* Add util for determining whether secret data is advanced
* Add test coverage for bug
* use non-dumb logic for detecting advanced object
* Add changelog
* Add header
* Move util to core
* Add escaped newline to test coverage
* headers again *eyeroll*
Added clarification for 32 character limit on STS tokens.
Forcing suggestion commit so we can merge and publish the changes.
---------
Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com>
* Added `vault operator raft snapshot inspect` usage
* Update website/content/docs/commands/operator/raft.mdx
Forcing suggestion commit so we can merge and publish the changes.
---------
Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com>
* Ember Engine Setup for Secrets Sync (#23653)
* ember engine setup for secrets sync
* Update ui/lib/sync/addon/routes.js
Co-authored-by: claire bontempo <68122737+hellobontempo@users.noreply.github.com>
---------
Co-authored-by: claire bontempo <68122737+hellobontempo@users.noreply.github.com>
* Sync Mirage Setup (#23683)
* adds mirage setup for sync endpoints
* updates secret_name default in sync-association mirage factory
* UI Secrets Sync: Ember data sync destinations (#23674)
* add models
* adapters
* base model adapter
* update test response
* add sync destinations helper
* finish renaming base destination model/adapter
* add comment
* add serializer
* use normalizeItems instead
* destination serializer test
* add destination find method;
* add conditional operand
* UI Secrets Sync: Overview landing page (#23696)
* add models
* adapters
* base model adapter
* update test response
* add sync destinations helper
* finish renaming base destination model/adapter
* add comment
* add serializer
* doc-link helper
* add version service
* landing and overview component
* overview page
* add tests
* UI Secrets Sync: Destinations adapter add LIST (#23716)
* add models
* adapters
* base model adapter
* update test response
* add sync destinations helper
* finish renaming base destination model/adapter
* add comment
* add serializer
* doc-link helper
* add version service
* landing and overview component
* overview page
* build out serializer and adapters
* update mirage
* fix merge conflicts
* one more conflict!
* pull transformQueryResponse to separate method in adapter
* move data transforming all to serializer and tests
* add note to paginationd ocs
docs
* conditionally render CTA
* add lazyPaginatedQuery method to destinations route
* remove partial error
* Secrets Sync: Destinations create - select type (#23792)
* add category to destinations
* build select type page
* refactor prompt config situation
* routing for destinations
* update select-type routing
* make card width fixed
* revert CTA routing change, keep shouldRenderOverview
* add header for gif demo to form
* cleanup scope
* more scope cleanup
* add test
* add type selector
* rename components
* rename again
* remove async
* fix tests
* fix select type rename in test
* delete renamed test
* fix import of general selectors
* rename using component syntax
* UI Secrets Sync: Create destination form and route (#23806)
* add model attribute metadata
* add form and save url, remove name and type from serializer
* move checkbox list to form field helper
* add styling to alert inline
* use newly made class
* fix cancel action and cleanup form
* change quotes
* remove checkbox action from form component
* add tests
* address feedback
* add API error test
* use create record method instead
* adapter test for create record
* return from find method if type is undefined
* cleanup test selectors
* secrets sync: refactor sync destinations helper (#23839)
* refactor getter in base destination model
* add getters back to model
* Secrets sync UI: Destination details page (#23842)
* change labels to match params
* add maskedParams to base model
* add details route
* add details view;
* update mirage
* fix secrets sync link;
* delete parent destination route
* add copyright header
* add secrets route
* move sync route outside of secrets/ route
* upate mirage
* export to-label
* finish tests
* make ternary
* rename header tabs
* fix selector in test
* Secrets Sync UI: Cleanup headers + tabs (#23873)
* remove destination header component, add headers/tabs to all routes
* fix header padding
* move tabs + toolbar back into component...
