Commit graph

376 commits

Author SHA1 Message Date
Rémi Lapeyre 978311fee2
Add read support to sys/auth/:path (#12793)
* Add read support to sys/auth/:path

Closes https://github.com/hashicorp/vault/issues/7411

* Add changelog entry
2022-01-25 11:56:40 -08:00
Rémi Lapeyre d6a4a3b53c
Add LIST support to sys/policies/password (#12787)
* Add read support to sys/policies/password

Closes https://github.com/hashicorp/vault/issues/12562

* Add changelog

* Empty commit to trigger CI

* Add optional /

Co-authored-by: Calvin Leung Huang <1883212+calvn@users.noreply.github.com>

* Use a ListOperation

Co-authored-by: Calvin Leung Huang <1883212+calvn@users.noreply.github.com>
2022-01-24 13:42:14 -08:00
Matt Schultz fc7deabfd7
Time-based transit key autorotation (#13691)
* Add auto_rotate_interval field to transit key creation path.

* Add auto_rotate_interval field to transit key config update path.

* Implement transit automatic key rotation on an hourly interval.

* Fixes transit key autorotation key listing typo.

* Add unit tests for transit key autorotation.

* Add unit tests for transit key creation with autorotation interval.

* Add unit tests for transit key config update with autorotation interval.

* Document new auto_rotate_interval fields in key creation and key config update endpoints.

* Add changelog for transit key autorotation.

* Wrap individual transit key autorotation in a policy lock.

* Add a safeguard to transit key autorotation to ensure only one execution happens simultaneously.
2022-01-20 09:10:15 -06:00
Sung Hon Wu 194c9e32d3
Enhance sys/raw to read and write values that cannot be encoded in json (#13537) 2022-01-20 07:52:53 -05:00
James Bayer daefbd0a54
Remove extra commas (#13684)
The payload json example is invalid syntax.
2022-01-18 12:15:52 -05:00
Tero Saarni e2b17ca96b
auth/kubernetes: support for dynamically reloading short-lived tokens (#13595)
* auth/kubernetes: support for short-lived tokens

* Uplift new version of Kubernetes auth plugin that does not store the
  service account token persistently to Vault storage.

* Update the documentation to recommend local token again when running
  Vault inside cluster.

Signed-off-by: Tero Saarni <tero.saarni@est.tech>

* Added changelog entry

Signed-off-by: Tero Saarni <tero.saarni@est.tech>

* clarification to changelog entry, executed go mod tidy

* clarifications and added targeted release version
2022-01-14 19:55:15 -08:00
Austin Gebauer 691e440fac
auth/azure: Documents config env vars and fixes resource used in examples (#13641) 2022-01-13 10:41:40 -08:00
akshya96 df53f43ee0
updating response for partial month client count (#13634)
* updating custom response for partial month count

* Update website/content/api-docs/system/internal-counters.mdx

Co-authored-by: Pratyoy Mukhopadhyay <35388175+pmmukh@users.noreply.github.com>

* removing new line

Co-authored-by: Pratyoy Mukhopadhyay <35388175+pmmukh@users.noreply.github.com>
2022-01-13 10:40:42 -08:00
Chris Capurso d52d69e4bb
Add HTTP PATCH support for KV key metadata (#13215)
* go get vault-plugin-secrets-kv@vault-4290-patch-metadata

* add kv metadata patch command

* add changelog entry

* success tests for kv metadata patch flags

* add more kv metadata patch flags tests

* add kv metadata patch cas warning test

* add kv-v2 key metadata patch API docs

* add kv metadata patch to docs

* prevent unintentional field overwriting in kv metadata put cmd

* like create/update ops, prevent patch to paths ending in /

* fix kv metadata patch cmd in docs

* fix flag defaults for kv metadata put

* go get vault-plugin-secrets-kv@vault-4290-patch-metadata

* fix TestKvMetadataPatchCommand_Flags test

* doc fixes

* go get vault-plugin-secrets-kv@master; go mod tidy
2022-01-12 12:05:27 -05:00
Loann Le 6eff0ae079
included permissions table (#13567) 2022-01-06 12:32:52 -08:00
VAL ee5f26e18f
Update example code links, remove unneeded comments (#13491) 2021-12-22 09:33:12 -08:00
Jonathan Ballet ed86fca503
Improve databases documentation (#12344)
* Improve databases documentation

Fixed a bunch of formatting issues and broken JSON outputs.

* Remove changelog entry

* Apply suggestions from code review
2021-12-20 15:07:59 -05:00
Jack Halford 3b6053f951
Update entity-alias.mdx (#11629)
* Update entity-alias.mdx

it was not clear for approle what the name should be the approle name or the role_id.

* Update website/content/api-docs/secret/identity/entity-alias.mdx

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>
2021-12-20 15:05:34 -05:00
Meggie 834ad52d68
Upgrade guidance updates from VLT-172 (#13327)
* Upgrade guidance updates from VLT-172

Trying to clarify some upgrade questions. Learn update to follow in
separate PR.

* Apply suggestions from code review

Co-authored-by: Nick Cabatoff <ncabatoff@hashicorp.com>

Co-authored-by: Nick Cabatoff <ncabatoff@hashicorp.com>
2021-12-20 13:46:57 -05:00
John-Michael Faircloth a6c217a917
auth/github: document organization id param (#13449) 2021-12-16 09:41:20 -06:00
Pete Bohman ccc1098ea3
Add allowed_uri_sans_template (#10249)
* Add allowed_uri_sans_template

Enables identity templating for the allowed_uri_sans field in PKI cert roles.

