Fast forward until the license change #1
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
* updates to plugin update check * use script to make curl request easier
* plugin automation: fix branch name * fix input name
* println debugging * add more print debugs
* plugin automation: fix create pr * get vault pr num
…18571) * Fix `vault path-help` for selected paths with bad regexps See the comment being added in `sdk/framework/path.go` for the explanation of why this change is needed. * Grammar fix and add changelog * Also fix hardcoded expectations in a new test * Add a couple more testcases, and some comments. * Tweak spelling in comment
* Add separate Slack notification steps for run, run_retry, and destroy steps
* Convert documentation titles to sentense case * Docker, Google, Foundry, Cloud proper case
The operation ID for `GET auth/token/lookup` has been overridden in a way which *implies* it can only perform lookup-self operations. This is not true, as shown: 1) Here is my current token: ``` $ vault read -field=display_name auth/token/lookup userpass-admin ``` 2) I create a second token, with a different display name to distinguish it: ``` $ othertoken=$(vault token create -field=token -display-name=testing123) ``` 3) I use this operation, still authenticated with the first token, to lookup the second token, proving it does not have lookup-self nature: ``` $ vault read -field=display_name auth/token/lookup token=$othertoken token-testing123 ``` I have set the new operation ID suffix to `"2"` adhering to current conventions in `vault-client-go` and `vault-client-dotnet` for secondary versions of APIs which should be excluded from the generated library code.
…orp#21567) * include log related settings in SharedConfig.Sanitize() * add optional log config to sanitized config when not default * tests
Updates the transitive dependency github.com/cloudflare/circl which will help address scanning noise related to CVE-2023-1732. Vault is not affected by this issue as it does not use the vulnerable functionality.
* hides enterprise related nav links when in child namespace * adds changelog entry
* VAULT-17590 Add failure notifications for OSS builds * VAULT-17590 Incur build failure for testing purposes * VAULT-17590 head_ref for testing * VAULT-17590 rework to rely on completed status checks * VAULT-17590 Use slackapi/slack-github-action * VAULT-17590 Remember dollar sign * VAULT-17590 finalize PR * VAULT-17590 add extra empty line * Update .github/workflows/build.yml Co-authored-by: Kuba Wieczorek <[email protected]> * Update .github/workflows/ci.yml Co-authored-by: Kuba Wieczorek <[email protected]> --------- Co-authored-by: Kuba Wieczorek <[email protected]>
* adds height to brand-icon-large class to fix display issue in Safari * adds changelog entry
* wip * add outlet and sidebar nav link * add changelog * fix tests * address pr comment
- The ACME tests were using ttl_duration and max_ttl_duration instead of ttl and max_ttl as input parameters to roles. - Add missing copyright headers
Improve our build workflow execution time by using custom runners, improved caching and conditional Web UI builds. Runners ------- We improve our build times[0] by using larger custom runners[1] when building the UI and Vault. Caching ------- We improve Vault caching by keeping a cache for each build job. This strategy has the following properties which should result in faster build times when `go.sum` hasn't been changed from prior builds, or when a pull request is retried or updated after a prior successful build: * Builds will restore cached Go modules and Go build cache according to the Go version, platform, architecture, go tags, and hash of `go.sum` that relates to each individual build workflow. This reduces the amount of time it will take to download the cache on hits and upload the cache on misses. * Parallel build workflows won't clobber each others build cache. This results in much faster compile times after cache hits because the Go compiler can reuse the platform, architecture, and tag specific build cache that it created on prior runs. * Older modules and build cache will not be uploaded when creating a new cache. This should result in lean cache sizes on an ongoing basis. * On cache misses we will have to upload our compressed module and build cache. This will slightly extend the build time for pull requests that modify `go.sum`. Web UI ------ We no longer build the web UI in every build workflow. Instead we separate the UI building into its own workflow and cache the resulting assets. The same UI assets are restored from cache during build worklows. This strategy has the following properties: * If the `ui` directory has not changed from prior builds we'll restore `http/web_ui` from cache and skip building the UI for no reason. * We continue to use the built-in `yarn` caching functionality in `action/setup-node`. The default mode saves the `yarn` global cache. to improve UI build times if the cache has not been modified. Changes ------- * Add per platform/archicture Go module and build caching * Move UI building into a separate job and cache the result * Restore UI cache during build * Pin workflows Notes ----- [0] https://hashicorp.atlassian.net/browse/QT-578 [1] https://github.com/hashicorp/vault/actions/runs/5415830307/jobs/9844829929 Signed-off-by: Ryan Cragun <[email protected]>
1) Reduce sleep time - in my experience, 1 second is plenty for a dev Vault to start up its HTTP listener - having the user wait for 5 seconds seems excessive. 2) Comment reason for both sleeps. 3) Remove line of code that is obsolete, now the Enterprise transition from stored to autoloaded licenses has completed.
