* Support trimming trailing slashes via a mount tuneable to support CMPv2
* changelog/
* Perform trimming in handleLoginRequest too
* Eagerly fetch the mount entry so we only test this once
* Add a mount match function that gets path and entry
* Update vault/request_handling.go
Co-authored-by: Steven Clark <steven.clark@hashicorp.com>
* more docs
* Some patches (from ENT) didnt apply
* patch fail
* Update vault/router.go
Co-authored-by: Steven Clark <steven.clark@hashicorp.com>
* PR feedback
* dupe
* another dupe
* Add support for enabling trim_request_trailing_slashes on mount creation
* Fix read mount api returning configuration for trim_request_trailing_slashes
* Fix test assertion
* Switch enable and tune arguments to BoolPtrVal to allow end-users to specify false flag
* Add trim-request-trailing-slashes to the auth enable API and CLI
---------
Co-authored-by: Steven Clark <steven.clark@hashicorp.com>
* wip
* Unit test the CRL limit, wire up config
* Bigger error
* API docs
* wording
* max_crl_entries, + ignore 0 or < -1 values to the config endpoint
* changelog
* rename field in docs
* Update website/content/api-docs/secret/pki/index.mdx
Co-authored-by: Steven Clark <steven.clark@hashicorp.com>
* Update website/content/api-docs/secret/pki/index.mdx
Co-authored-by: Steven Clark <steven.clark@hashicorp.com>
---------
Co-authored-by: Steven Clark <steven.clark@hashicorp.com>
* Add field to API docs, add small section to overview
* Update examples, wording
* Update github API docs
* Apply suggestions from code review
Co-authored-by: John-Michael Faircloth <fairclothjm@users.noreply.github.com>
* Update wording
* Be a little more specific on repository owner
* Put BETA tag on each org field, put visibility explanation in paragraph
* Add org secrets limitation
* Add sys/activation-flags page
* Update Vercel granularity note
* Apply suggestions from code review
Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com>
* Update website/content/docs/sync/vercelproject.mdx
Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com>
* Apply suggestions from code review
Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com>
* Small rewording, remove optional tags with defaults
---------
Co-authored-by: John-Michael Faircloth <fairclothjm@users.noreply.github.com>
Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com>
* [transit-pkcs1v15] transit support for the pkcs1v15 padding scheme – without UI tests (yet).
* [transit-pkcs1v15] renamed padding_scheme parameter in transit documentation.
* [transit-pkcs1v15] add changelog file.
* [transit-pkcs1v15] remove the algorithm path as padding_scheme is chosen by parameter.
* Update ui/app/templates/components/transit-key-action/datakey.hbs
Co-authored-by: claire bontempo <68122737+hellobontempo@users.noreply.github.com>
* Update ui/app/templates/components/transit-key-action/datakey.hbs
Co-authored-by: claire bontempo <68122737+hellobontempo@users.noreply.github.com>
* Update ui/app/templates/components/transit-key-action/datakey.hbs
Co-authored-by: claire bontempo <68122737+hellobontempo@users.noreply.github.com>
* Update website/content/api-docs/secret/transit.mdx
Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com>
* Update website/content/api-docs/secret/transit.mdx
Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com>
* Update website/content/api-docs/secret/transit.mdx
Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com>
* Add warnings to PKCS1v1.5 usage
* Update transit
* Update transit, including separating encrypt/decrypt paddings for rewrap
* Clean up factory use in the presence of padding
* address review feedback
* remove defaults
* lint
* more lint
* Some fixes for UI issues
- Fix padding scheme dropdown console error by adding values
to the transit-key-actions.hbs
- Populate both padding scheme drop down menus within rewrap,
not just the one padding_scheme
- Do not submit a padding_scheme value through POST for non-rsa keys
* Fix Transit rewrap API to use decrypt_padding_scheme, encrypt_padding_scheme
- Map the appropriate API fields for the RSA padding scheme to the
batch items within the rewrap API
- Add the ability to create RSA keys within the encrypt API endpoint
- Add test case for rewrap api that leverages the padding_scheme fields
* Fix code linting issues
* simply padding scheme enum
* Apply suggestions from code review
Co-authored-by: claire bontempo <68122737+hellobontempo@users.noreply.github.com>
* Fix padding_scheme processing on data key api
- The data key api was using the incorrect parameter name for
the padding scheme
- Enforce that padding_scheme is only used on RSA keys, we
are punting on supporting it for managed keys at the moment.
