luxolus/open-vault
2
0
Fork 0
Code Issues 1 Pull requests Releases Activity
11698 commits 1 branch 0 tags 214 MiB
Commit graph

11698 commits

This branch
This branch
All branches
Author SHA1 Message Date
Clint da5a193769
Update CHANGELOG.md 2020-02-05 13:53:34 -06:00
Clint 074f897ae4
secret/database: Guard against panic with InfluxDB plugin (#8282) 
* database/influx: fix panic when trying to revoke user

Guard against other nil responses

* return an error if response is nil, which is unlikely but best safe than sorry

* refactor a deeply nested statement into a function
 2020-02-05 13:49:02 -06:00
ncabatoff 2c8b012d14
Changes needed so that benchmark-vault can run with Prometheus monitoring (#8295) 2020-02-05 13:45:16 -05:00
Jim Kalafut 053a06bcfa
Add links to changelog Github references (#8293) 
Co-authored-by: Daniel Spangenberg <daniel@spangenberg.io>
 2020-02-05 08:28:19 -08:00
Daniel Spangenberg 058ee30a62
changelog++ 2020-02-05 10:56:18 +01:00
Dan Lafeir fe80e136da
Add a specific reference to AWS IAM Unique Identifiers (#8209) 
* Add specification about AWS IAM Unique Identifiers

We experienced an issue where IAM roles resources were re-provisioned with the same ARNs and no change had been made to our vault role configuration but users lost access with `-method=aws`. It wasn't immediately clear to us how IAM Unique Identifiers where being used to avoid the same situations outlined in the AWS documentation. We eventually concluded that re-provisioning the roles in our auth/aws/auth would fetch the new IAM Unique Identifiers. 

I hope that this small amendment helps people avoid this problem in the future.
 2020-02-04 15:31:48 -08:00
Jamie Finnigan fa2544cf5e
fix <name> entity encoding for Secrets Engines Metrics section (#8290) 2020-02-04 15:06:10 -08:00
Daniel Spangenberg 415303cc02
Allow FQDNs in DNS Name for PKI Secrets Engine (#8288) 
Fixes #4837
 2020-02-04 23:46:38 +01:00
Becca Petrin 0ae91882d6
changelog++ 2020-02-04 13:08:10 -08:00
Michael Golowka ad27f2f29e
Update changelog with database plugin bugfixes 
Fixes from GH-8240:
- fix inconsistent parameter names
- fix mysql so default static credential rotation statements are used
 2020-02-03 13:59:23 -07:00
Michael Golowka 70bcd2cc05
plugins/database: Allow both {{name}} and {{username}} in MySQL & Postgres (#8240) 
* Allow {{name}} or {{username}} in psql templates

* Fix default rotation bug; allow {{user}} and {{username}}
 2020-02-03 13:57:28 -07:00
glerb 4f25ed2b08
Improve clarity of IAM flow explanation (#8275) 2020-02-03 10:14:09 -08:00
ncabatoff fd38bc5b76
changelog++ 2020-02-03 12:52:28 -05:00
ncabatoff 03b14d8a64
Upgrade okta sdk lib (#8143) 
Upgrade to new official Okta sdk lib.  Since it requires an API token, use old unofficial okta lib for no-apitoken case. 

Update test to use newer field names.  Remove obsolete test invalidated by #4798.  Properly handle case where an error was expected and didn't occur.
 2020-02-03 12:51:10 -05:00
Calvin Leung Huang 1561c69b1f
ci: add context to website-docker-image job (#8272) 
* ci: add context to website-docker-image job

* ci: test context value

* ci: revert test context value
 2020-02-03 09:04:33 -08:00
ncabatoff 6ce2066f2d
changelog++ 2020-02-03 12:01:11 -05:00
ncabatoff 29bad6ae9c
changelog++ 2020-02-03 11:56:07 -05:00
ncabatoff 23c13f24f0
Ensure that http_raw_body is always passed to the audit redaction system as a string 
Before this it was passed as a []byte, which doesn't get HMAC'd.  The original non-HMACing behaviour can be obtained by adding "http_raw_body" to audit_non_hmac_response_keys. (#8130)
 2020-02-03 11:53:02 -05:00
Sebastien Williams-Wynn 9f99ff4912
Fix minor typo in doc string (#8277) 2020-02-02 20:12:59 +01:00
Becca Petrin 4ec92e2e9f
Update gen_openapi.sh (#8273) 
* enable more auth backends in openapi gen

* cf and pcf are the same, with cf being preferred
 2020-01-31 16:05:39 -08:00
Jeff Escalante 9dd1a863c0
update dependencies (#8271) 2020-01-31 14:27:39 -05:00
Jason O'Donnell 8f2347f93a
docs: update vault k8s to 0.2.0 (#8269) 
* doc: update vault-k8s to 0.2.0