* add copyright header
* add delete modal
* lol revert again
* add extra line after copyright header
* Secrets Sync Destinations List View (#23949)
* adds route and page component for sync destinations list view
* filters by type first for sync destinations
* adds test for store.filterData method
* Update ui/app/services/store.js
Co-authored-by: Kianna <30884335+kiannaquach@users.noreply.github.com>
* updates nav link label for secrets sync
* moves sync destinations types out of app-types
* moves loading-dropdown-option component to core addon and adds to destination list item menu
* change true assertion to deepEqual in sync destinations test
* adds copyright header to sync-destinations type file
* clear store dataset on sync destination create
---------
Co-authored-by: Kianna <30884335+kiannaquach@users.noreply.github.com>
* Sync Destinations Capabilities (#23953)
* adds route and page component for sync destinations list view
* filters by type first for sync destinations
* adds test for store.filterData method
* adds capabilities checks for sync destinations
* removes canList from sync destinations capabilities
* updates sync header tests
* Update ui/tests/integration/components/sync/sync-header-test.js
Co-authored-by: claire bontempo <68122737+hellobontempo@users.noreply.github.com>
* updates sync destination response serialization
* updates sync destination serializer test
* updates sync destinations page test assertions
* fixes mirage sync destinations payload issue
* removes commented out method in sync destination adapter
* fixes inconsistencies with url generation for sync destinations delete
* fixes sync destinations page test
---------
Co-authored-by: claire bontempo <68122737+hellobontempo@users.noreply.github.com>
* Sync Associations Ember Data Setup (#24132)
* adds model, adapter and serializer for sync associations
* updates sync association adapter save methods to use adapterOptions to determine action
* Sync Destination Secrets Route and Page Component (#24155)
* renames sync destination header component and adds tests
* adds destination secrets route and page component
* adds setup-models helper for sync testing
* moves destination details test into subdir
* adds destination secrets page component tests
* adds controller for destination secrets route
* fixes pagination route on destination secrets view
* fixes sync association updated_at assertion based on timezone
* updates kv secret details external route name
* updates usage of old spacing style variable after merge
* use confirm action instead of contextual confirm (old) component (#24189)
* UI Secrets Sync: Adds secret status to kv v2 details page (#24208)
* woops! missed this styling for confirm action swap
* update link to go to destination secrets
* change edit to view secret from destination secrets list
* add synDestination to external routes for kv engine
* add sync status badge component
* export from addon
* splaattributes
* poll sync status for kv secret details and render
* move from controller to component
* update name to new destinationName key
* reorder list view items
* add refresh button
* add mirage data
* change to loading static
* update icons to be sync specific
* change name
* move button and change fetch to concurrency task
* add tests to kv details
* add color assertion
* add copyright header
* small test tweaks
* Update ui/tests/integration/components/sync-status-badge-test.js
* fixes test
---------
Co-authored-by: Jordan Reimer <zofskeez@gmail.com>
* Sync Secrets to Destination (#24247)
* fixes issue with filter-input debounce and updates to spread attributes for input rather than use args
* adds destination sync page component
* removes unused var in sync component
* adds test for manual mount path input in sync view
* updates mount filtering in destinations sync page to target kv v2
* Secrets Sync Landing Page Images (#24277)
* updates sync landing page to add marketing images
* removes top margin from sync landing-cta
* adds aria-describedby to sync landing images
* UI Secrets Sync: Serialize trailing slash from destination type (#24294)
* remove trailing slash from type in destination LIST response
* update keys in mirage and tests
* Sync Overview (#24340)
* updates landing-cta image to png with matching height
* adds ts definitons for sync adapters
* updates sync adapters and serializers to add methods for fetching overview data
* adds sync associations list handler to mirage and seeds more associations in scenario
* adds table and totals cards to sync overview page
* adds sync overview page component tests
* fixes tests
* changes lastSync key to lastUpdated for sync fetchByDestinations response
* adds emdash as placeholder for lastUpdated null value in secrets by destination table
* updates to handle 0 associations state for destination in overview table
* Secrets Sync UI: Add loading and error substates (#24353)
* add error substate
* add loading substates
* delete loading from secrets route
* Remove is-version Helper (#24388)
* removes is-version helper and injects service into components
* updates sync tests using version service to new API
* adds comment back for tracked property in secret detials page component
* updates sync tests to use common selectors (#24397)
* update capitalization to consistently be titlecase, fix breadcrumb selector
* clears sync associations from store on destination sync page component destroy (#24450)
