Commit Graph

447 Commits

Author SHA1 Message Date
Scott Miller 241a78a2f2
Use the system rand reader for SSH keypair generation (#12560)
* Use the system rand reader for SSH keypair generation

* changelog
2021-09-15 11:59:28 -05:00
Scott Miller 33d7dc5fb4
Use the system rand reader for CA root and intermediate generation (#12559)
* Use the system rand reader for CA root and intermediate generation

* changelog
2021-09-15 11:59:12 -05:00
Angel Garbarino 12b1dc0069
Bug fix: allow forward slash in paths for delete menu (#12550)
* fix bug and add test coverage

* changelog
2021-09-14 12:30:01 -06:00
Scott Miller 6f18a9b6be
Allow signing self issued certs with a different public key algorithm. (#12514)
* WIP: Unset the certificate's SignatureAlgorithm to allown cross-signing of different key types

* Allow signing self issued certs with a different public key algorithm

* Remove cruft

* Remove stale import

* changelog

* eliminate errwrap

* Add a test to cover the lack of opt-in flag

* Better comment

Co-authored-by: catsby <clint@ctshryock.com>
2021-09-14 10:07:27 -05:00
divyapola5 30563097ea
Enforce minimum cache size for transit backend (#12418)
* Enforce Minimum cache size for transit backend

* enfore minimum cache size and log a warning during backend construction

* Update documentation for transit backend cache configuration

* Added changelog

* Addressed review feedback and added unit test

* Modify code in pathCacheConfigWrite to make use of the updated cache size

* Updated code to refresh cache size on transit backend without restart

* Update code to acquire read and write locks appropriately
2021-09-13 16:44:56 -05:00
Theron Voran ae0bda77b3
vault-agent: copy values retrieved from bolt (#12534)
Byte slices returned from Bolt are only valid during a transaction, so
this makes a copy.

Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com>
2021-09-13 11:06:08 -07:00
jhart-cpi fa1611f427
improvement: add signature_bits field to CA and signers (#11245)
This change adds the ability to set the signature algorithm of the
CAs that Vault generates and any certificates it signs.  This is a
potentially useful stepping stone for a SHA3 transition down the line.

Summary:
* Adds the field "signature_bits" to CA and Sign endpoints
* Adds support for SHA256, SHA384 and SHA512 signatures on EC and RSA
keytypes.
2021-09-10 14:39:05 -07:00
Jacob Burroughs 65029f8c8f
Fix pkcs7 parsing in some cases (#12519)
* Fix pkcs7 parsing in some cases

brings in https://github.com/mozilla-services/pkcs7/pull/61 from upstream

In some cases but not all, aws includes a certificate in the pkcs7 response,
and currently vault fails to parse those certificates:
```
URL: PUT https://vault.example.com/v1/auth/aws/login
Code: 500. Errors
* failed to parse the BER encoded PKCS#7 signature: ber2der: Invalid BER format
```

This fixes logins on those instances.  Note we could not readily ascertain why
some instances have those certificates and others don't.

* Add changelog entry

* Correct missed line
2021-09-10 12:17:03 -04:00
John-Michael Faircloth c42bbb369c
Identity: prepublish jwt signing keys (#12414)
* pre-publish new signing keys for `rotation_period` of time before using

* Work In Progress: Prepublish JWKS and even cache control

* remove comments

* use math/rand instead of math/big

* update tests

* remove debug comment

* refactor cache control logic into func

* don't set expiry when create/update key

* update cachecontrol name in oidccache for test

* fix bug in periodicfunc test case

* add changelog

* remove confusing comment

* add logging and comments

* update change log from bug to improvement

Co-authored-by: Ian Ferguson <ian.ferguson@datadoghq.com>
2021-09-09 13:47:42 -05:00
Theron Voran 48e0c3fde7
dep: update consul-template to v0.27.0 (#12505) 2021-09-09 09:12:42 -07:00
John-Michael Faircloth 0d04a9892a
identity: enforce key param and key existence on role creation (#12208)
* identity: handle creation of role without a key parameter

* update docs to not require key parameter for creation of a role

* add changelog

* require key param when creating a role

* lock create/update role; remove now redundant key check

* update changelog and UTs

* update change log to refelct actual implementation

* remove deprecated test case
2021-09-08 10:46:58 -05:00
claire bontempo c9eb55cc16
UI/bar chart horizontal (#12437)
* creates bar chart component

* WIP//starts styling

* fixes width of bars

* WIP//barchart

* uses d3 max method instead of Math.max

* stacks data

* adds y axis

* fixes styling and spacing

* adds spacing between bars

* styling DONE

* adds legend

* adds tooltip

* tweaks styling adds pointer cursor to rects

* fixes tooltip placement

* moves starget from bar to whole area

* finishes hover selection styling

* cleans up

* cleans up a tiny bit

* stopping point

* adjusts tooltip placemnt

* WIP//clean up time

* sort of not broken

* unbroken, ish

* tooltip position fixed

* truncates text and adds tooltip

* changes tooltip width depending on content

* unbroken

* finishes initial refactor/cleanup

* finishes documentation

* passes in map legend to component

* more tidying

* add export option

* adds grid to header for export button option

* updates comments

* fix variable name change

* moves dataset formatting to parent

* removes unused code"

* adds assertions and empty state if no data

* cleans up comments adds assertion to check for map legend

* adds storybook

* adds changelog

* deletes dummy parent:

* restores index.hbs

* uses scss variables instead

* exchanges more variables

* remove unused variable in storybook

* writes basic test

* removes pauseTest()
2021-09-07 12:54:33 -07:00
Daniel Kimsey b4b61efc75
Auto-join support for IPv6 discovery (#12366)
* Auto-join support for IPv6 discovery

The go-discover library returns IP addresses and not URLs. It just so
happens net.URL parses "127.0.0.1", which isn't a valid URL.

Instead, we construct the URL ourselves. Being careful to check if it's
an ipv6 address and making sure it's in explicit form if so.

Fixes #12323

* feedback: addrs & ipv6 test

Rename addrs to clusterIPs to improve clarity and intent

Tighten up our IPv6 address detection to be more correct and to ensure
it's actually in implicit form
2021-09-07 11:55:07 -07:00
Tero Saarni 30ca69f16a
Update github.com/gogo/protobuf (#12255)
* Update github.com/gogo/protobuf

* Fixes #12254 (CVE-2021-3121)

* Update github.com/gogo/protobuf

* Added changelog

Signed-off-by: Tero Saarni <tero.saarni@est.tech>

* go mod tidy
2021-09-07 11:40:14 -07:00
John-Michael Faircloth 2cca67c96f
update couchbase plugin version (#12483)
* update couchbase plugin version

* add changelog

* go get main branch and go mod tidy
2021-09-07 11:48:10 -05:00
akshya96 f4bd14ed3f
Vault 2823 cc namespace (#12393)
* vault-2823 adding changes

* VAULT-2823 adding alias

* Vault-2823 addressing comments

* Vault-2823 removing comments

* Vault-2823 removing comments

* vault-2823 removing q debug

* adding changelog

* Vault-2823 updating external test

* adding approved changes

* fixing returns

* fixing returns
2021-09-07 09:16:12 -07:00
Nick Cabatoff 45a83d8e0f
Add code to api.RaftSnapshot to detect incomplete snapshots (#12388) 2021-09-07 11:16:37 -04:00
Blake Hitchcock cf15a60a87
Send x-forwarded-for in Okta Push Factor request (#12320)
* Send x-forwarded-for in Okta Push Factor request

Why:

In order for Okta to properly report the location of the authentication
attempt, the X-Forwarded-For header must be included in the request to
Okta (if it exists).

