Commit graph

1859 commits

Author SHA1 Message Date
Jeff Mitchell abeb0fd45c Bump versions in preparation for release 2018-02-26 12:20:19 -05:00
vishalnayak 4b0f27923f ssh: clarify optional behavior of cidr_list 2018-02-24 06:55:55 -05:00
chris trott 78df6a630e Configurable Consul Service Address (#3971)
* Consul service address is blank

Setting an explicit service address eliminates the ability for Consul
to dynamically decide what it should be based on its translate_wan_addrs
setting.

translate_wan_addrs configures Consul to return its lan address to nodes
in its same datacenter but return its wan address to nodes in foreign
datacenters.

* service_address parameter for Consul storage backend

This parameter allows users to override the use of what Vault knows to
be its HA redirect address.

This option is particularly commpelling because if set to a blank
string, Consul will leverage the node configuration where the service is
registered which includes the `translate_wan_addrs` option. This option
conditionally associates nodes' lan or wan address based on where
requests originate.

* Add TestConsul_ServiceAddress

Ensures that the service_address configuration parameter is setting the
serviceAddress field of ConsulBackend instances properly.

If the "service_address" parameter is not set, the ConsulBackend
serviceAddress field must instantiate as nil to indicate that it can be
ignored.
2018-02-23 11:15:29 -05:00
Yoko 099d89ff9d
Fixed a broken link (#4032) 2018-02-22 19:43:27 -08:00
Yoko 5389550cdc
Changed the layout category menu (#4007)
* Changed the layout category menu

* Fixed typos

* Fixed a typo, and removed the duplicated generate-root guide

* Fixed the redirect.txt
2018-02-22 16:24:01 -08:00
Chris Hoffman a2e816321e
adding LIST for connections in database backend (#4027) 2018-02-22 15:27:33 -05:00
Jeff Mitchell 9c2ad5c4ec Fix formatting on sys/health docs 2018-02-22 10:52:12 -05:00
Jeff Mitchell 2dda3f6363 Make docs around regenerate_key more specific 2018-02-22 09:09:20 -05:00
Calvin Leung Huang a06243bf8d
Add description param on tune endpoints (#4017) 2018-02-21 17:18:05 -05:00
Jeff Mitchell c2ae25d588 Update PKCS11 seal information 2018-02-21 09:05:36 -05:00
Jeff Mitchell 227ebcc188 Bump files for new version 2018-02-20 14:51:20 -05:00
Vishal Nayak 45bb1f0adc
Verify DNS SANs if PermittedDNSDomains is set (#3982)
* Verify DNS SANs if PermittedDNSDomains is set

* Use DNSNames check and not PermittedDNSDomains on leaf certificate

* Document the check

* Add RFC link

* Test for success case

* fix the parameter name

* rename the test

* remove unneeded commented code
2018-02-16 17:42:29 -05:00
Jeff Mitchell f29bde0052
Support other names in SANs (#3889) 2018-02-16 17:19:34 -05:00
Jeff Mitchell 6f6b4521fa Update website for AWS client max_retries 2018-02-16 11:13:55 -05:00
Jeff Mitchell 857cdaeb2b Add some info about cert reloading behavior on SIGHUP
CC #3990
2018-02-15 17:11:48 -05:00
Seth Vargo cd930b1173 Add support for Google Cloud Spanner (#3977) 2018-02-14 20:31:20 -05:00
Jeff Mitchell 35906aaa6c
Add ChaCha20-Poly1305 support to transit (#3975) 2018-02-14 11:59:46 -05:00
Nick 11f197dfa5 Update lease.html.md (#3759) 2018-02-14 09:44:34 -05:00
Brian Shumate e6bf69b96b DOCS: update Telemetry with more coverage (#3968)
- Add initial secrets engines metrics
- Update metrics types/values
- Update language for auth methods, secrets engines, audit devices
- Add more linking to relevant documentation
2018-02-14 09:39:51 -05:00
Seth Vargo 602a7c27f8 Fix code in header font size (#3970)
* Fix code in header font size

This fixes the tiny code font in header names.

* Update _global.scss
2018-02-13 22:17:51 -05:00
Brian Shumate bbc196a6e5 Clarify with example of file-backend specific metrics (#3913) 2018-02-13 11:04:11 -05:00
George Perez 6e0ff44bfc Update generate-root.html.md (#3894)
Fix typo: "providers" to "provides"
2018-02-13 11:03:35 -05:00
Brian Shumate 492b3e2277 DOCS: update Telemetry (#3964)
- Correct time to millis
- Correct storage backend summaries from # ops to duration of ops
2018-02-13 10:15:19 -05:00
Paul Stack 3c683dba92 Adding Manta Storage Backend (#3720)
This PR adds a new Storage Backend for Triton's Object Storage - Manta

```
make testacc TEST=./physical/manta
==> Checking that code complies with gofmt requirements...
==> Checking that build is using go version >= 1.9.1...
go generate
VAULT_ACC=1 go test -tags='vault' ./physical/manta -v  -timeout 45m
=== RUN   TestMantaBackend
--- PASS: TestMantaBackend (61.18s)
PASS
ok  	github.com/hashicorp/vault/physical/manta	61.210s
```

Manta behaves differently to how S3 works - it has no such concepts of Buckets - it is merely a filesystem style object store

Therefore, we have chosen the approach of when writing a secret `foo` it will actually map (on disk) as foo/.vault_value

The reason for this is because if we write the secret `foo/bar` and then try and Delete a key using the name `foo` then Manta
will complain that the folder is not empty because `foo/bar` exists. Therefore, `foo/bar` is written as `foo/bar/.vault_value`

