Commit graph

17798 commits

Author SHA1 Message Date
hc-github-team-secure-vault-core fb88d3e4ec
backport of commit 7725117846a47dbd4faeecefa03c181251cbb371 (#23326)
Co-authored-by: Ryan Cragun <me@ryan.ec>
2023-09-27 12:59:02 -06:00
hc-github-team-secure-vault-core 4ccb3281f0
backport of commit d7e4447ec054ad9b8ce2dbdad6111f1587b325f8 (#23318)
Co-authored-by: Steven Clark <steven.clark@hashicorp.com>
2023-09-27 10:31:57 -07:00
claire bontempo b7dca10a06
Fix typo OSCP -> OCSP (#22586) (#23316)
Co-authored-by: Thomas Schweizer-Bolzonello <thomas@schweizerbolzonello.net>
2023-09-27 17:15:53 +00:00
Ryan Cragun d2db7fbcdd
Backport [QT-602] Run proxy and agent test scenarios (#23176) into release/1.14.x (#23302)
* [QT-602] Run `proxy` and `agent` test scenarios (#23176)

Update our `proxy` and `agent` scenarios to support new variants and
perform baseline verification and their scenario specific verification.
We integrate these updated scenarios into the pipeline by adding them
to artifact samples.

We've also improved the reliability of the `autopilot` and `replication`
scenarios by refactoring our IP address gathering. Previously, we'd ask
vault for the primary IP address and use some Terraform logic to determine
followers. The leader IP address gathering script was also implicitly
responsible for ensuring that a found leader was within a given group of
hosts, and thus waiting for a given cluster to have a leader, and also for
doing some arithmetic and outputting `replication` specific output data.
We've broken these responsibilities into individual modules, improved their
error messages, and fixed various races and bugs, including:
* Fix a race between creating the file audit device and installing and starting
  vault in the `replication` scenario.
* Fix how we determine our leader and follower IP addresses. We now query
  vault instead of a prior implementation that inferred the followers and sometimes
  did not allow all nodes to be an expected leader.
* Fix a bug where we'd always always fail on the first wrong condition
  in the `vault_verify_performance_replication` module.

We also performed some maintenance tasks on Enos scenarios  byupdating our
references from `oss` to `ce` to handle the naming and license changes. We
also enabled `shellcheck` linting for enos module scripts.

* Rename `oss` to `ce` for license and naming changes.
* Convert template enos scripts to scripts that take environment
  variables.
* Add `shellcheck` linting for enos module scripts.
* Add additional `backend` and `seal` support to `proxy` and `agent`
  scenarios.
* Update scenarios to include all baseline verification.
* Add `proxy` and `agent` scenarios to artifact samples.
* Remove IP address verification from the `vault_get_cluster_ips`
  modules and implement a new `vault_wait_for_leader` module.
* Determine follower IP addresses by querying vault in the
  `vault_get_cluster_ips` module.
* Move replication specific behavior out of the `vault_get_cluster_ips`
  module and into it's own `replication_data` module.
* Extend initial version support for the `upgrade` and `autopilot`
  scenarios.

We also discovered an issue with undo_logs that has been described in
the VAULT-20259. As such, we've disabled the undo_logs check until
it has been fixed.

* actions: fix actionlint error and linting logic (#23305)

Signed-off-by: Ryan Cragun <me@ryan.ec>
2023-09-27 10:53:12 -06:00
hc-github-team-es-release-engineering be4f05ed25 Bumped product version to 1.14.5. 2023-09-26 18:09:22 -04:00
hc-github-team-secure-vault-core 6a15309a2e
Do not attempt to shutdown ACME thread on non-active nodes (#23293) (#23294)
Co-authored-by: Steven Clark <steven.clark@hashicorp.com>
2023-09-26 21:01:17 +00:00
hc-github-team-secure-vault-core c08d731634
backport of commit dbfaa6f81a156ec1dcb85d8d76941d4ac70c91fb (#23285)
Co-authored-by: Steven Clark <steven.clark@hashicorp.com>
2023-09-26 18:18:06 +00:00
claire bontempo ab1f3c8b83
cherry pick (#23264) 2023-09-22 21:29:05 +00:00
Chelsea Shaw 36452c0849
UI: add pagination to new PKI (#23193) (#23239)
* UI: add pagination to new PKI (#23193)