* Add debugging note
 2020-01-31 11:22:39 -05:00
ncabatoff 30d262f149
Fix flaky test of api renewer by moving away from legacy api. (#8265) 2020-01-30 15:12:21 -05:00
Vitaly Velikodny 230c53d18b
Clean AlibabaCloud physical backend code (#8186) 2020-01-30 12:08:24 -08:00
Jim Kalafut 47818c4a84
Update GH issue template to point to forum (#8226) 2020-01-30 11:39:46 -08:00
Daniel Spangenberg 1c1d93a21c
Fix default max_open_connections for db plugins (#8262) 2020-01-30 17:33:04 +01:00
Sarai 74a6d02a89
Fix broken link (#8259) 
- https://www.vaultproject.io/api/secret/pki/index.html#create-update-role
- https://www.vaultproject.io/api/secret/pki/index.html#createupdate-role
 2020-01-30 08:12:24 -08:00
ncabatoff 523ff80287
Removing timing-dependent aspects of test. (#8261) 2020-01-30 11:02:48 -05:00
Clint 7528056038
Changelog++ 2020-01-30 09:11:54 -06:00
Alex Antonov 3457d383ba
Added flag to disable X-Vault-Token header proxy if client passes the token (#8101) 
* Added flag to disable X-Vault-Token header proxy if client passes the token

* Reveresed the flag value to better match the name intent

* Introduced UseAutoAuthTokenRaw for Cache to support triplicate value of true/false/force

Co-authored-by: Clint <catsby@users.noreply.github.com>
 2020-01-30 09:08:42 -06:00
Michel Vocks 108d9af867
changelog++ 2020-01-30 11:13:32 +01:00
Becca Petrin 2ebe299b40 changelog++ 2020-01-29 10:59:19 -08:00
Calvin Leung Huang d8dfd81e47
test: fix TestAgent_Template_Basic (#8257) 
* test: fix TestAgent_Template_Basic

* test: fix TestAgent_Template_ExitCounter
 2020-01-29 09:31:29 -08:00
Raoof Mohammed 0b7afcc728
docs: fix api path for merge entity identity doc (#8258) 2020-01-29 08:56:36 -08:00
Michel Vocks 2bde6a3a5a
Bump etcd client API dep (#8037) 2020-01-29 15:16:38 +01:00
Michel Vocks f695eb737b
Add Consul TLS options to access API endpoint (#8253) 2020-01-29 09:44:35 +01:00
Michel Vocks 96a6857f0c
Docs: Add nomad TLS options (#8254) 2020-01-29 09:38:54 +01:00
Noelle Daley bfb6986b40
Update CHANGELOG.md 2020-01-28 11:23:07 -06:00
Noelle Daley 906a34b466
show kmip details in wizard (#8255) 2020-01-28 11:21:04 -06:00
Michel Vocks 0bbed3b416
changelog++ 2020-01-28 11:06:27 +01:00
Michel Vocks 5ab64e11d7
Fix Vault Agent Template TLS config parameters (#8243) 2020-01-28 10:59:31 +01:00
Jim Kalafut f17fc4e5c1
Run goimports (#8251) 2020-01-27 21:11:00 -08:00
Chris Hoffman 0ebf3c3e40
fixing static pdf compliance letter (#8248) 2020-01-27 15:40:55 -05:00
Theron Voran 890f4b63a6
Show bound_service_accounts in gce example (#8236) 
Shows that the GCP auth option `bound_service_accounts` can be used
for gce-type roles as well as iam.
 2020-01-27 11:48:21 -08:00
Angel Garbarino 7ec5affa63
Update CHANGELOG.md 2020-01-27 09:45:02 -07:00
Angel Garbarino 41fd74cebd
Allow default auth method to be either "other" or auth of the enabled listing-visibility unauth (#8218) 
* remove default for authMethod as it's preventing the other auth methods from being selected as default when they are marked as List method when unauthenticated.

* fix test

* fix test

* fix typo

* fix missed query params

* fix missing backend.type, and adjust formatting per prettier requirements
 2020-01-27 09:41:44 -07:00
Daniel Spangenberg eea26c6af1
Clarify the k8s helm run docs (#8235) 2020-01-27 14:54:59 +01:00
Michel Vocks 90f1d3813d
Fix redoing redirect response raft snapshot cli (#8211) 
* Fix redoing redirect response raft snapshot cli

* Removed unnecessary lines of code

* go mod vendor
 2020-01-27 11:25:52 +01:00
Chris Hoffman efb2152759
Adding pricing module note for enterprise features (#8217) 
* adding pricing module note for enterprise features

* fixing incorrectly committed go.mod
 2020-01-24 19:18:22 -05:00
Becca Petrin fc09eb1e6b
Add Kerberos agent docs (#8220) 
* add kerberos agent docs

* use relative doc link
 2020-01-24 14:40:41 -08:00