Implemented as suggested in #8509

* changelog++

* Update docs with URI SAN templating
2021-12-15 09:18:28 -06:00
Sai Hemanth Bheemreddy 73160cd074
Add vault-api module (#13048) 2021-12-14 13:32:26 -05:00
Mark Lewis 7ee982cb31
Update raftautosnapshots.mdx (#13412) 2021-12-14 08:29:03 -05:00
Pratyoy Mukhopadhyay c6bb8f2767
Add docs about path param restrictions (#13413)
* Add docs about path param restrictions

* Update website/content/api-docs/auth/userpass.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* Update with review suggestion

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>
2021-12-13 17:02:39 -08:00
Ben Ash fc51516ee0
Docs: fix invalid link in the kubernetes auth api doc. (#13399)
* Clean up whitespace
2021-12-13 12:02:52 -05:00
hghaf099 65845c7531
VAULT-1564 report in-flight requests (#13024)
* VAULT-1564 report in-flight requests

* adding a changelog

* Changing some variable names and fixing comments

* minor style change

* adding unauthenticated support for in-flight-req

* adding documentation for the listener.profiling stanza

* adding an atomic counter for the inflight requests
addressing comments

* addressing comments

* logging completed requests

* fixing a test

* providing log_requests_info as a config option to determine at which level requests should be logged

* removing a member and a method from the StatusHeaderResponseWriter struct

* adding api docks

* revert changes in NewHTTPResponseWriter

* Fix logging invalid log_requests_info value

* Addressing comments

* Fixing a test

* use an tomic value for logRequestsInfo, and moving the CreateClientID function to Core

* fixing go.sum

* minor refactoring

* protecting InFlightRequests from data race

* another try on fixing a data race

* another try to fix a data race

* addressing comments

* fixing couple of tests

* changing log_requests_info to log_requests_level

* minor style change

* fixing a test

* removing the lock in InFlightRequests

* use single-argument form for interface assertion

* adding doc for the new configuration paramter

* adding the new doc to the nav data file

* minor fix
2021-12-08 17:34:42 -05:00
Matt Schultz 85f5cfc356
Adds support for SHA-3 to transit (#13367)
* Adding support for SHA3 in the transit backend.

* Adds SHA-3 tests for transit sign/verify path. Adds SHA-3 tests for logical system tools path hash functionality. Updates documentation to include SHA-3 algorithms in system tools path hashing.

* Adds changelog entry.

Co-authored-by: robison jacka <robison@packetized.io>
2021-12-08 12:29:33 -06:00
Nick Cabatoff a47a2c9fc4
Add "operator members" command to list nodes in the cluster. (#13292) 2021-11-30 14:49:58 -05:00
Austin Gebauer 78b4a2c04e
secrets/azure: Fixes use_microsoft_graph_api parameter description in API docs (#13287) 2021-11-27 09:27:11 -08:00
Austin Gebauer 19c33125c9
secrets/azure: fix API docs rendering of code block (#13245) 2021-11-23 22:38:06 -08:00
akshya96 3c6f68f9c4
Docs/custom metadata updates (#13244)
* adding custom_metadata read and update changes

* adding custom metadata changes
2021-11-23 09:40:44 -08:00
Austin Gebauer d5f4fbecc1
identity/oidc: optional nonce parameter for authorize request (#13231) 2021-11-22 09:42:22 -08:00
divyapola5 5236fe93aa
Add a new parameter "allowed_managed_keys" to mount config (#13202)
* Add a new parameter "allowed_managed_keys" to mount config

* Adjust formatting in mount.go

* Add changelog entry
2021-11-21 19:08:38 -06:00
Gary Frederick 9622e36b82
Docs deprecate token issuer validation (#13019)
* change default vaule for disable_iss_validation to be true

* mark as deprecated | remove issuer from sample

* deprecation section

* additional informaiton about when fields will be removed

* additional deprecation note under csi provider

* punctuation

* make the deprecation note more noticable

* missing issuer sentence | remove whitespace

* Update website/content/docs/platform/k8s/csi/index.mdx

Co-authored-by: Ben Ash <32777270+benashz@users.noreply.github.com>

* cleanup

* additional deprecation comments

* fix discovery link

* highlight

* no need to configure the issuer

Co-authored-by: Ben Ash <32777270+benashz@users.noreply.github.com>
2021-11-18 15:16:54 -08:00
Austin Gebauer d75db00dcb
Adds documentation for GCP Cloud KMS support in key management secrets engine (#13153) 2021-11-16 11:27:08 -08:00
Rémi Lapeyre 677e2a1ca5
Fix some typos (#12289) 2021-11-15 14:52:04 -05:00
Hridoy Roy 1279413ea2
Docs Updates for Client Counting non-entity tokens (#13134)
* some client count docs updates

* Update website/content/docs/concepts/client-count.mdx

Co-authored-by: swayne275 <swayne275@gmail.com>

* remove full link path

* more path shortening for urls

Co-authored-by: swayne275 <swayne275@gmail.com>
2021-11-12 13:12:23 -08:00
Hridoy Roy 1fc0a699d9
Docs for counting non-entity tokens in the Activity Log (#13007)
* docs for counting tokens without entities

* Update website/content/docs/concepts/client-count.mdx

Co-authored-by: swayne275 <swayne275@gmail.com>

* remove parens in docs

* Update website/content/docs/concepts/client-count.mdx

Co-authored-by: Nick Cabatoff <ncabatoff@hashicorp.com>

* Update website/content/docs/concepts/client-count.mdx

Co-authored-by: Nick Cabatoff <ncabatoff@hashicorp.com>

* update documentation to be consistent with the non-entity token terminology

* Update website/content/docs/concepts/client-count.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* Update website/content/docs/concepts/client-count.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* add line about client ids to the api docs

* syntax and grammar

Co-authored-by: swayne275 <swayne275@gmail.com>
Co-authored-by: Nick Cabatoff <ncabatoff@hashicorp.com>
Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>
2021-11-12 09:59:50 -08:00
swayne275 0604c12f27
Namespace API Lock docs (#13064)
* add api lock doc

* add docs nav data

* Update website/content/api-docs/system/namespaces.mdx

Co-authored-by: Chris Capurso <christopher.capurso@gmail.com>

* update command doc

* clarify locked http status code

* add example exempt path

* further exempt clarification

* link api locked response

* add x-vault-namespace api example

* Update website/content/docs/concepts/namespace-api-lock.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* review suggestions

