From c3c253e76cee9a2b54f4db48ee2f7224bce1c9f5 Mon Sep 17 00:00:00 2001 From: ncabatoff Date: Mon, 27 Jul 2020 11:36:17 -0400 Subject: [PATCH] Add upgrade note for okta issue. (#9587) --- website/pages/docs/upgrading/upgrade-to-1.4.0.mdx | 1 + website/pages/docs/upgrading/upgrade-to-1.5.0.mdx | 8 ++++---- website/pages/partials/okta-group-pagination.mdx | 8 ++++++++ 3 files changed, 13 insertions(+), 4 deletions(-) create mode 100644 website/pages/partials/okta-group-pagination.mdx diff --git a/website/pages/docs/upgrading/upgrade-to-1.4.0.mdx b/website/pages/docs/upgrading/upgrade-to-1.4.0.mdx index ac50d62bf..3e7593c52 100644 --- a/website/pages/docs/upgrading/upgrade-to-1.4.0.mdx +++ b/website/pages/docs/upgrading/upgrade-to-1.4.0.mdx @@ -18,3 +18,4 @@ for Vault 1.3.X compared to 1.4.0. Please read it carefully. @include 'partials/ldap-upndomain-issue.mdx' +@include 'partials/okta-group-pagination.mdx' diff --git a/website/pages/docs/upgrading/upgrade-to-1.5.0.mdx b/website/pages/docs/upgrading/upgrade-to-1.5.0.mdx index 6e791d99a..560451957 100644 --- a/website/pages/docs/upgrading/upgrade-to-1.5.0.mdx +++ b/website/pages/docs/upgrading/upgrade-to-1.5.0.mdx @@ -25,9 +25,7 @@ that allows for operators to sample the entry size, view the average, and adjust the configuration value as necessary. For additional details, please see [Raft configuration](/docs/configuration/storage/raft). -## Known Issues - -### Enabling telemetry on 32-bit systems will cause Vault to crash. +## Enabling telemetry on 32-bit systems will cause Vault to crash. A workaround for this issue is to disable collection of usage gauges in the [telemetry](/docs/configuration/telemetry) stanza of the configuration. @@ -44,7 +42,7 @@ This will suppress the metrics `vault.identity.entity.count`, `vault.token.count.by_policy`, `vault.token.count.by_ttl` and `vault.secret.kv.count` that were introduced in version 1.5.0, but all other Vault telemetry will remain available. -### Non-string values in seal config prevent startup +## Non-string values in seal config prevent startup Any values in the [Seal configuration stanza](/docs/configuration/seal) that are not quoted strings yield a parse error of the form: @@ -63,3 +61,5 @@ The workaround is to quote the strings in question, as in: ``` mechanism = "0x1082" ``` + +@include 'partials/okta-group-pagination.mdx' diff --git a/website/pages/partials/okta-group-pagination.mdx b/website/pages/partials/okta-group-pagination.mdx new file mode 100644 index 000000000..8f5adf9d5 --- /dev/null +++ b/website/pages/partials/okta-group-pagination.mdx @@ -0,0 +1,8 @@ +## Okta auth with > 200 groups + +In 1.4.0 Vault started using the official Okta Go client library. Unlike +the previous Okta library it used, the official library doesn't automatically +handle pagination when there are more than 200 groups listed. If a user +associated with more than 200 Okta groups logs in, only 200 of them will be +seen by Vault. The fix is [#9580](https://github.com/hashicorp/vault/pull/9580) +and will eventually appear in 1.4.x and 1.5.x point releases.