Commit Graph

447 Commits

Author SHA1 Message Date
Meggie c0b962ecfa
Main go version bump (#13408)
* Go 1.17.2 -> 1.17.5
* Switching to cimg
2021-12-14 11:11:13 -05:00
Alexander Scheel 31ff2be589
Add universal default key_bits value for PKI endpoints (#13080)
* Allow universal default for key_bits

This allows the key_bits field to take a universal default value, 0,
which, depending on key_type, gets adjusted appropriately into a
specific default value (rsa->2048, ec->256, ignored under ed25519).

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Handle universal default key size in certutil

Also move RSA < 2048 error message into certutil directly, instead of in
ca_util/path_roles.

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add missing RSA key sizes to pki/backend_test.go

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Switch to returning updated values

When determining the default, don't pass in pointer types, but instead
return the newly updated value.

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add changelog entry

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Re-add fix for ed25519 from #13254

Ed25519 internally specifies a hash length; by changing the default from
256 to 0, we fail validation in ValidateSignatureLength(...) unless we
specify the key algorithm.

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2021-12-13 15:26:42 -05:00
Ben Ash 6ec3367648
Support clearing an identity alias' custom_metadata (#13395)
* Support clearing an identity alias' custom_metadata

Previously, an update to an entity alias supported updating the
custom_metadata as long as the update was not empty, which makes it
impossible to clear the metadata values completely.

Fixes:
- empty custom_metadata parameters are honoured on entity alias update
- update related tests
- drop dependency on mapstructure
- reformat with gofumpt
2021-12-10 18:07:47 -05:00
Chelsea Shaw fe718e99d4
UI/fix client count partial (#13396)
* Initial fix

* Add fallback zero values

* Add changelog

* Fix client count current test
2021-12-10 16:14:57 -06:00
Meggie 7c70c4ebf1
Some changelog tidying for 1.10 preview (#13385)
* Some changelog tidying for 1.10 preview

* PR accounted for by different CL entry
2021-12-10 16:23:20 -05:00
John-Michael Faircloth 04ce02057a
auth/jwt: update changelog for pkce improvement (#13392) 2021-12-10 11:15:22 -06:00
John-Michael Faircloth 7f78f3357f
auth/jwt: Update plugin to v0.11.3 (#13365)
* auth/jwt: Update plugin to v0.11.3

* add changelog
2021-12-09 07:44:52 -06:00
hghaf099 65845c7531
VAULT-1564 report in-flight requests (#13024)
* VAULT-1564 report in-flight requests

* adding a changelog

* Changing some variable names and fixing comments

* minor style change

* adding unauthenticated support for in-flight-req

* adding documentation for the listener.profiling stanza

* adding an atomic counter for the inflight requests
addressing comments

* addressing comments

* logging completed requests

* fixing a test

* providing log_requests_info as a config option to determine at which level requests should be logged

* removing a member and a method from the StatusHeaderResponseWriter struct

* adding api docks

* revert changes in NewHTTPResponseWriter

* Fix logging invalid log_requests_info value

* Addressing comments

* Fixing a test

* use an tomic value for logRequestsInfo, and moving the CreateClientID function to Core

* fixing go.sum

* minor refactoring

* protecting InFlightRequests from data race

* another try on fixing a data race

* another try to fix a data race

* addressing comments

* fixing couple of tests

* changing log_requests_info to log_requests_level

* minor style change

* fixing a test

* removing the lock in InFlightRequests

* use single-argument form for interface assertion

* adding doc for the new configuration paramter

* adding the new doc to the nav data file

* minor fix
2021-12-08 17:34:42 -05:00
Matt Schultz 85f5cfc356
Adds support for SHA-3 to transit (#13367)
* Adding support for SHA3 in the transit backend.

* Adds SHA-3 tests for transit sign/verify path. Adds SHA-3 tests for logical system tools path hash functionality. Updates documentation to include SHA-3 algorithms in system tools path hashing.

* Adds changelog entry.