* few other small tweaks

Co-authored-by: Chris Capurso <christopher.capurso@gmail.com>
Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>
2021-11-09 15:43:17 -07:00
Rémi Lapeyre ae0b5e41e0
Add read support to sys/mounts/:path (#12792)
* Add read support to sys/mounts/:path

Closes https://github.com/hashicorp/vault/issues/12349

* Add changelog entry

* Empty commit to trigger CI

* Empty commit to trigger CI
2021-11-08 10:32:01 -08:00
Meggie bb6ba32f65
Add note that monitor command may truncate logs (#13079)
* Add note that monitor command may truncate logs

* Apply suggestions from code review

Co-authored-by: Nick Cabatoff <ncabatoff@hashicorp.com>

Co-authored-by: Nick Cabatoff <ncabatoff@hashicorp.com>
2021-11-08 12:52:42 -05:00
Jason O'Donnell 16bc065c48
secrets/azure: add doc for rotate-root and AAD migration (#13066)
* secrets/azure: add doc for rotate-root and AAD migration

* Formatting

* Fix bad link, update warnings
2021-11-05 13:04:25 -04:00
John-Michael Faircloth fde5bb2e72
Docs: OIDC flow endpoints (#12942)
* add docs for OIDC provider and scopes

* fix json formatting

* add oidc docs path to nav data

* create provider with scope

* update client ids description

* update provider and scope docs

* add issuer string additional docs info

* OIDC: docs for oidc flow endpoints

* fix formatting and wording

* improve headings, formatting; fix wording

Co-authored-by: Vinay Gopalan <vinay@hashicorp.com>
2021-11-04 16:03:56 -05:00
akshya96 8b89a14f13
Local auth mount documentation (#12970)
* adding documentation changes

* adding requested changes

* adding suggested changes
2021-11-02 13:23:29 -07:00
vinay-gopalan ebb904031f
[VAULT-3969] Document CRUD APIs for OIDC client and assignment (#12939) 2021-11-02 11:01:28 -07:00
Victor Rodriguez f6e35369f0
VAULT-444: Add PKI tidy-status endpoint. (#12885)
VAULT-444: Add PKI tidy-status endpoint.

Add metrics so that the PKI tidy status can be monitored using telemetry as well.

Co-authored-by: Steven Clark <steven.clark@hashicorp.com>
2021-11-02 11:12:49 -04:00
Pratyoy Mukhopadhyay d37da52974
Add docs update for counter forwarding to oss (#12998)
* Add docs update for counter forwarding to oss

* Update website/content/api-docs/system/internal-counters.mdx

Co-authored-by: swayne275 <swayne275@gmail.com>

* Revert "Update website/content/api-docs/system/internal-counters.mdx"

This reverts commit 4c433726427c74e1ceef2378413cfe1eced92e9d.

* Revert "Revert "Update website/content/api-docs/system/internal-counters.mdx""

This reverts commit 0d89d734ad56a0943ad138fabbc7ce03f488176c.

Co-authored-by: swayne275 <swayne275@gmail.com>
2021-11-01 21:48:08 -07:00
John-Michael Faircloth 00a1bf37eb
docs: fix mongodb atlas username template doc (#12992) 2021-11-01 15:17:55 -05:00
Scott Miller 33edf1f556
Flip the semantics of the matching key algorithms in sign-self-issued. (#12988)
* Document allow_different_signature_algorithm param

* Flip the semantics of different key types for sign self issued

* More language tweaks

* Fix the field definition description

* Rework differenttype test for the new flag

* typo
2021-11-01 14:42:25 -05:00
Victor Rodriguez c83289f238
Document default value of encode_format field for Transform templates. (#12983) 2021-11-01 13:47:37 -04:00
Guillaume 353e8a312f
Fixed parameter name to match AppRole code (#12963) 2021-10-29 10:10:06 -07:00
vinay-gopalan cacc2d00bd
[VAULT-3967] Document CRUD APIs for OIDC provider and scope (#12924) 2021-10-28 10:33:51 -07:00
Chris Capurso 7dcae18641
Update kv custom metadata docs (#12920)
* fix json code block in kv api docs

* add custom_metadata to GET, PUT, PATCH in kv api docs

* add custom_metadata to get, put, and patch in kv CLI docs
2021-10-26 15:41:40 -04:00
Guillaume b9b7f5a9a3
Added support for a LDAP user search filter. Documentation, tests and UI included (#11000) 2021-10-26 10:39:12 -07:00
Chris Capurso 9c8fe62818
add patch section to kv-v2 api and CLI docs (#12689)
* add data patch section to kv-v2 api docs

* fix trucated output for kv put command with cas cmd in kv-v2 docs

* wip vault kv patch CLI docs

* add new flags to 'vault kv patch' CLI command docs

* fix cas_required formatting

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* fix cas formatting

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* additional format fixes

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>
2021-10-22 15:31:03 -04:00
Angel Garbarino a71938dddf
Update KV V2 docs to remove default on max_versions for config (#12845)
* remove default to ten

* explain default

* language change:
2021-10-22 10:17:36 -06:00
Nick Cabatoff 83076bb58d
Set Cassandra connect timeout, not just regular timeout (#12903) 2021-10-22 11:02:28 -04:00
Oliver fa5ea438c1
Fix header for Login's Parameters (#9731)
The header for parameters was the same as "Sample Payload"
2021-10-21 13:15:42 -07:00
vinay-gopalan 840af2ee36
[Docs] Update MSSQL DB Engine API docs with new contained_db field (#12889) 2021-10-20 13:18:36 -07:00
Philipp Hossner 824f097a7d
Let allowed_users template mix templated and non-templated parts (#10886)
* Let allowed_users template mix templated and non-templated parts (#10388)

* Add documentation

* Change test function names

* Add documentation

* Add changelog entry
2021-10-19 15:00:15 -07:00
Steven Clark b75e990cb6
Update website docs regarding ssh role allowed_extensions parameter (#12857)
* Update website docs regarding ssh role allowed_extensions parameter

 - Add note within the upgrading to 1.9.0 about behaviour change
 - Prefix the important note block within the main documentation about
   signed ssh certificates that it applies pre-vault 1.9
 - Update api docs for the allowed_extensions parameter within the ssh
   role parameter.

