Commit graph

447 commits

Author SHA1 Message Date
Scott Miller 52930c5614
When running under systemd, send notifications about server startup, shutdown, and config reload (#11517) 2021-05-04 14:47:16 -05:00
Vishal Nayak 1e61f799ca
Use correct mount accessor when refreshing external group memberships (#11506)
* Use correct mount accessor when refreshing external group memberships

* Add CL

* Handle the renew case properly
2021-05-03 08:23:59 -04:00
Clint 59870ee0d3
Update Agent Auth with GCP to use new SignJWT endpoint (#11473)
* Update Agent Auth with GCP to use new SignJWT endpoint

* use iamcredentials name instead of renaming the package on import

* add changelog

* Update changelog/11473.txt

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>
2021-04-30 15:45:06 -05:00
Vishal Nayak 406abc19dc
Autopilot: Return leader info via delegate (#11247)
* Autopilot: Return leader info via delegate

* Pull in the new raft-autopilot lib dependencies

* update deps

* Add CL
2021-04-27 15:54:26 -04:00
Josh Black ec105f288f
Switch to shared raft-boltdb library and add metrics (#11269) 2021-04-26 16:01:26 -07:00
Chelsea Shaw 1810edf428
UI/update UI deps (#11447) 2021-04-26 11:23:57 -05:00
Hridoy Roy 22cab6185d
[VAULT-1441] Fix race that allowed remounting on path used by another mount (#11453)
* remount concurrent test fix

* changelog

* Update changelog/11453.txt

Co-authored-by: Nick Cabatoff <ncabatoff@hashicorp.com>

Co-authored-by: Nick Cabatoff <ncabatoff@hashicorp.com>
2021-04-24 09:05:41 -07:00
Austin Gebauer 490474a502
secrets/database: Fixes marshalling bug for json.Number types (#11451) 2021-04-23 14:07:26 -07:00
Angel Garbarino 2e35e9578c
UI/obscure secret on input (#11284)
* new font and add as font-family to be used in masked-input

* clean up logic

* refactor for displayOnly

* start cert masking

* work on certificates

* upload cert work

* fix global styling

* fix styling for class no longer used

* make mask by default and remove option

* glimmerize start and certificate on LDAP a file field

* glimmerize actions

* first part of glimmerizing text-file still need to do some clean up

* not doing awesome over here

* getting ready to un-glimmer

* unglimmerize

* remove placeholder based on conversations with design

* clean up text-file

* cleanup

* fix class bindings

* handle class binding

* set up for test

* fix elementId

* track down index

* update masked-input test

* add more to the masked-input test

* test-file test

* fix broken test

* clear old style

* clean up

* remove pgp key masked font, this really needs to be refactored to text-file component

* changelog

* cover other certificate view

* add allowCopy

* address some pr styling comments

* improve test coverage

* fix some issues

* add attr.options.masked
2021-04-22 08:58:37 -06:00
Josh Black 06809930a3
Add HTTP response headers for hostname and raft node ID (if applicable) (#11289) 2021-04-20 15:25:04 -07:00
Arnav Palnitkar a43ea992a9
Updated search select component styling (#11360)
* Updated search select component styling

- Fixed styling for better readability and access to delete action

* Added changelog file
2021-04-19 15:40:18 -07:00
Nick Cabatoff 474c4e8134
Make cubbyhole revocation/tidying compatible with cubbys in namespaces. (#11408) 2021-04-19 17:28:04 -04:00
Chelsea Shaw 449a45baaa
Add root rotation statement support to mongoDB (#11404)
* Add root rotation statement support to mongoDB

* Add changelog
2021-04-19 15:40:44 -05:00
Nick Cabatoff a8023e0fdb
Add support for unauthenticated pprof access on a per-listener basis,… (#11324)
* Add support for unauthenticated pprof access on a per-listener basis, as we do for metrics.

* Add missing pprof sub-targets like 'allocs' and 'block'.  Capture the goroutine subtarget a second time in text form.  This is mostly a convenience, but also I think the pprof format might be a bit lossy?
2021-04-19 14:30:59 -04:00
Calvin Leung Huang a8cafab083
pki: fix tidy removal on revoked entries (#11367)
* pki: fix tidy removal on revoked entries

