Commit Graph

14040 Commits

Author SHA1 Message Date
Arnav Palnitkar d161bfe1a6
Added support for Oracle db connection (#12752)
* Added support for Oracle db connection

* Added changelog

* Fixed test

* Added test for role setting

* Skip full acceptance test in case of oracle db

* Fix db role test

* Update changelog

* Fix db role fields after rebase

* Added missing test
2021-10-11 09:20:23 -07:00
Rémi Lapeyre 308806eee3
Return 404 response when looking for a secret_id_accessor that does not exist (#12788)
* Return 404 response when looking for an secret_id_accessor that does not exist

Closes https://github.com/hashicorp/vault/issues/12660
2021-10-11 15:07:51 +01:00
Loann Le 964a0f3b15
Vault documentation: added new code sample to Kubernetes documentation (#12774)
* added new code sample for k8s auth

* Update kubernetes.mdx

removed spacing
2021-10-08 14:57:53 -07:00
John-Michael Faircloth e72c15426b
OIDC: Unique prefix to client_secret (#12745)
* Unique prefix to client_id and client_secret

* only prefix client secret and use constants

* split client secret checks
2021-10-08 16:02:20 -05:00
Loann Le 833b51dbba
Documentation: added new c# code samples to Vault documentation (#12769)
* added new code sample for C-sharp

* Update aws.mdx

Removed extra spacing

* added more code samples

* Update gcp.mdx

removed spacing

* Update aws.mdx

remove spacing
2021-10-08 08:54:26 -07:00
Rowan Smith 893a4b9051
raft auto_join_scheme documentation update (#12701) 2021-10-08 08:32:50 -04:00
Tom Proctor 0180ba2984
agent: tolerate partial restore failure from persistent cache (#12718)
* agent: tolerate partial restore failure from persistent cache

* Review comments: improved consistency, test robustness, comments, assertions
2021-10-08 11:30:04 +01:00
Jim Kalafut 65d0718a17
Update docs to reference paths filters instead of mount filters (#12717) 2021-10-07 22:53:07 -07:00
claire bontempo 4b709e8b3b
UI/Add Elasticsearch DB (#12672)
* displays empty state if database is not supported in the UI

* adds elasticsearch db plugin

* adds changelog

* updates elasticsearch attrs

* move tls_server_name to pluginConfig group

* move role setting fields to util

* updates comments and refactors using util function

* adds tests for elasticsearch

* fixes indentation

* when local host needs https

* adds line at bottom of hbs file
2021-10-07 14:00:42 -07:00
hghaf099 1b54217094
Adds note about policy needed for batch dr token (#12767) 2021-10-07 16:15:32 -04:00
Jason O'Donnell 403595fa9f
docs: add note for rolesets to avoid globs in policies (#12756)
* docs: add note for rolesets to avoid wildcards in policies

* Add note about not using example

* Change wildcard to glob

* Update website/content/docs/upgrading/upgrade-to-1.8.0.mdx

Co-authored-by: mickael-hc <86245626+mickael-hc@users.noreply.github.com>

* Update documentation per review

* Update per review

* Update website/content/docs/upgrading/upgrade-to-1.8.0.mdx

Co-authored-by: Calvin Leung Huang <1883212+calvn@users.noreply.github.com>

Co-authored-by: mickael-hc <86245626+mickael-hc@users.noreply.github.com>
Co-authored-by: Calvin Leung Huang <1883212+calvn@users.noreply.github.com>
2021-10-07 15:35:56 -04:00
Scott Miller 1097f356af
Add a TRACE log with TLS connection details on replication connections (#12754)
* remove cruft
use helper
Add a helper for getting public key sizes
wip

* error names

* Fix ecdsa

* only if trace is on

* Log listener side as well

* rename

* Add remote address

* Make the log level configurable via the env var, and a member of the Listener and thus modifiable by tests

* Fix certutil_test
2021-10-07 14:17:31 -05:00
Chelsea Shaw 7fd527dc9a
UI update changelog link (#12766)
* Update changelog link

* Update test
2021-10-07 11:38:12 -06:00
Austin Gebauer e09657e1f3
Adds ability to define an inline policy and internal metadata on tokens (#12682)
* Adds ability to define an inline policy and internal metadata to tokens

* Update comment on fetchEntityAndDerivedPolicies

* Simplify handling of inline policy

* Update comment on InternalMeta

Co-authored-by: Brian Kassouf <briankassouf@users.noreply.github.com>

* Improve argument name

Co-authored-by: Brian Kassouf <briankassouf@users.noreply.github.com>

* Use explicit SkipIdentityInheritance token field instead of implicit InlinePolicy behavior

