Chelsea Shaw
843afedf45
UI/OIDC authz flow tests ( #13106 )
2021-11-10 15:19:40 -06:00
Scott Miller
10270b6985
Add a periodic test of the autoseal to detect loss of connectivity. ( #13078 )
...
* Add a periodic test of the autoseal to detect loss of connectivity
* Keep the logic adjacent to autoseal
* imports
* typo, plus unnecessary constant time compare
* changelog
* pr feedback
* More feedback
* Add locking and a unit test
* unnecessary
* Add timeouts to encrypt/decrypt operations, capture activeContext before starting loop
* Add a block scope for the timeout
* copy/paste ftl
* Refactor to use two timeouts, and cleanup the repetitive failure code
* Readd 0ing gauge
* use millis
* Invert the unit test logic
2021-11-10 14:46:07 -06:00
John-Michael Faircloth
e6ffaaf835
OIDC: return full issuer uri on read provider ( #13058 )
...
* return full issuer uri on read provider
* remove err check
* simplify full issuer logic
2021-11-10 12:35:31 -06:00
Loann Le
6a5fc75ff5
fixed link error ( #13103 )
2021-11-10 09:38:02 -08:00
Jonas-Taha El Sesiy
811c7a8133
Add PutAutoPilotRaftConfiguration to api ( #12428 )
2021-11-10 12:10:15 -05:00
VAL
558672797e
Remove reference to local api module, use v1.3.0 ( #13105 )
2021-11-09 14:49:46 -08:00
swayne275
0604c12f27
Namespace API Lock docs ( #13064 )
...
* add api lock doc
* add docs nav data
* Update website/content/api-docs/system/namespaces.mdx
Co-authored-by: Chris Capurso <christopher.capurso@gmail.com>
* update command doc
* clarify locked http status code
* add example exempt path
* further exempt clarification
* link api locked response
* add x-vault-namespace api example
* Update website/content/docs/concepts/namespace-api-lock.mdx
Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>
* review suggestions
* few other small tweaks
Co-authored-by: Chris Capurso <christopher.capurso@gmail.com>
Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>
2021-11-09 15:43:17 -07:00
Jordan Reimer
7c7d626420
Raft peer removal bug ( #13098 )
...
* fixes issue removing raft peer via cli not reflected in UI until refresh
* adds changelog entry
2021-11-09 15:05:25 -07:00
Chelsea Shaw
b4129a1591
UI: Show detailed error response on failed secret-engine list call ( #13035 )
2021-11-09 14:42:46 -06:00
swayne275
e137045050
Vault 936: use core.activeContext in ActivityLog ( #13083 )
...
* update activity log to use core's activeContext for cleaner worker termination
* update tests to use core activeContext instead of generic context
* pass context around instead
* revert context change
* undo test context changes
* change worker context
* accidentally undid context for fcn signature changes
2021-11-09 11:47:39 -07:00
Steven Clark
3bfa4fa267
Add missing changelog for pr #13093 ( #13095 )
2021-11-09 11:03:59 -05:00
Steven Clark
8c50afc07c
Address a data race issue within identity_store_util::processLocalAlias ( #13093 )
...
- When loading an existing alias within processLocalAlias we aren't
cloning the object from the memory store. There seems to be a data
race within the function when calling entity.UpsertAlias and
a concurrent invalidation routine.
