Commit graph

11552 commits

Author SHA1 Message Date
ncabatoff 1c98152fa0
Shamir seals now come in two varieties: legacy and new-style. (#7694)
Shamir seals now come in two varieties: legacy and new-style. Legacy
Shamir is automatically converted to new-style when a rekey operation
is performed. All new Vault initializations using Shamir are new-style.

New-style Shamir writes an encrypted master key to storage, just like
AutoUnseal. The stored master key is encrypted using the shared key that
is split via Shamir's algorithm. Thus when unsealing, we take the key
fragments given, combine them into a Key-Encryption-Key, and use that
to decrypt the master key on disk. Then the master key is used to read
the keyring that decrypts the barrier.
2019-10-18 14:46:00 -04:00
vinodmu 474a2a26f3 Update Title for AWS Marketplace (#7683) 2019-10-18 09:52:22 -07:00
Jeff Mitchell 4b3cd68aac Bump go builder version 2019-10-18 09:02:00 -04:00
Jeff Mitchell c4df00f193 Fix kv mod import and vendoring 2019-10-18 08:57:32 -04:00
DevOps Rob 37a23cfb23 Fixing a typo with the sample payload (#7688)
This typo is related to  https://github.com/hashicorp/vault/issues/7603 .  The typo was causing issues with getting this working correctly when following the guide.  I imagine any other newbie to this plugin will have the same struggle.  I had to delve into the source code to figure it out
2019-10-17 21:47:45 -07:00
Noelle Daley d23e96931f
Update CHANGELOG.md 2019-10-17 16:26:03 -07:00
Madalyn 977af116c8 Enable generated items for more auth methods (#7513)
* enable auth method item configuration in go code

* properly parse and list generated items

* make sure we only set name on attrs if a label comes from openAPI

* correctly construct paths object for method index route

* set sensitive property on password for userpass

* remove debugger statements

* pass method model to list route template to use paths on model for tabs

* update tab generation in generated item list, undo enabling userpass users

* enable openapi generated itams for certs and userpass, update ldap to no longer have action on list endpoint

* add editType to DisplayAttributes, pull tokenutil fields into field group

* show sensitive message for sensitive fields displayed in fieldGroupShow component

* grab sensitive and editType fields from displayAttrs in openapi-to-attrs util

* make sure we don't ask for paths for secret backends since that isn't setup yet

* fix styling of sensitive text for fieldGroupShow component

* update openapi-to-attrs util test to no longer include label by default, change debugger to console.err in path-help, remove dynamic ui auth methods from tab count test

* properly log errors to the console

* capitalize This value is sensitive...

* get rid of extra padding on bottom of fieldgroupshow

* make auth methods clickable and use new confirm ux

* Update sdk/framework/path.go

Co-Authored-By: Jim Kalafut <jkalafut@hashicorp.com>

* Update sdk/framework/path.go

Co-Authored-By: Jim Kalafut <jkalafut@hashicorp.com>

* add whitespace

* return intErr instead of err

* uncomment out helpUrl because we need it

* remove extra box class

* use const instead of let

* remove extra conditional since we already split the pathName later on

* ensure we request the correct url when listing generated items

* use const

* link to list and show pages

* remove dead code

* show nested item name instead of id

* add comments

* show tooltip for text-file inputs

* fix storybook

* remove extra filter

* add TODOs

* add comments

* comment out unused variables but leave them in function signature

* only link to auth methods that can be fully managed in the ui

* clean up comments

* only render tooltip if there is helpText

* rename id authMethodPath

* remove optionsForQuery since we don't need it

* add indentation

* standardize ConfirmMessage and show model name instead of id when editing

* standardize ConfirmMessage and show model name instead of id when editing

* add comments

* post to the correct updateUrl so we can edit users and groups

* use pop instead of slice

* add TODO for finding a better way to store ids

* ensure ids are handled the same way on list and show pages; fix editing and deleting

