Steven Clark
3bfa4fa267
Add missing changelog for pr #13093 ( #13095 )
2021-11-09 11:03:59 -05:00
Steven Clark
8c50afc07c
Address a data race issue within identity_store_util::processLocalAlias ( #13093 )
...
- When loading an existing alias within processLocalAlias we aren't
cloning the object from the memory store. There seems to be a data
race within the function when calling entity.UpsertAlias and
a concurrent invalidation routine.
==================
WARNING: DATA RACE
Read at 0x00c00bd03d08 by goroutine 94:
google.golang.org/protobuf/internal/impl.pointer.Elem()
/go/pkg/mod/google.golang.org/protobuf@v1.27.1/internal/impl/pointer_unsafe.go:118 +0x2b3
google.golang.org/protobuf/internal/impl.(*MessageInfo).sizePointerSlow()
/go/pkg/mod/google.golang.org/protobuf@v1.27.1/internal/impl/encode.go:76 +0x265
google.golang.org/protobuf/internal/impl.(*MessageInfo).sizePointer()
/go/pkg/mod/google.golang.org/protobuf@v1.27.1/internal/impl/encode.go:56 +0x12a
google.golang.org/protobuf/internal/impl.(*MessageInfo).size()
/go/pkg/mod/google.golang.org/protobuf@v1.27.1/internal/impl/encode.go:40 +0x95
google.golang.org/protobuf/internal/impl.(*MessageInfo).size-fm()
/go/pkg/mod/google.golang.org/protobuf@v1.27.1/internal/impl/encode.go:33 +0x6c
google.golang.org/protobuf/proto.MarshalOptions.marshal()
/go/pkg/mod/google.golang.org/protobuf@v1.27.1/proto/encode.go:153 +0x1f3
google.golang.org/protobuf/proto.MarshalOptions.MarshalAppend()
/go/pkg/mod/google.golang.org/protobuf@v1.27.1/proto/encode.go:122 +0xa5
github.com/golang/protobuf/proto.marshalAppend()
/go/pkg/mod/github.com/golang/protobuf@v1.5.2/proto/wire.go:40 +0xe4
github.com/golang/protobuf/proto.Marshal()
/go/pkg/mod/github.com/golang/protobuf@v1.5.2/proto/wire.go:23 +0x64
github.com/hashicorp/vault/helper/identity.(*Entity).Clone()
/go/src/github.com/hashicorp/vault/helper/identity/identity.go:34 +0x150
github.com/hashicorp/vault/vault.(*IdentityStore).MemDBEntitiesByBucketKeyInTxn()
/go/src/github.com/hashicorp/vault/vault/identity_store_util.go:1214 +0x306
github.com/hashicorp/vault/vault.(*IdentityStore).Invalidate()
/go/src/github.com/hashicorp/vault/vault/identity_store.go:216 +0xd6c
github.com/hashicorp/vault/vault.(*IdentityStore).Invalidate-fm()
/go/src/github.com/hashicorp/vault/vault/identity_store.go:160 +0x6d
github.com/hashicorp/vault/sdk/framework.(*Backend).InvalidateKey()
/go/src/github.com/hashicorp/vault/sdk/framework/backend.go:347 +0x8a
github.com/hashicorp/vault/vault.(*IdentityStore).InvalidateKey()
<autogenerated>:1 +0x7d
github.com/hashicorp/vault/vault.(*Core).asyncInvalidateKey()
/go/src/github.com/hashicorp/vault/vault/replication_invalidation_ent.go:58 +0x390
github.com/hashicorp/vault/vault.(*Core).asyncInvalidateHandler()
/go/src/github.com/hashicorp/vault/vault/replication_invalidation_ent.go:71 +0x9b
github.com/hashicorp/vault/vault.startReplicationEnt·dwrap·453()
/go/src/github.com/hashicorp/vault/vault/replication_util_ent.go:331 +0x71
Previous write at 0x00c00bd03d08 by goroutine 52:
github.com/hashicorp/vault/helper/identity.(*Entity).UpsertAlias()
/go/src/github.com/hashicorp/vault/helper/identity/identity.go:55 +0x271
github.com/hashicorp/vault/vault.(*IdentityStore).processLocalAlias()
/go/src/github.com/hashicorp/vault/vault/identity_store_util.go:720 +0x672
github.com/hashicorp/vault/vault.possiblyForwardEntityCreation()
