Commit Graph

14334 Commits

Author SHA1 Message Date
Chelsea Shaw 843afedf45
UI/OIDC authz flow tests (#13106) 2021-11-10 15:19:40 -06:00
Scott Miller 10270b6985
Add a periodic test of the autoseal to detect loss of connectivity. (#13078)
* Add a periodic test of the autoseal to detect loss of connectivity

* Keep the logic adjacent to autoseal

* imports

* typo, plus unnecessary constant time compare

* changelog

* pr feedback

* More feedback

* Add locking and a unit test

* unnecessary

* Add timeouts to encrypt/decrypt operations, capture activeContext before starting loop

* Add a block scope for the timeout

* copy/paste ftl

* Refactor to use two timeouts, and cleanup the repetitive failure code

* Readd 0ing gauge

* use millis

* Invert the unit test logic
2021-11-10 14:46:07 -06:00
John-Michael Faircloth e6ffaaf835
OIDC: return full issuer uri on read provider (#13058)
* return full issuer uri on read provider

* remove err check

* simplify full issuer logic
2021-11-10 12:35:31 -06:00
Loann Le 6a5fc75ff5
fixed link error (#13103) 2021-11-10 09:38:02 -08:00
Jonas-Taha El Sesiy 811c7a8133
Add PutAutoPilotRaftConfiguration to api (#12428) 2021-11-10 12:10:15 -05:00
VAL 558672797e
Remove reference to local api module, use v1.3.0 (#13105) 2021-11-09 14:49:46 -08:00
swayne275 0604c12f27
Namespace API Lock docs (#13064)
* add api lock doc

* add docs nav data

* Update website/content/api-docs/system/namespaces.mdx

Co-authored-by: Chris Capurso <christopher.capurso@gmail.com>

* update command doc

* clarify locked http status code

* add example exempt path

* further exempt clarification

* link api locked response

* add x-vault-namespace api example

* Update website/content/docs/concepts/namespace-api-lock.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* review suggestions

* few other small tweaks

Co-authored-by: Chris Capurso <christopher.capurso@gmail.com>
Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>
2021-11-09 15:43:17 -07:00
Jordan Reimer 7c7d626420
Raft peer removal bug (#13098)
* fixes issue removing raft peer via cli not reflected in UI until refresh

* adds changelog entry
2021-11-09 15:05:25 -07:00
Chelsea Shaw b4129a1591
UI: Show detailed error response on failed secret-engine list call (#13035) 2021-11-09 14:42:46 -06:00
swayne275 e137045050
Vault 936: use core.activeContext in ActivityLog (#13083)
* update activity log to use core's activeContext for cleaner worker termination

* update tests to use core activeContext instead of generic context

* pass context around instead

* revert context change

* undo test context changes

* change worker context

* accidentally undid context for fcn signature changes
2021-11-09 11:47:39 -07:00
Steven Clark 3bfa4fa267
Add missing changelog for pr #13093 (#13095) 2021-11-09 11:03:59 -05:00
Steven Clark 8c50afc07c
Address a data race issue within identity_store_util::processLocalAlias (#13093)
- When loading an existing alias within processLocalAlias we aren't
   cloning the object from the memory store. There seems to be a data
   race within the function when calling entity.UpsertAlias and
   a concurrent invalidation routine.

