Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Respect increment value in grace period calculations (api/LifetimeWatcher) #14836

Merged
merged 6 commits into from
Apr 6, 2022

Conversation

averche
Copy link
Contributor

@averche averche commented Apr 1, 2022

Fixes: #14638

Background

api.LifetimeWatcher is a tool that helps to monitor and periodically renew expiring token or credential leases. It determines a grace period based on a given lease duration and attempts to renew the lease within the grace period. The callers of LifetimeWatcher can optionally specify Increment value in seconds, which is sent to the vault server and is meant to override the token's TTL value, if respected by the server.

The issue

This means that for long lived leases, a client cannot submit it's own increment value that is less than the leases grace period without triggering and immediate return (without sleeping).

Change

This PR will make sure that the grace period is calculated based on the minimum of the remaining lease duration & interval (if specified).

How was this tested

I added a short_increment_duration test renewer_test.go.

Additionally, I was able to successfully reproduce the issue in hello-vault-go. Before the fix, setting an increment value lower than the token's actual TTL resulted in an early renewal and the following error every time renew was called:

URL: PUT http://vault-server:8200/v1/sys/wrapping/unwrap
Code: 400. Errors:

* wrapping token is not valid or does not exist. If the AppRoleAuth struct was initialized with the WithWrappingToken LoginOption, then the secret ID's filepath should be a path to a response-wrapping token

When I built against this branch, the error disappeared and the renew period was updated to the increment value minus grace period as expected.

@vercel vercel bot temporarily deployed to Preview – vault April 1, 2022 16:40 Inactive
@vercel vercel bot temporarily deployed to Preview – vault-storybook April 1, 2022 16:40 Inactive
@vercel vercel bot temporarily deployed to Preview – vault April 4, 2022 21:03 Inactive
@vercel vercel bot temporarily deployed to Preview – vault-storybook April 4, 2022 21:04 Inactive
@vercel vercel bot temporarily deployed to Preview – vault April 4, 2022 21:26 Inactive
@vercel vercel bot temporarily deployed to Preview – vault-storybook April 4, 2022 21:26 Inactive
@averche averche requested review from ncabatoff and a team April 4, 2022 21:36
@averche averche marked this pull request as ready for review April 4, 2022 21:38
Copy link
Contributor

@VinnyHC VinnyHC left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice! This looks good to me.

Copy link
Collaborator

@digivava digivava left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good stuff! I'm approving because I think this makes sense, but just checking one thing: In the docs it says "[The increment value] is not an increment at the end of the current TTL; it is an increment from the current time."

That doesn't change anything here, right? I don't think it does but just double-checking.

@averche
Copy link
Contributor Author

averche commented Apr 6, 2022

Good stuff! I'm approving because I think this makes sense, but just checking one thing: In the docs it says "[The increment value] is not an increment at the end of the current TTL; it is an increment from the current time."

That doesn't change anything here, right? I don't think it does but just double-checking.

I don't think it changes things since we used to calculate the grace period based on the remaining TTL (which is also from the current time, so it make sense to apply the same logic to the increment value)

@averche averche added this to the 1.11.0-rc1 milestone Apr 6, 2022
Monkeychip added a commit that referenced this pull request Apr 11, 2022
* Vault documentation: changing references from learn to tutorial (#14844)

* changed learn to tutorial references

* changed learn to tutorial

* Update website/content/docs/plugins/plugin-portal.mdx

Co-authored-by: Yoko Hyakuna <[email protected]>

* Update website/content/docs/platform/aws/run.mdx

Co-authored-by: Yoko Hyakuna <[email protected]>

Co-authored-by: Yoko Hyakuna <[email protected]>

* UI/Only show form values if have read access (#14794)

* only show value in edit form if has read capabilities

* revert messing with form

* delete secret data from secret

* add check for selected version

* remove added line

* add changelog

* modified text (#14854)

* fixed a link issue (#14850)

* docs: add known issue to 1.10 release notes (#14859)

* Vault 3999 Change permissions for directory/archive created by debug command  (#14846)

* adding debug changes from ent

* adding changelog

* Vault 3992 ToB Config and Plugins Permissions  (#14817)

* updating changes from ent PR

* adding changelog

* fixing err

* fixing semgrep error

* updated references from learn to tutorial (#14866)

* updated references from learn to tutorial (#14867)

* changed reference from learn to tutorial (#14868)

* Fix handling of default zero SignatureBits value with Any key type in PKI Secrets Engine (#14875)

* Correctly handle minimums, default SignatureBits

When using KeyType = "any" on a role (whether explicitly or implicitly
via a sign-verbatim like operation), we need to update the value of
SignatureBits from its new value 0 to a per-key-type default value. This
will allow sign operations on these paths to function correctly, having
the correctly inferred default signature bit length.

Additionally, this allows the computed default value for key type to be
used for minimum size validation in the RSA/ECDSA paths. We additionally
enforce the 2048-minimum in this case as well.

Signed-off-by: Alexander Scheel <[email protected]>

* Fix defaults and validation of "any" KeyType

When certutil is given the placeholder any keytype, it attempts to
validate and update the default zero value. However, in lacking a
default value for SignatureBits, it cannot update the value from the
zero value, thus causing validation to fail.

Add more awareness to the placeholder "any" value to certutil.

Signed-off-by: Alexander Scheel <[email protected]>

* Add role-based regression tests for key bits

This adds regression tests for Key Type, Key Bits, and Signature Bits
parameters on the role. We test several values, including the "any"
value to ensure it correctly restricts key sizes.

Signed-off-by: Alexander Scheel <[email protected]>

* Add sign-verbatim test for key type

This ensures that we test sign-verbatim against a variety of key types.

Signed-off-by: Alexander Scheel <[email protected]>

* Add changelog entry

Signed-off-by: Alexander Scheel <[email protected]>

Co-authored-by: Steven Clark <[email protected]>

* Subtle docs change for allow_store_key (#14889)

* Subtle docs change for allow_store_key

* errant space

* Adds Vault version prerelease and metadata to logical.PluginEnvironment (#14851)

* docs: fix formatting on plugin upgrade page (#14874)

* docs: fix formatting on plugin upgrade page

* fix more formatting issues

* Update CC docs (#14714)

* Update CC docs

* Add sample response

* Address review feedback

* Update website/content/api-docs/system/internal-counters.mdx

Co-authored-by: Loann Le <[email protected]>

* Update website/content/api-docs/system/internal-counters.mdx

Co-authored-by: Loann Le <[email protected]>

* Update website/content/api-docs/system/internal-counters.mdx

Co-authored-by: Loann Le <[email protected]>

* Update website/content/api-docs/system/internal-counters.mdx

Co-authored-by: Loann Le <[email protected]>

* Update website/content/api-docs/system/internal-counters.mdx

Co-authored-by: Loann Le <[email protected]>

* Update website/content/api-docs/system/internal-counters.mdx

Co-authored-by: Loann Le <[email protected]>

* Update website/content/api-docs/system/internal-counters.mdx

Co-authored-by: Loann Le <[email protected]>

* Update website/content/api-docs/system/internal-counters.mdx

Co-authored-by: Loann Le <[email protected]>

* Update website/content/api-docs/system/internal-counters.mdx

Co-authored-by: Loann Le <[email protected]>

* Update website/content/api-docs/system/internal-counters.mdx

Co-authored-by: Loann Le <[email protected]>

* Update website/content/api-docs/system/internal-counters.mdx

Co-authored-by: Loann Le <[email protected]>

* Update website/content/api-docs/system/internal-counters.mdx

Co-authored-by: Loann Le <[email protected]>

* Update website/content/api-docs/system/internal-counters.mdx

Co-authored-by: Loann Le <[email protected]>

* Update website/content/api-docs/system/internal-counters.mdx

Co-authored-by: Loann Le <[email protected]>

* Update website/content/api-docs/system/internal-counters.mdx

Co-authored-by: Meggie <[email protected]>

* Update website/content/api-docs/system/internal-counters.mdx

Co-authored-by: Loann Le <[email protected]>

* Update website/content/api-docs/system/internal-counters.mdx

Co-authored-by: Loann Le <[email protected]>

* Minor edits

* Update partial month API

Co-authored-by: Loann Le <[email protected]>
Co-authored-by: Meggie <[email protected]>

* Docs improvements for Managed Keys (#14756)

* Add more color around managed keys in their concepts page, and create additional links between
the various docs pages related to them.

* Typos

* sdk/useragent: plugin version string consistent with Vault version string (#14912)

* clean up (#14911)

* website: fix usages of img tag  (#14910)

* fix usages of img tag and integrate dev-portal workflows

* Adjust Makefile

* remove mount_accessor from the docs (#14927)

* Add extra test coverage to PKI  (#14767)

* Add PKI test for delete role

 - Create a role, validate that defaults are what we expect
   and delete the role, verifying it is gone on subsequent read
   attempts.

* Add PKI test for crl/rotate command

 - Missing a unit test that validates the crl/rotate command works. The test validates the rotate command was successful
   by checking if we have a different/new update time on the CRL.

