Ellie
84c58f66bb
add warning to identify which entities have 1+ aliases with the same mount accessor ( #28054 )
...
* add warning to identity which entities have 1+ aliases with the same mount accessor
* remove redundant log
2024-09-12 14:26:09 -05:00
Rachel Culpepper
978b3aee52
add ce changes and documentation for tidying cmpv2 nonce store ( #28362 )
...
* add ce changes and documentation for tidying cmpv2 nonce store
* add build tag
* fix test failures
* fix backend test
2024-09-12 11:32:51 -05:00
kpcraig
d01db33b33
Update release notes and knowns issues for aws auth external id bug ( #28129 )
...
* add documentation for external_id bug
* Update website/content/docs/release-notes/1.17.0.mdx
Co-authored-by: Ellie <ellie.sterner@hashicorp.com>
* fix partials include
* Update website/content/partials/known-issues/aws-auth-external-id.mdx
Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com>
* Update website/content/partials/known-issues/aws-auth-external-id.mdx
Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com>
---------
Co-authored-by: Ellie <ellie.sterner@hashicorp.com>
Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com>
2024-09-12 10:31:32 -05:00
JMGoldsmith
cc38383732
VAULT-30694 Adding a check for nil values returned by the queue ( #28330 )
...
* adding a check for nil values returned by the queue
* adding changelog
* changing to be more idiomatic
* fixing error message to be a bit more clear
* reverting change to error handling
* Update builtin/logical/aws/path_static_roles.go
Co-authored-by: John-Michael Faircloth <fairclothjm@users.noreply.github.com>
---------
Co-authored-by: John-Michael Faircloth <fairclothjm@users.noreply.github.com>
2024-09-12 17:26:46 +02:00
Scott Miller
f52b984821
Mention the cert forwarding header in cert auth docs ( #28377 )
...
* Mention the cert forwarding header in cert auth docs
* Move to own section and fix link
2024-09-12 09:14:22 -05:00
claire bontempo
49b46ead82
UI: Fix enabling replication capabilities bug ( #28371 )
...
* add capabilities service to replication engine
* fix capabilities paths in route file
* pass updated capabilities using getters
* add changelog
* fix logic so default is based on undefined capabilities (not no mode)
2024-09-12 08:51:11 -05:00
hc-github-team-secure-vault-core
2b4e99fa75
Update vault-plugin-auth-kubernetes to v0.20.0 ( #28289 )
...
* Update vault-plugin-auth-kubernetes to v0.20.0
* Add changelog
---------
Co-authored-by: hc-github-team-secure-vault-ecosystem <hc-github-team-secure-vault-ecosystem@users.noreply.github.com>
2024-09-11 20:19:28 +00:00
hc-github-team-secure-vault-core
28d69301ca
Update vault-plugin-secrets-gcpkms to v0.19.0 ( #28360 )
...
* Update vault-plugin-secrets-gcpkms to v0.19.0
* Add changelog
---------
Co-authored-by: hc-github-team-secure-vault-ecosystem <hc-github-team-secure-vault-ecosystem@users.noreply.github.com>
2024-09-11 12:52:22 -07:00
Hamza Shili
9b99ac166b
Update vault-plugin-auth-gcp to v0.19.0 ( #28366 )
...
* Update vault-plugin-auth-gcp to v0.19.0
* Add changelog
2024-09-11 19:09:50 +00:00
Luis (LT) Carbonell
146ad63256
Add build for FIPS ARM Docker images ( #28310 )
...
* Add build for FIPS ARM Docker images
* arm64 build
2024-09-11 15:07:34 -04:00
Chelsea Shaw
c68cdaef10
UI: Show filters and hide mount attribution when child clients only ( #28357 )
2024-09-11 18:56:07 +00:00
hc-github-team-secure-vault-core
2b8d079754
Update vault-plugin-secrets-ad to v0.19.0 ( #28361 )
...
---------
Co-authored-by: hc-github-team-secure-vault-ecosystem <hc-github-team-secure-vault-ecosystem@users.noreply.github.com>
2024-09-11 14:11:26 -04:00
Angel Garbarino
10cbd8871e
change the error ( #28358 )
2024-09-11 12:54:05 -05:00
hc-github-team-secure-vault-core
2e4c6ed1ee
Update vault-plugin-secrets-mongodbatlas to v0.13.0 ( #28348 )
...