* add CL entry
2021-04-19 09:40:40 -07:00
Austin Gebauer 18999489d9
Updates the JWT/OIDC auth plugin to v0.9.3 (#11388) 2021-04-19 09:14:17 -07:00
Michael Golowka 4279bc8b34
Validate hostnames when using TLS in Cassandra (#11365) 2021-04-16 15:52:35 -06:00
Nick Cabatoff 541ae8636c
On lease deletion, also delete non-orphan batch token parent index (#11377) 2021-04-16 17:03:22 -04:00
Michael Golowka 771b963a04
Cassandra DB plugin: Allow special chars in usernames (#11262) 2021-04-16 14:01:15 -06:00
Nick Cabatoff 684ebf0928
Don't cut off stack traces at 32MB. (#11364) 2021-04-16 15:55:05 -04:00
Nick Cabatoff b07a10331f
Add metrics for requests forwarded by standbys. (#11366) 2021-04-16 14:02:20 -04:00
Nick Cabatoff 242d258e94
Fix goroutine leak caused by updating rate quotas (#11371)
Make sure that when we modify a rate quota, we stop the existing goroutine before starting the new one.
2021-04-16 14:00:01 -04:00
Nick Cabatoff 7a359ef658
Add CL for #11252. (#11368) 2021-04-16 09:33:47 -04:00
Jim Kalafut 917633e89d
Update Changelog (#11358)
These two C/L were not backported to the 1.7 release branch.
2021-04-14 16:42:09 -07:00
Chelsea Shaw a3c396991c
UI/database mssql (#11231)
Add MSSQL plugin support in database secrets engine
2021-04-14 16:07:07 -05:00
Vishal Nayak 9bf4fe2f64
Add HA only autopilot to changelog (#11339) 2021-04-12 09:57:45 -04:00
Angel Garbarino 5d53bccdbf
Bug: DB secret engine not showing "Select one" in role select options (#11294)
* fix issue on mongo db where the select one was not showing

* add changelog
2021-04-08 13:46:40 -06:00
Meggie bd0fefe47f
Changing from "changelog" to "release-note" (#11303) 2021-04-07 18:21:01 -04:00
Angel Garbarino ea7e77cb4e
Bug Fix: OIDC with hcp flag (#11283)
* add conditional

* add changelog
2021-04-07 10:46:06 -06:00
Scott Miller 2e0c1fb9dc
Add a Changelog entry for 10181 (#11293) 2021-04-07 11:44:19 -05:00
Arnav Palnitkar e598f6d5c2
Updated show lease with toggle ttl picker (#11256)
* Updated show lease with toggle ttl picker

For lease renewal, pass increment param instead of interval

* Fixed formatting

* Added changelog
2021-04-02 13:23:56 -07:00
Chelsea Shaw f9ade25674
UI/fix kvv2 version (#11258)
* Update default form values for kv

* Group kv version option in 'Method Options' group

* Fix tests, explicitly set if select input does not have default

* Handle array of objects from adapterError.errors in MessageError component

* Add changelog
2021-04-02 15:17:42 -05:00
Scott Miller 70c71b37f4
Changelog for 11259 (#11266) 2021-04-02 11:07:34 -05:00
Nick Cabatoff 72a172bce9
Add support for tls_max_version in listener config. (#11226) 2021-03-29 14:39:14 -04:00
Angel Garbarino 9097ee0bed
UI: Fix status menu bug (#11213)
* change null to empty string

* add changelog

* add conditional

* amend to set path
2021-03-26 09:53:33 -06:00
Angel Garbarino f158fd31a2
UI/namespace bug (#11182)
* fix with console to confirm showing

* remove console

* move order

* add changelog
2021-03-23 14:55:31 -06:00
Angel Garbarino b52620e039
UI/control groups kv (#11143)
* forced reload causing issues removed and tested

* better logging for handling controlGroup error

* cleanup

* add changelog

* address pr comments
2021-03-22 10:03:47 -06:00
Austin Gebauer 6f88333334
Adds a changelog entry for key management secrets engine (#11164) 2021-03-19 15:45:35 -07:00
Chelsea Shaw 51508987c4
Update MMMM Do yyyy to MMMM do yyyy per date-fns format docs (#11142)
* Update MMMM Do yyyy to MMMM do yyyy per date-fns format docs

* Add changelog
2021-03-19 12:08:33 -05:00
Josh Black efd2571016
Add changelog entry for ent PR 1691 (#11139) 2021-03-19 10:07:48 -07:00
Mark Gritter f42093f64f
Changelog for orphan status fix (#11137) 2021-03-19 11:38:07 -05:00
Nick Cabatoff 9c5f018938
Rework agent retry config, extend it to cover proxy cache as well (#11113)
Remove template_retry config section.  Add new vault.retry section which only has num_retries field; if num_retries is 0 or absent, default it to 12 for backwards compat with pre-1.7 template retrying.  Setting num_retries=-1 disables retries.