* Rework PKI TestBackend_PathFetchValidRaw test to not write directly to storage

 - Rework the existing test to not write directly to storage as we might change that in the future.
 - Add tests that validate the ca_chain behaviour of not returning the root authority cert

* PR Feedback

* Additional PR feedback

* Use WriteWithContext in auth helpers (#14775)

* Add ability to pass certificate PEM bytes to vault/api (#14753)

* Respect increment value in grace period calculations (api/LifetimeWatcher) (#14836)

* Mount flag syntax to mitigate confusion from KV-v2 path discrepancies (#14807)

* Add explanation to help text and flag usage text

* KV get with new mount flag

* Clearer naming

* KV Put, Patch, Metadata Get + corresponding tests

* KV Delete, Destroy, Rollback, Undelete, MetadataDelete, MetadataPatch, MetadataPut

* Update KV-v2 docs to use mount flag syntax

* Add changelog

* Run make fmt

* Clarify deprecation message in help string

* Address style comments

* Update vault-plugin-auth-gcp to newest pseudo-version (#14923)

* docs: added hello-vault-spring repo link to developer-qs.mdx. (#14928)

* Update developer-qs.mdx

docs: added link to Java / Spring Boot sample app repo in developer quick start.

* removed space.

* trigger ci

Co-authored-by: taoism4504 <[email protected]>

* OIDC Login Bug (#14916)

* fixes issue logging in with oidc from listed auth path tab

* adds changelog entry

* adds more tests for oidc auth workflow

* updates oidc auth method test to use non-standard path

* Fix handling of SignatureBits for ECDSA issuers (#14943)

When adding SignatureBits control logic, we incorrectly allowed
specification of SignatureBits in the case of an ECDSA issuer. As noted
in the original request, NIST and Mozilla (and others) are fairly
prescriptive in the choice of signatures (matching the size of the
NIST P-curve), and we shouldn't usually use a smaller (or worse, larger
and truncate!) hash.

Ignore the configuration of signature bits and always use autodetection
for ECDSA like ed25519.

Signed-off-by: Alexander Scheel <[email protected]>

* Bug Fix and Glimmerize secret-edit component (#14941)

* inital glimmerize

* wip

* wip

* wip

* fix maybeQueryRecord

* fix

* fix

* fix test

* cleanup

* add changelog

* clean up

* Agent error log level is mismatched (#14424)

* [VAULT-1618] Agent error log level is mismatched

`logLevelToStringPtr` translates `go-hclog`'s `ERROR` to `"ERROR"` for
Consul Template's runner, but that expects `ERR` and is quite strict
about it.

This will address hashicorp/vault-k8s#223
after it is set as the default image in `vault-k8s`.

I didn't find a simple way to test this other than starting up a full
server and agent and letting them run, which is unfortunately fairly
slow.

I confirmed that this addresses the original issue by modifying the helm
chart with the values in this commit and patching the log level to `err`.

* VAULT-1618 Add changelog/14424.txt

* VAULT-1618 Update changelog/14424.txt based on @kalafut suggestion

Co-authored-by: Jim Kalafut <[email protected]>

* VAULT-1618 Move cancel and server stop into defer in tests

* VAULT-1618 Triggering CircleCI tests

* VAULT-1618 Replace ioutil with os functions for agent template tests

Co-authored-by: Jim Kalafut <[email protected]>

* UI/Add months to activity serializer (#14942)

* add mock monthly data to mirage handler

* add months to serializer for activity response

* change selectors

Co-authored-by: Chelsea Shaw <[email protected]>

* clean up serializer

* please stop being flakey <3

Co-authored-by: Chelsea Shaw <[email protected]>

* Revert the WithContext changes to vault tests (#14947)

* adding env var (#14958)

* Fix dead link for JWT supported algorithms (#14953)

* Don't clone OutputCurlString value (#14968)

* Don't clone OutputCurlString value, add flag to docs

* Add changelog

* Ensure initialMmapSize is 0 on Windows (#14977)

* ensure initialMmapSize is 0 on windows

* add changelog

* Vault 3992 documentation changes (#14918)

* doc changes

* adding config changes

* adding chnages to plugins

* using include

* making doc changes

* adding newline

* aws auth displayName (#14954)

* set displayName to include RoleSessionName

* Add Windows error (#14982)

* Warnings indicating ignored and replaced parameters (#14962)

* Warnings indicating ignored and replaced parameters

* Avoid additional var creation

* Add warnings only if the response is non-nil

* Return the response even when error is non-nil

* Fix tests

* Rearrange comments

* Print warning in the log

* Fix another test

* Add CL

* Fix edit capabilities call in auth method (#14966)

* Fix edit capabilities call in auth method

- Capabilities call was not getting triggered correctly as apiPath
  method was missing the correct context.

* Added changelog

* make linting fix

Co-authored-by: Loann Le <[email protected]>
Co-authored-by: Yoko Hyakuna <[email protected]>
Co-authored-by: claire bontempo <[email protected]>
Co-authored-by: Austin Gebauer <[email protected]>
Co-authored-by: akshya96 <[email protected]>
Co-authored-by: Alexander Scheel <[email protected]>
Co-authored-by: Steven Clark <[email protected]>
Co-authored-by: Scott Miller <[email protected]>
Co-authored-by: John-Michael Faircloth <[email protected]>
Co-authored-by: Vishal Nayak <[email protected]>
Co-authored-by: Meggie <[email protected]>
Co-authored-by: Bryce Kalow <[email protected]>
Co-authored-by: Josh Black <[email protected]>
Co-authored-by: Anton Averchenkov <[email protected]>
Co-authored-by: VAL <[email protected]>
Co-authored-by: Robert <[email protected]>
Co-authored-by: mryan-hashi <[email protected]>
Co-authored-by: taoism4504 <[email protected]>
Co-authored-by: Jordan Reimer <[email protected]>
Co-authored-by: Christopher Swenson <[email protected]>
Co-authored-by: Jim Kalafut <[email protected]>
Co-authored-by: Chelsea Shaw <[email protected]>
Co-authored-by: Tom Proctor <[email protected]>
Co-authored-by: Jose Estrada <[email protected]>
Co-authored-by: Arnav Palnitkar <[email protected]>
zofskeez added a commit that referenced this pull request Apr 12, 2022
* initial upgrade running ember-cli-update --to 3.28

* bumps node-sass version

* fragments bump

* fixes overriding errors prop on policy model causing issues

* bumps some addon versions related to Ember Global deprecation warning on build

* bumps back ember-test-selectors version for now

* removes ember-promise-helpers addon and creates await helper

* upgrades ember-template-lint and adds prettier plugin

* Ember 3.28 Upgrade Lint Fixes (#14890)

* fixes js lint errors

* fixes hbs lint errors

* allow multiple node versions for now to get tests runinng

* fixes tests

* Upgrade ember-test-selectors (#14937)

* updates ember-test-selectors, ember-cli-page-object and ember-cli-string-helpers

* adds attributeBindings to classic components with data-test property

* glimmerizes toolbar-link component and removes data-test args

* glimmerizes toolbar-secret-link and secret-link components and removes data-test and class args

* glimmerizes linked-block component

* glimmerizes toggle-button component

* updates toggle-button test

* fixes remaining test selector issues

* comments out test assertions related to cp-validations bug

* adds todo to comment

* Model Validations (#14991)

* adds model-validations decorator and validators util

* converts key-mixin to decorator

* updates models to use validations decorator instead of ember-cp-validations

* updates invocation of model validations

* removes ember-cp-validations

* reverts secret-v2 model updates

* adds initials to TODO comment

* flight-icons (#14993)

* flight-icons

* basic dropdown

* UI/merge main (#14997)

* Vault documentation: changing references from learn to tutorial (#14844)

* changed learn to tutorial references

* changed learn to tutorial

* Update website/content/docs/plugins/plugin-portal.mdx

Co-authored-by: Yoko Hyakuna <[email protected]>

* Update website/content/docs/platform/aws/run.mdx

Co-authored-by: Yoko Hyakuna <[email protected]>

Co-authored-by: Yoko Hyakuna <[email protected]>

* UI/Only show form values if have read access (#14794)

* only show value in edit form if has read capabilities

* revert messing with form

* delete secret data from secret

* add check for selected version

* remove added line

* add changelog

* modified text (#14854)

* fixed a link issue (#14850)

* docs: add known issue to 1.10 release notes (#14859)

* Vault 3999 Change permissions for directory/archive created by debug command  (#14846)

* adding debug changes from ent

* adding changelog

* Vault 3992 ToB Config and Plugins Permissions  (#14817)

* updating changes from ent PR

* adding changelog

* fixing err

* fixing semgrep error

* updated references from learn to tutorial (#14866)

* updated references from learn to tutorial (#14867)

* changed reference from learn to tutorial (#14868)

* Fix handling of default zero SignatureBits value with Any key type in PKI Secrets Engine (#14875)

* Correctly handle minimums, default SignatureBits

When using KeyType = "any" on a role (whether explicitly or implicitly
via a sign-verbatim like operation), we need to update the value of
SignatureBits from its new value 0 to a per-key-type default value. This
will allow sign operations on these paths to function correctly, having
the correctly inferred default signature bit length.

Additionally, this allows the computed default value for key type to be
used for minimum size validation in the RSA/ECDSA paths. We additionally
enforce the 2048-minimum in this case as well.

Signed-off-by: Alexander Scheel <[email protected]>

* Fix defaults and validation of "any" KeyType

When certutil is given the placeholder any keytype, it attempts to
validate and update the default zero value. However, in lacking a
default value for SignatureBits, it cannot update the value from the
zero value, thus causing validation to fail.

Add more awareness to the placeholder "any" value to certutil.

Signed-off-by: Alexander Scheel <[email protected]>

* Add role-based regression tests for key bits

This adds regression tests for Key Type, Key Bits, and Signature Bits
parameters on the role. We test several values, including the "any"
value to ensure it correctly restricts key sizes.