This change addresses the need by:

* Duplicating the value of X-Forwarded-For if it's passed through to the
  auth backend

* Add changelog entry for 12320
2021-09-03 13:09:11 -07:00
Chelsea Shaw 4f8d490419
UI: Fix missing nav links on namespace login (#12478)
* Override loading behavior which breaks query params passed to API calls

* Only show loading state if transition is not queryparams only

* Add changelog

* Skip loader if testing
2021-09-03 13:46:50 -05:00
Robert Balent e598ae711a
UI: Show day of month instead of day of year in the expiration warning dialog (#11984)
* Show day of month instead of day of year in expiration warning dialog

* Adding changelog
2021-09-02 18:06:55 -04:00
Angel Garbarino c013e4a741
UI add custom metadata to KV2 (#12169)
* initial setup

* form field editType kv is very helpful

* setting up things

* setup two routes for metadata

* routing

* clean up routing

* meh router changes not my favorite but its working

* show metadata

* add controller for backendCrumb mixin

* setting up edit metadata and trimming SecretEditMetadata component

* add edit metadata save functionality

* create new version work

* setup model and formfieldgroups for added config data.

* add config network request to secret-engine

* fix validations on config

* add config rows

* breaking up secret edit

* add validation for metadata on create

* stuff, but broken now on metadata tab

* fix metadata route error

* permissions

* saving small text changes

* permissions

* cleanup

* some test fixes and convert secret create or update to glimmer

* all these changes fix secret create kv test

* remove alert banners per design request

* fix error for array instead of object in jsonEditor

* add changelog

* styling

* turn into glimmer component

* cleanup

* test failure fix

* add delete or

* clean up

* remove all hardcoded for api integration

* add helper and fix create mode on create new version

* address chelseas pr comments

* add jsdocs to helper

* fix test
2021-08-31 09:41:41 -06:00
Austin Gebauer 7f33648443
Removes changelog entry for unreleased feature (#12447) 2021-08-26 18:00:29 -07:00
Arnav Palnitkar 45d1b4708b
Client count config view (#12422)
* Client count config view

- Switched to toggle button from checkbox and updated the design
- Switched to ember octane
- Update ember concurrency dependency

* Fixed integration tests

* Added changelog

* Update switch label on toggle

* Code cleanup

* Fixed test
2021-08-25 14:22:15 -07:00
Pratyoy Mukhopadhyay c379fd43a9
[MAR-3131] Set grace to 0 on non-positive lease duration (#12372)
* [MAR-3131] Set grace to 0 on non-positive lease duration

* [MAR-3131] Add changelog

* [VAULT-3131] Add test for negative lease duration
2021-08-24 19:06:40 -07:00
Josh Black 0291e56e83
bump go to 1.16.7 (#12408) 2021-08-24 09:54:26 -07:00
Angel Garbarino 4031960551
Bug Fix: tab on MaskedInput for GeneratedItems it was clearing the value (#12409)
* fix tab issue

* add test coverage

* changelog

* update documentation

* remove meep:

* documentation
2021-08-24 08:59:37 -06:00
Chris Capurso 3f4a381f1b
Add kv custom key metadata (#12218)
* add custom-metdata flag to "kv metadata put" command

* add kv metadata put command test for custom-metadata flag

* add custom_metadata to kv-v2 api docs

* add custom_metadata to kv-v2 cli docs

* update go.mod

* Add custom metadata limits to docs

* add changelog entry

* update vault-plugin-secrets-kv to @master
2021-08-23 15:49:09 -04:00
Jason O'Donnell 1cf3ff046e
plugin/snowflake: update gosnowflake to v1.6.1 (#12378)
* plugin/snowflake: update gosnowflake to v1.6.1

* changelog

* go mod tidy
2021-08-20 11:52:31 -04:00
Austin Gebauer 437cb74c5a
Updates vault-plugin-secrets-gcp to v0.10.2 (#12379) 2021-08-19 16:33:34 -07:00
Pratyoy Mukhopadhyay 5fda05adee
[VAULT-3226] Use os.rename on windows os (#12377)
* [VAULT-3226] Use os.rename on windows os

* [VAULT-3226] Add changelog
2021-08-19 16:05:53 -07:00
Arnav Palnitkar 47d450a4b1
Handle api explorer routing error (#12354)
* Handle api explorer routing error

- For some reason when routing is done during async process, router transtionTo throws the TransitionAbortedError
- As a fix treat this particular error as success since it doesn't interfere in the routing
- Reference: https://github.com/emberjs/ember-test-helpers/issues/332

* Added changelog
2021-08-19 14:32:02 -07:00
Arnav Palnitkar 0b73135a8c
Fixed overflowing text of flash message container (#12357)
* Fixed overflowing text of flash message container

* Added changelog
2021-08-19 14:27:22 -07:00
Nick Cabatoff 124bc87381
Upgrade snappy to fix panic with identity/packer on Go 1.16+arm64. (#12371) 2021-08-19 15:51:06 -04:00
Nick Cabatoff 72499c3215
Check to make sure context isn't expired before doing a raft operation. (#12162) 2021-08-19 12:03:56 -04:00
Jason O'Donnell b55e1a31fc
creds/aws: Add support for DSA signature verification for EC2 (#12340)
* creds/aws: import pkcs7 verification package

* Add DSA support

* changelog

* Add DSA to correct verify function

* Remove unneeded tests

* Fix backend test

* Update builtin/credential/aws/pkcs7/README.md

Co-authored-by: Calvin Leung Huang <1883212+calvn@users.noreply.github.com>

* Update builtin/credential/aws/path_login.go

Co-authored-by: Calvin Leung Huang <1883212+calvn@users.noreply.github.com>

Co-authored-by: Calvin Leung Huang <1883212+calvn@users.noreply.github.com>
2021-08-19 09:16:31 -04:00
Calvin Leung Huang 05103627d3
dbplugin: fix error message in DeleteUser (#12351)
* dbplugin: fix error message in DeleteUser

* add changelog
2021-08-18 16:12:40 -07:00
Chelsea Shaw 92739f494f
UI: Allow metrics view without config read (#12348)
* pass default value for defaultSpan on pricing metrics dates component

* Add changelog

* Add test for no config policy
2021-08-18 15:33:39 -05:00
Clint 675e0c1383
Replace go-bindata-assetfs build dependency with native go:embed (#11208)
* copy over the webui

move web_ui to http

remove web ui files, add .gitkeep

updates, messing with gitkeep and ignoring web_ui

update ui scripts

gitkeep

ignore http/web_ui

Remove debugging

remove the jwt reference, that was from something else

restore old jwt plugin

move things around

Revert "move things around"

This reverts commit 2a35121850f5b6b82064ecf78ebee5246601c04f.

Update ui path handling to not need the web_ui name part

add desc

move the http.FS conversion internal to assetFS

update gitignore

remove bindata dep

clean up some comments

remove asset check script that's no longer needed

Update readme

remove more bindata things

restore asset check

update packagespec

update stub

stub the assetFS method and set uiBuiltIn to false for non-ui builds

update packagespec to build ui

* fail if assets aren't found

* tidy up vendor

* go mod tidy

* updating .circleci

* restore tools.go

* re-re-re-run make packages

* re-enable arm64

* Adding change log

* Removing a file

Co-authored-by: hamid ghaf <hamid@hashicorp.com>
2021-08-18 11:05:11 -04:00
Hridoy Roy 2554563268
(OSS Port) Restrict Quota Deletion to Primary Cluster [vault-2399] (#12339)
* oss part of vault 2399

* Update vault/quotas/quotas.go

Co-authored-by: Vishal Nayak <vishalnayak@users.noreply.github.com>

* use OSS PR number as changelog entry as indicated by the changelog guide

Co-authored-by: Vishal Nayak <vishalnayak@users.noreply.github.com>
2021-08-17 15:34:43 -07:00
John-Michael Faircloth 40fd60342a
feature: OIDC provider assignment API (#12198)
* initial commit

* add read and delete operations

* fix bug in delete and add list unit test

* func doc typo fix

* add existence check for assignment

* remove locking on the assignment resource

It is not needed at this time.