Configured retries are used for both templating and api proxy, though if template requests go through proxy (currently requires persistence enabled) we'll only configure retries for the latter to avoid duplicate retrying.  Though there is some duplicate retrying already because whenever the template server does a retry when not going through the proxy, the Vault client it uses allows for 2 behind-the-scenes retries for some 400/500 http error codes.
2021-03-18 14:14:09 -04:00
Clint 5353279e75
Add command to look up a lease by ID (#11129)
* snapshot

* basic test

* update command and add documentation

* update help text

* typo

* add changelog for lease lookup command

* run go mod vendor

* remove tabs from help output
2021-03-18 11:11:09 -05:00
Chelsea Shaw 509c31604d
UI/fix backend db connection (#11127)
* Update adapter so any named database backend will work

* Add test for deleting database connection
2021-03-17 15:48:40 -05:00
Chelsea Shaw a17edd9d0f
UI: Connection "Add Role" automatically populates database in form (#11119)
* Database role create form sets url param itemKey as database on init

* add test for new functionality

* Add changelog
2021-03-17 11:32:27 -05:00
Scott Miller 47570ca490
Add transform upgrade bug fix changelog (#11090) 2021-03-12 09:52:41 -06:00
Chelsea Shaw 994d48c892
UI: Add null check before getting userRootNamespace from storage (#11094)
* Add null check before getting userRootNamespace from storage

* Add changelog
2021-03-11 13:09:43 -06:00
Lauren Voswinkel 809d127488
Add changelog entry for Snowflake DB support being added (#11078) 2021-03-10 16:09:13 -08:00
Lauren Voswinkel 30b9f5d379
Add changelog entry for #10953 (#11077) 2021-03-10 15:54:15 -08:00
Liwei Fu 170a0800e6
Make cert domain name validation case insensitive (#10959)
* make cert domain name validation case insensitive

* reafctor TestPki_PermitFQDNs mutliple cases

* TestPki_PermitFQDNS: fail uppercase alt_name

* add change log

* fix tests

* use EqualFold for potential utf-8 string comparison

Co-authored-by: Freyert <Freyert@users.noreply.github.com>
2021-03-09 21:28:27 -08:00
Theron Voran 1fdf08b149
agent: persistent caching support (#10938)
Adds the option of a write-through cache, backed by boltdb

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>
Co-authored-by: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com>
Co-authored-by: Calvin Leung Huang <cleung2010@gmail.com>
2021-03-03 14:01:33 -08:00
swayne275 d74f82346b
Add Partial Month Client Count API for Activity Log (#11022)
* sketch out partial month activity log client API

* unit test partialMonthClientCount

* cleanup api

* add api doc, fix test, update api nomenclature to match existing

* cleanup

* add PR changelog file

* integration test for API

* report entities and tokens separately
2021-03-01 16:15:59 -07:00
Hridoy Roy 2da7de2fec
Minimal changes to solve Dependency CVEs [VAULT-871] (#11015)
* minimal changes to solve most of the cves

* cleanup

* finished go mod vendor upgrades
2021-03-01 14:35:40 -08:00
Chelsea Shaw 7e35bd56b0
Add test for db role setting form component (#11018)
* Add test for db role setting form component

* fix test, add changelog
2021-03-01 12:52:46 -06:00
Scott Miller 1e1f7eff46
Documentation for barrier autorotation (#11027)
* Documentation for barrier autorotation

* changelog

* 1.7 upgrade notes
2021-03-01 10:45:22 -06:00
Michael Golowka 302cc4870e
Add Username Templating Concepts page (#10935) 2021-02-26 16:04:12 -07:00
Jim Kalafut 1785b1bd00
Replace deprecated terms in AWS Auth (#10997)
* Replace deprecated terms in AWS Auth

This PR is part of an effort to remove non-inclusive language throughout
Vault. The AWS Auth backend uses the "whitelist" and "blacklist" term
extensively, and these are the focus of the PR:

* Add new API endpoints that use the preferred terminology, while
  deprecating the old endpoints. These endpoints offer identical
  functionality and are basically aliases. This is the only functional
  change in the PR except for terms in error messages.
* Replace "whitelist" -> "access list", "blacklist" -> "deny list" in
  variable names, comments, etc.

Note that storage locations were *not* changed at this time, as that is
a more complex process involving versioning that we may tackle in a future
revision. We have reduced the occurrences of non-inclusive language,
however.

Reviewers should be sure to "Ignore Whitespace" in diffs, especially for
the tests, which were basically indented one level as part of looping
over the tests with both the old and new names.
2021-02-25 23:23:34 -08:00
Angel Garbarino efd3677c58
UI: fix KMIP bug and test (#11011)
* fix KMIP test that was failing and clean modal on configuration page.

