mirrors/vault
1
0
Fork 0
mirror of https://github.com/hashicorp/vault.git synced 2025-11-28 06:01:08 +01:00
Code Issues Projects Releases Wiki Activity
14,240 Commits 2,849 Branches 460 Tags
Commit Graph

14240 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
swayne275
231ef1de62
define batch token interaction with lease count quota (#13127) 2021-11-11 16:09:44 -07:00
Yoko Hyakuna
d786373144
Add troubleshooting guide (#13124) 
* Redirect /guies to https://learn.hashicorp.com

* Add link to Troubleshooting guide
 2021-11-11 13:38:10 -08:00
vinay-gopalan
32dbc7f065
update changelog/12621.txt (#13117) 2021-11-10 16:39:27 -08:00
skhilar
56e81b899b
Added notAfter and support Y10K expiry for IEEE 802.1AR-2018 (#12795) 2021-11-10 19:09:06 -05:00
vinay-gopalan
41b69deb96
Update CHANGELOG.md entry for #12621 (#13114) 2021-11-10 14:52:31 -08:00
Arnav Palnitkar
30a483088d
Add message while adding Oracle db connection (#13087) 
* Add message while adding Oracle db connection

- Since UI currently doesn't have support for custom plugin names,
  inform user to use the default plugin name for oracle

* Updated warning message

* Updated message
 2021-11-10 14:20:36 -08:00
Chelsea Shaw
90decc1405
UI/OIDC authz flow tests (#13106) 2021-11-10 15:19:40 -06:00
Scott Miller
87c2b1ac0a
Add a periodic test of the autoseal to detect loss of connectivity. (#13078) 
* Add a periodic test of the autoseal to detect loss of connectivity

* Keep the logic adjacent to autoseal

* imports

* typo, plus unnecessary constant time compare

* changelog

* pr feedback

* More feedback

* Add locking and a unit test

* unnecessary

* Add timeouts to encrypt/decrypt operations, capture activeContext before starting loop

* Add a block scope for the timeout

* copy/paste ftl

* Refactor to use two timeouts, and cleanup the repetitive failure code

* Readd 0ing gauge

* use millis

* Invert the unit test logic
 2021-11-10 14:46:07 -06:00
John-Michael Faircloth
b325d7b05b
OIDC: return full issuer uri on read provider (#13058) 
* return full issuer uri on read provider

* remove err check

* simplify full issuer logic
 2021-11-10 12:35:31 -06:00
Loann Le
536ee276eb
fixed link error (#13103) 2021-11-10 09:38:02 -08:00
Jonas-Taha El Sesiy
e130fbc162
Add PutAutoPilotRaftConfiguration to api (#12428) 2021-11-10 12:10:15 -05:00
VAL
cd1f974f36
Remove reference to local api module, use v1.3.0 (#13105) api/auth/approle/v0.1.0 api/auth/userpass/v0.1.0 api/auth/kubernetes/v0.1.0 api/auth/aws/v0.1.0 2021-11-09 14:49:46 -08:00
swayne275
a7a20ae3bb
Namespace API Lock docs (#13064) 
* add api lock doc

* add docs nav data

* Update website/content/api-docs/system/namespaces.mdx

Co-authored-by: Chris Capurso <christopher.capurso@gmail.com>

* update command doc

* clarify locked http status code

* add example exempt path

* further exempt clarification

* link api locked response

* add x-vault-namespace api example

* Update website/content/docs/concepts/namespace-api-lock.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* review suggestions

* few other small tweaks

Co-authored-by: Chris Capurso <christopher.capurso@gmail.com>
Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>
 2021-11-09 15:43:17 -07:00
Jordan Reimer
47024a27d5
Raft peer removal bug (#13098) 
* fixes issue removing raft peer via cli not reflected in UI until refresh

* adds changelog entry
 2021-11-09 15:05:25 -07:00
Chelsea Shaw
b66c734aeb
UI: Show detailed error response on failed secret-engine list call (#13035) 2021-11-09 14:42:46 -06:00
swayne275
97610c15d3
Vault 936: use core.activeContext in ActivityLog (#13083) 
* update activity log to use core's activeContext for cleaner worker termination

* update tests to use core activeContext instead of generic context

* pass context around instead

* revert context change

* undo test context changes

* change worker context

* accidentally undid context for fcn signature changes
 2021-11-09 11:47:39 -07:00
Steven Clark
1e7d75b684
Add missing changelog for pr #13093 (#13095) 2021-11-09 11:03:59 -05:00
Steven Clark
4a410cac87
Address a data race issue within identity_store_util::processLocalAlias (#13093) 
- When loading an existing alias within processLocalAlias we aren't
   cloning the object from the memory store. There seems to be a data
   race within the function when calling entity.UpsertAlias and
   a concurrent invalidation routine.

