* Add getRelativePath helper and use to calculate relativeNamespace
* Always request capabilities-self on users root ns and prefix body with relative path
* Update capabilities adapter with test
* add changelog
* Simplify getRelativePath logic
* test update
* Handle expired OCSP responses from server
- If a server replied with what we considered an expired OCSP response (nextUpdate is now or in the past), and it was our only response we would panic due to missing error handling logic.
* Add cl
Adding overview docs for using GKE workload identity with Vault
Secrets Operator under Secret Sources/Vault/Auth Methods/. Updates the
Vault Auth method section in the Vault/Auth Methods overview page with
links to the VSO API sections for the other supported auth methods
(until they have their own pages).
---------
Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com>
* Use seal wrappers rather than config to determine autoSeal barrier type.
A seal's Access object contains all seal configuration, which in the case of
seal migration includes the "unwrap seal" as well as the barrier seal. Thus, to
determine whether an autoSeal is of a specific type such as 'Transit' or whether
it is a 'Multiseal', use the wrappers of the seal's Access.
* Fix seal type reported by /sys/seal-status.
Fix an error that resulted in the wrong seal type being reported while Vault is
in seal migration mode.
* Re-implementation of API redirects with more deterministic matching
* add missing file
* Handle query params properly
* licensing
* Add single src deregister
* Implement specifically RFC 5785 (.well-known) redirects.
Also implement a unit test for HA setups, making sure the standby node redirects to the active (as usual), and that then the active redirects the .well-known request to a backend, and that that is subsequently satisfied.
* Remove test code
* Rename well known redirect logic
* comments/cleanup
* PR feedback
* Remove wip typo
* Update http/handler.go
Co-authored-by: Steven Clark <steven.clark@hashicorp.com>
* Fix registrations with trailing slashes
---------
Co-authored-by: Steven Clark <steven.clark@hashicorp.com>
* allow to skip TLS check in acme http-01 challenge
* remove configurable logic, just ignore TLS
* add changelog
* Add test case
---------
Co-authored-by: Steve Clark <steven.clark@hashicorp.com>
* VAULT-19239 create disable static secret caching config
* VAULT-19239 missed file
* VAULT-19239 didn't finish a log line
* VAULT-19239 adjust test to use new option
* Fix typo
Co-authored-by: Kuba Wieczorek <kuba.wieczorek@hashicorp.com>
---------
Co-authored-by: Kuba Wieczorek <kuba.wieczorek@hashicorp.com>
* adds pre-commit function for adding copyright headers for files in ui directory
* removes additional log level change
* fixes issue looping staged files
* adds comment
* updates to stage changes after adding headers rather than blocking commit
* cleanup comments and unused code from ui_copywrite bash function
* move list to component
* use helper instead
* add changelog
* clarify changelog copy
* delete components now that helper is in use
* move helper to util, remove template helper invokation
* add optional sorting to lazyPaginatedQuery based on sortBy query attribute
* Add serialization to entity-alias and entity so that they can be sorted by name on list view
* Same logic as base normalizeItems for extractLazyPaginatedData so that metadata shows on list
* Add headers
---------
Co-authored-by: Chelsea Shaw <cshaw@hashicorp.com>
Co-authored-by: Chelsea Shaw <82459713+hashishaw@users.noreply.github.com>
* Address a panic export RSA public keys in transit
- When attempting to export the public key for an RSA key that
we only have a private key for, the export panics with a nil
deference.
- Add additional tests around Transit key exporting
* Add cl
Do not blindly store computed seal configuration information during unsealing. Instead, read any
configuration already stored and determine whether the computed configuration during startup is
newer (has a newer generation number), whether the in-memory re-wrapped status needs to be
updated (if the generation numbers match), or whether the in-memory seal configuration is
outdated (the stored seal generation is newer).
* remove partial references from release-notes that link to upgrade guides, and change link in partial to anchor
* Clarify leak is memory consumption
There is no leak of information.
* update references in table
* update table to include range for affected versions
---------
Co-authored-by: Meggie Ladlow <meggie@hashicorp.com>