* Add SkipIdentityInheritance to pb struct in token store create method

* Rename SkipIdentityInheritance to NoIdentityPolicies

* Merge latest from main and make proto

Co-authored-by: Brian Kassouf <briankassouf@users.noreply.github.com>
2021-10-07 10:36:22 -07:00
Pamela Bortnick 5e4ca0468f
Update social share image (#12441)
* Update social share image

* Update image for social share
2021-10-07 13:34:44 -04:00
swayne275 b9fde1dd6f
oss port (#12755) 2021-10-07 11:25:16 -06:00
Bryce Kalow 55e195f161
website: upgrades dependencies (#12670)
* upgrades deps and gets it building

* remove unneeded css file

* fix: hide intended elements in print (#12710)

* upgrade deps to latest

Co-authored-by: Zachary Shilton <4624598+zchsh@users.noreply.github.com>
2021-10-07 11:23:19 -04:00
Tim Peoples 17eb29f1d3
Update plugin proto to send tls.ConnectionState (Op.2) (#12581) 2021-10-07 08:06:09 -04:00
Rowan Smith f21be1ed1c
updated vault.core.license.expiration_time_epoch (#12760) 2021-10-07 07:14:25 -04:00
Yoan Blanc 5951b832bb
docs: since Vault 1.0 Unseal is OSS (#12268)
* docs: since Vault 1.0 Unseal is OSS

Signed-off-by: Yoan Blanc <yoan@dosimple.ch>

* fixup! docs: since Vault 1.0 Unseal is OSS

Signed-off-by: Yoan Blanc <yoan@dosimple.ch>

* fixup! fixup! docs: since Vault 1.0 Unseal is OSS

Signed-off-by: Yoan Blanc <yoan@dosimple.ch>
2021-10-06 13:35:35 -07:00
Meggie a1c4bb5ba4
Updating website for 1.8.4 (#12751) 2021-10-06 16:23:37 -04:00
Meggie f496f21f40
changelog++ 2021-10-06 16:20:03 -04:00
vinay-gopalan 458927c2ed
[VAULT-3157] Move `mergeStates` utils from Agent to api module (#12731)
* move merge and compare states to vault core

* move MergeState, CompareStates and ParseRequiredStates to api package

* fix merge state reference in API Proxy

* move mergeStates test to api package

* add changelog

* ghost commit to trigger CI

* rename CompareStates to CompareReplicationStates

* rename MergeStates and make compareStates and parseStates private methods

* improved error messaging in parseReplicationState

* export ParseReplicationState for enterprise files
2021-10-06 10:57:06 -07:00
Michael Boulding 79662d0842
Patch to support VAULT_HTTP_PROXY variable (#12582)
* patch to support VAULT_HTTP_PROXY variable

* simplify the proxy replacement

* internal code review

* rename to VAULT_HTTP_PROXY, apply within ReadEnvironment

* clean up some unintended whitespace changes

* add docs for the new env variable and a changelog entry

Co-authored-by: Dave Du Cros <davidducros@gmail.com>
2021-10-06 09:40:31 -07:00
VAL 1549af7e53
Add links to vault-examples repo (#12740) 2021-10-05 10:15:01 -07:00
Anner J. Bonilla 8c29f49e1a
Add support for ed25519 (#11780)
* update azure instructions

Update instructions in regards to azure AD Authentication and OIDC

* Initial pass of ed25519

* Fix typos on marshal function

* test wip

* typo

* fix tests

* missef changelog

* fix mismatch between signature and algo

* added test coverage for ed25519

* remove pkcs1 since does not exist for ed25519

* add ed25519 support to getsigner

* pull request feedback

Signed-off-by: Anner J. Bonilla <abonilla@hoyosintegrity.com>

* typo on key

Signed-off-by: Anner J. Bonilla <abonilla@hoyosintegrity.com>

* cast mistake

Signed-off-by: Anner J. Bonilla <abonilla@hoyosintegrity.com>

Co-authored-by: Jim Kalafut <jkalafut@hashicorp.com>
2021-10-05 11:28:49 -04:00
Sam Salisbury b979b52ed8
Update builder base image (#12709)
* build: update base image: debian:bullseye-20210927
2021-10-05 16:21:26 +01:00
Lars Lehtonen 838e20778d
builtin/logical/consul: fix dropped test error (#12733) 2021-10-05 12:09:13 +01:00
claire bontempo 42ae96ed1c
UI/ PKI UI Redesign (#12541)
* installs node-forge

* correctly displays and formats cert metadata

* removes labels

* uses helper in hbs file

* adds named arg to helper

* pki-ca-cert displays common name, issue & expiry date

* alphabetizes some attrs

* adds test for date helper
2021-10-04 14:31:36 -07:00
Scott Miller b84100d4a0
Upgrade go-kms-wrapping to pickup oci-go-sdk update (#12724)
* Upgrade go-kms-wrapping to pickup oci-go-sdk update