* fixes store type import

* fixes tests

---------

Co-authored-by: Jordan Reimer <zofskeez@gmail.com>
2023-09-22 10:47:55 -06:00
hc-github-team-secure-vault-core c29b24b07d
backport of commit 1d61aeb8aebc96eecbb6a35e10bd914b4d0f41f4 (#23250)
Co-authored-by: Sergey Kutovoy <kutovoy.s@gmail.com>
2023-09-22 09:06:23 -07:00
Sarah Chavis 86404bf211
[DOCS] Manual backport of Administrative namespace updates (#23208) (#23231)
* [DOCS] Administrative namespace updates (#23208)
2023-09-21 17:49:47 -04:00
hc-github-team-secure-vault-core b783dec8fd
backport of commit 8b126987807be3593f70ffd8b49b2d90406d7aea (#23235)
Co-authored-by: claire bontempo <68122737+hellobontempo@users.noreply.github.com>
2023-09-21 21:26:20 +00:00
hc-github-team-secure-vault-core 4bbc508695
backport of commit 758de878d61efbd53a7c4939981c1e061dc937a3 (#23221)
Co-authored-by: mickael-hc <86245626+mickael-hc@users.noreply.github.com>
2023-09-21 16:59:26 +00:00
Chelsea Shaw 0d6f76b98e
UI: Show unsupported screen if replication unsupported (#23178) (#23213) 2023-09-21 11:35:48 -05:00
hc-github-team-secure-vault-core 0596707993
backport of commit 55414e6a733bc7d746618ddd0723bac38b90cc7d (#23198)
Co-authored-by: Aram Mirzadeh <aram535@users.noreply.github.com>
2023-09-20 14:20:09 -07:00
Sarah Chavis 2110530c6e
Correct restricted endpoint tagging in current docs (#23201) 2023-09-20 13:28:40 -07:00
hc-github-team-secure-vault-core 3505868165
backport of UI: handle control group error on SSH (#23034)
Co-authored-by: Chelsea Shaw <82459713+hashishaw@users.noreply.github.com>
2023-09-20 16:18:57 +00:00
Kianna 3ba22f14e0
Backport 1.14.3: confirm delete modal for namespaces (#23109)
* Possible soln 1: add a class w/ min height instead of calculated height

* Remove confirm-height style

* Add changelog

* Fix changelog

* Possible soln 2: apply style using native js

* Remove copyright since 1.14 didnt have
2023-09-20 09:15:52 -06:00
hc-github-team-secure-vault-core 693ba0eddc
backport of commit c73eacbaf6ae6b5860e1ad9a3b6ce930c093a105 (#23174)
Co-authored-by: akshya96 <87045294+akshya96@users.noreply.github.com>
2023-09-19 19:54:42 +00:00
hc-github-team-secure-vault-core e5bee669e4
backport of commit d5f4243c9efe3970ccf0c6227c27bb2c03f02a31 (#23162)
Co-authored-by: Hamid Ghaf <83242695+hghaf099@users.noreply.github.com>
2023-09-19 16:03:52 +00:00
Ryan Cragun 9da2fc4b8b
test: wait for nc to be listening before enabling auditor (#23142) (#23150)
Rather than assuming a short sleep will work, we instead wait until netcat is listening of the socket. We've also configured the netcat listener to persist after the first connection, which allows Vault and us to check the connection without the process closing.

As we implemented this we also ran into AWS issues in us-east-1 and us-west-2, so we've changed our deploy regions until those issues are resolved.

