Commit graph

1388 commits

Author SHA1 Message Date
Raphael Randschau db4e1b4a99 CouchDB physical backend (#2880) 2017-06-17 11:22:10 -04:00
Jeff Mitchell cf7d56e8f3 Fix up CORS.
Ref #2021
2017-06-17 01:26:25 -04:00
Aaron Salvo 0303f51b68 Cors headers (#2021) 2017-06-17 00:04:55 -04:00
Jeff Mitchell 33ca94773f Add DogStatsD metrics output. (#2883)
Fixes #2490
2017-06-16 23:51:46 -04:00
Jeff Mitchell 0ea8f17357 Add some warnings to the upgrade guide 2017-06-16 13:23:22 -04:00
vishalnayak a50ce54603 doc: add radius to MFA backend docs 2017-06-15 18:31:53 -04:00
Jeff Mitchell df229f5255 Fix typo in transit docs 2017-06-14 11:49:12 -04:00
Seth Vargo 789247d922 Add callouts for deprecations and beta (#2854)
This makes the sidebar emphasize the deprecated database backends more.
2017-06-14 16:11:16 +01:00
Nathan Valentine 3309496916 Clean up extra word in docs (#2847) 2017-06-12 13:08:54 -04:00
Jonathan Duncan 7038348b6d Adding some visual separation for parameters (#2841)
Currently on the Documentation pages when parameters are listed, there is no visual separation between the parameter names, flags, and descriptions. This should make it a bit easier for humans to read.
2017-06-12 06:59:38 -04:00
Jeff Mitchell 8b3657d840 Add note about lowercasing usernames to userpass docs 2017-06-08 09:41:01 -04:00
Cameron Stokes 8e0ac2dbb0 [docs] Add notes about deprecated database backends. (#2835) 2017-06-07 23:45:01 -07:00
Cameron Stokes d26bb4f2fb [docs] Fix Mongodb link in sidebar. 2017-06-07 20:36:36 -07:00
Brian Kassouf 8d58b43906 update database interface in the docs 2017-06-07 11:20:13 -07:00
Jeff Mitchell f6d48312d8 Add new transit features to documentation 2017-06-07 13:00:14 -04:00
Joel Thompson 4a934915d7 Resolve AWS IAM unique IDs (#2814) 2017-06-07 10:27:11 -04:00
Dan Brown 4f3fb87b9d Docs typo fixes (#2830)
* Fix passing payload.json file to curl

* Correct API endpoint
2017-06-07 10:02:58 -04:00
Joel Thompson 7437ada31c Check if there's a bound iam arn when renewing (#2819)
Previously, the renew method would ALWAYS check to ensure the
authenticated IAM principal ARN matched the bound ARN.  However, there
is a valid use case in which no bound_iam_principal_arn is specified and
all bindings are done through inferencing. When a role is configured
like this, clients won't be able to renew their token because of the
check.

This now checks to ensure that the bound_iam_principal_arn is not empty
before requriing that it match the originally authenticated client.

Fixes #2781
2017-06-06 22:35:12 -04:00
Brian Kassouf 606fe393be Use the role name in the db username (#2812) 2017-06-06 09:49:49 -04:00
sam boyer 789d7ab4e0 Minor typos & wordsmithing for clarity (#2807) 2017-06-05 09:32:09 -07:00
Jeff Mitchell dad291c93c Add plugin_directory to configuration page (#2801)
Fixes #2795
2017-06-03 08:11:03 -04:00
Igor Katson 88118dce0f Add max_parallel parameter to MySQL backend. (#2760)
* Add max_parallel parameter to MySQL backend.

This limits the number of concurrent connections, so that vault does not die
suddenly from "Too many connections".

This can happen when e.g. vault starts up, and tries to load all the
existing leases in parallel. At the time of writing this, the value
ExpirationRestoreWorkerCount in vault/helper/consts/const.go is set to
64, meaning that if there are enough leases in the vault's DB, it will
generate AT LEAST 64 concurrent connections to MySQL when loading the
data during start-up. On certain configurations, e.g. smaller AWS
RDS/Aurora instances, this will cause Vault to fail startup.

