Commit graph

1662 commits

Author SHA1 Message Date
Jeff Mitchell d0f329e124 Add leader cluster address to status/leader output. (#3061)
* Add leader cluster address to status/leader output. This helps in
identifying a particular node when all share the same redirect address.

Fixes #3042
2017-07-31 18:25:27 -04:00
Brian Rodgers d8e47e6f79 docs: Added text to clarify that root does not refer to AWS root creds (#2950) 2017-07-31 17:31:44 -04:00
Oliver Beattie e5a3156429 Fix docs to use new style 2017-07-31 15:24:08 +01:00
Filipe Varela a5a480551c Makes naming consistent w/ other storage backends (ie: etcd) 2017-07-31 15:18:07 +01:00
Filipe Varela b0446a2b25 Adds docs for new configuration options 2017-07-31 15:18:06 +01:00
Oliver Beattie 3919f38bd5 Add a (basic) Cassandra storage backend 2017-07-31 15:18:01 +01:00
Jeff Mitchell 45fd7dad60 Add note about ed25519 hashing to docs and path help.
Fixes #3074
Closes #3076
2017-07-28 09:30:27 -04:00
Chris Hoffman a3b5e18da0 adding filtered mount docs (#3059) 2017-07-27 09:28:52 -04:00
Brian Kassouf 1a3b6facf0 Add docs for DR Replication (#3067)
* Add docs for DR Replication

* Fix up docs
2017-07-26 13:47:41 -07:00
Jonathan Duncan 8e9f54fc70 Updated policy format to use capabilities keyword (#3063)
The `policy` key name is deprecated and has been replaced with `capabilities`.
2017-07-26 14:05:11 -04:00
James Phillips 0ab5b0e26b Fixes a typo in the VSI doc. (#3047) 2017-07-26 12:18:52 -04:00
Jeremy Voorhis 87d4014b6b s/alterate/alternate/ (#3056) 2017-07-26 11:44:06 -04:00
Vishal Nayak a80d7fb9c8 docs: Identity Store (#3055) 2017-07-25 18:33:17 -04:00
Chris Hoffman 2aa02fb3f0 CockroachDB Physical Backend (#2713) 2017-07-23 08:54:33 -04:00
Calvin Leung Huang bb54e9c131 Backend plugin system (#2874)
* Add backend plugin changes

* Fix totp backend plugin tests

* Fix logical/plugin InvalidateKey test

* Fix plugin catalog CRUD test, fix NoopBackend

* Clean up commented code block

* Fix system backend mount test

* Set plugin_name to omitempty, fix handleMountTable config parsing

* Clean up comments, keep shim connections alive until cleanup

* Include pluginClient, disallow LookupPlugin call from within a plugin

* Add wrapper around backendPluginClient for proper cleanup

* Add logger shim tests

* Add logger, storage, and system shim tests

* Use pointer receivers for system view shim

* Use plugin name if no path is provided on mount

* Enable plugins for auth backends

* Add backend type attribute, move builtin/plugin/package

* Fix merge conflict

* Fix missing plugin name in mount config

* Add integration tests on enabling auth backend plugins

* Remove dependency cycle on mock-plugin

* Add passthrough backend plugin, use logical.BackendType to determine lease generation

* Remove vault package dependency on passthrough package

* Add basic impl test for passthrough plugin

* Incorporate feedback; set b.backend after shims creation on backendPluginServer

* Fix totp plugin test

* Add plugin backends docs

* Fix tests

* Fix builtin/plugin tests

* Remove flatten from PluginRunner fields

* Move mock plugin to logical/plugin, remove totp and passthrough plugins

* Move pluginMap into newPluginClient

* Do not create storage RPC connection on HandleRequest and HandleExistenceCheck

* Change shim logger's Fatal to no-op

* Change BackendType to uint32, match UX backend types

* Change framework.Backend Setup signature

* Add Setup func to logical.Backend interface

* Move OptionallyEnableMlock call into plugin.Serve, update docs and comments

* Remove commented var in plugin package

* RegisterLicense on logical.Backend interface (#3017)

* Add RegisterLicense to logical.Backend interface

* Update RegisterLicense to use callback func on framework.Backend

* Refactor framework.Backend.RegisterLicense

* plugin: Prevent plugin.SystemViewClient.ResponseWrapData from getting JWTs

* plugin: Revert BackendType to remove TypePassthrough and related references

* Fix typo in plugin backends docs
2017-07-20 13:28:40 -04:00
Joel Thompson 3704751a8f Improve sts header parsing (#3013) 2017-07-18 09:51:45 -04:00
Gobin Sougrakpam 2ddbc4a939 Adding option to set custom vault client timeout using env variable VAULT_CLIENT_TIMEOUT (#3022) 2017-07-18 09:48:31 -04:00
vishalnayak 22bb35b020 doc fix 2017-07-18 04:55:00 -04:00
Andy Manoske d82f231753 Update configuration.html.md (#3029) 2017-07-17 14:37:32 -04:00
Jeff Mitchell 4387871bca Add max_parallel to mssql and postgresql (#3026)
For storage backends, set max open connections to value of max_parallel.
2017-07-17 13:04:49 -04:00
Seth Vargo ce1808f77d Update Policies and Auth concepts pages (#3011) 2017-07-14 11:15:22 -04:00
Jeff Mitchell 8903f68bf6 Reformat some wrapping docs 2017-07-13 19:02:15 -04:00
Jeff Mitchell f3f4452334 Revert "Remove wrapping/wrap from default policy and add a note about guarantees (#2957)" (#3008)
This reverts commit b2d2459711d9cb7552daf1cc2330c07d31ef4f51.
2017-07-13 18:47:29 -04:00
Jeff Mitchell 2c6b7db279 Remove wrapping/wrap from default policy and add a note about guarantees (#2957) 2017-07-13 15:29:04 -07:00
Tony Cai 07088fe8a0 Added HANA database plugin (#2811)
* Added HANA dynamic secret backend