 ==================
WARNING: DATA RACE
Read at 0x00c00bd03d08 by goroutine 94:
  google.golang.org/protobuf/internal/impl.pointer.Elem()
      /go/pkg/mod/google.golang.org/protobuf@v1.27.1/internal/impl/pointer_unsafe.go:118 +0x2b3
  google.golang.org/protobuf/internal/impl.(*MessageInfo).sizePointerSlow()
      /go/pkg/mod/google.golang.org/protobuf@v1.27.1/internal/impl/encode.go:76 +0x265
  google.golang.org/protobuf/internal/impl.(*MessageInfo).sizePointer()
      /go/pkg/mod/google.golang.org/protobuf@v1.27.1/internal/impl/encode.go:56 +0x12a
  google.golang.org/protobuf/internal/impl.(*MessageInfo).size()
      /go/pkg/mod/google.golang.org/protobuf@v1.27.1/internal/impl/encode.go:40 +0x95
  google.golang.org/protobuf/internal/impl.(*MessageInfo).size-fm()
      /go/pkg/mod/google.golang.org/protobuf@v1.27.1/internal/impl/encode.go:33 +0x6c
  google.golang.org/protobuf/proto.MarshalOptions.marshal()
      /go/pkg/mod/google.golang.org/protobuf@v1.27.1/proto/encode.go:153 +0x1f3
  google.golang.org/protobuf/proto.MarshalOptions.MarshalAppend()
      /go/pkg/mod/google.golang.org/protobuf@v1.27.1/proto/encode.go:122 +0xa5
  github.com/golang/protobuf/proto.marshalAppend()
      /go/pkg/mod/github.com/golang/protobuf@v1.5.2/proto/wire.go:40 +0xe4
  github.com/golang/protobuf/proto.Marshal()
      /go/pkg/mod/github.com/golang/protobuf@v1.5.2/proto/wire.go:23 +0x64
  github.com/hashicorp/vault/helper/identity.(*Entity).Clone()
      /go/src/github.com/hashicorp/vault/helper/identity/identity.go:34 +0x150
  github.com/hashicorp/vault/vault.(*IdentityStore).MemDBEntitiesByBucketKeyInTxn()
      /go/src/github.com/hashicorp/vault/vault/identity_store_util.go:1214 +0x306
  github.com/hashicorp/vault/vault.(*IdentityStore).Invalidate()
      /go/src/github.com/hashicorp/vault/vault/identity_store.go:216 +0xd6c
  github.com/hashicorp/vault/vault.(*IdentityStore).Invalidate-fm()
      /go/src/github.com/hashicorp/vault/vault/identity_store.go:160 +0x6d
  github.com/hashicorp/vault/sdk/framework.(*Backend).InvalidateKey()
      /go/src/github.com/hashicorp/vault/sdk/framework/backend.go:347 +0x8a
  github.com/hashicorp/vault/vault.(*IdentityStore).InvalidateKey()
      <autogenerated>:1 +0x7d
  github.com/hashicorp/vault/vault.(*Core).asyncInvalidateKey()
      /go/src/github.com/hashicorp/vault/vault/replication_invalidation_ent.go:58 +0x390
  github.com/hashicorp/vault/vault.(*Core).asyncInvalidateHandler()
      /go/src/github.com/hashicorp/vault/vault/replication_invalidation_ent.go:71 +0x9b
  github.com/hashicorp/vault/vault.startReplicationEnt·dwrap·453()
      /go/src/github.com/hashicorp/vault/vault/replication_util_ent.go:331 +0x71

