* consistent timestamp format
* wrap client count card in permissions
* add test
* add changelog
* move tests into module, add more!
* final test cleanup, stub permissions manually without helper
* use current_billing_period for dashboard, add tests
* update mirage to handle new client param
* Update ui/app/components/dashboard/client-count-card.js
PR https://github.com/cockroachdb/cockroach-go/pull/179 addresses
CVE-2024-27289 and CVE-2024-27304 by bumping jackc/pgx to v4.18.3.
This PR pulls in these changes by updating our cockroach-go dep to
v2.3.8.
Resolves: VAULT-26033
* Update error states on secret list template
* Remove usage of navToNearestAncestor mixin
* don't throw error on list when 404
* Update test with expected behavior
* cleanup
* Add changelog
per customer request in support ticket #141025 I've updated the description of tls_disable_client_certs to provide clarification.
previous pr for this change was approved but needed to be resubmitted because of problems with my GH account. See #26601
* Add mirage response for internal/counters/config to set a static billingStartTimestamp before STATIC_NOW
* Export config response from mirage handler
* install ember-sinon-qunit
* replace stubbed timestamps part 1
* replace clients/ timestamp stubs
* actually stub correctly
* oops got a little excited, these dont need replacing
* and revert client ones as well
* oh my gosh claire stop rushing
* there we go
* move timestamp stub to beforeEach
* more moves to beforeEach
* final CE test moves to beforeEach hook!
* use .replace and .fake instead of callsFake
* license-banner test
* remove remaining callsFake for consistency
* use the timestamp instead of separate date
* Update search-select component
- Add aria-label arg
- use label or humanized ID as fallback aria-label
- protect against non-array options arg
* remove overflow-x rule on toolbar-scroller so dropdowns can render in place
* add renderInPlace to dropdowns in pki engine
* Update replication package.json and add renderInPlace
* Add renderInPlace to search-select and basic-dropdown in engines (kubernetes, kv, ldap, sync)
* small cleanup
Pin to the latest actions in preparation for the migration to
`actions/upload-artifact@v4`, `actions/download-artifact@v4`, and
`hashicorp/actions-docker-build@v2` on May 6 or 7.
Signed-off-by: Ryan Cragun <me@ryan.ec>
* Update kmip.mdx
Added "performance standby" to the servers the KMIP client can connect to
---------
Co-authored-by: Peter Wilson <peter.wilson@hashicorp.com>
This PR adds inmem_transactional to the map of available physical
backends for TestServerCommand. This is harmless, as tests need to opt
into the backend.
This is required to test AOP configuration on enterprise.
* Docs- Update info on key rotation
Added a sentence about needing to seal-rewrap if you want to disable or delete old key.
* rectified the url for seal-rewrap
rectified the url for seal-rewrap
* fixed some grammar
* Update website/content/docs/configuration/seal/pkcs11.mdx
---------
Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com>
There was inconsistency in the capitalization of auto unseal in this doc. The initial heading had it right. It shouldn't be capitalized according to the documentation style guidance for feature capitalization. Also, high availability doesn't need to be capitalized.
Change warning to tag syntax so it's clear what should be part of the aside
---------
Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com>
Added a note about seal-rewrap in the steps to perform seal migration post Vault 1.5.1
---------
Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com>
Due to the reported issue under https://github.com/hashicorp/vault/pull/24441, we identified that there are users issuing step-down during the upgrade, which is unintended.
We modified the documentation to make it clear that step-down should not be attempted, in addition rephrased the sentence with "step-down" word and exclude that term to avoid confusion.
Adding a note to clarify to customers that the standby nodes will not respond to metrics requests to this API endpoint
---------
Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com>
It's not immediately obvious that the demo policy needs to be created beforehand and does not exist if only the tutorial steps are followed. Prompted by support ticket ZD-143426.
* Certificate Metadata, CE components
* License headers
* make proto
* move pathFetchMetadata to ENT
* move pathFetchMetadata path to ENT
* correct stub sig
* Issuers may not be available in legacy CA storage, shouldn't fail issue/sign
* clarify error msg
This PR introduces the CE plumbing for a new high WritePriority, meant
to bypass rejection from the AOP write controller. We attach this
priority to any request on a sudo path, such that administrators can
still perform necessary operations during an overload.
This PR introduces the CE plumbing for a new HTTP header, called
X-Vault-AOP-Force-Reject, which will force any associated request to
reject storage writes as if Vault were overloaded.
This flag is intended to test end-to-end functionality of write
rejection in Vault. This is specifically useful for testing 503 -
Service Unavailable HTTP response codes during load shedding.
* Document tokenization DELETE
* typo
* Update website/content/api-docs/secret/transform.mdx
Co-authored-by: Steven Clark <steven.clark@hashicorp.com>
---------
Co-authored-by: Steven Clark <steven.clark@hashicorp.com>
