SAN names in PKI-issued certs (#7605)
* fix https://github.com/hashicorp/vault/issues/6571

* fix test TestBackend_OID_SANs because now SANs are alphabetic sorted
2019-10-28 12:31:56 -04:00
Jack Kleeman 65c67dd6f3 Add a counter for root token creation (#7172)
It would be useful to be able to page on root token creation. This PR
adds a counter which increments on this event.
2019-10-28 09:30:11 -07:00
Jeff Mitchell 69bb72da53 changelog++ 2019-10-28 12:17:48 -04:00
Jeff Mitchell 0c88218dd4 Port some changes that got out of sync 2019-10-28 11:38:14 -04:00
Jeff Mitchell df43802f14 Vendor 2019-10-28 11:34:28 -04:00
ncabatoff 4d82540683
Restore changelog entries lost in 319fe8ea37ec9b89eb3c529d4bdb236f3eb7fdb1 (#7746) 2019-10-28 10:09:52 -04:00
Brian Kassouf caad02412a
changelog++ 2019-10-27 23:07:55 -07:00
Brian Kassouf ba6b8528b5
changelog++ 2019-10-27 23:06:55 -07:00
Brian Kassouf a20e73c2da
Port filtered paths changes back to OSS (#7741)
* Port filtered paths changes back to OSS

* Fix build
2019-10-27 13:30:38 -07:00
Matthew Irish f982899f1e
embed yarn (#7740)
* embed yarn binary using yarn policies set-version and loosen the restriction on yarn in the dockerfile and the package.json

* don't lint the embedded yarn package
2019-10-25 16:00:45 -05:00
Matthew Irish eae5e114ba
UI - replication path filtering (#7620)
* rename mount-filter-config models, components, serializer, adapters to path-filter-config

* move search-select component to core addon

* add js class for search-select-placeholder and sort out power-select deps for moving to the core component

* expose oninput from powerselect through search-select

* don't fetch mounts in the replication routes

* remove toggle from add template

* start cross-namespace fetching

* group options and set up for namespace fetch via power-select search prop

* add and style up radio-card CSS component

* add xlm size for icons between l and xl

* copy defaults so they're not getting mutated

* finalize cross-namespace fetching and getting that to work with power-select

* when passing options but no models, format the options in search select so that they render properly in the list

* tint the background of a selected radio card

* default to null mode and uniq options in search-select

* finish styling radio-card

* format inputValues when first rendering the component if options are being passed from outside

* treat mode:null as deleting existing config which simplifies save logic

* correctly prune the auto complete list since path-filter-config-list handles all of that and finish styling

* remove old component

* add search debounce and fix linting

* update search-select docs

* updating tests

* support grouped options for when to show the create prompt

* update and add tests for path-filter-config-list

* fix tests for search-select and path-filter-config-list

* the new api uses allow/deny instead of whitelist/blacklist
2019-10-25 13:16:45 -05:00
Mike Jarmy ee2e3fd75d
add docs for new replication metrics (#7729)
* add docs for new replication metrics

* add docs for new replication metrics
2019-10-25 12:46:56 -04:00
Matt Morrison 1e7acd0800 path-help missing or incorrect for raft paths (#7326) 2019-10-25 12:37:48 -04:00
Brian Shumate a83160617e Docs: Add version command (#7719)
* Docs: Add version command