 ==================
WARNING: DATA RACE
Read at 0x00c00bd03d08 by goroutine 94:
  google.golang.org/protobuf/internal/impl.pointer.Elem()
      /go/pkg/mod/google.golang.org/protobuf@v1.27.1/internal/impl/pointer_unsafe.go:118 +0x2b3
  google.golang.org/protobuf/internal/impl.(*MessageInfo).sizePointerSlow()
      /go/pkg/mod/google.golang.org/protobuf@v1.27.1/internal/impl/encode.go:76 +0x265
  google.golang.org/protobuf/internal/impl.(*MessageInfo).sizePointer()
      /go/pkg/mod/google.golang.org/protobuf@v1.27.1/internal/impl/encode.go:56 +0x12a
  google.golang.org/protobuf/internal/impl.(*MessageInfo).size()
      /go/pkg/mod/google.golang.org/protobuf@v1.27.1/internal/impl/encode.go:40 +0x95
  google.golang.org/protobuf/internal/impl.(*MessageInfo).size-fm()
      /go/pkg/mod/google.golang.org/protobuf@v1.27.1/internal/impl/encode.go:33 +0x6c
  google.golang.org/protobuf/proto.MarshalOptions.marshal()
      /go/pkg/mod/google.golang.org/protobuf@v1.27.1/proto/encode.go:153 +0x1f3
  google.golang.org/protobuf/proto.MarshalOptions.MarshalAppend()
      /go/pkg/mod/google.golang.org/protobuf@v1.27.1/proto/encode.go:122 +0xa5
  github.com/golang/protobuf/proto.marshalAppend()
      /go/pkg/mod/github.com/golang/protobuf@v1.5.2/proto/wire.go:40 +0xe4
  github.com/golang/protobuf/proto.Marshal()
      /go/pkg/mod/github.com/golang/protobuf@v1.5.2/proto/wire.go:23 +0x64
  github.com/hashicorp/vault/helper/identity.(*Entity).Clone()
      /go/src/github.com/hashicorp/vault/helper/identity/identity.go:34 +0x150
  github.com/hashicorp/vault/vault.(*IdentityStore).MemDBEntitiesByBucketKeyInTxn()
      /go/src/github.com/hashicorp/vault/vault/identity_store_util.go:1214 +0x306
  github.com/hashicorp/vault/vault.(*IdentityStore).Invalidate()
      /go/src/github.com/hashicorp/vault/vault/identity_store.go:216 +0xd6c
  github.com/hashicorp/vault/vault.(*IdentityStore).Invalidate-fm()
      /go/src/github.com/hashicorp/vault/vault/identity_store.go:160 +0x6d
  github.com/hashicorp/vault/sdk/framework.(*Backend).InvalidateKey()
      /go/src/github.com/hashicorp/vault/sdk/framework/backend.go:347 +0x8a
  github.com/hashicorp/vault/vault.(*IdentityStore).InvalidateKey()
      <autogenerated>:1 +0x7d
  github.com/hashicorp/vault/vault.(*Core).asyncInvalidateKey()
      /go/src/github.com/hashicorp/vault/vault/replication_invalidation_ent.go:58 +0x390
  github.com/hashicorp/vault/vault.(*Core).asyncInvalidateHandler()
      /go/src/github.com/hashicorp/vault/vault/replication_invalidation_ent.go:71 +0x9b
  github.com/hashicorp/vault/vault.startReplicationEnt·dwrap·453()
      /go/src/github.com/hashicorp/vault/vault/replication_util_ent.go:331 +0x71