* Apply suggestions from code review

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>
2021-10-19 09:30:06 -04:00
Victor Rodriguez 70a9636575
Update docs with Transform FPE advanced I/O handling features (#12744) 2021-10-15 14:51:53 -04:00
saltperfect 66369469d9
Removed unpublished:true for sys/internal/* endpoints (#12713)
* removed unpublished:true for sys/internal/* endpoints

* added changelog file

* updated change log and added placeholder summary as these endpoints are not mentioned in docs.

* added documentation for internal/ui/namspaces and resultant-acl

* updated log configs
2021-10-15 14:50:14 -04:00
Brian Candler 58ec5e41c3
SSH: report signing error reason, and clarify docs re. non-RSA CA keys (#11036)
* SSH: report signing error reason, and clarify docs re. non-RSA CA keys

See #10067

* Update website/content/api-docs/secret/ssh.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

Co-authored-by: hghaf099 <83242695+hghaf099@users.noreply.github.com>
Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>
2021-10-15 10:01:10 -04:00
hghaf099 1b54217094
Adds note about policy needed for batch dr token (#12767) 2021-10-07 16:15:32 -04:00
Yoan Blanc 5951b832bb
docs: since Vault 1.0 Unseal is OSS (#12268)
* docs: since Vault 1.0 Unseal is OSS

Signed-off-by: Yoan Blanc <yoan@dosimple.ch>

* fixup! docs: since Vault 1.0 Unseal is OSS

Signed-off-by: Yoan Blanc <yoan@dosimple.ch>

* fixup! fixup! docs: since Vault 1.0 Unseal is OSS

Signed-off-by: Yoan Blanc <yoan@dosimple.ch>
2021-10-06 13:35:35 -07:00
VAL 1549af7e53
Add links to vault-examples repo (#12740) 2021-10-05 10:15:01 -07:00
Anner J. Bonilla 8c29f49e1a
Add support for ed25519 (#11780)
* update azure instructions

Update instructions in regards to azure AD Authentication and OIDC

* Initial pass of ed25519

* Fix typos on marshal function

* test wip

* typo

* fix tests

* missef changelog

* fix mismatch between signature and algo

* added test coverage for ed25519

* remove pkcs1 since does not exist for ed25519

* add ed25519 support to getsigner

* pull request feedback

Signed-off-by: Anner J. Bonilla <abonilla@hoyosintegrity.com>

* typo on key

Signed-off-by: Anner J. Bonilla <abonilla@hoyosintegrity.com>

* cast mistake

Signed-off-by: Anner J. Bonilla <abonilla@hoyosintegrity.com>

Co-authored-by: Jim Kalafut <jkalafut@hashicorp.com>
2021-10-05 11:28:49 -04:00
Matt Greenfield 8577602395
Fix entity group associations (#10085)
- When two entities are merged, remove the from entity ID in any
  associated groups.
- When two entities are merged, also merge their associated group
  memberships.

Fixes #10084
2021-10-01 10:22:52 -04:00
Scott Miller 0c7cdaf5f8
Document transform batch reference field (#12664) 2021-09-29 13:20:39 -05:00
Michael Golowka bee49a4c49
Update Azure secrets engine to use MS Graph (#12629) 2021-09-29 11:28:13 -06:00
Ben Ash b48debda2b
fix: upgrade vault-plugin-auth-kubernetes (#12633)
* fix: upgrade vault-plugin-auth-kubernetes

- brings in the alias_name_source feature which allows for setting
  alternate alias names based on the service accounts's namespace and
  name
- document the seurity related aspects for the feature addition above.
2021-09-27 13:10:55 -04:00
Pav Mohan 398be5129d
docs : Update GoLang library link in docs (#12567)
Previous link was to outdated master branch, this one is to up-to-date main branch
2021-09-24 10:01:13 -07:00
Pratyoy Mukhopadhyay 8e6698fb4a
[VAULT-3519] Return no_default_policy on token role read (#12565)
* [VAULT-3519] Return no_default_policy on token role read if set

* [VAULT-3519] Add changelog

* [VAULT-3519] Always return token_no_default_policy on role read

* Fix broken test

* Update role read response in docs
2021-09-21 09:53:08 -07:00
Tiernan a538936367
Allow globbing dis/allowed_policies_glob in token roles (#7277)
* Add allowed_policies_glob and disallowed_policies_glob that are the same as allowed_policies and disallowed_policies but allow glob matching.

* Update changelog, docs, tests, and comments for (dis)allowed_token_glob token role feature.

* Improve docs and unit tests for auth/token role policy globbing.
2021-09-21 08:25:06 -07:00
Nick Cabatoff 8a0250d277
Fix a couple of typos in the namespace api docs. (#12593) 2021-09-21 09:15:51 -04:00
Lukas Grossar 5c94e5157c
Update example responses for /sys/seal-status (#9621) 2021-09-17 09:38:36 -07:00
Pratyoy Mukhopadhyay 0819eac6a8
Update token renew docs (#12572)
* Update docs for token renew api and cli

* Clarify api docs for renew/renew-self

* Update wording around periodic tokens
2021-09-16 16:54:46 -07:00
divyapola5 30563097ea
Enforce minimum cache size for transit backend (#12418)
* Enforce Minimum cache size for transit backend

* enfore minimum cache size and log a warning during backend construction

* Update documentation for transit backend cache configuration

* Added changelog

* Addressed review feedback and added unit test

* Modify code in pathCacheConfigWrite to make use of the updated cache size

* Updated code to refresh cache size on transit backend without restart

* Update code to acquire read and write locks appropriately
2021-09-13 16:44:56 -05:00
John-Michael Faircloth 22c9be3835
identity: fix identity token introspect doc (#12531) 2021-09-10 11:41:32 -05:00
Mike Green d4656971b1
Add link to integrated storage docs page for learn tutorial (#12501)
* Help find the learn tutorial

