Commit graph

12197 commits

Author SHA1 Message Date
Austin Gebauer 821940f905
fix: invalidate cached clients after a config change in the aws secrets backend (#9186) 2020-06-10 20:53:48 -07:00
Mike Wickett 5ca6057295
website: remove whitepaper link from subnav (#9190) 2020-06-10 16:01:23 -04:00
ncabatoff c86c138ea0
changelog++ 2020-06-10 13:33:51 -04:00
Félix Mattrat 40699d2b9e
Improving transit batch encrypt and decrypt latencies (#8775)
Optimized batch items decoder bypassing mapstructure
2020-06-10 13:31:46 -04:00
Theron Voran f8993f7dc0
changelog++ 2020-06-09 17:01:42 -07:00
Theron Voran e1a432a167
AWS: Add iam_groups parameter to role create/update (#8811)
Allows vault roles to be associated with IAM groups in the AWS
secrets engine, since IAM groups are a recommended way to manage
IAM user policies. IAM users generated against a vault role will
be added to the IAM Groups. For a credential type of
`assumed_role` or `federation_token`, the policies sent to the
corresponding AWS call (sts:AssumeRole or sts:GetFederation) will
be the policies from each group in `iam_groups` combined with the
`policy_document` and `policy_arns` parameters.

Co-authored-by: Jim Kalafut <jkalafut@hashicorp.com>
2020-06-09 16:56:12 -07:00
ncabatoff 315d1ba9c5
Explain what lease tidy does. (#9178) 2020-06-09 16:54:06 -04:00
ncabatoff 9cd5ff27b8
changelog++ 2020-06-09 10:40:50 -04:00
Gideon 8aee6262c1
Allow InfluxDB to use insecure TLS without cert bundle (#8778)
Moves the configuration of insecure TLS and TLS version outside of the certificate bundle.
2020-06-09 10:38:58 -04:00
Brian Kassouf 3b4ba9d1fb
Upgrade raft library (#9170)
* Upgrade raft library

* Update vendor

* Update physical/raft/snapshot_test.go

Co-authored-by: Calvin Leung Huang <cleung2010@gmail.com>

* Update physical/raft/snapshot_test.go

Co-authored-by: Calvin Leung Huang <cleung2010@gmail.com>
2020-06-08 16:34:20 -07:00
Yoan Blanc 77dfab2b62
operator: init -status to return JSON (#8773) 2020-06-08 14:35:39 -04:00
Peter J. Li 27cf73afa8
fix error message for when an invalid uri_sans is provided via the api (#8772) 2020-06-08 13:43:56 -04:00
joe miller 15661719fa
document all of the supported elliptic curves (#8722) 2020-06-08 11:26:56 -04:00
Rob Taylor 76e78605a9
Fixed minor typo in secrets documentation page (#8856) 2020-06-08 11:17:26 -04:00
Jim Kalafut 61e795c5e2
Add namespace parameter to ssh helper config (#9160) 2020-06-08 08:16:03 -07:00
Frederic Hemberger 4e13db3912
[docs/telemetry] Unnecessary comma in HCL example (#8817) 2020-06-08 11:07:28 -04:00
Billie Cleek 009ef0b8a4
document response wrapping behavior (#8156)
Document response wrapping behavior so that it's clear how
WrappingLookupFuncs should behave.
2020-06-08 10:50:48 -04:00
Rob Jackson 38ca50cdd9
update to include vault_format (#8876) 2020-06-08 10:40:03 -04:00
Tomas Bäckman 6e97db6d68
Add note about flag -target=recovery for auto-unseal mode (#9163) 2020-06-08 09:26:49 -04:00
Austin Gebauer bf2ce8d1cb
docs: fix port number in curl command for aws rotate root iam creds (#9157) 2020-06-05 16:00:49 -07:00
Calvin Leung Huang 0565e28592
docs: document raft and mlock interaction (#9093)
* docs: document raft and mlock interaction

* docs: expand on mlock issue when raft is used

* Update website/pages/docs/configuration/index.mdx

Co-authored-by: Brian Kassouf <briankassouf@users.noreply.github.com>

Co-authored-by: Brian Kassouf <briankassouf@users.noreply.github.com>
2020-06-05 15:02:55 -07:00
Scott Miller e2d5d92b77
Github markdown doesn't use "^" for superscript, have to be explicit (#9156) 2020-06-05 16:55:33 -05:00
ncabatoff 6937ec9817
changelog++ 2020-06-05 15:56:38 -04:00
Jon Davies 40730db136
certutil/helpers.go: Allow 3072 RSA key sizes. (#8343) 2020-06-05 15:54:41 -04:00
Clint dd9c3b9133
Sync Protobuf dependencies between core and sdk (#9154)
* update go.mod/sum for root and sdk folders to sync protobuf versions

* run 'go mod vendor'