Previous write at 0x00c00bd03d08 by goroutine 52:
  github.com/hashicorp/vault/helper/identity.(*Entity).UpsertAlias()
      /go/src/github.com/hashicorp/vault/helper/identity/identity.go:55 +0x271
  github.com/hashicorp/vault/vault.(*IdentityStore).processLocalAlias()
      /go/src/github.com/hashicorp/vault/vault/identity_store_util.go:720 +0x672
  github.com/hashicorp/vault/vault.possiblyForwardEntityCreation()
      /go/src/github.com/hashicorp/vault/vault/request_handling_util_ent.go:230 +0x286
  github.com/hashicorp/vault/vault.(*Core).handleLoginRequest()
      /go/src/github.com/hashicorp/vault/vault/request_handling.go:1345 +0x234a
  github.com/hashicorp/vault/vault.(*Core).handleCancelableRequest()
      /go/src/github.com/hashicorp/vault/vault/request_handling.go:607 +0x1a11
  github.com/hashicorp/vault/vault.(*Core).switchedLockHandleRequest()
      /go/src/github.com/hashicorp/vault/vault/request_handling.go:442 +0x5b5
  github.com/hashicorp/vault/vault.(*Core).HandleRequest()
      /go/src/github.com/hashicorp/vault/vault/request_handling.go:408 +0xf2
  github.com/hashicorp/vault/http.request()
      /go/src/github.com/hashicorp/vault/http/handler.go:953 +0xb1
  github.com/hashicorp/vault/http.handleLogicalInternal.func1()
      /go/src/github.com/hashicorp/vault/http/logical.go:341 +0xca
  net/http.HandlerFunc.ServeHTTP()
      /usr/local/go/src/net/http/server.go:2046 +0x4d
  github.com/hashicorp/vault/http.handleRequestForwarding.func1()
      /go/src/github.com/hashicorp/vault/http/handler.go:887 +0x4eb
  net/http.HandlerFunc.ServeHTTP()
      /usr/local/go/src/net/http/server.go:2046 +0x4d
  net/http.(*ServeMux).ServeHTTP()
      /usr/local/go/src/net/http/server.go:2424 +0xc5
  github.com/hashicorp/vault/http.wrapHelpHandler.func1()
      /go/src/github.com/hashicorp/vault/http/help.go:23 +0x281
  net/http.HandlerFunc.ServeHTTP()
      /usr/local/go/src/net/http/server.go:2046 +0x4d
  github.com/hashicorp/vault/http.wrapCORSHandler.func1()
      /go/src/github.com/hashicorp/vault/http/cors.go:29 +0xb0e
  net/http.HandlerFunc.ServeHTTP()
      /usr/local/go/src/net/http/server.go:2046 +0x4d
  github.com/hashicorp/vault/http.rateLimitQuotaWrapping.func1()
      /go/src/github.com/hashicorp/vault/http/util.go:97 +0xf28
  net/http.HandlerFunc.ServeHTTP()
      /usr/local/go/src/net/http/server.go:2046 +0x4d
  github.com/hashicorp/vault/http.wrapDRSecondaryHandler.func1()
      /go/src/github.com/hashicorp/vault/http/util_ent.go:81 +0x7e3
  net/http.HandlerFunc.ServeHTTP()
      /usr/local/go/src/net/http/server.go:2046 +0x4d
  github.com/hashicorp/vault/http.wrapGenericHandler.func1()
      /go/src/github.com/hashicorp/vault/http/handler.go:465 +0x1843
  net/http.HandlerFunc.ServeHTTP()
      /usr/local/go/src/net/http/server.go:2046 +0x4d
  github.com/hashicorp/go-cleanhttp.PrintablePathCheckHandler.func1()
      /go/pkg/mod/github.com/hashicorp/go-cleanhttp@v0.5.2/handlers.go:42 +0xc1
  net/http.HandlerFunc.ServeHTTP()
      /usr/local/go/src/net/http/server.go:2046 +0x4d
  net/http.serverHandler.ServeHTTP()
      /usr/local/go/src/net/http/server.go:2878 +0x89a
  net/http.initALPNRequest.ServeHTTP()
      /usr/local/go/src/net/http/server.go:3479 +0x34d
  net/http.(*initALPNRequest).ServeHTTP()
      <autogenerated>:1 +0x8f
  net/http.Handler.ServeHTTP-fm()
      /usr/local/go/src/net/http/server.go:87 +0x75
  net/http.(*http2serverConn).runHandler()
      /usr/local/go/src/net/http/h2_bundle.go:5832 +0xdd
  net/http.(*http2serverConn).processHeaders·dwrap·31()
      /usr/local/go/src/net/http/h2_bundle.go:5562 +0x64
 2021-11-09 10:00:26 -05:00
Jim Kalafut
a0830b1b33
Update CODEOWNERS (#13091) 2021-11-09 06:02:54 -08:00
Hridoy Roy
b5bcfe619b
Port: Allow Routing to Partial Monthly Client Count From Namespaces (#13086) 
* add function for routing activity log client counts to ent namespaces