* convert Callbacks to Operations

- convert Callbacks to Operations
- add test case for update operations

* remove use of oidcCache

* refactor struct and var names

* harmonize test name conventions

* add changelog and refactor

- add changelog
- be more explicit in the case where we do not recieve a path field

* remove extra period from changelog

* update assignment path

* removed unused name field
2021-08-17 15:55:06 -05:00
Jason O'Donnell 5e86a34e3e
api: return parse errors if any for storage endpoints (#12338)
* logical/list: return parseErr if any

* changelog

* Add parseErr to other API endpoints

* Update 12338.txt
2021-08-17 13:19:39 -04:00
claire bontempo 5c7403e56f
UI/StatText Component (#12295)
* creates stattext component

* creates .scss file

* creates storybook

* fixes typo

* fixes readme

* adds changelog

* finishes tests
2021-08-16 11:55:12 -07:00
akshya96 9defbb47e7
Vault 2176 snapshot config issue (#12317)
* removing redirect line from handler.go

* adding changelog entry

* adding changes
2021-08-16 10:12:00 -07:00
Calvin Leung Huang d0adf67771
dep: update database-couchbase plugin to v0.4.1 (#12301)
* dep: update database-couchbase plugin to v0.4.1

* add CL entry
2021-08-12 11:54:19 -07:00
hghaf099 f885d97774
VAULT-2285 adding capability to accept comma separated entries for au… (#12126)
* VAULT-2285 adding capability to accept comma separated entries for auth enable/tune

* Adding changelog

* Adding logic to detect invalid input parameter for auth enable config

* Updating tune.mdx

* Updating secret enable/tune for comma separated parameters

* Adding further parameter checks for auth/secret tests
Fixing changelog
using builtin type for a switch statement
Fixing a possible panic scenario

* Changing a function name, using deep.Equal instead of what reflect package provides

* Fixing auth/secret enable/tune mdx files

* One more mdx file fix

* Only when users provide a single comma separated string in a curl command, split the entries by commas

* Fixing API docs for auth/mount enable/tune for comma separated entries

* updating docs, removing an unnecessary switch case
2021-08-09 15:37:03 -04:00
vinay-gopalan 23770cc2a7
Update genUsername to cap STS usernames at 32 chars (#12185)
* update genUsername to cap STS usernames at 64 chars

* add changelog

* refactor tests into t.Run block

* patch: remove warningExpected bool and include expected string

* patch: revert sts to cap at 32 chars and add assume_role case in genUsername

* update changelog

* update genUsername to return error if username generated exceeds length limits

* update changelog

* add conditional default username template to provide custom STS usernames

* update changelog

* include test for failing STS length case

* update comments for more clarity
2021-08-09 09:40:47 -07:00
Austin Gebauer 53373f78ed
Updates vault-plugin-auth-jwt to v0.10.1 (#12265) 2021-08-04 13:13:02 -07:00
Calvin Leung Huang 4546318eb7
changelog: remove 12251 entry (#12256) 2021-08-04 11:11:21 -07:00
John-Michael Faircloth 0d94a6530f
identity: allow creating a role with a non-existent key (#12251)
* identity: allow creating a role with a non-existent key

* remove whitespace

* add changelog
2021-08-04 11:01:13 -07:00
Meggie 6a32c01c8a
Updating go version to 1.16.6 for security fix (#12245)
* Updating go version to 1.16.6 for security fix

* Changelog
2021-08-04 11:30:43 -04:00
claire bontempo fe7ce777dc
UI/TTL helperEnabled/DisabledText fix (#12212)
* fixes helperTextDisabled/Enabled
2021-08-03 15:50:49 -07:00
Calvin Leung Huang c35044010e
serviceregistration: add external-source meta value (#12163)
* serviceregistration: add external-source meta value

* add changelog file
2021-08-03 09:31:01 -07:00
Hridoy Roy a3fefdca35
oss part of license diagnose test fix (#12234)
* oss part of license diagnose test fix

* cl
2021-08-02 10:50:49 -07:00
Hridoy Roy 28f33d2384
Fix Diagnose Formatting In Disk Usage Checks (#12229)
* save

* fix diagnose formatting errors

* fix diagnose formatting errors

* change powers

* change powers

* use humanize instead of doing the conversion to mb manually

* cl
2021-08-02 10:06:04 -07:00
hghaf099 90c5b3c1c5
VAULT-1303 when a request to vault fails, show namespace if set (#12196)
* VAULT-1303 when a request to vault fails, show namespace if set

* Adding changelog

* Fix Changelog file name

* Set namespace in ResponseWriter headers if it is set

* Using consts.NamespaceHeaderName instead of the literal string
2021-07-30 12:32:05 -04:00
John-Michael Faircloth 39c744ca4e
identity: do not allow a role's token_ttl to be longer than verification_ttl (#12151)
* do not allow token_ttl to be longer than verification_ttl

* add verification when updating an existing key

When updating a key, ensure any roles referencing the key do not already
have a token_ttl greater than the key's verification_ttl

* add changelog

* remove unneeded UT check and comment

* refactor based on PR comments

- remove make slice in favor of var delcaration
- remove unneeded if check
- validate expiry value during token generation
- update changelog as bug

* refactor get roles referencing target key names logic

* add note about thread safety to helper func

* update func comment

* sort array and refactor func names

* add warning to return response

* remove unnecessary code from unit test

* Update vault/identity_store_oidc.go

Co-authored-by: Austin Gebauer <34121980+austingebauer@users.noreply.github.com>

Co-authored-by: Austin Gebauer <34121980+austingebauer@users.noreply.github.com>
2021-07-28 20:34:52 -05:00
Nick Cabatoff 6016e86115
Fix `vault debug` so that captured logs include newlines. (#12175) 2021-07-27 09:15:24 -04:00
Hridoy Roy fff7dc7a40
Diagnose docs + changelog (#12159)
* save

* diagnose docs

* changelog

* changelog formatting
2021-07-26 08:45:12 -07:00
Arnav Palnitkar c71a6b6312
Update node to latest stable version (#12049)
* Update node to latest stable version

- v10 has reached EOL so upgrading node to v14 which is the latest
stable build

* Added changelog

* Resolve merge conflicts
2021-07-22 14:09:12 -07:00
Tor E Hagemann de2ee46525
fix: print consul svc addr in debug log (#12115)
* fix: print consul svc addr in debug log

* fix: add small change log 12115.txt
2021-07-21 13:12:49 -07:00
claire bontempo b05ffa88d5
Improve Secret Empty States (#12084)
* adds conditional to render 'minus plain' icon when key doesn't exist

* shows a hyphen when KV secret doesn't have a key and/or value

* fixes tests
2021-07-21 12:47:52 -07:00
vinay-gopalan 859b60cafc
[VAULT-1969] Add support for custom IAM usernames based on templates (#12066)
* add ability to customize IAM usernames based on templates

* add changelog

* remove unnecessary logs

* patch: add test for readConfig

* patch: add default STS Template

* patch: remove unnecessary if cases

* patch: add regex checks in username test

* patch: update genUsername to return an error instead of warnings

* patch: separate tests for default and custom templates

* patch: return truncate warning from genUsername and trigger a 400 response on errors

