Chelsea Shaw
937b0550ab
[UI] clear policies in cli ( #8291 )
...
* fix: entity policies cleared from empty string in UI console
* add test for new use case of empty value
2020-02-06 12:37:38 -06:00
ncabatoff
d2cc5dee0c
changelog++
2020-02-06 13:31:36 -05:00
ncabatoff
a0ac4bdd2a
Audit generate root requests and responses. ( #8301 )
2020-02-06 11:56:37 -05:00
Brian Choy
85877e52a4
Fix typo in vault agent injector example docs ( #8302 )
...
Fix mispelling of `annotation`.
2020-02-05 15:57:09 -08:00
Clint
ed56a5974f
Update CHANGELOG.md
2020-02-05 17:02:12 -06:00
Becca Petrin
1459544630
update from github.com/hashicorp/gokrb5 to github.com/jcmturner/gokrb5/v8 ( #8296 )
2020-02-05 14:23:22 -08:00
ncabatoff
cfcb9d2218
Update seal migration docs re limitations and different scenarios ( #8298 )
2020-02-05 15:30:04 -05:00
Clint
7cf8289470
Update CHANGELOG.md
2020-02-05 14:12:22 -06:00
Clint
58381ca0e7
MySQL HA: Return an error if we fail to get a lock on standby ( #8229 )
...
* return an error if we fail to get a lock on standby
* Add regression test
* minor refactoring to remove a race condition in the test
2020-02-05 14:08:48 -06:00
Clint
da5a193769
Update CHANGELOG.md
2020-02-05 13:53:34 -06:00
Clint
074f897ae4
secret/database: Guard against panic with InfluxDB plugin ( #8282 )
...
* database/influx: fix panic when trying to revoke user
Guard against other nil responses
* return an error if response is nil, which is unlikely but best safe than sorry
* refactor a deeply nested statement into a function
2020-02-05 13:49:02 -06:00
ncabatoff
2c8b012d14
Changes needed so that benchmark-vault can run with Prometheus monitoring ( #8295 )
2020-02-05 13:45:16 -05:00
Jim Kalafut
053a06bcfa
Add links to changelog Github references ( #8293 )
...
Co-authored-by: Daniel Spangenberg <daniel@spangenberg.io>
2020-02-05 08:28:19 -08:00
Daniel Spangenberg
058ee30a62
changelog++
2020-02-05 10:56:18 +01:00
Dan Lafeir
fe80e136da
Add a specific reference to AWS IAM Unique Identifiers ( #8209 )
...
* Add specification about AWS IAM Unique Identifiers
We experienced an issue where IAM roles resources were re-provisioned with the same ARNs and no change had been made to our vault role configuration but users lost access with `-method=aws`. It wasn't immediately clear to us how IAM Unique Identifiers where being used to avoid the same situations outlined in the AWS documentation. We eventually concluded that re-provisioning the roles in our auth/aws/auth would fetch the new IAM Unique Identifiers.
I hope that this small amendment helps people avoid this problem in the future.
2020-02-04 15:31:48 -08:00
Jamie Finnigan
fa2544cf5e
fix <name> entity encoding for Secrets Engines Metrics section ( #8290 )
2020-02-04 15:06:10 -08:00
Daniel Spangenberg
415303cc02
Allow FQDNs in DNS Name for PKI Secrets Engine ( #8288 )
...
Fixes #4837
2020-02-04 23:46:38 +01:00
Becca Petrin
0ae91882d6
changelog++
2020-02-04 13:08:10 -08:00
Michael Golowka
ad27f2f29e
Update changelog with database plugin bugfixes
...
Fixes from GH-8240:
- fix inconsistent parameter names
- fix mysql so default static credential rotation statements are used
2020-02-03 13:59:23 -07:00
Michael Golowka
70bcd2cc05
plugins/database: Allow both {{name}} and {{username}} in MySQL & Postgres ( #8240 )
...
* Allow {{name}} or {{username}} in psql templates
* Fix default rotation bug; allow {{user}} and {{username}}
2020-02-03 13:57:28 -07:00
glerb
4f25ed2b08
Improve clarity of IAM flow explanation ( #8275 )
2020-02-03 10:14:09 -08:00
ncabatoff
fd38bc5b76
changelog++
2020-02-03 12:52:28 -05:00
ncabatoff
03b14d8a64
Upgrade okta sdk lib ( #8143 )
...
Upgrade to new official Okta sdk lib. Since it requires an API token, use old unofficial okta lib for no-apitoken case.
Update test to use newer field names. Remove obsolete test invalidated by #4798 . Properly handle case where an error was expected and didn't occur.