Previous write at 0x00c00bd03d08 by goroutine 52:
  github.com/hashicorp/vault/helper/identity.(*Entity).UpsertAlias()
      /go/src/github.com/hashicorp/vault/helper/identity/identity.go:55 +0x271
  github.com/hashicorp/vault/vault.(*IdentityStore).processLocalAlias()
      /go/src/github.com/hashicorp/vault/vault/identity_store_util.go:720 +0x672
  github.com/hashicorp/vault/vault.possiblyForwardEntityCreation()
      /go/src/github.com/hashicorp/vault/vault/request_handling_util_ent.go:230 +0x286
  github.com/hashicorp/vault/vault.(*Core).handleLoginRequest()
      /go/src/github.com/hashicorp/vault/vault/request_handling.go:1345 +0x234a
  github.com/hashicorp/vault/vault.(*Core).handleCancelableRequest()
      /go/src/github.com/hashicorp/vault/vault/request_handling.go:607 +0x1a11
  github.com/hashicorp/vault/vault.(*Core).switchedLockHandleRequest()
      /go/src/github.com/hashicorp/vault/vault/request_handling.go:442 +0x5b5
  github.com/hashicorp/vault/vault.(*Core).HandleRequest()
      /go/src/github.com/hashicorp/vault/vault/request_handling.go:408 +0xf2
  github.com/hashicorp/vault/http.request()
      /go/src/github.com/hashicorp/vault/http/handler.go:953 +0xb1
  github.com/hashicorp/vault/http.handleLogicalInternal.func1()
      /go/src/github.com/hashicorp/vault/http/logical.go:341 +0xca
  net/http.HandlerFunc.ServeHTTP()
      /usr/local/go/src/net/http/server.go:2046 +0x4d
  github.com/hashicorp/vault/http.handleRequestForwarding.func1()
      /go/src/github.com/hashicorp/vault/http/handler.go:887 +0x4eb
  net/http.HandlerFunc.ServeHTTP()
      /usr/local/go/src/net/http/server.go:2046 +0x4d
  net/http.(*ServeMux).ServeHTTP()
      /usr/local/go/src/net/http/server.go:2424 +0xc5
  github.com/hashicorp/vault/http.wrapHelpHandler.func1()
      /go/src/github.com/hashicorp/vault/http/help.go:23 +0x281
  net/http.HandlerFunc.ServeHTTP()
      /usr/local/go/src/net/http/server.go:2046 +0x4d
  github.com/hashicorp/vault/http.wrapCORSHandler.func1()
      /go/src/github.com/hashicorp/vault/http/cors.go:29 +0xb0e
  net/http.HandlerFunc.ServeHTTP()
      /usr/local/go/src/net/http/server.go:2046 +0x4d
  github.com/hashicorp/vault/http.rateLimitQuotaWrapping.func1()
      /go/src/github.com/hashicorp/vault/http/util.go:97 +0xf28
  net/http.HandlerFunc.ServeHTTP()
      /usr/local/go/src/net/http/server.go:2046 +0x4d
  github.com/hashicorp/vault/http.wrapDRSecondaryHandler.func1()
      /go/src/github.com/hashicorp/vault/http/util_ent.go:81 +0x7e3
  net/http.HandlerFunc.ServeHTTP()
      /usr/local/go/src/net/http/server.go:2046 +0x4d
  github.com/hashicorp/vault/http.wrapGenericHandler.func1()
      /go/src/github.com/hashicorp/vault/http/handler.go:465 +0x1843
  net/http.HandlerFunc.ServeHTTP()
      /usr/local/go/src/net/http/server.go:2046 +0x4d
  github.com/hashicorp/go-cleanhttp.PrintablePathCheckHandler.func1()
      /go/pkg/mod/github.com/hashicorp/go-cleanhttp@v0.5.2/handlers.go:42 +0xc1
  net/http.HandlerFunc.ServeHTTP()
      /usr/local/go/src/net/http/server.go:2046 +0x4d
  net/http.serverHandler.ServeHTTP()
      /usr/local/go/src/net/http/server.go:2878 +0x89a
  net/http.initALPNRequest.ServeHTTP()
      /usr/local/go/src/net/http/server.go:3479 +0x34d
  net/http.(*initALPNRequest).ServeHTTP()
      <autogenerated>:1 +0x8f
  net/http.Handler.ServeHTTP-fm()
      /usr/local/go/src/net/http/server.go:87 +0x75
  net/http.(*http2serverConn).runHandler()
      /usr/local/go/src/net/http/h2_bundle.go:5832 +0xdd
  net/http.(*http2serverConn).processHeaders·dwrap·31()
      /usr/local/go/src/net/http/h2_bundle.go:5562 +0x64
2021-11-09 10:00:26 -05:00
Jim Kalafut b6f1f1de64
Update CODEOWNERS (#13091) 2021-11-09 06:02:54 -08:00
Hridoy Roy e7e881c559
Port: Allow Routing to Partial Monthly Client Count From Namespaces (#13086)
* add function for routing activity log client counts to ent namespaces

* changelog
2021-11-08 15:38:35 -08:00
Jordan Reimer e733c78ff6
Secrets header version badge (#13015)
* updates secret list header to display badge for all versions

* adds changelog entry

* updates secret list header to only show badge for kv and generic engine types

* adds secret-engine mirage factory

* adds test helper for pushing serialized mirage data into store and returning ember data models

* adds secret engine type version badge display test

* updates mirage application serializer to return singular type key
2021-11-08 14:29:00 -07:00
Matt Schultz 6fadf30a79
Remove TLS prefer server cipher suites configuration option due to deprecation in go 1.17. (#13084) 2021-11-08 14:31:59 -06:00
Nick Cabatoff d89c7b3d7e
Add a little test helper for polling (#13082) 2021-11-08 15:24:06 -05:00
Rémi Lapeyre ae0b5e41e0
Add read support to sys/mounts/:path (#12792)
* Add read support to sys/mounts/:path