Signed-off-by: Alexander Scheel <[email protected]>

* Add sign-verbatim test for key type

This ensures that we test sign-verbatim against a variety of key types.

Signed-off-by: Alexander Scheel <[email protected]>

* Add changelog entry

Signed-off-by: Alexander Scheel <[email protected]>

Co-authored-by: Steven Clark <[email protected]>

* Subtle docs change for allow_store_key (#14889)

* Subtle docs change for allow_store_key

* errant space

* Adds Vault version prerelease and metadata to logical.PluginEnvironment (#14851)

* docs: fix formatting on plugin upgrade page (#14874)

* docs: fix formatting on plugin upgrade page

* fix more formatting issues

* Update CC docs (#14714)

* Update CC docs

* Add sample response

* Address review feedback

* Update website/content/api-docs/system/internal-counters.mdx

Co-authored-by: Loann Le <[email protected]>

* Update website/content/api-docs/system/internal-counters.mdx

Co-authored-by: Loann Le <[email protected]>

* Update website/content/api-docs/system/internal-counters.mdx

Co-authored-by: Loann Le <[email protected]>

* Update website/content/api-docs/system/internal-counters.mdx

Co-authored-by: Loann Le <[email protected]>

* Update website/content/api-docs/system/internal-counters.mdx

Co-authored-by: Loann Le <[email protected]>

* Update website/content/api-docs/system/internal-counters.mdx

Co-authored-by: Loann Le <[email protected]>

* Update website/content/api-docs/system/internal-counters.mdx

Co-authored-by: Loann Le <[email protected]>

* Update website/content/api-docs/system/internal-counters.mdx

Co-authored-by: Loann Le <[email protected]>

* Update website/content/api-docs/system/internal-counters.mdx

Co-authored-by: Loann Le <[email protected]>

* Update website/content/api-docs/system/internal-counters.mdx

Co-authored-by: Loann Le <[email protected]>

* Update website/content/api-docs/system/internal-counters.mdx

Co-authored-by: Loann Le <[email protected]>

* Update website/content/api-docs/system/internal-counters.mdx

Co-authored-by: Loann Le <[email protected]>

* Update website/content/api-docs/system/internal-counters.mdx

Co-authored-by: Loann Le <[email protected]>

* Update website/content/api-docs/system/internal-counters.mdx

Co-authored-by: Loann Le <[email protected]>

* Update website/content/api-docs/system/internal-counters.mdx

Co-authored-by: Meggie <[email protected]>

* Update website/content/api-docs/system/internal-counters.mdx

Co-authored-by: Loann Le <[email protected]>

* Update website/content/api-docs/system/internal-counters.mdx

Co-authored-by: Loann Le <[email protected]>

* Minor edits

* Update partial month API

Co-authored-by: Loann Le <[email protected]>
Co-authored-by: Meggie <[email protected]>

* Docs improvements for Managed Keys (#14756)

* Add more color around managed keys in their concepts page, and create additional links between
the various docs pages related to them.

* Typos

* sdk/useragent: plugin version string consistent with Vault version string (#14912)

* clean up (#14911)

* website: fix usages of img tag  (#14910)

* fix usages of img tag and integrate dev-portal workflows

* Adjust Makefile

* remove mount_accessor from the docs (#14927)

* Add extra test coverage to PKI  (#14767)

* Add PKI test for delete role

 - Create a role, validate that defaults are what we expect
   and delete the role, verifying it is gone on subsequent read
   attempts.

* Add PKI test for crl/rotate command

 - Missing a unit test that validates the crl/rotate command works. The test validates the rotate command was successful
   by checking if we have a different/new update time on the CRL.

* Rework PKI TestBackend_PathFetchValidRaw test to not write directly to storage

 - Rework the existing test to not write directly to storage as we might change that in the future.
 - Add tests that validate the ca_chain behaviour of not returning the root authority cert

* PR Feedback

* Additional PR feedback

* Use WriteWithContext in auth helpers (#14775)

* Add ability to pass certificate PEM bytes to vault/api (#14753)

* Respect increment value in grace period calculations (api/LifetimeWatcher) (#14836)

* Mount flag syntax to mitigate confusion from KV-v2 path discrepancies (#14807)

* Add explanation to help text and flag usage text

* KV get with new mount flag

* Clearer naming

* KV Put, Patch, Metadata Get + corresponding tests

* KV Delete, Destroy, Rollback, Undelete, MetadataDelete, MetadataPatch, MetadataPut

* Update KV-v2 docs to use mount flag syntax

* Add changelog

* Run make fmt

* Clarify deprecation message in help string

* Address style comments

* Update vault-plugin-auth-gcp to newest pseudo-version (#14923)

* docs: added hello-vault-spring repo link to developer-qs.mdx. (#14928)

* Update developer-qs.mdx

docs: added link to Java / Spring Boot sample app repo in developer quick start.

* removed space.

* trigger ci

Co-authored-by: taoism4504 <[email protected]>

* OIDC Login Bug (#14916)

* fixes issue logging in with oidc from listed auth path tab

* adds changelog entry

* adds more tests for oidc auth workflow

* updates oidc auth method test to use non-standard path

* Fix handling of SignatureBits for ECDSA issuers (#14943)

When adding SignatureBits control logic, we incorrectly allowed
specification of SignatureBits in the case of an ECDSA issuer. As noted
in the original request, NIST and Mozilla (and others) are fairly
prescriptive in the choice of signatures (matching the size of the
NIST P-curve), and we shouldn't usually use a smaller (or worse, larger
and truncate!) hash.

Ignore the configuration of signature bits and always use autodetection
for ECDSA like ed25519.

Signed-off-by: Alexander Scheel <[email protected]>

* Bug Fix and Glimmerize secret-edit component (#14941)

* inital glimmerize

* wip

* wip

* wip

* fix maybeQueryRecord

* fix

* fix

* fix test

* cleanup

* add changelog

* clean up

* Agent error log level is mismatched (#14424)

* [VAULT-1618] Agent error log level is mismatched

`logLevelToStringPtr` translates `go-hclog`'s `ERROR` to `"ERROR"` for
Consul Template's runner, but that expects `ERR` and is quite strict
about it.

This will address hashicorp/vault-k8s#223
after it is set as the default image in `vault-k8s`.

I didn't find a simple way to test this other than starting up a full
server and agent and letting them run, which is unfortunately fairly
slow.

I confirmed that this addresses the original issue by modifying the helm
chart with the values in this commit and patching the log level to `err`.

* VAULT-1618 Add changelog/14424.txt

* VAULT-1618 Update changelog/14424.txt based on @kalafut suggestion

Co-authored-by: Jim Kalafut <[email protected]>

* VAULT-1618 Move cancel and server stop into defer in tests

* VAULT-1618 Triggering CircleCI tests

* VAULT-1618 Replace ioutil with os functions for agent template tests

Co-authored-by: Jim Kalafut <[email protected]>

* UI/Add months to activity serializer (#14942)

* add mock monthly data to mirage handler

* add months to serializer for activity response

* change selectors

Co-authored-by: Chelsea Shaw <[email protected]>

* clean up serializer

* please stop being flakey <3

Co-authored-by: Chelsea Shaw <[email protected]>

* Revert the WithContext changes to vault tests (#14947)

* adding env var (#14958)

* Fix dead link for JWT supported algorithms (#14953)

* Don't clone OutputCurlString value (#14968)

* Don't clone OutputCurlString value, add flag to docs

* Add changelog

* Ensure initialMmapSize is 0 on Windows (#14977)

* ensure initialMmapSize is 0 on windows

* add changelog

* Vault 3992 documentation changes (#14918)

* doc changes

* adding config changes

* adding chnages to plugins

* using include

* making doc changes

* adding newline

* aws auth displayName (#14954)

* set displayName to include RoleSessionName

* Add Windows error (#14982)

* Warnings indicating ignored and replaced parameters (#14962)

* Warnings indicating ignored and replaced parameters

* Avoid additional var creation

* Add warnings only if the response is non-nil

* Return the response even when error is non-nil

* Fix tests

* Rearrange comments

* Print warning in the log

* Fix another test

* Add CL

* Fix edit capabilities call in auth method (#14966)

* Fix edit capabilities call in auth method

- Capabilities call was not getting triggered correctly as apiPath
  method was missing the correct context.