/go/src/github.com/hashicorp/vault/vault/request_handling_util_ent.go:230 +0x286
github.com/hashicorp/vault/vault.(*Core).handleLoginRequest()
/go/src/github.com/hashicorp/vault/vault/request_handling.go:1345 +0x234a
github.com/hashicorp/vault/vault.(*Core).handleCancelableRequest()
/go/src/github.com/hashicorp/vault/vault/request_handling.go:607 +0x1a11
github.com/hashicorp/vault/vault.(*Core).switchedLockHandleRequest()
/go/src/github.com/hashicorp/vault/vault/request_handling.go:442 +0x5b5
github.com/hashicorp/vault/vault.(*Core).HandleRequest()
/go/src/github.com/hashicorp/vault/vault/request_handling.go:408 +0xf2
github.com/hashicorp/vault/http.request()
/go/src/github.com/hashicorp/vault/http/handler.go:953 +0xb1
github.com/hashicorp/vault/http.handleLogicalInternal.func1()
/go/src/github.com/hashicorp/vault/http/logical.go:341 +0xca
net/http.HandlerFunc.ServeHTTP()
/usr/local/go/src/net/http/server.go:2046 +0x4d
github.com/hashicorp/vault/http.handleRequestForwarding.func1()
/go/src/github.com/hashicorp/vault/http/handler.go:887 +0x4eb
net/http.HandlerFunc.ServeHTTP()
/usr/local/go/src/net/http/server.go:2046 +0x4d
net/http.(*ServeMux).ServeHTTP()
/usr/local/go/src/net/http/server.go:2424 +0xc5
github.com/hashicorp/vault/http.wrapHelpHandler.func1()
/go/src/github.com/hashicorp/vault/http/help.go:23 +0x281
net/http.HandlerFunc.ServeHTTP()
/usr/local/go/src/net/http/server.go:2046 +0x4d
github.com/hashicorp/vault/http.wrapCORSHandler.func1()
/go/src/github.com/hashicorp/vault/http/cors.go:29 +0xb0e
net/http.HandlerFunc.ServeHTTP()
/usr/local/go/src/net/http/server.go:2046 +0x4d
github.com/hashicorp/vault/http.rateLimitQuotaWrapping.func1()
/go/src/github.com/hashicorp/vault/http/util.go:97 +0xf28
net/http.HandlerFunc.ServeHTTP()
/usr/local/go/src/net/http/server.go:2046 +0x4d
github.com/hashicorp/vault/http.wrapDRSecondaryHandler.func1()
/go/src/github.com/hashicorp/vault/http/util_ent.go:81 +0x7e3
net/http.HandlerFunc.ServeHTTP()
/usr/local/go/src/net/http/server.go:2046 +0x4d
github.com/hashicorp/vault/http.wrapGenericHandler.func1()
/go/src/github.com/hashicorp/vault/http/handler.go:465 +0x1843
net/http.HandlerFunc.ServeHTTP()
/usr/local/go/src/net/http/server.go:2046 +0x4d
github.com/hashicorp/go-cleanhttp.PrintablePathCheckHandler.func1()
/go/pkg/mod/github.com/hashicorp/go-cleanhttp@v0.5.2/handlers.go:42 +0xc1
net/http.HandlerFunc.ServeHTTP()
/usr/local/go/src/net/http/server.go:2046 +0x4d
net/http.serverHandler.ServeHTTP()
/usr/local/go/src/net/http/server.go:2878 +0x89a
net/http.initALPNRequest.ServeHTTP()
/usr/local/go/src/net/http/server.go:3479 +0x34d
net/http.(*initALPNRequest).ServeHTTP()
<autogenerated>:1 +0x8f
net/http.Handler.ServeHTTP-fm()
/usr/local/go/src/net/http/server.go:87 +0x75
net/http.(*http2serverConn).runHandler()
/usr/local/go/src/net/http/h2_bundle.go:5832 +0xdd
net/http.(*http2serverConn).processHeaders·dwrap·31()
/usr/local/go/src/net/http/h2_bundle.go:5562 +0x64
2021-11-09 10:00:26 -05:00
Jim Kalafut
b6f1f1de64
Update CODEOWNERS ( #13091 )
2021-11-09 06:02:54 -08:00
Hridoy Roy
e7e881c559
Port: Allow Routing to Partial Monthly Client Count From Namespaces ( #13086 )
...
* add function for routing activity log client counts to ent namespaces
* changelog
2021-11-08 15:38:35 -08:00
Jordan Reimer
e733c78ff6
Secrets header version badge ( #13015 )
...
