Commit graph

14129 commits

Author SHA1 Message Date
Theron Voran ae0bda77b3
vault-agent: copy values retrieved from bolt (#12534)
Byte slices returned from Bolt are only valid during a transaction, so
this makes a copy.

Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com>
2021-09-13 11:06:08 -07:00
Chelsea Shaw f850ba08a5
Remove attributes used only on kv-v2 config (#12529) 2021-09-13 09:33:12 -06:00
hghaf099 2576be23d0
Fixing a flaky test TestQuotas_RateLimitQuota_ExemptPaths (#12532)
* Fixing a flaky test TestQuotas_RateLimitQuota_ExemptPaths

* fixing a string formatting by removing an extra parameter
2021-09-10 17:41:14 -04:00
Lukas Grossar 2f025ef30f
Add link to go-discover README to raft documentation (#10679) 2021-09-10 14:40:36 -07:00
jhart-cpi fa1611f427
improvement: add signature_bits field to CA and signers (#11245)
This change adds the ability to set the signature algorithm of the
CAs that Vault generates and any certificates it signs.  This is a
potentially useful stepping stone for a SHA3 transition down the line.

Summary:
* Adds the field "signature_bits" to CA and Sign endpoints
* Adds support for SHA256, SHA384 and SHA512 signatures on EC and RSA
keytypes.
2021-09-10 14:39:05 -07:00
John-Michael Faircloth 22c9be3835
identity: fix identity token introspect doc (#12531) 2021-09-10 11:41:32 -05:00
Jacob Burroughs 65029f8c8f
Fix pkcs7 parsing in some cases (#12519)
* Fix pkcs7 parsing in some cases

brings in https://github.com/mozilla-services/pkcs7/pull/61 from upstream

In some cases but not all, aws includes a certificate in the pkcs7 response,
and currently vault fails to parse those certificates:
```
URL: PUT https://vault.example.com/v1/auth/aws/login
Code: 500. Errors
* failed to parse the BER encoded PKCS#7 signature: ber2der: Invalid BER format
```

This fixes logins on those instances.  Note we could not readily ascertain why
some instances have those certificates and others don't.

* Add changelog entry

* Correct missed line
2021-09-10 12:17:03 -04:00
Mike Green 68c561389f
add example for secret tuning (#12503) 2021-09-10 09:10:33 -07:00
Justin Weissig 8a721ef225
docs: update packaging (#12527)
* docs: update packaging

Update language to support current enterprise packaging.

* Update performance-standby.mdx
2021-09-09 14:36:15 -07:00
John-Michael Faircloth c42bbb369c
Identity: prepublish jwt signing keys (#12414)
* pre-publish new signing keys for `rotation_period` of time before using

* Work In Progress: Prepublish JWKS and even cache control

* remove comments

* use math/rand instead of math/big

* update tests

* remove debug comment

* refactor cache control logic into func

* don't set expiry when create/update key

* update cachecontrol name in oidccache for test

* fix bug in periodicfunc test case

* add changelog

* remove confusing comment

* add logging and comments

* update change log from bug to improvement

Co-authored-by: Ian Ferguson <ian.ferguson@datadoghq.com>
2021-09-09 13:47:42 -05:00
Mike Green d4656971b1
Add link to integrated storage docs page for learn tutorial (#12501)
* Help find the learn tutorial

* Add common API path header and move learn link

@ncabatoff suggestion
2021-09-09 09:51:45 -07:00
Theron Voran 48e0c3fde7
dep: update consul-template to v0.27.0 (#12505) 2021-09-09 09:12:42 -07:00
Theron Voran ed1088d81c
docs: k8s auth issuer lookup (#12506)
Moved the issuer discovery details to from the CSI docs to the K8s
auth docs.
2021-09-09 08:39:21 -07:00
Jim Kalafut 6019f1558e
Update CODEOWNERS (#12521)
Ensure tech writers are aware of docs changes.
2021-09-08 15:39:07 -07:00
Jim Kalafut 162d9eb095
Update 1.8 upgrade guide (#12518) 2021-09-08 13:14:51 -07:00
Alex Cahn dd0f3d9f2d
Update installation.mdx (#12516)
Updating based upon feedback from ServiceNow review
2021-09-08 12:57:15 -07:00
klucks83 eca34706d7
Update Auto Unseal info to say KMS instead of EKS (#10256)
While EKS may be the managed kubernetes environment under the hood, I believe the idea behind this section of the documentation is to use AWS KMS for seal/unseal operations, not EKS.  (i.e. The surrounding documentation is discussing other Auto Unseal options such as Google KMS.)  

The use of the term EKS instead of KMS made it hard for me to discover this section of documentation, and was a little confusing at first until I realized the possible error.
2021-09-08 10:06:24 -07:00
Justin Weissig 718a5f04c9
docs: update packaging (#12459)
* [WIP] docs: update packaging

Update language to support current enterprise packaging.