* changelog
 2021-11-08 15:38:35 -08:00
Jordan Reimer
f1dc962a93
Secrets header version badge (#13015) 
* updates secret list header to display badge for all versions

* adds changelog entry

* updates secret list header to only show badge for kv and generic engine types

* adds secret-engine mirage factory

* adds test helper for pushing serialized mirage data into store and returning ember data models

* adds secret engine type version badge display test

* updates mirage application serializer to return singular type key
 2021-11-08 14:29:00 -07:00
Matt Schultz
156d46a687
Remove TLS prefer server cipher suites configuration option due to deprecation in go 1.17. (#13084) 2021-11-08 14:31:59 -06:00
Nick Cabatoff
db5c5ddf52
Add a little test helper for polling (#13082) 2021-11-08 15:24:06 -05:00
Rémi Lapeyre
50adc3c0cf
Add read support to sys/mounts/:path (#12792) 
* Add read support to sys/mounts/:path

Closes https://github.com/hashicorp/vault/issues/12349

* Add changelog entry

* Empty commit to trigger CI

* Empty commit to trigger CI
 2021-11-08 10:32:01 -08:00
Daniel Nathan Gray
07f75268bd
Documentation consistency GPG keys are PGP keys. (#13073) 
* Consistency: GPG keys are PGP keys

* Consistency: GPG keys are PGP keys

* Consistency: GPG keys are PGP keys

* Consistency: GPG keys are PGP keys

* Consistency: GPG keys are PGP keys

* Consistency: s/GPG/PGP keys, use GPG's proper name

* Use GPG's proper name GnuPG

* Use GPG's proper name GnuPG

* Consistency: GPG keys are PGP keys

* Fix typo
 2021-11-08 10:04:59 -08:00
Meggie
33a140a260
Add note that monitor command may truncate logs (#13079) 
* Add note that monitor command may truncate logs

* Apply suggestions from code review

Co-authored-by: Nick Cabatoff <ncabatoff@hashicorp.com>

Co-authored-by: Nick Cabatoff <ncabatoff@hashicorp.com>
 2021-11-08 12:52:42 -05:00
Nick Cabatoff
ceea50b376
Fix errors logged on standbys when we try to write versions to storage (#13042) 2021-11-08 10:04:17 -05:00
Jim Kalafut
f62d724d39
Update changelog for 1.9.0-rc1 (#13067) 2021-11-05 13:25:54 -07:00
Steven Clark
4108388479
Attempt to fix the flaky TestDeleteUser/TestUpdateUser mssql tests (#13071) 
- Add a 'Connect Timeout' query parameter to the test helper to set
   a timeout value of 30 seconds in an attempt to address the following
   failure we see at times in TestDeleteUser and TestUpdateUser

   mssql_test.go:253: Failed to initialize: error verifying connection: TLS Handshake failed: cannot read handshake packet: EOF
 2021-11-05 14:53:37 -04:00
Kevin Wang
cc7e963d74
chore: bump react-subnav (#13039) 2021-11-05 13:20:50 -04:00
Jason O'Donnell
b550a205bc
secrets/azure: add doc for rotate-root and AAD migration (#13066) 
* secrets/azure: add doc for rotate-root and AAD migration

* Formatting

* Fix bad link, update warnings
 2021-11-05 13:04:25 -04:00
Nick Cabatoff
6ba7512057
Fix regression preventing non-docker tests from running. (#13063) 2021-11-05 10:41:29 -04:00
claire bontempo
dfd8852a04
UI/Truncate long secret names (#13032) 
* small bar chart attr fix

* truncates and adds ellipsis of label is long

* adds tooltip for long labels

* updates storybook

* adds changelog

* only calculate overflow if query selectors grab elements

* moves tooltip pointer to left
 2021-11-04 16:57:08 -07:00
claire bontempo
61c41fbc55
UI/Adds pagination to auth methods list (#13054) 
* adds pagination to auth methods list

