* converts kubernetes overview page component to ts
* converts kubernetes role index controller to ts
* updates kubernetes overview to use api service
* removes store service from kubernetes engine
* removes kubernetes models, adapters and serializers
* removes unused types
* updates removed type references
* removes fetch-secrets-config decorator
Co-authored-by: Jordan Reimer <zofskeez@gmail.com>
* enables typescript in kubernetes engine
* adds api service to kubernetes engine
* removes mounts handler from kubernetes mirage handler
* adds kubernetes application route to handle withConfig decorator check
* updates usage of application model in kubernetes engine
* updates kubernetes configuration route to use api service fetched config
* adds kubernetes config form class
* updates error route backend references to secretsEngine
* updates kubernetes configure workflow to use api service and form class
* fixes tests
* converts kubernetes index route to ts
* adds capabilities service to kubernetes engine
* updates kubernetes roles view to use api service
* converts kubernetes role details component to ts
* updates kubernetes role details route to use api service
* reverts kubernetes mirage handler change
* converts kubernetes role index route to ts
* updates kubernetes generate credentials workflow to use api service
* converts kubernetes role edit and create routes to ts
* converts kubernetes create-and-edit component to ts
* adds form class for kubernetes role
* updates kubernetes create and edit routes to use api service and form class
* fixes tests
Co-authored-by: Jordan Reimer <zofskeez@gmail.com>
* enables typescript in kubernetes engine
* adds api service to kubernetes engine
* removes mounts handler from kubernetes mirage handler
* adds kubernetes application route to handle withConfig decorator check
* updates usage of application model in kubernetes engine
* updates kubernetes configuration route to use api service fetched config
* adds kubernetes config form class
* updates error route backend references to secretsEngine
* updates kubernetes configure workflow to use api service and form class
* fixes tests
* reverts kubernetes mirage handler change
* updates type for inferredState in kubernetes config page component
* removes commented out form field in kubernetes config form
Co-authored-by: Jordan Reimer <zofskeez@gmail.com>
Fix an incompatibility where we check out the repository with
checkout@v6 and then attempt to check it out again at checkout@v5 in the
set-product-version action.
* update enos directory to trigger lint
Signed-off-by: Ryan Cragun <me@ryan.ec>
Co-authored-by: Ryan Cragun <me@ryan.ec>
* replace Hds::Reveal with Hds::Accordion
* adjust spacing to render in Hds::Form component
* fix spacing in policy-example
* cleanup form-section class usage
* implement visual builder in create policy form
* hide visual editor in search select modal
* use general selectors, alphabetize form/field selectors
* update test coverage to check for visual policy editor
* reorganzie tests by module
* add saving functionality for visual editor
* refactor event handling methods
* refactor component so parent manages stanzas
* move snippets to automation-snippets tab component
* polish up policy diff modal
* refactor arg to be isCompact
* update test coverage and export new component
* rearrange methods to make diff easier
* small cleanup, abc vars and remove unneeded change
* add lanuage and update test coverage
* update comment
* fix form hierarchy
* fix modal spacing;
Co-authored-by: claire bontempo <68122737+hellobontempo@users.noreply.github.com>
* Add Disable-Time-Check flag, and also respect common criteria when doing so.
* Switch to EnableTimeChecks to not change default behavior.
* Check Common Criteria Flag Before Disabling Verification.
* Add Changelog.
* Update builtin/logical/pki/issuing/cert_verify_ent.go
* Update changelog/_10915.txt
* PR feedback.
* Merge-fix
* Test case requested by PR review.
---------
Co-authored-by: Kit Haines <khaines@mit.edu>
Co-authored-by: Steven Clark <steven.clark@hashicorp.com>
* Correctly set signature bits.
* All the other places that accidentally conflate issuer and issued key.
* Update builtin/logical/pki/path_roles.go
* PR Feedback.
* Add changelog.
* Test and validate keybits in a single call
* License header.
* Add/combine validate and get default hashbits calls.
* Actually set keyBits on the role.