==================
WARNING: DATA RACE
Read at 0x00c00bd03d08 by goroutine 94:
google.golang.org/protobuf/internal/impl.pointer.Elem()
/go/pkg/mod/google.golang.org/protobuf@v1.27.1/internal/impl/pointer_unsafe.go:118 +0x2b3
google.golang.org/protobuf/internal/impl.(*MessageInfo).sizePointerSlow()
/go/pkg/mod/google.golang.org/protobuf@v1.27.1/internal/impl/encode.go:76 +0x265
google.golang.org/protobuf/internal/impl.(*MessageInfo).sizePointer()
/go/pkg/mod/google.golang.org/protobuf@v1.27.1/internal/impl/encode.go:56 +0x12a
google.golang.org/protobuf/internal/impl.(*MessageInfo).size()
/go/pkg/mod/google.golang.org/protobuf@v1.27.1/internal/impl/encode.go:40 +0x95
google.golang.org/protobuf/internal/impl.(*MessageInfo).size-fm()
/go/pkg/mod/google.golang.org/protobuf@v1.27.1/internal/impl/encode.go:33 +0x6c
google.golang.org/protobuf/proto.MarshalOptions.marshal()
/go/pkg/mod/google.golang.org/protobuf@v1.27.1/proto/encode.go:153 +0x1f3
google.golang.org/protobuf/proto.MarshalOptions.MarshalAppend()
/go/pkg/mod/google.golang.org/protobuf@v1.27.1/proto/encode.go:122 +0xa5
github.com/golang/protobuf/proto.marshalAppend()
/go/pkg/mod/github.com/golang/protobuf@v1.5.2/proto/wire.go:40 +0xe4
github.com/golang/protobuf/proto.Marshal()
/go/pkg/mod/github.com/golang/protobuf@v1.5.2/proto/wire.go:23 +0x64
github.com/hashicorp/vault/helper/identity.(*Entity).Clone()
/go/src/github.com/hashicorp/vault/helper/identity/identity.go:34 +0x150
github.com/hashicorp/vault/vault.(*IdentityStore).MemDBEntitiesByBucketKeyInTxn()
/go/src/github.com/hashicorp/vault/vault/identity_store_util.go:1214 +0x306
github.com/hashicorp/vault/vault.(*IdentityStore).Invalidate()
/go/src/github.com/hashicorp/vault/vault/identity_store.go:216 +0xd6c
github.com/hashicorp/vault/vault.(*IdentityStore).Invalidate-fm()
/go/src/github.com/hashicorp/vault/vault/identity_store.go:160 +0x6d
github.com/hashicorp/vault/sdk/framework.(*Backend).InvalidateKey()
/go/src/github.com/hashicorp/vault/sdk/framework/backend.go:347 +0x8a
github.com/hashicorp/vault/vault.(*IdentityStore).InvalidateKey()
<autogenerated>:1 +0x7d
github.com/hashicorp/vault/vault.(*Core).asyncInvalidateKey()
/go/src/github.com/hashicorp/vault/vault/replication_invalidation_ent.go:58 +0x390
github.com/hashicorp/vault/vault.(*Core).asyncInvalidateHandler()
/go/src/github.com/hashicorp/vault/vault/replication_invalidation_ent.go:71 +0x9b
github.com/hashicorp/vault/vault.startReplicationEnt·dwrap·453()
/go/src/github.com/hashicorp/vault/vault/replication_util_ent.go:331 +0x71
Previous write at 0x00c00bd03d08 by goroutine 52:
github.com/hashicorp/vault/helper/identity.(*Entity).UpsertAlias()
/go/src/github.com/hashicorp/vault/helper/identity/identity.go:55 +0x271
github.com/hashicorp/vault/vault.(*IdentityStore).processLocalAlias()
/go/src/github.com/hashicorp/vault/vault/identity_store_util.go:720 +0x672
github.com/hashicorp/vault/vault.possiblyForwardEntityCreation()
/go/src/github.com/hashicorp/vault/vault/request_handling_util_ent.go:230 +0x286
github.com/hashicorp/vault/vault.(*Core).handleLoginRequest()
/go/src/github.com/hashicorp/vault/vault/request_handling.go:1345 +0x234a
github.com/hashicorp/vault/vault.(*Core).handleCancelableRequest()
/go/src/github.com/hashicorp/vault/vault/request_handling.go:607 +0x1a11
github.com/hashicorp/vault/vault.(*Core).switchedLockHandleRequest()
/go/src/github.com/hashicorp/vault/vault/request_handling.go:442 +0x5b5
github.com/hashicorp/vault/vault.(*Core).HandleRequest()
/go/src/github.com/hashicorp/vault/vault/request_handling.go:408 +0xf2
github.com/hashicorp/vault/http.request()
/go/src/github.com/hashicorp/vault/http/handler.go:953 +0xb1
