Commit graph

13735 commits

Author SHA1 Message Date
Nick Cabatoff 474c4e8134
Make cubbyhole revocation/tidying compatible with cubbys in namespaces. (#11408) 2021-04-19 17:28:04 -04:00
Chelsea Shaw 449a45baaa
Add root rotation statement support to mongoDB (#11404)
* Add root rotation statement support to mongoDB

* Add changelog
2021-04-19 15:40:44 -05:00
xka5h 034442b9ee
Update index.mdx to fix link to vault agent as a windows service link (#11356)
* Update index.mdx

fixed link for windows agent

* removing the 's' in agents

Co-authored-by: Bryce Kalow <bkalow@hashicorp.com>

Co-authored-by: Bryce Kalow <bkalow@hashicorp.com>
2021-04-19 11:36:43 -07:00
Nick Cabatoff a8023e0fdb
Add support for unauthenticated pprof access on a per-listener basis,… (#11324)
* Add support for unauthenticated pprof access on a per-listener basis, as we do for metrics.

* Add missing pprof sub-targets like 'allocs' and 'block'.  Capture the goroutine subtarget a second time in text form.  This is mostly a convenience, but also I think the pprof format might be a bit lossy?
2021-04-19 14:30:59 -04:00
Noah Fontes 0f45cd37ea
Add community-maintained OAuth 2.0/OIDC secrets plugin to plugin portal docs (#11280) 2021-04-19 11:20:50 -07:00
Calvin Leung Huang a8cafab083
pki: fix tidy removal on revoked entries (#11367)
* pki: fix tidy removal on revoked entries

* add CL entry
2021-04-19 09:40:40 -07:00
Austin Gebauer 18999489d9
Updates the JWT/OIDC auth plugin to v0.9.3 (#11388) 2021-04-19 09:14:17 -07:00
Michael Golowka 4279bc8b34
Validate hostnames when using TLS in Cassandra (#11365) 2021-04-16 15:52:35 -06:00
Nick Cabatoff 541ae8636c
On lease deletion, also delete non-orphan batch token parent index (#11377) 2021-04-16 17:03:22 -04:00
Michael Golowka 771b963a04
Cassandra DB plugin: Allow special chars in usernames (#11262) 2021-04-16 14:01:15 -06:00
Nick Cabatoff 684ebf0928
Don't cut off stack traces at 32MB. (#11364) 2021-04-16 15:55:05 -04:00
Nick Cabatoff b07a10331f
Add metrics for requests forwarded by standbys. (#11366) 2021-04-16 14:02:20 -04:00
Nick Cabatoff 242d258e94
Fix goroutine leak caused by updating rate quotas (#11371)
Make sure that when we modify a rate quota, we stop the existing goroutine before starting the new one.
2021-04-16 14:00:01 -04:00
Nick Cabatoff 50a471a5e1
Add config docs for leader_tls_servername. (#11369) 2021-04-16 09:40:42 -04:00
Nick Cabatoff 7a359ef658
Add CL for #11252. (#11368) 2021-04-16 09:33:47 -04:00
Nick Cabatoff 4312c2381e
Clarify non-explicit cloud auth for autosnapshots. (#11370) 2021-04-16 09:14:52 -04:00
Nick Cabatoff 33dd025278
When a standby does a ForwardRequest, it's not using the request context, and thus not getting timed out properly when it takes too long. (#11322)
The rpcClientConnContext is still used to terminate gRPC internal/dialer-related goroutines, but the actual RPC is now timed out when the request times out, e.g. due to the default max request duration.  This mirrors what we do with the parallel forwarding code in ENT.
2021-04-15 10:23:26 -04:00
Jim Kalafut 30a8b79d6d
Update changelog (#11359)
Add PR link
2021-04-14 16:47:55 -07:00
Jim Kalafut 917633e89d
Update Changelog (#11358)
These two C/L were not backported to the 1.7 release branch.
2021-04-14 16:42:09 -07:00
Chelsea Shaw a3c396991c
UI/database mssql (#11231)
Add MSSQL plugin support in database secrets engine
2021-04-14 16:07:07 -05:00
Jason O'Donnell cc107171e2
docs: update vault-helm to 0.11.0 (#11355)
* docs: update vault-helm to 0.11.0

* Update website/content/docs/platform/k8s/helm/configuration.mdx

Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com>

* Update website/content/docs/platform/k8s/helm/configuration.mdx

Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com>

* Update configuration.mdx

Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com>
2021-04-14 11:20:26 -04:00
Tom Proctor 1139ce7cce
Add documentation for vault-csi-provider namespace config (#11344) 2021-04-14 14:53:15 +01:00
Jason O'Donnell 0363fcd3fb
docs: update vault-k8s to 0.10.0 (#11354) 2021-04-14 09:46:28 -04:00
Kendall Strautman 2541433166
patch(docs): fix link color (#11352) 2021-04-13 15:59:43 -04:00
Tom Proctor f932999bda
Add TFE/TFC auth plugin to plugin portal (#11348)
* Add TFE/TFC auth plugin to plugin portal

As requested in #11202, this is an auth plugin designed to be run within TFE/TFC.