* Add common API path header and move learn link

@ncabatoff suggestion
2021-09-09 09:51:45 -07:00
Theron Voran ed1088d81c
docs: k8s auth issuer lookup (#12506)
Moved the issuer discovery details to from the CSI docs to the K8s
auth docs.
2021-09-09 08:39:21 -07:00
Yoko Hyakuna 7c9b06da99
Fix isues 12397 (#12484) 2021-09-02 17:03:55 -07:00
Mike Green c04518044a
Clarify on overview page that audit is default replicated (#12298)
* Note that audit is replicated

* tweak

* clarify local is to the cluster, not only the node

* tweaking. i think this makes more sense
2021-09-01 13:53:01 -07:00
Nick Cabatoff 5f4f59f19c
Document some missing http status codes. (#12472) 2021-09-01 09:51:26 -04:00
Nick Cabatoff 8154cd2e4a
Add notes re dangers of identity write endpoints. (#12365) 2021-08-30 10:23:33 -04:00
Pratyoy Mukhopadhyay 8314a6a5f7
Update lease revocation api docs (#12453)
* Update lease revocation api docs

* Update lease_id description for lease renew endpoint
2021-08-27 14:44:16 -07:00
Chris Capurso 3f4a381f1b
Add kv custom key metadata (#12218)
* add custom-metdata flag to "kv metadata put" command

* add kv metadata put command test for custom-metadata flag

* add custom_metadata to kv-v2 api docs

* add custom_metadata to kv-v2 cli docs

* update go.mod

* Add custom metadata limits to docs

* add changelog entry

* update vault-plugin-secrets-kv to @master
2021-08-23 15:49:09 -04:00
Scott Miller 7fd2bdfa52
Fix a tokenization docs link fix (#12296)
* docs link typo

* Off by one relative dir
2021-08-18 13:44:25 -04:00
vinay-gopalan cf6932f5d5
[Docs] Add documentation for username_template feature in AWS Secrets Engine (#12310)
* add username_template docs

* remove backticks

* update default template to be readable

* undo markdown block

* add md block to render indents
2021-08-11 14:51:00 -07:00
hghaf099 f885d97774
VAULT-2285 adding capability to accept comma separated entries for au… (#12126)
* VAULT-2285 adding capability to accept comma separated entries for auth enable/tune

* Adding changelog

* Adding logic to detect invalid input parameter for auth enable config

* Updating tune.mdx

* Updating secret enable/tune for comma separated parameters

* Adding further parameter checks for auth/secret tests
Fixing changelog
using builtin type for a switch statement
Fixing a possible panic scenario

* Changing a function name, using deep.Equal instead of what reflect package provides

* Fixing auth/secret enable/tune mdx files

* One more mdx file fix

* Only when users provide a single comma separated string in a curl command, split the entries by commas

* Fixing API docs for auth/mount enable/tune for comma separated entries

* updating docs, removing an unnecessary switch case
2021-08-09 15:37:03 -04:00
Mike Green 46e327de4e
add visible note about being enterprise (#12216) 2021-07-30 13:00:33 -04:00
Pratyoy Mukhopadhyay 113b6885c3
[VAULT-2852] deprecate req counters in oss (#12197) 2021-07-29 10:21:40 -07:00
Mike Green 94689c9fe5
Update license.mdx (#10841)
Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>
2021-07-28 11:50:30 -07:00
Mike Green ac37d0e5a9
Clarify sudo req'd for remount (#12139) 2021-07-22 16:09:26 -04:00
Nick Cabatoff 9a26209a9d
Fix a couple of broken links to api docs. (#12143)
* Fix a couple of broken links to api docs.

* Qualify deprecation.
2021-07-21 13:09:32 -07:00
Meggie 892545e41d
Document timeout setting for raft snapshots (#12140)
* Document timeout setting for raft snapshots

We don't usually put this kind of information in the documentation, but
we are aware that snapshots can be slow and I could see this message
saving someone a lot of time. Open to closing this PR though if we
definitely don't want this kind of documentation.

* Fixing link
2021-07-21 15:14:08 -04:00
Nick Cabatoff 9db6e16a2a
Document bootstrap API. (#12132) 2021-07-20 18:24:49 -04:00
Calvin Leung Huang 185905d110
docs: remove username_template until after Vault 1.8 (#12129) 2021-07-20 11:46:09 -07:00
vinay-gopalan 859b60cafc
[VAULT-1969] Add support for custom IAM usernames based on templates (#12066)
* add ability to customize IAM usernames based on templates

* add changelog

* remove unnecessary logs

* patch: add test for readConfig

* patch: add default STS Template

* patch: remove unnecessary if cases

* patch: add regex checks in username test

* patch: update genUsername to return an error instead of warnings

* patch: separate tests for default and custom templates

* patch: return truncate warning from genUsername and trigger a 400 response on errors

* patch: truncate midString to 42 chars in default template

* docs: add new username_template field to aws docs
2021-07-20 09:48:29 -07:00
Mike Green 53759228b0
Clarify token create policies behavior (#12106) 2021-07-15 18:13:58 -04:00
Yahya 476b293a85
docs: fix heading number in SSH (#12029) 2021-07-15 14:25:45 -07:00
Angel Garbarino 288bc28127
Clarify KV 2 API docs (#12086)
* initial draft of changes

* address pr comments and add changelog

* remove changelog
2021-07-15 13:09:12 -06:00
MilenaHC 7c6f775798
updating API docs for InfluxDB (#12063) 2021-07-13 16:08:52 -05:00
Yong Wen Chua 7ea650bc06
Update Documentation for GCP Static Account (#12027)
* Update API Docs for Static Account

