Jeff Mitchell
9d2a0dc31f
Update text around default policy to make it clear that it is user-modifiable
2018-03-08 15:48:11 -05:00
Brian Kassouf
9dba3590ac
Add context to the NewSalt function ( #4102 )
2018-03-08 11:21:11 -08:00
Jeff Mitchell
ab01acc145
changelog++
2018-03-08 13:09:07 -05:00
Jeff Mitchell
f9f0261886
Populate AWS-generated tokens with default lease TTL to fix comparisons against role max ( #4107 )
...
* Populate AWS-generated tokens with default lease TTL to fix comparisons against role max
* Fix printing TTLs when capping them
2018-03-08 13:08:00 -05:00
Jeff Mitchell
52852b89cf
Revert "Fix AWS auth max_ttl being ignored when ttl is not set ( #4086 )" ( #4105 )
...
This reverts commit 135cb4e6871a75c3b996bf8ac719767560268732.
2018-03-08 11:08:32 -05:00
Kevin Wang
f72540ce8e
Fix AWS auth max_ttl being ignored when ttl is not set ( #4086 )
...
If ttl is not set, the value of `resp.Auth.TTL` is 0, resulting in the
max TTL check being skipped.
Also fixes the formatting of the warning message.
2018-03-08 11:07:51 -05:00
Jim Kalafut
079de043e3
Fix instruction in installation docs ( #4097 )
2018-03-08 11:02:04 -05:00
Viacheslav Vasilyev
b06c25b552
Fix autoreplacing issue ( #4103 )
2018-03-08 11:01:46 -05:00
Nándor István Krácser
f3573c9eea
Fix typo (remove +is) ( #4104 )
2018-03-08 11:01:07 -05:00
Jeff Escalante
706bb4df4c
Some small website fixes ( #4087 )
...
* prepend first instance of 'Vault' with 'HashiCorp'
* update dependencies + middleman-hashicorp
2018-03-08 10:58:43 -05:00
Jeff Mitchell
74fb5ccdbc
changelog++
2018-03-07 23:27:30 -05:00
Brian Nuszkowski
40e7e24c04
Return value when reading a SSH CA Role ( #4098 )
2018-03-07 23:26:33 -05:00
Jeff Mitchell
b83f61f20c
Make grpc plugin client use an atomic server value to fix a data race. ( #4089 )
...
Also add some coordination to ensure we don't try to clean up the grpc
server before it's created/started
2018-03-07 09:09:37 -05:00
Brian Kassouf
34d958968d
Revert stopoptions ( #4088 )
...
* Use an atomic value instead to communicate whether to give up HA lock
* Remove now-unneeded StopOptions struct
* Add a channel based mutex acquisition function to avoid a deadlock
* Make periodic leader refresh only spawn a single waiting goroutine and
extend logic to the key upgrade check
2018-03-06 21:35:58 -05:00
Jeff Mitchell
6b777dc63e
Rearrange shutdown logic to remove some lock switching ( #4083 )
...
* Rearrange shutdown logic to remove some lock switching and to allow
giving up the HA lock to be skipped.
2018-03-06 18:06:09 -05:00
Jeff Mitchell
7042398f5f
changelog++
2018-03-05 08:33:32 -05:00
Aleksandar
a8304e5d4d
Add the chunk_size optional parameter to gcs storage ( #4060 )
2018-03-05 08:32:48 -05:00
Mike
eb1c2b0732
Correct endpoint's path in Doc ( #4074 )
...
Fix typo in endpoint's path
2018-03-05 07:41:53 -05:00
Lukasz Jagiello
6530a5e396
Vault status formatting ( #4073 )
...
```
:~# vault status
Key Value
--- -----
Seal Type shamir
Sealed false
Total Shares 8
Threshold 2
Version 0.9.5
Cluster Name vault-cluster-8c85f1aa
Cluster ID aaaaaaaa-1111-2222-3333-444444444444
HA Enabled true
HA Cluster https://10.0.0.1:8201
HA Mode standby
Active Node Address: https://10.0.0.1:8200
```
`Active Node Address:` - is the only one with a colon at the end.
This PR fix that output style issue.
2018-03-05 07:40:59 -05:00
Jeff Mitchell
379b05d281
Add the ability for make dev to honor XC_OSARCH
2018-03-03 12:35:36 -05:00
Brian Kassouf
1638ce6204
logical/framework: add a field data type for parsing integer arrays ( #4064 )
...
* logical/framework: add a field data type for parsing integer arrays
* Fix comment
* Add zero value
2018-03-02 15:01:13 -08:00
Jim Kalafut
ff45d61207
Merge pull request #4063 from hashicorp/update-mount-docs
...
Change "mount" to "secrets enable" in docs
2018-03-02 14:25:55 -08:00
Jim Kalafut
ef4537e5d4
Change "mount" to "secrets enable" in docs
2018-03-02 12:54:28 -08:00
Jeff Mitchell
f59aff18a7
Update gitignore
2018-03-02 14:06:36 -05:00
Calvin Leung Huang
e2fb199ce5
Non-HMAC audit values ( #4033 )
...
