Commit graph

8728 commits

Author SHA1 Message Date
Yamamoto, Hirotaka 6673e579a0 [etcd] fix the deafult prefix in website (#5116)
etcd storage stores all Vault data under a prefix.
The default prefix is "/vault/" according to source codes.

However, the default prefix shown in the website is "vault/".
If the access to etcd is restricted to this wrong prefix, vault
cannot use etcd.
2018-08-16 10:38:11 -04:00
Matthew Irish 129494d98a
UI unauthed auth methods fix (#5113)
* lowercase auth method type so that hardcoded and unauthed methods both use the same key

* don't rely on top level data for capabilities serializer
2018-08-16 08:16:24 -05:00
Joel Thompson 0941c7a24a Make AWS credential types more explicit (#4360)
* Make AWS credential types more explicit

The AWS secret engine had a lot of confusing overloading with role
paramemters and how they mapped to each of the three credential types
supported. This now adds parameters to remove the overloading while
maintaining backwards compatibility.

With the change, it also becomes easier to add other feature requests.
Attaching multiple managed policies to IAM users and adding a policy
document to STS AssumedRole credentials is now also supported.

Fixes #4229
Fixes #3751
Fixes #2817

* Add missing write action to STS endpoint

* Allow unsetting policy_document with empty string

This allows unsetting the policy_document by passing in an empty string.
Previously, it would fail because the empty string isn't a valid JSON
document.

* Respond to some PR feedback

* Refactor and simplify role reading/upgrading

This gets rid of the duplicated role upgrade code between both role
reading and role writing by handling the upgrade all in the role
reading.

* Eliminate duplicated AWS secret test code

The testAccStepReadUser and testAccStepReadSTS were virtually identical,
so they are consolidated into a single method with the path passed in.

* Switch to use AWS ARN parser
2018-08-16 06:38:13 -04:00
Andy Manoske bd4c047713
Update index.html.md 2018-08-15 17:44:36 -07:00
Andy Manoske 9d41d4c407
Update index.html.md 2018-08-15 17:44:00 -07:00
Clint 48e5c71b33 Update apis.html.md (#5071)
We disable TLS for example purposes, not exemplary purposes 😄
2018-08-15 19:41:29 -04:00
Christoph Ludwig 24a368c1ba Add support for "sovereign" Azure cloud environments (#4997)
* Add support for "sovereign" Azure cloud environments

* Shorten variable names
2018-08-15 19:40:36 -04:00
Andy Manoske 0a71ea9a58
Create index.html.md 2018-08-15 15:27:11 -07:00
Jim Kalafut f8a0daafa0
Add check of truncated length (#5109) 2018-08-15 13:16:17 -07:00
Joshua Ogle 5371723191 Don't float tag in sidebar unless fullhd 2018-08-15 13:55:20 -06:00
Joshua Ogle cce331bae8 Update Edition Tier Icons 2018-08-15 13:41:43 -06:00
Brian Kassouf f5aa7d3721
changelog++ 2018-08-15 11:47:00 -07:00
Jeff Mitchell 71d92ef093 ACL Templating (#4994)
* Initial work on templating

* Add check for unbalanced closing in front

* Add missing templated assignment

* Add first cut of end-to-end test on templating.

* Make template errors be 403s and finish up testing

* Review feedback
2018-08-15 11:42:56 -07:00
RichardWLaub 8d7a983bba Update usage section for kv-v1 docs (#5105)
While following along with the usage section in the kv-v1 docs I noticed this error.
Running the given command gives:

```text
$ vault kv list kv/my-secret
No value found at kv/my-secret/
```

Running `vault kv list kv/` gives the desired output. 

Also, I removed some trailing whitespace.
2018-08-15 10:57:36 -07:00
Seth Vargo 324c8fab24 Fix docs typo (service-account => service_account) (#5102)
Fixes hashicorp/vault-plugin-auth-gcp#47
2018-08-14 15:46:41 -07:00
Jeff Mitchell 9b4e04917e Fix http tests 2018-08-14 17:09:55 -04:00
Jeff Mitchell f1d72abb39 Remove injection into top routes (#5101) 2018-08-14 15:29:22 -04:00
Jeff Mitchell c3e063f2a6 Fix read test 2018-08-14 14:20:49 -04:00
Jim Kalafut 09e9a7a203 Make base62.Random truncation optional (#5100) 2018-08-14 12:38:25 -04:00
Jim Kalafut 5f86155e6a
Consolidate base62 functions (#5099) 2018-08-14 08:44:30 -07:00
Seth Vargo 6dcecbdfda Fix Google Cloud races (#5081)
* storage/gcs: fix race condition in releasing lock

Previously we were deleting a lock without first checking if the lock we were deleting was our own. There existed a small period of time where vault-0 would lose leadership and vault-1 would get leadership. vault-0 would delete the lock key while vault-1 would write it. If vault-0 won, there'd be another leader election, etc.

This fixes the race by using a CAS operation instead.