* add changelog

* remove uncessary unload

* remove async
2021-02-25 15:13:00 -07:00
Michael Golowka 00c1acf0e1
Vendor OpenLDAP v0.4.0 (#10996) 2021-02-25 13:00:00 -07:00
Michael Golowka eb891db72d
Vendor Couchbase DB plugin v0.3.0 (#10995) 2021-02-25 12:59:45 -07:00
Nick Cabatoff c9ae15bd95
Make metrics access unauthenticated when in dev mode. (#10992) 2021-02-24 14:04:23 -05:00
Meggie 9d2e2b1d09
Update 10689.txt
@vishalnayak , just FYI, this needs to be "release-note:bug" and not "changelog:bug"
2021-02-24 13:29:09 -05:00
Angel Garbarino af2b9af24e
UI: Add the wizard to the database secret engine (#10982)
* wizard setup

* cleanup

* add changelog

* fix names from save to create role and create database

* fix missing progress bar
2021-02-23 13:52:39 -07:00
Jim Kalafut e60cc11f33
Add configurable exponential backoff to Agent auto-auth (#10964) 2021-02-23 12:04:21 -08:00
Hridoy Roy 0574f5aac7
Changelog: Agent Retry Stanza (#10981)
* changelog for retry stanza

* changelog for retry stanza

* changelog for retry stanza
2021-02-23 09:04:02 -08:00
Chelsea Shaw 92fd820de2
UI: Show error when connection roles fail to update on role create (#10980)
* Show error  when connection roles fail to update on role create

* Clean up errors for role, remove bad state setting after transition

* Add changelog
2021-02-23 10:47:02 -06:00
Clint b0b121753a
update docs related to OCI alias changes (#10952)
* update docs related to OCI alias changes

* covert CHANGELOG update to a changelog/ entry
2021-02-23 10:08:15 -06:00
Jason O'Donnell 458061d43b
agent: route templating server through cache (#10927)
* agent: route templating server through cache

* Remove TemplateRetry, fix unix path

* Remove mtls comment, remove redundant tls enable

* Fix test

* Refactor vault address logic

* Fix cert/key for mtls

* Update command/agent/template/template_test.go

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

* Update command/agent/template/template_test.go

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

* Update command/agent/template/template_test.go

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

* Update command/agent/template/template_test.go

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

* Update command/agent/template/template_test.go

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

* Update command/agent/template/template_test.go

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

* Reject mtls listeners

* changelog

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>
2021-02-23 09:36:11 -05:00
Chelsea Shaw f89968a12b
UI/add usage metrics description (#10951)
* Add description to metrics usage page

* Add changelog
2021-02-22 09:35:15 -06:00
Jim Kalafut 7e54bc15c2
Add TOTP support to Okta Auth (#10942) 2021-02-21 21:18:17 -08:00
Clint 2aff402279
Bundle new Vault plugin: Terraform secrets (#10931)
* Bundle Terraform secrets engine

* update go.mod/sum

* vendor update

* add changelog entry

* add secrets terraform
2021-02-19 16:38:56 -06:00
Chelsea Shaw 889d82aca5
UI/Database Secrets Engine cleanup (#10949)
* Update role toolbar, serialization for special mongo values

* Only show defaultShown if no value on info table row

* Remove root_rotation_statements from mongo connection fields

* Wrap this.router in try/catch if in then statement

* Add changelog
2021-02-19 14:04:51 -06:00
Angel Garbarino 59e83e2e6d
UI Database Secrets Engine (MongoDB) (#10655)
* move the ttls on enable for db to default and not as options

* refactor form field to angle brackets

* add database to supported backend

* initial setup of components and models

* setup selectable cards, need to make own component

* styling setup

* subtext and links

* number styling

* search select put in place and button, all pretty things

* search label text

* messy but closer to data configuration. making models and fetching those models on routes

* connection adapter and serializer that is pulled in by the overview route

* clean up and add new model params connections and roles to overview route hbs

* setting up overview as route with SecretHeader component.  TODO, show Overview tab, but have link to route.  It's going be on the secret header list component

* setup overview tab on secret-list-header to go to overview page

* setup id in overview route

* Correct link on secrets engine list for database and others

* Roles tab on database fetches correct model

* Update options for backend with hasOverview param so overview tab is rendered conditionally on secret list header

* create new getCrendentialsComponent

* Rename database connection parent component and start working on display

* setup routing to credentials route for database from overview page

* setup network request for the credentials of role

* setup serializer for credentials

* redirect previous route

* fix border color on button disable

* add margin to back button

* change to glimmer component

* glimmerize and clean up the get-credentials-card

* Begin database connection show and create form

* add component test for the get-credentials-card

* Database connection model and field groups

* add static roles to searhSelect

* add staticRoles on overview page

* Toolbar and tabs on database connection show view looks correct

* combine static and dynamic role models for pagination

* Update database-list-item with real link to connection

* Add support for optionalText edit type on form-field

* handle situation when no static and/or dynamic roles

* turn partial into component so can handle computed and eventually click actions, similar to transform

* glimmerize database-list-item

* use lazy capabilities on list role and static-role actions

* Create connection works and redirects to show page

* creds request based on dynamic or static and unload the store by record creds when they transition away.

