* fix promise issues on transformation-edit
* fix one test and the transition problem
* cannot call capabilities service directly inside template because its an unresolved promise
* address transit capabilities issues
* remove deprecations line for promise-proxies
* handle hot mess of delete permissions and such
* blah
* update flash message language. It will now show a flash message for each role whose transformationw as not removed.
* small wording change
* one small change to the default flash message
* Update ui/app/components/transformation-edit.js
Co-authored-by: claire bontempo <68122737+hellobontempo@users.noreply.github.com>
* Update ui/app/components/transformation-edit.js
Co-authored-by: claire bontempo <68122737+hellobontempo@users.noreply.github.com>
* Update ui/app/components/transformation-edit.js
Co-authored-by: claire bontempo <68122737+hellobontempo@users.noreply.github.com>
* fix policy flow
* fix linting and can't define let outside if block
* fix flashmessage things
* make show and edit use same param
---------
Co-authored-by: claire bontempo <68122737+hellobontempo@users.noreply.github.com>
* Log when the seal is unavailable as error
* changelog
* Update changelog/28564.txt
Co-authored-by: Steven Clark <steven.clark@hashicorp.com>
---------
Co-authored-by: Steven Clark <steven.clark@hashicorp.com>
* add warning for when MAP_POPULATE mmap flag not set
* Make mmap flags method handle any flags, where MAP_POPULATE is just one of them
* Only have the log print out on restores
* Add test, make logic more consistent
* Add changelog
* Add godoc for test
* Make test less dangerous
- If we encounter a deadlock/long running test it is better to have go
test timeout. As we've noticed if we hit the GitHub step timeout, we
lose all information about what was running at the time of the timeout
making things harder to diagnose.
- Having the timeout through go test itself on a long running test it
outputs what test was running along with a full panic output within
the logs which is quite useful to diagnose
Move the call to SetStoredKeys to the end of the initialization process. On
Vault Enterprise, this minimizes the chances that the initial seal re-wrap fails
when a node other than the one performing initialization becomes the active one.
- I have a suspicion the for loop with the timer can be infinite loops
in certain circumstances. Instead leverage the normal test helpers
for fetching tidy status
* add auth-config/oidc to openapi model helper
* alphabetize
* update maskedinput selector to be standard data-test-input
* add test
* add changelog
* fix maskedinput test and kv selector
* final textarea selector!
* Track the last PKI auto-tidy time ran for use across nodes
- If the interval time for auto-tidy is longer then say a regularly
scheduled restart of Vault, auto-tidy is never run. This is due to
the time of the last run of tidy is only kept in memory and
initialized on startup to the current time
- Store the last run of any tidy, to maintain previous behavior, to
a cluster local file, which is read in/initialized upon a mount
initialization.
* Add auto-tidy configuration fields for backing off at startup
* Add new auto-tidy fields to UI
* Update api docs for auto-tidy
* Add cl
* Update field description text
* Apply Claire's suggestions from code review
Co-authored-by: claire bontempo <68122737+hellobontempo@users.noreply.github.com>
* Implementing PR feedback from the UI team
* remove explicit defaults and types so we retrieve from backend, decouple enabling auto tidy from duration, move params to auto settings section
---------
Co-authored-by: claire bontempo <68122737+hellobontempo@users.noreply.github.com>
Co-authored-by: claire bontempo <cbontempo@hashicorp.com>
* Add helper combineOpenApiAttrs + test
* hydrateModel working with upgradeModelSchema
* new registerNewModelWithAttrs method for generated models
* Add newFields to generated models
* copyright
* Glimmerize path-help service
* update generated-item-list adapter and path-help usage of it
* remove unused methods combineAttributes and combineFields
* move expandOpenApiProps to ts helper file
* fix auth test
* fix bug where adding user to second userpass mount saves to first mount
* Add mutableId
* fix ent test
* remove addressed deprecation
* Address PR comments
* [VAULT-31208] remove deprecation early-static from decorator tests
* rename validators util into model-helpers folder
* move kmip-role-fields to model-helpers
* fill out docs
* Move database-helpers into model-helpers
* broom
* Split the Key_Usage Field into separate fields - one for the Cert
Endpoints (Sign-intermediate/Generate Root) the other for the CSR
Endpoint (intermediate generate). These have different defaults,
and descriptions.
* Fix schema test.
* Update libraries.mdx section for VaultSharp
Added more info on VaultSharp for latest .NET version support and comprehensiveness of auth and secret backends supported
* Update website/content/api-docs/libraries.mdx
Co-authored-by: Violet Hynes <violet.hynes@hashicorp.com>
---------
Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com>
Co-authored-by: Violet Hynes <violet.hynes@hashicorp.com>
* VAULT-30819: verify DR secondary leader before unsealing followers
After we've enabled DR replication on the secondary leader the existing
cluster followers will be resealed with the primary clusters encryption
keys. We have to unseal the followers to make them available. To ensure
that we absolutely take every precaution before attempting to unseal the
followers we now verify that the secondary leader is the cluster leader,
has a valid merkle tree, and is streaming wals from the primary cluster
before we attempt to unseal the secondary followers.
Signed-off-by: Ryan Cragun <me@ryan.ec>
* Make reception of an empty valid principals configurable based on a role flag.
Adds allow_empty_principals, which if true allows valid_principals on credential generation calls
to be empty.
* changelog
* Allow empty principals on unrelated unit test
* whitespace
* Add a core test logger to help capture the MSSQL container output
- I believe the if t.Failed prevents the logging of the container
logging as when executed the test isn't considered failed yet.
- Use a test core logger so that we can capture the container output
all the time and get it from the captured log files when the test
fails
* bump image tag to 2022-latest
---------
Co-authored-by: JM Faircloth <jmfaircloth@hashicorp.com>
Go module tooling mandates that each sub-module contains its own LICENSE file.
If absent, it defaults to the LICENSE file in the root of the git repository.
This resulted in the api/auth/* modules erroneously inheriting the BUSL
license instead of the correct MPL license, as indicated by the SPDX info in
the actual API code.
This update ensures that module documentation is displayed correctly on
pkg.go.dev and resolves issues with various tools showing incorrect license
information for the sub-modules.
Signed-off-by: Tero Saarni <tero.saarni@est.tech>
- Get better test failure error messages by not shadowing the errors
when we are attempting to start the MSSQL docker container, so
we can fail the tests with the proper error message that is occuring
instead of mssqlhelper.go:60: Could not start docker MSSQL: %!s(<nil>)
* update kmip/role model and adapter
* New KMIP role form component
* cleanup on kmip role adapter/model
* fix role details view
* update tests to check for kmip role form and details validity
* cleanup
* Add kmip-role-fields test
* add headers, remove old component
* Address PR comments