* storage/gcs: properly break out of loop during stop

* storage/spanner: properly break out of loop during stop
2018-08-14 09:53:36 -04:00
Gerald 9192bd6b07 Add ttl params into csr signing docs (#5094) 2018-08-13 23:38:03 -04:00
Jeff Mitchell d4fe6a8571 changelog++ 2018-08-13 22:01:05 -04:00
Jeff Mitchell 74175b29af
Add support for passing args via vault read (#5093)
We support this in the API as of 0.10.2 so read should support it too.

Trivially tested with some log info:

`core: data: data="map[string]interface {}{"zip":[]string{"zap", "zap2"}}"`
2018-08-13 22:00:26 -04:00
Jeff Mitchell cbc1eded46 changelog++ 2018-08-13 21:19:28 -04:00
Stephen J. Butler 672668dea5 Add tokenGroups and tokenGroupsGlobalAndUniversal (#4936) 2018-08-13 14:57:10 -07:00
Yoko 1395d6ea1a
[Guide] Control Groups (#5072)
* Control Group guide

* Fixed user policy list

* Fixed a typo

* Replaced the wrong screenshot

* Added missing period
2018-08-13 14:51:32 -07:00
Frank Allenby ddc77d62f0 Added a link to the "previous section" mentioned (#5018)
This is for clarity since I had to check back to remember where it was mentioned.
2018-08-13 17:13:42 -04:00
Jim Kalafut 3822e2997b
Clarify "Commands" docs (#5092)
Fixes #4890
2018-08-13 14:09:48 -07:00
Nándor István Krácser b9fab6375b Alibaba Object Storage support (#4783) 2018-08-13 17:03:24 -04:00
Michael Schuett 63e7ac034f MySQL HA Backend Support (#4686) 2018-08-13 17:02:31 -04:00
Becca Petrin 4e7237178f
Add a header type field (#4993) 2018-08-13 11:02:44 -07:00
Jim Kalafut 92f0e1a39e Revert "Add ttl parameter to pki api docs (#5063)"
This reverts commit 7824826ca72c503677559cf9e5c1a7193433b34a.
2018-08-13 09:34:05 -07:00
Vishal Nayak 303b2f97ff
don't ignore errors (#5087) 2018-08-10 22:32:10 -04:00
Vishal Nayak 68d27c7c38
Adjust ACL error checking (#5086)
* Adjust acl error checking

* address review feedback

* unlock before checks
2018-08-10 21:05:10 -04:00
Jim Kalafut 5a35b718df
changelog++ 2018-08-10 16:42:51 -07:00
bohr 79b571d90d add backtick to fix mysql database name contain special characters (#5054)
when use mysql storage, set` database = "dev-dassets-bc"` , create database and create table will throw exceptions as follows:

    Error initializing storage of type mysql: failed to create mysql database: Error 1064: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '-dassets-bc' at line 1
    Error initializing storage of type mysql: failed to create mysql table: Error 1046: No database selected

cause of `-` is  a MySQL  built-in symbol. so add backtick for create database sql\create table sql \dml sqls.
2018-08-10 16:38:20 -07:00
Yoko 140e3d5402
[Guide] Vault Cluster Monitoring Guide (#5084)
* Vault cluster monitoring guide

* Updated the download link

* Fixed broken link
2018-08-10 13:52:02 -07:00
Jeff Mitchell 24cb96a9c6 Port over ns identity proto info 2018-08-10 12:45:34 -04:00
Jeff Mitchell 9d1a427949 Port over some ns stuff 2018-08-10 12:17:17 -04:00
Jeff Mitchell fb3c7eb449 Port some ns stuff over 2018-08-10 12:13:11 -04:00
Jim Kalafut 343d779434
changelog++ 2018-08-10 09:12:32 -07:00
Jim Kalafut 2da7d30097
Fix DB role statement update (#5058)
The backwards compatibility logic was preventing updates to role
statements from taking effect. This change removes persistence of
deprecated statement fields.
2018-08-10 09:00:52 -07:00
Jim Kalafut aa8dac9bd2
Add RDS notes to MSSQL docs (#5062) 2018-08-10 08:52:21 -07:00
Jeff Mitchell 4798af88f9
Fix some cases where unauthorized calls could return 400 (#5083) 2018-08-10 08:59:58 -05:00
Jeff Mitchell 3403c7ad9c Add headers accessor and ns function 2018-08-09 18:29:03 -04:00
Jeff Mitchell 67b160eb42 Add json tag to names response for sys_plugins 2018-08-09 18:02:03 -04:00
Jeff Mitchell 14dccd7744 Remove unused variable 2018-08-09 16:47:58 -04:00
Jeff Mitchell 99e1d0f444 changelog++ 2018-08-09 16:38:22 -04:00
Jeff Mitchell 2ed2e696a7
Merge Identity Entities if two claim the same alias (#5075)
* Merge Identity Entities if two claim the same alias

Past bugs/race conditions meant two entities could be created each
claiming the same alias. There are planned longer term fixes for this
(outside of the race condition being fixed in 0.10.4) that involve
changing the data model, but this is an immediate workaround that has
the same net effect: if two entities claim the same alias, assume they
were created due to this race condition and merge them.

In this situation, also automatically merge policies so we don't lose
e.g. RGPs.
2018-08-09 15:37:36 -05:00