* Added acceptance tests for HANA secret backend

* Add HANA backend as a logical backend to server

* Added documentation to HANA secret backend

* Added vendored libraries

* Go fmt

* Migrate hana credential creation to plugin

* Removed deprecated hana logical backend

* Migrated documentation for HANA database plugin

* Updated HANA DB plugin to use role name in credential generation

* Update HANA plugin tests

* If env vars are not configured, tests will skip rather than succeed

* Fixed some improperly named string variables

* Removed unused import

* Import SAP hdb driver
2017-07-07 13:11:23 -07:00
Brian Shumate 40b365ae61 DOCS: Update API docs for /sys/generate-root (#2978)
- Fix invalid JSON example
2017-07-07 08:25:32 -04:00
Will May 23ff17c769 Allow Okta auth backend to specify TTL and max TTL values (#2915) 2017-07-05 09:42:37 -04:00
Jeff Mitchell 7394214b94 Don't indicate signed data can be returned as hex.
Fixes #2953
2017-07-04 15:06:50 -04:00
Jasper Siepkes 5ae38eb745 Added documentation for working with MySQL wildcards in GRANT (#2963) 2017-07-04 13:59:08 -04:00
Brian Shumate 5fb9c73e1d DOCS: fix typo (#2965) 2017-07-03 12:40:31 -04:00
Cameron Stokes 711d6e6569 [docs] Add requirements for hsm. (#2941) 2017-07-01 21:21:51 +01:00
Cameron Stokes 4ae3e1295a [docs] production hardening typo 2017-06-30 15:18:17 -07:00
Seth Vargo 00e2213790 Add rekeying guide & move guides to top-level (#2935) 2017-06-29 14:43:43 +01:00
Brian Nuszkowski 45c7bc718f Add the option to specify a specific key id format that is generated … (#2888) 2017-06-29 04:05:06 +01:00
Brian Shumate 7a8b16f441 Docs: Expand Telemetry documentation (#2860) 2017-06-29 04:02:48 +01:00
Brian Boerst 0631c02558 Typo fix in vault enterprise/replication docs. (#2932) 2017-06-29 04:01:32 +01:00
Seth Vargo cb7e3051c0 Merge pull request #2914 from hashicorp/sethvargo/ec2authimage
Add diagram for EC2 Auth flow
2017-06-28 07:31:37 +08:00
Armon Dadgar 872e9ba8fb Merge pull request #2925 from hashicorp/docs-harden
website: Add more hardening tips
2017-06-27 11:22:46 -07:00
Seth Vargo 7d59190129
Clarify Vault server 2017-06-27 22:38:16 +08:00
Seth Vargo ca966b6e79
Re-org and move text around in list instead 2017-06-27 22:38:16 +08:00
Seth Vargo 16149fbbf2
Capitalize C 2017-06-27 22:38:16 +08:00
Seth Vargo 436d656a32
Add diagram for EC2 Auth flow 2017-06-27 22:38:16 +08:00
Ryon 7b0402ea6f Update middleman-hashicorp to 0.3.28 for mega nav fixes (#2924) 2017-06-27 12:04:04 +01:00
Armon Dadgar 4cd3a56b8b adding link to security model 2017-06-26 17:43:04 -07:00
Armon Dadgar fb8b737ae8 website: Add more hardening tips 2017-06-26 14:00:36 -07:00
TheCodeAssassin 9e09899c69 Small typo fix (#2921) 2017-06-26 10:08:18 -04:00
Cameron Stokes e28244cb8b [docs]: Fix typo in hardening guide. 2017-06-22 22:20:17 -07:00
Armon Dadgar e184c3fa0d Merge pull request #2898 from hashicorp/docs-prod-hard
website: adding production hardening guide
2017-06-22 15:05:35 -07:00
Saj Goonatilleke a576feeb1d Fix a typo in the telemetry documentation (#2910) 2017-06-22 20:12:28 +01:00
Armon Dadgar a40d24772e Make recommendation vs requirement more clear 2017-06-22 11:02:18 -07:00
lisli 82f28aecbb update news section with vault update and webinar update (#2904) 2017-06-22 17:07:36 +01:00
Armon Dadgar 266f55c5d9 Copy changes 2017-06-21 09:55:00 -07:00
Armon Dadgar 9ae6004dbe website copy updates 2017-06-20 21:21:04 -07:00
Armon Dadgar 10a56c7ceb website: adding production hardening guide 2017-06-20 17:44:54 -07:00
Jeff Mitchell 40ef2e5c85 More cleanup
Ping #2894
2017-06-20 10:46:24 -04:00
Jeff Mitchell 9edbf1c8d1 Clarify/fix some configuration info.
Fixes #2894
2017-06-20 10:12:59 -04:00
Jeff Mitchell 8f1f9d5522 Add ACL info to Consul configuration page 2017-06-19 19:39:52 -04:00
Eugene Bekker 1e3e83f7b0 Add Zyborg.Vault PowerShell module to libs list (#2869) 2017-06-17 11:24:13 -04:00
Raphael Randschau db4e1b4a99 CouchDB physical backend (#2880) 2017-06-17 11:22:10 -04:00
Jeff Mitchell cf7d56e8f3 Fix up CORS.
Ref #2021
2017-06-17 01:26:25 -04:00
Aaron Salvo 0303f51b68 Cors headers (#2021) 2017-06-17 00:04:55 -04:00
Jeff Mitchell 33ca94773f Add DogStatsD metrics output. (#2883)
Fixes #2490
2017-06-16 23:51:46 -04:00
Jeff Mitchell 0ea8f17357 Add some warnings to the upgrade guide 2017-06-16 13:23:22 -04:00
vishalnayak a50ce54603 doc: add radius to MFA backend docs 2017-06-15 18:31:53 -04:00
Jeff Mitchell df229f5255 Fix typo in transit docs 2017-06-14 11:49:12 -04:00
Seth Vargo 789247d922 Add callouts for deprecations and beta (#2854)
This makes the sidebar emphasize the deprecated database backends more.
2017-06-14 16:11:16 +01:00
Nathan Valentine 3309496916 Clean up extra word in docs (#2847) 2017-06-12 13:08:54 -04:00
Jonathan Duncan 7038348b6d Adding some visual separation for parameters (#2841)
Currently on the Documentation pages when parameters are listed, there is no visual separation between the parameter names, flags, and descriptions. This should make it a bit easier for humans to read.
2017-06-12 06:59:38 -04:00
Jeff Mitchell 8b3657d840 Add note about lowercasing usernames to userpass docs 2017-06-08 09:41:01 -04:00
Cameron Stokes 8e0ac2dbb0 [docs] Add notes about deprecated database backends. (#2835) 2017-06-07 23:45:01 -07:00
Cameron Stokes d26bb4f2fb [docs] Fix Mongodb link in sidebar. 2017-06-07 20:36:36 -07:00
Seth Vargo 00ab0d713f
Update packer and makefile 2017-06-07 16:00:30 -04:00
Jeff Mitchell b8bc3d101b Bump versions 2017-06-07 15:23:51 -04:00
Brian Kassouf 8d58b43906 update database interface in the docs 2017-06-07 11:20:13 -07:00
Jeff Mitchell f6d48312d8 Add new transit features to documentation 2017-06-07 13:00:14 -04:00
Joel Thompson 4a934915d7 Resolve AWS IAM unique IDs (#2814) 2017-06-07 10:27:11 -04:00
Dan Brown 4f3fb87b9d Docs typo fixes (#2830)
* Fix passing payload.json file to curl

