Update the base images for all scenarios:
- RHEL: upgrade base image for 10 to 10.1
- RHEL: upgrade base image for 9 to 9.7
- SLES: upgrade base image for 15 to 15.7
- SLES: add SLES 16.0 to the matrix
- OpenSUSE: remove OpenSUSE Leap from the matrix
I ended up removing OpenSUSE because the images that we were on were rarely updated and that resulted in very slow scenarios because of package upgrades. Also, despite the latest release being in October I didn't find any public cloud images produced for the new version of Leap. We can consider adding it back later but I'm comfortable just leaving SLES 15 and 16 in there for that test coverage.
I also ended up fixing a bug in our integration host setup where we'd provision three nodes instead of one. That ought to result in many fewer instance provisions per scenario. I also had to make a few small tweaks in how we detected whether or not SELinux is enabled, as the prior implementation did not work for SLES 16.
Signed-off-by: Ryan Cragun <me@ryan.ec>
Co-authored-by: Ryan Cragun <me@ryan.ec>
* use 'stable' instead of .go-version for the security scanner
if we don't do this, the security scanner might not run because it's
using a different version of Go than what we have on whatever release
branch this is running on.
* update branches the scanner runs on
Co-authored-by: Josh Black <raskchanky@gmail.com>
* add observations for the aws secrets engine
* add mock recorder
* add tests to verify observations are created
* fix comment
* update godoc and switch to require
* fix type assertion, add test
Co-authored-by: miagilepner <mia.epner@hashicorp.com>
* separate header comp
* replacing header
* redirect to general settings
* moving kv configure under plugin settings
* add exit button
* removing all use of old header with new, updated logic
* reuse secretPath, add button to badge
* test updates pt1
* test updates pt2, refactors
* test fixes
* testing
* removing extendedConfig
* put tabs out of header
* adding new config edit page & updates
* adding page test
* pr comments
* replace type with effectiveType
* test fixes
* adding badges, cleanup test
Co-authored-by: Dan Rivera <dan.rivera@hashicorp.com>
Previously, quota updates would perform a resolve role operation without
filling in the underlying request's Storage view. This could result in a
panic on a plugin if they implement ResolveRole and don't guard against
nil Storage. Pass through the source requests storage view to prevent
this.
Co-authored-by: Mike Palmiotto <mpalmi@ibm.com>
Collect event subscriber filters on the active node of a cluster as
"cluster wide" filters, and send them from the secondary active to the
primary active node (`SendSecondaryFilters rpc`). The primary active
node forwards events downstream to the secondary active node if the
events match the secondary cluster's subscriber filters
(`RecvPrimaryEvents rpc`). Then the events are further distributed
around the secondary cluster via the existing `RecvActiveNodeEvents`
and `SendStandbyFilters` rpc's.
Events are forwarded downstream to the secondary cluster if the mount
exists on the secondary cluster, i.e. events from mounts with
`local=true` aren't forwarded, and events from mounts that are not
replicated via paths-filter aren't forwarded.
(This is the CE portion of the above^^)
Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>
* [VAULT-33083] UI: support builtin plugins as external plugins
* address copilot review comments
* add changelog
* remove unused id property
* address some nits & add test coverage
* should use utils instead of mixins
* update comments
* move/consolidate logic for 'transform' engine type into ENGINE_TYPE_TO_MODEL_TYPE_MAP, added/updated test coverage
* cleanup: extract transform engine model type logic into helper functions
* address pr comment
* separation of concerns - move relevant vars/fns from all engines metadata to external plugin helpers & secret engine model helpers files
* add TODO; remove unnecessary exports
* rename secret-engine-model-helpers to secret-engine-helpers
* update unknown engine metadata from var to fn to handle a methodType param
* remove unnecessary test
* update changelog; return methodType for unknown engine metadata, simplify code for readability
* add optional chaining for fail-safe
* address kvv1 edge case - on exit configuration, kvv1 should redirect to list-root while kvv2 should redirect to the engineRoute defined in all-engines-metadata
* add ibm header
* fix test failure after updating unknown engine type
Co-authored-by: Shannon Roberts (Beagin) <beagins@users.noreply.github.com>
A few smaller changes to `pipeline`:
- Change the regions that we use back to us-east-1 and us-west-2
- Don't backport anything to inactive branches. This behavior was a
relic of prior behavior and is no longer necessary.