* Update CHANGELOGs

* Update guide

* Clarify IAM

* More refinement

* Fix missing replace of roleset while copy/pasting

Co-authored-by: Austin Gebauer <34121980+austingebauer@users.noreply.github.com>

* Remove CHANGELOG

* Fix some double ticks

* Apply suggestions from code review

Co-authored-by: Austin Gebauer <34121980+austingebauer@users.noreply.github.com>

* Update examples

Co-authored-by: Austin Gebauer <34121980+austingebauer@users.noreply.github.com>
2021-07-13 09:36:05 -07:00
MilenaHC 3c3b6529fd
Redshift - Add username customization (#12016)
* username customization for redshift

* adding changelog and updating api-docs
2021-07-08 10:29:12 -05:00
MilenaHC 4430a11bc5
Update SnowflakeDB plugin to v0.2.0 (#11997)
* update snowflake database plugin to v0.2.0

* add changelog

* update api-docs
2021-07-06 13:23:03 -05:00
John-Michael Faircloth 1da8bb0a25
MongoDB Atlas: Add username customization docs (#11943)
* MongoDB Atlas: Add username customization docs

* add changelog

* remove changelog; it was added to the relevant go.mod update PR
2021-07-06 08:24:23 -05:00
Austin Gebauer b34e24fa64
docs: AWS KMS updates for key management secrets engine (#11958) 2021-06-29 10:31:25 -07:00
MilenaHC 02d45f3a66
Update ElasticSearch DB plugin to v0.8.0 (#11957)
* update elasticsearch database plugin to v0.8.0

* add changelog

* update api-docs
2021-06-29 08:07:00 -05:00
Jason O'Donnell b2c9b3c344
plugins/ad: Add rotate-role endpoint (#11942)
* plugins/ad: add rotate-role

* Add doc

* changelog

* Add note about rotate-role in overview
2021-06-25 14:00:03 -04:00
mr-miles 9e031b5766
Mongo doesnt allow periods in usernames (#11872)
* mongo doesnt allow periods in usernames

* Update mongodb.mdx

Update template in docs

* Move replace to the end

* Adding a test for dot replacement

* Create 11872.txt
2021-06-24 13:26:31 -04:00
Austin Gebauer 920b75540e
docs: corrects json and issuer for identity tokens (#11924) 2021-06-23 09:04:23 -07:00
MilenaHC 5483eba5fc
RabbitMQ - Add username customization (#11899)
* add username customization for rabbitmq

* add changelog for rabbitmq

* Update builtin/logical/rabbitmq/path_config_connection.go

Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com>

* updating API docs

* moved to changelog folder

Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com>
2021-06-22 14:50:46 -05:00
Michael Golowka 7f6a1739a3
Cassandra: Refactor PEM parsing logic (#11861)
* Refactor TLS parsing

The ParsePEMBundle and ParsePKIJSON functions in the certutil package assumes
both a client certificate and a custom CA are specified. Cassandra needs to
allow for either a client certificate, a custom CA, or both. This revamps the
parsing of pem_json and pem_bundle to accomodate for any of these configurations
2021-06-21 11:38:08 -06:00
Nick Cabatoff 515f41558d
Docs for license autoloading. (#11886) 2021-06-18 12:19:18 -04:00
Marco Rieger 41d0b57498
Docs: Add Mittwald Vault Libraries (#9402) 2021-06-11 11:11:01 -07:00
pjaudiomv 34a28d592e
sts is PUT/POST request (#11681)
* sts is PUT/POST request

add changelog

* rebase, rm uneeded changelog
2021-06-11 12:58:39 -04:00
Jason O'Donnell 36cc4d8e87
db/cassandra: Adding changelog and documentation (#11822)
* db/cassandra: add tls_server_name

* Remove changes from deprecated engine

* Add changelog and doc
2021-06-10 19:06:40 -04:00
Michael Golowka 38ad0a4ac9
database/cassandra: Docs: Add known issue warning to pem_bundle field (#11823) 2021-06-10 17:04:12 -06:00
Maha Sharabinth 57cf0a8a4e
Password policies: Fix link from API docs to password policy syntax (#11755)
Fixed the issue with the URL link for the Password Policy Syntax.
2021-06-08 11:50:15 -06:00
Jason O'Donnell f1d88b8c58
Docs: clarify purposes in KMS for aws (#11782) 2021-06-07 13:45:14 -04:00
Josh Black c6c0424a8e
OSS parts of sys/config/reload/license (#11695) 2021-06-03 10:30:30 -07:00
Anand Capur 9c0c0eb7e5
Update index.mdx (#11753) 2021-06-02 16:20:32 -07:00
Kendall Strautman a9c9bb3cde
chore: upgrades text-split-with-logo-grid (#11750)
* chore: upgrades `text-split-with-logo-grid` and implementations

* fix: formatting docs page
2021-06-02 14:01:05 -04:00
swayne275 9724f59180
Vault 1979: Query API for Irrevocable Leases (#11607)
* build out lease count (not fully working), start lease list

* build out irrevocable lease list

* bookkeeping

* test irrevocable lease counts for API/CLI

* fix listIrrevocableLeases, test listIrrevocableLeases, cleanup

* test expiration API limit

* namespace tweaks, test force flag on lease list

* integration test leases/count API, plenty of fixes and improvements

* test lease list API, fixes and improvements

* test force flag for irrevocable lease list API

* i guess this wasn't saved on the last refactor...

* fixes and improvements found during my review

* better test error msg

* Update vault/logical_system_paths.go

Co-authored-by: Brian Kassouf <briankassouf@users.noreply.github.com>

* Update vault/logical_system_paths.go

Co-authored-by: Brian Kassouf <briankassouf@users.noreply.github.com>

* return warning with data if more than default leases to list without force flag

* make api doc more generalized

* list leases in general, not by mount point

* change force flag to include_large_results

* sort leases by LeaseID for consistent API response

* switch from bool flag for API limit to string value

* sort first by leaseID, then stable sort by expiration

* move some utils to be in oss and ent

* improve sort efficiency for API response

Co-authored-by: Brian Kassouf <briankassouf@users.noreply.github.com>
2021-06-02 10:11:30 -06:00
Baljeet Singh daaec9bdee
Fixing issue with FPE read and delete api docs (#11735)
Read and Delete FPE api-docs point to path `/transform/transformations/:name` instead it should be `/transform/transformation/:name`
2021-06-01 17:56:26 -05:00
Scott Miller cff7a2c589
Clarify the accuracy of estimated encryption counts wrt cluster nodes (#11561) 2021-05-27 12:30:47 -05:00
Vishal Nayak 549f1c7917
Minor fix to the docs (#11489) 2021-05-17 16:35:52 -04:00
Ricardo Cardenas d02a20bd2b
feat(aws): add ability to provide a role session name when generating STS credentials (#11345)
* feat(aws): add ability to provide a sessionName to sts credentials