* Added changelog

* make linting fix

Co-authored-by: Loann Le <[email protected]>
Co-authored-by: Yoko Hyakuna <[email protected]>
Co-authored-by: claire bontempo <[email protected]>
Co-authored-by: Austin Gebauer <[email protected]>
Co-authored-by: akshya96 <[email protected]>
Co-authored-by: Alexander Scheel <[email protected]>
Co-authored-by: Steven Clark <[email protected]>
Co-authored-by: Scott Miller <[email protected]>
Co-authored-by: John-Michael Faircloth <[email protected]>
Co-authored-by: Vishal Nayak <[email protected]>
Co-authored-by: Meggie <[email protected]>
Co-authored-by: Bryce Kalow <[email protected]>
Co-authored-by: Josh Black <[email protected]>
Co-authored-by: Anton Averchenkov <[email protected]>
Co-authored-by: VAL <[email protected]>
Co-authored-by: Robert <[email protected]>
Co-authored-by: mryan-hashi <[email protected]>
Co-authored-by: taoism4504 <[email protected]>
Co-authored-by: Jordan Reimer <[email protected]>
Co-authored-by: Christopher Swenson <[email protected]>
Co-authored-by: Jim Kalafut <[email protected]>
Co-authored-by: Chelsea Shaw <[email protected]>
Co-authored-by: Tom Proctor <[email protected]>
Co-authored-by: Jose Estrada <[email protected]>
Co-authored-by: Arnav Palnitkar <[email protected]>

* skips kmip tests with concurrency issues for now

* changelog

* skips another test

* Remove ModelWrap Component (#15001)

* removes ModelWrap component which was not working in Ember 3.28

* removes kmip test skips

* updates role controller class name

* adds annotations to model-validations file

* pr feedback

* lint fixes after main merge

Co-authored-by: Jordan Reimer <[email protected]>
Co-authored-by: Loann Le <[email protected]>
Co-authored-by: Yoko Hyakuna <[email protected]>
Co-authored-by: claire bontempo <[email protected]>
Co-authored-by: Austin Gebauer <[email protected]>
Co-authored-by: akshya96 <[email protected]>
Co-authored-by: Alexander Scheel <[email protected]>
Co-authored-by: Steven Clark <[email protected]>
Co-authored-by: Scott Miller <[email protected]>
Co-authored-by: John-Michael Faircloth <[email protected]>
Co-authored-by: Vishal Nayak <[email protected]>
Co-authored-by: Meggie <[email protected]>
Co-authored-by: Bryce Kalow <[email protected]>
Co-authored-by: Josh Black <[email protected]>
Co-authored-by: Anton Averchenkov <[email protected]>
Co-authored-by: VAL <[email protected]>
Co-authored-by: Robert <[email protected]>
Co-authored-by: mryan-hashi <[email protected]>
Co-authored-by: taoism4504 <[email protected]>
Co-authored-by: Christopher Swenson <[email protected]>
Co-authored-by: Jim Kalafut <[email protected]>
Co-authored-by: Chelsea Shaw <[email protected]>
Co-authored-by: Tom Proctor <[email protected]>
Co-authored-by: Jose Estrada <[email protected]>
Co-authored-by: Arnav Palnitkar <[email protected]>
kitography pushed a commit that referenced this pull request Apr 24, 2022
* initial upgrade running ember-cli-update --to 3.28

* bumps node-sass version

* fragments bump

* fixes overriding errors prop on policy model causing issues

* bumps some addon versions related to Ember Global deprecation warning on build

* bumps back ember-test-selectors version for now

* removes ember-promise-helpers addon and creates await helper

* upgrades ember-template-lint and adds prettier plugin

* Ember 3.28 Upgrade Lint Fixes (#14890)

* fixes js lint errors

* fixes hbs lint errors

* allow multiple node versions for now to get tests runinng

* fixes tests

* Upgrade ember-test-selectors (#14937)

* updates ember-test-selectors, ember-cli-page-object and ember-cli-string-helpers

* adds attributeBindings to classic components with data-test property

* glimmerizes toolbar-link component and removes data-test args

* glimmerizes toolbar-secret-link and secret-link components and removes data-test and class args

* glimmerizes linked-block component

* glimmerizes toggle-button component

* updates toggle-button test

* fixes remaining test selector issues

* comments out test assertions related to cp-validations bug

* adds todo to comment

* Model Validations (#14991)

* adds model-validations decorator and validators util

* converts key-mixin to decorator

* updates models to use validations decorator instead of ember-cp-validations

* updates invocation of model validations

* removes ember-cp-validations

* reverts secret-v2 model updates

* adds initials to TODO comment

* flight-icons (#14993)

* flight-icons

* basic dropdown

* UI/merge main (#14997)

* Vault documentation: changing references from learn to tutorial (#14844)

* changed learn to tutorial references

* changed learn to tutorial

* Update website/content/docs/plugins/plugin-portal.mdx

Co-authored-by: Yoko Hyakuna <[email protected]>

* Update website/content/docs/platform/aws/run.mdx

Co-authored-by: Yoko Hyakuna <[email protected]>

Co-authored-by: Yoko Hyakuna <[email protected]>

* UI/Only show form values if have read access (#14794)

* only show value in edit form if has read capabilities

* revert messing with form

* delete secret data from secret

* add check for selected version

* remove added line

* add changelog

* modified text (#14854)

* fixed a link issue (#14850)

* docs: add known issue to 1.10 release notes (#14859)

* Vault 3999 Change permissions for directory/archive created by debug command  (#14846)

* adding debug changes from ent

* adding changelog

* Vault 3992 ToB Config and Plugins Permissions  (#14817)

* updating changes from ent PR

* adding changelog

* fixing err

* fixing semgrep error

* updated references from learn to tutorial (#14866)

* updated references from learn to tutorial (#14867)

* changed reference from learn to tutorial (#14868)

* Fix handling of default zero SignatureBits value with Any key type in PKI Secrets Engine (#14875)

* Correctly handle minimums, default SignatureBits

When using KeyType = "any" on a role (whether explicitly or implicitly
via a sign-verbatim like operation), we need to update the value of
SignatureBits from its new value 0 to a per-key-type default value. This
will allow sign operations on these paths to function correctly, having
the correctly inferred default signature bit length.

Additionally, this allows the computed default value for key type to be
used for minimum size validation in the RSA/ECDSA paths. We additionally
enforce the 2048-minimum in this case as well.

Signed-off-by: Alexander Scheel <[email protected]>

* Fix defaults and validation of "any" KeyType

When certutil is given the placeholder any keytype, it attempts to
validate and update the default zero value. However, in lacking a
default value for SignatureBits, it cannot update the value from the
zero value, thus causing validation to fail.

Add more awareness to the placeholder "any" value to certutil.

Signed-off-by: Alexander Scheel <[email protected]>

* Add role-based regression tests for key bits

This adds regression tests for Key Type, Key Bits, and Signature Bits
parameters on the role. We test several values, including the "any"
value to ensure it correctly restricts key sizes.

Signed-off-by: Alexander Scheel <[email protected]>

* Add sign-verbatim test for key type

This ensures that we test sign-verbatim against a variety of key types.

Signed-off-by: Alexander Scheel <[email protected]>

* Add changelog entry

Signed-off-by: Alexander Scheel <[email protected]>

Co-authored-by: Steven Clark <[email protected]>

* Subtle docs change for allow_store_key (#14889)

* Subtle docs change for allow_store_key

* errant space

* Adds Vault version prerelease and metadata to logical.PluginEnvironment (#14851)

* docs: fix formatting on plugin upgrade page (#14874)

* docs: fix formatting on plugin upgrade page

* fix more formatting issues

* Update CC docs (#14714)

* Update CC docs

* Add sample response

* Address review feedback

* Update website/content/api-docs/system/internal-counters.mdx

Co-authored-by: Loann Le <[email protected]>

* Update website/content/api-docs/system/internal-counters.mdx

Co-authored-by: Loann Le <[email protected]>

* Update website/content/api-docs/system/internal-counters.mdx

Co-authored-by: Loann Le <[email protected]>

* Update website/content/api-docs/system/internal-counters.mdx

Co-authored-by: Loann Le <[email protected]>

* Update website/content/api-docs/system/internal-counters.mdx

Co-authored-by: Loann Le <[email protected]>

* Update website/content/api-docs/system/internal-counters.mdx

Co-authored-by: Loann Le <[email protected]>

* Update website/content/api-docs/system/internal-counters.mdx

Co-authored-by: Loann Le <[email protected]>

* Update website/content/api-docs/system/internal-counters.mdx

Co-authored-by: Loann Le <[email protected]>

* Update website/content/api-docs/system/internal-counters.mdx

Co-authored-by: Loann Le <[email protected]>

* Update website/content/api-docs/system/internal-counters.mdx

Co-authored-by: Loann Le <[email protected]>

* Update website/content/api-docs/system/internal-counters.mdx

Co-authored-by: Loann Le <[email protected]>

* Update website/content/api-docs/system/internal-counters.mdx

Co-authored-by: Loann Le <[email protected]>

* Update website/content/api-docs/system/internal-counters.mdx

Co-authored-by: Loann Le <[email protected]>

* Update website/content/api-docs/system/internal-counters.mdx

Co-authored-by: Loann Le <[email protected]>

* Update website/content/api-docs/system/internal-counters.mdx

Co-authored-by: Meggie <[email protected]>

* Update website/content/api-docs/system/internal-counters.mdx

Co-authored-by: Loann Le <[email protected]>

* Update website/content/api-docs/system/internal-counters.mdx

Co-authored-by: Loann Le <[email protected]>

* Minor edits

* Update partial month API

Co-authored-by: Loann Le <[email protected]>
Co-authored-by: Meggie <[email protected]>

* Docs improvements for Managed Keys (#14756)

* Add more color around managed keys in their concepts page, and create additional links between
the various docs pages related to them.

* Typos

* sdk/useragent: plugin version string consistent with Vault version string (#14912)

* clean up (#14911)

* website: fix usages of img tag  (#14910)

* fix usages of img tag and integrate dev-portal workflows

* Adjust Makefile

* remove mount_accessor from the docs (#14927)

* Add extra test coverage to PKI  (#14767)

* Add PKI test for delete role

 - Create a role, validate that defaults are what we expect
   and delete the role, verifying it is gone on subsequent read
   attempts.

* Add PKI test for crl/rotate command

 - Missing a unit test that validates the crl/rotate command works. The test validates the rotate command was successful
   by checking if we have a different/new update time on the CRL.