* dynamcially add in backend for queries

* fixes on overview page for get credentials with hardcoded backend and layout for static creds

* Rotate and Reset connection actions working on connection

* get credentials set the query params

* setup async for handling permission errors on overivew

* Move query logic to store for getting both types of role

* Filtering works on combined role models

* cleanup

* Fix no meta on connections list

* better handle the situation where you don't have access to list roles but do to generate

* implment updated empty state component and add to credentials page when roleType is noRoleType

* glimmerize the input search component

* move logic for generate credentials urlto the generate creds component

* remove query param for role type

* handle permissions on the overview page

* permissions for role list

* New roles route for backends

* handle different permissions for empty return on 404 vs 403 on overview page

* fix links on overview page

* Connetions WIP

* setup lazy caps for the connections model and list

* add computed to role and static role models to clean up permissions

* setup actions for connections list

* Update form-field to show password type and update json input to angle bracket syntax with optional theme option

* setup capabilities on overview for empty state

* fix hardcoded on the backend

* toggle inner label has width 100%

* Add custom update password togglable input on database connection edit form, and only submit defined attrs

* Add updateRecord to connection adapter

* glimmerize secret list header and make new component which either shows or does not show the tab based on permissions

* Remove tabs on show connection

* add peek record

* Update database role to get both models on a single model, remove static-role model and adapter, remove roles route

* fix creds permissions on database-list-item

* add component info and rename for secret-list-header-tab

* fix issues on overview page

* Add path to individual role on serializer

* add accetpance test for testing the engine

* fix transform test

* test fix

* Update connection before role created, disable button with tooltip if user cannot update path

* Add add-to-array and remove-from-array helpers with tests

* Clean up connection update on delete or create role, cleanup logs, role create link works

* Database role create and edit forms with readonly fields and validation. Add readonly-form-field

* Add field div around ttl picker for correct spacing on form-field

* fix the breadcrumbs

* PLaceholder test for readonly form field

* create new helper to format time duration

* tooltip and formatting on static role

* more on static roles time stuff

* clean up

* clean up

* fixes on the test and addition of another helper test

* fix secrets machine test

* Add modal to connection creation flow

* fix issue with readonly form field test

* Add is-empty-object helper and tests

* Role error handling

* Remove Atlas option from connection list, add defaults to db role form

* clean up stuff though might have made it uglier

* clean up

* Add capabilities checks on connection actions

* Fix jsdocs on readonly-form-field

* Fix json editor height on form field

* Readonly form has notallowed cursor, readonly form field updates

* Add blank field rendering to info-table-row

* Start writing readonly form field tests

* Address some PR comments

* fix fallback action on search select

* cleanup per comments

* fix readonly form field test and lint

* Cleanup string helpers

* Replace renderBlank with alwaysRender logic

* re-humanize label on readonly form field

* Show defaultShown value on info-table-row if no value and always render

* Show default on role and connection show table

* Add changelog

Co-authored-by: Chelsea Shaw <chelshaw.dev@gmail.com>
2021-02-18 10:36:31 -06:00
Austin Gebauer a7531a11ea
Updates the JWT/OIDC auth plugin (#10919) 2021-02-16 17:21:35 -08:00
Angel Garbarino 681a86f6eb
UI: Upgrade storybook (#10904)
* upgrade storybook

* add changelog
2021-02-11 12:16:00 -07:00
Nick Cabatoff 2108bb8e00
Use an atomic to avoid a race in runEventDemuxer. (#10901) 2021-02-11 11:50:41 -05:00
Jason O'Donnell ba9b3318d8
agent: allow auto-auth to use an existing token (#10850)
* agent/auto-auth: add use_existing_token

* Add better logging for lookup errors

* Fix test

* changelog

* Remove preload config, add token var

* Update filename

* Update changelog

* Revert test name

* Remove unused function

* Remove redundant error message

* Short circuit authenticate for preloaded token

* Add comment for auto-auth login
2021-02-11 09:36:03 -05:00
Ian Ferguson 865df63c76
Correct lock acquisition order in the pathEntityMergeID identity to fix deadlock condition (#10877) 2021-02-10 11:05:16 -05:00
Vishal Nayak bbfbb87115
cl++ (#10870) 2021-02-09 15:11:18 -05:00
Vishal Nayak 8613ba88a6
Fix quota enforcing old path issue (#10689)
* Fix db indexing issue

* Add CL update
2021-02-09 05:46:09 -05:00
Angel Garbarino 5ce35d1c52
Updating date-fns library from 1.x to 2.x (#10848)
* first round of fixes and setup

