* Split the Key_Usage Field into separate fields - one for the Cert
Endpoints (Sign-intermediate/Generate Root) the other for the CSR
Endpoint (intermediate generate). These have different defaults,
and descriptions.
* Fix schema test.
* Update libraries.mdx section for VaultSharp
Added more info on VaultSharp for latest .NET version support and comprehensiveness of auth and secret backends supported
* Update website/content/api-docs/libraries.mdx
Co-authored-by: Violet Hynes <violet.hynes@hashicorp.com>
---------
Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com>
Co-authored-by: Violet Hynes <violet.hynes@hashicorp.com>
* VAULT-30819: verify DR secondary leader before unsealing followers
After we've enabled DR replication on the secondary leader the existing
cluster followers will be resealed with the primary clusters encryption
keys. We have to unseal the followers to make them available. To ensure
that we absolutely take every precaution before attempting to unseal the
followers we now verify that the secondary leader is the cluster leader,
has a valid merkle tree, and is streaming wals from the primary cluster
before we attempt to unseal the secondary followers.
Signed-off-by: Ryan Cragun <me@ryan.ec>
* Make reception of an empty valid principals configurable based on a role flag.
Adds allow_empty_principals, which if true allows valid_principals on credential generation calls
to be empty.
* changelog
* Allow empty principals on unrelated unit test
* whitespace
* Add a core test logger to help capture the MSSQL container output
- I believe the if t.Failed prevents the logging of the container
logging as when executed the test isn't considered failed yet.
- Use a test core logger so that we can capture the container output
all the time and get it from the captured log files when the test
fails
* bump image tag to 2022-latest
---------
Co-authored-by: JM Faircloth <jmfaircloth@hashicorp.com>
Go module tooling mandates that each sub-module contains its own LICENSE file.
If absent, it defaults to the LICENSE file in the root of the git repository.
This resulted in the api/auth/* modules erroneously inheriting the BUSL
license instead of the correct MPL license, as indicated by the SPDX info in
the actual API code.
This update ensures that module documentation is displayed correctly on
pkg.go.dev and resolves issues with various tools showing incorrect license
information for the sub-modules.
Signed-off-by: Tero Saarni <tero.saarni@est.tech>
- Get better test failure error messages by not shadowing the errors
when we are attempting to start the MSSQL docker container, so
we can fail the tests with the proper error message that is occuring
instead of mssqlhelper.go:60: Could not start docker MSSQL: %!s(<nil>)
* update kmip/role model and adapter
* New KMIP role form component
* cleanup on kmip role adapter/model
* fix role details view
* update tests to check for kmip role form and details validity
* cleanup
* Add kmip-role-fields test
* add headers, remove old component
* Address PR comments
Add "@include 'alerts/enterprise-only.mdx'" since namespace is an enterprise feature
Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com>
Ensure that both clusters have completed their seal rewrap before
enabling DR on the secondary. We don't want the secondary to come back
up in an in-between state.
Signed-off-by: Ryan Cragun <me@ryan.ec>
* add end-to-end test for audit HMACing
* fix some comments
* add clarification for entry count assertion
* more comment clarity
* use const for hmac prefix
* add check for disabling audit device
Fix two occasional flakes in the DR replication scenario:
* Always verify that all nodes in the cluster are unsealed before
verifying test data. Previously we only verified seal status on
followers.
* Fix an occasional timeout when waiting for the cluster to unseal by
rewriting the module to retry for a set duration instead of
exponential backoff.
Signed-off-by: Ryan Cragun <me@ryan.ec>
* adding a check for nil values returned by the queue
* adding changelog
* changing to be more idiomatic
* fixing error message to be a bit more clear
* reverting change to error handling
* Update builtin/logical/aws/path_static_roles.go
Co-authored-by: John-Michael Faircloth <fairclothjm@users.noreply.github.com>
---------
Co-authored-by: John-Michael Faircloth <fairclothjm@users.noreply.github.com>