* add comment about difference between list and show urls

* use model.id instead of name since we do not need it

* remove dead code

* ensure list pages have page headers

* standardize using authMethodPath instead of method and remove dead code

* i love indentation

* remove more dead code

* use new Confirm

* show correct flash message when deleting an item

* update flash message for creating and updating

* use plus icon for creating group/user instead of an arrow
2019-10-17 16:19:14 -07:00
Jim Kalafut d129a3881b
Update OIDC provider doc 2019-10-17 16:05:19 -07:00
Jim Kalafut 1f7eab5cdb
Update OIDC provider doc (#7693) 2019-10-17 16:02:21 -07:00
Marcos Nils caaa736f35 Create .bundle and set group when running container (#7684)
If this is not set, `make website` fails due to permission errors in the docker container
Fixes #5589.
2019-10-17 14:17:00 -07:00
Lexman 3cc4920e31
updates vendored api/client.go (#7692) 2019-10-17 14:10:55 -07:00
Jeff Mitchell 708f164327 Update circle config 2019-10-17 15:48:45 -04:00
Calvin Leung Huang f5b63cc815
logical: remove unneeded error check in handleLogicalInternal (#7691) 2019-10-17 12:33:29 -07:00
Jeff Mitchell 5f51b0c707 Update Go version 2019-10-17 15:31:12 -04:00
Michael Gaffney b48ce3d95f
Docs: add examples for when a seal rewrap is useful (#7689) 2019-10-17 14:01:17 -04:00
Mike Wickett 19b28317a0 website: bump consent manager version (#7677) 2019-10-17 10:59:16 -07:00
Lexman c86fe212c0
oss changes for entropy augmentation feature (#7670)
* oss changes for entropy augmentation feature

* fix oss command/server/config tests

* update go.sum

* fix logical_system and http/ tests

* adds vendored files

* removes unused variable
2019-10-17 10:33:00 -07:00
ncabatoff db43d22325
Do not allow the same header map to be shared across requests. (#7690) 2019-10-17 11:48:15 -04:00
Mike Jarmy 9e7beeb56d
Document the Agent request_require_header option (#7678)
* document the require_request_header option in Agent

* document the require_request_header option in Agent

* document the require_request_header option in Agent

* document the require_request_header option in Agent

* minor tweaks to docs
2019-10-17 10:08:59 -04:00
Mike Jarmy e056971cda update CHANGELOG 2019-10-17 09:11:52 -04:00
Mike Jarmy da566369b2 update CHANGELOG 2019-10-17 09:02:31 -04:00
Mike Jarmy cf685b0388 update CHANGELOG 2019-10-17 08:59:05 -04:00
Becca Petrin c1b5ca7d57
Add docs for Active Directory secret check-out (#7664) 2019-10-16 15:41:11 -07:00
Chris Hoffman 1647cb956a
updating contributing to mention CLA (#7682) 2019-10-16 17:42:13 -04:00
Becca Petrin 114c16b5a3
changelog++ 2019-10-16 14:35:33 -07:00
Michael Gaffney c9804941a5
Add document for sealwrap/rewrap endpoint (#7676)
* Add documentation for seal wrap re-wrap endpoint

* Update sample response for seal rewrap status

* Updates based on feedback from reviewers
2019-10-16 15:46:43 -04:00
Calvin Leung Huang be10c8f820
changelog++ 2019-10-16 11:34:45 -07:00
Jeff Malnick cb82f8be10
Add AWS marketplace reference docs (#7673) 2019-10-16 11:20:35 -07:00
Michael Gaffney 4f7bd872ed
core: Log if an error is returned from postSealMigration (#7675) 2019-10-16 14:00:00 -04:00
Jim Kalafut 40a55e7d22
Add region parameter to AWS agent docs (#7674) 2019-10-16 10:13:23 -07:00
Michael Gaffney 24f663403e
core: add postSealMigration method (#7579)
* core: add postSealMigration method

The postSealMigration method is called at the end of the postUnseal
method if a seal migration has occurred. This starts a seal rewrap
process in the enterprise version of. It is a no-op in the OSS version.
2019-10-16 12:52:37 -04:00
Alberto Alvarez c5b4fbd56f Improve Auto Unseal and awskms Seal documentation (#7575)
* Add further detail on Auto Unseal and awskms Seal documentation

