Commit Graph

6907 Commits

Author SHA1 Message Date
Jeff Mitchell add6396298 changelog++ 2017-08-30 16:29:42 -04:00
Jeff Mitchell 3edb337a00 Add option to set cluster TLS cipher suites. (#3228)
* Add option to set cluster TLS cipher suites.

Fixes #3227
2017-08-30 16:28:23 -04:00
Jeff Mitchell d31ce49771 changelog++ 2017-08-30 15:42:44 -04:00
stephan stachurski e396d87bc5 add support to use application default credentials to gcs storage backend (#3257) 2017-08-30 15:42:02 -04:00
Seth Vargo 9d29380feb Merge pull request #3258 from hashicorp/sethvargo/custom
Remove fake news about custom plugins
2017-08-30 13:50:32 -04:00
Seth Vargo 9f80099fae
Remove fake news about custom plugins
This also adds a redirect from the old page to the new one
2017-08-30 12:57:45 -04:00
Calvin Leung Huang e7b5c3192a Fix travis build on go 1.9 2017-08-29 15:55:34 -04:00
Jeff Mitchell f58ffaf4d1 changelog++ 2017-08-29 14:52:15 -04:00
Christopher Pauley eccbb21ce8 stdout support for file backend via logger (#3235) 2017-08-29 14:51:16 -04:00
Lars Lehtonen 13901b1346 fix swallowed errors in pki package tests (#3215) 2017-08-29 13:15:36 -04:00
djboris9 21a15204bd Fix API/AUTH/AppRole doc issue concerning bound_cidr_list (#3205)
This patch fixes a little documentation issue.
bind_cidr_list doesn't exist as parameter to AppRole creation. It should be "bound_cidr_list".
In "path-help" it is documented correctly.
2017-08-29 12:37:20 -04:00
Jeff Mitchell 96900731f9 changelog++ 2017-08-25 14:49:15 -04:00
Jeff Mitchell 27ae5a269d Compare groups case-insensitively at login time (#3240)
* Compare groups case-insensitively at login time, since Okta groups are
case-insensitive but preserving.

* Make other group operations case-preserving but otherwise
case-insensitive. New groups will be written in lowercase.
2017-08-25 14:48:37 -04:00
Hamza Tümtürk 525c124d69 Add missing code ending to Sample Payload (#3239) 2017-08-25 12:34:12 -04:00
Jeff Mitchell cce9a41eac changelog++ 2017-08-25 10:50:28 -04:00
Jon Benson d88aefc64f Fix typo (#3237) 2017-08-25 09:51:33 -04:00
Brian Kassouf 892701358b Update to go1.9 on travis 2017-08-24 15:55:04 -07:00
Brian Kassouf 8a3521789d changelog++ 2017-08-24 15:28:12 -07:00
Brian Kassouf 23089dafbc Add basic autocompletion (#3223)
* Add basic autocompletion

* Add autocomplete to some common commands

* Autocomplete the generate-root flags

* Add information about autocomplete to the docs
2017-08-24 15:23:40 -07:00
Jeff Mitchell fe8528e56c Have Okta properly handle create/update for org/ttl/max_ttl. (#3236) 2017-08-24 18:18:05 -04:00
Chris Hoffman bf9658ec61 fix docs formatting 2017-08-24 11:23:26 -04:00
Christopher Pauley bd47ce523f update gcs backend tests- now strongly consistent (#3231) 2017-08-24 10:11:11 -04:00
Serg 66b178f969 Update index.html.md (#3233) 2017-08-24 10:08:35 -04:00
Chris Hoffman 27598ce960 Add GET variant on LIST endpoints (#3232) 2017-08-23 17:59:22 -04:00
Jeff Mitchell 7edd5bcfa8 changelog++ 2017-08-23 12:01:03 -04:00
Doyoon Kim 3ffebb7780 Moved PROXY protocol wrap to execute before the TLS wrap (#3195) 2017-08-23 12:00:09 -04:00
Jeff Mitchell 61c24bf270 changelog++ 2017-08-22 09:51:44 -04:00
EXPEddrewery cf4e8f0543 Add 'Period' support to AWS IAM token renewal (#3220) 2017-08-22 09:50:53 -04:00
Seth Vargo ec9e187ce4 Thread stderr through too (#3211)
* Thread stderr through too

* Small docs typo
2017-08-21 17:23:29 -04:00
Seth Vargo 1f45a6c96e Addd more SSH CA troubleshooting (#3201)
* Add notes about pty and other permit-* extensions

* Update troubleshooting

* Add an example of JSON for sign

* Fix a bug about what keys to push up
2017-08-21 17:22:54 -04:00
Yaroslav Lukyanov da19d2941f add new php client to the doc (#3206) 2017-08-21 13:07:03 -04:00
Jeff Mitchell e5b8983862 changelog++ 2017-08-18 19:48:56 -04:00
Jeff Mitchell 654e7d92ac Properly lowercase policy names. (#3210)
Previously we lowercased names on ingress but not on lookup or delete
which could cause unexpected results. Now, just unilaterally lowercase
policy names on write and delete. On get, to avoid the performance hit
of always lowercasing when not necessary since it's in the critical
path, we have a minor optimization -- we check the LRU first before
normalizing. For tokens, because they're already normalized when adding
policies during creation, this should always work; it might just be
slower for API calls.

