luxolus/open-vault
2
0
Fork 0
Code Issues 1 Pull requests Releases Activity
4589 commits 1 branch 0 tags 214 MiB
Commit graph

973 commits

Author SHA1 Message Date
Jeff Mitchell c349e697f5 Change uninit/sealed status codes from health endpoint 2016-08-18 12:10:23 -04:00
Martin Forssen a617ff0f93 Mention ttl parameter in the documentation of /auth/aws-ec2/role/<role> 
This parameter was not documented
 2016-08-18 13:16:58 +02:00
Brian Shumate a941dbdd76 Add a bit of clarification 2016-08-17 16:07:30 -04:00
Jeff Mitchell 734e80ca56 Add permit pool to dynamodb 2016-08-15 19:45:06 -04:00
Matt Hurne 56252fb637 AppRole documentation tweaks (#1735) 
* Fix spelling error in AppRole docs

* Add force flag to sample command to generate a secret ID in AppRole docs

* Update sample output for AppRole login in docs
 2016-08-15 16:12:08 -04:00
Jeff Mitchell 37320f8798 Request forwarding (#1721) 
Add request forwarding.
 2016-08-15 09:42:42 -04:00
Jeff Mitchell 7497b37280 Completely revamp token documentation 2016-08-13 17:05:31 -04:00
Jeff Mitchell d2124486ef Merge pull request #1702 from hashicorp/renew-post-body 
Add ability to specify renew lease ID in POST body.
 2016-08-08 20:01:25 -04:00
Jeff Mitchell ab71b981ad Add ability to specify renew lease ID in POST body. 2016-08-08 18:00:44 -04:00
Jeff Mitchell 4f0310ed96 Don't allow root from authentication backends either. 
We've disabled this in the token store, but it makes no sense to have
that disabled but have it enabled elsewhere. It's the same issue across
all, so simply remove the ability altogether.
 2016-08-08 17:32:37 -04:00
Jeff Mitchell be39df9887 Update upgrade docs 2016-08-08 16:44:13 -04:00
Vishal Nayak 77cac79725 Merge pull request #1700 from hashicorp/sethvargo/link 
Update links to serf
 2016-08-08 13:16:05 -04:00
Seth Vargo 80f5b8281a
Update links to serf 2016-08-08 12:47:14 -04:00
Jeff Mitchell 0a67bcb5bd Merge pull request #1696 from hashicorp/transit-convergent-specify-nonce 
Require nonce specification for more flexibility
 2016-08-08 11:41:10 -04:00
Jeff Mitchell d60caa2a79 Remove old terraform page 2016-08-08 08:26:05 -04:00
Jeff Mitchell 606ba64e23 Remove context-as-nonce, add docs, and properly support datakey 2016-08-07 15:53:40 -04:00
Jeff Mitchell 21e39bfea6 Remove erroneous information about some endpoints being root-protected 2016-08-04 16:08:54 -04:00
Cameron Stokes 0b60375952 ~secret/aws: env variable and IAM role usage 2016-08-04 13:02:07 -07:00
Jeff Mitchell 1b0c9afc43 Update DB docs with new SQL specification options 2016-08-03 15:45:56 -04:00
vishalnayak 4f45910dfc disallowed_policies doc update 2016-08-02 16:33:22 -04:00
Jeff Mitchell b4386032db Fix up some wording 2016-08-02 16:25:00 -04:00
vishalnayak 75c51378ce Updated token auth docs with disallowed_policies 2016-08-02 15:33:03 -04:00
Jeff Mitchell 9902891c81 Alphabetize token store docs 2016-08-01 13:37:12 -04:00
Jeff Mitchell 357f2d972f Add some extra safety checking in accessor listing and update website 
docs.
 2016-08-01 13:12:06 -04:00
Chris Hoffman c1c35880da Missing prefix on roles list 2016-07-29 11:31:26 -04:00
Jan Dudulski 1e46b1cef0 Update revoke-prefix path in doc 
Minor update to make doc up to date with v0.6
 2016-07-29 12:17:24 +02:00
Chris Hoffman 2930f2ca39 Preferred method is AppRole since AppId is now deprecated 2016-07-28 14:32:20 -04:00
Vishal Nayak 358b13d2b4 Merge pull request #1660 from TerryHowe/ansible-module-hashivault 
Add note about Ansible module in docs
 2016-07-27 13:56:41 -04:00
Adam Greene da8ff50143 documentation cleanup 2016-07-27 10:43:59 -07:00
Terry Howe da49a7993e Add note about Ansible module in docs 2016-07-27 10:34:13 -06:00
vishalnayak cc8a3a0141 Revert version in website 2016-07-27 10:56:11 -04:00
vishalnayak 019f79bbd2 Update version in website 2016-07-27 10:54:36 -04:00
Laura Bennett 4d9c909ae4 Merge pull request #1650 from hashicorp/request-uuid 
Added unique identifier to each request. Closes hashicorp/vault#1617
 2016-07-27 09:40:48 -04:00
Vishal Nayak c7bcaa5bb6 Merge pull request #1655 from hashicorp/cluster-id 
Vault cluster name and ID
 2016-07-26 14:12:48 -04:00
vishalnayak 669bbdfa48 Address review feedback from @jefferai 2016-07-26 14:05:27 -04:00
Jeff Mitchell 6e63af6ad0 Add deprecation notices for App ID 2016-07-26 10:08:46 -04:00
Jeff Mitchell cdb0f78960 Add app-id deprecation to upgrade notes 2016-07-26 10:04:08 -04:00
vishalnayak a6907769b0 AppRole authentication backend 2016-07-26 09:32:41 -04:00
Jeff Mitchell 3002799c26 Add upgrade notes for LDAP 2016-07-25 09:07:52 -04:00
Laura Bennett 483e796177 website update for request uuuid 2016-07-24 21:23:12 -04:00
Oren Shomron cd6d114e42 LDAP Auth Backend Overhaul 
--------------------------