* Correct API endpoint
2017-06-07 10:02:58 -04:00
Joel Thompson 7437ada31c Check if there's a bound iam arn when renewing (#2819)
Previously, the renew method would ALWAYS check to ensure the
authenticated IAM principal ARN matched the bound ARN.  However, there
is a valid use case in which no bound_iam_principal_arn is specified and
all bindings are done through inferencing. When a role is configured
like this, clients won't be able to renew their token because of the
check.

This now checks to ensure that the bound_iam_principal_arn is not empty
before requriing that it match the originally authenticated client.

Fixes #2781
2017-06-06 22:35:12 -04:00
Katie Bayes cff022a65c update middleman version from 24 to 26 (#2824) 2017-06-06 22:33:26 -04:00
Brian Kassouf 606fe393be Use the role name in the db username (#2812) 2017-06-06 09:49:49 -04:00
sam boyer 789d7ab4e0 Minor typos & wordsmithing for clarity (#2807) 2017-06-05 09:32:09 -07:00
Jeff Mitchell dad291c93c Add plugin_directory to configuration page (#2801)
Fixes #2795
2017-06-03 08:11:03 -04:00
Igor Katson 88118dce0f Add max_parallel parameter to MySQL backend. (#2760)
* Add max_parallel parameter to MySQL backend.

This limits the number of concurrent connections, so that vault does not die
suddenly from "Too many connections".

This can happen when e.g. vault starts up, and tries to load all the
existing leases in parallel. At the time of writing this, the value
ExpirationRestoreWorkerCount in vault/helper/consts/const.go is set to
64, meaning that if there are enough leases in the vault's DB, it will
generate AT LEAST 64 concurrent connections to MySQL when loading the
data during start-up. On certain configurations, e.g. smaller AWS
RDS/Aurora instances, this will cause Vault to fail startup.

* Fix a typo in mysql storage readme
2017-06-01 15:20:32 -07:00
Chris Hoffman 2ba85b49c7 Adding auth/aws-ec2 redirect to new docs location 2017-06-01 11:18:19 -04:00
Vishal Nayak 128907172f doc: leases are generated only for dynamic secrets (#2772)
* doc: leases are generated only for dynamic secrets

* Address review feedback
2017-05-31 09:47:17 -04:00
Vishal Nayak 58b68dc35e doc: PKI API table of contents (#2756)
* Add a table of contents for api/secret/pki