* Move Rekeying to the generic Seal docs
2019-10-16 11:25:41 -04:00
Michael Gaffney b496d89ef3
changelog++ 2019-10-16 10:14:43 -04:00
Calvin Leung Huang d2dbb8c963
Vault Debug (#7375)
* cli: initial work on debug; server-status target

* debug: add metrics capture target (#7376)

* check against DR secondary

* debug: add compression

* refactor check into preflight func

* debug: set short test time on tests, fix exit code bug

* debug: use temp dir for output on tests

* debug: use mholt/archiver for compression

* first pass on adding pprof

* use logger for output

* refactor polling target capture logic

* debug: poll and collect replication status

* debug: poll and collect host-info; rename output files and collection refactor

* fix comments

* add archive test; fix bugs found

* rename flag name to singular target

* add target output test; scaffold other tests cases

* debug/test: add pprof and index file tests

* debug/test: add min timing check tests

* debug: fix index gen race and collection goroutine race

* debug: extend archive tests, handle race between program exit and polling goroutines

* update docstring

* debug: correctly add to pollingWg

* debug: add config target support

* debug: don't wait on interrupt shutdown; add file exists unit tests

* move pprof bits into its goroutine

* debug: skip empty metrics and some pprof file creation if permission denied, add matching unit test

* address comments and feedback

* Vault debug using run.Group (#7658)

* debug: switch to use oklog/run.Group

* debug: use context to cancel requests and interrupt rungroups.

* debug: trigger the first interval properly

* debug: metrics collection should use metrics interval

* debug: add missing continue on metrics error

* debug: remove the use of buffered chan to trigger first interval

* debug: don't shadow BaseCommand's client, properly block on interval capture failures

* debug: actually use c.cachedClient everywhere

* go mod vendor

* debug: run all pprof in goroutines; bump pprof timings in tests to reduce flakiness

* debug: update help text
2019-10-15 15:39:19 -07:00
Yoko 17a0b1420c
Adding the known issue section (#7439)
* Adding the known issue section

* incorporated the feedback

* Added the known issue section

* Fixed a typo

* Created upgrade guide for 1.1.2
2019-10-15 12:58:03 -07:00
Michael Gaffney 6ae92ede11
core: add hook for initializing seals for migration (#7666)
* core: add hook for initializing seals for migration

Needed in enterprise version.
2019-10-15 15:48:23 -04:00
Jim Kalafut 7e8b9addd0
Update Azure Secrets docs to include group assignment (#7656) 2019-10-15 08:58:22 -07:00
Dom Goodwin ca742e3a25 Update index.html.md (#7660) 2019-10-15 11:48:17 -04:00
Vishal Nayak 5004899eb2 Re-add removed paths from the recovery PR 2019-10-15 11:42:51 -04:00
Matthew Irish e581e6ffce
Update CHANGELOG.md 2019-10-15 10:41:19 -05:00
Jim Kalafut eee97d45cb
changelog++ 2019-10-15 08:34:42 -07:00
Brian Shumate d53f3b7d27 Docs: update Oracle Database Secrets Engine API (#7520)
- Add missing `username` and `password` connection parameters
- Use templated root credential in example connection payload
2019-10-15 11:13:09 -04:00
Amitosh Swain Mahapatra 8345d27311 Fix script for test:oss (#7643) 2019-10-15 10:06:43 -05:00
Brian Shumate ee7e01eac3 Docs: File Audit Device (#7633)
* Docs: File Audit Device

- Add section + note about proper File Audit Device log rotation

* Additional clarification about relevant platforms
2019-10-15 10:20:51 -04:00
Chris Hoffman 097ed648e9
changelog++ 2019-10-15 10:10:40 -04:00
Chris Hoffman e4682d91ab
changelog++ 2019-10-15 10:08:25 -04:00
Chris Hoffman faf3d8c5ce
changelog++ 2019-10-15 10:06:25 -04:00
Chris Hoffman e519e9642a
changelog++ 2019-10-15 10:02:39 -04:00
Jeff Mitchell 4b5572bf35 Don't continue in a few places in pki tidy if value is nil (#7589)
Fixes #7588
2019-10-15 09:55:08 -04:00
Vishal Nayak 63acdfba89 changelog++ 2019-10-15 01:03:54 -04:00