- Fix the go mod tests that rely on a strangely formatted mod file
- Ignore the module fixtures when running `make go-mod-tidy`
- Run `make go-mod-tidy`
Signed-off-by: Ryan Cragun <me@ryan.ec>
* converts quick-actions-card component to ts
* updates dashboard quick-actions-card to use hds super select component
* removes searchField from params search
* fixes kvv2 workflow test
Co-authored-by: Jordan Reimer <zofskeez@gmail.com>
* converts kubernetes overview page component to ts
* converts kubernetes role index controller to ts
* updates kubernetes overview to use api service
* removes store service from kubernetes engine
* removes kubernetes models, adapters and serializers
* removes unused types
* updates removed type references
* removes fetch-secrets-config decorator
Co-authored-by: Jordan Reimer <zofskeez@gmail.com>
* enables typescript in kubernetes engine
* adds api service to kubernetes engine
* removes mounts handler from kubernetes mirage handler
* adds kubernetes application route to handle withConfig decorator check
* updates usage of application model in kubernetes engine
* updates kubernetes configuration route to use api service fetched config
* adds kubernetes config form class
* updates error route backend references to secretsEngine
* updates kubernetes configure workflow to use api service and form class
* fixes tests
* converts kubernetes index route to ts
* adds capabilities service to kubernetes engine
* updates kubernetes roles view to use api service
* converts kubernetes role details component to ts
* updates kubernetes role details route to use api service
* reverts kubernetes mirage handler change
* converts kubernetes role index route to ts
* updates kubernetes generate credentials workflow to use api service
* converts kubernetes role edit and create routes to ts
* converts kubernetes create-and-edit component to ts
* adds form class for kubernetes role
* updates kubernetes create and edit routes to use api service and form class
* fixes tests
Co-authored-by: Jordan Reimer <zofskeez@gmail.com>
* enables typescript in kubernetes engine
* adds api service to kubernetes engine
* removes mounts handler from kubernetes mirage handler
* adds kubernetes application route to handle withConfig decorator check
* updates usage of application model in kubernetes engine
* updates kubernetes configuration route to use api service fetched config
* adds kubernetes config form class
* updates error route backend references to secretsEngine
* updates kubernetes configure workflow to use api service and form class
* fixes tests
* reverts kubernetes mirage handler change
* updates type for inferredState in kubernetes config page component
* removes commented out form field in kubernetes config form
Co-authored-by: Jordan Reimer <zofskeez@gmail.com>
Fix an incompatibility where we check out the repository with
checkout@v6 and then attempt to check it out again at checkout@v5 in the
set-product-version action.
* update enos directory to trigger lint
Signed-off-by: Ryan Cragun <me@ryan.ec>
Co-authored-by: Ryan Cragun <me@ryan.ec>
* replace Hds::Reveal with Hds::Accordion
* adjust spacing to render in Hds::Form component
* fix spacing in policy-example
* cleanup form-section class usage
* implement visual builder in create policy form
* hide visual editor in search select modal
* use general selectors, alphabetize form/field selectors
* update test coverage to check for visual policy editor
* reorganzie tests by module
* add saving functionality for visual editor
* refactor event handling methods
* refactor component so parent manages stanzas
* move snippets to automation-snippets tab component
* polish up policy diff modal
* refactor arg to be isCompact
* update test coverage and export new component
* rearrange methods to make diff easier
* small cleanup, abc vars and remove unneeded change
* add lanuage and update test coverage
* update comment
* fix form hierarchy
* fix modal spacing;
Co-authored-by: claire bontempo <68122737+hellobontempo@users.noreply.github.com>
* Add Disable-Time-Check flag, and also respect common criteria when doing so.
* Switch to EnableTimeChecks to not change default behavior.
* Check Common Criteria Flag Before Disabling Verification.
* Add Changelog.
* Update builtin/logical/pki/issuing/cert_verify_ent.go
* Update changelog/_10915.txt
* PR feedback.
* Merge-fix
* Test case requested by PR review.
---------
Co-authored-by: Kit Haines <khaines@mit.edu>
Co-authored-by: Steven Clark <steven.clark@hashicorp.com>
* Correctly set signature bits.
* All the other places that accidentally conflate issuer and issued key.
* Update builtin/logical/pki/path_roles.go
* PR Feedback.
* Add changelog.
* Test and validate keybits in a single call
* License header.
* Add/combine validate and get default hashbits calls.
* Actually set keyBits on the role.
* Fix storage test, switch to defaultOrValue.
* fix storage test.
* Update error return for linter.
* Look at underlaying key type not type which might include "managedKeyType" for ca-issuer.
* Update expected role values, and convert between PublicAlgorithm and KeyType internally.
* Move the ec to ecdsa transformation to helper functions. More consistant usage.
* Speed improvement to testing - pregenerate CA bundles and CSR.
* Add go test doc.
* Fix issue with web-merge.
* Error wrapping error now warnings aren't errors.
* PR feedback - move ecdsa support to subfunctions.
---------
Co-authored-by: Kit Haines <khaines@mit.edu>
Co-authored-by: Steven Clark <steven.clark@hashicorp.com>
* Adding logic to run tidy on local secret IDs only for perf secondaries
* Modifying periodic tidy to run on local mounts
* Updating changelog for fix in VAULT-40239
Co-authored-by: Sean Ellefson <sellefson@hashicorp.com>
* sdk/rotation: Prevent rotation attempts on read-only storage
Rotation is a write operation that mutates both Vault's storage
and an external resource. Attempting this on a read-only node
(like in a performance secondary cluster) will fail.
This check preempts the rotation to prevent a split-brain scenario
where the external credential is changed but Vault's storage
cannot be updated.
* changelog
* fix failing test
Co-authored-by: John-Michael Faircloth <fairclothjm@users.noreply.github.com>
