Commit graph

12368 commits

Author SHA1 Message Date
Austin Gebauer cc16c6d08e
fix: remove mount prefix from config path used to invalidate connections (#9129) 2020-06-03 12:04:55 -07:00
Dave D'Amico a60ba90a20
updated 1.3.2 and 1.4.0 upgrade guides to note AWS STS region issue fixed in 1.4.1 (#9137) 2020-06-03 10:27:45 -07:00
Michael Golowka 438345c390
Update OpenLDAP secret engine to v0.1.3 (#9123)
* Adds ability to use password policies

Operations:
Updated go.mod for OpenLDAP to v0.1.3
Ran `go mod tidy`
Ran `go mod vendor`
2020-06-03 10:37:00 -06:00
Theron Voran 7622bee530
Docs updates for vault-helm 0.6.0 release (#9116)
* Docs updates for vault-helm 0.6.0 release

* added openshift and postStart values

* noting that openshift support is a beta feature
2020-06-03 11:44:32 -04:00
Theron Voran fa17e22050
Docs updates for vault-k8s 0.4.0 (#9107)
* Adding changes for vault-k8s 0.4.0

* add note about run-as-same-user rejecting root
2020-06-03 10:06:20 -04:00
Brian Kassouf fbd9fd4510
Fix upgrade guide (#9133) 2020-06-02 16:27:19 -07:00
Mark Gritter 475fe0eede
Token creation counters (#9052)
* Add token creation counters.
* Created a utility to change TTL to bucket name.
* Add counter covering token creation for response wrapping.
* Fix namespace label, with a new utility function.
2020-06-02 13:40:54 -05:00
Michael Golowka 5ca4d819d1
Update OpenLDAP Secrets Docs with Password Policies (#9088)
* Update OpenLDAP docs to use password policies
2020-06-02 11:34:01 -06:00
Michael Golowka bd587da491
Add docs for password policies (#8974)
* Add docs for password policies
2020-06-02 11:12:22 -06:00
Jason O'Donnell ab0bbc595b
agent/raft: fix typo in help strings (#9114) 2020-06-02 10:17:08 -04:00
Jim Kalafut 34fab8ae09
Update gcp secrets plugin (#9004) 2020-06-01 11:02:33 -07:00
Alexander Bezobchuk eb0b3ac286
Merge PR #9100: Add key_version to Transit Logical Response 2020-06-01 13:16:01 -04:00
Alexander Bezobchuk 9dd67cbeb6
Merge PR #9027: Integrated Storage (Raft): Add Support for max_entry_size Config 2020-06-01 10:17:24 -04:00
ncabatoff da3377ce6a
changelog++ 2020-05-29 14:23:09 -04:00
ncabatoff 8870b2e51c
Add mongodbatlas static roles support (#8987)
* Refactor PG container creation.
* Rework rotation tests to use shorter sleeps.
* Refactor rotation tests.
* Add a static role rotation test for MongoDB Atlas.
2020-05-29 14:21:23 -04:00
dddugan a098e313a9
correct sockaddr.is_contained example (#9104)
Syntax for sockaddr.is_contained should be outer, inner - i.e. range, IP. See https://docs.hashicorp.com/sentinel/imports/sockaddr/ for reference.
2020-05-29 10:51:31 -07:00
ncabatoff 4481521c0e
Extend agent template tests to also validate that updated templates get re-rendered. (#9097) 2020-05-29 13:36:59 -04:00
Scott Miller 12d704d97f
Provide token ttl and issue time in the audit log. (#9091)
* Populate a token_ttl and token_issue_time field on the Auth struct of audit log entries, and in the Auth portion of a response for login methods

* Revert go fmt, better zero checking

* Update unit tests

* changelog++
2020-05-29 12:30:47 -05:00
Jeff Escalante 0e3229a3d8
add missing styles for mdx components (#9103) 2020-05-29 13:29:24 -04:00
ncabatoff 9987b71a36
Update seal docs to reflect 1.3 changes. (#9086) 2020-05-29 13:28:03 -04:00
Christophe Drevet-Droguet 932c1834cc
ssh certificate signing: fix documentation of extensions (#8859) 2020-05-29 13:23:19 -04:00
Elthariel 3a07bd0bc4
doc: Add an example of templated policy using k8s metadata (#9101) 2020-05-28 17:54:56 -07:00
Meggie a8ed7d3edd
changelog++
Fixing a version typo in 1.3.6 notes.
2020-05-27 15:16:35 -04:00
Michael Golowka 755ecf7fa6
Changelog++ (Password Policies) 2020-05-27 12:46:00 -06:00
Michael Golowka b52950f884
Add user configurable password policies available to secret engines (#8637)
* Add random string generator with rules engine

This adds a random string generation library that validates random
strings against a set of rules. The library is designed for use as generating
passwords, but can be used to generate any random strings.
2020-05-27 12:28:00 -06:00
ncabatoff d8c52a4b44
Add note regarding LDAP regression. (#9038) 2020-05-27 12:29:30 -04:00
Jim Kalafut 62dfb3f481
changelog++ 2020-05-26 21:09:11 -07:00
Thomas L. Kula 3ce9615992
Allow auto_auth with templates without specifying a sink (#8812)
For situations where you want the Vault agent to handle one or more templates but do not require the acquired credentials elsewhere.