* updates secret list header to display badge for all versions
* adds changelog entry
* updates secret list header to only show badge for kv and generic engine types
* adds secret-engine mirage factory
* adds test helper for pushing serialized mirage data into store and returning ember data models
* adds secret engine type version badge display test
* updates mirage application serializer to return singular type key
2021-11-08 14:29:00 -07:00
Matt Schultz
6fadf30a79
Remove TLS prefer server cipher suites configuration option due to deprecation in go 1.17. ( #13084 )
2021-11-08 14:31:59 -06:00
Nick Cabatoff
d89c7b3d7e
Add a little test helper for polling ( #13082 )
2021-11-08 15:24:06 -05:00
Rémi Lapeyre
ae0b5e41e0
Add read support to sys/mounts/:path ( #12792 )
...
* Add read support to sys/mounts/:path
Closes https://github.com/hashicorp/vault/issues/12349
* Add changelog entry
* Empty commit to trigger CI
* Empty commit to trigger CI
2021-11-08 10:32:01 -08:00
Daniel Nathan Gray
26711ab017
Documentation consistency GPG keys are PGP keys. ( #13073 )
...
* Consistency: GPG keys are PGP keys
* Consistency: GPG keys are PGP keys
* Consistency: GPG keys are PGP keys
* Consistency: GPG keys are PGP keys
* Consistency: GPG keys are PGP keys
* Consistency: s/GPG/PGP keys, use GPG's proper name
* Use GPG's proper name GnuPG
* Use GPG's proper name GnuPG
* Consistency: GPG keys are PGP keys
* Fix typo
2021-11-08 10:04:59 -08:00
Meggie
bb6ba32f65
Add note that monitor command may truncate logs ( #13079 )
...
* Add note that monitor command may truncate logs
* Apply suggestions from code review
Co-authored-by: Nick Cabatoff <ncabatoff@hashicorp.com>
Co-authored-by: Nick Cabatoff <ncabatoff@hashicorp.com>
2021-11-08 12:52:42 -05:00
Nick Cabatoff
40640ef43f
Fix errors logged on standbys when we try to write versions to storage ( #13042 )
2021-11-08 10:04:17 -05:00
Jim Kalafut
1b49591b53
Update changelog for 1.9.0-rc1 ( #13067 )
2021-11-05 13:25:54 -07:00
Steven Clark
687701d9a3
Attempt to fix the flaky TestDeleteUser/TestUpdateUser mssql tests ( #13071 )
...
- Add a 'Connect Timeout' query parameter to the test helper to set
a timeout value of 30 seconds in an attempt to address the following
failure we see at times in TestDeleteUser and TestUpdateUser
mssql_test.go:253: Failed to initialize: error verifying connection: TLS Handshake failed: cannot read handshake packet: EOF
2021-11-05 14:53:37 -04:00
Kevin Wang
3a882fad3a
chore: bump react-subnav
( #13039 )
2021-11-05 13:20:50 -04:00
Jason O'Donnell
16bc065c48
secrets/azure: add doc for rotate-root and AAD migration ( #13066 )
...
* secrets/azure: add doc for rotate-root and AAD migration
* Formatting
* Fix bad link, update warnings
2021-11-05 13:04:25 -04:00
Nick Cabatoff
734b46d150
Fix regression preventing non-docker tests from running. ( #13063 )
2021-11-05 10:41:29 -04:00
claire bontempo
bfc6467e55
UI/Truncate long secret names ( #13032 )
...
* small bar chart attr fix
* truncates and adds ellipsis of label is long
* adds tooltip for long labels
* updates storybook
* adds changelog
* only calculate overflow if query selectors grab elements
* moves tooltip pointer to left
2021-11-04 16:57:08 -07:00
claire bontempo
7bc177abc6
UI/Adds pagination to auth methods list ( #13054 )
...
* adds pagination to auth methods list
* adds changelog
2021-11-04 16:35:20 -07:00
Meggie
f9c8843996
Updating website for 1.8.5 ( #13059 )
2021-11-04 18:14:03 -04:00
castironclay
c2e7aca9ca
Address algorithm not supported ( #12852 )
...
error seen on host /var/log/auth.log:
userauth_pubkey: certificate signature algorithm ssh-rsa: signature algorithm not supported [preauth]
2021-11-04 18:07:46 -04:00
Meggie
6516336ec3
changelog++
2021-11-04 17:56:39 -04:00
John-Michael Faircloth
fde5bb2e72
Docs: OIDC flow endpoints ( #12942 )
...
