Commit graph

11757 commits

Author SHA1 Message Date
Chelsea Shaw 937b0550ab
[UI] clear policies in cli (#8291)
* fix: entity policies cleared from empty string in UI console

* add test for new use case of empty value
2020-02-06 12:37:38 -06:00
ncabatoff d2cc5dee0c
changelog++ 2020-02-06 13:31:36 -05:00
ncabatoff a0ac4bdd2a
Audit generate root requests and responses. (#8301) 2020-02-06 11:56:37 -05:00
Brian Choy 85877e52a4
Fix typo in vault agent injector example docs (#8302)
Fix mispelling of `annotation`.
2020-02-05 15:57:09 -08:00
Clint ed56a5974f
Update CHANGELOG.md 2020-02-05 17:02:12 -06:00
Becca Petrin 1459544630
update from github.com/hashicorp/gokrb5 to github.com/jcmturner/gokrb5/v8 (#8296) 2020-02-05 14:23:22 -08:00
ncabatoff cfcb9d2218
Update seal migration docs re limitations and different scenarios (#8298) 2020-02-05 15:30:04 -05:00
Clint 7cf8289470
Update CHANGELOG.md 2020-02-05 14:12:22 -06:00
Clint 58381ca0e7
MySQL HA: Return an error if we fail to get a lock on standby (#8229)
* return an error if we fail to get a lock on standby

* Add regression test

* minor refactoring to remove a race condition in the test
2020-02-05 14:08:48 -06:00
Clint da5a193769
Update CHANGELOG.md 2020-02-05 13:53:34 -06:00
Clint 074f897ae4
secret/database: Guard against panic with InfluxDB plugin (#8282)
* database/influx: fix panic when trying to revoke user

Guard against other nil responses

* return an error if response is nil, which is unlikely but best safe than sorry

* refactor a deeply nested statement into a function
2020-02-05 13:49:02 -06:00
ncabatoff 2c8b012d14
Changes needed so that benchmark-vault can run with Prometheus monitoring (#8295) 2020-02-05 13:45:16 -05:00
Jim Kalafut 053a06bcfa
Add links to changelog Github references (#8293)
Co-authored-by: Daniel Spangenberg <daniel@spangenberg.io>
2020-02-05 08:28:19 -08:00
Daniel Spangenberg 058ee30a62
changelog++ 2020-02-05 10:56:18 +01:00
Dan Lafeir fe80e136da
Add a specific reference to AWS IAM Unique Identifiers (#8209)
* Add specification about AWS IAM Unique Identifiers

We experienced an issue where IAM roles resources were re-provisioned with the same ARNs and no change had been made to our vault role configuration but users lost access with `-method=aws`. It wasn't immediately clear to us how IAM Unique Identifiers where being used to avoid the same situations outlined in the AWS documentation. We eventually concluded that re-provisioning the roles in our auth/aws/auth would fetch the new IAM Unique Identifiers. 

I hope that this small amendment helps people avoid this problem in the future.
2020-02-04 15:31:48 -08:00
Jamie Finnigan fa2544cf5e
fix <name> entity encoding for Secrets Engines Metrics section (#8290) 2020-02-04 15:06:10 -08:00
Daniel Spangenberg 415303cc02
Allow FQDNs in DNS Name for PKI Secrets Engine (#8288)
Fixes #4837
2020-02-04 23:46:38 +01:00
Becca Petrin 0ae91882d6
changelog++ 2020-02-04 13:08:10 -08:00
Michael Golowka ad27f2f29e
Update changelog with database plugin bugfixes
Fixes from GH-8240:
- fix inconsistent parameter names
- fix mysql so default static credential rotation statements are used
2020-02-03 13:59:23 -07:00
Michael Golowka 70bcd2cc05
plugins/database: Allow both {{name}} and {{username}} in MySQL & Postgres (#8240)
* Allow {{name}} or {{username}} in psql templates

* Fix default rotation bug; allow {{user}} and {{username}}
2020-02-03 13:57:28 -07:00
glerb 4f25ed2b08
Improve clarity of IAM flow explanation (#8275) 2020-02-03 10:14:09 -08:00
ncabatoff fd38bc5b76
changelog++ 2020-02-03 12:52:28 -05:00
ncabatoff 03b14d8a64
Upgrade okta sdk lib (#8143)
Upgrade to new official Okta sdk lib.  Since it requires an API token, use old unofficial okta lib for no-apitoken case. 