* Update index.mdx

* Update entropy-augmentation.mdx

* Update entropy-augmentation.mdx

* Update control-groups.mdx

* Update sealwrap.mdx

* Update index.mdx

* Update control-groups.mdx

* Update entropy-augmentation.mdx

* Update index.mdx

* Update index.mdx

* Update sealwrap.mdx

* Update index.mdx

* Update index.mdx

* Update index.mdx
2021-09-08 08:59:25 -07:00
mickael-hc d2310302a1
docs: provide clarifications for github auth method and ssh secrets engine (#12495)
* Clarify that any org GitHub user token can be used

* Clarify ssh secrets allowed_extensions behaviors
2021-09-08 10:55:35 -05:00
John-Michael Faircloth 0d04a9892a
identity: enforce key param and key existence on role creation (#12208)
* identity: handle creation of role without a key parameter

* update docs to not require key parameter for creation of a role

* add changelog

* require key param when creating a role

* lock create/update role; remove now redundant key check

* update changelog and UTs

* update change log to refelct actual implementation

* remove deprecated test case
2021-09-08 10:46:58 -05:00
Rowan Smith b4dbd46928
audit page tweaks based on customer feedback (#12504) 2021-09-08 09:21:36 -04:00
Rachel Culpepper c0ada31a99
Vault-2840 Add no-op check for HTTP listener validity (#12421)
* fips tag and no-op code

* tls check

* change to error

* add tests

* add test file

* cleanup

* add changelog

* fix file difference

* remove changelog
2021-09-07 18:36:58 -04:00
Nicholas Seemiller 8bc69a4ccc
Update examples.mdx (#12333)
Deployment manifest has incorrect `envs` tag. It should be `env`
2021-09-07 17:32:22 -04:00
Pratyoy Mukhopadhyay 448ba32bf4
Update kv input documentation with edge case (#12500) 2021-09-07 13:15:33 -07:00
claire bontempo c9eb55cc16
UI/bar chart horizontal (#12437)
* creates bar chart component

* WIP//starts styling

* fixes width of bars

* WIP//barchart

* uses d3 max method instead of Math.max

* stacks data

* adds y axis

* fixes styling and spacing

* adds spacing between bars

* styling DONE

* adds legend

* adds tooltip

* tweaks styling adds pointer cursor to rects

* fixes tooltip placement

* moves starget from bar to whole area

* finishes hover selection styling

* cleans up

* cleans up a tiny bit

* stopping point

* adjusts tooltip placemnt

* WIP//clean up time

* sort of not broken

* unbroken, ish

* tooltip position fixed

* truncates text and adds tooltip

* changes tooltip width depending on content

* unbroken

* finishes initial refactor/cleanup

* finishes documentation

* passes in map legend to component

* more tidying

* add export option

* adds grid to header for export button option

* updates comments

* fix variable name change

* moves dataset formatting to parent

* removes unused code"

* adds assertions and empty state if no data

* cleans up comments adds assertion to check for map legend

* adds storybook

* adds changelog

* deletes dummy parent:

* restores index.hbs

* uses scss variables instead

* exchanges more variables

* remove unused variable in storybook

* writes basic test

* removes pauseTest()
2021-09-07 12:54:33 -07:00
Daniel Kimsey b4b61efc75
Auto-join support for IPv6 discovery (#12366)
* Auto-join support for IPv6 discovery

The go-discover library returns IP addresses and not URLs. It just so
happens net.URL parses "127.0.0.1", which isn't a valid URL.

Instead, we construct the URL ourselves. Being careful to check if it's
an ipv6 address and making sure it's in explicit form if so.

Fixes #12323

* feedback: addrs & ipv6 test

Rename addrs to clusterIPs to improve clarity and intent

Tighten up our IPv6 address detection to be more correct and to ensure
it's actually in implicit form
2021-09-07 11:55:07 -07:00
Tero Saarni 30ca69f16a
Update github.com/gogo/protobuf (#12255)
* Update github.com/gogo/protobuf

* Fixes #12254 (CVE-2021-3121)

* Update github.com/gogo/protobuf

* Added changelog

Signed-off-by: Tero Saarni <tero.saarni@est.tech>

* go mod tidy
2021-09-07 11:40:14 -07:00
John-Michael Faircloth 01011973a3
feature: OIDC discovery endpoint (#12481)
* OIDC Provider: implement discovery endpoint

* handle case when provider does not exist

* refactor providerDiscover struct and add scopes_supported

* fix authz endpoint
2021-09-07 13:35:23 -05:00
John-Michael Faircloth 2cca67c96f
update couchbase plugin version (#12483)
* update couchbase plugin version

* add changelog

* go get main branch and go mod tidy
2021-09-07 11:48:10 -05:00
akshya96 f4bd14ed3f
Vault 2823 cc namespace (#12393)
* vault-2823 adding changes

* VAULT-2823 adding alias

* Vault-2823 addressing comments

* Vault-2823 removing comments

* Vault-2823 removing comments

* vault-2823 removing q debug

* adding changelog

* Vault-2823 updating external test

* adding approved changes

* fixing returns

* fixing returns
2021-09-07 09:16:12 -07:00
Nick Cabatoff 45a83d8e0f
Add code to api.RaftSnapshot to detect incomplete snapshots (#12388) 2021-09-07 11:16:37 -04:00
Blake Hitchcock cf15a60a87
Send x-forwarded-for in Okta Push Factor request (#12320)
* Send x-forwarded-for in Okta Push Factor request

Why:

In order for Okta to properly report the location of the authentication
attempt, the X-Forwarded-For header must be included in the request to
Okta (if it exists).

