* make router-lookup helper
* add policyPaths arg to flyout and update route cache to map
* update kv flyouts and test coverage
* round out test coverage, rename method from get to lookup
* alphabetize PATH_MAP
* support other change events for inputSearch to allow copy/pasting items
* update overview requests and improve ux for limited permissions
* request each key permissions
* add flyout to pki page header
* update changelog
Co-authored-by: claire bontempo <68122737+hellobontempo@users.noreply.github.com>
* Added census metric names and new file build doesn't complete
* Added metrics. Working on tests
* Tests passing
* Added tests
* Added a nil check
* Try to fix race condition
* Fix some nits
* Some more nits
* Added a go doc
* Fix some data races
* Remove billing storage lock all together
* Revert "Remove billing storage lock all together"
This reverts commit cdf4a518c343d8fd0fbb5de13fd860999ca2d131.
* Fix failing test
* Remove billing storage lock all together
* Removed schema json file
* Revert "Remove billing storage lock all together"
This reverts commit 76970c7d4f7fe98acb993a737aa7410216caf2a8.
Co-authored-by: divyaac <divya.chandrasekaran@hashicorp.com>
* adds playwright
* adds playwright auth setup and kv tests
* removes generated gh action for playwright
* removes testem ignore paths
* consolidates kv e2e workflows into single test
* adds missing ids to key shares and threshold inputs
* updates ariaLabel arg to attribute in enabled and disabled plugin card components
* adds script to start vault with config for playwright tests
* updates playwright setup to initialize and unseal vault and create user for testing rather than using root token
* adds policies for e2e tests
* updates e2e init setup to use web repl for creating token
* moves kv e2e test under superuser directory
* updates playwright config to create projects for multiple user types
Co-authored-by: Jordan Reimer <zofskeez@gmail.com>
Vault currently logs a warning when a duplicate alias is detected. This
happens on upsert (during loading and creation-time). Since MemDB
enforces uniqueness on the primary key (entity/alias ID), any lookup
resulting in an ID match would by definition be an update. Consistently
check for ID equality across entities, groups, and aliases to make sure
we don't error for updates.
Updated TestDuplicateRenameResolver to use a global counter for unique
entity IDs across namespaces. This trues up the tests to enforce realistic
duplicate scenarios.
Addresses: VAULT-35109
Co-authored-by: Mike Palmiotto <mpalmi@ibm.com>
Co-authored-by: GitHub Copilot <noreply@github.com>
* make router-lookup helper
* add policyPaths arg to flyout and update route cache to map
* update kv flyouts and test coverage
* round out test coverage, rename method from get to lookup
Co-authored-by: claire bontempo <68122737+hellobontempo@users.noreply.github.com>
* Make VAULT_EXPERIMENTS work as feature flags.
Make method IsFlagEnabled treat experiments as feature flags so that they
are accessible to plugins.
* Add experiment kmip.client_api.alpha1.
This experiment enables the KMIP client and template API endpoints.
* Use IsExperimentEnabled rather than ValidExperiments.
* Document TestCore_IsFlagEnabled.
Co-authored-by: Victor Rodriguez <vrizo@hashicorp.com>
Reset the PKI certificae counts after enabled additional PKI mounts so that the
certificates for root and intermediates used by those mounts are excluded from
the counts the test is making assertions on.
Co-authored-by: Victor Rodriguez <vrizo@hashicorp.com>
* Change PkiCertificateCountManager.GetCounts() to return a CertCount.
* Add PkiDurationAdjustedCerts field to CertCount.
Add a new field to CertCount to keep track of "duration adjusted" issued
certificates.
Add an x509.Certificate argument to CertCountIncrementer.AddIssuedCertificate.
In the implementation, use the certificate's NotBefore and NotAfter fields to
calculate the validity duration for the certificate, and use that to compute the
duration adjusted units.
* Add the issued certificate to calls to AddIssuedCertificate.
* Add PkiDurationAdjustedCerts when forwarding counts.
Add pki_duration_adjusted_certificate_count to IncrementPkiCount proto.
Update replicationServiceHandler.IncrementPkiCertCountRequest to take into
account the new field.
* Run make proto.
* Update testingPkiCertificateCounter to make assertions on time adjusted counts.
* PR review: Don't use NotAfter.Sub(NotBefore), since time.Duration is max 290 years.
* PR review: Move DurationAdjustedCertificateCount to logical.pki/test_helpers.
Add Bob generated unit tests for logical.durationAdjustedCertificateCount.
* Run make fmt.