Fixes #3187
2017-08-18 19:47:23 -04:00
Jeff Mitchell a51f3ece2b Revert "Add the ability to use root credentials for AWS IAM authentication. (#3181)" (#3212)
This reverts commit e99a2cd87726986cb0896fdc445a3d5f3c11a66d.

Fixes #3198

See discussion in #3198 for context.
2017-08-18 19:46:08 -04:00
Calvin Leung Huang 73fd103456 Update gcp auth backend docs (#3209)
* Update gcp auth backend docs

* Minor formatting and wording fixes

* Minor formatting fixes
2017-08-18 16:25:52 -04:00
Seth Vargo 51d8e5ff86 Do not revoke SSH key (#3208)
There is no secret to revoke - this produces an error on the CLI
2017-08-18 15:44:20 -04:00
Seth Vargo da7bc1f029
Update CHANGELOG 2017-08-18 13:02:38 -04:00
Seth Vargo 06df9a32a5 Merge pull request #3194 from hashicorp/sethvargo/ssh_ca_login
Add SSH CLI CA type authentication
2017-08-18 12:59:33 -04:00
Seth Vargo 2e3a9ebd06
Add host key checking for SSH CA 2017-08-18 12:59:09 -04:00
Seth Vargo 89cffaf25e
Revoke temporary cred after creation, update warning
/cc @vishalnayak
2017-08-18 12:59:09 -04:00
Seth Vargo 430fc22023
Initial pass at SSH CLI CA type authentication
1. The current implementation of the SSH command is heavily tied to the
assumptions of OTP/dynamic key types. The SSH CA backend is
fundamentally a different approach to login and authentication. As a
result, there was some restructuring of existing methods to share more
code and state.

2. Each authentication method (ca, otp, dynamic) are now fully-contained
in their own handle* function.

3. -mode and -role are going to be required for SSH CA, and I don't
think the magical UX (and overhead) of guessing them is a good UX. It's
confusing as to which role and how Vault guesses. We can reduce 66% of
the API calls and add more declaration to the CLI by making -mode and
-role required. This commit adds warnings for that deprecation, but
these values are both required for CA type authentication.

4. The principal and extensions are currently fixed, and I personally
believe that's good enough for the first pass at this. Until we
understand what configuration options users will want, I think we should
ship with all the local extensions enabled. Users who don't want that
can generate the key themselves directly (current behavior) or submit
PRs to make the map of extensions customizable.

5. Host key checking for the CA backend is not currently implemented.
It's not strictly required at setup, so I need to think about whether it
belongs here.

This is not ready for merge, but it's ready for early review.
2017-08-18 12:59:08 -04:00
Seth Vargo ae5996a737
Add SignKey endpoint for SSH API client 2017-08-18 12:59:08 -04:00
Paulo Ribeiro ba98b60e41 Fix typo in AppRole API page (#3207) 2017-08-18 10:46:29 -04:00
Seth Vargo e2e386784f Merge pull request #3200 from macInfinity/patch-1
Update policies.html.md
2017-08-17 18:35:41 -04:00
Chris Maki 7b5978634f Update policies.html.md
Using the latest vault release, I was getting the following error when the policy used `write`:

Error: Error making API request.

URL: PUT http://0.0.0.0:8200/v1/sys/policy/secret
Code: 400. Errors:

* Failed to parse policy: path "secret/*": invalid capability 'write'

I think `create` is the correct new Capability.
2017-08-17 12:26:29 -07:00
Seth Vargo 6f4bd86be0
YAML is literally the worst 2017-08-17 11:42:47 -04:00
Seth Vargo 0ffe86963c
Update news 2017-08-17 11:34:22 -04:00
Seth Vargo 4beb12fc88 Merge pull request #3166 from hashicorp/sethvargo/ssh_ca_expanse
Refactor SSH CA backend docs
2017-08-16 18:39:19 -04:00
Seth Vargo b4bec62d47
Typo fix 2017-08-16 18:38:35 -04:00
Seth Vargo 7b1e013511
Refactor SSH CA backend docs 2017-08-16 18:38:35 -04:00