* Update vault-plugin-secrets-mongodbatlas to v0.13.0
* Add changelog
---------
Co-authored-by: hc-github-team-secure-vault-ecosystem <hc-github-team-secure-vault-ecosystem@users.noreply.github.com>
2024-09-11 12:36:37 -05:00
Scott Miller
cda20e39b1
Ferry ocsp_ca_certificates over the OCSP ValidationConf ( #28309 )
...
* Ferry ocsp_ca_certificates over the OCSP ValidationConf
* changelog
* First check issuer, then check extraCAS
* Use the correct cert when the signature validation from issuer succeeds
* Validate via extraCas in the cert missing case as well
* dedupe logic
* remove CA test
2024-09-11 09:57:27 -05:00
Chelsea Shaw
daab76c6e6
fix chroot nav tests ( #28353 )
2024-09-11 09:49:04 -05:00
Chelsea Shaw
e1c56a300f
UI: reorg replication ( #28332 )
...
* Add replication-overview-mode component + tests
* Move both primary view higher to template
* simplify replication-summary component
* remove replication-mode-summary
* Add jsdocs to replication-overview-mode
* fix overview-mode test
* fix page/mode-index test
* copyright
* address PR comments
* note to devs
2024-09-11 09:19:33 -05:00
Chelsea Shaw
abdeda43ca
UI: hide client count nav link when chrooted listener ( #28346 )
2024-09-11 08:29:33 -05:00
Chelsea Shaw
855743fef0
UI: Fix sanitization and add tests ( #28347 )
2024-09-11 08:29:19 -05:00
hc-github-team-secure-vault-core
ef43f03f4d
Update vault-plugin-auth-jwt to v0.22.0 ( #28349 )
...
* Update vault-plugin-auth-jwt to v0.22.0
* Add changelog
---------
Co-authored-by: hc-github-team-secure-vault-ecosystem <hc-github-team-secure-vault-ecosystem@users.noreply.github.com>
2024-09-11 00:07:53 -05:00
Steven Clark
4a1cddf2d5
Update the backport assistant release versions adding 1.18.x ( #28344 )
2024-09-10 20:44:17 +00:00
Steven Clark
10df48b3e1
Remove beta tags from CMPv2 docs ( #28339 )
2024-09-10 16:18:38 -04:00
Victor Rodriguez
062f1dd35d
Set version for the release branch to 1.19.0-beta1. ( #28343 )
2024-09-10 19:55:31 +00:00
Victor Rodriguez
28ca1ef7e1
Update API to v0.15.0 and SKD to v0.14.0. ( #28340 )
2024-09-10 18:50:48 +00:00
Victor Rodriguez
ab8bc34c53
update vault auth submodules to api/v1.15.0 ( #28338 )
2024-09-10 18:03:47 +00:00
Scott Miller
6fe1b88401
Remove the BETA badge from EST in documentation ( #28265 )
...
* Remove the BETA badge from EST
* Add ent badge
2024-09-10 17:35:13 +00:00
Victor Rodriguez
7c0fb830b2
Update Go to 1.22.7. ( #28335 )
2024-09-10 16:59:08 +00:00
hc-github-team-secure-vault-core
45acb819e4
Update vault-plugin-secrets-kv to v0.20.0 ( #28334 )
...
* Update vault-plugin-secrets-kv to v0.20.0
* Add changelog
---------
Co-authored-by: hc-github-team-secure-vault-ecosystem <hc-github-team-secure-vault-ecosystem@users.noreply.github.com>
2024-09-10 09:32:28 -07:00
divyaac
582035e162
Added storage limits ( #28270 )
2024-09-10 08:46:15 -07:00
Ryan Cragun
392412829b
[VAULT-30189] enos: verify identity and OIDC tokens ( #28274 )
...