* quick fix for using api keyword in the console * add back space
* observability/event package, and basic error * sink types (and validation test) * event types (and validation test) * options for events (and tests) * audit event type (and tests)
* Add 502 to Vault uninitialized * Update index.mdx * Update index.mdx --------- Co-authored-by: Violet Hynes <[email protected]>
- Allow us to call and apply an issuer's leaf_not_after_behavior to a leaf certificate from various locations.
Fix article usage Co-authored-by: Violet Hynes <[email protected]>
* options => opts * Standardise receiver letter, specify interface
* Ignore errors from rollback manager invocations During reload and mount move operations, we want to ensure that errors created by the final Rollback are not fatal (which risk failing replication in Enterprise when the core/mounts table gets invalidated). This mirrors the behavior of the periodic rollback manager, which only logs the error. This updates the noop backend to allow failing just rollback operations, which we can use in tests to verify this behavior and ensure the core operations (plugin reload, plugin move, and seal/unseal) are not broken by this. Note that most of these operations were asynchronous from the client's PoV and thus did not fail anyways prior to this change. Signed-off-by: Alexander Scheel <[email protected]> * Add changelog entry Signed-off-by: Alexander Scheel <[email protected]> * Update vault/external_tests/router/router_ext_test.go Co-authored-by: Nick Cabatoff <[email protected]> --------- Signed-off-by: Alexander Scheel <[email protected]> Co-authored-by: Nick Cabatoff <[email protected]>
* Automatically track subloggers in allLoggers This PR introduces a new interface called `SubloggerAdder` for tracking allLoggers across startup phases. The interface enables us to register a single `SubloggerHook` during initial logger creation and hand off management of `allLoggers` during the three phases we need to handle: - Before `CoreConfig` is created, the `SubloggerHook` (`AppendToAllLoggers`) appends new subloggers to `ServerCommand.allLoggers`. - After `CoreConfig` is created and before `NewCore` returns, new subloggers are added to `CoreConfig.AllLoggers`. Intermediate state must also be kept in sync within NewCore to track new subloggers before we return to the server command and register the `Core.SubloggerAdder` implementation. - After `NewCore` returns to the server command, we register Core as the implementer of `ServerCommand.SubloggerAdder` ensuring that all new subloggers are appended to `Core.allLoggers`. * Wire up the sublogger hook in NewTestLogger
* chore: avoid unnecessary conversion calls * add changelog entry --------- Co-authored-by: Violet Hynes <[email protected]>
…2234) * add hashfunc field to EntryFormatter struct and adjust NewEntryFormatter function and tests * add HeaderAdjuster interface and require it in EntryFormatter * adjust all references to NewEntryFormatter to include a HeaderAdjuster parameter * replace use of hash function in AuditedHeadersConfig's ApplyConfig method with Salter interface instance * export audit.NewEvent function and adjust function signature * add eventlogger based handling in LogRequest * adjust eventlogger.Broker according to number of backends * record auditing metrics * only send events if a pipeline is registered * remove TODO comments * remove unused struct and method * move setup of audited headers earlier into Core's initialization * adjust entry_formatter to properly handle request headers * protect against potential segmentation fault * moved common code out of both switch cases * protect against case where a.Data.Request or a.Data.Request.Headers is nil --------- Co-authored-by: Peter Wilson <[email protected]>
…2253) * secrets/db: improves error logs for static role rotation * use logger.With to add incremental context * adds changelog
Signed-off-by: Alexander Scheel <[email protected]>