Signed-off-by: Ryan Cragun <me@ryan.ec>
2023-09-18 15:10:37 -06:00
hc-github-team-secure-vault-core 7cf02909cc
backport of commit 2a46d492a3d15cfea8a492e29051a2451d47cdf5 (#23147)
Co-authored-by: Nicola Kabar <nicolaka@gmail.com>
2023-09-18 12:44:48 -07:00
hc-github-team-secure-vault-core bf9114d772
Backport of UI: [VAULT-18178] Fix filter/search bug in search secrets engines into release/1.14.x (#23130)
Co-authored-by: Kianna <30884335+kiannaquach@users.noreply.github.com>
2023-09-18 17:59:01 +00:00
Hamid Ghaf 34b2650ad7
update version to 1.14.4 (#23085)
Co-authored-by: Sarah Thompson <sthompson@hashicorp.com>
2023-09-18 07:07:16 -07:00
hc-github-team-secure-vault-core 0a443e1d34
backport of commit 3f9b6075aaa1ca3e4c4065b0a460c3bd80b1afd9 (#23127)
Backport of UI: add SSH role attribute allowed_domains_template
Co-authored-by: Chelsea Shaw <82459713+hashishaw@users.noreply.github.com>
2023-09-15 21:56:40 +00:00
hc-github-team-secure-vault-core dfc1385992
Backport of UI: Handle error from ResponseWithStatusCode (#23116)
Co-authored-by: Chelsea Shaw <82459713+hashishaw@users.noreply.github.com>
2023-09-15 15:38:22 -05:00
hc-github-team-secure-vault-core b83be1c01b
backport of commit 4b9b5d60e6401bb2338f88340befc7d8802c63c8 (#23110)
Co-authored-by: soly-hashicorp <106975916+soly-hashicorp@users.noreply.github.com>
2023-09-15 10:03:51 -07:00
hc-github-team-es-release-engineering 98d045548b Bumped product version to 1.14.5. 2023-09-15 09:45:47 -04:00
hc-github-team-es-release-engineering 5441926578 Bumped product version to 1.14.4. 2023-09-15 09:44:14 -04:00
hc-github-team-secure-vault-core 2970f245c5
backport of commit 37215ae
[VAULT-14497] Ensure Role Governing Policies are only applied down the namespace hierarchy (#23090)

---------

Co-authored-by: Kuba Wieczorek <kuba.wieczorek@hashicorp.com>
2023-09-14 19:27:30 +00:00
hc-github-team-secure-vault-core 4ef29a1b2e
Add known issues around transit managed keys (#23080) (#23096)
* Add known issues around transit managed keys

 - Document known issue around managed key encryption failure with Cloud KMS backed keys and the failure to sign with managed keys

* Fix filename typos

* Update website/content/partials/known-issues/transit-managed-keys-sign-fails.mdx



* Update website/content/partials/known-issues/transit-managed-keys-panics.mdx



* Apply PR feedback

* Missed new line to force error on new-line.