* [VAULT-30189] enos: verify identity and OIDC tokens
Expand our baseline API and data verification by including the identity
and identity OIDC tokens secrets engines. We now create a test entity,
entity-alias, identity group, various policies, and associate them with
the entity. For the OIDC side, we now configure the OIDC issuer, create
and rotate named keys, create and associate roles with the named key,
and issue and introspect tokens.
During a second phase we also verify that the those some entities,
groups, keys, roles, config, etc all exist with the expected values.
This is useful to test durability after upgrades, migrations, etc.
This change also includes new updates our prior `auth/userpass` and `kv`
verification. We had two modules that were loosely coupled and
interdependent. This restructures those both into a singular module with
child modules and fixes the assumed values by requiring the read module
to verify against the created state.
Going forward we can continue to extend this secrets engine verification
module with additional create and read checks for new secrets engines.
Signed-off-by: Ryan Cragun <me@ryan.ec>
2024-09-09 14:29:11 -06:00
hc-github-team-secure-vault-core
149c78f705
Update vault-plugin-database-couchbase to v0.12.0 ( #28327 )
...
* Update vault-plugin-database-couchbase to v0.12.0
* Add changelog
---------
Co-authored-by: hc-github-team-secure-vault-ecosystem <hc-github-team-secure-vault-ecosystem@users.noreply.github.com>
2024-09-09 19:56:01 +00:00
Ryan Cragun
0764d7d177
enos: poweroff and terminate instances when shutting them down ( #28316 )
...
Previously our `shutdown_nodes` modules would halt the machine. While
this is useful for simulating a failure it makes cleaning up the halted
machines very slow in AWS.
Instead, we now poweroff the machines and utilize EC2's instance
poweroff handling to immediately terminate the instances.
I've test both scenarios locally utilizing the change and both still
work as expected. I also timed before and after and this change saves 5
MINUTES in total runtime (~40%) for the PR replication scenario. I assume
it yields similar results for autopilot.
Signed-off-by: Ryan Cragun <me@ryan.ec>
2024-09-09 13:22:41 -06:00
hc-github-team-secure-vault-core
899c18be81
Update vault-plugin-secrets-openldap to v0.14.0 ( #28325 )
...
* Update vault-plugin-secrets-openldap to v0.14.0
* Add changelog
---------
Co-authored-by: hc-github-team-secure-vault-ecosystem <hc-github-team-secure-vault-ecosystem@users.noreply.github.com>
2024-09-09 12:17:28 -07:00
hc-github-team-secure-vault-core
d61510329e
Update vault-plugin-secrets-gcp to v0.20.0 ( #28324 )
...
Co-authored-by: hc-github-team-secure-vault-ecosystem <hc-github-team-secure-vault-ecosystem@users.noreply.github.com>
2024-09-09 17:47:55 +00:00
John-Michael Faircloth
f7701e1d8c
docs: add postgres TLS docs ( #28302 )
...
* docs: add postgres TLS docs
* fix link formatting
2024-09-09 12:34:16 -05:00
Brian Howe
59342940fd
lock public JWKS generation and re-check cache ( #27929 )
...
---------
Co-authored-by: kpcraig <3031348+kpcraig@users.noreply.github.com>
2024-09-09 09:36:38 -07:00
Jonathan Herlin
cbbe573916
Fix repeating word ( #28304 )
2024-09-09 09:20:37 -04:00
Ryan Cragun
c9340dc7d5
VAULT-30640: support running test-go in parallel on multiple branches ( #28296 )
...
In order for our enterprise nightlies to run the same test-go job but
across a matrix of different base references we need to consider the
checkout ref in our failure and summary uploads in order to prevent
an upload race.
We also configure Git with our token before setting up Go so that
enterprise CI workflows can execute without downloading a module cache.
Signed-off-by: Ryan Cragun <me@ryan.ec>
2024-09-06 15:14:55 -06:00
Chelsea Shaw
963a12211a
UI: only render date range reset button in enterprise ( #28315 )
2024-09-06 15:06:12 -05:00
Chelsea Shaw
f434693aa1
UI: show monthly new chart based on any data not average ( #28313 )
2024-09-06 19:05:08 +00:00
Chelsea Shaw
dcdbacd281
UI: Fix no data read within namespaces ( #28311 )
...