* adding to
2019-10-25 12:25:04 -04:00
spiff efb2751e00 Change "Generate Intermediate" example to exported (#7515)
The example request for "Generate Intermediate" was type "internal", but the example response contained the private key, which "internal" doesn't do. This patch fixes the example request to be type "exported" to match the example response.
2019-10-25 12:21:55 -04:00
Jim Kalafut b6952df1b8
changelog++ 2019-10-25 09:03:22 -07:00
will-quan-bird 6456fd6222 allows emails@sign to be within the aws secrets engine path (#7553) 2019-10-25 09:01:01 -07:00
Chris Hoffman 0d3054d80a
changelog++ 2019-10-25 11:45:32 -04:00
Chris Hoffman 17569c95f9
changelog++ 2019-10-25 11:41:25 -04:00
Mike Jarmy 56725e694f
fix token counter test so the token won't time out (#7737) 2019-10-25 10:55:38 -04:00
Chris Hoffman 714ba931e5
changelog++ 2019-10-25 09:50:17 -04:00
Chris Hoffman c640a2c6fb
changelog++ 2019-10-25 09:45:27 -04:00
Chris Hoffman ca2935c519
changelog++ 2019-10-25 09:40:21 -04:00
Chris Hoffman 6298c03dfd
changelog++ 2019-10-25 09:33:52 -04:00
Sam Salisbury 8f0c38f78d
run go mod vendor (#7736) 2019-10-25 13:35:22 +01:00
Matthew Irish e3450dddeb
update yarn to 1.19.1 (#7731) 2019-10-24 17:08:23 -05:00
Jeff Escalante 00564a77a1 Update ruby dependencies (#7720)
* update ruby dependencies

* add specific version bundler dep

* remove ruby-version

* remove extra gemfile dep
2019-10-24 17:41:40 -04:00
Chris Hoffman 70468e4cbf
changelog++ 2019-10-24 15:14:45 -04:00
Chris Hoffman d1441ecad0
changelog++ 2019-10-24 14:58:40 -04:00
Chris Hoffman 85ee5decb7
changelog++ 2019-10-24 14:54:09 -04:00
Noelle Daley c87ec96b8e
indicate that secret version is deleted even when it is the current version (#7714) 2019-10-24 11:35:25 -07:00
ncabatoff 20b8f8d7d0
Don't try to use req if we got a nonzero status, it'll be nil. (#7728) 2019-10-24 13:37:13 -04:00
ncabatoff 7c6cc95a24
Fix a regression introduced in #7698 that breaks root token generation. (#7727) 2019-10-24 10:23:31 -04:00
Mike Jarmy ce2866a29a changelog++ 2019-10-24 10:19:01 -04:00
ncabatoff 99f337d9d4
changelog++ 2019-10-23 15:58:02 -04:00
Noelle Daley 9ae200279e
Update CHANGELOG.md 2019-10-23 12:05:15 -07:00
Vishal Nayak 23b0fb62de Abstract generate-root authentication into the strategy interface (#7698)
* Abstract generate-root authentication into the strategy interface

* Generate root strategy ncabatoff (#7700)

* Adapt to new shamir-as-kek reality.

* Don't try to verify the master key when we might still be sealed (in
recovery mode).  Instead, verify it in the authenticate methods.
2019-10-23 09:52:28 -07:00
Michael Gaffney 76825f2dfe
Changelog: clarify enterprise seal migration fix 2019-10-23 11:29:53 -04:00
ncabatoff 82a21325de
changelog++ 2019-10-23 10:49:43 -04:00
Jeff Mitchell 1a77ce36be
Update transit docs to add aes128/p384/p521 information (#7718) 2019-10-23 10:26:11 -04:00
Amitosh Swain Mahapatra cf12f549f3 Show versions that are active when delete_version_after is configured (#7685) 2019-10-22 15:45:20 -07:00
Calvin Leung Huang de7b094f19
changelog++ 2019-10-22 10:44:26 -07:00
Calvin Leung Huang fcda73eac8
agent: fix data race on inmemSink's token (#7707)
* agent: fix data race on inmemSink's token

* use uber/atomic instead
2019-10-22 10:42:56 -07:00
ncabatoff 13c00dfa38
Use docker instead of an external LDAP server that sometimes goes down (#7522) 2019-10-22 13:37:41 -04:00
ncabatoff 7c1da918dd
changelog++ 2019-10-22 10:47:42 -04:00