* Fix storage test, switch to defaultOrValue.
* fix storage test.
* Update error return for linter.
* Look at underlaying key type not type which might include "managedKeyType" for ca-issuer.
* Update expected role values, and convert between PublicAlgorithm and KeyType internally.
* Move the ec to ecdsa transformation to helper functions. More consistant usage.
* Speed improvement to testing - pregenerate CA bundles and CSR.
* Add go test doc.
* Fix issue with web-merge.
* Error wrapping error now warnings aren't errors.
* PR feedback - move ecdsa support to subfunctions.
---------
Co-authored-by: Kit Haines <khaines@mit.edu>
Co-authored-by: Steven Clark <steven.clark@hashicorp.com>
* Adding logic to run tidy on local secret IDs only for perf secondaries
* Modifying periodic tidy to run on local mounts
* Updating changelog for fix in VAULT-40239
Co-authored-by: Sean Ellefson <sellefson@hashicorp.com>
* sdk/rotation: Prevent rotation attempts on read-only storage
Rotation is a write operation that mutates both Vault's storage
and an external resource. Attempting this on a read-only node
(like in a performance secondary cluster) will fail.
This check preempts the rotation to prevent a split-brain scenario
where the external credential is changed but Vault's storage
cannot be updated.
* changelog
* fix failing test
Co-authored-by: John-Michael Faircloth <fairclothjm@users.noreply.github.com>
* VAULT-41128 ensure alias name is not logged in observations (#11296)
* VAULT-41128 ensure alias name is not logged in observations
* feedback
* whoops
* removing flags
* small changes
* fixes
* move things back
* utilizing aftermodel w mods, testing aws
* fix ssh tests
* fixing aws and azure
* fix gcp
* fix test and flip kv
* fix kv2 tests
* adding model to fix tests
* updates and removals
* fix tests
* no showing empty state, redirect to plugin settings after config save
* test fixes
* update subtitle to include namepsace, fix test
* removing index, replacing with general settings, updates
* updates and fix tests
* more test fixes
* wif tests
* updates to nav tests
* update tests and cleanup configuration logic
* add todos
* fix remaining tests, add nav test to gcp
* test tweak
* address todos, test update
* Update ui/app/routes/vault/cluster/secrets/backend/configuration/plugin-settings.ts
* I love prettier so much
---------
Co-authored-by: Dan Rivera <dan.rivera@hashicorp.com>
Co-authored-by: claire bontempo <cbontempo@hashicorp.com>
Co-authored-by: Shannon Roberts (Beagin) <beagins@users.noreply.github.com>
* refactor dependencies and removes disallowed vault imports from builtin Okta auth (#10965)
* move SkipUnlessEnvVarsSet from vault/helper/testhelpers/ to vault/sdk/helper/testhelpers
* use unittest framework from vault-testing-stepwise module in place of sdk/logical
* refactor SkipUnlessEnvVarsSet() and NewAssertAuthPoliciesFunc() to sdk
* bump docker API version to 1.44 matching 2f33549
---------
Co-authored-by: Thy Ton <maithytonn@gmail.com>
* removes withConfig decorator and moves check to application route
* updates backendModel references in ldap engine to secretsEngine
* adds ldap config form class
* updates ldap config type in application route
* updates ldap configure and configuration routes to use api service
* adds capabilities service to ldap engine
* updates ldap mirage handler and scenario
* adds ldap capabilities constants and helper for fetching capabilities for roles
* updates ldap roles view to use api service
* updates ldap role details view to use api service
* updates ldap role create/edit views to use api service and form classes
* updates ldap role subdirectory view to use api service
* updates ldap role credentials view to use api service
* updates ldap libraries list views to use api service
* updates ldap library details view to use api service
* updates ldap library details accounts view to use api service
* updates ldap library details accounts check out view to use api service
* updates ldap library details configuration view to use api service
* updates ldap library create/edit workflows to use api service and form class
* fixes lint errors
* updates ldap overview to use api service
* updates ldap overview tests
* removes store and pagination services from ldap engine
* removes ldap related ember data files
* updates path_to_library var casing
Co-authored-by: Jordan Reimer <zofskeez@gmail.com>