* Rework PKI TestBackend_PathFetchValidRaw test to not write directly to storage

 - Rework the existing test to not write directly to storage as we might change that in the future.
 - Add tests that validate the ca_chain behaviour of not returning the root authority cert

* PR Feedback

* Additional PR feedback

* Use WriteWithContext in auth helpers (#14775)

* Add ability to pass certificate PEM bytes to vault/api (#14753)

* Respect increment value in grace period calculations (api/LifetimeWatcher) (#14836)

* Mount flag syntax to mitigate confusion from KV-v2 path discrepancies (#14807)

* Add explanation to help text and flag usage text

* KV get with new mount flag

* Clearer naming

* KV Put, Patch, Metadata Get + corresponding tests

* KV Delete, Destroy, Rollback, Undelete, MetadataDelete, MetadataPatch, MetadataPut

* Update KV-v2 docs to use mount flag syntax

* Add changelog

* Run make fmt

* Clarify deprecation message in help string

* Address style comments

* Update vault-plugin-auth-gcp to newest pseudo-version (#14923)

* docs: added hello-vault-spring repo link to developer-qs.mdx. (#14928)

* Update developer-qs.mdx

docs: added link to Java / Spring Boot sample app repo in developer quick start.

* removed space.

* trigger ci

Co-authored-by: taoism4504 <[email protected]>

* OIDC Login Bug (#14916)

* fixes issue logging in with oidc from listed auth path tab

* adds changelog entry

* adds more tests for oidc auth workflow

* updates oidc auth method test to use non-standard path

* Fix handling of SignatureBits for ECDSA issuers (#14943)

When adding SignatureBits control logic, we incorrectly allowed
specification of SignatureBits in the case of an ECDSA issuer. As noted
in the original request, NIST and Mozilla (and others) are fairly
prescriptive in the choice of signatures (matching the size of the
NIST P-curve), and we shouldn't usually use a smaller (or worse, larger
and truncate!) hash.

Ignore the configuration of signature bits and always use autodetection
for ECDSA like ed25519.

Signed-off-by: Alexander Scheel <[email protected]>

* Bug Fix and Glimmerize secret-edit component (#14941)

* inital glimmerize

* wip

* wip

* wip

* fix maybeQueryRecord

* fix

* fix

* fix test

* cleanup

* add changelog

* clean up

* Agent error log level is mismatched (#14424)

* [VAULT-1618] Agent error log level is mismatched

`logLevelToStringPtr` translates `go-hclog`'s `ERROR` to `"ERROR"` for
Consul Template's runner, but that expects `ERR` and is quite strict
about it.

This will address hashicorp/vault-k8s#223
after it is set as the default image in `vault-k8s`.

I didn't find a simple way to test this other than starting up a full
server and agent and letting them run, which is unfortunately fairly
slow.

I confirmed that this addresses the original issue by modifying the helm
chart with the values in this commit and patching the log level to `err`.

* VAULT-1618 Add changelog/14424.txt

* VAULT-1618 Update changelog/14424.txt based on @kalafut suggestion

Co-authored-by: Jim Kalafut <[email protected]>

* VAULT-1618 Move cancel and server stop into defer in tests

* VAULT-1618 Triggering CircleCI tests

* VAULT-1618 Replace ioutil with os functions for agent template tests

Co-authored-by: Jim Kalafut <[email protected]>

* UI/Add months to activity serializer (#14942)

* add mock monthly data to mirage handler

* add months to serializer for activity response

* change selectors

Co-authored-by: Chelsea Shaw <[email protected]>

* clean up serializer

* please stop being flakey <3

Co-authored-by: Chelsea Shaw <[email protected]>

* Revert the WithContext changes to vault tests (#14947)

* adding env var (#14958)

* Fix dead link for JWT supported algorithms (#14953)

* Don't clone OutputCurlString value (#14968)

* Don't clone OutputCurlString value, add flag to docs

* Add changelog

* Ensure initialMmapSize is 0 on Windows (#14977)

* ensure initialMmapSize is 0 on windows

* add changelog

* Vault 3992 documentation changes (#14918)

* doc changes

* adding config changes

* adding chnages to plugins

* using include

* making doc changes

* adding newline

* aws auth displayName (#14954)

* set displayName to include RoleSessionName

* Add Windows error (#14982)

* Warnings indicating ignored and replaced parameters (#14962)

* Warnings indicating ignored and replaced parameters

* Avoid additional var creation

* Add warnings only if the response is non-nil

* Return the response even when error is non-nil

* Fix tests

* Rearrange comments

* Print warning in the log

* Fix another test

* Add CL

* Fix edit capabilities call in auth method (#14966)

* Fix edit capabilities call in auth method

- Capabilities call was not getting triggered correctly as apiPath
  method was missing the correct context.

* Added changelog

* make linting fix

Co-authored-by: Loann Le <[email protected]>
Co-authored-by: Yoko Hyakuna <[email protected]>
Co-authored-by: claire bontempo <[email protected]>
Co-authored-by: Austin Gebauer <[email protected]>
Co-authored-by: akshya96 <[email protected]>
Co-authored-by: Alexander Scheel <[email protected]>
Co-authored-by: Steven Clark <[email protected]>
Co-authored-by: Scott Miller <[email protected]>
Co-authored-by: John-Michael Faircloth <[email protected]>
Co-authored-by: Vishal Nayak <[email protected]>
Co-authored-by: Meggie <[email protected]>
Co-authored-by: Bryce Kalow <[email protected]>
Co-authored-by: Josh Black <[email protected]>
Co-authored-by: Anton Averchenkov <[email protected]>
Co-authored-by: VAL <[email protected]>
Co-authored-by: Robert <[email protected]>
Co-authored-by: mryan-hashi <[email protected]>
Co-authored-by: taoism4504 <[email protected]>
Co-authored-by: Jordan Reimer <[email protected]>
Co-authored-by: Christopher Swenson <[email protected]>
Co-authored-by: Jim Kalafut <[email protected]>
Co-authored-by: Chelsea Shaw <[email protected]>
Co-authored-by: Tom Proctor <[email protected]>
Co-authored-by: Jose Estrada <[email protected]>
Co-authored-by: Arnav Palnitkar <[email protected]>

* skips kmip tests with concurrency issues for now

* changelog

* skips another test

* Remove ModelWrap Component (#15001)

* removes ModelWrap component which was not working in Ember 3.28

* removes kmip test skips

* updates role controller class name

* adds annotations to model-validations file

* pr feedback

* lint fixes after main merge

Co-authored-by: Jordan Reimer <[email protected]>
Co-authored-by: Loann Le <[email protected]>
Co-authored-by: Yoko Hyakuna <[email protected]>
Co-authored-by: claire bontempo <[email protected]>
Co-authored-by: Austin Gebauer <[email protected]>
Co-authored-by: akshya96 <[email protected]>
Co-authored-by: Alexander Scheel <[email protected]>
Co-authored-by: Steven Clark <[email protected]>
Co-authored-by: Scott Miller <[email protected]>
Co-authored-by: John-Michael Faircloth <[email protected]>
Co-authored-by: Vishal Nayak <[email protected]>
Co-authored-by: Meggie <[email protected]>
Co-authored-by: Bryce Kalow <[email protected]>
Co-authored-by: Josh Black <[email protected]>
Co-authored-by: Anton Averchenkov <[email protected]>
Co-authored-by: VAL <[email protected]>
Co-authored-by: Robert <[email protected]>
Co-authored-by: mryan-hashi <[email protected]>
Co-authored-by: taoism4504 <[email protected]>
Co-authored-by: Christopher Swenson <[email protected]>
Co-authored-by: Jim Kalafut <[email protected]>
Co-authored-by: Chelsea Shaw <[email protected]>
Co-authored-by: Tom Proctor <[email protected]>
Co-authored-by: Jose Estrada <[email protected]>
Co-authored-by: Arnav Palnitkar <[email protected]>
schultz-is pushed a commit that referenced this pull request Apr 27, 2022
* initial upgrade running ember-cli-update --to 3.28

* bumps node-sass version

* fragments bump

* fixes overriding errors prop on policy model causing issues

* bumps some addon versions related to Ember Global deprecation warning on build

* bumps back ember-test-selectors version for now

* removes ember-promise-helpers addon and creates await helper

* upgrades ember-template-lint and adds prettier plugin

* Ember 3.28 Upgrade Lint Fixes (#14890)

* fixes js lint errors

* fixes hbs lint errors

* allow multiple node versions for now to get tests runinng

* fixes tests

* Upgrade ember-test-selectors (#14937)

* updates ember-test-selectors, ember-cli-page-object and ember-cli-string-helpers

* adds attributeBindings to classic components with data-test property

* glimmerizes toolbar-link component and removes data-test args

* glimmerizes toolbar-secret-link and secret-link components and removes data-test and class args

* glimmerizes linked-block component

* glimmerizes toggle-button component

* updates toggle-button test

* fixes remaining test selector issues

* comments out test assertions related to cp-validations bug

* adds todo to comment

* Model Validations (#14991)

* adds model-validations decorator and validators util

* converts key-mixin to decorator

* updates models to use validations decorator instead of ember-cp-validations

* updates invocation of model validations

* removes ember-cp-validations

* reverts secret-v2 model updates

* adds initials to TODO comment

* flight-icons (#14993)

* flight-icons

* basic dropdown

* UI/merge main (#14997)

* Vault documentation: changing references from learn to tutorial (#14844)

* changed learn to tutorial references

* changed learn to tutorial

* Update website/content/docs/plugins/plugin-portal.mdx

Co-authored-by: Yoko Hyakuna <[email protected]>

* Update website/content/docs/platform/aws/run.mdx

Co-authored-by: Yoko Hyakuna <[email protected]>

Co-authored-by: Yoko Hyakuna <[email protected]>

* UI/Only show form values if have read access (#14794)

* only show value in edit form if has read capabilities

* revert messing with form

* delete secret data from secret

* add check for selected version

* remove added line

* add changelog

* modified text (#14854)

* fixed a link issue (#14850)

* docs: add known issue to 1.10 release notes (#14859)

* Vault 3999 Change permissions for directory/archive created by debug command  (#14846)

* adding debug changes from ent

* adding changelog

* Vault 3992 ToB Config and Plugins Permissions  (#14817)

* updating changes from ent PR

* adding changelog

* fixing err

* fixing semgrep error

* updated references from learn to tutorial (#14866)

* updated references from learn to tutorial (#14867)

* changed reference from learn to tutorial (#14868)

* Fix handling of default zero SignatureBits value with Any key type in PKI Secrets Engine (#14875)

* Correctly handle minimums, default SignatureBits

When using KeyType = "any" on a role (whether explicitly or implicitly
via a sign-verbatim like operation), we need to update the value of
SignatureBits from its new value 0 to a per-key-type default value. This
will allow sign operations on these paths to function correctly, having
the correctly inferred default signature bit length.