* test fixes

* fix dumb options on new method

* test fix

* clean up

* fixes

* clean up

* handle utc time

* add changelog
2021-02-08 13:13:00 -07:00
Mark Gritter d0994340fb
Fill in missing lease ID deterministically. Generate a UUID on creation. (#10855) 2021-02-08 13:46:59 -06:00
Theron Voran c62ce48b5b
Set TokenParent in the Index to be cached (#10833)
Co-authored-by: Calvin Leung Huang <cleung2010@gmail.com>
2021-02-03 18:30:41 -08:00
Calvin Leung Huang b1c4b86d7f
approle: add ttl to the secret ID generation response (#10826)
* approle: add ttl to the secret ID generation response

* approle: move TTL derivation into helper func

* changelog: add changelog entry

* docs: update approle docs and api-docs pages
2021-02-03 16:32:16 -08:00
Josh Black a04faad8fe
Add changelog entry for ent PR 1705 (#10827) 2021-02-03 09:35:14 -08:00
Chelsea Shaw b02533e89b
UI: Update dependencies (#10677)
* Address dependabot deps

* Add changelog
2021-02-01 13:38:03 -06:00
Mark Gritter 3ec15c4927
Fix use of identity/group endpoint to edit group by name (#10812)
* Updates identity/group to allow updating a group by name (#10223)
* Now that lookup by name is outside handleGroupUpdateCommon, do not
use the second name lookup as the object to update.
* Added changelog.

Co-authored-by: dr-db <25711615+dr-db@users.noreply.github.com>
2021-01-29 16:50:08 -06:00
Hridoy Roy fa5784d789
Pull in newest consul-template from master and all corresponding dependencies [VAULT-1392] (#10756)
* pull in newest consul template with bugfix and all dependencies

* pull in newest consul template with bugfix and all dependencies

* Rename readme.md to README.md

* add changelog
2021-01-29 12:30:16 -08:00
Hridoy Roy 17e20bdaa6
docs change for max request size community PR (#10723) 2021-01-27 10:02:00 -08:00
Hridoy Roy 537189cab8
make token create case insensitive [VAULT-1021] (#10743)
* make token create case insensitive

* changelog

* comment update
2021-01-27 09:56:54 -08:00
Meggie 4518d8a82f
More CL notes for 1.6.2 (#10792)
* More CL notes for 1.6.2

* Update _2021Jan26.txt

* Update _2021Jan26.txt
2021-01-27 12:03:20 -05:00
Hridoy Roy d1241b5286
changelog for entropy augmentation PR [VAULT-1179] (#10755)
* changelog for entropy augmentation

* docs upgrade

* docs upgrade

* docs upgrade

* docs upgrade
2021-01-26 21:06:38 -08:00
Vishal Nayak 6ce93f8cbf
changelog++ (#10748)
Going to go ahead and merge this
2021-01-26 19:30:42 -05:00
Aleksandr Bezobchuk 2ec8f9a222
metrics: activity log (#10514)
* core: add vault.identity.entity.active.monthly log
* Fixed end-of-month metrics and unit test.
* Added metric covering month-to-date (not broken down by namespace.)
* Updated documentation
* Added changelog.

Co-authored-by: mgritter <mgritter@hashicorp.com>
2021-01-26 16:37:07 -06:00
Lauren Voswinkel 2a8dd7bba7
CHANGELOG update: GCP secrets WAL issue fix (#10776)
* CHANGELOG update: GCP secrets WAL issue fix

* Add changelog 10759.txt file
2021-01-26 13:50:39 -08:00
Calvin Leung Huang 8fe7b403ba
changelog: add entry for PR 10705 (#10785) 2021-01-26 12:54:15 -08:00
Vishal Nayak f539117255
changelog++ (#10775) 2021-01-26 12:45:54 -05:00
Vishal Nayak 2602675402
Set namespace for template server in agent (#10757)
* Set namespace for template server in agent

* cl++
2021-01-25 17:37:01 -05:00
Meggie e67964e870
Changelog notes for 1.6.2 (#10737) 2021-01-20 15:52:48 -05:00
Meggie e4a457f47f
Update _1622.txt
Fixing some formatting so the resulting changelog looks right.
2021-01-20 15:06:23 -05:00
Mark Gritter fd55aa8378
Implement sys/seal-status and sys/leader in system backend (#10725)
* Implement sys/seal-status and sys/leader as normal API calls
(so that they can be used in namespaces.)
* Added changelog.
2021-01-20 14:04:24 -06:00
Josh Black 2cc9e2d914
Update to go 1.15.7 (#10730)
* Update to go 1.15.6