* Fix the read certificate link
2017-05-23 09:19:47 -04:00
Ryon 7d4fb9c8e4 Update news section with March 22 webinar video (#2663) 2017-05-22 20:19:52 -04:00
Jeff Mitchell 6a39ccc8d6 Remove comment about a non-existent validation section
Fixes #2524
2017-05-22 12:37:51 -04:00
vishalnayak 9bbeff3f44 doc: Fix the sample input value for cache_size 2017-05-19 12:32:44 -04:00
Jeff Mitchell 57461e3556 Fix revoke-secondary API addr 2017-05-19 00:53:49 -04:00
Kenny Gatdula f9a71de87a Update plugins.html.md (#2744)
Minor typo and spellcheck update
2017-05-18 14:06:44 -04:00
Martins Sipenko f3f6b02682 Fix X-Vault-AWS-IAM-Server-ID example (#2728) 2017-05-15 09:06:45 -04:00
Ken McVicker 3a354343af Update install.html.md
Updates list of commands with the output of 0.6.4.  Missing commands list, unwrap, capabilities, generate-root
2017-05-12 14:13:06 -06:00
Martins Sipenko 774c70e1e2 Update aws.html.md (#2715) 2017-05-12 12:10:11 -04:00
Brian Kassouf 06472d8ceb Merge pull request #2718 from hashicorp/doc-updates
Add plugin level docs for what statements are supported and how they …
2017-05-12 08:12:27 -07:00
Calvin Leung Huang 9fd39a0681 Mongodb plugin (#2698)
* WIP on mongodb plugin

* Add mongodb plugin

* Add tests

* Update mongodb.CreateUser() comment

* Update docs

* Add missing docs

* Fix mongodb docs

* Minor comment and test updates

* Fix imports

* Fix dockertest import

* Set c.Initialized at the end, check for empty CreationStmts first on CreateUser

* Remove Initialized check on Connection()

* Add back Initialized check

* Update docs

* Move connProducer and credsProducer into pkg for  mongodb and cassandra

* Chage parseMongoURL to be a private func

* Default to admin if no db is provided in creation_statements

* Update comments and docs
2017-05-11 17:38:54 -04:00
Jeremy Voorhis 3407a033ba Update the S3 storage backend docs to reflect capabilities. 2017-05-11 14:30:05 -07:00
Brian Kassouf 1460c2fcc7 Add plugin level docs for what statements are supported and how they should be formatted 2017-05-11 11:59:58 -07:00
Chris Hoffman 08f3b08bbd adding leases documentation redirects (#2707) 2017-05-10 09:43:09 -04:00
Chris Hoffman 4cd50fd822 Updating key export documentation for transit (#2706) 2017-05-10 09:27:03 -04:00
Cameron Stokes ab7d91a506 [docs] Update glossary for auth backend terminology. (#2703) 2017-05-09 22:17:32 -04:00
Seth Vargo a7a5337cbc
Update builder, allow disabling redirects 2017-05-09 17:00:34 -04:00
Seth Vargo 3e16f02d4b
Add project-side redirects 2017-05-09 16:07:55 -04:00
Tim Stamp de8bbed321 Header Type Typo (#2695)
Header 'Update Key Configuration' should be a H2 not a H4.
2017-05-09 09:57:23 -04:00
Jeff Mitchell 7068292252 Update/clarify docs on generic backend ttl.
Ping #2697
2017-05-09 09:56:11 -04:00
Jeff Mitchell 7763b15493 Bump versions 2017-05-08 16:19:41 -04:00
Jeff Mitchell f1fb1e50a5 Prep for 0.7.1 2017-05-05 11:46:43 -04:00
Brian Kassouf 61f115ba81 Update postgresql.html.md 2017-05-04 17:56:09 -07:00
Brian Kassouf 20cc43bf18 Update mysql-maria.html.md 2017-05-04 17:55:50 -07:00
Brian Kassouf 913a112681 Update mssql.html.md 2017-05-04 17:55:30 -07:00
Brian Kassouf 16e6f9640d Few docs updates 2017-05-04 14:07:12 -07:00
Calvin Leung Huang c0ce0ae499 Merge branch 'database-refactor' of github.com:hashicorp/vault into database-refactor 2017-05-04 16:46:47 -04:00
Calvin Leung Huang b49993f81f Update mssql docs 2017-05-04 16:46:34 -04:00
Brian Kassouf 3c41bdfa16 update docs 2017-05-04 13:38:49 -07:00
Brian Kassouf 7dcec6e68f Merge remote-tracking branch 'oss/master' into database-refactor 2017-05-04 12:40:00 -07:00
Brian Kassouf 82b58d5b9c Update docs and return a better error message 2017-05-04 11:45:27 -07:00
mymercurialsky 4c0e3c5d2f Implemented TOTP Secret Backend (#2492)
* Initialized basic outline of TOTP backend using Postgresql backend as template

* Updated TOTP backend.go's structure and help string

* Updated TOTP path_roles.go's structure and help strings

* Updated TOTP path_role_create.go's structure and help strings

* Fixed typo in path_roles.go

* Fixed errors in path_role_create.go and path_roles.go

* Added TOTP secret backend information to cli commands

* Fixed build errors in path_roles.go and path_role_create.go

* Changed field values of period and digits from uint to int, added uint conversion of period when generating passwords

* Initialized TOTP test file based on structure of postgresql test file

* Added enforcement of input values

* Added otp library to vendor folder

* Added test steps and cleaned up errors

* Modified read credential test step, not working yet

* Use of vendored package not allowed - Test error

* Removed vendor files for TOTP library

* Revert "Removed vendor files for TOTP library"

This reverts commit fcd030994bc1741dbf490f3995944e091b11da61.