* removes withConfig decorator and moves check to application route
* updates backendModel references in ldap engine to secretsEngine
* adds ldap config form class
* updates ldap config type in application route
* updates ldap configure and configuration routes to use api service
* adds capabilities service to ldap engine
* updates ldap mirage handler and scenario
* adds ldap capabilities constants and helper for fetching capabilities for roles
* updates ldap roles view to use api service
* updates ldap role details view to use api service
* updates ldap role create/edit views to use api service and form classes
* updates ldap role subdirectory view to use api service
* updates ldap role credentials view to use api service
* updates ldap libraries list views to use api service
* updates ldap library details view to use api service
* updates ldap library details accounts view to use api service
* updates ldap library details accounts check out view to use api service
* updates ldap library details configuration view to use api service
* updates ldap library create/edit workflows to use api service and form class
* fixes lint errors
* removes errant log
Co-authored-by: Jordan Reimer <zofskeez@gmail.com>
* removes withConfig decorator and moves check to application route
* updates backendModel references in ldap engine to secretsEngine
* adds ldap config form class
* updates ldap config type in application route
* updates ldap configure and configuration routes to use api service
* adds capabilities service to ldap engine
* updates ldap mirage handler and scenario
* adds ldap capabilities constants and helper for fetching capabilities for roles
* updates ldap roles view to use api service
* updates ldap role details view to use api service
* updates ldap role create/edit views to use api service and form classes
* updates ldap role subdirectory view to use api service
* updates ldap role credentials view to use api service
Co-authored-by: Jordan Reimer <zofskeez@gmail.com>
* removes withConfig decorator and moves check to application route
* updates backendModel references in ldap engine to secretsEngine
* adds ldap config form class
* updates ldap config type in application route
* updates ldap configure and configuration routes to use api service
Co-authored-by: Jordan Reimer <zofskeez@gmail.com>
One feature of ondemand self-hosted runners is that we don't contend
with other repositories for self-hosted runners. The penalty for using
ondemand is that there are no hot runner pools, so provisioning time
is usually around 30 second but in worst can hit the two minutes mark.
These numbers rely on immediately capacity in the default region
(us-west-2). Every once in a while we see runner provisioning times for
ondemand CI runners go into the tens of minutes, presumably due to
capacity issues. Instead of waiting around for a runner that will
fulfill our single instance type, we'll add a few fallback types we can
attempt if we hit a capacity snag on our preferred machine.
Signed-off-by: Ryan Cragun <me@ryan.ec>
Co-authored-by: Ryan Cragun <me@ryan.ec>
1.21 is the current active CE branch. Make the CE 1.20 branch inactive
so that we no longer backport changes to it.
Signed-off-by: Ryan Cragun <me@ryan.ec>
Co-authored-by: Ryan Cragun <me@ryan.ec>
* removes store query from pki config route
* updates pki overview route to use api service
* removes remaining references to store in pki tests
* removes unused store service injections in pki components
* removes store dependency from pki engine
* removes ember data related unit tests for pki
* removes pki ember data models, adapters and serializers
* removes unused pagination service injections in config-ui, kv, pki and sync engines
* removes unused store service injections from pki engine
* updates dashboard quick-actions-card component to fetch options using api service
* removes path-help test using pki model
Co-authored-by: Jordan Reimer <zofskeez@gmail.com>
* clarify warning message for scenarios where a comma is intentional
* add test
Co-authored-by: claire bontempo <68122737+hellobontempo@users.noreply.github.com>
* reject destination delete request if sync is disabled
* add changelog
* removed duplicate code, moved error message to separate designated file
* constructing error on a new line for readability
---------
Co-authored-by: Arjun K S <arjun.ks@hashicorp.com>
Co-authored-by: Arjun K S <Arjun.KS@ibm.com>