Additionally, this allows the computed default value for key type to be
used for minimum size validation in the RSA/ECDSA paths. We additionally
enforce the 2048-minimum in this case as well.

Signed-off-by: Alexander Scheel <[email protected]>

* Fix defaults and validation of "any" KeyType

When certutil is given the placeholder any keytype, it attempts to
validate and update the default zero value. However, in lacking a
default value for SignatureBits, it cannot update the value from the
zero value, thus causing validation to fail.

Add more awareness to the placeholder "any" value to certutil.

Signed-off-by: Alexander Scheel <[email protected]>

* Add role-based regression tests for key bits

This adds regression tests for Key Type, Key Bits, and Signature Bits
parameters on the role. We test several values, including the "any"
value to ensure it correctly restricts key sizes.

Signed-off-by: Alexander Scheel <[email protected]>

* Add sign-verbatim test for key type

This ensures that we test sign-verbatim against a variety of key types.

Signed-off-by: Alexander Scheel <[email protected]>

* Add changelog entry

Signed-off-by: Alexander Scheel <[email protected]>

Co-authored-by: Steven Clark <[email protected]>

* Subtle docs change for allow_store_key (#14889)

* Subtle docs change for allow_store_key

* errant space

* Adds Vault version prerelease and metadata to logical.PluginEnvironment (#14851)

* docs: fix formatting on plugin upgrade page (#14874)

* docs: fix formatting on plugin upgrade page

* fix more formatting issues

* Update CC docs (#14714)

* Update CC docs

* Add sample response

* Address review feedback

* Update website/content/api-docs/system/internal-counters.mdx

Co-authored-by: Loann Le <[email protected]>

* Update website/content/api-docs/system/internal-counters.mdx

Co-authored-by: Loann Le <[email protected]>

* Update website/content/api-docs/system/internal-counters.mdx

Co-authored-by: Loann Le <[email protected]>

* Update website/content/api-docs/system/internal-counters.mdx

Co-authored-by: Loann Le <[email protected]>

* Update website/content/api-docs/system/internal-counters.mdx

Co-authored-by: Loann Le <[email protected]>

* Update website/content/api-docs/system/internal-counters.mdx

Co-authored-by: Loann Le <[email protected]>

* Update website/content/api-docs/system/internal-counters.mdx

Co-authored-by: Loann Le <[email protected]>

* Update website/content/api-docs/system/internal-counters.mdx

Co-authored-by: Loann Le <[email protected]>

* Update website/content/api-docs/system/internal-counters.mdx

Co-authored-by: Loann Le <[email protected]>

* Update website/content/api-docs/system/internal-counters.mdx

Co-authored-by: Loann Le <[email protected]>

* Update website/content/api-docs/system/internal-counters.mdx

Co-authored-by: Loann Le <[email protected]>

* Update website/content/api-docs/system/internal-counters.mdx

Co-authored-by: Loann Le <[email protected]>

* Update website/content/api-docs/system/internal-counters.mdx

Co-authored-by: Loann Le <[email protected]>

* Update website/content/api-docs/system/internal-counters.mdx

Co-authored-by: Loann Le <[email protected]>

* Update website/content/api-docs/system/internal-counters.mdx

Co-authored-by: Meggie <[email protected]>

* Update website/content/api-docs/system/internal-counters.mdx

Co-authored-by: Loann Le <[email protected]>

* Update website/content/api-docs/system/internal-counters.mdx

Co-authored-by: Loann Le <[email protected]>

* Minor edits

* Update partial month API

Co-authored-by: Loann Le <[email protected]>
Co-authored-by: Meggie <[email protected]>

* Docs improvements for Managed Keys (#14756)

* Add more color around managed keys in their concepts page, and create additional links between
the various docs pages related to them.

* Typos

* sdk/useragent: plugin version string consistent with Vault version string (#14912)

* clean up (#14911)

* website: fix usages of img tag  (#14910)

* fix usages of img tag and integrate dev-portal workflows

* Adjust Makefile

* remove mount_accessor from the docs (#14927)

* Add extra test coverage to PKI  (#14767)

* Add PKI test for delete role

 - Create a role, validate that defaults are what we expect
   and delete the role, verifying it is gone on subsequent read
   attempts.

* Add PKI test for crl/rotate command

 - Missing a unit test that validates the crl/rotate command works. The test validates the rotate command was successful
   by checking if we have a different/new update time on the CRL.

* Rework PKI TestBackend_PathFetchValidRaw test to not write directly to storage

 - Rework the existing test to not write directly to storage as we might change that in the future.
 - Add tests that validate the ca_chain behaviour of not returning the root authority cert

* PR Feedback

* Additional PR feedback

* Use WriteWithContext in auth helpers (#14775)

* Add ability to pass certificate PEM bytes to vault/api (#14753)

* Respect increment value in grace period calculations (api/LifetimeWatcher) (#14836)

* Mount flag syntax to mitigate confusion from KV-v2 path discrepancies (#14807)

* Add explanation to help text and flag usage text

* KV get with new mount flag

* Clearer naming

* KV Put, Patch, Metadata Get + corresponding tests

* KV Delete, Destroy, Rollback, Undelete, MetadataDelete, MetadataPatch, MetadataPut

* Update KV-v2 docs to use mount flag syntax

* Add changelog

* Run make fmt

* Clarify deprecation message in help string

* Address style comments

* Update vault-plugin-auth-gcp to newest pseudo-version (#14923)

* docs: added hello-vault-spring repo link to developer-qs.mdx. (#14928)

* Update developer-qs.mdx

docs: added link to Java / Spring Boot sample app repo in developer quick start.

* removed space.

* trigger ci

Co-authored-by: taoism4504 <[email protected]>

* OIDC Login Bug (#14916)

* fixes issue logging in with oidc from listed auth path tab

* adds changelog entry

* adds more tests for oidc auth workflow

* updates oidc auth method test to use non-standard path

* Fix handling of SignatureBits for ECDSA issuers (#14943)

When adding SignatureBits control logic, we incorrectly allowed
specification of SignatureBits in the case of an ECDSA issuer. As noted
in the original request, NIST and Mozilla (and others) are fairly
prescriptive in the choice of signatures (matching the size of the
NIST P-curve), and we shouldn't usually use a smaller (or worse, larger
and truncate!) hash.

Ignore the configuration of signature bits and always use autodetection
for ECDSA like ed25519.

Signed-off-by: Alexander Scheel <[email protected]>

* Bug Fix and Glimmerize secret-edit component (#14941)

* inital glimmerize

* wip

* wip

* wip

* fix maybeQueryRecord

* fix

* fix

* fix test

* cleanup

* add changelog

* clean up

* Agent error log level is mismatched (#14424)

* [VAULT-1618] Agent error log level is mismatched

`logLevelToStringPtr` translates `go-hclog`'s `ERROR` to `"ERROR"` for
Consul Template's runner, but that expects `ERR` and is quite strict
about it.

This will address hashicorp/vault-k8s#223
after it is set as the default image in `vault-k8s`.

I didn't find a simple way to test this other than starting up a full
server and agent and letting them run, which is unfortunately fairly
slow.

I confirmed that this addresses the original issue by modifying the helm
chart with the values in this commit and patching the log level to `err`.

* VAULT-1618 Add changelog/14424.txt

* VAULT-1618 Update changelog/14424.txt based on @kalafut suggestion

Co-authored-by: Jim Kalafut <[email protected]>

* VAULT-1618 Move cancel and server stop into defer in tests

* VAULT-1618 Triggering CircleCI tests

* VAULT-1618 Replace ioutil with os functions for agent template tests

Co-authored-by: Jim Kalafut <[email protected]>

* UI/Add months to activity serializer (#14942)

* add mock monthly data to mirage handler

* add months to serializer for activity response

* change selectors

Co-authored-by: Chelsea Shaw <[email protected]>

* clean up serializer

* please stop being flakey <3

Co-authored-by: Chelsea Shaw <[email protected]>

* Revert the WithContext changes to vault tests (#14947)

* adding env var (#14958)

* Fix dead link for JWT supported algorithms (#14953)

* Don't clone OutputCurlString value (#14968)

* Don't clone OutputCurlString value, add flag to docs

* Add changelog

* Ensure initialMmapSize is 0 on Windows (#14977)

* ensure initialMmapSize is 0 on windows

* add changelog

* Vault 3992 documentation changes (#14918)

* doc changes

* adding config changes

* adding chnages to plugins

* using include

* making doc changes

* adding newline

* aws auth displayName (#14954)

* set displayName to include RoleSessionName

* Add Windows error (#14982)

* Warnings indicating ignored and replaced parameters (#14962)

* Warnings indicating ignored and replaced parameters

* Avoid additional var creation

* Add warnings only if the response is non-nil

* Return the response even when error is non-nil

* Fix tests

* Rearrange comments

* Print warning in the log

* Fix another test

* Add CL

* Fix edit capabilities call in auth method (#14966)

* Fix edit capabilities call in auth method

- Capabilities call was not getting triggered correctly as apiPath
  method was missing the correct context.