* KV Suggestion Input (#24447)
* updates filter-input component to conditionally show search icon
* adds kv-suggestion-input component to core addon
* updates destination sync page component to use KvSuggestionInput component
* fixes issue in kv-suggestion-input where a partial search term was not replaced with the selected suggestion value
* updates kv-suggestion-input to retain focus on suggestion click
* fixes test
* updates kv-suggestion-input to conditionally render label component
* adds comments to kv-suggestion-input regarding trigger
* moves alert banner in sync page below button set
* moves inputId from getter to class property on kv-suggestion-input
* Secrets Sync UI: Editing a destination (#24413)
* add form field groups to sync models
* update create-and-edit form to use confirmLeave and enableInput component
* enable input component
* add more stars
* update css comments
* Update ui/app/styles/helper-classes/flexbox-and-grid.scss
* make attrOptions optional
* remove decorator
* add env variables to subtexr
* add subtext to textfile
* fix overviwe transition bug
* remove breadcrumbs to getter
* WIP adapter update
* update mirage response
* add update method with PATCH
* add patch to application adapter
* fix typo
* finish tests
* remove validations because could use environment variables
* use getter and setter in model
* move update record business to serializer
* rest of logic in serializer;
gp
;
gp
* add model validation warnings
* cleanup getters
* pull create/update logic into method for mirage
* add test for validation warning
* update KV copy
* Sync Success Banner (#24491)
* adds success banner to destination sync page
* move submit disabled logic to getter in destination sync page
* adds id and for attributes to kv mount input in sync page
* hides sync success banner on submit
* use Sync secrets everywhere (remove new) (#24494)
* use Sync secrets everywhere (remove new)
* revert test name change
* Sync Destinations List Filter Bug (#24496)
* fixes issues filtering destinations list
* adds test
* fixes Sync now action text alignment in destination secrets list
* UI Secrets sync: Add purge query param to delete endpoint (#24497)
* adds updated_at to mirage set association handler
* adds changelog entry
* add enterprise in parenthesis for changelog
* addres a11y feedback
---------
Co-authored-by: claire bontempo <68122737+hellobontempo@users.noreply.github.com>
Co-authored-by: clairebontempo@gmail.com <clairebontempo@gmail.com>
Co-authored-by: Kianna <30884335+kiannaquach@users.noreply.github.com>
* update node and pipeline registration to prevent overwriting, strip some unused bits of NewTestCluster, tweak to prevent auditing on a test that is flaking
* tidy imports
* refactor (standardUnsealStrategy).unseal to reduce tech debt
* fix coding error that cause panic in runSetupFunctionsForUnseal
* split runSetupFunctionsForUnseal into 2 funcs to facilitate testing
* add go docs for functions
* fix compile errors from merge commit
* reload seals on SIGHUP
* add lock in SetSeals
* move lock
* use stubmaker and change wrapper finalize call
* change finalize logic so that old seals will be finalized after new seals are configured
* add changelog
* run make fmt
* fix fmt
* fix panic when reloading seals errors out
* add sighup tests and separate out docker utilities
* add test case
* fix typo
* remove build tag
* fix imports
* refactoring to make functions more general and avoid conflicts
* add utility funcs
* separate out config copy into function
* fix error message
* fix error messages
* Implement custom-message management endpoints in a namespace aware manner
* completion of non-enterprise version of custom-messages
* clean up of error handling and fixing a nil pointer error
* rename UICustomMessagesEntry to UICustomMessageEntry
* add unit tests to cover new functions in UIConfig related to custom messages
* unit tests for all custom message handling
* add missing header comments for new files
* add changelog file
* fix test setup error that led to unexpected failure
* change return type from slice of pointers to struct to slice of struct and add godocs to every function
* add Internal suffix to internal methods for the UIConfig struct
* add validation for start and end times of custom messages
* improvements based on review feedback
* explore new approach for custom messages
* introduce new error to force HTTP 404 when referencing non-existant UI custom message
* remove changelog entry until feature is complete
* implement CRUD endpoints using single storage entry per namespace
* add mutex to protect operations that read the storage entry and write it back
* add copyright header comment to new files
* fix failing tests due to change in target function behaviour in order to return 404 error when mandated
* feedback from review plus some improvements on my own as well
* define constants for recognized message types and replace hardcoded strings occurrences with new constants
* incorporate feedback comment
* beef up testing with non-root namespaces in putEntry and getEntryForNamespace
* renaming CreateMessage to AddMessage in uicustommessages.Manager and uicustommessages.Entry
* adding missing copyright header comments
It is not sufficient to check that function setSeal in server.go does not return
an "unwrap seal". For migrations away from a Shamir seal, NewCore constructor
sets up an unwrap seal by calling method adjustForSealMigration.
