Commit graph

15495 commits

Author SHA1 Message Date
Austin Gebauer 7d0a252d55
auth/gcp: adds note on custom endpoints to configuration section (#15990) 2022-06-15 10:06:58 -07:00
Loann Le 1d90d2c674
updated table for vault 1.11 release (#15856) 2022-06-15 09:40:49 -07:00
Steven Clark 9a31a52870
Update semgrep to the latest version - 0.97.0 (#15987) 2022-06-15 10:05:47 -04:00
Josh Black d2ed39a04e
Correct drift between ENT and OSS (#15966) 2022-06-14 17:53:19 -07:00
Arnav Palnitkar 86a9c1f7d5
KMSE provider list menu fix (#15979)
* KMSE provider list menu fix

- Backend value had to be mapped to the payload so capabilities call
can be triggered. Based on the response from capabilities, options are
rendered in the more menu dropdown.

* update serializer to retain existing values
2022-06-14 11:36:26 -07:00
claire bontempo bd16f2a0de
UI/Update CircleCi Config for UI Tests (#15964)
* change docker image

* re-add exit if branch ui/

* update test name

* remove set -x
2022-06-14 11:20:15 -07:00
Theron Voran 7992c7b22e
docs/vault-k8s: update the service annotation (#15965)
The injector's `service` annotation is really the vault address to
use, and not just the name of the service.

Also change a couple mentions of "controller" to "injector".
2022-06-14 11:03:00 -07:00
Jordan Reimer 8374956ebe
KMSE distribute key bug (#15971)
* fixes issue with distributed kmse key not appearing on provider until after refresh

* updates provider-edit test and adds enterprise to kmse acceptance test module name

* updates keymgmt acceptance test module name
2022-06-14 11:12:37 -06:00
Jordan Reimer 318eb68442
fixes issue with error being swallowed from secrets backend list item delete (#15975) 2022-06-14 11:12:03 -06:00
Alexander Scheel aeb09e8ec9
Clarify permitted_dns_domains are Name Constraints (#15972)
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2022-06-14 12:46:56 -04:00
Angel Garbarino b06573a903
Move PKI components to PKI Folder (#15963)
* params

* fix tests

* role-pki to pki-role

* role-pki-edit to pki/role-pki-edit

* configure-pki-secret component

* config-pki and config-pki-ca components

* fix tests

* pki-cert-show and pki-cert-popup

* fix
2022-06-14 10:18:06 -06:00
Steven Clark f920400f95
TestLifetimeWatcher: Address race condition in test assertions (#15969)
- If the timing is correct, a delay in the test's select might see the
   doneCh signal before the renew channels signal. If that happens, the
   test fails as it assumes we will receive signals across different
   channels in order.
 - Rework the test to make sure that we read from the renew channel if expected
   and the done channel so that any errors might not be escaping from detection
   on a renew.
2022-06-14 09:44:51 -04:00
Kerim Satirli c77199fe8d
updates leasId to leaseId (#15685)
* updates `leasId` to `leaseId`

* adds changelog
2022-06-13 13:17:07 -05:00
Kyle MacDonald 9a003cb7b3
docs: update double use of "note" in client faq (#15958) 2022-06-13 13:37:58 -04:00
Alexander Scheel 0cbbea1cbe
Update containerd/containerd indirect test dep (#15816)
* Update containerd/containerd indirect test dep

This dependency is pulled in from our testing infra and not in our final
Vault version. However, updating this dep pulls in newer versions of
other deps (such as protobuf) which are used at runtime. Updated via:

$ go get github.com/containerd/containerd@v1.5.13 && go mod tidy

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Update moby/moby direct test dep

Since docker/docker has an indirect dep on containerd, I've updated it
as well:

$ go get github.com/docker/docker@v20.10.17 && go mod tidy

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2022-06-13 13:37:12 -04:00
Alexander Scheel 28916301c1
Document agent injecting PKI CAs (#15930)
* Document agent injecting PKI CAs

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Remove extra empty-string conditional
2022-06-13 13:15:54 -04:00
Nick Cabatoff 9ffa7ae257
Add 1.10 upgrade note for SSCT on Consul. (#15873) 2022-06-13 11:48:53 -04:00
Violet Hynes c1e2d9c062
VAULT-6091 Document Duration Format String (#15920)
* VAULT-6091 Document duration format

* VAULT-6091 Document duration format

* VAULT-6091 Update wording

* VAULT-6091 Update to duration format string, replace everywhere I've found so far