Added new configuration option to ldap auth backend - groupfilter.
GroupFilter accepts a Go template which will be used in conjunction with
GroupDN for finding the groups a user is a member of. The template will
be provided with context consisting of UserDN and Username.

Simplified group membership lookup significantly to support multiple use-cases:
  * Enumerating groups via memberOf attribute on user object
  * Previous default behavior of querying groups based on member/memberUid/uniqueMember attributes
  * Custom queries to support nested groups in AD via LDAP_MATCHING_RULE_IN_CHAIN matchind rule

There is now a new configuration option - groupattr - which specifies
how to resolve group membership from the objects returned by the primary groupfilter query.

Additional changes:
  * Clarify documentation for LDAP auth backend.
  * Reworked how default values are set, added tests
  * Removed Dial from LDAP config read. Network should not affect configuration.
 2016-07-22 21:20:05 -04:00
Vishal Nayak 38d8ff33d5 Merge pull request #1647 from hashicorp/version-in-api 
Add version information to health status
 2016-07-22 18:34:33 -04:00
vishalnayak a92da37351 Updated sys/health docs 2016-07-22 18:33:29 -04:00
matt maier 6519c224ac Circonus integration for telemetry metrics 2016-07-22 15:49:23 -04:00
vishalnayak 765d131b47 Added service-tags config option to provide additional tags to registered service 2016-07-22 04:41:48 -04:00
Jeff Mitchell 3e7449164c Update website text 2016-07-21 14:54:24 -04:00
Jeff Mitchell 6d41045b3b Update website description 2016-07-21 14:32:23 -04:00
Laura Bennett 559b0a5006 Merge pull request #1635 from hashicorp/mysql-idle-conns 
Added maximum idle connections to mysql to close hashicorp/vault#1616
 2016-07-20 15:31:37 -04:00
Laura Bennett 422dcc8f25 minor formatting edits 2016-07-20 14:42:52 -04:00
Jeff Mitchell f2b6569b0b Merge pull request #1604 from memory/mysql-displayname-2 
concat role name and token displayname to form mysql username
 2016-07-20 14:02:17 -04:00
Nathan J. Mehl ea294f1d27 use both role name and token display name to form mysql username 2016-07-20 10:17:00 -07:00
Laura Bennett dba466f50e update documentation for idle connections 2016-07-20 12:50:07 -04:00
Nathan J. Mehl 0483457ad2 respond to feedback from @vishalnayak 
- split out usernameLength and displaynameLength truncation values,
  as they are different things