github.com/hashicorp/vault/http.handleLogicalInternal.func1()
/go/src/github.com/hashicorp/vault/http/logical.go:341 +0xca
net/http.HandlerFunc.ServeHTTP()
/usr/local/go/src/net/http/server.go:2046 +0x4d
github.com/hashicorp/vault/http.handleRequestForwarding.func1()
/go/src/github.com/hashicorp/vault/http/handler.go:887 +0x4eb
net/http.HandlerFunc.ServeHTTP()
/usr/local/go/src/net/http/server.go:2046 +0x4d
net/http.(*ServeMux).ServeHTTP()
/usr/local/go/src/net/http/server.go:2424 +0xc5
github.com/hashicorp/vault/http.wrapHelpHandler.func1()
/go/src/github.com/hashicorp/vault/http/help.go:23 +0x281
net/http.HandlerFunc.ServeHTTP()
/usr/local/go/src/net/http/server.go:2046 +0x4d
github.com/hashicorp/vault/http.wrapCORSHandler.func1()
/go/src/github.com/hashicorp/vault/http/cors.go:29 +0xb0e
net/http.HandlerFunc.ServeHTTP()
/usr/local/go/src/net/http/server.go:2046 +0x4d
github.com/hashicorp/vault/http.rateLimitQuotaWrapping.func1()
/go/src/github.com/hashicorp/vault/http/util.go:97 +0xf28
net/http.HandlerFunc.ServeHTTP()
/usr/local/go/src/net/http/server.go:2046 +0x4d
github.com/hashicorp/vault/http.wrapDRSecondaryHandler.func1()
/go/src/github.com/hashicorp/vault/http/util_ent.go:81 +0x7e3
net/http.HandlerFunc.ServeHTTP()
/usr/local/go/src/net/http/server.go:2046 +0x4d
github.com/hashicorp/vault/http.wrapGenericHandler.func1()
/go/src/github.com/hashicorp/vault/http/handler.go:465 +0x1843
net/http.HandlerFunc.ServeHTTP()
/usr/local/go/src/net/http/server.go:2046 +0x4d
github.com/hashicorp/go-cleanhttp.PrintablePathCheckHandler.func1()
/go/pkg/mod/github.com/hashicorp/go-cleanhttp@v0.5.2/handlers.go:42 +0xc1
net/http.HandlerFunc.ServeHTTP()
/usr/local/go/src/net/http/server.go:2046 +0x4d
net/http.serverHandler.ServeHTTP()
/usr/local/go/src/net/http/server.go:2878 +0x89a
net/http.initALPNRequest.ServeHTTP()
/usr/local/go/src/net/http/server.go:3479 +0x34d
net/http.(*initALPNRequest).ServeHTTP()
<autogenerated>:1 +0x8f
net/http.Handler.ServeHTTP-fm()
/usr/local/go/src/net/http/server.go:87 +0x75
net/http.(*http2serverConn).runHandler()
/usr/local/go/src/net/http/h2_bundle.go:5832 +0xdd
net/http.(*http2serverConn).processHeaders·dwrap·31()
/usr/local/go/src/net/http/h2_bundle.go:5562 +0x64
2021-11-09 10:00:26 -05:00
Jim Kalafut
b6f1f1de64
Update CODEOWNERS ( #13091 )
2021-11-09 06:02:54 -08:00
Hridoy Roy
e7e881c559
Port: Allow Routing to Partial Monthly Client Count From Namespaces ( #13086 )
...
* add function for routing activity log client counts to ent namespaces
* changelog
2021-11-08 15:38:35 -08:00
Jordan Reimer
e733c78ff6
Secrets header version badge ( #13015 )
...
* updates secret list header to display badge for all versions
* adds changelog entry
* updates secret list header to only show badge for kv and generic engine types
* adds secret-engine mirage factory
* adds test helper for pushing serialized mirage data into store and returning ember data models
* adds secret engine type version badge display test
* updates mirage application serializer to return singular type key
2021-11-08 14:29:00 -07:00
Matt Schultz
6fadf30a79
Remove TLS prefer server cipher suites configuration option due to deprecation in go 1.17. ( #13084 )
2021-11-08 14:31:59 -06:00
Nick Cabatoff
d89c7b3d7e
Add a little test helper for polling ( #13082 )
2021-11-08 15:24:06 -05:00
Rémi Lapeyre
ae0b5e41e0
Add read support to sys/mounts/:path ( #12792 )
...
* Add read support to sys/mounts/:path
Closes https://github.com/hashicorp/vault/issues/12349
* Add changelog entry
* Empty commit to trigger CI
* Empty commit to trigger CI
2021-11-08 10:32:01 -08:00
Daniel Nathan Gray
26711ab017
Documentation consistency GPG keys are PGP keys. ( #13073 )
...