Co-authored-by: Brad Vernon <bvernon@nvidia.com>
Co-authored-by: Jim Kalafut <jim@kalafut.net>
Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com>
2021-05-17 11:03:09 -07:00
Josh Black 641a81b74b
Provide a new API endpoint for retrieving signed licenses (#11543) 2021-05-12 12:19:25 -07:00
Austin Gebauer 872a4bd25f
Update GCP auth docs for signJwt transition to Service Account Credentials API (#11568) 2021-05-11 16:57:12 -07:00
Daniela Lavric 48ce69057e
Docs - auth username characters (#11558)
Document acceptable chars for usernames.
2021-05-07 08:17:51 -04:00
Nick Cabatoff 67374ba14d
Document the sync option for revoke/revoke-prefix. (#11538) 2021-05-06 10:18:46 -04:00
Michael Golowka 29d91d09ff
Add note about root_rotation_statements workaround for special chars (#11378) 2021-04-21 12:58:48 -07:00
Nick Cabatoff a62202eb87
Document unauth pprof and the new pprof endpoints. (#11413) 2021-04-21 15:21:59 -04:00
Austin Gebauer 81744c4094
Updates docs for G Suite config in JWT/OIDC auth method (#11418) 2021-04-21 10:59:37 -07:00
claire bontempo 1f6633fd56
Grammar typo fix (#11357)
* fixes are/is typo

* reverts change - need to checkout to new branch

* fixes is/are typo
2021-04-20 10:11:35 -05:00
Calvin Leung Huang a8cafab083
pki: fix tidy removal on revoked entries (#11367)
* pki: fix tidy removal on revoked entries

* add CL entry
2021-04-19 09:40:40 -07:00
Nick Cabatoff 50a471a5e1
Add config docs for leader_tls_servername. (#11369) 2021-04-16 09:40:42 -04:00
Nick Cabatoff 4312c2381e
Clarify non-explicit cloud auth for autosnapshots. (#11370) 2021-04-16 09:14:52 -04:00
Andreas Gruhler 5c35d55b2f
replace reference to version 1.6.4 with 1.7 (#11223)
Co-authored-by: Scott Miller <smiller@hashicorp.com>
2021-04-07 16:39:59 -05:00
Bryce Kalow b76a56d40c
feat(website): migrates nav data format and updates docs pages (#11242)
* migrates nav data format and updates docs pages

* removes sidebar_title from content files
2021-04-06 13:49:04 -04:00
Meggie 8898f84a1e
No version reference here (#11237) 2021-03-30 11:44:47 -04:00
Baljeet Singh 646bddd89a
update transform.mdx (#11105)
Typo on path of creating/updating transformation in api docs. 
Fixed by updating `transform/transformation` to `transform/transformations`
2021-03-24 20:10:27 -05:00
Vishal Nayak 2c161a6f6b
Autopilot Docs (#11167) 2021-03-24 10:29:10 -04:00
Austin Gebauer 1eee383ecf
Updates documentation for key management secrets engine (#11172) 2021-03-23 14:14:25 -07:00
Jim Kalafut a9dfaeb765
Update AWS Auth docs for deprecated terms and endpoints (#11146) 2021-03-22 14:15:19 -07:00
Vishal Nayak 04876c05fe
Update raft api docs (#10893)
* Update raft api docs

* Update website/content/api-docs/system/storage/raft.mdx

Co-authored-by: Nick Cabatoff <ncabatoff@hashicorp.com>

* Update website/content/api-docs/system/storage/raft.mdx

Co-authored-by: Brian Kassouf <briankassouf@users.noreply.github.com>

* Update website/content/api-docs/system/storage/raft.mdx

Co-authored-by: Brian Kassouf <briankassouf@users.noreply.github.com>

Co-authored-by: Nick Cabatoff <ncabatoff@hashicorp.com>
Co-authored-by: Brian Kassouf <briankassouf@users.noreply.github.com>
2021-03-20 00:46:08 -04:00
Scott Miller 689dd3722f
Document mysql (#11112)
* Document MySQL

* Document snapshot, restore, and export-decoded (#11110)

* Update website/content/api-docs/secret/transform.mdx

Co-authored-by: Josh Black <raskchanky@users.noreply.github.com>

* Add parseTime note

Co-authored-by: Josh Black <raskchanky@users.noreply.github.com>
2021-03-19 10:34:41 -05:00
Scott Miller 535bcf289e
Fix handling of minimum operations, and forward rotate/config requests to Primary (#11116)
* Boost max_operations to the greater of that specified or absoluteMinOperations

* Forward rotation config requests to the primary

* Reject rotation configs outside the min/max range

* Minor wording fix
2021-03-18 15:08:47 -05:00
Hridoy Roy 261e7c6b17
Docs: Key Rotation For Tokenization [VAULT-1482] (#10921)
* first docs pass

* filled in read output

* transform docs changes

* transform docs changes

* transform docs changes

* transform docs changes

* transform docs changes

* transform docs changes

* transform docs changes
2021-03-17 14:29:13 -07:00
Brad 266582628a
Add missing option to raft storage docs (#11041) 2021-03-17 17:25:28 -04:00
Andy Assareh 4ce8896b29
Add note that static role is rotated upon creation (#11126)
It does not appear to be documented that Vault must rotate the password upon static role creation in order to know the password, as it is not provided.
2021-03-17 11:27:04 -05:00
Austin Gebauer f5e7c2d9a8
Updates docs for jwt_supported_algs in JWT/OIDC auth method (#11115) 2021-03-16 14:17:53 -07:00
swayne275 d74f82346b
Add Partial Month Client Count API for Activity Log (#11022)
* sketch out partial month activity log client API