Co-authored-by: robison jacka <robison@packetized.io>
2021-12-08 12:29:33 -06:00
Jordan Reimer c1df15e790
Incorporate Ember Flight Icons (#12976)
* adds ember-flight-icons dependecy

* adds inline-json-import babel plugin

* adds flight icon styling

* updates Icon component to support flight icons

* updates Icon component usages to new api and updates name values to flight icon set when available

* fixes tests

* updates icon story with flight mappings and fixes issue with flight icons not rendering in storybook

* adds changelog

* fixes typo in sign action glyph name in transit-key model

* adds comments to icon-map

* updates Icon component to use only supported flight icon sizes

* adds icon transform codemod

* updates icon transform formatting to handle edge case

* runs icon transform on templates

* updates Icon usage in toolbar-filter md and story

* updates tests
2021-12-07 10:05:14 -07:00
Jim Kalafut 22c4ae5933
Rename master key to root key (#13324)
* See what it looks like to replace "master key" with "root key".  There are two places that would require more challenging code changes: the storage path `core/master`, and its contents (the JSON-serialized EncodedKeyringtructure.)

* Restore accidentally deleted line

* Add changelog

* Update root->recovery

* Fix test

Co-authored-by: Nick Cabatoff <ncabatoff@hashicorp.com>
2021-12-06 17:12:20 -08:00
Anthony (Ryo) Wright bcd29f2b68
Fix null token type bug (#13236)
* Fixed null token panic from 'v1/auth/token/' endpoints and returned proper error response

* Fixed panic resulting from null token_type in /auth/token/roles/{role_name} to returne proper error response

* added changelog entry for PR #13236

* edit changelog entry for PR #13236
2021-12-06 09:38:53 -08:00
Eugene R c2a92cd351
Fix possible nil pointer dereference (#13318) 2021-12-02 08:23:41 -05:00
Angel Garbarino 43148ed9f2
UI/kv codemirror diff (#13000)
* staying with jsondiff

* routing setup

* send compare against data to component after using new adapater method to return the version data.

* functionality

* fix issue on route transition not calling model hook

* formatting

* update version

* changelog

* glimmerize the json-editor component

* catch up

* passing tracked property from child to parent

* pull out of jsonEditor

* fix issue with message

* icon

* fix some issues with right selection

* changes and convert to component

* integration test

* tests

* fixes

* cleanup

* cleanup 2

* fixes

* fix test by spread attributes

* remove log

* remove
2021-12-01 11:41:49 -07:00
Pavlos Tzianos 0abc8f43fa
Add helper for encoding/decoding root tokens and OTP generation in SDK module (#10504) (#10505) 2021-12-01 08:05:49 -05:00
Nick Cabatoff a47a2c9fc4
Add "operator members" command to list nodes in the cluster. (#13292) 2021-11-30 14:49:58 -05:00
Arnav Palnitkar 0a11076322
Add pagination to namespace list view (#13195)
* Add client side pagination to namespaces

* Update namespace list after delete operation

* Added changelog

* Added tests

* Clean up

* Added comment for test

* Try ember run loop

* Run test only in enterprise

* Fixed test
2021-11-29 13:11:14 -08:00
John-Michael Faircloth 32152e10fd
Identity: check NextSigningKey existence during key rotation (#13298)
* oidc: fix key rotation panic

* refactor and update unit tests

* add changelog
2021-11-29 15:10:58 -06:00
Jason O'Donnell 660a7be134
sdk/queue: move lock before checking queue length (#13146)
* sdk/queue: move lock before checking queue length

* Add changelog
2021-11-29 14:54:00 -05:00
Eugene R f39f1ce8de
Aerospike backend update (#12165)
* upgrade aerospike-client-go to v5.2.0

