Commit graph

12635 commits

Author SHA1 Message Date
ncabatoff f20f3747c7
New seal migration strategy doesn't work in 1.4. (#9765) 2020-08-20 09:54:28 -04:00
Junya Ogasawara 0a13195450
Reduce a required permission for OIDC with AzureAD (#9785)
`Group.Read.All` is too permissive policy to achieve external groups
feature. `GroupMembers.Read.All` is enough for that purpose.

MicroSoft Graph API Permission reference follows
https://docs.microsoft.com/en-us/graph/permissions-reference#application-permissions-23
2020-08-20 00:00:31 -07:00
Josh Black 86c1a01c31
changelog++ 2020-08-19 17:53:42 -07:00
ncabatoff 1ca6694ef0
changelog++ 2020-08-19 15:46:58 -04:00
Calvin Leung Huang 3d69148378
changelog++ 2020-08-19 11:25:41 -07:00
ncabatoff d5f0567d4b
changelog++ 2020-08-19 14:03:55 -04:00
Clint 6af69d7d3d
Update hashicorp/vault-plugin-secrets-azure to v0.6.2 (#9768)
* Update hashicorp/vault-plugin-secrets-azure to v0.6.2

* update go mod vendor
2020-08-18 13:48:11 -05:00
Martin Hristov ac36da333d
Add note for AD domain usernames in MSSQL (#9743)
Adding a note that `vaultuser` might be part of the AD domain like `DOMAIN\vaultuser`.
2020-08-18 10:35:21 -06:00
Tom Proctor ba9d1b6fbf
Couchbase database plugin documentation (#9764) 2020-08-18 15:57:18 +01:00
Clint 4d00aca0d8
Move CHANGELOG entry for #9606 to 1.4.4 (#9741)
Moving the CL entry for #9606 to the `v1.4.4` section. It's implied that anything in 1.n is also in 1.n+1
2020-08-18 08:25:46 -05:00
Lauren Voswinkel b2a106a931
Add a section to the MySQL secrets plugin docs about x509 (#9757) 2020-08-17 16:29:51 -07:00
arnis fd6e0eb543
Update documentation for MySQL Secrets Engine (#9671)
* Update documentation for MySQL Secrets Engine

Update documentation for MySQL Database Secrets Engine to reflect changes introduced with https://github.com/hashicorp/vault/pull/9181

* Empty Commit to re-trigger tests

Co-authored-by: Lauren Voswinkel <lvoswinkel@hashicorp.com>
2020-08-17 15:30:33 -07:00
arnis 4deacf2b50
Conditionally overwrite TLS parameters for MySQL secrets engine (#9729)
* Conditionally overwrite TLS parameters in MySQL DSN

Overwrite MySQL TLS configuration in MySQL DSN only if have `tls_ca` or `tls_certificate_key` set
Current logic always overwrites it

* Add test for MySQL DSN with a valid TLS parameter in query string
2020-08-17 15:30:15 -07:00
Michael Golowka edc40a1767
Correctly mark Cassandra as not supporting static roles (#9750) 2020-08-17 14:36:32 -06:00
Lauren Voswinkel d32817b949 changelog++ 2020-08-17 11:44:46 -07:00
Artem Alexandrov 301ea4c0f0
pki: Allow to use not only one variable during templating in allowed_domains #8509 (#9498) 2020-08-17 11:37:00 -07:00
Jason O'Donnell e3fcb4c5b9
agent/templates: update consul-template to v0.25.1 (#9626) 2020-08-17 11:31:48 -07:00
Theron Voran f0f576f5bf
Restoring the example policies for blocking sha1 (#9677)
(In the transit api-docs)
2020-08-17 10:30:06 -07:00
ncabatoff 922dddf2c6
changelog++ 2020-08-17 13:17:06 -04:00
ncabatoff a73cf0276d
changelog++ 2020-08-17 13:10:49 -04:00
ncabatoff 893e15bdbf
Document the new SSH signing algorithm option. (#9197) 2020-08-17 13:03:44 -04:00
Lauren Voswinkel 0ee2b10b8e CHANGELOG-+ 2020-08-17 09:58:53 -07:00
Lauren Voswinkel 15d4125e1b CHANGELOG++ 2020-08-17 09:53:16 -07:00
Scott Miller 5b003b06f8
Trail of bits 018 (#9674)
* TOB-018 remediation

* Make key derivation an optional config flag, off by default, for backwards compatibility

* Fix unit tests

* Address some feedback

* Set config on unit test

* Fix another test failure

* One more conf fail

* Switch one of the test cases to not use a derive dkey

* wip

* comments
2020-08-17 11:36:16 -05:00
Alexander Bezobchuk f873863263
Merge PR #9667: Rate Limit Backoff 2020-08-16 22:09:18 -04:00
Meggie ca65131543
Added upgrade guidance on mount -> path filters (#9712) 2020-08-12 10:54:56 -04:00
Sam Salisbury c7d5b13b70 Makefile: delete old stage/publish targets 2020-08-12 13:27:40 +01:00
Austin Gebauer 00a0d043be
docs: fix sentence in vault debug command (#9725) 2020-08-11 20:24:37 -07:00
Jim Kalafut 1cd3d553f1
Update reported version to 1.5.0 (#9708) 2020-08-11 20:23:07 -07:00
Jeff Escalante a28209ad6d
small change to make github star count display correctly (#9718) 2020-08-11 17:06:23 -04:00
Kyle MacDonald eb923f30b1
website: update favicon refs (#9713) 2020-08-11 13:56:25 -04:00
Josh Black 1d6a5ae058
Update go-metrics (#9704) 2020-08-11 10:19:16 -07:00
Sam Salisbury 25137a1702
ci/packagespec (#9653)
* add packagespec build system

- The majority of changes in this commit are files generated
  by packagespec (everything in the packages-oss.lock directory).