- fetch username and displayname lengths from the role, not from
  the request parameters

- add appropriate defaults for username and displayname lengths
 2016-07-20 06:36:51 -07:00
Jeff Mitchell 49194847da Add mongodb to sidebar 2016-07-19 14:00:47 -04:00
Matt Hurne 11a3cb67d0 mongodb secret backend documentation: Remove verify_connection from example response to GET /mongodb/config/connection; add documentation for GET /mongodb/config/lease 2016-07-19 12:46:54 -04:00
Matt Hurne 75a5fbd8fe Merge branch 'master' into mongodb-secret-backend 2016-07-19 10:38:45 -04:00
Jeff Mitchell 04f0471a9f Update documentation around dynamodb changes 2016-07-18 14:10:55 -04:00
Jeff Mitchell c47fc73bd1 Use parsebool 2016-07-18 13:49:05 -04:00
Jeff Mitchell a3ce0dcb0c Turn off DynamoDB HA by default. 
The semantics are wonky and have caused issues from people not reading
docs. It can be enabled but by default is off.
 2016-07-18 13:19:58 -04:00
Jeff Mitchell 4c5ae34ebf Merge pull request #1613 from skippy/update-aws-ec2-docs 
[Docs] aws-ec2 -- note IAM action requirement
 2016-07-18 10:40:38 -04:00
Jeff Mitchell 73923db995 Merge pull request #1589 from skippy/patch-2 
[Docs] aws-ec2 -- clarify aws public cert is already preloaded
 2016-07-18 10:02:35 -04:00
Adam Greene 8f6b97f4e4 [Docs] aws-ec2 -- note IAM action requirement 2016-07-13 15:52:47 -07:00
Adam Greene d6f5c5f491 english tweaks 2016-07-13 15:11:01 -07:00
vishalnayak 407722a9b4 Added tls_min_version to consul storage backend 2016-07-12 20:10:54 -04:00
Nathan J. Mehl 314a5ecec0 allow overriding the default truncation length for mysql usernames 
see https://github.com/hashicorp/vault/issues/1605
 2016-07-12 17:05:43 -07:00
Jeff Mitchell a6682405a3 Migrate number of retries down by one to have it be max retries, not tries 2016-07-11 21:57:14 +00:00
Jeff Mitchell 57cdb58374 Switch to pester from go-retryablehttp to avoid swallowing 500 error messages 2016-07-11 21:37:46 +00:00
Matt Hurne 8232de5095 Merge branch 'master' into mongodb-secret-backend 2016-07-09 21:14:21 -04:00
Jeff Mitchell 4aa557ffa6 Add documentation of retry env vars 2016-07-08 10:41:11 -04:00
Matt Hurne 253d4e86fc Merge branch 'master' into mongodb-secret-backend 2016-07-08 08:32:03 -04:00
Jeff Mitchell cf42b28487 Some policy concept page clarifications 2016-07-08 05:05:46 +00:00
Matt Hurne 8d5a7992c1 mongodb secret backend: Improve and correct errors in documentation; improve "parameter is required" error response messages 2016-07-07 23:09:45 -04:00
Matt Hurne a5f5b26e4b Update mongodb secret backend documentation to indicate that ttl and max_ttl lease config parameters are optional rather than required 2016-07-07 22:34:00 -04:00
Matt Hurne b1dd5bf449 mongodb secret backend documentation: Use single quotes around roles JSON to avoid needing to escape double quotes within the JSON 2016-07-07 22:31:35 -04:00
Matt Hurne da0bd77dc4 Merge branch 'master' into mongodb-secret-backend 2016-07-07 21:24:40 -04:00
Eric Herot cbc76c357e Pretty sure the method to delete a token role is not GET 2016-07-07 13:54:20 -04:00
Jeff Mitchell 4a597c3a7a Fix upgrade to 0.6 docs 2016-07-06 19:00:23 -04:00
Jeff Mitchell a6d3210163 Merge pull request #1590 from skippy/patch-3 
Update aws-ec2.html.md -- clarify pkcs7 cert cleanup before use
 2016-07-06 21:31:12 +02:00
Brian Shumate 07dd449e9e Minor grammar edit 2016-07-06 10:02:52 -04:00
Jeff Mitchell 2c0e677fe5 Fix website upgrade menu for 0.6.0 2016-07-06 09:28:21 -04:00
Stig Lindqvist 71b481ba40 Correcting grammar 2016-07-06 17:57:22 +12:00
Adam Greene 2405b7f078 Update aws-ec2.html.md 
per #1582, updating the docs to include notes about pkcs#7 handling, specifically that aws returns the pkcs#7 cert with newlines and that they need to be stripped before sending them to the login endpoint
 2016-07-05 13:21:56 -07:00
Adam Greene 5ef359ff6c Update aws-ec2.html.md 
clarify, and make more explicit, the language around the default AWS public certificate
 2016-07-05 13:14:29 -07:00
Matt Hurne cf17deb33b mongodb secret backend: Update documentation 2016-07-05 09:50:23 -04:00
Matt Hurne 292c2fad69 Merge branch 'master' into mongodb-secret-backend 2016-07-01 20:39:13 -04:00
Mark Paluch ab63c938c4 Address review feedback. 
Switch ConnectTimeout to framework.TypeDurationSecond  with a default of 5. Remove own parsing code.
 2016-07-01 22:26:08 +02:00
Mark Paluch 3859f7938a Support connect_timeout for Cassandra and align timeout. 
The cassandra backend now supports a configurable connect timeout. The timeout is configured using the connect_timeout parameter in the session configuration.  Also align the timeout to 5 seconds which is the default for the Python and Java drivers.