* Fix a typo in mysql storage readme
2017-06-01 15:20:32 -07:00
Vishal Nayak 128907172f doc: leases are generated only for dynamic secrets (#2772)
* doc: leases are generated only for dynamic secrets

* Address review feedback
2017-05-31 09:47:17 -04:00
Vishal Nayak 58b68dc35e doc: PKI API table of contents (#2756)
* Add a table of contents for api/secret/pki

* Fix the read certificate link
2017-05-23 09:19:47 -04:00
Ryon 7d4fb9c8e4 Update news section with March 22 webinar video (#2663) 2017-05-22 20:19:52 -04:00
Jeff Mitchell 6a39ccc8d6 Remove comment about a non-existent validation section
Fixes #2524
2017-05-22 12:37:51 -04:00
vishalnayak 9bbeff3f44 doc: Fix the sample input value for cache_size 2017-05-19 12:32:44 -04:00
Jeff Mitchell 57461e3556 Fix revoke-secondary API addr 2017-05-19 00:53:49 -04:00
Kenny Gatdula f9a71de87a Update plugins.html.md (#2744)
Minor typo and spellcheck update
2017-05-18 14:06:44 -04:00
Martins Sipenko f3f6b02682 Fix X-Vault-AWS-IAM-Server-ID example (#2728) 2017-05-15 09:06:45 -04:00
Ken McVicker 3a354343af Update install.html.md
Updates list of commands with the output of 0.6.4.  Missing commands list, unwrap, capabilities, generate-root
2017-05-12 14:13:06 -06:00
Martins Sipenko 774c70e1e2 Update aws.html.md (#2715) 2017-05-12 12:10:11 -04:00
Brian Kassouf 06472d8ceb Merge pull request #2718 from hashicorp/doc-updates
Add plugin level docs for what statements are supported and how they …
2017-05-12 08:12:27 -07:00
Calvin Leung Huang 9fd39a0681 Mongodb plugin (#2698)
* WIP on mongodb plugin

* Add mongodb plugin

* Add tests

* Update mongodb.CreateUser() comment

* Update docs

* Add missing docs

* Fix mongodb docs

* Minor comment and test updates

* Fix imports

* Fix dockertest import

* Set c.Initialized at the end, check for empty CreationStmts first on CreateUser

* Remove Initialized check on Connection()

* Add back Initialized check

* Update docs

* Move connProducer and credsProducer into pkg for  mongodb and cassandra

* Chage parseMongoURL to be a private func

* Default to admin if no db is provided in creation_statements

* Update comments and docs
2017-05-11 17:38:54 -04:00
Jeremy Voorhis 3407a033ba Update the S3 storage backend docs to reflect capabilities. 2017-05-11 14:30:05 -07:00
Brian Kassouf 1460c2fcc7 Add plugin level docs for what statements are supported and how they should be formatted 2017-05-11 11:59:58 -07:00
Chris Hoffman 4cd50fd822 Updating key export documentation for transit (#2706) 2017-05-10 09:27:03 -04:00
Cameron Stokes ab7d91a506 [docs] Update glossary for auth backend terminology. (#2703) 2017-05-09 22:17:32 -04:00
Tim Stamp de8bbed321 Header Type Typo (#2695)
Header 'Update Key Configuration' should be a H2 not a H4.
2017-05-09 09:57:23 -04:00
Jeff Mitchell 7068292252 Update/clarify docs on generic backend ttl.
Ping #2697
2017-05-09 09:56:11 -04:00
Brian Kassouf 61f115ba81 Update postgresql.html.md 2017-05-04 17:56:09 -07:00
Brian Kassouf 20cc43bf18 Update mysql-maria.html.md 2017-05-04 17:55:50 -07:00
Brian Kassouf 913a112681 Update mssql.html.md 2017-05-04 17:55:30 -07:00
Brian Kassouf 16e6f9640d Few docs updates 2017-05-04 14:07:12 -07:00
Calvin Leung Huang c0ce0ae499 Merge branch 'database-refactor' of github.com:hashicorp/vault into database-refactor 2017-05-04 16:46:47 -04:00
Calvin Leung Huang b49993f81f Update mssql docs 2017-05-04 16:46:34 -04:00
Brian Kassouf 3c41bdfa16 update docs 2017-05-04 13:38:49 -07:00
Brian Kassouf 7dcec6e68f Merge remote-tracking branch 'oss/master' into database-refactor 2017-05-04 12:40:00 -07:00
Brian Kassouf 82b58d5b9c Update docs and return a better error message 2017-05-04 11:45:27 -07:00
mymercurialsky 4c0e3c5d2f Implemented TOTP Secret Backend (#2492)
* Initialized basic outline of TOTP backend using Postgresql backend as template