* bump github.com/golang/protobuf to v1.4.2
2020-06-05 14:15:12 -05:00
Scott Miller f8f4ae4ab2
Document and give an example of the input size limits when using the FF3-1 transform. (#9151)
* Document and give an example of the input size limits when using the FF3-1
transform.
2020-06-05 07:45:18 -05:00
ncabatoff fdba917b66
Fix feature flag persistence: we shouldn't have excluded dr primaries, they too must write feature flags. DR secondaries might not need depend on feature flags being there, but a DR primary could also be (or become) a perf primary. (#9148) 2020-06-04 13:00:33 -04:00
Austin Gebauer 85d6886778
changelog++ 2020-06-03 12:28:47 -07:00
Jason O'Donnell e0e29a9586
docs/k8s: Add OpenShift K8s beta documentation (#9135)
* doc/k8s: add OpenShift examples

* Update requirements

* Update website/pages/docs/platform/k8s/helm/openshift.mdx

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

* Fix ha example

* Fix ha doc

* Update image references

* Fix formatting

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>
2020-06-03 15:10:37 -04:00
Austin Gebauer cc16c6d08e
fix: remove mount prefix from config path used to invalidate connections (#9129) 2020-06-03 12:04:55 -07:00
Dave D'Amico a60ba90a20
updated 1.3.2 and 1.4.0 upgrade guides to note AWS STS region issue fixed in 1.4.1 (#9137) 2020-06-03 10:27:45 -07:00
Michael Golowka 438345c390
Update OpenLDAP secret engine to v0.1.3 (#9123)
* Adds ability to use password policies

Operations:
Updated go.mod for OpenLDAP to v0.1.3
Ran `go mod tidy`
Ran `go mod vendor`
2020-06-03 10:37:00 -06:00
Theron Voran 7622bee530
Docs updates for vault-helm 0.6.0 release (#9116)
* Docs updates for vault-helm 0.6.0 release

* added openshift and postStart values

* noting that openshift support is a beta feature
2020-06-03 11:44:32 -04:00
Theron Voran fa17e22050
Docs updates for vault-k8s 0.4.0 (#9107)
* Adding changes for vault-k8s 0.4.0

* add note about run-as-same-user rejecting root
2020-06-03 10:06:20 -04:00
Brian Kassouf fbd9fd4510
Fix upgrade guide (#9133) 2020-06-02 16:27:19 -07:00
Mark Gritter 475fe0eede
Token creation counters (#9052)
* Add token creation counters.
* Created a utility to change TTL to bucket name.
* Add counter covering token creation for response wrapping.
* Fix namespace label, with a new utility function.
2020-06-02 13:40:54 -05:00
Michael Golowka 5ca4d819d1
Update OpenLDAP Secrets Docs with Password Policies (#9088)
* Update OpenLDAP docs to use password policies
2020-06-02 11:34:01 -06:00
Michael Golowka bd587da491
Add docs for password policies (#8974)
* Add docs for password policies
2020-06-02 11:12:22 -06:00
Jason O'Donnell ab0bbc595b
agent/raft: fix typo in help strings (#9114) 2020-06-02 10:17:08 -04:00
Jim Kalafut 34fab8ae09
Update gcp secrets plugin (#9004) 2020-06-01 11:02:33 -07:00
Alexander Bezobchuk eb0b3ac286
Merge PR #9100: Add key_version to Transit Logical Response 2020-06-01 13:16:01 -04:00
Alexander Bezobchuk 9dd67cbeb6
Merge PR #9027: Integrated Storage (Raft): Add Support for max_entry_size Config 2020-06-01 10:17:24 -04:00
ncabatoff da3377ce6a
changelog++ 2020-05-29 14:23:09 -04:00
ncabatoff 8870b2e51c
Add mongodbatlas static roles support (#8987)
* Refactor PG container creation.
* Rework rotation tests to use shorter sleeps.
* Refactor rotation tests.
* Add a static role rotation test for MongoDB Atlas.
2020-05-29 14:21:23 -04:00
dddugan a098e313a9
correct sockaddr.is_contained example (#9104)
Syntax for sockaddr.is_contained should be outer, inner - i.e. range, IP. See https://docs.hashicorp.com/sentinel/imports/sockaddr/ for reference.
2020-05-29 10:51:31 -07:00
ncabatoff 4481521c0e
Extend agent template tests to also validate that updated templates get re-rendered. (#9097) 2020-05-29 13:36:59 -04:00
Scott Miller 12d704d97f
Provide token ttl and issue time in the audit log. (#9091)
* Populate a token_ttl and token_issue_time field on the Auth struct of audit log entries, and in the Auth portion of a response for login methods

* Revert go fmt, better zero checking

* Update unit tests

* changelog++
2020-05-29 12:30:47 -05:00
Jeff Escalante 0e3229a3d8
add missing styles for mdx components (#9103) 2020-05-29 13:29:24 -04:00
ncabatoff 9987b71a36
Update seal docs to reflect 1.3 changes. (#9086) 2020-05-29 13:28:03 -04:00
Christophe Drevet-Droguet 932c1834cc
ssh certificate signing: fix documentation of extensions (#8859) 2020-05-29 13:23:19 -04:00