Add GCP configuration details #29120
Closed
+204
−46
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
github-actions
bot
added
the
hashicorp-contributed-pr
|
CI Results: failed ❌ |
* VAULT-32159 CE changes for PKI metrics * Whoops, printf
* VAULT-32159 docs for pki metrics * Issuers, not certs
* VAULT-32159 issuers not certs CE changes * Typo
Co-authored-by: Sarah Chavis <[email protected]> --------- Co-authored-by: Robert <[email protected]> Co-authored-by: Sarah Chavis <[email protected]>
* Use DRBG based RSA key generation everywhere * switch to the conditional generator * Use DRBG based RSA key generation everywhere * switch to the conditional generator * Add an ENV var to disable the DRBG in a pinch * update go.mod * Use DRBG based RSA key generation everywhere * switch to the conditional generator * Add an ENV var to disable the DRBG in a pinch * Use DRBG based RSA key generation everywhere * update go.mod * fix import * Remove rsa2 alias, remove test code * move cryptoutil/rsa.go to sdk * move imports too * remove makefile change * rsa2->rsa * more rsa2->rsa, remove test code * fix some overzelous search/replace * Update to a real tag * changelog * copyright * work around copyright check * work around copyright check pt2 * bunch of dupe imports * missing import * wrong license * fix go.mod conflict * missed a spot * dupe import
- Add production hardening document to concepts from tutorial - Update content for linting and grammar
* Do not use static certificates for diagnose tests * Fix operator command tests, move PKI CA creation code into testhelper lib * Fix compilation error from refactoring
* Fix return certificate expiry time from NearExpiration - The duration returned from the NearExpiration is supposed to represent the time till expiry from now and not the calculated time a month from now. * Add cl * PR feedback
Co-authored-by: hc-github-team-secure-vault-ecosystem <[email protected]>
* decode url in the serializer for oracle connection_url * add serializer test * add test for oracle * add test back, remove decode-url helper * update comment and test * link jiras VAULT-32830 VAULT-29785 * add changelog * add test
* OSS Patch OSS Patch Fixing a build issue * Revert "OSS Patch" This reverts commit 2cce608. * OSS-Patch * Fix test issue
--------- Co-authored-by: Thy Ton <[email protected]>
* configuration details only changes * azure configuration acceptance test * clean up * change attrs to display attrs and reuse formFields * missed some * clean up * Update ui/app/helpers/mountable-secret-engines.js Co-authored-by: claire bontempo <[email protected]> * remove extra conditional * fix test for oss runs * clean up the logic for checking if the model has been configured * remove formatTtl * fix broken conditional * address pr comments * clean up clean up everybody lets clean up --------- Co-authored-by: claire bontempo <[email protected]>
…29090) * implementation and test * changelog * verify servers are healthy before removing
* OSS Changes Patch * Added changelog
* use const for in relation to vault eventing metadata * update comments * fix comment lengths
* Match the page_title and H1 header * Update website/content/docs/secrets/databases/index.mdx Co-authored-by: Brian Shumate <[email protected]> --------- Co-authored-by: Brian Shumate <[email protected]>
Co-authored-by: Ken Keller <[email protected]>
…Enterprise (#29144) * add docs changes for enabled field * remove extra space * updating docs
* Match the page_title with H1 header * Fix typos: rote --> rotate
* Fix style inconsistency * Fix typos * Update website/content/docs/platform/k8s/vso/secret-transformation.mdx Co-authored-by: Jonathan Frappier <[email protected]> * Update website/content/docs/platform/k8s/helm/terraform.mdx Co-authored-by: Theron Voran <[email protected]> * Update website/content/docs/platform/k8s/injector/annotations.mdx Co-authored-by: Theron Voran <[email protected]> --------- Co-authored-by: Jonathan Frappier <[email protected]> Co-authored-by: Theron Voran <[email protected]>
* =passback mfa_requirement for oidc login methods * =pass SAML mfa requirement * add comments * add acceptance tests * add helper * update callback args for auth jwt * add changelog * update changelog * is this line necessary? * fetch token data for display name, this commit can be undone when BE fixes VAULT-32462 * change error handling, add comments * update capitalization * revert capitalization * reword changelog * clarify comments * Update changelog/28873.txt