* Consistency: GPG keys are PGP keys
* Consistency: GPG keys are PGP keys
* Consistency: GPG keys are PGP keys
* Consistency: GPG keys are PGP keys
* Consistency: GPG keys are PGP keys
* Consistency: s/GPG/PGP keys, use GPG's proper name
* Use GPG's proper name GnuPG
* Use GPG's proper name GnuPG
* Consistency: GPG keys are PGP keys
* Fix typo
2021-11-08 10:04:59 -08:00
Meggie
bb6ba32f65
Add note that monitor command may truncate logs ( #13079 )
...
* Add note that monitor command may truncate logs
* Apply suggestions from code review
Co-authored-by: Nick Cabatoff <ncabatoff@hashicorp.com>
Co-authored-by: Nick Cabatoff <ncabatoff@hashicorp.com>
2021-11-08 12:52:42 -05:00
Nick Cabatoff
40640ef43f
Fix errors logged on standbys when we try to write versions to storage ( #13042 )
2021-11-08 10:04:17 -05:00
Jim Kalafut
1b49591b53
Update changelog for 1.9.0-rc1 ( #13067 )
2021-11-05 13:25:54 -07:00
Steven Clark
687701d9a3
Attempt to fix the flaky TestDeleteUser/TestUpdateUser mssql tests ( #13071 )
...
- Add a 'Connect Timeout' query parameter to the test helper to set
a timeout value of 30 seconds in an attempt to address the following
failure we see at times in TestDeleteUser and TestUpdateUser
mssql_test.go:253: Failed to initialize: error verifying connection: TLS Handshake failed: cannot read handshake packet: EOF
2021-11-05 14:53:37 -04:00
Kevin Wang
3a882fad3a
chore: bump `react-subnav` ( #13039 )
2021-11-05 13:20:50 -04:00
Jason O'Donnell
16bc065c48
secrets/azure: add doc for rotate-root and AAD migration ( #13066 )
...
* secrets/azure: add doc for rotate-root and AAD migration
* Formatting
* Fix bad link, update warnings
2021-11-05 13:04:25 -04:00
Nick Cabatoff
734b46d150
Fix regression preventing non-docker tests from running. ( #13063 )
2021-11-05 10:41:29 -04:00
claire bontempo
bfc6467e55
UI/Truncate long secret names ( #13032 )
...
* small bar chart attr fix
* truncates and adds ellipsis of label is long
* adds tooltip for long labels
* updates storybook
* adds changelog
* only calculate overflow if query selectors grab elements
* moves tooltip pointer to left
2021-11-04 16:57:08 -07:00
claire bontempo
7bc177abc6
UI/Adds pagination to auth methods list ( #13054 )
...
* adds pagination to auth methods list
* adds changelog
2021-11-04 16:35:20 -07:00
Meggie
f9c8843996
Updating website for 1.8.5 ( #13059 )
2021-11-04 18:14:03 -04:00
castironclay
c2e7aca9ca
Address algorithm not supported ( #12852 )
...
error seen on host /var/log/auth.log:
userauth_pubkey: certificate signature algorithm ssh-rsa: signature algorithm not supported [preauth]
2021-11-04 18:07:46 -04:00
Meggie
6516336ec3
changelog++
2021-11-04 17:56:39 -04:00
John-Michael Faircloth
fde5bb2e72
Docs: OIDC flow endpoints ( #12942 )
...
* add docs for OIDC provider and scopes
* fix json formatting
* add oidc docs path to nav data
* create provider with scope
* update client ids description
* update provider and scope docs
* add issuer string additional docs info
* OIDC: docs for oidc flow endpoints
* fix formatting and wording
* improve headings, formatting; fix wording
Co-authored-by: Vinay Gopalan <vinay@hashicorp.com>
2021-11-04 16:03:56 -05:00
Dominik Roos
114e172437
certutil: select appropriate hash algorithm for ECDSA signature ( #11216 )
...
* certutil: select appropriate hash algorithm for ECDSA signature
Select the appropriate signature algorithm for certificates signed
with an ECDSA private key.