* Hopefully fixed vendor folder issue with TOTP Library

* Added additional tests for TOTP backend

* Cleaned up comments in TOTP backend_test.go

* Added default values of period, algorithm and digits to field schema

* Changed account_name and issuer fields to optional

* Removed MD5 as a hash algorithm option

* Implemented requested pull request changes

* Added ability to validate TOTP codes

* Added ability to have a key generated

* Added skew, qr size and key size parameters

* Reset vendor.json prior to merge

* Readded otp and barcode libraries to vendor.json

* Modified help strings for path_role_create.go

* Fixed test issue in testAccStepReadRole

* Cleaned up error formatting, variable names and path names. Also added some additional documentation

* Moveed barcode and url output to key creation function and did some additional cleanup based on requested changes

* Added ability to pass in TOTP urls

* Added additional tests for TOTP server functions

* Removed unused QRSize, URL and Generate members of keyEntry struct

* Removed unnecessary urlstring variable from pathKeyCreate

* Added website documentation for TOTP secret backend

* Added errors if generate is true and url or key is passed, removed logger from backend, and revised parameter documentation.

* Updated website documentation and added QR example

* Added exported variable and ability to disable QR generation, cleaned up error reporting, changed default skew value, updated documentation and added additional tests

* Updated API documentation to inlude to exported variable and qr size option

* Cleaned up return statements in path_code, added error handling while validating codes and clarified documentation for generate parameters in path_keys
2017-05-04 10:49:42 -07:00
Brian Kassouf 5ee0d696d4 Merge remote-tracking branch 'oss/master' into database-refactor 2017-05-04 10:45:18 -07:00
Brian Kassouf 29bfc0a0d4 PR comments 2017-05-04 10:41:59 -07:00
Chris Hoffman 3d9cf89ad6 Add the ability to view and list of leases metadata (#2650) 2017-05-03 22:03:42 -04:00
Brian Kassouf ce391ca425 add new mysql plugin names and fix grammar 2017-05-03 18:41:39 -07:00
Brian Kassouf bf29861d49 Add the plugins catalog API docs 2017-05-03 11:43:24 -07:00
Brian Kassouf e92818e0ae Upate links in docs 2017-05-03 10:25:12 -07:00
Brian Kassouf dbb5b38e0d Add API docs 2017-05-03 02:13:07 -07:00
Brian Kassouf 63de72c10f Add custom plugins docs page 2017-05-03 00:01:28 -07:00
Brian Kassouf 50ac77be51 Update docs for the database backend and it's plugins 2017-05-02 22:24:31 -07:00
Brian Kassouf b60ff2048d Update docs and add cassandra as a builtin plugin 2017-05-02 17:04:49 -07:00
Brian Kassouf 20994c1247 Fix wording in docs 2017-05-02 16:20:07 -07:00
Jeff Mitchell 712cacaf4d Add website skeleton 2017-05-02 16:26:32 -04:00
mhristof df325288ac fix format for secret/pki (#2668) 2017-05-02 07:52:55 -04:00
Brian Kassouf ca7ff89bcb Fix documentation 2017-05-02 02:22:06 -07:00
Brian Kassouf f17c50108f Add plugins interal page to the sidebar: 2017-05-02 02:00:04 -07:00
Brian Kassouf a963097747 Add internals doc for plugins 2017-05-02 01:59:36 -07:00
Seth Vargo 44e1c64cfd Add UI docs (#2664) 2017-05-01 17:36:37 -04:00
Marc Boudreau 5630b0ad4b Changing the ttl value in the Generate IAM with STS sample to a valid value (#2665) 2017-05-01 14:41:49 -04:00
Justin Gerace 403efeb5ae Add globbing support to the PKI backend's allowed_domains list (#2517) 2017-05-01 10:40:18 -04:00
Michael Ansel 30b71cbbac Add constraints on the Common Name for certificate-based authentication (#2595)
* Refactor to consolidate constraints on the matching chain

* Add CN prefix/suffix constraint

* Maintain backwards compatibility (pick a random cert if multiple match)

* Vendor go-glob

* Replace cn_prefix/suffix with required_name/globbing

Move all the new tests to acceptance-capable tests instead of embedding in the CRL test

* Allow authenticating against a single cert

* Add new params to documentation

* Add CLI support for new param

* Refactor for style

* Support multiple (ORed) name patterns

* Rename required_names to allowed_names

* Update docs for parameter rename

* Use the new TypeCommaStringSlice
2017-04-30 11:37:10 -04:00
Cameron Stokes 73867dab92 Add local flag to docs for API endpoints. (#2625) 2017-04-28 14:33:27 -04:00
Ryan Smith-Evans d0d448cfbe Added required header (#2656) 2017-04-28 08:56:14 -04:00
greenbrian 90a442ec92 Fix links on Consul storage backend page (#2652) 2017-04-28 07:48:23 -04:00
Chris Hoffman 1a60fede58 Updating revoke/renew to prefer PUT method (#2646) 2017-04-27 10:47:43 -04:00
Jeff Mitchell d9e639ece2 Fix types of listener options, currently they're all strings 2017-04-25 11:20:48 -04:00
Seth Vargo 7b21562f07 Make sidebar a bit wider on smaller screens (#2638) 2017-04-24 15:39:58 -04:00
Joel Thompson e06a78a474 Create unified aws auth backend (#2441)
* Rename builtin/credential/aws-ec2 to aws

The aws-ec2 authentication backend is being expanded and will become the
generic aws backend. This is a small rename commit to keep the commit
history clean.

* Expand aws-ec2 backend to more generic aws

This adds the ability to authenticate arbitrary AWS IAM principals using
AWS's sts:GetCallerIdentity method. The AWS-EC2 auth backend is being to
just AWS with the expansion.

