Jeff Mitchell
6d1e804a22
Add P384 and P521 support to Transit ( #7551 )
2019-10-03 12:32:43 -04:00
ncabatoff
71cb7cbf18
Fix issue with rotateCredentials deadlocking with itself ( #7518 )
2019-10-03 12:28:29 -04:00
Matthew Irish
a9b208793c
Update CHANGELOG.md
2019-10-02 11:59:47 -05:00
Jim Kalafut
fbf0eed21a
changelog++
2019-10-02 09:31:07 -07:00
David Adams
98a6a428c0
Add response_types_supported to OIDC configuration ( #7533 )
...
The OIDC Discovery standard requires the response_types_supported field
to be returned in the .well-known/openid-configuration response.
Also, the AWS IAM OIDC consumer won't accept Vault as an identity
provider without this field.
Based on examples in the OIDC Core documentation, it appears Vault
supports only the `id_token` flow, and thus that is the only value that
makes sense to be set in this field. See:
https://openid.net/specs/openid-connect-core-1_0.html#AuthorizationExamples
2019-10-02 08:59:57 -07:00
ncabatoff
e7fe4b6d92
Return a useful error on attempts to renew a token via sys/leases/renew ( #7298 )
2019-10-02 10:55:20 -04:00
Jim Kalafut
9c80c3770a
Fix identity token API docs ( #7545 )
2019-10-01 16:13:21 -07:00
Vu Pham
2176b5f701
Update oci-object-storage.html.md ( #7543 )
2019-10-01 16:08:34 -07:00
Jim Kalafut
153c4cc80e
Add 1.2+ role parameters back to JWT API docs ( #7544 )
...
This reverts 24c2f8c2ad76, which pulled the parameters while there were
outstanding bugs when using them with JWT auth.
2019-10-01 16:07:52 -07:00
Matthew Irish
8d9d8e3d0e
UI wrapped token fix ( #7398 )
...
* default to token auth method
* pass in selectedValue to the AuthForm
* adjust when and if tasks are called so there's no race condition with wrapped_token query param
* add some tests for wrapped_token
* adjust redirect_to behavior so that it also works with the logout route and the wrapped_token query param
* fix linting
2019-10-01 15:30:56 -05:00
Matthew Irish
c5ade0897e
UI CI exit 1 if there's an error ( #7399 )
...
* exit 1 if there's an error
* fix failing confirm tests
* still need to exit the process 😂
2019-10-01 14:57:37 -05:00
Jim Kalafut
63393ea1cc
Update vendor dir ( #7539 )
2019-10-01 08:03:32 -07:00
Vishal Nayak
464cd91fd5
changelog++
2019-09-30 17:52:10 -04:00
Jim Kalafut
7fb092e00b
changelog++
2019-09-30 13:55:05 -07:00
Jim Kalafut
9a05e95760
Log proxy settings from environment on startup ( #7528 )
2019-09-30 08:46:42 -07:00
Vishal Nayak
dbf5b9b956
changelog++
2019-09-30 10:51:07 -04:00
Vishal Nayak
c84f804f48
Fix identity case sensitivity loading in secondary cluster ( #7327 )
...
* Fix identity case sensitivity loading in secondary cluster
* Add nil check
2019-09-30 10:27:25 -04:00
Jim Kalafut
ae81c1d665
Update Go version in readme
...
Fixes #7525
2019-09-27 08:30:02 -07:00
Jeff Mitchell
6fd2bd0c8f
Update CHANGELOG.md
2019-09-26 17:18:03 -04:00
Connor Zapfel
f09b88b71e
Added sys/health path-help content ( #7360 )
2019-09-26 13:16:21 -07:00
Andy Manoske
6ff745af2c
Update index.html.md ( #7506 )
...
Feedback from customers re: audit information to explicitly expose where credential password creation takes place in the source code.
2019-09-26 09:53:07 -07:00
Jim Kalafut
1fce33cfa2
changelog++
2019-09-26 08:24:10 -07:00
Mike Jarmy
afac13091b
Add a unit test for plugin initialization ( #7158 )
...
* stub out backend lazy load test
* stub out backend lazy-load test
* test startBackend
* test lazyLoadBackend
* clean up comments in test suite
2019-09-26 10:01:45 -04:00
Ivan Kurnosov
1ad67097cd
Fixed github-prod path ( #7516 )
2019-09-26 08:46:41 -04:00
Marc-Aurèle Brothier
a9081a94b5
docs: add -verify documentation on operator rekey command ( #7190 )
2019-09-25 13:57:57 -07:00
Noel Quiles
1c589deef2
Update hashi-docs-sitemap to v0.1.6 ( #7413 )
2019-09-25 13:38:19 -07:00
Yoko
69795e5018
Fixed the hyperlink typo to blog ( #7354 )
2019-09-25 13:34:58 -07:00
Brian Shumate
54a45db46d
Update sample request ( #7431 )
...