Modify the logic in SyncServer so that if there are no sinks, ignore any new credentials. Since SyncServer is responsible for shutting down the agent, make sure it still properly shuts down in this new situation.

Solves #7988
2020-05-26 13:52:14 -04:00
Alexander Bezobchuk 1dd2113755
Merge PR #9078: Add go version to server message output 2020-05-26 12:28:51 -04:00
ncabatoff 175bff872c
Add some notes on what tidy does and how to see if your cluster can handle it (#9036) 2020-05-26 09:19:36 -04:00
Alexander Bezobchuk 378ec869db
Merge PR #9060: Support reading Raft TLS flags from file 2020-05-23 11:09:55 -04:00
Jeff Mitchell 7e5d68a73e
Bump go-kms-wrapping to remove proto warning, and vendor (#9066) 2020-05-22 10:48:50 -04:00
Jim Kalafut a9d7d34ede
Update release notes (#9064) 2020-05-21 18:51:19 -07:00
Noelle Daley cf25427e6c
update deps for security (#9039)
* update deps for security

* upgrade deps

* ugrade ember-engines and ember-auto-import
2020-05-21 16:12:31 -07:00
Lauren Voswinkel 4d98430964
Use parameters when executing prepared statements rather than fmt.Sprintf (#9013)
* Don't use string formatting to prepare queries.

We should, when possible, use the built-in params and ? format when
preparing and executing a query. This is done to prevent SQL Injection
attacks.

* Revert some changes due to failing tests, update mssql go driver

* Add docker container startup for some MSSQL tests

* Remove acceptance test flagging, add more SQL injection protection

* Refactor MSSQL prepareTestContainer to a test helper

Also, remove all ? references and convert them to @p*
2020-05-21 16:07:18 -07:00
Meggie 5c0faa5367
changelog++
Updated with CVE numbers for 1.4.2 and 1.3.6.
2020-05-21 17:21:48 -04:00
Josh Black 0e13f46581
changelog++ 2020-05-21 13:40:16 -07:00
Josh Black 1c2b365158
changelog++ 2020-05-21 13:38:06 -07:00
Mike Jarmy 95055d7409
update website for 1.4.2 (#9063) 2020-05-21 16:34:03 -04:00
Josh Black 6e92c8cbd2
Add a new "vault monitor" command (#8477)
Add a new "vault monitor" command

Co-authored-by: ncabatoff <ncabatoff@hashicorp.com>
Co-authored-by: Calvin Leung Huang <cleung2010@gmail.com>
Co-authored-by: Jeff Mitchell <jeffrey.mitchell@gmail.com>
2020-05-21 13:07:50 -07:00
Meggie 8e85844938
changelog++
Dates for 1.3.6 & 1.4.2
2020-05-21 15:44:39 -04:00
Jim Kalafut 7f2404ab28
changelog++ 2020-05-21 12:00:06 -07:00
Jim Kalafut 210c6ab1b3
changelog++ 2020-05-21 11:54:14 -07:00
Mark Gritter 71b3de0450
Switch expiration manager's pending map to a sync.Map. (#8589) 2020-05-21 12:41:03 -05:00
Jeff Escalante 8eed94b072
🌷 Docs Website Maintenance (#8985)
* website maintenance round
* improve docs, revert bug workaround as it was fixed
* boost memory
* remove unnecessary code
2020-05-21 13:18:17 -04:00
Jim Kalafut 023948e9ec
changelog++ 2020-05-21 10:03:14 -07:00
Chelsea Shaw 0662288f6a
changelog+- 2020-05-21 11:53:39 -05:00
ncabatoff ae1ec3f701
changelog++ 2020-05-21 12:36:58 -04:00
ncabatoff 22ed4ca7d2
changelog++ 2020-05-21 12:34:57 -04:00
Lauren Voswinkel 8fc08f8c91
Require TLS or plaintext flagging in MySQL configuration (#9012)
* Adds a safety switch to configuration files.

This requires a user to either use TLS, or acknowledge that they are sending
credentials over plaintext.

* Warn if plaintext credentials will be passed

* Add true/false support to the plaintext transmission ack

* Updated website docs and ensured ToLower is used for true comparison
2020-05-21 09:09:37 -07:00