* Add missing aws auth handler to CLI

This was omitted from the previous commit

* aws auth backend general variable name cleanup

Also fixed a bug where allowed auth types weren't being checked upon
login, and added tests for it.

* Update docs for the aws auth backend

* Refactor aws bind validation

* Fix env var override in aws backend test

Intent is to override the AWS environment variables with the TEST_*
versions if they are set, but the reverse was happening.

* Update docs on use of IAM authentication profile

AWS now allows you to change the instance profile of a running instance,
so the use case of "a long-lived instance that's not in an instance
profile" no longer means you have to use the the EC2 auth method. You
can now just change the instance profile on the fly.

* Fix typo in aws auth cli help

* Respond to PR feedback

* More PR feedback

* Respond to additional PR feedback

* Address more feedback on aws auth PR

* Make aws auth_type immutable per role

* Address more aws auth PR feedback

* Address more iam auth PR feedback

* Rename aws-ec2.html.md to aws.html.md

Per PR feedback, to go along with new backend name.

* Add MountType to logical.Request

* Make default aws auth_type dependent upon MountType

When MountType is aws-ec2, default to ec2 auth_type for backwards
compatibility with legacy roles. Otherwise, default to iam.

* Pass MountPoint and MountType back up to the core

Previously the request router reset the MountPoint and MountType back to
the empty string before returning to the core. This ensures they get set
back to the correct values.
2017-04-24 15:15:50 -04:00
Matthew Gallagher 8c75c2611a Remove mention of Darwin mlock support from docs. (#2624) 2017-04-22 16:56:01 -04:00
Cameron Stokes 82e9b089be [docs] Fix typo in Transit API docs. 2017-04-20 15:18:55 -07:00
Chad Greenburg 960fdb6a8a Added documentation for listing roles in the Consul secret backend (#2619) 2017-04-20 07:44:25 -04:00
Eric Bock f3be8927db Fixing typo in Transit API rewrap section (#2617) 2017-04-19 09:29:33 -07:00
Brian Nuszkowski 74d78f247c Add api documentation for unauthenticated SSH CA public key retrieval (#2616) 2017-04-19 11:30:24 -04:00
Jeff Mitchell 4995c69763 Update sign-verbatim to correctly set generate_lease (#2593) 2017-04-18 15:54:31 -04:00
Mitch Davis a051ec1b59 Use service bind for searching LDAP groups (#2534)
Fixes #2387
2017-04-18 15:52:05 -04:00
Jeff Mitchell f4cd8c5200 Merge pull request #2607 from hashicorp/b-grammar
Fix sentence - remove "and"
2017-04-18 15:50:56 -04:00
Jeff Mitchell 563ad2175f Update index.html.md 2017-04-18 15:50:44 -04:00
Seth Vargo 490b98ee93
Update logos 2017-04-18 14:17:56 -04:00
Jon Benson 73950e8fb1 Fix sentence - remove "and" 2017-04-17 19:35:04 -07:00
Jeff Mitchell d5f5ecf0ab Remove allow_token_displayname from docs as we don't support that any longer 2017-04-17 17:25:44 -04:00
Jeff Mitchell f14fd329fd Add more info to STS TTL to website 2017-04-17 17:19:13 -04:00
Phil Watts c98de70310 Update revoke.html.md (#2604)
Changed param's description verb from renew to revoke, to match the page context.
2017-04-17 12:40:24 -04:00
Jeff Mitchell ce58bfa88f Update SSH docs to indicate deprecation of dynamic key type 2017-04-17 11:11:05 -04:00
James Phillips b6758b7ea9 Update 404.html.md (#2594) 2017-04-14 12:19:15 -04:00
Jeff Mitchell c2407eab5a Add some extra documentation around ssh-keygen -L to see signed cert
info.

Ping #2569
2017-04-13 15:23:27 -04:00
Chris Hoffman 3c7a69b119 minor docs update 2017-04-10 09:46:25 -04:00
Jeff Mitchell 9136952055 Update AES-GCM verification text 2017-04-07 14:35:29 -04:00
Shivaram Lingamneni 2117dfd717 implement a no_store option for pki roles (#2565) 2017-04-07 11:25:47 -07:00
Jeff Mitchell e0d00fdf7b Remove superfluous/misleading comments around some listener options 2017-04-07 14:23:56 -04:00
Jeff Mitchell f805618a2c Update SSH CA documentation
Fixes #2551
Fixes #2569
2017-04-07 11:59:25 -04:00
Seth Vargo 53e1bd02a1
Add press-kit 2017-04-06 18:43:55 -04:00
Seth Vargo 4ac4b92cbb
Import fonts 2017-04-06 18:42:09 -04:00
Seth Vargo 6883eebbd9
Add press kit, hashicorp logo 2017-04-06 18:28:26 -04:00
Jeff Mitchell d39ca0be68 Remove "these are denoted below" w.r.t. SIGHUP
SIGHUP support is denoted in the sections/options that support actions on SIGHUP, so with the new docs layout it's confusing to have the old statement in there. Remove in favor of the inline comments.