2020-02-03 12:51:10 -05:00
Calvin Leung Huang
1561c69b1f
ci: add context to website-docker-image job ( #8272 )
...
* ci: add context to website-docker-image job
* ci: test context value
* ci: revert test context value
2020-02-03 09:04:33 -08:00
ncabatoff
6ce2066f2d
changelog++
2020-02-03 12:01:11 -05:00
ncabatoff
29bad6ae9c
changelog++
2020-02-03 11:56:07 -05:00
ncabatoff
23c13f24f0
Ensure that http_raw_body is always passed to the audit redaction system as a string
...
Before this it was passed as a []byte, which doesn't get HMAC'd. The original non-HMACing behaviour can be obtained by adding "http_raw_body" to audit_non_hmac_response_keys. (#8130 )
2020-02-03 11:53:02 -05:00
Sebastien Williams-Wynn
9f99ff4912
Fix minor typo in doc string ( #8277 )
2020-02-02 20:12:59 +01:00
Becca Petrin
4ec92e2e9f
Update gen_openapi.sh ( #8273 )
...
* enable more auth backends in openapi gen
* cf and pcf are the same, with cf being preferred
2020-01-31 16:05:39 -08:00
Jeff Escalante
9dd1a863c0
update dependencies ( #8271 )
2020-01-31 14:27:39 -05:00
Jason O'Donnell
8f2347f93a
docs: update vault k8s to 0.2.0 ( #8269 )
...
* doc: update vault-k8s to 0.2.0
* Add debugging note
2020-01-31 11:22:39 -05:00
ncabatoff
30d262f149
Fix flaky test of api renewer by moving away from legacy api. ( #8265 )
2020-01-30 15:12:21 -05:00
Vitaly Velikodny
230c53d18b
Clean AlibabaCloud physical backend code ( #8186 )
2020-01-30 12:08:24 -08:00
Jim Kalafut
47818c4a84
Update GH issue template to point to forum ( #8226 )
2020-01-30 11:39:46 -08:00
Daniel Spangenberg
1c1d93a21c
Fix default max_open_connections for db plugins ( #8262 )
2020-01-30 17:33:04 +01:00
Sarai
74a6d02a89
Fix broken link ( #8259 )
...
- https://www.vaultproject.io/api/secret/pki/index.html#create-update-role
- https://www.vaultproject.io/api/secret/pki/index.html#createupdate-role
2020-01-30 08:12:24 -08:00
ncabatoff
523ff80287
Removing timing-dependent aspects of test. ( #8261 )
2020-01-30 11:02:48 -05:00
Clint
7528056038
Changelog++
2020-01-30 09:11:54 -06:00
Alex Antonov
3457d383ba
Added flag to disable X-Vault-Token header proxy if client passes the token ( #8101 )
...
* Added flag to disable X-Vault-Token header proxy if client passes the token
* Reveresed the flag value to better match the name intent
* Introduced UseAutoAuthTokenRaw for Cache to support triplicate value of true/false/force
Co-authored-by: Clint <catsby@users.noreply.github.com>
2020-01-30 09:08:42 -06:00
Michel Vocks
108d9af867
changelog++
2020-01-30 11:13:32 +01:00
Becca Petrin
2ebe299b40
changelog++
2020-01-29 10:59:19 -08:00
Calvin Leung Huang
d8dfd81e47
test: fix TestAgent_Template_Basic ( #8257 )
...
* test: fix TestAgent_Template_Basic
* test: fix TestAgent_Template_ExitCounter
2020-01-29 09:31:29 -08:00
Raoof Mohammed
0b7afcc728
docs: fix api path for merge entity identity doc ( #8258 )
2020-01-29 08:56:36 -08:00
Michel Vocks
2bde6a3a5a
Bump etcd client API dep ( #8037 )
2020-01-29 15:16:38 +01:00
Michel Vocks
f695eb737b
Add Consul TLS options to access API endpoint ( #8253 )
2020-01-29 09:44:35 +01:00
Michel Vocks
96a6857f0c
Docs: Add nomad TLS options ( #8254 )
2020-01-29 09:38:54 +01:00
Noelle Daley
bfb6986b40
Update CHANGELOG.md
2020-01-28 11:23:07 -06:00
Noelle Daley
906a34b466
show kmip details in wizard ( #8255 )
2020-01-28 11:21:04 -06:00
Michel Vocks
0bbed3b416
changelog++
2020-01-28 11:06:27 +01:00
Michel Vocks
5ab64e11d7
Fix Vault Agent Template TLS config parameters ( #8243 )
2020-01-28 10:59:31 +01:00