* add docs for OIDC provider and scopes
* fix json formatting
* add oidc docs path to nav data
* create provider with scope
* update client ids description
* update provider and scope docs
* add issuer string additional docs info
* OIDC: docs for oidc flow endpoints
* fix formatting and wording
* improve headings, formatting; fix wording
Co-authored-by: Vinay Gopalan <vinay@hashicorp.com>
2021-11-04 16:03:56 -05:00
Dominik Roos
114e172437
certutil: select appropriate hash algorithm for ECDSA signature ( #11216 )
...
* certutil: select appropriate hash algorithm for ECDSA signature
Select the appropriate signature algorithm for certificates signed
with an ECDSA private key.
The algorithm is selected based on the curve:
- P-256 -> x509.ECDSAWithSHA256
- P-384 -> x509.ECDSAWithSHA384
- P-521 -> x509.ECDSAWithSHA512
- Other -> x509.ECDSAWithSHA256
fixes #11006
2021-11-04 16:33:01 -04:00
Jordan Reimer
af72de27b9
PGP key list input fix ( #13038 )
...
* fixes issue with pgp list file input count not matching key shares number
* adds changelog entry
2021-11-04 14:25:15 -06:00
Angel Garbarino
74577e3a77
fix and test fix ( #13050 )
2021-11-04 11:26:29 -06:00
John-Michael Faircloth
0445b2b492
Add changelog for couchbase plugin bug fix ( #13033 )
...
* Add changelog for https://github.com/hashicorp/vault-plugin-database-couchbase/pull/24
* update changelog name
* remove debug line
2021-11-03 15:39:19 -05:00
Jason O'Donnell
d92f139176
secrets/azure: add changelog for rotate-root ( #13034 )
...
* secrets/azure: add changelog for rotate-root
* Rename changelog file
* Use PR number as filename
2021-11-03 16:38:45 -04:00
Peter Wilson
89b66054cc
Update README to remove IRC reference ( #13031 )
...
* Update README to remove IRC reference
The README references IRC (Freenode) as a means of communication regarding the Vault project, but it seems that:
1. Freenode has had its share of issues (https://en.wikipedia.org/wiki/Freenode#Ownership_change_and_conflict )
2. You now need a Freenode account to access their IRC server
3. The channel hasn't been very active (and to the best of my knowledge hasn't been migrated to Libera where a lot of Freenode based projects moved to)
I'd recommend just removing the reference for now, and if things change or another means of collaboration surfaces - adding that later.
* Added changelog file 13031.txt
* Moved required changelog file to the correct folder
* Removed changelog entry based on PR feedback
2021-11-03 16:01:01 -04:00
Loann Le
a6432ca770
added new code samples ( #13030 )
2021-11-03 10:10:28 -07:00
Meggie
627c43e496
1.10.0-dev version bump ( #12987 )
...
* 1.10.0-dev version bump
* Remove hard-coded versions from tests. (#13026 )
Co-authored-by: Nick Cabatoff <ncabatoff@hashicorp.com>
2021-11-03 12:50:12 -04:00
Nick Cabatoff
ddf89f2708
Add more detail to recovery mode docs. ( #12984 )
2021-11-03 10:22:00 -04:00
Nick Cabatoff
72c31832e6
Catch test errors that break go list ( #13017 )
2021-11-03 09:00:38 -04:00
swayne275
418c311b14
fix 12888 release note format ( #13016 )
...
* fix release note format
* deprecation -> change
2021-11-02 16:54:46 -06:00
Meggie
1f24338594
Should use "change" not "changes" ( #13020 )
2021-11-02 18:36:11 -04:00
Gary Frederick
f16f3efed5
add missing back tick ( #12941 )
2021-11-02 14:06:17 -07:00
Victor Rodriguez
991ab5aeed
VAULT-444: Use sync.RWMutex rather than DeadlockRWMutex in PKI backend. ( #13018 )
2021-11-02 17:02:54 -04:00
akshya96
8b89a14f13
Local auth mount documentation ( #12970 )
...
* adding documentation changes
* adding requested changes
* adding suggested changes
2021-11-02 13:23:29 -07:00
Pratyoy Mukhopadhyay
90578d3cb3
[VAULT-4034] Revert back to caching nil values ( #13013 )
...