* Updated TOTP backend.go's structure and help string

* Updated TOTP path_roles.go's structure and help strings

* Updated TOTP path_role_create.go's structure and help strings

* Fixed typo in path_roles.go

* Fixed errors in path_role_create.go and path_roles.go

* Added TOTP secret backend information to cli commands

* Fixed build errors in path_roles.go and path_role_create.go

* Changed field values of period and digits from uint to int, added uint conversion of period when generating passwords

* Initialized TOTP test file based on structure of postgresql test file

* Added enforcement of input values

* Added otp library to vendor folder

* Added test steps and cleaned up errors

* Modified read credential test step, not working yet

* Use of vendored package not allowed - Test error

* Removed vendor files for TOTP library

* Revert "Removed vendor files for TOTP library"

This reverts commit fcd030994bc1741dbf490f3995944e091b11da61.

* Hopefully fixed vendor folder issue with TOTP Library

* Added additional tests for TOTP backend

* Cleaned up comments in TOTP backend_test.go

* Added default values of period, algorithm and digits to field schema

* Changed account_name and issuer fields to optional

* Removed MD5 as a hash algorithm option

* Implemented requested pull request changes

* Added ability to validate TOTP codes

* Added ability to have a key generated

* Added skew, qr size and key size parameters

* Reset vendor.json prior to merge

* Readded otp and barcode libraries to vendor.json

* Modified help strings for path_role_create.go

* Fixed test issue in testAccStepReadRole

* Cleaned up error formatting, variable names and path names. Also added some additional documentation

* Moveed barcode and url output to key creation function and did some additional cleanup based on requested changes

* Added ability to pass in TOTP urls

* Added additional tests for TOTP server functions

* Removed unused QRSize, URL and Generate members of keyEntry struct

* Removed unnecessary urlstring variable from pathKeyCreate

* Added website documentation for TOTP secret backend

* Added errors if generate is true and url or key is passed, removed logger from backend, and revised parameter documentation.

* Updated website documentation and added QR example

* Added exported variable and ability to disable QR generation, cleaned up error reporting, changed default skew value, updated documentation and added additional tests