* patch: truncate midString to 42 chars in default template

* docs: add new username_template field to aws docs
2021-07-20 09:48:29 -07:00
Chelsea Shaw 4a9669a1bc
UI/database cg read role (#12111)
* Add type param to secret show, handle CG in database role show

* If roleType is passed to credential, only make one creds API call

* Clean up db role adapter and serializer

* url param roleType passed to credentials call

* Role list capabilities check for static and dynamic separately

* Add changelog

* Consistent adapter response for single or double call

* Prioritize dynamic response if control group on role/creds
2021-07-20 11:28:44 -05:00
Ben Ash e899e2adfa
Add ability to optionally clone an api.Client's headers (#12117) 2021-07-19 17:15:31 -04:00
Austin Gebauer f7586e475d
changelog: update feature formatting for gcp and key management secrets (#12120) 2021-07-19 12:16:27 -07:00
Jason O'Donnell afc33ba7aa
Change changelog type for openldap bug fix (#12112) 2021-07-16 16:37:21 -04:00
John-Michael Faircloth 3baff15c9d
mongodbatlas: update changelog for username customization (#12098) 2021-07-15 15:44:03 -05:00
Austin Gebauer d1c090fe63
secrets/database: fixes external plugin reconnect after shutdown for v4 and v5 interface (#12087)
* secrets/database: fixes external plugin shutdown reconnect for v5 interface

* adds changelog entry

* fixes handling of plugin shutdown for password generation on v4 interface
2021-07-15 13:41:04 -07:00
Jason O'Donnell 03788bdba2
secrets/ad: change improvement to feature in changelog (#12095)
* secrets/ad: change improvement to feature in changelog

* Update per feature requirements
2021-07-15 15:55:40 -04:00
vinay-gopalan c20b5f1040
[VAULT-1986] Cap AWS Token TTL based on Default Lease TTL (#12026)
* fix: cap token TTL at login time based on default lease TTL

* add changelog file

* patch: update warning messages to not include 'at login'

* patch: remove default lease capping and test

* update changelog

* patch: revert warning message
2021-07-15 10:05:38 -07:00
Nick Cabatoff f027a1b1ff
Revert #12061 due to failures in TestLogical_RequestSizeLimit (#12093) 2021-07-15 12:55:09 -04:00
Tom Proctor 491c0ca78b
Update kubernetes auth plugin with AliasLookahead fix (#12073) 2021-07-15 14:35:40 +01:00
Angel Garbarino 84da2424a7
Fix KV Version History queryParams on the component LinkedBlock (#12079)
* fix the issue

* add test coverage

* add documentation to link-block

* add changelog

* modify for browserstack
2021-07-14 15:38:55 -06:00
hghaf099 f7635ec1b8
Add namespace in error (#12061)
* hghaf099-VAULT-1303-Adding namespace in error when it is set

* casting ResponseWriter in handleMonitor to logical.NamespaceResponseWriter

* Casting ResponseWriter conditionally for http.Flusher
Adding changelog

* Improving changlog message
2021-07-14 15:55:55 -04:00
Chelsea Shaw 50e5e2f48a
UI: Automatically refresh page on logout (#12035) 2021-07-14 10:01:14 -05:00
Scott Miller ec4b1b69d3
Enable building darwin arm64 for 1.8.x (#11855) (#12071)
* Enable building darwin arm64 for 1.8.x (#11855)

* Changelog

Co-authored-by: Vishal Nayak <vishalnayak@users.noreply.github.com>
2021-07-14 09:26:37 -05:00
Martin Lee 10f29e0503
base32.DecodeString expects length 8 for the buffer (#11887)
Add padding to the input key to ensure it reaches that length.
2021-07-14 07:38:10 -04:00
Arnav Palnitkar d1cc297cd9
Handle form validation for open api form (#11963)
* Handle form validation for open api form

- Added required validator for all the default fields

* Fixed field group error and adedd comments

* Fixed acceptance tests

* Added changelog

* Fix validation in edit mode

- Handle read only inputs during edit mode

* Minor improvements

* Restrict validation only for userpass
2021-07-13 15:50:27 -07:00
Yong Wen Chua 7ea650bc06
Update Documentation for GCP Static Account (#12027)
* Update API Docs for Static Account

* Update CHANGELOGs

* Update guide

* Clarify IAM

* More refinement

* Fix missing replace of roleset while copy/pasting

Co-authored-by: Austin Gebauer <34121980+austingebauer@users.noreply.github.com>

* Remove CHANGELOG

* Fix some double ticks

* Apply suggestions from code review

Co-authored-by: Austin Gebauer <34121980+austingebauer@users.noreply.github.com>

* Update examples

Co-authored-by: Austin Gebauer <34121980+austingebauer@users.noreply.github.com>
2021-07-13 09:36:05 -07:00
Chelsea Shaw b1a9e4fe58
UI/control group db cred (#12024) 2021-07-12 12:50:30 -05:00
Chris Capurso 505e3f9a89
[VAULT-2825] Fix erroneous 500 resp for field validation errors (#12042)
* [VAULT-2825] Correctly respond with 400 rather than 500 for field validation errors

* [VAULT-2825] Add changelog entry

* [VAULT-2825] Simplify test assertion
2021-07-12 13:39:28 -04:00
Pratyoy Mukhopadhyay 9b5e89bd34
[VAULT-2776] Add prefix_filter option to Vault (#12025)
* [VAULT-2776] Add prefix_filter support to vault

* [VAULT-2776] Add filter_default config, update docs

* [VAULT-2776] Add changelog file

* [VAULT-2776] Update telemetry tests and error handling

* [VAULT-2776] Add test fixtures, update test

* [VAULT-2776] Update gitignore hcl filter
2021-07-09 14:49:53 -05:00
Nick Cabatoff a3ac49aa05
VAULT-2809: Tweak creation of vault.db file (#12034) 2021-07-09 14:45:50 -04:00
Nick Cabatoff 518944c599
Make the `list` and `kv list` commands work with wrapping, e.g. for controlgroups (#12031) 2021-07-09 12:08:58 -04:00
Chris Capurso 349378454a
[VAULT-1836] Support kv-v1 generic mounts for vault.kv.secret.count metric (#12020)
* [VAULT-1836] Support kv-v1 generic mounts for vault.kv.secret.count metric

* [VAULT-1836] Add changelog entry
2021-07-09 11:05:05 -04:00
Austin Gebauer f54338977d
secrets/gcp: update to v0.10.1 for static accounts (#12023) 2021-07-08 13:53:45 -07:00
Jason O'Donnell af51033214
secrets/openldap: add schema config to rotate-root (#12019)
* update go mod & go mod tidy

* Changelog
2021-07-08 13:53:17 -04:00
MilenaHC 3c3b6529fd
Redshift - Add username customization (#12016)
* username customization for redshift

* adding changelog and updating api-docs
2021-07-08 10:29:12 -05:00
claire bontempo 72e3d29abc
Truncate Secret Engine Description Text (#11995)
Co-authored-by: hashishaw <cshaw@hashicorp.com>
2021-07-08 08:21:10 -07:00
claire bontempo 08d117ae5b
Adds transform secrets engine to feature (#12003)
* adds transform secrets engine to features list
2021-07-07 16:14:54 -07:00
Pratyoy Mukhopadhyay adbaad17db
[VAULT-708] Zero out request counter on preSeal (#11970)
* [VAULT-708] Zero out request counter on preSeal