* VAULT-6091 Add the word 'string' to the nav bar

* VAULT-6091 fix link

* VAULT-6091 fix link

* VAULT-6091 Fix time/string, add another reference

* VAULT-6091 add some misses for references to this format
2022-06-13 08:51:07 -04:00
Luciano Di Lalla 08fa708225
Update CHANGELOG.md (#15919)
* Update CHANGELOG.md

* Update CHANGELOG.md

Co-authored-by: Meggie <meggie@hashicorp.com>

* Update CHANGELOG.md

Co-authored-by: Meggie <meggie@hashicorp.com>

* Update CHANGELOG.md

Co-authored-by: Meggie <meggie@hashicorp.com>

* Update CHANGELOG.md

* Update CHANGELOG.md

Co-authored-by: Meggie <meggie@hashicorp.com>

* Update CHANGELOG.md

Co-authored-by: Meggie <meggie@hashicorp.com>

* Update CHANGELOG.md

Co-authored-by: Meggie <meggie@hashicorp.com>

* Update CHANGELOG.md

Co-authored-by: Meggie <meggie@hashicorp.com>

Co-authored-by: Meggie <meggie@hashicorp.com>
2022-06-10 21:28:14 -04:00
Austin Gebauer ec778e3d9f
docs/oidc: adds missing steps for Google Workspace configuration (#15943) 2022-06-10 16:29:49 -07:00
Christopher Swenson dfd3eb8bb6
database plugin: Invalidate queue should cancel context first (#15933)
To signal to any credentials rotating goroutines that they should cancel
pending operations, which reduces lock contention.
2022-06-10 13:41:47 -07:00
Hridoy Roy 0514503d2c
docs for activity log noncontiguous billing period changes (#15882)
* docs for activity log noncontiguous return changes

* add description of default start and end time to clarify meaning of billing period
2022-06-10 09:27:24 -07:00
Violet Hynes abf65c8a0b
VAULT-5095 Update docs to reflect that child namespaces do not inherit parent quotas (#15906)
* VAULT-5095 Update docs to reflect current behaviour

* Update website/content/api-docs/system/lease-count-quotas.mdx

Co-authored-by: Nick Cabatoff <ncabatoff@hashicorp.com>

* Update website/content/api-docs/system/rate-limit-quotas.mdx

Co-authored-by: Nick Cabatoff <ncabatoff@hashicorp.com>

Co-authored-by: Nick Cabatoff <ncabatoff@hashicorp.com>
2022-06-10 11:53:01 -04:00
Mark Lewis 50a5a1d16f
Update index.mdx (#15861)
Typo
2022-06-10 11:44:43 -04:00
Steven Clark ecb91cd7e1
ssh: Do not convert errors into logical.ErrorResponse in issue path (#15929) 2022-06-10 11:21:29 -04:00
Chris Capurso 94c5936e27
return bad request instead of server error for identity group cycle detection (#15912)
* return bad request for identity group cycle detection

* add changelog entry

* use change release note instead of improvement

* fix err reference

* fix TestIdentityStore_GroupHierarchyCases
2022-06-10 10:15:31 -04:00
Alexander Scheel 0320673c97
Fix location of not_before_duration on ssh docs (#15926)
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2022-06-10 10:14:44 -04:00
Alexander Scheel 6f66e5cd48
Allow reading Nomad CA/Client cert configuration (#15809)
* Allow reading Nomad CA/Client cert configuration

In the Nomad secret engine, writing to /nomad/config/access allows users
to specify a CA certificate and client credential pair. However, these
values are not in the read of the endpoint, making it hard for operators
to see if these values were specified and if they need to be rotated.

Add `ca_cert` and `client_cert` parameters to the response, eliding the
`client_key` parameter as it is more sensitive (and should most likely
be replaced at the same time as `client_cert`).

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add changelog

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Fix tests to expect additional fields

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add test with existing CA/client cert+key

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2022-06-10 10:09:54 -04:00
Gabriel Santos 57eeb33faa
SSH secrets engine - Enabled creation of key pairs (CA Mode) (#15561)
* Handle func

* Update - check if key_type and key_bits are allowed

* Update - fields

* Generating keys based on provided key_type and key_bits

* Returning signed key

* Refactor

* Refactor update to common logic function

* Descriptions

* Tests added

* Suggested changes and tests added and refactored

* Suggested changes and fmt run

* File refactoring

* Changelog file

* Update changelog/15561.txt

Co-authored-by: Alexander Scheel <alexander.m.scheel@gmail.com>

* Suggested changes - consistent returns and additional info to test messages

* ssh issue key pair documentation

Co-authored-by: Alexander Scheel <alexander.m.scheel@gmail.com>
2022-06-10 09:48:19 -04:00
Angel Garbarino 17eed2a814
Quick Bug Fix: missing database icon on overview page (#15921)
* fix missing icon

