* upgrades deps and gets it building
* remove unneeded css file
* fix: hide intended elements in print (#12710)
* upgrade deps to latest
Co-authored-by: Zachary Shilton <4624598+zchsh@users.noreply.github.com>
* patch to support VAULT_HTTP_PROXY variable
* simplify the proxy replacement
* internal code review
* rename to VAULT_HTTP_PROXY, apply within ReadEnvironment
* clean up some unintended whitespace changes
* add docs for the new env variable and a changelog entry
Co-authored-by: Dave Du Cros <davidducros@gmail.com>
* update azure instructions
Update instructions in regards to azure AD Authentication and OIDC
* Initial pass of ed25519
* Fix typos on marshal function
* test wip
* typo
* fix tests
* missef changelog
* fix mismatch between signature and algo
* added test coverage for ed25519
* remove pkcs1 since does not exist for ed25519
* add ed25519 support to getsigner
* pull request feedback
Signed-off-by: Anner J. Bonilla <abonilla@hoyosintegrity.com>
* typo on key
Signed-off-by: Anner J. Bonilla <abonilla@hoyosintegrity.com>
* cast mistake
Signed-off-by: Anner J. Bonilla <abonilla@hoyosintegrity.com>
Co-authored-by: Jim Kalafut <jkalafut@hashicorp.com>
- When two entities are merged, remove the from entity ID in any
associated groups.
- When two entities are merged, also merge their associated group
memberships.
Fixes#10084
The ACL policy examples documented on the Consul Storage Backend and
Consul Service Registration pages are too permissive. Both policies
unnecessarily grant agent:write and node:write access for all agents
within the Consul datacenter. When Consul is used solely for service
registration, `service:write` is only required permission.
This commit modifies the policy for the Consul Storage Backend to
remove node:write access, and changes agent:write to agent:read.
The policy on the Consul Service Registration page is updated to
remove all KV-related privileges, and solely grant the necessary
service:write permission.
* fix: upgrade vault-plugin-auth-kubernetes
- brings in the alias_name_source feature which allows for setting
alternate alias names based on the service accounts's namespace and
name
- document the seurity related aspects for the feature addition above.
* Docs: Seal pkcs11 updated example with actual hex slot reference and notes related to decimal conversion. Minor correction to **Note** area in 'lib' parameter above 'slot'.
* Docs: Seal pkcs11 slot note correction.
* [VAULT-3519] Return no_default_policy on token role read if set
* [VAULT-3519] Add changelog
* [VAULT-3519] Always return token_no_default_policy on role read
* Fix broken test
* Update role read response in docs
* Add allowed_policies_glob and disallowed_policies_glob that are the same as allowed_policies and disallowed_policies but allow glob matching.
* Update changelog, docs, tests, and comments for (dis)allowed_token_glob token role feature.
* Improve docs and unit tests for auth/token role policy globbing.
* Enforce Minimum cache size for transit backend
* enfore minimum cache size and log a warning during backend construction
* Update documentation for transit backend cache configuration
* Added changelog
* Addressed review feedback and added unit test
* Modify code in pathCacheConfigWrite to make use of the updated cache size
* Updated code to refresh cache size on transit backend without restart
* Update code to acquire read and write locks appropriately