Factor out new method checkForSealMigration out of adjustForSealMigration so
that NewCore can verify that there won't be a migration when returning early due
to running in recovery mode.
Add support for testing `+ent.hsm` and `+ent.hsm.fips1402` Vault editions
with `pkcs11` seal types utilizing a shared `softhsm` token. Softhsm2 is
a software HSM that will load seal keys from a local disk via pkcs11.
The pkcs11 seal implementation is fairly complex as we have to create a
one or more shared tokens with various keys and distribute them to all
nodes in the cluster before starting Vault. We also have to ensure that
each sets labels are unique.
We also make a few quality of life updates by utilizing globals for
variants that don't often change and update base versions for various
scenarios.
* Add `seal_pkcs11` module for creating a `pkcs11` seal key using
`softhsm2` as our backing implementation.
* Require the latest enos provider to gain access to the `enos_user`
resource to ensure correct ownership and permissions of the
`softhsm2` data directory and files.
* Add `pkcs11` seal to all scenarios that support configuring a seal
type.
* Extract system package installation out of the `vault_cluster` module
and into its own `install_package` module that we can reuse.
* Fix a bug when using the local builder variant that mangled the path.
This likely slipped in during the migration to auto-version bumping.
* Fix an issue where restarting Vault nodes with a socket seal would
fail because a seal socket sync wasn't available on all nodes. Now we
start the socket listener on all nodes to ensure any node can become
primary and "audit" to the socket listner.
* Remove unused attributes from some verify modules.
* Go back to using cheaper AWS regions.
* Use globals for variants.
* Update initial vault version for `upgrade` and `autopilot` scenarios.
* Update the consul versions for all scenarios that support a consul
storage backend.
Signed-off-by: Ryan Cragun <me@ryan.ec>
* redirect for deshow/details view
* test coverage
* not found test fix
* changelog
* test fixes and amend for create route with no secret
* handle router with no secret
* add more coverage
* Update 24339.txt
* Update secret-edit.js
* Update secret-edit.js
* restructure conditional because list-directory will never be a thing in this view
* Update secret-edit.js
* remove show for directory. that doesn't exists
* blah fix test
* fix conditional
* remove meep
* enable input component
* add more stars
* update css comments
* Update ui/app/styles/helper-classes/flexbox-and-grid.scss
* make attrOptions optional
* add subtext to textfile
* add docLink arg to form field textfile
* update form field test
* add test
* add comment
* update jsdoc
* remove unused class
* Update ui/tests/integration/components/enable-input-test.js
Co-authored-by: Jordan Reimer <zofskeez@gmail.com>
---------
Co-authored-by: Jordan Reimer <zofskeez@gmail.com>
This commit moves quota storage updates into the storage package to
facilitate testing. As a part of the change, we create a new
`ManagerFlags` struct to make Setup invocations a bit more ergnomic.
* add getter to metadata model
* add changelog and data model fix
* add test coverage
* add nested create coverage
* Update 24404.txt
* remove from data model
* return to how it was