* Updated API documentation to inlude to exported variable and qr size option

* Cleaned up return statements in path_code, added error handling while validating codes and clarified documentation for generate parameters in path_keys
2017-05-04 10:49:42 -07:00
Brian Kassouf 5ee0d696d4 Merge remote-tracking branch 'oss/master' into database-refactor 2017-05-04 10:45:18 -07:00
Brian Kassouf 29bfc0a0d4 PR comments 2017-05-04 10:41:59 -07:00
Chris Hoffman 3d9cf89ad6 Add the ability to view and list of leases metadata (#2650) 2017-05-03 22:03:42 -04:00
Brian Kassouf ce391ca425 add new mysql plugin names and fix grammar 2017-05-03 18:41:39 -07:00
Brian Kassouf bf29861d49 Add the plugins catalog API docs 2017-05-03 11:43:24 -07:00
Brian Kassouf e92818e0ae Upate links in docs 2017-05-03 10:25:12 -07:00
Brian Kassouf dbb5b38e0d Add API docs 2017-05-03 02:13:07 -07:00
Brian Kassouf 63de72c10f Add custom plugins docs page 2017-05-03 00:01:28 -07:00
Brian Kassouf 50ac77be51 Update docs for the database backend and it's plugins 2017-05-02 22:24:31 -07:00
Brian Kassouf b60ff2048d Update docs and add cassandra as a builtin plugin 2017-05-02 17:04:49 -07:00
Brian Kassouf 20994c1247 Fix wording in docs 2017-05-02 16:20:07 -07:00
Jeff Mitchell 712cacaf4d Add website skeleton 2017-05-02 16:26:32 -04:00
mhristof df325288ac fix format for secret/pki (#2668) 2017-05-02 07:52:55 -04:00
Brian Kassouf ca7ff89bcb Fix documentation 2017-05-02 02:22:06 -07:00
Brian Kassouf f17c50108f Add plugins interal page to the sidebar: 2017-05-02 02:00:04 -07:00
Brian Kassouf a963097747 Add internals doc for plugins 2017-05-02 01:59:36 -07:00
Seth Vargo 44e1c64cfd Add UI docs (#2664) 2017-05-01 17:36:37 -04:00
Marc Boudreau 5630b0ad4b Changing the ttl value in the Generate IAM with STS sample to a valid value (#2665) 2017-05-01 14:41:49 -04:00
Justin Gerace 403efeb5ae Add globbing support to the PKI backend's allowed_domains list (#2517) 2017-05-01 10:40:18 -04:00
Michael Ansel 30b71cbbac Add constraints on the Common Name for certificate-based authentication (#2595)
* Refactor to consolidate constraints on the matching chain

* Add CN prefix/suffix constraint

* Maintain backwards compatibility (pick a random cert if multiple match)

* Vendor go-glob

* Replace cn_prefix/suffix with required_name/globbing

Move all the new tests to acceptance-capable tests instead of embedding in the CRL test

* Allow authenticating against a single cert

* Add new params to documentation

* Add CLI support for new param

* Refactor for style

* Support multiple (ORed) name patterns

* Rename required_names to allowed_names

* Update docs for parameter rename

* Use the new TypeCommaStringSlice
2017-04-30 11:37:10 -04:00
Cameron Stokes 73867dab92 Add local flag to docs for API endpoints. (#2625) 2017-04-28 14:33:27 -04:00
Ryan Smith-Evans d0d448cfbe Added required header (#2656) 2017-04-28 08:56:14 -04:00
greenbrian 90a442ec92 Fix links on Consul storage backend page (#2652) 2017-04-28 07:48:23 -04:00
Chris Hoffman 1a60fede58 Updating revoke/renew to prefer PUT method (#2646) 2017-04-27 10:47:43 -04:00
Jeff Mitchell d9e639ece2 Fix types of listener options, currently they're all strings 2017-04-25 11:20:48 -04:00
Seth Vargo 7b21562f07 Make sidebar a bit wider on smaller screens (#2638) 2017-04-24 15:39:58 -04:00
Joel Thompson e06a78a474 Create unified aws auth backend (#2441)
* Rename builtin/credential/aws-ec2 to aws

The aws-ec2 authentication backend is being expanded and will become the
generic aws backend. This is a small rename commit to keep the commit
history clean.

* Expand aws-ec2 backend to more generic aws

This adds the ability to authenticate arbitrary AWS IAM principals using
AWS's sts:GetCallerIdentity method. The AWS-EC2 auth backend is being to
just AWS with the expansion.

* Add missing aws auth handler to CLI

This was omitted from the previous commit

* aws auth backend general variable name cleanup

Also fixed a bug where allowed auth types weren't being checked upon
login, and added tests for it.

* Update docs for the aws auth backend

* Refactor aws bind validation

* Fix env var override in aws backend test

Intent is to override the AWS environment variables with the TEST_*
versions if they are set, but the reverse was happening.

* Update docs on use of IAM authentication profile

AWS now allows you to change the instance profile of a running instance,
so the use case of "a long-lived instance that's not in an instance
profile" no longer means you have to use the the EC2 auth method. You
can now just change the instance profile on the fly.