* Just kidding, how about 1.15.7

* And the associated CI config

* Add changelog and update go version in more places
2021-01-20 11:02:33 -08:00
Nick Cabatoff c2bdeb9e7d
Minimal change to ensure that the bulky leaseEntry isn't kept in memory. (#10726) 2021-01-19 17:51:41 -05:00
Hridoy Roy 0becd555cf
Protect part of emitMetrics from panic behavior during post-seal (#10708)
* vault/core_metrics.go

* changelog

* comments
2021-01-19 14:06:50 -08:00
Hridoy Roy 0e3bddf295
Revert "allow create to create transit keys (#10706)" (#10724)
This reverts commit 4144ee0d3da10fbfef4d081aa72529f2e513f8e2.
2021-01-19 11:49:57 -08:00
Hridoy Roy e8164ad09a
allow create to create transit keys (#10706)
* allow create to create transit keys

* changelog
2021-01-15 12:20:32 -08:00
Calvin Leung Huang eaaa2421a9
changelog: add PR 10131 to the changelog (#10688) 2021-01-12 18:24:04 -08:00
Chelsea Shaw 5a05a1b39f
UI: Fix shape of response anticipated from feature-flags endpoint (#10684)
* Fix shape of response anticipated from feature-flags endpoint

* Add changelog
2021-01-11 14:44:52 -06:00
Hridoy Roy f6bdda8c9c
add variable entropy readers to cert gen helpers [VAULT-1179] (#10653)
* move entropy augmentation in cert gen to oss

* changelog

* go mod vendor

* updated helpers to allow custom entropy

* comments

* comments
2021-01-08 09:48:27 -08:00
Chelsea Shaw 70d3185d3a
UI/managed namespace changes (#10588)
* Redirect to url with namespace param if user logged into root namespace without permission

* Feature flag service for managing flags

* Redirect with namespace query param if no current namespace param AND managed root namespace set

* Test coverage for managed namespace changes

* Handle null body case on feature-flag response, add pretender route for feature-flags on shamir test
2021-01-07 14:18:36 -06:00
Scott Miller c3e0d06216
Make the error response to the sys/internal/ui/mounts with no client token consistent (#10650)
* Make the error response to the sys/internal/ui/mounts with no client token consistent

* changelog

* Don't test against an empty mount path

* One other spot

* Instead, do all token checks first and early out before even looking for the mount
2021-01-07 11:46:08 -06:00
Mark Gritter d076d95d37
Feature flags API (#10613)
* Added sys/internal/ui/feature-flags endpoint.
* Added documentation for new API endpoint.
* Added integration test.
Co-authored-by: swayne275 <swayne@hashicorp.com>
2021-01-06 16:05:00 -06:00
Scott Miller 9f150de08f
Fix ip disclosure (#10649)
* removing extra information from the returned error, to avoid leaking it to unauthenticated requests

* removing extra information from the returned error, to avoid leaking it to unauthenticated requests

* Changelog entry for #10516

* Change the error message in a way that is retains the HTTP status code

* Change changelog file num

* And right back where we started...

Co-authored-by: bruj0 <ramakandra@gmail.com>
2021-01-05 15:32:47 -06:00
Angel Garbarino feca115ef4
Bug: Fix issue with double encoding on space in secret history route (#10596)
* setup for concept it works, but probably not the best solution

* add comment and remove console and test var

* use normalize path higher up to fix issu

* add test for bug that fixing

* forgot a couple of changes

* changelog
2021-01-04 09:32:52 -07:00
Nick Cabatoff 05f1a429a8
Add changelog for #1663. (#10635) 2021-01-04 11:08:39 -05:00
Nick Cabatoff d2096b251d
Add log gathering to debug command. (#10609) 2020-12-22 15:15:24 -05:00
Nick Cabatoff ea36810d97
Add changelog for ent #1659. (#10600) 2020-12-18 15:06:54 -05:00
Angel Garbarino f6ad6e47aa
add to changelog (#10601) 2020-12-18 10:26:08 -07:00
Mark Gritter 8c67bed7ae
Send a test message before committing a new audit device. (#10520)
* Send a test message before committing a new audit device.
Also, lower timeout on connection attempts in socket device.
* added changelog
* go mod vendor (picked up some unrelated changes.)
* Skip audit device check in integration test.
Co-authored-by: swayne275 <swayne@hashicorp.com>
2020-12-16 16:00:32 -06:00
Meggie Ladlow fc7909e153 1.5.6 & 1.6.1 changelog++
Also included planned extra note for enterprise PR
2020-12-16 10:55:12 -05:00
Hridoy Roy 3490464d04
changelog for license (#10555) 2020-12-15 10:42:39 -08:00
Michel Vocks 191aa65bc3
Fix UI custom header values (#10511)
* Fix UI custom header values