* db: fix skip-import-rotation/rootless integration * prevent setting both password and self_managed_password * move func call and add comment
-path must bevor auth method, otherwise an error is thrown "Command flags must be provided before positional arguments. The following arguments will not be parsed as flags: [-path=my-auth]" Co-authored-by: Yoko Hyakuna <[email protected]>
* add testing before model changes * add enterprise self_managed attr, update tests * add postgres params * add changelog * update test * cleanup filter function * fix nits
* Add ops quick start, update nav * Update website/content/docs/get-started/operations-qs.mdx Co-authored-by: Yoko Hyakuna <[email protected]> * Update website/content/docs/get-started/operations-qs.mdx Co-authored-by: Yoko Hyakuna <[email protected]> * Update website/content/docs/get-started/operations-qs.mdx Co-authored-by: Sarah Chavis <[email protected]> * Update website/content/docs/get-started/operations-qs.mdx Co-authored-by: Sarah Chavis <[email protected]> * Update website/content/docs/get-started/operations-qs.mdx Co-authored-by: Sarah Chavis <[email protected]> * Update website/content/docs/get-started/operations-qs.mdx Co-authored-by: Sarah Chavis <[email protected]> * Update website/content/docs/get-started/operations-qs.mdx Co-authored-by: Sarah Chavis <[email protected]> * Update website/content/docs/get-started/operations-qs.mdx Co-authored-by: Sarah Chavis <[email protected]> * Update website/content/docs/get-started/operations-qs.mdx Co-authored-by: Sarah Chavis <[email protected]> * Update website/content/docs/get-started/operations-qs.mdx Co-authored-by: Sarah Chavis <[email protected]> * Update website/content/docs/get-started/operations-qs.mdx Co-authored-by: Sarah Chavis <[email protected]> * Update website/content/docs/get-started/operations-qs.mdx Co-authored-by: Sarah Chavis <[email protected]> * Update website/content/docs/get-started/operations-qs.mdx Co-authored-by: Sarah Chavis <[email protected]> * Update website/content/docs/get-started/operations-qs.mdx Co-authored-by: Sarah Chavis <[email protected]> * Update website/content/docs/get-started/operations-qs.mdx Co-authored-by: Sarah Chavis <[email protected]> * Update website/content/docs/get-started/operations-qs.mdx Co-authored-by: Sarah Chavis <[email protected]> * Update website/content/docs/get-started/operations-qs.mdx Co-authored-by: Sarah Chavis <[email protected]> * Update website/content/docs/get-started/operations-qs.mdx Co-authored-by: Sarah Chavis <[email protected]> * Update website/content/docs/get-started/operations-qs.mdx Co-authored-by: Sarah Chavis <[email protected]> * Update website/content/docs/get-started/operations-qs.mdx Co-authored-by: Sarah Chavis <[email protected]> * Update website/content/docs/get-started/operations-qs.mdx Co-authored-by: Sarah Chavis <[email protected]> * Update website/content/docs/get-started/operations-qs.mdx Co-authored-by: Sarah Chavis <[email protected]> * Update website/content/docs/get-started/operations-qs.mdx Co-authored-by: Sarah Chavis <[email protected]> * Update website/content/docs/get-started/operations-qs.mdx Co-authored-by: Sarah Chavis <[email protected]> * Update website/content/docs/get-started/operations-qs.mdx Co-authored-by: Sarah Chavis <[email protected]> * Update website/content/docs/get-started/operations-qs.mdx Co-authored-by: Sarah Chavis <[email protected]> * Update website/content/docs/get-started/operations-qs.mdx Co-authored-by: Sarah Chavis <[email protected]> * Update website/content/docs/get-started/operations-qs.mdx Co-authored-by: Sarah Chavis <[email protected]> * Update website/content/docs/get-started/operations-qs.mdx Co-authored-by: Sarah Chavis <[email protected]> * Update website/content/docs/get-started/operations-qs.mdx Co-authored-by: Sarah Chavis <[email protected]> * Update website/content/docs/get-started/operations-qs.mdx Co-authored-by: Sarah Chavis <[email protected]> * Update website/content/docs/get-started/operations-qs.mdx Co-authored-by: Sarah Chavis <[email protected]> * Update website/content/docs/get-started/operations-qs.mdx Co-authored-by: Sarah Chavis <[email protected]> * Update website/content/docs/get-started/operations-qs.mdx Co-authored-by: Sarah Chavis <[email protected]> * Update website/content/docs/get-started/operations-qs.mdx Co-authored-by: Sarah Chavis <[email protected]> * Update website/content/docs/get-started/operations-qs.mdx Co-authored-by: Sarah Chavis <[email protected]> * Updates --------- Co-authored-by: Yoko Hyakuna <[email protected]> Co-authored-by: Sarah Chavis <[email protected]>