* add .yamllint

* update to packagespec@fd54aea4

* ci: bust packagespec cache

- Change to packagespec results in package IDs that can use
  git tag refs, not just commit refs.

* update to packagepsec@5fc121d0

- This busts all caches, because of a change to the way we
  no longer traverse from tag refs to commit refs, due to
  the potential confusion this can cause.
- See fd54aea482
  for the original change to packagespec necessitating this.

* update to packagespec@5e6c87b6

- This completes the change to allowing git tag refs
  to be used for source IDs, begun in f130b940a8fbe3e9398225b08ea1d63420bef7b6

* update to packagespec@4d3c9e8b

- This busts cache, needed to apply previous change.

* remove RELEASE_BUILD_WORKFLOW_NAME

* update packagespec, add watch-ci target

* fix package names (do not refer to EDITION)

* remove EDITION input from packages-oss.yml

* bump package cache, update packagespec

* update packagespec, add 'aliases' target

* update packagespec; less output noise

* ci: give release bundle file a better name

- When performing a release build, this will include the build ID
  as part of the name, making it easier to distinguish from other
  builds.

* ci: create aliases tarball artifact

* ci: cache package metadata files

* ci: add metadata artifact

* ci: bust circleci package cache

* Revert "ci: bust circleci package cache"

This reverts commit 1320d182613466f0999d63f5742db12ac17f8e92.

* ci: remove aliases artifact

* ci: use buildID not workflowName to id artifacts

* packages: add BUNDLE_NAME metadata

* do not cache package metadata with binaries

* ci: bump package cache

* ci: debugging

* ci: fix package cache; update packagespec

* ci: update packagespec to 10e7beb2

* ci: write package metadata and aliases

* ci: switch to .zip artifacts

* switch package bundle back to tar.gz (from zip)

- Because of the way zip works, the zip archive was over 2GB rather than under 750MB as with tar.gz.

* bump packagespec, adds list-staged-builds

* update packagespec

* add publish stub + general tidy up

* bump packagespec

* bump packagespec; add make publish-config

* Makefile: tidy up packagespec targets

* pass PRODUCT_REPO_ROOT to packagespec

* bump go to 1.14.6

* packages-oss.yml: use more explicit base image

* bump packagespec to b899b7c1

* bump packagespec to f040ce8f

* packages-oss.yml: pin base image to digest

- This digest is pointed to by debian:buster-20200720
- Using a specific digest ensures that builds use the same
  base image in all contexts

* add release-repo; bump packagespec

* remove BUILD_TAGS and -tags flag

* bump packagespec to e444f742

* bump to go1.14.7

* ci: bump to go1.14.7
2020-08-11 10:00:59 +01:00
Chris Hoffman 683db6821c
adding support for ed25519 public keys (#9703) 2020-08-10 22:14:17 -07:00
Chelsea Shaw 6de6f22929
Add -dr-token flag to shamir-modal-flow used on DR Operation token in replication (#9675) 2020-08-10 15:46:32 -05:00
Geoffrey Grosenbach 967d9b85da
Updates URLs to match new paths at Learn (#9679)
Previous URLs which included a track in the querystring now go to standard paths instead.
2020-08-10 13:40:09 -07:00
Chelsea Shaw 4f764ba02b
changelog++ 2020-08-10 13:50:52 -05:00
Chelsea Shaw bf38ce4701
Ui/wrap tool ttl (#9691)
* Update ttl picker in wrap tool
2020-08-10 13:17:54 -05:00
Sam Salisbury 4bf0ce85e0
update go-limiter to v0.3.0 (#9697) 2020-08-10 17:04:50 +01:00
ncabatoff 4134ef2e98
Ensure that perf standbys can perform seal migrations. (#9690) 2020-08-10 08:35:57 -04:00
Sam Salisbury ae3ab5ff28
bump to go1.14.7 (#9698) 2020-08-10 12:57:21 +01:00
Rodrigo D. L d0df8bfa21
adding new config flag disable_sentinel_trace (#9696) 2020-08-10 06:23:44 -04:00
Tom Proctor 494cdf5bcb
Add docs for OpenLDAP plugin's new AD schema (#9619) 2020-08-10 10:24:38 +01:00
Tom Proctor f0e0d3bc73
Update OpenLDAP secrets plugin 0.1.4 -> 0.1.5 (#9673)
* Update OpenLDAP secrets plugin 0.1.4 -> 0.1.5

* go mod vendor and tidy
2020-08-10 10:22:53 +01:00
James Hodgkinson 8173ce777e
fixing a spelling error (#9693)
Co-authored-by: Jim Kalafut <jkalafut@hashicorp.com>
2020-08-09 06:17:02 -07:00
Calvin Leung Huang 40bf6c2a3c
changelog++ 2020-08-07 12:30:23 -07:00
Calvin Leung Huang 72c8118fb7
changelog++ 2020-08-07 12:29:35 -07:00
Calvin Leung Huang aeea72ea81
changelog++ 2020-08-07 12:29:05 -07:00
ncabatoff aa38af9457
changelog++ 2020-08-07 15:09:16 -04:00
ncabatoff 30b34855e3
changelog++ 2020-08-07 15:08:39 -04:00