Co-authored-by: Victor Rodriguez Rizo <vrizo@hashicorp.com>
* rotation-manager: enable RM to send rotation information to plugins on registration/rotation operations (#11810)
* initial commit for sending NVR to plugins
* add changelog
* add NVR to plugin fields, add RotationInfo to GRPC request handler
* fix tests
* ensure consistent formats on times and ttls
* add translation to allow grpc data transfer
* fix tests and rename fields
* fix missed field renames in tests
* make all methods net-new for backwards compatibility
* update mock plugin and add oss stub back
* remove method with no usages
* Address wrapper comments
* Rebuild proto
* Nil check around SetRotationInfo, return n/a for no last_vault_rotation
* Fix error to match other instances
* Update fields.go
* Return nil if unset for next/last vault rotation times
---------
Co-authored-by: robmonte <17119716+robmonte@users.noreply.github.com>
* Fix return type in stub method
---------
Co-authored-by: vinay-gopalan <86625824+vinay-gopalan@users.noreply.github.com>
Co-authored-by: robmonte <17119716+robmonte@users.noreply.github.com>
* define the proto, define the RPC
* add external unit tests
* change type of request from int to any
* fix things around after conflict merge
* protobuf lint
* protobuf lint issue fix
* implement cadence based testing of the standby worker
* expand the RPC to include transform call counts, update data returned from endpoint to include transform, remove all todo comments, add tests, fix test helper methods
* remove unnecessary locks from util testing methods, remove unused method
* Update vault/consumption_billing.go
* feedback: remove a check on whether system view is initialized
* re-add the check on initialized state of system view
* access the standby state field directly instead of using a method that uses a lock causing deadlock
* feedback: use require.Eventually instead of manual looping to wait for primary to update the count
* feedback: simplify logic to identify initialized consumption billing worker, remove unused methods
* Some edits to test
Added some functions to delete old month data
* Fixed some tests
* fix some merge conflicts
* Delete older month data
* Removed unused functions
* Some merge conflicts
* Adds some more tests
* Edit billing ent test
* temp
* Revert "temp"
This reverts commit f817b9813959fc2ab478669b67c7d67c381ceff6.
* Edited billing bp
* Reverted head
* Edited billing test
* Slight cleaning up
* Moved some things
* Revert changes on pb file
* Edited flaky test
* Edited some nits
* edited a comment
---------
Co-authored-by: divyaac <divya.chandrasekaran@hashicorp.com>
Co-authored-by: Amir Aslamov <amir.aslamov@hashicorp.com>
* PKI: Allow the HTTP post body to be reread for binary paths
* Use a TeeReader to simplify the solution
* Add test and cl
* Apply suggestions from code review
* PR feedback
---------
Co-authored-by: Steven Clark <steven.clark@hashicorp.com>
Co-authored-by: Nick Cabatoff <ncabatoff@hashicorp.com>
* improve dismissal logic, use AutomationSnippet component, use wizard service for tracking dismissal
* use class helper to check for multiple nodes when rendering tree chart, add test coverage
* update comments
* add modal for namespace intro and improve reusability
* style updates and general reusability updates
* make intro pages more generic and rename welcome to intro
* update tests
* update styles, use service to track intro visibility, rename components
* Update arg docs
Co-authored-by: lane-wetmore <lane.wetmore@hashicorp.com>
* define the proto, define the RPC
* create new standby and active node workers
* fix bugs: set up consumption billing worker on standby nodes
* add external unit tests
* change type of request from int to any
* remove active node worker - the existing logic already updates and flushes data to storage for active node inside updateBillingMetrics
* fix things around after conflict merge
* make fmt
* protobuf lint
* protobuf lint issue fix
* implement cadence based testing of the standby worker
* protobuf formatting
* expand the RPC to include transform call counts, update data returned from endpoint to include transform, remove all todo comments, add tests, fix test helper methods
* create oss no-op stub for the standby worker
* remove unnecessary locks from util testing methods, remove unused method
* Update vault/consumption_billing.go
* remove unused method
* feedback: remove a check on whether system view is initialized
* re-add the check on initialized state of system view
* access the standby state field directly instead of using a method that uses a lock causing deadlock
* feedback: use require.Eventually instead of manual looping to wait for primary to update the count
* feedback: simplify logic to identify initialized consumption billing worker, remove unused methods
* feedback: use log.Error instead of log.Warn
* Update vault/consumption_billing_util_ent.go
* feedback: increase the timeout for the rpc call to 30 secs
* feedback: fix comments in tests to clarify active node and standby node definitions
---------
Co-authored-by: Amir Aslamov <amir.aslamov@hashicorp.com>
Co-authored-by: divyaac <divya.chandrasekaran@hashicorp.com>
* Copy https://github.com/hashicorp/vault/pull/31733 into main
* fix(transit): prevent panic on restore with missing policy
* test: add unit test for RestorePolicy nil policy validation
* changelog: add entry for transit restore panic fix
* Update changelog/31733.txt
---------
Co-authored-by: Abhishek Dadwal <dadwalabhishek10@gmail.com>
Co-authored-by: Abhishek Dadwal <73817744+Abhishek00810@users.noreply.github.com>
Co-authored-by: Steven Clark <steven@sclark.me>
* WIP
* WIP...
* Update page headers and move logic back
* remove unused stuff
* Fix failing tests
* Use hasNavPermission
* Update raft storage locatin and add namespace link on top
* Update access sidebar link to Access control
* Update order of API_PATHS
* Remove namespace link
Co-authored-by: Kianna <30884335+kiannaquach@users.noreply.github.com>
* [VAULT-33083] support mount external engine
* add "Plugin type" and "Plugin version" fields to the enable mount page
* add changelog
* address copilot review comments
* address PR comments, code cleanup
* fix test failures
* Add support for external plugins registered without a plugin version
* external plugin should be enabled for enterprise only, plugin version should be mandatory for external plugins
* fix tests
* address copilot feedback
* fix failing tests, add unit test coverage
* address PR comments
* address PR comments
* remove dead code
* move no external versions alert
* Only show un-versioned plugin message if there are un-versioned plugins in the catalog.
* address PR comments
* use ApiService instead of custom PluginPinsService; fix failing tests
* revert changes to forms/mount.ts and forms/auth/method.ts
Co-authored-by: Shannon Roberts (Beagin) <beagins@users.noreply.github.com>