Closes https://github.com/hashicorp/vault/issues/12349

* Add changelog entry

* Empty commit to trigger CI

* Empty commit to trigger CI
2021-11-08 10:32:01 -08:00
Daniel Nathan Gray 26711ab017
Documentation consistency GPG keys are PGP keys. (#13073)
* Consistency: GPG keys are PGP keys

* Consistency: GPG keys are PGP keys

* Consistency: GPG keys are PGP keys

* Consistency: GPG keys are PGP keys

* Consistency: GPG keys are PGP keys

* Consistency: s/GPG/PGP keys, use GPG's proper name

* Use GPG's proper name GnuPG

* Use GPG's proper name GnuPG

* Consistency: GPG keys are PGP keys

* Fix typo
2021-11-08 10:04:59 -08:00
Meggie bb6ba32f65
Add note that monitor command may truncate logs (#13079)
* Add note that monitor command may truncate logs

* Apply suggestions from code review

Co-authored-by: Nick Cabatoff <ncabatoff@hashicorp.com>

Co-authored-by: Nick Cabatoff <ncabatoff@hashicorp.com>
2021-11-08 12:52:42 -05:00
Nick Cabatoff 40640ef43f
Fix errors logged on standbys when we try to write versions to storage (#13042) 2021-11-08 10:04:17 -05:00
Jim Kalafut 1b49591b53
Update changelog for 1.9.0-rc1 (#13067) 2021-11-05 13:25:54 -07:00
Steven Clark 687701d9a3
Attempt to fix the flaky TestDeleteUser/TestUpdateUser mssql tests (#13071)
- Add a 'Connect Timeout' query parameter to the test helper to set
   a timeout value of 30 seconds in an attempt to address the following
   failure we see at times in TestDeleteUser and TestUpdateUser

   mssql_test.go:253: Failed to initialize: error verifying connection: TLS Handshake failed: cannot read handshake packet: EOF
2021-11-05 14:53:37 -04:00
Kevin Wang 3a882fad3a
chore: bump `react-subnav` (#13039) 2021-11-05 13:20:50 -04:00
Jason O'Donnell 16bc065c48
secrets/azure: add doc for rotate-root and AAD migration (#13066)
* secrets/azure: add doc for rotate-root and AAD migration

* Formatting

* Fix bad link, update warnings
2021-11-05 13:04:25 -04:00
Nick Cabatoff 734b46d150
Fix regression preventing non-docker tests from running. (#13063) 2021-11-05 10:41:29 -04:00
claire bontempo bfc6467e55
UI/Truncate long secret names (#13032)
* small bar chart attr fix

* truncates and adds ellipsis of label is long

* adds tooltip for long labels

* updates storybook

* adds changelog

* only calculate overflow if query selectors grab elements

* moves tooltip pointer to left
2021-11-04 16:57:08 -07:00
claire bontempo 7bc177abc6
UI/Adds pagination to auth methods list (#13054)
* adds pagination to auth methods list

* adds changelog
2021-11-04 16:35:20 -07:00
Meggie f9c8843996
Updating website for 1.8.5 (#13059) 2021-11-04 18:14:03 -04:00
castironclay c2e7aca9ca
Address algorithm not supported (#12852)
error seen on host /var/log/auth.log:
  userauth_pubkey: certificate signature algorithm ssh-rsa: signature algorithm not supported [preauth]
2021-11-04 18:07:46 -04:00
Meggie 6516336ec3
changelog++ 2021-11-04 17:56:39 -04:00
John-Michael Faircloth fde5bb2e72
Docs: OIDC flow endpoints (#12942)
* add docs for OIDC provider and scopes

* fix json formatting

* add oidc docs path to nav data

* create provider with scope

* update client ids description

* update provider and scope docs

* add issuer string additional docs info

* OIDC: docs for oidc flow endpoints

* fix formatting and wording

* improve headings, formatting; fix wording

Co-authored-by: Vinay Gopalan <vinay@hashicorp.com>
2021-11-04 16:03:56 -05:00
Dominik Roos 114e172437
certutil: select appropriate hash algorithm for ECDSA signature (#11216)
* certutil: select appropriate hash algorithm for ECDSA signature

Select the appropriate signature algorithm for certificates signed
with an ECDSA private key.