* Added changelog

* make linting fix

Co-authored-by: Loann Le <[email protected]>
Co-authored-by: Yoko Hyakuna <[email protected]>
Co-authored-by: claire bontempo <[email protected]>
Co-authored-by: Austin Gebauer <[email protected]>
Co-authored-by: akshya96 <[email protected]>
Co-authored-by: Alexander Scheel <[email protected]>
Co-authored-by: Steven Clark <[email protected]>
Co-authored-by: Scott Miller <[email protected]>
Co-authored-by: John-Michael Faircloth <[email protected]>
Co-authored-by: Vishal Nayak <[email protected]>
Co-authored-by: Meggie <[email protected]>
Co-authored-by: Bryce Kalow <[email protected]>
Co-authored-by: Josh Black <[email protected]>
Co-authored-by: Anton Averchenkov <[email protected]>
Co-authored-by: VAL <[email protected]>
Co-authored-by: Robert <[email protected]>
Co-authored-by: mryan-hashi <[email protected]>
Co-authored-by: taoism4504 <[email protected]>
Co-authored-by: Jordan Reimer <[email protected]>
Co-authored-by: Christopher Swenson <[email protected]>
Co-authored-by: Jim Kalafut <[email protected]>
Co-authored-by: Chelsea Shaw <[email protected]>
Co-authored-by: Tom Proctor <[email protected]>
Co-authored-by: Jose Estrada <[email protected]>
Co-authored-by: Arnav Palnitkar <[email protected]>

* skips kmip tests with concurrency issues for now

* changelog

* skips another test

* Remove ModelWrap Component (#15001)

* removes ModelWrap component which was not working in Ember 3.28

* removes kmip test skips

* updates role controller class name

* adds annotations to model-validations file

* pr feedback

* lint fixes after main merge

Co-authored-by: Jordan Reimer <[email protected]>
Co-authored-by: Loann Le <[email protected]>
Co-authored-by: Yoko Hyakuna <[email protected]>
Co-authored-by: claire bontempo <[email protected]>
Co-authored-by: Austin Gebauer <[email protected]>
Co-authored-by: akshya96 <[email protected]>
Co-authored-by: Alexander Scheel <[email protected]>
Co-authored-by: Steven Clark <[email protected]>
Co-authored-by: Scott Miller <[email protected]>
Co-authored-by: John-Michael Faircloth <[email protected]>
Co-authored-by: Vishal Nayak <[email protected]>
Co-authored-by: Meggie <[email protected]>
Co-authored-by: Bryce Kalow <[email protected]>
Co-authored-by: Josh Black <[email protected]>
Co-authored-by: Anton Averchenkov <[email protected]>
Co-authored-by: VAL <[email protected]>
Co-authored-by: Robert <[email protected]>
Co-authored-by: mryan-hashi <[email protected]>
Co-authored-by: taoism4504 <[email protected]>
Co-authored-by: Christopher Swenson <[email protected]>
Co-authored-by: Jim Kalafut <[email protected]>
Co-authored-by: Chelsea Shaw <[email protected]>
Co-authored-by: Tom Proctor <[email protected]>
Co-authored-by: Jose Estrada <[email protected]>
Co-authored-by: Arnav Palnitkar <[email protected]>
schultz-is pushed a commit that referenced this pull request May 2, 2022
* initial upgrade running ember-cli-update --to 3.28

* bumps node-sass version

* fragments bump

* fixes overriding errors prop on policy model causing issues

* bumps some addon versions related to Ember Global deprecation warning on build

* bumps back ember-test-selectors version for now

* removes ember-promise-helpers addon and creates await helper

* upgrades ember-template-lint and adds prettier plugin

* Ember 3.28 Upgrade Lint Fixes (#14890)

* fixes js lint errors

* fixes hbs lint errors

* allow multiple node versions for now to get tests runinng

* fixes tests

* Upgrade ember-test-selectors (#14937)

* updates ember-test-selectors, ember-cli-page-object and ember-cli-string-helpers

* adds attributeBindings to classic components with data-test property

* glimmerizes toolbar-link component and removes data-test args

* glimmerizes toolbar-secret-link and secret-link components and removes data-test and class args

* glimmerizes linked-block component

* glimmerizes toggle-button component

* updates toggle-button test

* fixes remaining test selector issues

* comments out test assertions related to cp-validations bug

* adds todo to comment

* Model Validations (#14991)

* adds model-validations decorator and validators util

* converts key-mixin to decorator

* updates models to use validations decorator instead of ember-cp-validations

* updates invocation of model validations

* removes ember-cp-validations

* reverts secret-v2 model updates

* adds initials to TODO comment

* flight-icons (#14993)

* flight-icons

* basic dropdown

* UI/merge main (#14997)

* Vault documentation: changing references from learn to tutorial (#14844)

* changed learn to tutorial references

* changed learn to tutorial

* Update website/content/docs/plugins/plugin-portal.mdx

Co-authored-by: Yoko Hyakuna <[email protected]>

* Update website/content/docs/platform/aws/run.mdx

Co-authored-by: Yoko Hyakuna <[email protected]>

Co-authored-by: Yoko Hyakuna <[email protected]>

* UI/Only show form values if have read access (#14794)

* only show value in edit form if has read capabilities

* revert messing with form

* delete secret data from secret

* add check for selected version

* remove added line

* add changelog

* modified text (#14854)

* fixed a link issue (#14850)

* docs: add known issue to 1.10 release notes (#14859)

* Vault 3999 Change permissions for directory/archive created by debug command  (#14846)

* adding debug changes from ent

* adding changelog

* Vault 3992 ToB Config and Plugins Permissions  (#14817)

* updating changes from ent PR

* adding changelog

* fixing err

* fixing semgrep error

* updated references from learn to tutorial (#14866)

* updated references from learn to tutorial (#14867)

* changed reference from learn to tutorial (#14868)

* Fix handling of default zero SignatureBits value with Any key type in PKI Secrets Engine (#14875)

* Correctly handle minimums, default SignatureBits

When using KeyType = "any" on a role (whether explicitly or implicitly
via a sign-verbatim like operation), we need to update the value of
SignatureBits from its new value 0 to a per-key-type default value. This
will allow sign operations on these paths to function correctly, having
the correctly inferred default signature bit length.

Additionally, this allows the computed default value for key type to be
used for minimum size validation in the RSA/ECDSA paths. We additionally
enforce the 2048-minimum in this case as well.

Signed-off-by: Alexander Scheel <[email protected]>

* Fix defaults and validation of "any" KeyType

When certutil is given the placeholder any keytype, it attempts to
validate and update the default zero value. However, in lacking a
default value for SignatureBits, it cannot update the value from the
zero value, thus causing validation to fail.

Add more awareness to the placeholder "any" value to certutil.

Signed-off-by: Alexander Scheel <[email protected]>

* Add role-based regression tests for key bits

This adds regression tests for Key Type, Key Bits, and Signature Bits
parameters on the role. We test several values, including the "any"
value to ensure it correctly restricts key sizes.

Signed-off-by: Alexander Scheel <[email protected]>

* Add sign-verbatim test for key type

This ensures that we test sign-verbatim against a variety of key types.

Signed-off-by: Alexander Scheel <[email protected]>

* Add changelog entry

Signed-off-by: Alexander Scheel <[email protected]>

Co-authored-by: Steven Clark <[email protected]>

* Subtle docs change for allow_store_key (#14889)

* Subtle docs change for allow_store_key

* errant space

* Adds Vault version prerelease and metadata to logical.PluginEnvironment (#14851)

* docs: fix formatting on plugin upgrade page (#14874)

* docs: fix formatting on plugin upgrade page

* fix more formatting issues

* Update CC docs (#14714)

* Update CC docs

* Add sample response

* Address review feedback

* Update website/content/api-docs/system/internal-counters.mdx

Co-authored-by: Loann Le <[email protected]>

* Update website/content/api-docs/system/internal-counters.mdx

Co-authored-by: Loann Le <[email protected]>

* Update website/content/api-docs/system/internal-counters.mdx

Co-authored-by: Loann Le <[email protected]>

* Update website/content/api-docs/system/internal-counters.mdx

Co-authored-by: Loann Le <[email protected]>

* Update website/content/api-docs/system/internal-counters.mdx

Co-authored-by: Loann Le <[email protected]>

* Update website/content/api-docs/system/internal-counters.mdx

Co-authored-by: Loann Le <[email protected]>

* Update website/content/api-docs/system/internal-counters.mdx

Co-authored-by: Loann Le <[email protected]>

* Update website/content/api-docs/system/internal-counters.mdx

Co-authored-by: Loann Le <[email protected]>

* Update website/content/api-docs/system/internal-counters.mdx

Co-authored-by: Loann Le <[email protected]>

* Update website/content/api-docs/system/internal-counters.mdx

Co-authored-by: Loann Le <[email protected]>

* Update website/content/api-docs/system/internal-counters.mdx

Co-authored-by: Loann Le <[email protected]>

* Update website/content/api-docs/system/internal-counters.mdx

Co-authored-by: Loann Le <[email protected]>

* Update website/content/api-docs/system/internal-counters.mdx

Co-authored-by: Loann Le <[email protected]>

* Update website/content/api-docs/system/internal-counters.mdx

Co-authored-by: Loann Le <[email protected]>

* Update website/content/api-docs/system/internal-counters.mdx

Co-authored-by: Meggie <[email protected]>

* Update website/content/api-docs/system/internal-counters.mdx

Co-authored-by: Loann Le <[email protected]>

* Update website/content/api-docs/system/internal-counters.mdx

Co-authored-by: Loann Le <[email protected]>

* Minor edits

* Update partial month API

Co-authored-by: Loann Le <[email protected]>
Co-authored-by: Meggie <[email protected]>

* Docs improvements for Managed Keys (#14756)

* Add more color around managed keys in their concepts page, and create additional links between
the various docs pages related to them.