Update test to use newer field names.  Remove obsolete test invalidated by #4798.  Properly handle case where an error was expected and didn't occur.
2020-02-03 12:51:10 -05:00
Calvin Leung Huang 1561c69b1f
ci: add context to website-docker-image job (#8272)
* ci: add context to website-docker-image job

* ci: test context value

* ci: revert test context value
2020-02-03 09:04:33 -08:00
ncabatoff 6ce2066f2d
changelog++ 2020-02-03 12:01:11 -05:00
ncabatoff 29bad6ae9c
changelog++ 2020-02-03 11:56:07 -05:00
ncabatoff 23c13f24f0
Ensure that http_raw_body is always passed to the audit redaction system as a string
Before this it was passed as a []byte, which doesn't get HMAC'd.  The original non-HMACing behaviour can be obtained by adding "http_raw_body" to audit_non_hmac_response_keys. (#8130)
2020-02-03 11:53:02 -05:00
Sebastien Williams-Wynn 9f99ff4912
Fix minor typo in doc string (#8277) 2020-02-02 20:12:59 +01:00
Becca Petrin 4ec92e2e9f
Update gen_openapi.sh (#8273)
* enable more auth backends in openapi gen

* cf and pcf are the same, with cf being preferred
2020-01-31 16:05:39 -08:00
Jeff Escalante 9dd1a863c0
update dependencies (#8271) 2020-01-31 14:27:39 -05:00
Jason O'Donnell 8f2347f93a
docs: update vault k8s to 0.2.0 (#8269)
* doc: update vault-k8s to 0.2.0

* Add debugging note
2020-01-31 11:22:39 -05:00
ncabatoff 30d262f149
Fix flaky test of api renewer by moving away from legacy api. (#8265) 2020-01-30 15:12:21 -05:00
Vitaly Velikodny 230c53d18b
Clean AlibabaCloud physical backend code (#8186) 2020-01-30 12:08:24 -08:00
Jim Kalafut 47818c4a84
Update GH issue template to point to forum (#8226) 2020-01-30 11:39:46 -08:00
Daniel Spangenberg 1c1d93a21c
Fix default max_open_connections for db plugins (#8262) 2020-01-30 17:33:04 +01:00
Sarai 74a6d02a89
Fix broken link (#8259)
- https://www.vaultproject.io/api/secret/pki/index.html#create-update-role
- https://www.vaultproject.io/api/secret/pki/index.html#createupdate-role
2020-01-30 08:12:24 -08:00
ncabatoff 523ff80287
Removing timing-dependent aspects of test. (#8261) 2020-01-30 11:02:48 -05:00
Clint 7528056038
Changelog++ 2020-01-30 09:11:54 -06:00
Alex Antonov 3457d383ba
Added flag to disable X-Vault-Token header proxy if client passes the token (#8101)
* Added flag to disable X-Vault-Token header proxy if client passes the token

* Reveresed the flag value to better match the name intent

* Introduced UseAutoAuthTokenRaw for Cache to support triplicate value of true/false/force

Co-authored-by: Clint <catsby@users.noreply.github.com>
2020-01-30 09:08:42 -06:00
Michel Vocks 108d9af867
changelog++ 2020-01-30 11:13:32 +01:00
Becca Petrin 2ebe299b40 changelog++ 2020-01-29 10:59:19 -08:00
Calvin Leung Huang d8dfd81e47
test: fix TestAgent_Template_Basic (#8257)
* test: fix TestAgent_Template_Basic

* test: fix TestAgent_Template_ExitCounter
2020-01-29 09:31:29 -08:00
Raoof Mohammed 0b7afcc728
docs: fix api path for merge entity identity doc (#8258) 2020-01-29 08:56:36 -08:00
Michel Vocks 2bde6a3a5a
Bump etcd client API dep (#8037) 2020-01-29 15:16:38 +01:00
Michel Vocks f695eb737b
Add Consul TLS options to access API endpoint (#8253) 2020-01-29 09:44:35 +01:00
Michel Vocks 96a6857f0c
Docs: Add nomad TLS options (#8254) 2020-01-29 09:38:54 +01:00
Noelle Daley bfb6986b40
Update CHANGELOG.md 2020-01-28 11:23:07 -06:00
Noelle Daley 906a34b466
show kmip details in wizard (#8255) 2020-01-28 11:21:04 -06:00
Michel Vocks 0bbed3b416
changelog++ 2020-01-28 11:06:27 +01:00
Michel Vocks 5ab64e11d7
Fix Vault Agent Template TLS config parameters (#8243) 2020-01-28 10:59:31 +01:00