Fixes #2572
2017-04-06 16:08:58 -04:00
Sebastian Haba 3322f637ac add mssql physical backend (#2546) 2017-04-06 09:33:49 -04:00
Pavel Timofeev d2afabe4f6 Ldap auth doc fix (#2568)
* Move url parameter to the next line and fix a typo

* Add userdn paramater to the Scenario 1.
Without userdn set Vault can't search with error like

Code: 400. Errors:

* LDAP search failed for detecting user: LDAP Result Code 32 "No Such Object": 0000208D: NameErr: DSID-031001E5, problem 2001 (NO_OBJECT), data 0, best match of:
        ''
2017-04-05 08:29:38 -07:00
Cameron Stokes 76c74a3995 [docs] Add header to fix formatting. 2017-04-05 10:35:59 +10:00
Cameron Stokes 1884845525 [docs] Adding missing guide from index page.
Also, make guide titles consistent with sidebar.
2017-04-05 10:22:20 +10:00
Jeff Mitchell 04bbc50ccb Add back lost Postgres creation sql for storage backend 2017-04-04 12:30:07 -04:00
Emre Erkunt de3d2438b7 Fixed an example on aws backend documentation about an iam profile. (#2522) 2017-04-04 09:03:27 -07:00
Jonathan Sokolowski a4ceaf0035 Etcd DNS discovery (#2521)
* etcd: Add discovery_srv option
2017-04-04 08:50:44 -07:00
Jeff Mitchell 9ec414016d Update SSH docs to note that host key verification is not performed. 2017-04-03 10:43:41 -04:00
Francis Chuang 917158a510 Fix typo (#2558) 2017-04-03 05:46:40 -07:00
Paul Cichonski 75e531e8aa fix typo in pki api doc 2017-04-02 17:02:11 -04:00
Adam Shannon a6156d8e79 Quote dynamodb's ha_enabled property (#2547)
With `ha_enabled = true` vault crashes with the following error: 

```
error parsing 'storage': storage.dynamodb: At 17:16: root.ha_enabled: unknown type for string *ast.LiteralType
```

This seems related to https://github.com/hashicorp/vault/issues/1559
2017-03-30 14:09:47 -07:00
Seth Vargo b5ab4745fc
Update helpers 2017-03-29 21:39:48 -04:00
Seth Vargo 8bcb3bda9c
Remove commented colors 2017-03-29 19:08:09 -04:00
Seth Vargo c600a426d8
Add new colored header styles 2017-03-29 19:04:39 -04:00
vishalnayak 1cfd0e94b3 docs: aws-ec2: link sts configuration from cross account access 2017-03-28 14:34:21 -07:00
Seth Vargo 383a4cacaa
Re-add FOUT 2017-03-26 17:07:29 -04:00
Seth Vargo 4fb3f7f32a
Remove dependency on bootstrap
This greatly reduces our javascript footprint
2017-03-26 16:58:16 -04:00
Seth Vargo dd44ad7b85
Remove pry 2017-03-26 16:08:16 -04:00
Seth Vargo 5b0acbfeba
Cleanup CSS 2017-03-26 16:04:21 -04:00
Dan Everton 4ef8ce1198 Add permitPool support to S3 (#2466) 2017-03-26 14:32:26 -04:00
Paul Nicholson 85acdb7f5e fix typo in ssh api documentation (#2529) 2017-03-23 23:48:26 -07:00
Matthew Irish 9f6dea5ffd remove sidebar include in sass (#2516) 2017-03-21 13:08:27 -05:00
Matthew Irish f6fba9bb3c replication is an enterprise-only feature (#2514) 2017-03-21 13:30:27 -04:00
Jeff Mitchell 04d8f3a34d Fix AWS-EC2 sts/certificate typo
Fixes #2512
2017-03-21 13:29:40 -04:00
Jack Pearkes efa2a280aa website: update docs to clearly link to enterprise version 2017-03-21 08:41:39 -07:00
Jonathan Thomas c41ee12c38 website: latest news section (#2506)
* website: add latest news section which includes vault webinar details

* small padding tweak
2017-03-20 18:23:46 -04:00
Seth Vargo 0f1b9499c0
Nevermind... meganav uses it 2017-03-20 01:51:57 -04:00
Seth Vargo 2357039044
Fix typo 2017-03-20 01:50:45 -04:00
Seth Vargo f30f6f489f
Do not require bootstrap 2017-03-20 01:50:40 -04:00
Seth Vargo d3da5b231b
Link to index.html pages 2017-03-20 01:37:22 -04:00
Seth Vargo 3a4e14cfe6
Remove quotes from meta descriptions
SEO stops at that quote, so many of our pages have a description of
"the".
2017-03-20 01:35:21 -04:00
Seth Vargo 166e0b4ef4
Use inline svgs 2017-03-20 01:27:23 -04:00
Seth Vargo f2355301c3
Upgrade to latest middleman-hashicorp 2017-03-20 01:27:23 -04:00
Seth Vargo cb1a2cb361
Migrate to middleman-hashicorp sidebar 2017-03-20 01:27:23 -04:00
Seth Vargo 45a5982a6f
Remove unused javascript
It looks like these came over from Nomad(?), but we do not use them
anywhere. This saves about 4kb on the compressed javascript, so it's a
big savings. Also, it causes namespace conflicts.
2017-03-20 01:27:23 -04:00
Vishal Nayak b9b68ca5e8 docs: Elaborate the steps for SSH CA backend with 'sshd_config' changes (#2507) 2017-03-19 18:52:15 -04:00
Seth Vargo 985b283b08
Ensure description 2017-03-17 23:14:36 -04:00
Matthew Irish b5e49af2d8 website: turbolinks + ember = ❤ (#2504)
* move application.js to head