* Typos

* sdk/useragent: plugin version string consistent with Vault version string (#14912)

* clean up (#14911)

* website: fix usages of img tag  (#14910)

* fix usages of img tag and integrate dev-portal workflows

* Adjust Makefile

* remove mount_accessor from the docs (#14927)

* Add extra test coverage to PKI  (#14767)

* Add PKI test for delete role

 - Create a role, validate that defaults are what we expect
   and delete the role, verifying it is gone on subsequent read
   attempts.

* Add PKI test for crl/rotate command

 - Missing a unit test that validates the crl/rotate command works. The test validates the rotate command was successful
   by checking if we have a different/new update time on the CRL.

* Rework PKI TestBackend_PathFetchValidRaw test to not write directly to storage

 - Rework the existing test to not write directly to storage as we might change that in the future.
 - Add tests that validate the ca_chain behaviour of not returning the root authority cert

* PR Feedback

* Additional PR feedback

* Use WriteWithContext in auth helpers (#14775)

* Add ability to pass certificate PEM bytes to vault/api (#14753)

* Respect increment value in grace period calculations (api/LifetimeWatcher) (#14836)

* Mount flag syntax to mitigate confusion from KV-v2 path discrepancies (#14807)

* Add explanation to help text and flag usage text

* KV get with new mount flag

* Clearer naming

* KV Put, Patch, Metadata Get + corresponding tests

* KV Delete, Destroy, Rollback, Undelete, MetadataDelete, MetadataPatch, MetadataPut

* Update KV-v2 docs to use mount flag syntax

* Add changelog

* Run make fmt

* Clarify deprecation message in help string

* Address style comments

* Update vault-plugin-auth-gcp to newest pseudo-version (#14923)

* docs: added hello-vault-spring repo link to developer-qs.mdx. (#14928)

* Update developer-qs.mdx

docs: added link to Java / Spring Boot sample app repo in developer quick start.

* removed space.

* trigger ci

Co-authored-by: taoism4504 <[email protected]>

* OIDC Login Bug (#14916)

* fixes issue logging in with oidc from listed auth path tab

* adds changelog entry

* adds more tests for oidc auth workflow

* updates oidc auth method test to use non-standard path

* Fix handling of SignatureBits for ECDSA issuers (#14943)

When adding SignatureBits control logic, we incorrectly allowed
specification of SignatureBits in the case of an ECDSA issuer. As noted
in the original request, NIST and Mozilla (and others) are fairly
prescriptive in the choice of signatures (matching the size of the
NIST P-curve), and we shouldn't usually use a smaller (or worse, larger
and truncate!) hash.

Ignore the configuration of signature bits and always use autodetection
for ECDSA like ed25519.

Signed-off-by: Alexander Scheel <[email protected]>

* Bug Fix and Glimmerize secret-edit component (#14941)

* inital glimmerize

* wip

* wip

* wip

* fix maybeQueryRecord

* fix

* fix

* fix test

* cleanup

* add changelog

* clean up

* Agent error log level is mismatched (#14424)

* [VAULT-1618] Agent error log level is mismatched

`logLevelToStringPtr` translates `go-hclog`'s `ERROR` to `"ERROR"` for
Consul Template's runner, but that expects `ERR` and is quite strict
about it.

This will address hashicorp/vault-k8s#223
after it is set as the default image in `vault-k8s`.

I didn't find a simple way to test this other than starting up a full
server and agent and letting them run, which is unfortunately fairly
slow.

I confirmed that this addresses the original issue by modifying the helm
chart with the values in this commit and patching the log level to `err`.

* VAULT-1618 Add changelog/14424.txt

* VAULT-1618 Update changelog/14424.txt based on @kalafut suggestion

Co-authored-by: Jim Kalafut <[email protected]>

* VAULT-1618 Move cancel and server stop into defer in tests

* VAULT-1618 Triggering CircleCI tests

* VAULT-1618 Replace ioutil with os functions for agent template tests

Co-authored-by: Jim Kalafut <[email protected]>

* UI/Add months to activity serializer (#14942)

* add mock monthly data to mirage handler

* add months to serializer for activity response

* change selectors

Co-authored-by: Chelsea Shaw <[email protected]>

* clean up serializer

* please stop being flakey <3

Co-authored-by: Chelsea Shaw <[email protected]>

* Revert the WithContext changes to vault tests (#14947)

* adding env var (#14958)

* Fix dead link for JWT supported algorithms (#14953)

* Don't clone OutputCurlString value (#14968)

* Don't clone OutputCurlString value, add flag to docs

* Add changelog

* Ensure initialMmapSize is 0 on Windows (#14977)

* ensure initialMmapSize is 0 on windows

* add changelog

* Vault 3992 documentation changes (#14918)

* doc changes

* adding config changes

* adding chnages to plugins

* using include

* making doc changes

* adding newline

* aws auth displayName (#14954)

* set displayName to include RoleSessionName

* Add Windows error (#14982)

* Warnings indicating ignored and replaced parameters (#14962)

* Warnings indicating ignored and replaced parameters

* Avoid additional var creation

* Add warnings only if the response is non-nil

* Return the response even when error is non-nil

* Fix tests

* Rearrange comments

* Print warning in the log

* Fix another test

* Add CL

* Fix edit capabilities call in auth method (#14966)

* Fix edit capabilities call in auth method

- Capabilities call was not getting triggered correctly as apiPath
  method was missing the correct context.

* Added changelog

* make linting fix

Co-authored-by: Loann Le <[email protected]>
Co-authored-by: Yoko Hyakuna <[email protected]>
Co-authored-by: claire bontempo <[email protected]>
Co-authored-by: Austin Gebauer <[email protected]>
Co-authored-by: akshya96 <[email protected]>
Co-authored-by: Alexander Scheel <[email protected]>
Co-authored-by: Steven Clark <[email protected]>
Co-authored-by: Scott Miller <[email protected]>
Co-authored-by: John-Michael Faircloth <[email protected]>
Co-authored-by: Vishal Nayak <[email protected]>
Co-authored-by: Meggie <[email protected]>
Co-authored-by: Bryce Kalow <[email protected]>
Co-authored-by: Josh Black <[email protected]>
Co-authored-by: Anton Averchenkov <[email protected]>
Co-authored-by: VAL <[email protected]>
Co-authored-by: Robert <[email protected]>
Co-authored-by: mryan-hashi <[email protected]>
Co-authored-by: taoism4504 <[email protected]>
Co-authored-by: Jordan Reimer <[email protected]>
Co-authored-by: Christopher Swenson <[email protected]>
Co-authored-by: Jim Kalafut <[email protected]>
Co-authored-by: Chelsea Shaw <[email protected]>
Co-authored-by: Tom Proctor <[email protected]>
Co-authored-by: Jose Estrada <[email protected]>
Co-authored-by: Arnav Palnitkar <[email protected]>

* skips kmip tests with concurrency issues for now

* changelog

* skips another test

* Remove ModelWrap Component (#15001)

* removes ModelWrap component which was not working in Ember 3.28

* removes kmip test skips

* updates role controller class name

* adds annotations to model-validations file

* pr feedback

* lint fixes after main merge

Co-authored-by: Jordan Reimer <[email protected]>
Co-authored-by: Loann Le <[email protected]>
Co-authored-by: Yoko Hyakuna <[email protected]>
Co-authored-by: claire bontempo <[email protected]>
Co-authored-by: Austin Gebauer <[email protected]>
Co-authored-by: akshya96 <[email protected]>
Co-authored-by: Alexander Scheel <[email protected]>
Co-authored-by: Steven Clark <[email protected]>
Co-authored-by: Scott Miller <[email protected]>
Co-authored-by: John-Michael Faircloth <[email protected]>
Co-authored-by: Vishal Nayak <[email protected]>
Co-authored-by: Meggie <[email protected]>
Co-authored-by: Bryce Kalow <[email protected]>
Co-authored-by: Josh Black <[email protected]>
Co-authored-by: Anton Averchenkov <[email protected]>
Co-authored-by: VAL <[email protected]>
Co-authored-by: Robert <[email protected]>
Co-authored-by: mryan-hashi <[email protected]>
Co-authored-by: taoism4504 <[email protected]>
Co-authored-by: Christopher Swenson <[email protected]>
Co-authored-by: Jim Kalafut <[email protected]>
Co-authored-by: Chelsea Shaw <[email protected]>
Co-authored-by: Tom Proctor <[email protected]>
Co-authored-by: Jose Estrada <[email protected]>
Co-authored-by: Arnav Palnitkar <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

LIfetime Watcher Ignores "increment" when computing grace period.
3 participants