* Updated the PostgreSQL database creation command to ensure the static role name is consistent.
The role name specified in allowed_roles="my-role" under the section "Rootless Configuration and Password Rotation for Static Roles" should align with the static role name in step #3. Previously, the command incorrectly used "my-static-role"; it should be "my-role" to match the earlier step.
The same role name should also be used when reading the static credentials in step #4
* Added the file changelog/29138.txt
* Delete changelog/29138.txt
---------
Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>
Co-authored-by: akshya96 <87045294+akshya96@users.noreply.github.com>
Co-authored-by: Violet Hynes <violet.hynes@hashicorp.com>
This PR introduces a new type of conflict resolution for duplicate
Entities and Groups. Renaming provides a way of preventing Vault from
entering case-sensitive mode, which is the current behavior for any kind
of duplicate.
Renames append the conflicting identity artifact's UUID to its name and
updates a metadata field to indicate the pre-existing artifact's UUID.
The feature is gated by the force-identity-deduplication activation flag.
In order to maintain consistent behavior between the reporting resolver
and the rename operation, we need to adjust the behavior of generated
reports. Previously, they intentionally preserved existing Group merge
determinism, wherein the last MemDB update would win and all others
would be renamed. This approach is more complicated for the rename
resolver, since we would need to update any duplicated entity in the
cache while inserting the new duplicate (resulting in two MemDB
operations). Though we can ensure atomic updates of the two identity
artifacts with transactions (which we could get for groups with a minor
adjustment, and we will get along with batching of Entity upserts on
load), it's far simpler to just rename all but the first insert as proposed
in the current PR.
Since the feature is gated by an activation flag with appropriate
warnings of potential changes via the reporting resolver, we opt
for simplicity over maintaining pre-existing behavior. We can revisit
this assumption later if we think alignment with existing behavior
outweighs any potential complexity in the rename operation.
Entity alias resolution is left alone as a destructive merge operation
to prevent a potentially high-impact change in existing behavior.
* initial things without helper changes
* adjust test for clean up of secret-engine-helper
* remove added line thats better in next pr
* remove extra check
* 🧹
* replace return with continue within loops
* ce changes for vault-31750
* add changelog
* make proto
* refactor naming
* clarify error message
* update changelog
* one more time
* make proto AGAIN
* sdk/db: do not hold the lock on Close
* fix missing locks on return; ensure we don't overrite instance
* add type and close timeout env vars
* changelog
* Add information about an enterprise feature related to validating issued certificates to the PKI API docs.
* Update website/content/api-docs/secret/pki/index.mdx
Update RFC name and link, as suggested by Steve.
Co-authored-by: Steven Clark <steven.clark@hashicorp.com>
* Update website/content/api-docs/secret/pki/index.mdx
Update RFC name and link, as suggested by Steve.
Co-authored-by: Steven Clark <steven.clark@hashicorp.com>
* Update website/content/api-docs/secret/pki/index.mdx
Update RFC name and link, as suggested by Steve.
Co-authored-by: Steven Clark <steven.clark@hashicorp.com>
* Update website/content/api-docs/secret/pki/index.mdx
Update RFC name and link, as suggested by Steve.
Co-authored-by: Steven Clark <steven.clark@hashicorp.com>
* Update enterprise tag to be on the same line for vercel reasons.
---------
Co-authored-by: Steven Clark <steven.clark@hashicorp.com>
* go get github.com/hashicorp/cap/ldap@main && go mod tidy
* add 1.19 upgrade note
* changelog
* cd sdk && go get github.com/hashicorp/cap/ldap@main && go mod tidy
* add more detail in changelog
* update changelog
* go mod tidy after resolving merge conflicts
This pulls in a logic change in the autopilot library that helps us to avoid increasing the quorum when reconciling in presence of an unhealthy voter, when the overall number of voters is odd.
* Allow a Vault operator to list, read and update PKI ACME accounts
- This allows an operator to list the ACME account key ids, read
the ACME account getting all the various information along with
the account's associated orders and update the ACME account's
status to either valid or revoked
* Add tests for new ACME management APIs
* Update PKI api-docs
* Add cl
* Add missing error handling and a few more test assertions
* PR feedback
* Fix Note tags within the website
* Apply suggestions from docscode review
Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com>
* Update website/content/api-docs/secret/pki/issuance.mdx
* Update website/content/api-docs/secret/pki/issuance.mdx
* Update website/content/api-docs/secret/pki/issuance.mdx
---------
Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com>
* More CE changes for hybrid wireup
* remove unused func
* undo reintroduction of loss of omitempty
* Add ent hooks and handle unsupported keys correctly
* tidy import
* Fix ent encode test logic