* use strings.Contains to check an error

* add changelog file

* go mod tidy

* go mod tidy

* update the changelog

* revert .gitignore update

* go mod tidy
2021-11-29 11:09:12 -08:00
Austin Gebauer 0ca08038d5
secrets/azure: Update plugin to v0.11.2 (#13277) 2021-11-29 09:05:23 -08:00
Nick Cabatoff 997a5ace91
Prevent raft transactions from containing overlarge keys. (#13286) 2021-11-26 08:38:39 -05:00
Nick Cabatoff f85908e1df
Return an error when trying to store a too-large key with Raft (#13282) 2021-11-25 14:07:03 -05:00
Navaneeth Rameshan 4e05632881
recognize ed25519 key type and return PKCS8 format (#13257)
* return pkcs8 format for ed25519 curve

convertRespToPKCS8 does not recognize the ed25519 key. Changes
to recognize ed25519 key and return its PKCS8 format
2021-11-24 14:24:06 -05:00
hghaf099 fe981470ad
Update 13200.txt changelog (#13263)
* Update 13200.txt
2021-11-24 13:38:15 -05:00
AnPucel eeb41dc76e
Allowing Unwrap w/ Newline files (#13044) 2021-11-24 10:13:45 -08:00
Anton Averchenkov 5af2b699fe
Respect WithWrappingToken for all secret ID's in approle auth (#13241) 2021-11-23 15:53:48 -08:00
Jordan Reimer 516f18f736
KV automatic delete state issue in UI (#13166)
* converts secret-v2-version model to native class -- fixes issues with cached values for deleted prop

* adds changelog entry

* adds disabled state to ToolbarLink component and disables create new version action when users cannot read metadata

* updates secret-edit acceptance test
2021-11-23 14:17:37 -07:00
Navaneeth Rameshan 201526e983
skip hash bits verification for ed25519 (#13254)
* skip hash bits verification for ed25519 #13253

The default value or *hashBits is 0 and will fail
at ValidateSignatureLength for ed25519. ed25519
specifies its own hash, so avoid hashBits validation for
ed25519 curve.
2021-11-23 15:28:18 -05:00
hghaf099 9640d35136
Unify HTTPResponseWriter and StatusHeaderResponseWriter (#13200)
* Unify NewHTTPResponseWriter ant NewStatusHeaderResponseWriter to fix ResponseWriter issues

* adding changelog

* removing unnecessary function from the WrappingResponseWriter interface

* changing logical requests responseWriter type

* reverting change to HTTPResponseWriter
2021-11-23 14:30:25 -05:00
claire bontempo e8c9affee1
UI/Fix node-forge EC error (#13238)
* add catch for node-forge error handling

* update comment

* adds changelog

* alphabetize attrs and add canParse attr

* show alert banner if unable to parse metadata

* add test to check info banner renders
2021-11-23 13:51:02 -05:00
Nick Cabatoff c01b993bd3
Fix regression in returning empty value for approle cidrlist. (#13235) 2021-11-23 12:13:47 -05:00
Josh Black fe0dd6f867
Add InitialMmapSize to bolt options (#13178) 2021-11-22 20:16:57 -08:00
akshya96 f77223bfe5
Authenticate to "login" endpoint for non-existent mount path bug (#13162)
* changing response from missing client token to permission denied

* removing todo comment

* fix tests

* adding changelog

* fixing changelog
2021-11-22 17:06:59 -08:00
Austin Gebauer d5f4fbecc1
identity/oidc: optional nonce parameter for authorize request (#13231) 2021-11-22 09:42:22 -08:00
divyapola5 5236fe93aa
Add a new parameter "allowed_managed_keys" to mount config (#13202)
* Add a new parameter "allowed_managed_keys" to mount config

* Adjust formatting in mount.go

* Add changelog entry
2021-11-21 19:08:38 -06:00
Jim Kalafut 3818adf3f8
Fix missing changelog (#13230) 2021-11-19 12:59:00 -08:00
Jordan Reimer f7a7b4a32b
Raft Snapshot Restore Bug (#13107)
* fixes issue restoring raft snapshot

* adds changelog entry
2021-11-17 10:30:59 -07:00
Jordan Reimer d9d9a7353e
Form field component ttl picker not initially enabling (#13177)
* fixes issue with ttl picker not initially enabling in form field component

* adds changelog entry

* updates test

* updates initial ttl toggle state for default 0s value
2021-11-17 10:21:17 -07:00
claire bontempo c8bfbbdf7e
UI/Update blueprints to glimmer components (#13149)
* updates generator to glimmer