* changelog
2021-10-04 16:21:38 -05:00
Steven Clark fa57ba0ccf
Fix 1.8 regression preventing email addresses being used as common name within pki certificates (#12336) (#12716)
* Fix 1.8 regression preventing email addresses being used as common name within pki certs (#12336)

* Add changelog
2021-10-04 14:02:47 -04:00
hghaf099 a3796997d9
Fix a Deadlock on HA leadership transfer (#12691)
* Fix a Deadlock on HA leadership transfer when standby
was actively forwarding a request
fixes GH #12601

* adding the changelog
2021-10-04 13:55:15 -04:00
Chelsea Shaw c84bdbf1f6
Auth method role edit form should be valid by default (#12646)
* isFormInvalid should be false by default and update on keyup

* Add changelog
2021-10-04 11:53:24 -06:00
Ian Ferguson afb501a0d4
Upgrade pq to fix connection failure cleanup bug (v1.8.0 => v1.10.3) (#12413)
* Upgrade pq to fix connection failure cleanup bug (v1.8.0 => v1.10.3)

* Run go mod tidy after `go get -u github.com/lib/pq`

* include changelog/12413.txt
2021-10-01 14:35:51 -07:00
Calvin Leung Huang 752e4a48a1
docs: add plugin limits and lifecycle sections (#12697)
* docs: add plugin limits and lifecycle sections

* remove extranous comments on the limits page

* add more lifecycle cases, review feedback

* address follow-up review feedback

* rename section to "External plugin limits"
2021-10-01 11:59:13 -07:00
Calvin Leung Huang f56654ef56
gomod: run go mod tidy (#12712) 2021-10-01 11:38:24 -07:00
vinay-gopalan 680e8515fa
[VAULT-3472] Cap Client `id_token_ttl` field to associated Key's `verification_ttl` (#12677) 2021-10-01 10:47:40 -07:00
Matt Greenfield 8577602395
Fix entity group associations (#10085)
- When two entities are merged, remove the from entity ID in any
  associated groups.
- When two entities are merged, also merge their associated group
  memberships.

Fixes #10084
2021-10-01 10:22:52 -04:00
Jim Kalafut 187a15faf2
Update CODEOWNERS (#12695)
Route plugin portal changes to `acahn` as well.
2021-09-30 12:51:47 -07:00
Ben Ash dda2c1ed88
upgrade vault-plugin-auth-kubernetes (#12688)
* fix: upgrade vault-plugin-auth-kubernetes

-  on alias look ahead, validate JWT token against the role's configuration
2021-09-30 14:25:09 -04:00
Siddharth 97914173fe
Update plugin-portal.mdx (#12681) 2021-09-30 11:00:44 -07:00
Loann Le 037c538ed0
Updated documentation: added new code example and reference (#12693)
* added new code example

* Update website/content/docs/concepts/auth.mdx

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>

* Update website/content/docs/concepts/lease.mdx

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>

* Update lease.mdx

* Update website/content/docs/concepts/lease.mdx

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>
2021-09-30 10:46:01 -07:00
Jim Kalafut 06d53f1b18
Highlight that password policies are defined in a namespace (#12692) 2021-09-30 09:41:45 -07:00
Theron Voran 1210a9d319
docs: vault-k8s-0.13.1 vault-helm-0.16.1 (#12680)
Vault K8s 0.13.1 and Vault Helm 0.16.1 updated the default Vault
image, so making the corresponding docs updates here.
2021-09-30 08:49:56 -07:00
Mayo 0bd0339c0b
cleanup unused code and fix t.Fatal usage in goroutine in testing (#11694) 2021-09-30 07:33:14 -04:00
Brian Kassouf 39a9727c8b
Update protobuf & grpc libraries and protoc plugins (#12679) 2021-09-29 18:25:15 -07:00
vinay-gopalan 447fdf624a
Upgrade awsutil package version to 0.1.5 (#12621)
* upgrade awsutil version to 0.1.5

* add changelog

* update changelog
2021-09-29 14:45:35 -07:00
Jim Kalafut c944222f2a
Update changelog checker to catch invalid "fix" type (#12674) 2021-09-29 14:02:03 -07:00
Chelsea Shaw e77e65d1b3
Docfix: "Fix" is not a valid release-note type (#12676) 2021-09-29 14:54:58 -06:00
Angel Garbarino 92223b600e
KV search box when no list access to metadata (#12626)
* get credentials card test and setup

* call getcrednetials card and remove path test error

* configuration

* metadata search box

* changelog

* checking if it is noReadAccess

* try removing test

* blah

* a test

* blah

* stuff

* attempting a clean up to solve issue

* Another attempt

* test1

* test2

* test3

* test4

* test5

* test6

* test7

* finally?

* clean up
2021-09-29 14:35:00 -06:00