* Clarify wording, add missing expiration fields Signed-off-by: Alexander Scheel <[email protected]> * Add API docs on CIEPS configuration Signed-off-by: Alexander Scheel <[email protected]> * Fix ToC, headers to include EnterpriseAlert Signed-off-by: Alexander Scheel <[email protected]> * Update website/content/api-docs/secret/pki.mdx Co-authored-by: Steven Clark <[email protected]> * Update website/content/api-docs/secret/pki.mdx Co-authored-by: Steven Clark <[email protected]> --------- Signed-off-by: Alexander Scheel <[email protected]> Co-authored-by: Steven Clark <[email protected]>
* clarify when a entity is created * Create 22233.txt --------- Co-authored-by: Violet Hynes <[email protected]>
Co-authored-by: Violet Hynes <[email protected]>
* manually crank the nodes to log a test message (if we have them configured) * try to extract the duplicated manual processing of nodes
Co-authored-by: Violet Hynes <[email protected]>
…ne (hashicorp#22266) * add sink wrapper to take telemetry measures * make use of sinkwrapper
* Refactor sign-intermediate API response - Allow the sign-intermediate response handling code to be shared across different API calls. * Add missing cieps.go
…d Proxy) (hashicorp#22264) * VAULT-14644 first draft of changes for WIF support * VAULT-14644 Potentially finalize Agent work for WIF support * VAULT-14644 finishing touches * VAULT-14644 finishing touches * VAULT-14644 remove extra log * VAULT-14644 better docs * VAULT-14644 changelog * VAULT-14644 review feedback
Update includes dependency upgrades and WIF support --------- Co-authored-by: hc-github-team-secure-vault-ecosystem <[email protected]>
* Add ADP requirement callout Add a callout to the top of the page to note that this feature requires Vault ENT + ADP * rephrase * Update website/content/docs/enterprise/pkcs11-provider/index.mdx --------- Co-authored-by: Violet Hynes <[email protected]>=
…18520) * Major overhaul of `vault operator generate-root` CLI help Resolves hashicorp#15252 A major overhaul of the `vault operator generate-root` CLI help to surface the fact that it is actually six separate commands in one, rather than requiring users to independently deduce this mental model themselves. In the process of doing so, also standardize some terminology: * Fix places which used the phrase "operational token" instead of "operation token" to be consistent with the prevailing terminology. * Fix places which used the phrase "recovery operation token" instead of "recovery token" to be consistent with the prevailing terminology. This PR currently focusses on the CLI help, but following review and feedback, I assume I'll need to replicate many of the same changes in website/content/docs/commands/operator/generate-root.mdx as well. * Fix some tab characters which should have been spaces * Update command/operator_generate_root.go --------- Co-authored-by: Violet Hynes <[email protected]>
hashicorp#22160) * replaced each instance of MaskedInput in PKI with CertificateCard * modify tests for pki-generate-csr * add test for pki-issuer-details. modify test for pki-certificate-details * added test for pki-key-details. modified test for pki-sign-intermediate-form * update 2 test helper files and modify test for pki-issuer-rotate-root * update test for certificate-card-test.js, update test for the kubernetes configuration-test.js * modify pki-action-forms-test.js to no longer look for masked input. expand test for pki-issuer-details-test.js to check for all issuer details * change CertificateCard to show different format types (PEM, DER, nothing) depending on the value provided. update 2 test files to account for this. * change CertificateCard arg name from @certficateValue to @DaTa to be more inclusive of different uses of CertificateCard (i.e when used for a private key, not a certificate). add description to certificate-card.js * change naming for attr.options.masked to attr.options.displayCard to reflect the change from MaskedInput to CertificateCard * add changelog * change attribute to isCertificate to better fit the title of the component CertificateCard. edit pki-certificate-details.hbs to get rid of extraneous code
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This will fast forward the repo until the recent license change - the following is the last commit
bfe89a4 2023-08-11 08:48:48Z malinac02 Display CertificateCard instead of MaskedInput for certificates in PKI (hashicorp#22160)