* [VAULT-708] Added changelog entry

* [VAULT-708] Add comment clarifying request counter zeroing
2021-07-07 14:03:39 -05:00
Angel Garbarino 5fe59a685b
Reverting fix on KV 2 for duplicate paths (#12008)
* revert changes

* changelog

* add test coverage for max versions
2021-07-07 11:50:00 -06:00
MilenaHC 4430a11bc5
Update SnowflakeDB plugin to v0.2.0 (#11997)
* update snowflake database plugin to v0.2.0

* add changelog

* update api-docs
2021-07-06 13:23:03 -05:00
Nick Cabatoff a2dcb131ee
`vault delete` should allow the same output options as `vault write`,… (#11992)
* `vault delete` and `vault kv delete` should allow the same output options as `vault write`, as delete operations can similarly return data.  This is needed if you want to use control groups with deletion.
2021-07-06 10:36:07 -04:00
John-Michael Faircloth aa6afd50f6
Update mongodb atlas plugin version (#11956)
* Update mongodb atlas plugin version

* go.mod was missing mongodbatlas plugin

* add changelog

* update build-go-dev circle ci job GOPROXY

* Revert "update build-go-dev circle ci job GOPROXY"

This reverts commit 0e6f339c779dac65ecb036735199f72d3d9e6a4a.

* ci: more complete go mod cache

* ci: doc use of go list ./... to populate mod cache

Co-authored-by: Sam Salisbury <samsalisbury@gmail.com>
2021-07-06 08:24:10 -05:00
John-Michael Faircloth 9832517d27
[ldap] auth method fix request_timeout (#11975)
* [ldap] auth method fix request_timeout

* add changelog

* Update sdk/helper/ldaputil/config_test.go

Co-authored-by: Calvin Leung Huang <1883212+calvn@users.noreply.github.com>

* Update sdk/helper/ldaputil/config_test.go

Co-authored-by: Calvin Leung Huang <1883212+calvn@users.noreply.github.com>

* Update changelog/11975.txt

Co-authored-by: Calvin Leung Huang <1883212+calvn@users.noreply.github.com>

Co-authored-by: Calvin Leung Huang <1883212+calvn@users.noreply.github.com>
2021-07-01 13:33:01 -05:00
Austin Gebauer b34e24fa64
docs: AWS KMS updates for key management secrets engine (#11958) 2021-06-29 10:31:25 -07:00
MilenaHC 02d45f3a66
Update ElasticSearch DB plugin to v0.8.0 (#11957)
* update elasticsearch database plugin to v0.8.0

* add changelog

* update api-docs
2021-06-29 08:07:00 -05:00
Theron Voran 52f78f1d54
Adding changelog for #11502 (#11944) 2021-06-25 15:41:08 -07:00
Jason O'Donnell b2c9b3c344
plugins/ad: Add rotate-role endpoint (#11942)
* plugins/ad: add rotate-role

* Add doc

* changelog

* Add note about rotate-role in overview
2021-06-25 14:00:03 -04:00
Jason O'Donnell b2b25be0ce
agent/template: add static_secret_render_interval configurable (#11934)
* agent/template: add default_lease_duration config

* go mod tidy

* Add changelog

* Fix panic

* Add documentation

* Change to static_secret_render_interval

* Update doc

* Update command/agent/template/template.go

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

* Update changelog/11934.txt

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

* Update website/content/docs/agent/template-config.mdx

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>
2021-06-24 15:40:31 -04:00
mr-miles 9e031b5766
Mongo doesnt allow periods in usernames (#11872)
* mongo doesnt allow periods in usernames

* Update mongodb.mdx

Update template in docs

* Move replace to the end

* Adding a test for dot replacement

* Create 11872.txt
2021-06-24 13:26:31 -04:00
Marc Boudreau 3c35a25d36
Fix for Issue 11863 - Panic when creating/updating approle role with token_type (#11864)
* initializing resp variable with aa *logical.Response before using it to add warning for default-service or default-batch token type.  Also adding guard around code that sets resp to a new logical.Response further on in the function.

* adding changelog entry

* renaming changelog file to match PR number
2021-06-24 13:03:41 -04:00
MilenaHC 5483eba5fc
RabbitMQ - Add username customization (#11899)
* add username customization for rabbitmq

* add changelog for rabbitmq

* Update builtin/logical/rabbitmq/path_config_connection.go

Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com>

* updating API docs

* moved to changelog folder

Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com>
2021-06-22 14:50:46 -05:00
Nick Cabatoff 9bcb480cb7
Fixes #11914. (#11915) 2021-06-22 12:39:23 -04:00
Angel Garbarino 94e11af37a
UI/cp validations kv duplicate path (#11878)
* setup check when secret-v2 record is populated

* return network request of full paths

* modify/amend test

* remove console log

* fix test

* add changelog

* attempt to fix browserstack test issue

* remove find

* add trim

* another attempt
2021-06-22 10:34:00 -06:00
Calvin Leung Huang c1a2a939f9
agent: restart template runner on retry for unlimited retries (#11775)
* agent: restart template runner on retry for unlimited retries

* template: log error message early

* template: delegate retries back to template if param is set to true

* agent: add and use the new template config stanza

* agent: fix panic, fix existing tests

* changelog: add changelog entry

* agent: add tests for exit_on_retry_failure

* agent: properly check on agent exit cases, add separate tests for missing key vs missing secrets

* agent: add note on difference between missing key vs missing secret

* docs: add docs for template_config

* Update website/content/docs/agent/template-config.mdx

Co-authored-by: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com>

* Update website/content/docs/agent/template-config.mdx

Co-authored-by: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com>

* Update website/content/docs/agent/template-config.mdx

Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com>

* Update website/content/docs/agent/template-config.mdx

Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com>

* Update website/content/docs/agent/template-config.mdx

Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com>

* docs: fix exit_on_retry_failure, fix Functionality section

* docs: update interaction title

* template: add internal note on behavior for persist case

* docs: update agent, template, and template-config docs

* docs: update agent docs on retry stanza

* Apply suggestions from code review

Co-authored-by: Jim Kalafut <jkalafut@hashicorp.com>
Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

* Update changelog/11775.txt

Co-authored-by: Brian Kassouf <briankassouf@users.noreply.github.com>

* agent/test: rename expectExit to expectExitFromError

* agent/test: add check on early exits on the happy path

* Update website/content/docs/agent/template-config.mdx

Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com>

Co-authored-by: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com>
Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com>
Co-authored-by: Jim Kalafut <jkalafut@hashicorp.com>
Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>
Co-authored-by: Brian Kassouf <briankassouf@users.noreply.github.com>
2021-06-21 16:10:15 -07:00
Brian Kassouf a794a6244f
raft: Set BatchApplyCh for more consistent batch sizes (#11907)
* raft: Set BatchApplyCh for more consistent batch sizes

* Add changelog file
2021-06-21 12:00:41 -07:00
Josh Black 8c069936e9
Add new boltdb options (#11895) 2021-06-21 11:35:40 -07:00
Michael Golowka 7f6a1739a3
Cassandra: Refactor PEM parsing logic (#11861)
* Refactor TLS parsing

The ParsePEMBundle and ParsePKIJSON functions in the certutil package assumes
both a client certificate and a custom CA are specified. Cassandra needs to
allow for either a client certificate, a custom CA, or both. This revamps the
parsing of pem_json and pem_bundle to accomodate for any of these configurations
2021-06-21 11:38:08 -06:00
MilenaHC 545c423f8a
add changelog to influxdb (#11896) 2021-06-18 14:56:41 -05:00
Chelsea Shaw 565871f63c
UI/fix safari oidc login (#11884)
* use window.postMessage instead of localStorage on oidc callback
2021-06-17 15:56:04 -05:00
Angel Garbarino d99742c6c5
Implement ember-cp-validations on KV secret engine (#11785)
* initial setup

* initial validation setup for empty path object.