* Add non-hmac request keys
* Update comment
* Initial audit request keys implementation
* Add audit_non_hmac_response_keys
* Move where req.NonHMACKeys gets set
* Minor refactor
* Add params to auth tune endpoints
* Sync cache on loadCredentials
* Explicitly unset req.NonHMACKeys
* Do not error if entry is nil
* Add tests
* docs: Add params to api sections
* Refactor audit.Backend and Formatter interfaces, update audit broker methods
* Add audit_broker.go
* Fix method call params in audit backends
* Remove fields from logical.Request and logical.Response, pass keys via LogInput
* Use data.GetOk to allow unsetting existing values
* Remove debug lines
* Add test for unsetting values
* Address review feedback
* Initialize values in FormatRequest and FormatResponse using input values
* Update docs
* Use strutil.StrListContains
* Use strutil.StrListContains
2018-03-02 12:18:39 -05:00
Jeff Mitchell
49068a42be
Document primary_email in Okta mfa path
2018-03-02 11:54:21 -05:00
Jeff Mitchell
8fe24dec0a
Actually add PingID to the index of API pages
2018-03-02 11:49:48 -05:00
Jeff Mitchell
b8ed822cc0
changelog++
2018-03-02 11:11:36 -05:00
Joel Thompson
e4949d644b
auth/aws: Allow lists in binds ( #3907 )
...
* auth/aws: Allow lists in binds
In the aws auth method, allow a number of binds to take in lists
instead of a single string value. The intended semantic is that, for
each bind type set, clients must match at least one of each of the bind
types set in order to authenticate.
2018-03-02 11:09:14 -05:00
Jeff Mitchell
e073e7fc68
Don't output warning about not storing the token if the user uses
...
-token-only during `vault login`.
2018-03-01 21:02:54 -05:00
Vishal Nayak
2646ed5e2a
update sys/capabilities docs ( #4059 )
2018-03-01 11:42:39 -05:00
vishalnayak
62b8e89b22
changelog++
2018-03-01 11:17:30 -05:00
Jeff Mitchell
5034ae2dcb
Add the ability to use multiple paths for capability checking ( #3663 )
...
* Add the ability to use multiple paths for capability checking. WIP
(tests, docs).
Fixes #3336
* Added tests
* added 'paths' field
* Update docs
* return error if paths is not supplied
2018-03-01 11:14:56 -05:00
Jeff Mitchell
ff99c8420e
changelog++
2018-03-01 11:09:30 -05:00
Jeff Mitchell
ba459d238e
Fix confusing error messages around help for 'vault auth' ( #4058 )
...
Fixes #4056
2018-03-01 10:55:24 -05:00
Paddy
2b2bc2a911
Create a new command/config subpackage. ( #4055 )
...
* Create a new command/config subpackage.
This PR extracts the functions associated with loading and parsing
configs, and the DefaultTokenHelper, into a command/config subpackage,
just like TokenHelpers are in the command/token subpackage. The goal is
to allow other clients (in this case, the Vault and Nomad Terraform
providers, but in theory any client that wants to lean on Vault's
default behaviour) to reuse this logic and not drift from Vault, without
vendoring the entirety of Vault.
To retain backwards compatibility, I didn't remove any functions from
the command package; I just copied them into the command/config package,
and update the functions in the command package to call through to the
config package.
2018-02-28 20:09:21 -05:00
Andy Manoske
942aa9bbdc
Update index.html.md
...
Updated for Unbound
2018-02-28 16:20:54 -08:00
Jeff Mitchell
3d7b2d98fa
changelog++
2018-02-28 10:08:28 -05:00
Bharath B
699f9246e6
Config parameter "tls_disable_client_certs" is wrongly evaluated. ( #4049 )
2018-02-28 10:07:23 -05:00
Jeff Mitchell
121d5718ea
Remove structs/mapstructure tags from auth/aws
2018-02-27 15:27:49 -05:00
Jeff Mitchell
c695023bab
Remove structs package from auth/aws
2018-02-27 13:22:47 -05:00
Jeff Mitchell
6cd6a7b773
Go 1.9.4 breaks Solaris builds
2018-02-26 18:55:02 -05:00
Jeff Mitchell
81fcd1f028
Fix the version of Go in the Dockerfile
2018-02-26 18:34:14 -05:00
Jeff Mitchell
c62927bc4a
changelog++
2018-02-26 17:20:23 -05:00
Jeff Mitchell
20157fd56a
Fix broken link on Consul docs
2018-02-26 13:28:15 -05:00
Jeff Mitchell
7873088126
Cut version 0.9.5
2018-02-26 12:41:14 -05:00
Jeff Mitchell
259e425beb
It's not a 1.10 thing apparently.
...
Revert "Revert "Remove netbsd/arm as it won't compile""
This reverts commit 8b43db120c5b3f15723e7ea61edcf0d4c2c7fc9f.
2018-02-26 12:40:49 -05:00
Jeff Mitchell
fb41cf74d7
Revert "Remove netbsd/arm as it won't compile"
...
This reverts commit 3d4bd6f3cb083e8ee5dac980db58474382a99834.
2018-02-26 12:27:25 -05:00
Jeff Mitchell
ba40b1bd07
Sync plugins
2018-02-26 12:24:04 -05:00
Jeff Mitchell
abeb0fd45c
Bump versions in preparation for release
2018-02-26 12:20:19 -05:00