* Add tests for parsePaddingSchemeArg
* Add missing copywrite headers
* Some small UI fixes
* Add missing param to datakey in api-docs
* Do not send padding_scheme for non-RSA key types within UI
* add UI tests for transit key actions form
---------
Co-authored-by: Marcel Lanz <marcellanz@n-1.ch>
Co-authored-by: claire bontempo <68122737+hellobontempo@users.noreply.github.com>
Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com>
Co-authored-by: Steve Clark <steven.clark@hashicorp.com>
Co-authored-by: claire bontempo <cbontempo@hashicorp.com>
* Add release notes for 1.18
* Make corrections per feedback
* Update website/content/docs/release-notes/1.18.0.mdx
Co-authored-by: Jonathan Frappier <92055993+jonathanfrappier@users.noreply.github.com>
---------
Co-authored-by: Jonathan Frappier <92055993+jonathanfrappier@users.noreply.github.com>
* Update azure.mdx
Update Azure secrets engine docs to use AZURE_SDK_GO_LOGGING for Azure debug
* Update azure.mdx
Update Azure Auth engine docs to use AZURE_SDK_GO_LOGGING for Azure debug
* Add a missing parameter
* Update website/content/docs/configuration/replication.mdx
Co-authored-by: Nick Cabatoff <ncabatoff@hashicorp.com>
* Fix the cross referencing link
---------
Co-authored-by: Nick Cabatoff <ncabatoff@hashicorp.com>
* include user-agent header in audit by default
* add user-agent audit tests
* update audit default headers docs
* add changelog entry
* remove temp changes from TestAuditedHeadersConfig_ApplyConfig
* more TestAuditedHeadersConfig_ApplyConfig fixes
* add some test comments
* verify type assertions in TestAudit_Headers
* more type assertion checks
* Track the last PKI auto-tidy time ran for use across nodes
- If the interval time for auto-tidy is longer then say a regularly
scheduled restart of Vault, auto-tidy is never run. This is due to
the time of the last run of tidy is only kept in memory and
initialized on startup to the current time
- Store the last run of any tidy, to maintain previous behavior, to
a cluster local file, which is read in/initialized upon a mount
initialization.
* Add auto-tidy configuration fields for backing off at startup
* Add new auto-tidy fields to UI
* Update api docs for auto-tidy
* Add cl
* Update field description text
* Apply Claire's suggestions from code review
Co-authored-by: claire bontempo <68122737+hellobontempo@users.noreply.github.com>
* Implementing PR feedback from the UI team
* remove explicit defaults and types so we retrieve from backend, decouple enabling auto tidy from duration, move params to auto settings section
---------
Co-authored-by: claire bontempo <68122737+hellobontempo@users.noreply.github.com>
Co-authored-by: claire bontempo <cbontempo@hashicorp.com>
* Update libraries.mdx section for VaultSharp
Added more info on VaultSharp for latest .NET version support and comprehensiveness of auth and secret backends supported
* Update website/content/api-docs/libraries.mdx
Co-authored-by: Violet Hynes <violet.hynes@hashicorp.com>
---------
Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com>
Co-authored-by: Violet Hynes <violet.hynes@hashicorp.com>
* Make reception of an empty valid principals configurable based on a role flag.
Adds allow_empty_principals, which if true allows valid_principals on credential generation calls
to be empty.
* changelog
* Allow empty principals on unrelated unit test
* whitespace
Add "@include 'alerts/enterprise-only.mdx'" since namespace is an enterprise feature
Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com>