* adds changelog
 2021-11-04 16:35:20 -07:00
Meggie
ad221a4f2c
Updating website for 1.8.5 (#13059) 2021-11-04 18:14:03 -04:00
castironclay
d9b12933ec
Address algorithm not supported (#12852) 
error seen on host /var/log/auth.log:
  userauth_pubkey: certificate signature algorithm ssh-rsa: signature algorithm not supported [preauth]
 2021-11-04 18:07:46 -04:00
Meggie
cb590a3b27
changelog++ 2021-11-04 17:56:39 -04:00
John-Michael Faircloth
94819efee8
Docs: OIDC flow endpoints (#12942) 
* add docs for OIDC provider and scopes

* fix json formatting

* add oidc docs path to nav data

* create provider with scope

* update client ids description

* update provider and scope docs

* add issuer string additional docs info

* OIDC: docs for oidc flow endpoints

* fix formatting and wording

* improve headings, formatting; fix wording

Co-authored-by: Vinay Gopalan <vinay@hashicorp.com>
 2021-11-04 16:03:56 -05:00
Dominik Roos
1869a6984b
certutil: select appropriate hash algorithm for ECDSA signature (#11216) 
* certutil: select appropriate hash algorithm for ECDSA signature

Select the appropriate signature algorithm for certificates signed
with an ECDSA private key.

The algorithm is selected based on the curve:

- P-256 -> x509.ECDSAWithSHA256
- P-384 -> x509.ECDSAWithSHA384
- P-521 -> x509.ECDSAWithSHA512
- Other -> x509.ECDSAWithSHA256

fixes #11006
 2021-11-04 16:33:01 -04:00
Jordan Reimer
d6f90e2814
PGP key list input fix (#13038) 
* fixes issue with pgp list file input count not matching key shares number

* adds changelog entry
 2021-11-04 14:25:15 -06:00
Angel Garbarino
063d19aa9a
fix and test fix (#13050) 2021-11-04 11:26:29 -06:00
John-Michael Faircloth
7f5d820232
Add changelog for couchbase plugin bug fix (#13033) 
* Add changelog for https://github.com/hashicorp/vault-plugin-database-couchbase/pull/24

* update changelog name

* remove debug line
 2021-11-03 15:39:19 -05:00
Jason O'Donnell
98c18e39fe
secrets/azure: add changelog for rotate-root (#13034) 
* secrets/azure: add changelog for rotate-root

* Rename changelog file

* Use PR number as filename
 2021-11-03 16:38:45 -04:00
Peter Wilson
058fbcc5ef
Update README to remove IRC reference (#13031) 
* Update README to remove IRC reference

The README references IRC (Freenode) as a means of communication regarding the Vault project, but it seems that:

1. Freenode has had its share of issues (https://en.wikipedia.org/wiki/Freenode#Ownership_change_and_conflict)
2. You now need a Freenode account to access their IRC server
3. The channel hasn't been very active (and to the best of my knowledge hasn't been migrated to Libera where a lot of Freenode based projects moved to)

I'd recommend just removing the reference for now, and if things change or another means of collaboration surfaces - adding that later.

* Added changelog file 13031.txt

* Moved required changelog file to the correct folder

* Removed changelog entry based on PR feedback
 2021-11-03 16:01:01 -04:00
Loann Le
195863b26f
added new code samples (#13030) 2021-11-03 10:10:28 -07:00
Meggie
67cd5ff849
1.10.0-dev version bump (#12987) 
* 1.10.0-dev version bump

* Remove hard-coded versions from tests. (#13026)

Co-authored-by: Nick Cabatoff <ncabatoff@hashicorp.com>
 2021-11-03 12:50:12 -04:00
Nick Cabatoff
3236a0e184
Add more detail to recovery mode docs. (#12984) 2021-11-03 10:22:00 -04:00
Nick Cabatoff
5b223f9300
Catch test errors that break go list (#13017) 2021-11-03 09:00:38 -04:00
swayne275
916c2ba4e4
fix 12888 release note format (#13016) 
* fix release note format

* deprecation -> change
 2021-11-02 16:54:46 -06:00
Meggie
648aa6d937
Should use "change" not "changes" (#13020) 2021-11-02 18:36:11 -04:00