* unit test partialMonthClientCount

* cleanup api

* add api doc, fix test, update api nomenclature to match existing

* cleanup

* add PR changelog file

* integration test for API

* report entities and tokens separately
2021-03-01 16:15:59 -07:00
Brian Kassouf 1bc410783d OSS/ENT Drift 2021-03-01 10:51:04 -08:00
Scott Miller 1e1f7eff46
Documentation for barrier autorotation (#11027)
* Documentation for barrier autorotation

* changelog

* 1.7 upgrade notes
2021-03-01 10:45:22 -06:00
Michael Golowka 302cc4870e
Add Username Templating Concepts page (#10935) 2021-02-26 16:04:12 -07:00
Lauren Voswinkel 075898cf73
Add IAM tagging support for iam_user roles in AWS secret engine (#10953)
* Added support for iam_tags for AWS secret roles

This change allows iam_users generated by the secrets engine
to add custom tags in the form of key-value pairs to users
that are created.
2021-02-25 16:03:24 -08:00
Clint f998f96451
Add documentation for upcoming Terraform Cloud secret engine (#10823)
* add side navigation for Terraform Cloud Secret Engine

* terraform cloud engine docs

* add api-docs for terraform cloud secret engine

* fix some typos and improve wording, now with less management

* fix capitalization

* change text->shell-session

* clarify rotating user roles returns an error
2021-02-22 10:57:52 -06:00
Jim Kalafut 7e54bc15c2
Add TOTP support to Okta Auth (#10942) 2021-02-21 21:18:17 -08:00
Austin Gebauer 0017b78919
Adds API docs for max_age role parameter of JWT/OIDC auth method (#10916) 2021-02-19 13:39:58 -08:00
Tom Proctor 5f9891f992
auth/kubernetes docs: Correct default issuer (#10900)
As per 207d1b4c1c/path_login.go (L24), the default issuer when none is set is `kubernetes/serviceaccount`.
2021-02-11 15:26:34 +00:00
Vishal Nayak 53cb1deb38
Revert "Read-replica instead of non-voter (#10875)" (#10890)
This reverts commit fc745670cf34821f5834357d9caebc3351dbc1e7.
2021-02-10 16:41:58 -05:00
Vishal Nayak a2394e7353
Read-replica instead of non-voter (#10875) 2021-02-10 09:58:18 -05:00
jonZlotnik 541079dec3
both serviceaccount and namespace can be splat (#10829)
Needs to be changed in the docs.
Please see commit 70bc47384bedfc895d08d1df17a45b0c4ea8b6de
2021-02-09 11:14:13 -08:00
Scott Miller ad1621dd5f
Add documentation about the horizontal cluster scalability of PKI secret engine operations (#10745)
* Add documentation about the horizontal cluster scalability of PKI secret engine operations

* Mention generate_lease

* cluster terminology

* Discuss generate_lease

* active again

* One more go
2021-02-09 11:00:24 -06:00
Michael Golowka aaa51e975f
Add docs for OpenLDAP dynamic secrets (#10817) 2021-02-05 10:49:29 -07:00
Calvin Leung Huang b1c4b86d7f
approle: add ttl to the secret ID generation response (#10826)
* approle: add ttl to the secret ID generation response

* approle: move TTL derivation into helper func

* changelog: add changelog entry

* docs: update approle docs and api-docs pages
2021-02-03 16:32:16 -08:00
Mark Gritter 3ec15c4927
Fix use of identity/group endpoint to edit group by name (#10812)
* Updates identity/group to allow updating a group by name (#10223)
* Now that lookup by name is outside handleGroupUpdateCommon, do not
use the second name lookup as the object to update.
* Added changelog.

Co-authored-by: dr-db <25711615+dr-db@users.noreply.github.com>
2021-01-29 16:50:08 -06:00
Mike Green 588ce498d3
clarify space limits in bytes (#10811) 2021-01-29 14:43:48 -05:00
Nick Cabatoff 936ce3ba62
Document identity behaviour on local auth mounts. (#10805) 2021-01-28 11:45:53 -05:00
Hridoy Roy 537189cab8
make token create case insensitive [VAULT-1021] (#10743)
* make token create case insensitive

* changelog

* comment update
2021-01-27 09:56:54 -08:00
Hridoy Roy d1241b5286
changelog for entropy augmentation PR [VAULT-1179] (#10755)
* changelog for entropy augmentation

* docs upgrade

* docs upgrade

* docs upgrade

* docs upgrade
2021-01-26 21:06:38 -08:00
Mike Green b0d5660765
Clarify slash is needed on gcs and azure (#10710)
Clarify user question, unexpected behavior with no slash on gcs.
2021-01-21 12:32:24 -05:00
Lauren Voswinkel 086e8bbb74
Updates api-docs for static role deletion (#10736)
We now specify that the user will remain unless cleaned up manually
2021-01-20 12:57:00 -08:00
Nick Cabatoff b93c5ff304
Spell out how to configure credentials for GCS. (#10589) 2021-01-20 09:09:23 -05:00
Mark Gritter d076d95d37
Feature flags API (#10613)
* Added sys/internal/ui/feature-flags endpoint.
* Added documentation for new API endpoint.
* Added integration test.
Co-authored-by: swayne275 <swayne@hashicorp.com>
2021-01-06 16:05:00 -06:00
Lauren Voswinkel ce90acd68d
Add Snowflake docs to the website (#10617)
* Add snowflake docs to the website

* Update navs

* Add Snowflake to the DB Capabilities table
2021-01-05 14:44:28 -08:00
Jeff Escalante ec620a7765
Implement MDX Remote (#10581)
* implement mdx remote

* fix an unfenced code block

* fix partials path

Co-authored-by: Jim Kalafut <jkalafut@hashicorp.com>
2020-12-17 16:53:33 -05:00