Changelogify and fix some minor website bits
This commit is contained in:
Jeff Mitchell
parent
17460461a0
commit
52cb8234a6
|
|
@ -21,6 +21,8 @@ IMPROVEMENTS:
|
|||
|
||||
* api: Close renewer's doneCh when the renewer is stopped, so that programs
|
||||
expecting a final value through doneCh behave correctly [GH-4472]
|
||||
* auth/cert: Break out `allowed_names` into component parts and add
|
||||
`allowed_uri_sans` [GH-4231]
|
||||
* cli: `vault login` now supports a `-no-print` flag to suppress printing
|
||||
token information but still allow storing into the token helper [GH-4454]
|
||||
* core/pkcs11 (enterprise): Add support for CKM_AES_CBS_PAD, CKM_RSA_PKCS, and
|
||||
|
|
|
|||
|
|
@ -29,39 +29,38 @@ Sets a CA cert and associated parameters in a role name.
|
|||
|
||||
- `name` `(string: <required>)` - The name of the certificate role.
|
||||
- `certificate` `(string: <required>)` - The PEM-format CA certificate.
|
||||
- `allowed_names` `(string: "")` - Constrain the Common and Alternative Names in
|
||||
the client certificate with a [globbed pattern]
|
||||
- `allowed_names` `(string: "")` - DEPRECATED: Please use the individual
|
||||
`allowed_X_sans` parameters instead. Constrain the Common and Alternative
|
||||
Names in the client certificate with a [globbed pattern]
|
||||
(https://github.com/ryanuber/go-glob/blob/master/README.md#example). Value is
|
||||
a comma-separated list of patterns. Authentication requires at least one Name
|
||||
matching at least one pattern. If not set, defaults to allowing all names.
|
||||
Note: This parameter is deprecated please use individual parameters
|
||||
allowed_common_names, allowed_dns_sans, allowed_email_sans, allowed_uri_sans,
|
||||
required_extensions
|
||||
- `allowed_common_names` `(string: "")` - Constrain the Common Names in
|
||||
the client certificate with a [globbed pattern]
|
||||
- `allowed_common_names` `(string: "" or array: [])` - Constrain the Common
|
||||
Names in the client certificate with a [globbed pattern]
|
||||
(https://github.com/ryanuber/go-glob/blob/master/README.md#example). Value is
|
||||
a comma-separated list of patterns. Authentication requires at least one Name
|
||||
matching at least one pattern. If not set, defaults to allowing all names.
|
||||
- `allowed_dns_sans` `(string: "")` - Constrain the Alternative Names in
|
||||
the client certificate with a [globbed pattern]
|
||||
- `allowed_dns_sans` `(string: "" or array: [])` - Constrain the Alternative
|
||||
Names in the client certificate with a [globbed pattern]
|
||||
(https://github.com/ryanuber/go-glob/blob/master/README.md#example). Value is
|
||||
a comma-separated list of patterns. Authentication requires at least one DNS
|
||||
matching at least one pattern. If not set, defaults to allowing all dns.
|
||||
- `allowed_email_sans` `(string: "")` - Constrain the Alternative Names in
|
||||
the client certificate with a [globbed pattern]
|
||||
- `allowed_email_sans` `(string: "" or array: [])` - Constrain the Alternative
|
||||
Names in the client certificate with a [globbed pattern]
|
||||
(https://github.com/ryanuber/go-glob/blob/master/README.md#example). Value is
|
||||
a comma-separated list of patterns. Authentication requires at least one Email
|
||||
matching at least one pattern. If not set, defaults to allowing all emails.
|
||||
- `allowed_uri_sans` `(string: "")` - Constrain the Alternative Names in
|
||||
the client certificate with a [globbed pattern]
|
||||
a comma-separated list of patterns. Authentication requires at least one
|
||||
Email matching at least one pattern. If not set, defaults to allowing all
|
||||
emails.
|
||||
- `allowed_uri_sans` `(string: "" or array: [])` - Constrain the Alternative
|
||||
Names in the client certificate with a [globbed pattern]
|
||||
(https://github.com/ryanuber/go-glob/blob/master/README.md#example). Value is
|
||||
a comma-separated list of URI patterns. Authentication requires at least one URI
|
||||
matching at least one pattern. If not set, defaults to allowing all URIs.
|
||||
- `required_extensions` `(string: "" or array:[])` - Require specific Custom
|
||||
Extension OIDs to exist and match the pattern. Value is a comma separated
|
||||
string or array of `oid:value`. Expects the extension value to be some type
|
||||
of ASN1 encoded string. All conditions _must_ be met. Supports globbing on
|
||||
`value`.
|
||||
a comma-separated list of URI patterns. Authentication requires at least one
|
||||
URI matching at least one pattern. If not set, defaults to allowing all URIs.
|
||||
- `required_extensions` `(string: "" or array: [])` - Require specific Custom
|
||||
Extension OIDs to exist and match the pattern. Value is a comma separated
|
||||
string or array of `oid:value`. Expects the extension value to be some type
|
||||
of ASN1 encoded string. All conditions _must_ be met. Supports globbing on
|
||||
`value`.
|
||||
- `policies` `(string: "")` - A comma-separated list of policies to set on
|
||||
tokens issued when authenticating against this CA certificate.
|
||||
- `display_name` `(string: "")` - The `display_name` to set on tokens issued
|
||||
|
|
|
|||
Loading…
Reference in New Issue