The value of the key is *always* written to a directory tree of the name and put in a `.vault_value` file.
2018-02-12 18:22:41 -05:00
Calvin Leung Huang 60732577f5
CLI Enhancements (#3897)
* Use Colored UI if stdout is a tty

* Add format options to operator unseal

* Add format test on operator unseal

* Add -no-color output flag, and use BasicUi if no-color flag is provided

* Move seal status formatting logic to OutputSealStatus

* Apply no-color to warnings from DeprecatedCommands as well

* Add OutputWithFormat to support arbitrary data, add format option to auth list

* Add ability to output arbitrary list data on TableFormatter

* Clear up switch logic on format

* Add format option for list-related commands

* Add format option to rest of commands that returns a client API response

* Remove initOutputYAML and initOutputJSON, and use OutputWithFormat instead

* Remove outputAsYAML and outputAsJSON, and use OutputWithFormat instead

* Remove -no-color flag, use env var exclusively to toggle colored output

* Fix compile

* Remove -no-color flag in main.go

* Add missing FlagSetOutputFormat

* Fix generate-root/decode test

* Migrate init functions to main.go

* Add no-color flag back as hidden

* Handle non-supported data types for TableFormatter.OutputList

* Pull formatting much further up to remove the need to use c.flagFormat (#3950)

* Pull formatting much further up to remove the need to use c.flagFormat

Also remove OutputWithFormat as the logic can cause issues.

* Use const for env var

* Minor updates

* Remove unnecessary check

* Fix SSH output and some tests

* Fix tests

* Make race detector not run on generate root since it kills Travis these days

* Update docs

* Update docs

* Address review feedback

* Handle --format as well as -format
2018-02-12 18:12:16 -05:00
Joel Thompson c61ac21e6c auth/aws: Improve role tag docs as suggested on mailing list (#3915)
Fixes the ambiguity called out in
https://groups.google.com/forum/#!msg/vault-tool/X3s7YY0An_w/yH0KFQxlBgAJ
2018-02-12 17:39:17 -05:00
Jeff Mitchell 4969505c7e
Add transaction-like behavior for Transit persists. (#3959) 2018-02-12 17:27:28 -05:00
Jeff Mitchell db8772f15e Minor website wording updates 2018-02-12 15:28:06 -05:00
Jeff Mitchell 5a047fba68 Document the disable_sealwrap parameter 2018-02-12 15:20:07 -05:00
Jeff Mitchell 6f025fe2ab
Adds the ability to bypass Okta MFA checks. (#3944)
* Adds the ability to bypass Okta MFA checks.

Unlike before, the administrator opts-in to this behavior, and is
suitably warned.

Fixes #3872
2018-02-09 17:03:49 -05:00
Vishal Nayak 80ffd07b8b added a flag to make common name optional if desired (#3940)
* added a flag to make common name optional if desired

* Cover one more case where cn can be empty

* remove skipping when empty; instead check for emptiness before calling validateNames

* Add verification before adding to DNS names to also fix #3918
2018-02-09 13:42:19 -05:00
alexandrumd 56f0ff4293 Change 'rules' parameter for Policies requests (#3947)
With Vault Version: 0.9.1, the following is returned when using "rules" for policies operation:
```The following warnings were returned from the Vault server:
* 'rules' is deprecated, please use 'policy' instead```
2018-02-09 07:43:18 -05:00
Roger Berlind 07f587dd05 Updated replication table (#3929) 2018-02-08 18:11:00 -05:00
Jeff Mitchell 4fbeae77ee
Update relatedtools.html.md 2018-02-08 11:15:47 -05:00
Robert Kreuzer a25986391b Add vaultenv to the list of related tools (#3945) 2018-02-08 10:30:45 -05:00
Chris Hoffman d723479b32
Fixing docs links and adding redirects for new guides (#3939)
* updating links

* updating links

* updating links

* updating links

* updating links

* adding redirects
2018-02-07 19:29:07 -05:00
Jed da955a8f1b Lil typo fixes (#3925)
Read through the initial docs and noticed a few typos
2018-02-07 09:38:11 -05:00
emily e086429964 fix IAM diagram for GCP auth method docs (#3927) 2018-02-07 09:37:11 -05:00
Andy Manoske 4d33d5fa34
Merge branch 'master' into new-guides 2018-02-06 13:09:22 -08:00
cikenerd e7973773ac Update etcd storage doc (#3753) 2018-02-06 11:00:00 -05:00
Yoko Hyakuna 1b12d74188 Missing * in the command 2018-02-05 16:17:18 -08:00
Jeff Mitchell 4174019efb Add a space before the MFA super 2018-02-05 12:32:25 -05:00
Jeff Mitchell 855d8cb769 Move MFA to deprecated section, mark with a super 2018-02-05 12:32:21 -05:00
Jeff Mitchell 193278f9a4 Minor grammatical update to MFA doc 2018-02-05 12:26:16 -05:00
Jeff Mitchell 8145b0ce0b Mark old MFA as legacy/unsupported in sidebar 2018-02-05 11:47:59 -05:00
Jeff Mitchell 0255d4ca10 Make the MFA support status more clear for the legacy system 2018-02-04 19:25:27 -05:00
Yoko Hyakuna 6883dc32f4 Merge branch 'master' of github.com:hashicorp/vault into new-guides 2018-02-02 09:03:12 -08:00
George Christou c35af6dd01 website: Include fish as a supported shell (#3895) 2018-02-02 10:34:48 -05:00
Yoko 9c93d2761e
Merge branch 'master' into new-guides 2018-02-01 11:55:18 -08:00
Yoko Hyakuna 2d30bef2af Fixed a typo 'on-demand' 2018-02-01 10:00:18 -08:00