* Revert "[VAULT-4034] Only cache non-nil values (#12993 )"
This reverts commit 67e1ed06c7199856f8493f416df55f06603881c6.
* Update sdk/physical/cache.go
Co-authored-by: Nick Cabatoff <ncabatoff@hashicorp.com>
Co-authored-by: Nick Cabatoff <ncabatoff@hashicorp.com>
2021-11-02 12:00:37 -07:00
Theron Voran
3277b8441e
docs: agent cache config requirements ( #13006 )
...
Added a note that agent cache requires at least one listener or template
to be defined in the config, and a couple spelling corrections.
Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com>
2021-11-02 11:29:40 -07:00
vinay-gopalan
ebb904031f
[VAULT-3969] Document CRUD APIs for OIDC client and assignment ( #12939 )
2021-11-02 11:01:28 -07:00
Victor Rodriguez
f6e35369f0
VAULT-444: Add PKI tidy-status endpoint. ( #12885 )
...
VAULT-444: Add PKI tidy-status endpoint.
Add metrics so that the PKI tidy status can be monitored using telemetry as well.
Co-authored-by: Steven Clark <steven.clark@hashicorp.com>
2021-11-02 11:12:49 -04:00
Pratyoy Mukhopadhyay
d37da52974
Add docs update for counter forwarding to oss ( #12998 )
...
* Add docs update for counter forwarding to oss
* Update website/content/api-docs/system/internal-counters.mdx
Co-authored-by: swayne275 <swayne275@gmail.com>
* Revert "Update website/content/api-docs/system/internal-counters.mdx"
This reverts commit 4c433726427c74e1ceef2378413cfe1eced92e9d.
* Revert "Revert "Update website/content/api-docs/system/internal-counters.mdx""
This reverts commit 0d89d734ad56a0943ad138fabbc7ce03f488176c.
Co-authored-by: swayne275 <swayne275@gmail.com>
2021-11-01 21:48:08 -07:00
Alexander Scheel
ecfc679283
TLS Documentation Changes ( #12940 )
...
* Add note to TLS cipher suite configuration
Ordering is no longer respected and the tls_max_version flag must be
used for this list to be relevant (as TLSv1.3 will ignore the cipher
suite list entirely).
See blog post linked in the docs for more information.
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
* Note that server cipher suite flag is ignored
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
* Add upgrade note about TLS cipher suites
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2021-11-01 18:14:41 -04:00
Calvin Leung Huang
4a59b4c683
deps: update plugin versions for 1.9 release ( #12975 )
...
* deps: update plugin versions for 1.9 release
* deps: update vault-plugin-secrets-azure to v0.11.1
* go get newest version of github.com/pkg/browser
* deps: update vault-plugin-secrets-alicloud v0.10.2
* deps: update vault-plugin-auth-jwt to v0.11.2
* deps: update vault-plugin-auth-gcp to v0.11.2
* Clean up some inflated indirect dep versions
* deps: update vault-plugin-auth-azure to v0.9.2
* deps: re-fetch x/oauth2 to adjust version
* deps: github.com/pkg/browser to v0.0.0-20210911075715-681adbf594b8
Co-authored-by: Ben Ash <bash@hashicorp.com>
Co-authored-by: Jim Kalafut <jkalafut@hashicorp.com>
2021-11-01 14:18:21 -07:00
Pratyoy Mukhopadhyay
0ea9285d77
[VAULT-4034] Only cache non-nil values ( #12993 )
...
* Only cache non-nil values
* Add changelog
2021-11-01 13:47:45 -07:00
John-Michael Faircloth
00a1bf37eb
docs: fix mongodb atlas username template doc ( #12992 )
2021-11-01 15:17:55 -05:00
Scott Miller
33edf1f556
Flip the semantics of the matching key algorithms in sign-self-issued. ( #12988 )
...
* Document allow_different_signature_algorithm param
* Flip the semantics of different key types for sign self issued
* More language tweaks
* Fix the field definition description
* Rework differenttype test for the new flag
* typo
2021-11-01 14:42:25 -05:00
Brian Kassouf
0e1b2c1b7b
Fix some more error shadowing issues ( #12990 )
2021-11-01 11:43:00 -07:00
John-Michael Faircloth
792400a24c
ensure errors are checked ( #12989 )
2021-11-01 13:34:51 -05:00
Victor Rodriguez
c83289f238
Document default value of encode_format field for Transform templates. ( #12983 )
2021-11-01 13:47:37 -04:00