Fixes #1538
 2016-07-01 21:22:37 +02:00
Matt Hurne 561e67ade8 Merge branch 'master' into mongodb-secret-backend 2016-06-30 20:23:16 -04:00
Tim Schindler 24c6a605ea added documentation about ETCD_ADDR env var to etcd backend documentation 2016-06-30 18:46:40 +00:00
Matt Hurne 350b69670c Rename mongodb secret backend's 'ttl_max' lease configuration field to 'max_ttl' 2016-06-30 09:57:43 -04:00
Matt Hurne 5e8c912048 Add mongodb secret backend 2016-06-29 08:33:06 -04:00
Jeff Mitchell 07f53eebc2 Update PKI docs with key_usge info 2016-06-23 11:07:17 -04:00
Cameron Stokes 92f49578e1 Minor typo - that->than. 2016-06-22 11:28:31 -07:00
Jason Antman d8242d04d2 clarify some aspects of GPG key usage 2016-06-22 10:26:06 -04:00
Brian Shumate e34146d9d8 Update deploy.html.md 
Corrected link to Using PGP, GPG, and Keybase
 2016-06-21 12:14:58 -04:00
Vishal Nayak 78d4d5c8c3 Merge pull request #1523 from hashicorp/bind-account-id-aws-ec2 
Added bound_account_id to aws-ec2 auth backend
 2016-06-21 10:03:20 -04:00
Vishal Nayak d4d47ce5e3 Merge pull request #1531 from hashicorp/auth-mount-tune-params 
Auth tune endpoints and config settings output from CLI
 2016-06-20 20:24:47 -04:00
vishalnayak 8b490e44a1 Added list functionality to logical aws backend's roles 2016-06-20 19:51:04 -04:00
Jeff Mitchell 2e7704ea7e Add convergent encryption option to transit. 
Fixes #1537
 2016-06-20 13:17:48 -04:00
Mark Paluch ea4c58f17b Fix RabbitMQ documentation 
Change parameter `uri` to `connection_uri` in code example.
 2016-06-19 17:45:30 +02:00