* Fix typo in aws auth cli help

* Respond to PR feedback

* More PR feedback

* Respond to additional PR feedback

* Address more feedback on aws auth PR

* Make aws auth_type immutable per role

* Address more aws auth PR feedback

* Address more iam auth PR feedback

* Rename aws-ec2.html.md to aws.html.md

Per PR feedback, to go along with new backend name.

* Add MountType to logical.Request

* Make default aws auth_type dependent upon MountType

When MountType is aws-ec2, default to ec2 auth_type for backwards
compatibility with legacy roles. Otherwise, default to iam.

* Pass MountPoint and MountType back up to the core

Previously the request router reset the MountPoint and MountType back to
the empty string before returning to the core. This ensures they get set
back to the correct values.
2017-04-24 15:15:50 -04:00
Matthew Gallagher 8c75c2611a Remove mention of Darwin mlock support from docs. (#2624) 2017-04-22 16:56:01 -04:00
Cameron Stokes 82e9b089be [docs] Fix typo in Transit API docs. 2017-04-20 15:18:55 -07:00
Chad Greenburg 960fdb6a8a Added documentation for listing roles in the Consul secret backend (#2619) 2017-04-20 07:44:25 -04:00
Eric Bock f3be8927db Fixing typo in Transit API rewrap section (#2617) 2017-04-19 09:29:33 -07:00
Brian Nuszkowski 74d78f247c Add api documentation for unauthenticated SSH CA public key retrieval (#2616) 2017-04-19 11:30:24 -04:00
Jeff Mitchell 4995c69763 Update sign-verbatim to correctly set generate_lease (#2593) 2017-04-18 15:54:31 -04:00
Mitch Davis a051ec1b59 Use service bind for searching LDAP groups (#2534)
Fixes #2387
2017-04-18 15:52:05 -04:00
Jeff Mitchell f4cd8c5200 Merge pull request #2607 from hashicorp/b-grammar
Fix sentence - remove "and"
2017-04-18 15:50:56 -04:00
Jeff Mitchell 563ad2175f Update index.html.md 2017-04-18 15:50:44 -04:00
Seth Vargo 490b98ee93
Update logos 2017-04-18 14:17:56 -04:00
Jon Benson 73950e8fb1 Fix sentence - remove "and" 2017-04-17 19:35:04 -07:00
Jeff Mitchell d5f5ecf0ab Remove allow_token_displayname from docs as we don't support that any longer 2017-04-17 17:25:44 -04:00
Jeff Mitchell f14fd329fd Add more info to STS TTL to website 2017-04-17 17:19:13 -04:00
Phil Watts c98de70310 Update revoke.html.md (#2604)
Changed param's description verb from renew to revoke, to match the page context.
2017-04-17 12:40:24 -04:00
Jeff Mitchell ce58bfa88f Update SSH docs to indicate deprecation of dynamic key type 2017-04-17 11:11:05 -04:00
James Phillips b6758b7ea9 Update 404.html.md (#2594) 2017-04-14 12:19:15 -04:00
Jeff Mitchell c2407eab5a Add some extra documentation around ssh-keygen -L to see signed cert
info.

Ping #2569
2017-04-13 15:23:27 -04:00
Chris Hoffman 3c7a69b119 minor docs update 2017-04-10 09:46:25 -04:00
Jeff Mitchell 9136952055 Update AES-GCM verification text 2017-04-07 14:35:29 -04:00
Shivaram Lingamneni 2117dfd717 implement a no_store option for pki roles (#2565) 2017-04-07 11:25:47 -07:00
Jeff Mitchell e0d00fdf7b Remove superfluous/misleading comments around some listener options 2017-04-07 14:23:56 -04:00
Jeff Mitchell f805618a2c Update SSH CA documentation
Fixes #2551
Fixes #2569
2017-04-07 11:59:25 -04:00
Seth Vargo 53e1bd02a1
Add press-kit 2017-04-06 18:43:55 -04:00