* removal console logs

* validation on keyup for kv

* in progress

* making some progress

* more progress

* closer

* done with create page now to fix edit page that I broke

* fix secret edit display on create

* test and final touches

* cleanup mountbackendform

* cleanup

* add changelog

* address pr comments

* address styling pr comment
2021-06-15 09:21:54 -06:00
claire bontempo 58a5f17288
Displays Auth Method description on Vault UI login page (#11795)
* Displays Auth Method description on login page

* working on auth login form

* Keeps path name as LinkTo label adds description to paths

* removes commented and unused code

* removes trailing white space

* removes prettier package

* adds test for description

* removes extra white spaces

* adds changelog file
2021-06-14 13:03:49 -07:00
Jason O'Donnell 4cc1402e52
mod: update vault-plugin-secrets-ad@v0.9.1 (#11837)
* mod: update vault-plugin-secrets-ad@v0.9.1

* changelog
2021-06-11 13:40:51 -04:00
Calvin Leung Huang 1239217cd5
dep: update consul-template to v0.26.0 (#11838)
* dep: update consul-template to v0.26.0

* changelog: add a CL entry
2021-06-11 10:29:40 -07:00
Jason O'Donnell 36cc4d8e87
db/cassandra: Adding changelog and documentation (#11822)
* db/cassandra: add tls_server_name

* Remove changes from deprecated engine

* Add changelog and doc
2021-06-10 19:06:40 -04:00
Brian Kassouf b42529dd17
Omit wrapping tokens and control groups from client counts (#11826)
* Omit wrapping tokens and control groups from client counts

* add changelog note
2021-06-10 15:57:51 -07:00
Vishal Nayak c11c771737
Udate to Go 1.16.5 (#11802)
* Udate to Go 1.16.5

* Add CL

* Update packages-oss.yml

* Update go_test.yml
2021-06-09 10:38:52 -04:00
Austin Gebauer cdc56809a2
Updates the JWT/OIDC auth plugin to v0.9.4 (#11784) 2021-06-07 16:02:57 -07:00
Chelsea Shaw 468331fa61
UI/license page with autoload (#11778) 2021-06-07 12:44:39 -05:00
Hridoy Roy 1782b4e880
oss part of control groups upgrade (#11772)
* oss part of control groups upgrade

* changelog and docs

* formatting

* formatting
2021-06-07 09:15:35 -07:00
Chelsea Shaw f9ccd941ad
UI/license banners (#11759) 2021-06-03 15:30:26 -05:00
swayne275 9724f59180
Vault 1979: Query API for Irrevocable Leases (#11607)
* build out lease count (not fully working), start lease list

* build out irrevocable lease list

* bookkeeping

* test irrevocable lease counts for API/CLI

* fix listIrrevocableLeases, test listIrrevocableLeases, cleanup

* test expiration API limit

* namespace tweaks, test force flag on lease list

* integration test leases/count API, plenty of fixes and improvements

* test lease list API, fixes and improvements

* test force flag for irrevocable lease list API

* i guess this wasn't saved on the last refactor...

* fixes and improvements found during my review

* better test error msg

* Update vault/logical_system_paths.go

Co-authored-by: Brian Kassouf <briankassouf@users.noreply.github.com>

* Update vault/logical_system_paths.go

Co-authored-by: Brian Kassouf <briankassouf@users.noreply.github.com>

* return warning with data if more than default leases to list without force flag

* make api doc more generalized

* list leases in general, not by mount point

* change force flag to include_large_results

* sort leases by LeaseID for consistent API response

* switch from bool flag for API limit to string value

* sort first by leaseID, then stable sort by expiration

* move some utils to be in oss and ent

* improve sort efficiency for API response

Co-authored-by: Brian Kassouf <briankassouf@users.noreply.github.com>
2021-06-02 10:11:30 -06:00
Chelsea Shaw cef14f0236
UI: allow reset on database json fields (#11708) 2021-05-27 16:25:58 -05:00
rerorero 9ebb14bab3
Fix: Transit encrypt batch does not honor key_version (#11628)
* fix(secret/transit): #10232 Transit encrypt batch does not honor key_version

* add changelog for 11628
2021-05-27 14:05:20 -05:00
Calvin Leung Huang 3d94bcade5
changelog: add entry for #11696 (#11715)
* changelog: add entry for #11696

* Update 11696.txt

* Update 11696.txt
2021-05-27 10:57:59 -07:00
Arnav Palnitkar f2552b708b
Update cluster status partial to component (#11680)
* Update cluster status partial to component

* Added changelog

* Close menu when link is clicked

* Upgraded to glimmer components

* Fixed indentations
Added back activeCluster
Updated changelog
2021-05-27 09:52:51 -07:00
Chelsea Shaw 36c8366d5d
UI unseal screen updates (#11705)
* Styling for empty-state and splash-page

* Update shamir-flow language and trigger onError on non-400 error

* Add license terminated screen to unseal

* Add changelog
2021-05-26 13:59:11 -05:00
Angel Garbarino cf511a895b
UI/tools partial (#11672)
* hash tools from partial to component

* initial setup of tools random, but issue remaining with bytes

* rewrap

* unwrap

* final two partials

* fix issues with actions on tool wrap

* fix hash

* changelog

* address pr comments

* fix onClear

* trigger run

* triggering test suite
2021-05-24 10:45:35 -06:00
Vishal Nayak 6ec8cd8f28
Tokenutil: Perform num uses check earlier (#11647)
* Perform num uses check earlier

* Add CL

* Ensure that login works
2021-05-19 14:06:08 -04:00
Angel Garbarino 8f5d62139c
KV 2 Toolbar delete redesign (#11530)
* initial setup, modify toolbar header

* footer buttons setup

* setup first delete version delete method

* clean up

* handle destory all versions

* handle undelete

* conditional for modal and undelete

* remove delete from version area

* modelForData in permissions

* setup for soft delete and modify adpater to allow DELETE in additon to POST

* dropdown for soft delete

* stuck

* handle all soft deletes

* conditional for destroy all versions

* remove old functionality from secret-version-menu

* glimmerize secret-version-menu

* Updated secret version menu and version history

* Updated icons and columns in version history

* create new component

* clean up

* glimmerize secret delete menu

* fix undelete

* Fixed radio labels in version delete menu

* handle v1 delete

* refining

* handle errors with flash messages

* add changelog

* fix test

* add to test

* amend test

* address PR comments

* whoopies

* add urlEncoding

Co-authored-by: Arnav Palnitkar <arnav@hashicorp.com>
2021-05-19 10:43:55 -06:00
Scott Miller 6b8d7fe2e6
Patch expiration fix over from ENT (#11650)
* Patch expiration fix over from ENT

* Rename changelog
2021-05-18 14:55:38 -07:00
Chelsea Shaw 19c5f27434
UI/fix identity model (#11641) 2021-05-17 16:41:39 -05:00
Michael Golowka 10b1ff8f69
AWS Auth: Update error message to include underlying error (#11638) 2021-05-17 13:56:35 -06:00
Ricardo Cardenas d02a20bd2b
feat(aws): add ability to provide a role session name when generating STS credentials (#11345)
* feat(aws): add ability to provide a sessionName to sts credentials

Co-authored-by: Brad Vernon <bvernon@nvidia.com>
Co-authored-by: Jim Kalafut <jim@kalafut.net>
Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com>
2021-05-17 11:03:09 -07:00
Michael Golowka 056a59859f
Add ability to customize some timeouts in MongoDB database plugin (#11600) 2021-05-17 11:40:35 -06:00
Robison Jacka 491f71faf0
Add support for templated values in SSH CA DefaultExtensions. (#11495)
* Add support for templated values in SSH CA DefaultExtensions.