---------

Co-authored-by: Steven Clark <steven.clark@hashicorp.com>
Co-authored-by: Alexander Scheel <alex.scheel@hashicorp.com>
2023-09-14 14:48:51 -04:00
hc-github-team-secure-vault-core dcf74888b7
backport of commit 854ea77f9e26fd6fc6302c7e6b9d86ab99096201 (#23083)
Co-authored-by: Meggie <meggie@hashicorp.com>
2023-09-14 13:21:08 -04:00
hc-github-team-secure-vault-core 721f144792
backport of commit 930b48882afb1a25f0409d53fc3200c47d12f5a5 (#23051)
Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com>
2023-09-14 10:17:35 -07:00
hc-github-team-secure-vault-core ea8dde9aa3
backport of commit f0fb07b0b2762a1f6df987b75e78c67ac6e323d2 (#23071)
Co-authored-by: Jonathan Frappier <92055993+jonathanfrappier@users.noreply.github.com>
2023-09-13 18:49:28 -04:00
hc-github-team-secure-vault-core d546c1000a
backport of commit 15a50b8959cbc6c368421c7f3a0257a587e99b55 (#23058)
Co-authored-by: Jonathan Frappier <92055993+jonathanfrappier@users.noreply.github.com>
2023-09-13 15:58:08 -04:00
Sarah Chavis 5802b4a02f
Manual backport of missing partial (#23048)
* Manual backport of missing partial
2023-09-13 09:10:17 -07:00
hc-github-team-secure-vault-core f8cc377db2
backport of commit 5a83838f1df3a2092119e1f7a7450795110c9e96 (#23020)
Co-authored-by: Chris Capurso <1036769+ccapurso@users.noreply.github.com>
2023-09-13 09:50:57 -04:00
hc-github-team-secure-vault-core cf35e72593
backport of commit 293e8b8ac5469fc18470b4fb03fa6618b796bb5f (#23045)
Co-authored-by: Steven Clark <steven.clark@hashicorp.com>
2023-09-13 12:39:58 +00:00
Nick Cabatoff da9cd4c878
Fix some duplication of partials, and add fix versions for update-primary data loss issue (#22182) (#23043) 2023-09-13 08:14:42 -04:00
hc-github-team-secure-vault-core 28c15e2a98
backport of commit e2ff1f1c7117574888db91b4b6027be24533d718 (#23030)
Co-authored-by: Alexander Scheel <alex.scheel@hashicorp.com>
2023-09-12 21:18:03 +00:00
hc-github-team-secure-vault-core e940a1dd82
backport of commit c63a84dc9f777f3d441203eb835c2a6f3121fea4 (#23023)
Co-authored-by: Andreas Gruhler <andreas.gruhler@adfinis.com>
2023-09-12 20:10:29 +00:00
hc-github-team-secure-vault-core 234c9ff772
Backport of UI: [VAULT-18040] List all features in license info into release/1.14.x (#23005)
Co-authored-by: Kianna <30884335+kiannaquach@users.noreply.github.com>
2023-09-12 09:48:06 -07:00
hc-github-team-secure-vault-core 0ce888e5a4
backport of commit 9a7de066a9013e13c5c38eb7f30aae5544b28089 (#22983)
Co-authored-by: Ryan Cragun <me@ryan.ec>
2023-09-11 21:23:55 +00:00
hc-github-team-secure-vault-core 63a60ebc2c
backport of commit 7fd6d7a0816973033dac3ba0e0634506ba427a38 (#22981)
Co-authored-by: xka5h <74259424+xka5h@users.noreply.github.com>
2023-09-11 21:02:28 +00:00
hc-github-team-secure-vault-core 79ec31895e
backport of commit d634700c9e80871c607f894ae31a1b6187777e6c (#22966)
Co-authored-by: Ryan Cragun <me@ryan.ec>
2023-09-11 18:27:51 +00:00
Ryan Cragun 3b5636d911
test: don't use actions-set-product-version in release testing (#22948) (#22951)
Signed-off-by: Ryan Cragun <me@ryan.ec>
2023-09-08 16:57:15 -06:00
Ryan Cragun 8880b6eeb1
test: fix release testing from artifactory (#22941) (#22945)
Signed-off-by: Ryan Cragun <me@ryan.ec>
2023-09-08 21:32:39 +00:00
hc-github-team-secure-vault-core 8cb3f273b9
backport of commit c3aa019c9aa4e0338b2f11c0dff293fa4889b316 (#22943)
Co-authored-by: Niklas Rosencrantz <niklasr@protonmail.com>
2023-09-08 20:57:13 +00:00
hc-github-team-secure-vault-core 5d66928aff
backport of commit 1b442a71aaf73e6485d1615f4a0265a80be9d2ac (#22942)
Co-authored-by: Kit Haines <khaines@mit.edu>
2023-09-08 13:48:47 -07:00
hc-github-team-secure-vault-core f52a686b91
[QT-506] Use enos scenario samples for testing (#22641) (#22933)
Replace our prior implementation of Enos test groups with the new Enos
sampling feature. With this feature we're able to describe which
scenarios and variant combinations are valid for a given artifact and
allow enos to create a valid sample field (a matrix of all compatible
scenarios) and take an observation (select some to run) for us. This
ensures that every valid scenario and variant combination will
now be a candidate for testing in the pipeline. See QT-504[0] for further
details on the Enos sampling capabilities.

Our prior implementation only tested the amd64 and arm64 zip artifacts,
as well as the Docker container. We now include the following new artifacts
in the test matrix:
* CE Amd64 Debian package
* CE Amd64 RPM package
* CE Arm64 Debian package
* CE Arm64 RPM package

Each artifact includes a sample definition for both pre-merge/post-merge
(build) and release testing.

Changes:
* Remove the hand crafted `enos-run-matrices` ci matrix targets and replace
  them with per-artifact samples.
* Use enos sampling to generate different sample groups on all pull
  requests.
* Update the enos scenario matrices to handle HSM and FIPS packages.
* Simplify enos scenarios by using shared globals instead of
  cargo-culted locals.

Note: This will require coordination with vault-enterprise to ensure a
smooth migration to the new system. Integrating new scenarios or
modifying existing scenarios/variants should be much smoother after this
initial migration.

[0] https://github.com/hashicorp/enos/pull/102

Signed-off-by: Ryan Cragun <me@ryan.ec>
Co-authored-by: Ryan Cragun <me@ryan.ec>
2023-09-08 13:31:09 -06:00