This change addresses the need by:

* Duplicating the value of X-Forwarded-For if it's passed through to the
  auth backend

* Add changelog entry for 12320
2021-09-03 13:09:11 -07:00
Chelsea Shaw 4f8d490419
UI: Fix missing nav links on namespace login (#12478)
* Override loading behavior which breaks query params passed to API calls

* Only show loading state if transition is not queryparams only

* Add changelog

* Skip loader if testing
2021-09-03 13:46:50 -05:00
Angel Garbarino 88125d41ac
KV custom metadata test coverage (#12464)
* test coverage

* small changes

* another small change

* fix test

* browserstack blah

* add page object
2021-09-03 11:08:26 -06:00
Kevin Wang 0704d5b2de
fix(website): start script reloads app on save (#12476) 2021-09-03 11:36:36 -04:00
Pratyoy Mukhopadhyay 994372697b
Remove deprecated reauth function from docs (#12482) 2021-09-03 06:09:21 -07:00
Yoko Hyakuna 7c9b06da99
Fix isues 12397 (#12484) 2021-09-02 17:03:55 -07:00
Robert Balent e598ae711a
UI: Show day of month instead of day of year in the expiration warning dialog (#11984)
* Show day of month instead of day of year in expiration warning dialog

* Adding changelog
2021-09-02 18:06:55 -04:00
Zadkiel 6d7ad94097
fix: update injector resources requirements (#11198) 2021-09-02 08:01:02 -07:00
Scott Miller 8b20cae44f
Make necessary OSS changes for contexts in quotas (#12480)
* Make necessary OSS changes for contexts in quotas

* missed one
2021-09-02 09:54:21 -05:00
Lars Lehtonen fe1cf762fd
command: fix dropped test error (#12474) 2021-09-01 16:05:14 -07:00
Scott Miller 0f6543fb41
Upgrade go-limiter to fix building on 1.17 (#12358)
* Upgrade go-limiter

* Modify quota system to pass contexts to upgraded go-limiter

* One more spot

* Add context vars to unit tests

* missed one
2021-09-01 16:28:47 -05:00
Mike Green c04518044a
Clarify on overview page that audit is default replicated (#12298)
* Note that audit is replicated

* tweak

* clarify local is to the cluster, not only the node

* tweaking. i think this makes more sense
2021-09-01 13:53:01 -07:00
Loann Le d385747027
adding ARN in description (#12477) 2021-09-01 13:12:20 -07:00
Nick Cabatoff 5f4f59f19c
Document some missing http status codes. (#12472) 2021-09-01 09:51:26 -04:00
Angel Garbarino c013e4a741
UI add custom metadata to KV2 (#12169)
* initial setup

* form field editType kv is very helpful

* setting up things

* setup two routes for metadata

* routing

* clean up routing

* meh router changes not my favorite but its working

* show metadata

* add controller for backendCrumb mixin

* setting up edit metadata and trimming SecretEditMetadata component

* add edit metadata save functionality

* create new version work

* setup model and formfieldgroups for added config data.

* add config network request to secret-engine

* fix validations on config

* add config rows

* breaking up secret edit

* add validation for metadata on create

* stuff, but broken now on metadata tab

* fix metadata route error

* permissions

* saving small text changes

* permissions

* cleanup

* some test fixes and convert secret create or update to glimmer

* all these changes fix secret create kv test

* remove alert banners per design request

* fix error for array instead of object in jsonEditor

* add changelog

* styling

* turn into glimmer component

* cleanup

* test failure fix

* add delete or

* clean up

* remove all hardcoded for api integration

* add helper and fix create mode on create new version

* address chelseas pr comments

* add jsdocs to helper

* fix test
2021-08-31 09:41:41 -06:00
vinay-gopalan c99cf35b6a
[VAULT-3347] Ensure Deduplication in Provider and Client APIs in OIDC Provider (#12460)
* add deduplication for Provider

* add deduplication to provider client API

* add changelog

* delete changelog

* update comments

* update test names
2021-08-30 13:57:28 -07:00
Nick Cabatoff 0762f9003d
Refactor usages of Core in IdentityStore so they can be decoupled. (#12461) 2021-08-30 15:31:11 -04:00
John-Michael Faircloth a8ee8854e3
fix struct tags and test in ldaputil (#12376)
* fix struct tags and test in ldaputil

* update test to include ClientTLSCert and ClientTLSKey

* add cert and key to TestConfig test case
2021-08-30 14:09:03 -05:00
claire bontempo af77a545cf
tiny typo (#12455) 2021-08-30 10:02:07 -07:00