* Reworking the logic per feedback, adding basic test.

* Adding test, so we cover both default extension templating & ignoring default when user-provided extensions are present.

* Fixed up an unintentional extension handling defect, added test to cover the case.

* Refactor Default Extension tests into `enabled` and `disabled`.
2021-05-13 14:37:22 -07:00
Pierce Bartine e56982f782
Add ServerName to Vault Agent template config (#11288)
* Add ServerName to Vault Agent template config

* Remove newline

* Add changelog for 11288

* Update changelog/11288.txt

Co-authored-by: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com>

Co-authored-by: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com>
2021-05-13 07:18:15 -07:00
Jason O'Donnell 502cf3b212
core: updates to password policy generator (#11596)
* core: fix bug in password policies not using namespaces

* Add changelog
2021-05-13 09:55:46 -04:00
Michael Golowka b27a3e9f70
DB engine: Check ErrPluginStaticUnsupported in rollback code (#11601) 2021-05-12 17:09:56 -06:00
Calvin Leung Huang 8b7cd1bff7
agent/cert: properly return the cached client on AuthClient (#11576)
* agent/cert: properly return the cached client on AuthClient

* test: pass in nil client config, check on pointer values directly

* test: pass in nil client config

* changelog: add changelog entry
2021-05-12 14:59:07 -07:00
Chelsea Shaw 6567066d26
Fix: link on database role item goes to correct URL (#11597)
* Fix: link on database role item goes to correct URL

* Add changelog
2021-05-12 14:33:35 -05:00
Scott Miller f0c3192f20
Add an exponential backoff to TCP listeners to avoid fast loops in error scenarios (#11588)
* Add an exponential backoff to TCP listeners to avoid fast loops in error scenarios

* reset loop delay

* changelog
2021-05-12 10:47:38 -05:00
Chelsea Shaw d65947134d
UI: Regex validation on transform templates (#11586)
* Add regex validator component with tests, add to form-field, use in transform template

* Update tests with data-test selectors

* Add changelog
2021-05-12 10:12:33 -05:00
Calvin Leung Huang 91ed71c296
changelog: add changelog for #11562 (#11564) 2021-05-07 11:43:09 -07:00
Angel Garbarino 7012aab272
UI/okta duo push notification (#11442)
* initial setup

* add delay and modify message

* test

* changing to different style because unable to interrupt the yield of authentication

* cleanup

* more consitency in messssage placement

* fix test

* clean up test notification

* clean up

* remove click

* changelog

* Update 11442.txt

* revert changes so a message is delayed by not calling yield

* amend test

* remove padding-bottom as no longer needed with reposition of message location
2021-05-06 12:29:39 -06:00
Chelsea Shaw 977b6e3bbb
UI/database mysql (#11532)
* Add MySQL DB Support

* Add other versions of MySQL to database options

* Save incoming root_credentials_rotate_statements as root_rotation_statements for display

* Handle errors correctly on database connection form for edit

* Add tests for mysql database

* Add UI feature changelog
2021-05-06 13:22:40 -05:00
Arnav Palnitkar 1d26f056bc
Updated code mirror component for consistency (#11500)
* Updated code mirror component for consistency

- Hide gutters, line number and selection while read only
- Show toolbar with copy functionality for all instances

* Moved toolbar and actions to json editor component

* Updated form-field-from-model template

* Added test for toolbar
2021-05-06 09:59:15 -07:00
Scott Miller 4fc6e8b366
Fix barrier key autoration config edge cases (#11541)
* Add an Int64 type

* Use the new Int64 type so that even 32 bit builds can specify max_operations above 2^31

* Missed a spot

* go mod vendor

* fix cast

* changelog

* Update unit test to ensure this works on both 32 and 64-bit archs
2021-05-05 14:39:04 -05:00
Scott Miller 52930c5614
When running under systemd, send notifications about server startup, shutdown, and config reload (#11517) 2021-05-04 14:47:16 -05:00
Vishal Nayak 1e61f799ca
Use correct mount accessor when refreshing external group memberships (#11506)
* Use correct mount accessor when refreshing external group memberships

* Add CL

* Handle the renew case properly
2021-05-03 08:23:59 -04:00
Clint 59870ee0d3
Update Agent Auth with GCP to use new SignJWT endpoint (#11473)
* Update Agent Auth with GCP to use new SignJWT endpoint

* use iamcredentials name instead of renaming the package on import

* add changelog

* Update changelog/11473.txt

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>
2021-04-30 15:45:06 -05:00
Vishal Nayak 406abc19dc
Autopilot: Return leader info via delegate (#11247)
* Autopilot: Return leader info via delegate

* Pull in the new raft-autopilot lib dependencies

* update deps

* Add CL
2021-04-27 15:54:26 -04:00
Josh Black ec105f288f
Switch to shared raft-boltdb library and add metrics (#11269) 2021-04-26 16:01:26 -07:00
Chelsea Shaw 1810edf428
UI/update UI deps (#11447) 2021-04-26 11:23:57 -05:00
Hridoy Roy 22cab6185d
[VAULT-1441] Fix race that allowed remounting on path used by another mount (#11453)
* remount concurrent test fix

* changelog

* Update changelog/11453.txt

Co-authored-by: Nick Cabatoff <ncabatoff@hashicorp.com>

Co-authored-by: Nick Cabatoff <ncabatoff@hashicorp.com>
2021-04-24 09:05:41 -07:00
Austin Gebauer 490474a502
secrets/database: Fixes marshalling bug for json.Number types (#11451) 2021-04-23 14:07:26 -07:00
Angel Garbarino 2e35e9578c
UI/obscure secret on input (#11284)
* new font and add as font-family to be used in masked-input

* clean up logic

* refactor for displayOnly

* start cert masking

* work on certificates

* upload cert work

* fix global styling

* fix styling for class no longer used

* make mask by default and remove option

* glimmerize start and certificate on LDAP a file field

* glimmerize actions

* first part of glimmerizing text-file still need to do some clean up

* not doing awesome over here

* getting ready to un-glimmer

* unglimmerize

* remove placeholder based on conversations with design

* clean up text-file

* cleanup

* fix class bindings

* handle class binding

* set up for test

* fix elementId

* track down index

* update masked-input test

* add more to the masked-input test

* test-file test

* fix broken test

* clear old style

* clean up

* remove pgp key masked font, this really needs to be refactored to text-file component

* changelog

* cover other certificate view

* add allowCopy

* address some pr styling comments

* improve test coverage

* fix some issues

* add attr.options.masked
2021-04-22 08:58:37 -06:00
Josh Black 06809930a3
Add HTTP response headers for hostname and raft node ID (if applicable) (#11289) 2021-04-20 15:25:04 -07:00
Arnav Palnitkar a43ea992a9
Updated search select component styling (#11360)
* Updated search select component styling

- Fixed styling for better readability and access to delete action

* Added changelog file
2021-04-19 15:40:18 -07:00
Nick Cabatoff 474c4e8134
Make cubbyhole revocation/tidying compatible with cubbys in namespaces. (#11408) 2021-04-19 17:28:04 -04:00
Chelsea Shaw 449a45baaa
Add root rotation statement support to mongoDB (#11404)
* Add root rotation statement support to mongoDB

* Add changelog
2021-04-19 15:40:44 -05:00
Nick Cabatoff a8023e0fdb
Add support for unauthenticated pprof access on a per-listener basis,… (#11324)
* Add support for unauthenticated pprof access on a per-listener basis, as we do for metrics.