The algorithm is selected based on the curve:
- P-256 -> x509.ECDSAWithSHA256
- P-384 -> x509.ECDSAWithSHA384
- P-521 -> x509.ECDSAWithSHA512
- Other -> x509.ECDSAWithSHA256
fixes #11006
2021-11-04 16:33:01 -04:00
Jordan Reimer
af72de27b9
PGP key list input fix ( #13038 )
...
* fixes issue with pgp list file input count not matching key shares number
* adds changelog entry
2021-11-04 14:25:15 -06:00
Angel Garbarino
74577e3a77
fix and test fix ( #13050 )
2021-11-04 11:26:29 -06:00
John-Michael Faircloth
0445b2b492
Add changelog for couchbase plugin bug fix ( #13033 )
...
* Add changelog for https://github.com/hashicorp/vault-plugin-database-couchbase/pull/24
* update changelog name
* remove debug line
2021-11-03 15:39:19 -05:00
Jason O'Donnell
d92f139176
secrets/azure: add changelog for rotate-root ( #13034 )
...
* secrets/azure: add changelog for rotate-root
* Rename changelog file
* Use PR number as filename
2021-11-03 16:38:45 -04:00
Peter Wilson
89b66054cc
Update README to remove IRC reference ( #13031 )
...
* Update README to remove IRC reference
The README references IRC (Freenode) as a means of communication regarding the Vault project, but it seems that:
1. Freenode has had its share of issues (https://en.wikipedia.org/wiki/Freenode#Ownership_change_and_conflict )
2. You now need a Freenode account to access their IRC server
3. The channel hasn't been very active (and to the best of my knowledge hasn't been migrated to Libera where a lot of Freenode based projects moved to)
I'd recommend just removing the reference for now, and if things change or another means of collaboration surfaces - adding that later.
* Added changelog file 13031.txt
* Moved required changelog file to the correct folder
* Removed changelog entry based on PR feedback
2021-11-03 16:01:01 -04:00
Loann Le
a6432ca770
added new code samples ( #13030 )
2021-11-03 10:10:28 -07:00
Meggie
627c43e496
1.10.0-dev version bump ( #12987 )
...
* 1.10.0-dev version bump
* Remove hard-coded versions from tests. (#13026 )
Co-authored-by: Nick Cabatoff <ncabatoff@hashicorp.com>
2021-11-03 12:50:12 -04:00
Nick Cabatoff
ddf89f2708
Add more detail to recovery mode docs. ( #12984 )
2021-11-03 10:22:00 -04:00
Nick Cabatoff
72c31832e6
Catch test errors that break go list ( #13017 )
2021-11-03 09:00:38 -04:00
swayne275
418c311b14
fix 12888 release note format ( #13016 )
...
* fix release note format
* deprecation -> change
2021-11-02 16:54:46 -06:00
Meggie
1f24338594
Should use "change" not "changes" ( #13020 )
2021-11-02 18:36:11 -04:00
Gary Frederick
f16f3efed5
add missing back tick ( #12941 )
2021-11-02 14:06:17 -07:00
Victor Rodriguez
991ab5aeed
VAULT-444: Use sync.RWMutex rather than DeadlockRWMutex in PKI backend. ( #13018 )
2021-11-02 17:02:54 -04:00
akshya96
8b89a14f13
Local auth mount documentation ( #12970 )
...
* adding documentation changes
* adding requested changes
* adding suggested changes
2021-11-02 13:23:29 -07:00
Pratyoy Mukhopadhyay
90578d3cb3
[VAULT-4034] Revert back to caching nil values ( #13013 )
...
* Revert "[VAULT-4034] Only cache non-nil values (#12993 )"
This reverts commit 67e1ed06c7199856f8493f416df55f06603881c6.
* Update sdk/physical/cache.go
Co-authored-by: Nick Cabatoff <ncabatoff@hashicorp.com>
Co-authored-by: Nick Cabatoff <ncabatoff@hashicorp.com>
2021-11-02 12:00:37 -07:00
Theron Voran
3277b8441e
docs: agent cache config requirements ( #13006 )
...
Added a note that agent cache requires at least one listener or template
to be defined in the config, and a couple spelling corrections.
Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com>
2021-11-02 11:29:40 -07:00
vinay-gopalan
ebb904031f
[VAULT-3969] Document CRUD APIs for OIDC client and assignment ( #12939 )
2021-11-02 11:01:28 -07:00