* add reloading service configuration
* add changelog entry
* add tests
* fix typo
* check if config.ServiceRegistration is nil before signaling
* add changes for deregistering service on nil config with failing tests
* fix tests by decreasing reconcile_timeout + setting consul agent tokens
* fix races
* add comments in test
---------
Co-authored-by: Marc Boudreau <marc.boudreau@hashicorp.com>
* Allow Managed clusters to see Secrets Sync Overview and Sidebar nav (#26649)
* update badge text and allow hvd on secrets sync views
* update logic in Secrets Sync overview and cta for hvd.
* spacing
* rearrange based on pr feedback
* fix return on badgeText and cluster nav test
* fix landing cta tests
* update test to reflect new changes
* moved call to feature-flags from application route to the service to match patterns
* add managed test coverage on overview component test and remove premium feature so cta message appplies to both managed and non-managed clusters
* missed service name and unskip admin test
* clean up
* fix tests
* flags test fix
* Rename isManaged and managedNamespaceRoot (#26697)
* renames
* lowercase HVD to match
* missed some
* test failure
* [Secrets Sync] enable access to Sync clients page for HVD clusters (#26713)
* feat: split client counts navbar into separate component
* acceptance/clients/counts/overview-test: remove tests now covered by int tests
* clients counts route: rename isSecretsSyncActivated to showSecretsSync
* sync clients page: show unactivated state unless sync client history or feature is activated
* client counts navbar: show sync tab only if client history or is /able to be/ activated
* clients overview page: only show sync charts if activated
* fix: rename isManaged to isHvd
* acceptance/counts/overview-test: add HVD tests
* acceptance/counts/overview-test: clean up unused cruft
* aceptance/clients/counts/overview-test: ensure we dont get false negatives
* chore: move Clients::Error to Clients::Counts::Error
* chore: calculate showSecretSync in page component instead of route
* chore: add copyright headers
* acceptance/clients/counts/overview-test: stub activated flags to fix test
* [Secrets sync] update sync test selectors (#26824)
* acceptance/clients/counts/overview-test: use imported test selectors
* general-selectors: add missing emptyStateSubtitle property
* acceptance/clients/counts/sync: nest tests in top level module for easier test runs
* Add permissions check to show/hide activate button (#26840)
* add permissions check to flags service and consume in overview template
* add back missing refresh
* fix test failures
* add test coverage
* clean up
* address flaky test
* grr
* address test failures
* add changelog
* try to fix test failure only on gh
* fix fetch to match previous implementation of feature-flags
* fix failing test
* update comment
---------
Co-authored-by: Noelle Daley <noelledaley@users.noreply.github.com>
Co-authored-by: clairebontempo@gmail.com <clairebontempo@gmail.com>
* PKI: Change sign-intermediate to truncate notAfter by default
- The PKI sign-intermediate API allowed an end-user to request a TTL
value that would extend beyond the signing issuer's notAfter. This would
generate an invalid CA chain when properly validated.
- We are now changing the default behavior to truncate the returned certificate
to the signing issuer's notAfter.
- End-users can get the old behavior by configuring the signing issuer's
leaf_not_after_behavior field to permit, and call sign-intermediary
with the new argument enforce_leaf_not_after_behavior to true. The
new argument could also be used to enforce an error instead of truncating
behavior if the signing issuer's leaf_not_after_behavior is set to err.
* Add cl
* Add cl and upgrade note
* Apply suggestions from code review
Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com>
---------
Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com>
* VAULT-25341 Address issue where having no permissions to renew caused Agent and Proxy auth to attempt to renew with no backoff
* Fiddle with go.mod changes that shouldn't have happened
* VAULT-25341 small cleanup and extra test
* VAULT-25341 backoff only in error case
* VAULT-25341 godocs
* VAULT-25342 changelog
* Update command/agent_test.go
Co-authored-by: divyaac <divya.chandrasekaran@hashicorp.com>
* VAULT-25341 rename file audit
---------
Co-authored-by: divyaac <divya.chandrasekaran@hashicorp.com>
* document known issue for azure secrets engine failing on role creation
* fix empty space
* remove new line
* add workaround
* remove space
---------
Co-authored-by: Tony Wittinger <anwittin@users.noreply.github.com>
Update the Github Actions pins to use the next generation of actions
that are supported by CRT.
In some cases these are simply to resolve Node 16 deprecations. In
others, we can now use `action/upload-artifact@v4` and
`actions/download-artifact@v4` since the next generation of actions like
`hashicorp/actions-docker-build@v2` and
`hashicorp/actions-persist-metadata@v2` use the `v4` versions of these.
Signed-off-by: Ryan Cragun <me@ryan.ec>
* Add missing delegated_auth_accessors config field to /sys/mounts/<path> response
- The field hadn't been properly populated in the JSON struct being returned
through the API response, but had been properly set in the stored structs
in the backend.
- Add missing update to the command tune docs for the -delegated-auth-accessors
option that existed
- Add -delegated-auth-accessors to the secret enable vault command along with
a docs update
* Add cl
* Fix documentation, using a comma separated list does not work
* Apply suggestions from code review
Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com>
* Drop plural on doc update
---------
Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com>
* only include upgrades with previous versions
* update tests
* fix prettier linting
* update counts test
* why are you failing??
* match key order of expected object to actual
* timezones -_-
* attempt to fix flaky openapi test again
* consistent timestamp format
* wrap client count card in permissions
* add test
* add changelog
* move tests into module, add more!
* final test cleanup, stub permissions manually without helper
* use current_billing_period for dashboard, add tests
* update mirage to handle new client param
* Update ui/app/components/dashboard/client-count-card.js
PR https://github.com/cockroachdb/cockroach-go/pull/179 addresses
CVE-2024-27289 and CVE-2024-27304 by bumping jackc/pgx to v4.18.3.
This PR pulls in these changes by updating our cockroach-go dep to
v2.3.8.
Resolves: VAULT-26033
* Update error states on secret list template
* Remove usage of navToNearestAncestor mixin
* don't throw error on list when 404
* Update test with expected behavior
* cleanup
* Add changelog
per customer request in support ticket #141025 I've updated the description of tls_disable_client_certs to provide clarification.
previous pr for this change was approved but needed to be resubmitted because of problems with my GH account. See #26601
* Add mirage response for internal/counters/config to set a static billingStartTimestamp before STATIC_NOW
* Export config response from mirage handler
* install ember-sinon-qunit
* replace stubbed timestamps part 1
* replace clients/ timestamp stubs
* actually stub correctly
* oops got a little excited, these dont need replacing
* and revert client ones as well
* oh my gosh claire stop rushing
* there we go
* move timestamp stub to beforeEach
* more moves to beforeEach
* final CE test moves to beforeEach hook!
* use .replace and .fake instead of callsFake
* license-banner test
* remove remaining callsFake for consistency
* use the timestamp instead of separate date