* Expand acronyms
2021-04-13 10:22:38 -07:00
Jeff Escalante 873f5edd2c
fix a couple typos (#11343) 2021-04-12 16:47:34 -04:00
Hridoy Roy 996f114ad7
TLS Diagnose Formatting Fixes (#11342)
* diagnose formatting fixes

* diagnose formatting fixes
2021-04-12 10:55:33 -07:00
Hridoy Roy fde9f2f71d
Add More TLS Tests and Verification of TLS Root Certificate (#11300)
* tls tests and root verification

* make the certificate verification check correct for non root CA case

* add expiry test

* addressed comments but struggling with the bug in parsing Cas and inters from single file:

* final checks on tls and listener

* cleanup
2021-04-12 08:39:40 -07:00
Vishal Nayak 9bf4fe2f64
Add HA only autopilot to changelog (#11339) 2021-04-12 09:57:45 -04:00
Vishal Nayak 4666f40925
Support autopilot when raft is for HA only (#11260) 2021-04-12 09:33:21 -04:00
Arnav Palnitkar 0b81d4b9c4
Fixes for db connection file type field (#11331)
- Fixed helper text for file type form fields
- Added padding bottom to form section
2021-04-09 13:00:39 -07:00
Brian Kassouf 49489da596
Fix flakey TestAgent_Template_Retry test (#11332) 2021-04-09 12:11:01 -07:00
Scott Miller 3dfe5176ee
Darwin/ARM64 build target (#11321)
* Update to Go 1.16.2 for build/dev

* Update SDK version_base

* 1st attempt

* Update docker images

* wip

* wip
2021-04-09 09:53:03 -05:00
Jim Kalafut c93b012364
Fix broken OIDC Providers link (#11327)
Recent website framework changes don't render pages that aren't linked
from the sidebar. This page has been (for now at least) added to the
sidebar to fix the issue.
2021-04-08 15:25:53 -07:00
Angel Garbarino 5d53bccdbf
Bug: DB secret engine not showing "Select one" in role select options (#11294)
* fix issue on mongo db where the select one was not showing

* add changelog
2021-04-08 13:46:40 -06:00
Shahar Danus bcf72c5143
bumping alpine version, improving security (#11271) 2021-04-08 10:45:03 -07:00
Brian Kassouf 303c2aee7c
Run a more strict formatter over the code (#11312)
* Update tooling

* Run gofumpt

* go mod vendor
2021-04-08 09:43:39 -07:00
Jason O'Donnell 11d779154d
docs: add persistent cache (#11272)
* docs: add persistent cache

* Clarify documentation

* Update website/content/docs/agent/caching/index.mdx

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

* Update website/content/docs/agent/caching/persistent-caches/kubernetes.mdx

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

* Update index.mdx

* Update website/content/docs/agent/caching/index.mdx

Co-authored-by: Calvin Leung Huang <cleung2010@gmail.com>

* Update website/content/docs/agent/caching/index.mdx

Co-authored-by: Calvin Leung Huang <cleung2010@gmail.com>

* Update index.mdx

* Update kubernetes.mdx

* Resolve conflicts

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>
Co-authored-by: Calvin Leung Huang <cleung2010@gmail.com>
2021-04-08 10:19:17 -04:00
Brian Kassouf de0253056c
Fix a few static analysis findings (#11307) 2021-04-07 16:48:40 -07:00
Meggie bd0fefe47f
Changing from "changelog" to "release-note" (#11303) 2021-04-07 18:21:01 -04:00
Andreas Gruhler 5c35d55b2f
replace reference to version 1.6.4 with 1.7 (#11223)
Co-authored-by: Scott Miller <smiller@hashicorp.com>
2021-04-07 16:39:59 -05:00
Roger Berlind 2762c45c9b
add Vault Enterprise license page (#11261)
* add Vault Enterprise license page

* move license to index.mdx

* Remove `.mdx` from the hyperlink URL

Co-authored-by: Yoko <yoko@hashicorp.com>
2021-04-07 14:31:06 -07:00
Scott Miller 6f084b75f1
Update Go to 1.16.2 for the 1.8-dev cycle (#11267)
* Update to Go 1.16.2 for build/dev

* Update SDK version_base

* Update docker images

* make packages
2021-04-07 15:46:42 -05:00
Brandon Romano 28dbaa6dd0
Update the homepage hero CTAs (#11301) 2021-04-07 14:43:32 -04:00
Angel Garbarino ea7e77cb4e
Bug Fix: OIDC with hcp flag (#11283)
* add conditional

* add changelog
2021-04-07 10:46:06 -06:00
Scott Miller 2e0c1fb9dc
Add a Changelog entry for 10181 (#11293) 2021-04-07 11:44:19 -05:00
Scott Miller 080c9ca6ba
Fix err shadowing (#11296) 2021-04-07 11:25:23 -05:00
Brandon Romano 7daf061216
HCP Website Updates (#11292)
* Updates the HCP Vault section copy

* Updates alert banner

* Updates Meganav

* Adds a HCP slot to the downloads page
2021-04-07 11:26:55 -04:00
Conrad Lara 3f51589be6
Potential data loss in DynamoDB backend (#10181)
fixes hashicorp/vault#5836

DynamoDB may when throttled return a 2xx response while not committing
all submitted items to the database.

Depending upon load all actions in a BatchWriteUpdate may be throttled
with ProvisionedThroughputExceededException in which case AWS SDK handles
the retry. If some messages were throttled but not all
ProvisionedThroughputExceededException is not returned to the SDK and it
is up to us to resubmit the request.

Using an exponential backoff as recommended in AWS SDK for times we possibly
get partially throttled repeatedly.
2021-04-07 09:44:42 -05:00
Nick Cabatoff c2673ee86a
Move SanitizedConfig back to a shared-ent file. (#11291) 2021-04-07 10:25:05 -04:00