* Fix changelog entry

* Introduce param for multi values

* Fix multivalue

* multivalue should be bool

* Sort imports

* Fix conflict

* Remove changelog entry

* Revert entry delete
2020-12-15 15:58:03 +01:00
Calvin Leung Huang 28c4b33e7a
changelog: add entry for 10558 (#10563) 2020-12-14 12:00:26 -08:00
Aleksandr Bezobchuk 3bce568535
rate limit: fix initialize defaults (#10536) 2020-12-14 14:55:52 -05:00
Josh Black a7aac342bd
Only set the namespace if the env var isn't present (#1519) (#10556) 2020-12-14 11:40:48 -08:00
Mark Gritter 1edcee0bb3
Changelog for enterprise fix. (#10560) 2020-12-14 12:43:38 -06:00
Austin Gebauer 747d49150b
Updates the OIDC/JWT auth plugin (#10546) 2020-12-14 10:07:07 -08:00
Brian Kassouf 275ca323e8
core: Record the time a node became active (#10489)
* core: Record the time a node became active

* Update vault/core.go

Co-authored-by: Nick Cabatoff <ncabatoff@hashicorp.com>

* Add omitempty field

* Update vendor

* Added CL entry and fixed test

* Fix test

* Fix command package tests

Co-authored-by: Nick Cabatoff <ncabatoff@hashicorp.com>
2020-12-11 16:50:19 -08:00
Michael Golowka f6a746f1f5
Match influxdb changelog with correct PR (#10535) 2020-12-11 15:50:07 -07:00
Clint 4d81e3be4d
Improve consistency in error messages (#10537)
* Improve consistency in error messages

* add changelog entry
2020-12-11 15:21:53 -06:00
Michael Golowka 7f7581d9b6
Updated changelog for #10477 (#10518) 2020-12-11 12:59:30 -07:00
Scott Miller e177818fb3
Changelog updates for transform fixes (ENT) (#10528) 2020-12-10 13:59:30 -06:00
Nick Cabatoff 5497446d4f changelog/10456.txt 2020-12-10 06:55:24 -05:00
Nick Cabatoff 84d566db9e
Be consistent with how we report init status. (#10498)
Also make half-joined raft peers consider storage to be initialized, whether or not they're sealed.
2020-12-08 13:55:34 -05:00
Kloppi313 64b4487d8e
No 'v' in version HTML anchor (#10491)
* No 'v' in version HTML anchor

The footer version output links to https://www.github.com/hashicorp/vault/blob/master/CHANGELOG.md#v160 (in Version 1.6.0) but you reach the anchor with https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#160 (without 'v' before the version number)

* Removed 'v' from URL version anchor

* Create 10491.txt

Co-authored-by: Chelsea Shaw <chelshaw.dev@gmail.com>
2020-12-08 11:21:48 -06:00
Hridoy Roy 0ada870a52
Only use entropy augmentation for root token creation [VAULT-670] (#10487)
* Only use entropy augmentation for root token creation

* changelog

* change wording of changelog entry
2020-12-04 09:44:04 -08:00
Michel Vocks ab72fa06ee
Add AllowedHeader and fix AllowedOrigins in the API (#10482)
* Add AllowedHeader and fix AllowedOrigins in the API

* Update changelog entry

* Fix wrong response conversion
2020-12-03 14:31:25 +01:00
Michel Vocks f71203c439
Fix license caching issue (#10424)
* Fix license caching issue

* Add changelog entry
2020-12-02 18:21:14 +01:00
Michael Golowka cc7efd393d
MySQL - Fix username generation length bug (#10433) 2020-12-01 15:24:51 -07:00
Tom Proctor bb726296b6
Add changelog for #10416 (#10473) 2020-12-01 16:08:19 +00:00
Hridoy Roy 1a1cbabd9d
changelog for vault 849 (#10435) 2020-11-30 10:28:32 -08:00
Hridoy Roy 241aa3771f
changelog with go changelog (#10434) 2020-11-30 09:24:24 -08:00
Josh Black bbd78e56b5
Add changelog entry for ent PR 1519 (#10454) 2020-11-25 14:25:03 -08:00
Josh Black b8ba047b35
Allow Vault Agent to run as a Windows service (#10231) 2020-11-23 14:24:32 -08:00
Mark Gritter ab2e28bf55
"vault operator usage" CLI for client count reporting (#10365)
* Working draft of CLI command.
* Sort order, robustness checking.
* Text edits and check of queries_available.
* Added changelog.
2020-11-23 14:57:35 -06:00
Chelsea Shaw 2e47e39cf7
Fix delete role issue on transform (#10417)
* Fix bug where adding and then removing a new role on a transformation when no other roles have been created causes an error

* Update test on search-select to reflect new behavior which does not add created options to list on delete

* Add changelog
2020-11-23 10:38:09 -06:00
Meggie 787c306caa
Templates and 1 example (#10363) 2020-11-16 14:05:28 -05:00