* fix:
2022-06-09 19:43:36 -06:00
Angel Garbarino ccc584efa1
Glimmerize mount-backend-form (#15911)
* glimmerize

* clean up

* fix
2022-06-09 19:15:49 -06:00
Dave May 0f42131350
Fix debug bundle panic on Windows (#14399)
* Fix debug bundle panic on Windows

* Add changelog entry
2022-06-09 15:57:45 -07:00
Austin Gebauer 1bd49383cd
secrets/db: documents credential types and snowflake key pair auth (#15892) 2022-06-09 15:56:50 -07:00
akshya96 8f115a9904
Parse ha_storage in config (#15900)
* parsing values in config ha_storage

* adding changelog

* adding test to parse storage
2022-06-09 15:55:49 -07:00
Austin Gebauer 4cfec18bae
docs/postgres: replaces lib/pq with pgx (#15901) 2022-06-09 14:37:14 -07:00
VAL 19a195aae7
Use latest api version (#15917) 2022-06-09 13:47:04 -07:00
VAL 1fe2a2ddd2
Update minimum required go version for api (#15915)
* Update minimum required go version for api

* Update root go.mod to use latest sdk
2022-06-09 13:15:18 -07:00
VAL bbcd47b10a
Update minimum required go version for sdk (#15913) 2022-06-09 12:25:24 -07:00
claire bontempo 5ed7a01b32
UI: Fix tooltip hover for vertical bar chart (#15909)
* fix tooltip

* remove unnecessary test attr
2022-06-09 11:03:29 -07:00
Jordan Reimer 26b8de8286
Remove deprecated core-js version from production builds (#15898)
* updates deps and build to exclude deprecated core-js version and adds eslint compatibility plugin

* removes eslint compat plugin config from eslintrc and updates browserslistrc targets

* adds changelog entry
2022-06-09 09:12:59 -06:00
Peter Wilson bb55a1127f
Removed IRC reference in architecture internals doc (#15904)
* Removed IRC reference in architecture internals doc
2022-06-09 15:41:14 +01:00
Tom Proctor ae711a4c81
Add change release note for Kubernetes auth (#15891) 2022-06-09 10:07:43 +01:00
VAL 48ed15c445
Use KV helpers in docs and dev quickstart guide (#15902) 2022-06-08 17:37:02 -07:00
akshya96 fbda6d5110
Kv cas parameter documentation (#15885)
* adding cas documentation changes

* remove extra space

* remove -
2022-06-08 16:51:08 -07:00
bhowe34 763f9ad732
pass context to postgres queries (#15866)
* pass context to postgres queries

* add changelog

* Update changelog/15866.txt

Co-authored-by: Alexander Scheel <alexander.m.scheel@gmail.com>

Co-authored-by: Alexander Scheel <alexander.m.scheel@gmail.com>
2022-06-08 17:54:19 -04:00
Chris Capurso 75aa55eb57
add OSS noop check for valid ent storage (#15894) 2022-06-08 17:15:28 -04:00
Hridoy Roy 934989809b
Limit SSCT WAL Check on Perf Standbys to Raft Backends Only (#15879)
* ensure that ssct wal check only occurs for non-raft storage on perf standbys

* changelog
2022-06-08 13:58:22 -07:00
Arnav Palnitkar d7c62dc2e7
Remove fingerprinting for images (#15888)
By default, ember build fingerprint all the static assets such as
'js', 'css', 'png', 'jpg', 'gif', 'map' during compilation. As a result the image
referenced in mfa landing page was not loading in binary. For now, exclude fingerprinting
for all the files which exists under images directory.
2022-06-08 13:48:24 -07:00
Alexander Scheel 8d8a95cbf6
Add missing nil check to FIPS EA verification (#15883)
This was causing failures when running `vault server -dev`:

> panic: runtime error: invalid memory address or nil pointer dereference
> [signal SIGSEGV: segmentation violation code=0x2 addr=0x20 pc=0x105c41c1c]
>
> goroutine 1 [running]:
> github.com/hashicorp/vault/command.(*ServerCommand).parseConfig(0x140005a2180)
> 	.../vault/command/server.go:429 +0x5c

Interestingly, we do not have a test case for running the dev
sever.

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2022-06-08 15:45:46 -04:00
Steven Clark 3b9f29fedd
pki: Do not use a static issuer/key name within the migration (#15886)
- Selecting a constant default value exposed a possible edge case
   that the migration would fail if a previous migration contained the
   same issuer or key name.
2022-06-08 15:31:30 -04:00