- Format curl command to be similar to other sample requests
- Add single quotes to URL for '?' so that example is functional
- Delete trailing space
2019-09-25 13:32:42 -07:00
minitux
88da7ecd82
Fix api auth approle documentation ( #7382 )
...
Change policies to token_policies
2019-09-25 13:27:27 -07:00
Jim Kalafut
68a682cc10
changelog++
2019-09-25 11:10:37 -07:00
Jim Kalafut
db0c672d23
Ignore any existing token during CLI login ( #7508 )
...
Fixes #6694
2019-09-25 10:59:42 -07:00
Vu Pham
2d84a1078f
Use snake case for HA example ( #7505 )
2019-09-23 16:02:08 -07:00
Joel Thompson
551b7a5e5c
secret/aws: Support permissions boundaries on iam_user creds ( #6786 )
...
* secrets/aws: Support permissions boundaries on iam_user creds
This allows configuring Vault to attach a permissions boundary policy to
IAM users that it creates, configured on a per-Vault-role basis.
* Fix indentation of policy in docs
Use spaces instead of tabs
2019-09-19 16:35:12 -07:00
Calvin Leung Huang
f4fd84d52b
sys: add pprof endpoint ( #7473 )
...
* sys/pprof: add pprof routes to the system backend
* sys/pprof: add pprof paths to handler with local-only check
* fix trailing slash on pprof index endpoint
* use new no-forward handler on pprof
* go mod tidy
* add pprof external tests
* disallow streaming requests to exceed DefaultMaxRequestDuration
* add max request duration test
2019-09-19 13:44:37 -07:00
Dilan Bellinghoven
2625b66595
chore: Do not need logger for command/agent/config.LoadConfig ( #7496 )
2019-09-19 13:03:30 -07:00
Jeff Mitchell
bdb59e7f51
Bump api/sdk and vendoring
2019-09-19 09:43:23 -04:00
Jeff Mitchell
1fd71ed774
Bump API's SDK
2019-09-19 09:42:45 -04:00
Yahya
936af3650c
[Docs] Fix typo in database sample request ( #7492 )
2019-09-19 10:14:34 +02:00
Jim Kalafut
3621179560
Fix Agent handling of gzipped responses ( #7470 )
...
* Fix Agent handling of gzipped responses
Fixes #6606
* Only remove "gzip" member, if present
* Simplify to just removing Accept-Encoding altogether
2019-09-18 14:24:41 -07:00
Graham Land
73b9e39775
Early indication of storage backend requirements ( #7472 )
...
A Vault Enterprise Pro customer in Japan has tried to get Vault DR replication working using Google Cloud Storage.
They were frustrated to learn that GCS may not have support for transactional updates which has resulted in a lot of wasted time.
The complaint was that this was not clear from our documentation.
This note may help customers to understand sooner that not all highly available backends support transactional updates.
2019-09-18 14:19:32 -07:00
Lars Lehtonen
404cb5f6dd
Fix token_store_test.go ( #7490 )
...
* vault: fix dropped error in test goroutine
* vault: fix dropped test errors
2019-09-18 14:18:08 -07:00
Matthew Irish
368eba4055
Update CHANGELOG.md
2019-09-18 14:09:10 -05:00
Matthew Irish
6e4cc02f4d
expose 'storage_type' on the sys/seal-status endpoint ( #7486 )
...
* expose 'storage_type' on the sys/seal-status endpoint
* add comments
* Update vault/core.go
Co-Authored-By: Brian Kassouf <briankassouf@users.noreply.github.com>
2019-09-18 14:07:18 -05:00
Michael Gaffney
fdc1274c70
Fix the transit trim key api doc ( #7453 )
2019-09-18 09:29:58 -04:00
Jeff Mitchell
ba236306e2
Update api/sdk. Let kr/pty stay for now so it stops going in on every build
2019-09-18 09:12:57 -04:00
Jeff Mitchell
fbfeda9576
Bump API's sdk
2019-09-18 09:10:23 -04:00
Jeff Mitchell
63f377c6b6
Tidy sdk
2019-09-18 09:09:44 -04:00
Pavlos Ratis
d5d5582b23
add more gcp examples ( #6358 )
2019-09-17 13:39:00 -07:00
Jeff Mitchell
86d14691f4
Bump sdk and vendoring
2019-09-17 11:38:03 -04:00
Jeff Mitchell
f72bc5acb2
Update version for 1.3 dev target on master
2019-09-17 11:36:55 -04:00