* move ember app to separate file and exclude from turbolinks
2017-03-17 16:05:59 -05:00
Brian Kassouf 5437cf2e51 Add note about prefix/suffix globbing on policy parameters 2017-03-17 13:53:41 -07:00
Seth Vargo 6d83640c85
Add API to sidebar 2017-03-17 15:44:09 -04:00
Seth Vargo 21ecbda1f4
Update titles 2017-03-17 14:37:01 -04:00
Seth Vargo 6931bbd091
Links 2017-03-17 14:27:32 -04:00
Seth Vargo 66321cdb76
Space out downloads links a bit 2017-03-17 14:07:39 -04:00
Seth Vargo d4390d103e
/docs/http -> /api 2017-03-17 14:06:03 -04:00
Jeff Mitchell d2e9e0b873 Merge branch 'master-oss' into pr-2495 2017-03-17 13:40:58 -04:00
Jeff Mitchell a38b55385a Update replication guide and add to sidebar 2017-03-17 12:38:19 -04:00
Jeff Mitchell 6109dcf7d7 Fix broken GCS account link 2017-03-17 12:12:28 -04:00
Jeff Mitchell 9bfcc0be94 Fix misspelling of website link 2017-03-17 12:07:37 -04:00
Seth Vargo 05e8b1861f
Formatting 2017-03-16 12:06:15 -07:00
Seth Vargo 0f845ef67d
Use relative links 2017-03-16 12:04:36 -07:00
Seth Vargo bfa7fe9a3e
Fix sentence 2017-03-16 12:04:14 -07:00
Seth Vargo 5c1f017274
Reformat replication API 2017-03-16 11:57:06 -07:00
Seth Vargo 037700b86e
Update PKI backend API docs 2017-03-16 11:26:09 -07:00
Seth Vargo b340d9ff8c
Fix formatting in SSH 2017-03-16 11:25:59 -07:00
Seth Vargo faef58b355
Fix Cassandra text 2017-03-16 11:25:37 -07:00
Seth Vargo 9934b66fe0
Add new SSH field 2017-03-16 09:48:45 -07:00
Seth Vargo e86465c13b
Add SSH 2017-03-16 09:47:08 -07:00
Seth Vargo e473ee99a8
Fix TODOs 2017-03-16 09:47:08 -07:00
Seth Vargo b078963ab2
Hide auth backends for now
The migration is getting too large, so we'll tackle this move in another
PR
2017-03-16 09:47:08 -07:00
Seth Vargo 3fd0bd36cc
Break out API documentation for secret backends 2017-03-16 09:47:06 -07:00
Seth Vargo 19b2b049c3
Redo docs for system backend
This commit updates the API documentation for the system backend to
break things apart on a per-page basis and provide specific examples.
This pattern will give more flexibility for future documentation as
well.
2017-03-16 09:46:49 -07:00
Seth Vargo a80e0695be
Update middleman version 2017-03-16 09:46:48 -07:00
Seth Vargo db4f689009
Do not have a large margin 2017-03-16 09:46:48 -07:00
Seth Vargo cd4bcc9c00
Allow nested code in li to receive new highlighting 2017-03-16 09:46:48 -07:00
Seth Vargo 849f57e73a
Update layouts and assets for consistency 2017-03-16 09:46:47 -07:00
Jeff Mitchell dce031bec2 Bump for 0.7 release 2017-03-16 11:41:50 -04:00
Mike Okner 95df7beed9 Adding allow_user_key_ids field to SSH role config (#2494)
Adding a boolean field that determines whether users will be allowed to
set the ID of the signed SSH key or whether it will always be the token
display name.  Preventing users from changing the ID and always using
the token name is useful for auditing who actually used a key to access
a remote host since sshd logs key IDs.
2017-03-16 08:45:11 -04:00
Jeff Mitchell 2b98f004ac Fix layout for replication 2017-03-16 06:50:33 -04:00
Jeff Mitchell 12e5132779 Allow roles to specify whether CSR SANs should be used instead of (#2489)
request values. Fix up some documentation.

Fixes #2451
Fixes #2488
2017-03-15 14:38:18 -04:00
Andy Manoske 8aa7f120b0 Vault_Enterprise_WWW (#2327) 2017-03-15 14:31:14 -04:00
Jeff Mitchell 584aedad04 Add upgrade to 0.7 page 2017-03-15 12:34:11 -04:00
Stanislav Grozev 4bc3abd152 Remove superfluous argument from SSH CA docs 2017-03-14 10:21:48 -04:00
Stanislav Grozev 7d59d7d3ac Reads on ssh/config/ca return the public keys
If configured/generated.
2017-03-14 10:21:48 -04:00
Stanislav Grozev 830de2dbbd If generating an SSH CA signing key - return the public part
So that the user can actually use the SSH CA, by adding the public key
to their respective sshd_config/authorized_keys, etc.
2017-03-14 10:21:48 -04:00
Jeff Mitchell ab56fdbebf Clarify cluster_addr and cluster_address 2017-03-14 10:17:58 -04:00
Jeff Mitchell 4fa4034d50 Minor doc updates 2017-03-14 10:11:47 -04:00
Vishal Nayak 285bdf0a6f docs: clarify 'storage' and 'ha_storage' requirements (#2471) 2017-03-11 09:43:14 -05:00
Vishal Nayak 220beb2cde doc: ssh allowed_users update (#2462)
* doc: ssh allowed_users update

* added some more context in default_user field
2017-03-09 10:34:55 -05:00
vishalnayak 431070f828 doc: ssh markdown alignments 2017-03-08 21:58:12 -05:00
Jason Costello 012c8f6c2f remove offset from footer 2017-03-08 17:36:59 -08:00