* Add missing pprof sub-targets like 'allocs' and 'block'.  Capture the goroutine subtarget a second time in text form.  This is mostly a convenience, but also I think the pprof format might be a bit lossy?
2021-04-19 14:30:59 -04:00
Calvin Leung Huang a8cafab083
pki: fix tidy removal on revoked entries (#11367)
* pki: fix tidy removal on revoked entries

* add CL entry
2021-04-19 09:40:40 -07:00
Austin Gebauer 18999489d9
Updates the JWT/OIDC auth plugin to v0.9.3 (#11388) 2021-04-19 09:14:17 -07:00
Michael Golowka 4279bc8b34
Validate hostnames when using TLS in Cassandra (#11365) 2021-04-16 15:52:35 -06:00
Nick Cabatoff 541ae8636c
On lease deletion, also delete non-orphan batch token parent index (#11377) 2021-04-16 17:03:22 -04:00
Michael Golowka 771b963a04
Cassandra DB plugin: Allow special chars in usernames (#11262) 2021-04-16 14:01:15 -06:00
Nick Cabatoff 684ebf0928
Don't cut off stack traces at 32MB. (#11364) 2021-04-16 15:55:05 -04:00
Nick Cabatoff b07a10331f
Add metrics for requests forwarded by standbys. (#11366) 2021-04-16 14:02:20 -04:00
Nick Cabatoff 242d258e94
Fix goroutine leak caused by updating rate quotas (#11371)
Make sure that when we modify a rate quota, we stop the existing goroutine before starting the new one.
2021-04-16 14:00:01 -04:00
Nick Cabatoff 7a359ef658
Add CL for #11252. (#11368) 2021-04-16 09:33:47 -04:00
Jim Kalafut 917633e89d
Update Changelog (#11358)
These two C/L were not backported to the 1.7 release branch.
2021-04-14 16:42:09 -07:00
Chelsea Shaw a3c396991c
UI/database mssql (#11231)
Add MSSQL plugin support in database secrets engine
2021-04-14 16:07:07 -05:00
Vishal Nayak 9bf4fe2f64
Add HA only autopilot to changelog (#11339) 2021-04-12 09:57:45 -04:00
Angel Garbarino 5d53bccdbf
Bug: DB secret engine not showing "Select one" in role select options (#11294)
* fix issue on mongo db where the select one was not showing

* add changelog
2021-04-08 13:46:40 -06:00
Meggie bd0fefe47f
Changing from "changelog" to "release-note" (#11303) 2021-04-07 18:21:01 -04:00
Angel Garbarino ea7e77cb4e
Bug Fix: OIDC with hcp flag (#11283)
* add conditional

* add changelog
2021-04-07 10:46:06 -06:00
Scott Miller 2e0c1fb9dc
Add a Changelog entry for 10181 (#11293) 2021-04-07 11:44:19 -05:00
Arnav Palnitkar e598f6d5c2
Updated show lease with toggle ttl picker (#11256)
* Updated show lease with toggle ttl picker

For lease renewal, pass increment param instead of interval

* Fixed formatting

* Added changelog
2021-04-02 13:23:56 -07:00
Chelsea Shaw f9ade25674
UI/fix kvv2 version (#11258)
* Update default form values for kv

* Group kv version option in 'Method Options' group

* Fix tests, explicitly set if select input does not have default

* Handle array of objects from adapterError.errors in MessageError component

* Add changelog
2021-04-02 15:17:42 -05:00
Scott Miller 70c71b37f4
Changelog for 11259 (#11266) 2021-04-02 11:07:34 -05:00
Nick Cabatoff 72a172bce9
Add support for tls_max_version in listener config. (#11226) 2021-03-29 14:39:14 -04:00
Angel Garbarino 9097ee0bed
UI: Fix status menu bug (#11213)
* change null to empty string

* add changelog

* add conditional

* amend to set path
2021-03-26 09:53:33 -06:00
Angel Garbarino f158fd31a2
UI/namespace bug (#11182)
* fix with console to confirm showing

* remove console

* move order

* add changelog
2021-03-23 14:55:31 -06:00
Angel Garbarino b52620e039
UI/control groups kv (#11143)
* forced reload causing issues removed and tested

* better logging for handling controlGroup error

* cleanup

* add changelog

* address pr comments
2021-03-22 10:03:47 -06:00
Austin Gebauer 6f88333334
Adds a changelog entry for key management secrets engine (#11164) 2021-03-19 15:45:35 -07:00
Chelsea Shaw 51508987c4
Update MMMM Do yyyy to MMMM do yyyy per date-fns format docs (#11142)
* Update MMMM Do yyyy to MMMM do yyyy per date-fns format docs

* Add changelog
2021-03-19 12:08:33 -05:00
Josh Black efd2571016
Add changelog entry for ent PR 1691 (#11139) 2021-03-19 10:07:48 -07:00
Mark Gritter f42093f64f
Changelog for orphan status fix (#11137) 2021-03-19 11:38:07 -05:00
Nick Cabatoff 9c5f018938
Rework agent retry config, extend it to cover proxy cache as well (#11113)
Remove template_retry config section.  Add new vault.retry section which only has num_retries field; if num_retries is 0 or absent, default it to 12 for backwards compat with pre-1.7 template retrying.  Setting num_retries=-1 disables retries.

Configured retries are used for both templating and api proxy, though if template requests go through proxy (currently requires persistence enabled) we'll only configure retries for the latter to avoid duplicate retrying.  Though there is some duplicate retrying already because whenever the template server does a retry when not going through the proxy, the Vault client it uses allows for 2 behind-the-scenes retries for some 400/500 http error codes.
2021-03-18 14:14:09 -04:00
Clint 5353279e75
Add command to look up a lease by ID (#11129)
* snapshot

* basic test

* update command and add documentation

* update help text

* typo

* add changelog for lease lookup command

* run go mod vendor

* remove tabs from help output
2021-03-18 11:11:09 -05:00
Chelsea Shaw 509c31604d
UI/fix backend db connection (#11127)
* Update adapter so any named database backend will work

* Add test for deleting database connection
2021-03-17 15:48:40 -05:00
Chelsea Shaw a17edd9d0f
UI: Connection "Add Role" automatically populates database in form (#11119)
* Database role create form sets url param itemKey as database on init

* add test for new functionality

* Add changelog
2021-03-17 11:32:27 -05:00
Scott Miller 47570ca490
Add transform upgrade bug fix changelog (#11090) 2021-03-12 09:52:41 -06:00
Chelsea Shaw 994d48c892
UI: Add null check before getting userRootNamespace from storage (#11094)
* Add null check before getting userRootNamespace from storage

* Add changelog
2021-03-11 13:09:43 -06:00
Lauren Voswinkel 809d127488
Add changelog entry for Snowflake DB support being added (#11078) 2021-03-10 16:09:13 -08:00
Lauren Voswinkel 30b9f5d379
Add changelog entry for #10953 (#11077) 2021-03-10 15:54:15 -08:00
Liwei Fu 170a0800e6
Make cert domain name validation case insensitive (#10959)
* make cert domain name validation case insensitive

* reafctor TestPki_PermitFQDNs mutliple cases

* TestPki_PermitFQDNS: fail uppercase alt_name

* add change log

* fix tests

* use EqualFold for potential utf-8 string comparison

Co-authored-by: Freyert <Freyert@users.noreply.github.com>
2021-03-09 21:28:27 -08:00