* adds changelog

* accounts for addon vs reg components

* moves imports to the top of components
2021-11-16 13:14:16 -08:00
Nick Cabatoff eda9607c8a
Revert more downgrades from #12975. (#13168) 2021-11-16 15:07:03 -05:00
Nick Cabatoff c2d9215d1d
Fix startup failures when aliases from a pre-1.9 vault version exist (#13169)
* Add AllowMissing to local_bucket_key schema, preventing startup failures in post-unseal when aliases from an older version exist.
2021-11-16 14:56:34 -05:00
Nick Cabatoff 9e27ccbae1
Fix 1.9 regression with raft and stored time values (#13165) 2021-11-16 14:43:00 -05:00
Chelsea Shaw c105c58bce
Hide verify-connection attribute on connection config show page (#13152)
* Hide verify-connection attribute on connection config show page

* Add changelog
2021-11-16 12:56:42 -06:00
Matt Schultz 0abd248c9f
Return non-retryable errors on transit encrypt and decrypt failures (#13111)
* Return HTTP 400s on transit decrypt requests where decryption fails. (#10842)

* Don't abort transit batch encryption when a single batch item fails.

* Add unit tests for updated transit batch decryption behavior.

* Add changelog entry for transit encrypt/decrypt batch abort fix.

* Simplify transit batch error message generation when ciphertext is empty.

* Return error HTTP status codes in transit on partial batch decrypt failure.

* Return error HTTP status codes in transit on partial batch encrypt failure.

* Properly account for non-batch transit decryption failure return. Simplify transit batch decryption test data. Ensure HTTP status codes are expected values on batch transit batch decryption partial failure.

* Properly account for non-batch transit encryption failure return. Actually return error HTTP status code on transit batch encryption failure (partial or full).
2021-11-15 15:53:22 -06:00
Jordan Reimer a3862bcf97
OIDC Auth Bug (#13133)
* fixes issue with oidc auth method when MetaMask chrome extenstion is used

* adds changelog entry

* updates auth-jwt integration tests

* fixes race condition in runCommands ui-panel helper method where running multiple commands would not always result in the same output order
2021-11-15 08:48:11 -07:00
VAL e18f180609
GCP and Azure Login methods for Go client library (#13022)
* Add native Login method for GCP auth backend

* Add native Login method for Azure auth backend

* Add changelog entry

* Use official azure library Environment struct rather than passing string, add timeouts

* Use v1.3.0 which now has interface definition

* Don't throw away error and close resp body

* Back to WithResource so we can support non-Azure URLs for aud
2021-11-12 09:32:05 -08:00
Alexander Scheel cd213f5fca
Restrict ECDSA/NIST P-Curve hash function sizes for cert signing (#12872)
* Restrict ECDSA signatures with NIST P-Curve hashes

When using an ECDSA signature with a NIST P-Curve, we should follow
recommendations from BIS (Section 4.2) and Mozilla's root store policy
(section 5.1.2) to ensure that arbitrary selection of signature_bits
does not exceed what the curve is capable of signing.

Related: #11245

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Switch to certutil.ValidateKeyTypeSignatureLength(...)

Replaces previous calls to certutil.ValidateKeyTypeLength(...) and
certutil.ValidateSignatureLength(...) with a single call, allowing for
curve<->hash validation.

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Switch to autodetection of signature_bits

This enables detection of whether the caller manually specified a value
for signature_bits or not; when not manually specified, we can provision
a value that complies with new NIST P-Curve policy.

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Select hash function length automatically

Due to our change in behavior (to default to -1 as the value to
signature_bits to allow for automatic hash selection), switch
ValidateKeyTypeSignatureLength(...) to accept a pointer to hashBits and
provision it with valid default values.

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Prevent invalid Curve size lookups

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Switch from -1 to 0 as default SignatureBits

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add changelog entry

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2021-11-12 12:18:38 -05:00
claire bontempo 7f67aa28bf
UI/Custom empty state messages for transit and transform (#13090)
* customizes empty state messages for transit and transform

* adds changelog

* clarifies key name
2021-11-11 16:53:53 -08:00
vinay-gopalan 762133a101
update changelog/12621.txt (#13117) 2021-11-10 16:39:27 -08:00