* Add test for capabilities within namespace
* update capabilities fetchMultiplePaths so that the resulting records have the non-prefixed path as ID
2024-09-06 13:44:09 -05:00
hc-github-team-secure-vault-core
da4152eee9
Update vault-plugin-secrets-terraform to v0.10.0 ( #28312 )
...
* Update vault-plugin-secrets-terraform to v0.10.0
* Add changelog
---------
Co-authored-by: hc-github-team-secure-vault-ecosystem <hc-github-team-secure-vault-ecosystem@users.noreply.github.com>
2024-09-06 11:27:58 -07:00
Chelsea Shaw
6c270af47b
UI Remove obscured json ( #28261 )
2024-09-06 18:13:59 +00:00
hc-github-team-secure-vault-core
a3b354a180
Update vault-plugin-auth-oci to v0.17.0 ( #28307 )
...
* Update vault-plugin-auth-oci to v0.17.0
* Add changelog
---------
Co-authored-by: hc-github-team-secure-vault-ecosystem <hc-github-team-secure-vault-ecosystem@users.noreply.github.com>
2024-09-06 15:08:54 +00:00
Steven Clark
829d4f1ce3
Fix some broken links on the PKI EST docs page ( #28303 )
2024-09-06 08:58:39 -04:00
JMGoldsmith
eb1a4c2387
updating the release notes with the known issue for hmac audit values ( #28285 )
2024-09-06 14:29:40 +02:00
claire bontempo
73fbdb4565
UI: Hide patch for deleted or destroyed secrets ( #28301 )
...
* hide patch action for deleted or destroyed versions
* update jsdoc
* add conditional chaining for CE versions that dont have subkeys
* stub version for CE tests
* add comments
* Update ui/lib/kv/addon/routes/secret.js
2024-09-05 15:52:38 -07:00
Luis (LT) Carbonell
cdf3da4066
Add DR failover scenario to Enos ( #28256 )
...
* Add DR failover scenario to Enos
* Update enos/enos-scenario-dr-replication.hcl
Co-authored-by: Ryan Cragun <me@ryan.ec>
* Update enos/enos-qualities.hcl
Co-authored-by: Ryan Cragun <me@ryan.ec>
* Update enos/enos-scenario-dr-replication.hcl
Co-authored-by: Ryan Cragun <me@ryan.ec>
* Update enos/enos-scenario-dr-replication.hcl
Co-authored-by: Ryan Cragun <me@ryan.ec>
* Update enos/enos-qualities.hcl
Co-authored-by: Ryan Cragun <me@ryan.ec>
* Update enos/enos-scenario-dr-replication.hcl
Co-authored-by: Ryan Cragun <me@ryan.ec>
* Update enos/enos-scenario-dr-replication.hcl
Co-authored-by: Ryan Cragun <me@ryan.ec>
* Update enos/enos-scenario-dr-replication.hcl
Co-authored-by: Ryan Cragun <me@ryan.ec>
* Update enos/enos-scenario-pr-replication.hcl
Co-authored-by: Ryan Cragun <me@ryan.ec>
* remove superuser
* Update enos/enos-scenario-dr-replication.hcl
Co-authored-by: Ryan Cragun <me@ryan.ec>
* Update enos/enos-scenario-dr-replication.hcl
Co-authored-by: Ryan Cragun <me@ryan.ec>
* Update enos/enos-scenario-dr-replication.hcl
Co-authored-by: Ryan Cragun <me@ryan.ec>
* Update enos/enos-scenario-dr-replication.hcl
Co-authored-by: Ryan Cragun <me@ryan.ec>
* Update enos/enos-scenario-dr-replication.hcl
Co-authored-by: Ryan Cragun <me@ryan.ec>
---------
Co-authored-by: Ryan Cragun <me@ryan.ec>
2024-09-05 21:33:53 +00:00
Robert
3bda80649f
Add docs for github sync environment secrets ( #28175 )
...
---------
Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com>
2024-09-05 16:11:01 -05:00
John-Michael Faircloth
b682a79551
actions: support ent plugins in plugin update workflow ( #28295 )
2024-09-05 15:53:08 -05:00