The algorithm is selected based on the curve:

- P-256 -> x509.ECDSAWithSHA256
- P-384 -> x509.ECDSAWithSHA384
- P-521 -> x509.ECDSAWithSHA512
- Other -> x509.ECDSAWithSHA256

fixes #11006
2021-11-04 16:33:01 -04:00
Jordan Reimer af72de27b9
PGP key list input fix (#13038)
* fixes issue with pgp list file input count not matching key shares number

* adds changelog entry
2021-11-04 14:25:15 -06:00
Angel Garbarino 74577e3a77
fix and test fix (#13050) 2021-11-04 11:26:29 -06:00
John-Michael Faircloth 0445b2b492
Add changelog for couchbase plugin bug fix (#13033)
* Add changelog for https://github.com/hashicorp/vault-plugin-database-couchbase/pull/24

* update changelog name

* remove debug line
2021-11-03 15:39:19 -05:00
Jason O'Donnell d92f139176
secrets/azure: add changelog for rotate-root (#13034)
* secrets/azure: add changelog for rotate-root

* Rename changelog file

* Use PR number as filename
2021-11-03 16:38:45 -04:00
Peter Wilson 89b66054cc
Update README to remove IRC reference (#13031)
* Update README to remove IRC reference

The README references IRC (Freenode) as a means of communication regarding the Vault project, but it seems that:

1. Freenode has had its share of issues (https://en.wikipedia.org/wiki/Freenode#Ownership_change_and_conflict)
2. You now need a Freenode account to access their IRC server
3. The channel hasn't been very active (and to the best of my knowledge hasn't been migrated to Libera where a lot of Freenode based projects moved to)

I'd recommend just removing the reference for now, and if things change or another means of collaboration surfaces - adding that later.

* Added changelog file 13031.txt

* Moved required changelog file to the correct folder

* Removed changelog entry based on PR feedback
2021-11-03 16:01:01 -04:00
Loann Le a6432ca770
added new code samples (#13030) 2021-11-03 10:10:28 -07:00
Meggie 627c43e496
1.10.0-dev version bump (#12987)
* 1.10.0-dev version bump

* Remove hard-coded versions from tests. (#13026)

Co-authored-by: Nick Cabatoff <ncabatoff@hashicorp.com>
2021-11-03 12:50:12 -04:00
Nick Cabatoff ddf89f2708
Add more detail to recovery mode docs. (#12984) 2021-11-03 10:22:00 -04:00
Nick Cabatoff 72c31832e6
Catch test errors that break go list (#13017) 2021-11-03 09:00:38 -04:00
swayne275 418c311b14
fix 12888 release note format (#13016)
* fix release note format

* deprecation -> change
2021-11-02 16:54:46 -06:00
Meggie 1f24338594
Should use "change" not "changes" (#13020) 2021-11-02 18:36:11 -04:00
Gary Frederick f16f3efed5
add missing back tick (#12941) 2021-11-02 14:06:17 -07:00
Victor Rodriguez 991ab5aeed
VAULT-444: Use sync.RWMutex rather than DeadlockRWMutex in PKI backend. (#13018) 2021-11-02 17:02:54 -04:00
akshya96 8b89a14f13
Local auth mount documentation (#12970)
* adding documentation changes

* adding requested changes

* adding suggested changes
2021-11-02 13:23:29 -07:00
Pratyoy Mukhopadhyay 90578d3cb3
[VAULT-4034] Revert back to caching nil values (#13013)
* Revert "[VAULT-4034] Only cache non-nil values (#12993)"

This reverts commit 67e1ed06c7199856f8493f416df55f06603881c6.

* Update sdk/physical/cache.go

Co-authored-by: Nick Cabatoff <ncabatoff@hashicorp.com>

Co-authored-by: Nick Cabatoff <ncabatoff@hashicorp.com>
2021-11-02 12:00:37 -07:00
Theron Voran 3277b8441e
docs: agent cache config requirements (#13006)
Added a note that agent cache requires at least one listener or template
to be defined in the config, and a couple spelling corrections.

Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com>
2021-11-02 11:29:40 -07:00
vinay-gopalan ebb904031f
[VAULT-3969] Document CRUD APIs for OIDC client and assignment (#12939) 2021-11-02 11:01:28 -07:00