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
helper/testhelpers/pki/pkihelper.go
Outdated
| "crypto/x509/pkix" | ||
| "encoding/pem" | ||
| "math/big" | ||
| mathrand2 "math/rand/v2" |
Check warning
Code scanning / Semgrep Scanner
Semgrep Finding: go.lang.security.audit.crypto.math_random.math-random-used Warning test
vault/raft.go
Outdated
| // If the node has been removed, we should continue to startup but in | ||
| // the removed state | ||
| if errors.Is(err, errRemovedHANode) { | ||
| c.logger.Error("failed to join raft cluster", "error", err) |
Check failure
Code scanning / CodeQL Scanner
Clear-text logging of sensitive information High
…ise users (#29047) * transfer over all changes from original pr * changelog * add serialize catch for no empty string environment * move ttl format logic to parent route * Update 29047.txt * clean up some comments * Update changelog/29047.txt Co-authored-by: claire bontempo <[email protected]> * Update changelog/29047.txt Co-authored-by: claire bontempo <[email protected]> * Update ui/app/components/secret-engine/configure-azure.hbs Co-authored-by: claire bontempo <[email protected]> * first round of addressing pr comments, holding off on the issue save flow for error messaging to keep separate * Update CODEOWNERS merge issue * small clean up tasks * updates * test coverage * small cleanup * small clean up * clean up * clean up getters on model --------- Co-authored-by: claire bontempo <[email protected]>
* Update the page description for SEO improvement * Update the description for SEO improvement * Update the description * Update website/content/docs/secrets/transform/ff3-tweak-details.mdx Co-authored-by: Jonathan Frappier <[email protected]> * Fixing a typo * Incorporate review feedback --------- Co-authored-by: Jonathan Frappier <[email protected]>
* Update the title & description for SEO improvement * Minor updates for style consistency * Revert back the change * Update website/content/docs/secrets/aws.mdx Co-authored-by: Sarah Chavis <[email protected]> --------- Co-authored-by: Sarah Chavis <[email protected]>
* Update the PKI secrets engine docs title & description * Update website/content/docs/secrets/pki/index.mdx Co-authored-by: Jonathan Frappier <[email protected]> * Incorporate the review feedback --------- Co-authored-by: Jonathan Frappier <[email protected]>
Various different CI jobs need Go modules in order to build or test Vault. To speed this up in CI we cache them in Github Actions. The caching requires downloading all modules first in order to upload them to the actions cache, which is performed by calling the `go-mod-download` Make target. This target will iterate over the directory tree and download Go modules in all directories that include a `go.mod` file. There are two small problems with this approach that we resolved with this PR: * Our `go-mod-download` target would download modules for all `go.mod`'s present in the directory tree, regardless of whether or not they are required to build or test Vault. Only downloading those required results in slightly smaller caches. * `tools/pipeline` is intentionally a separate Go module so as to not require its modules in order to build Vault, however, our `go-mod-download` downloading all modules requires the workflow environment to include auth credentials for internal modules. If a community contributed PRs modifies a `go.mod`, which in turn requires a new cache, the PR will always fail because it cannot download modules that require secrets. Now we avoid installing our `tools/pipeline` modules when generating our module cache which should allow community contributed PRs to execute build and Go tests, while skipping enos workflows which already required secrets and were thus skipped. Signed-off-by: Ryan Cragun <[email protected]>
* seo updates for config docs * fix content errors * Make KMS title consistent with other stanza titles
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
What does this PR do?
TODO only if you're a HashiCorp employee
backport/label that matches the desired release branch. Note that in the CE repo, the latest release branch will look likebackport/x.x.x, but older release branches will bebackport/ent/x.x.x+ent.of a public function, even if that change is in a CE file, double check that
applying the patch for this PR to the ENT repo and running tests doesn't
break any tests. Sometimes ENT only tests rely on public functions in CE
files.
in the PR description, commit message, or branch name.
description. Also, make sure the changelog is in this PR, not in your ENT PR.