luxolus/open-vault
2
0
Fork 0
Code Issues 1 Pull requests Releases Activity
7607 commits 1 branch 0 tags 214 MiB
Commit graph

271 commits

Author SHA1 Message Date
Jeff Mitchell f0203741ff Change default TTL from 30 to 32 to accommodate monthly operations (#1942) 2016-09-28 18:32:49 -04:00
vishalnayak a9976dca1c Remove a mistyped character 2016-09-28 18:30:49 -04:00
vishalnayak e01f99f042 Check for prefix match instead of exact match for IAM bound parameters 2016-09-28 18:08:28 -04:00
Vishal Nayak 4a30a6b4f8 Merge pull request #1913 from hashicorp/bound-iam-instance-profile-arn 
Proper naming for bound_iam_instance_profile_arn
 2016-09-28 15:34:56 -04:00
Vishal Nayak b1ee56a15b Merge pull request #1910 from hashicorp/secret-id-cidr-list 
CIDR restrictions on Secret ID
 2016-09-26 10:22:48 -04:00
vishalnayak d080107a87 Update docs to contain bound_iam_role_arn 2016-09-26 09:37:38 -04:00
vishalnayak 2d4bfeff49 Update website for bound_iam_instance_profile_arn 2016-09-23 11:23:59 -04:00
vishalnayak aaadd4ad97 Store the CIDR list in the secret ID storage entry. 
Use the stored information to validate the source address and credential issue time.
Correct the logic used to verify BoundCIDRList on the role.
Reverify the subset requirements between secret ID and role during credential issue time.
 2016-09-21 20:19:26 -04:00
Jeff Mitchell 982f151722 Update docs to reflect that there is more than one constraint for EC2 now 2016-09-20 16:11:32 -04:00
Carlo Cabanilla f6239cf0c0 fix shell quoting (#1904) 
$() doesnt get evaluated in single quotes, so you need to break out of it first
 2016-09-19 17:11:16 -04:00
Vishal Nayak 4f33e8d713 Merge pull request #1892 from hashicorp/role-tag-defaults 
Specify that role tags are not tied to an instance by default
 2016-09-15 12:04:41 -04:00
vishalnayak 9bca127631 Updated docs with nonce usage 2016-09-14 19:31:09 -04:00
vishalnayak 2639ca4d4f Address review feedback 2016-09-14 16:06:38 -04:00
vishalnayak dcddaa8094 Address review feedback 2016-09-14 15:13:54 -04:00
vishalnayak d5cc763b8d Clarify that tags can be used on all instances that satisfies constraints 2016-09-14 14:55:09 -04:00
vishalnayak 03fc7b517f Specify that role tags are not tied to an instance by default 2016-09-14 14:49:18 -04:00
vishalnayak 53c919b1d0 Generate the nonce by default 2016-09-14 14:28:02 -04:00
vishalnayak bef9c2ee61 Ensure at least one constraint on the role 2016-09-13 16:03:15 -04:00
AJ Bourg b524e43f15 Small change: Fix permission vault requires. 
Vault requires ec2:DescribeInstances, not ec2:DescribeInstance. (the
non-plural form doesn't exist)
 2016-09-12 14:38:10 -06:00
Jeff Mitchell 222adbdb61 Fix headers in aws-ec2 doc. 2016-08-30 11:53:21 -04:00
Adam Greene 66d3117cad fix aws-ec2 formatting around ttl (#1770) 2016-08-23 16:07:57 -04:00
Karl Falconer 6cbae1388e [Documentation] AppRole /login is unauthenticated (#1771) 2016-08-23 16:03:36 -04:00
Jeff Mitchell c64dba556c Swap push/pull. 2016-08-22 19:34:53 -04:00
vishalnayak dfe73733d5 Seperate endpoints for read/delete using secret-id and accessor 2016-08-21 14:42:49 -04:00
Jeff Mitchell 865ca94032 Initial fixups, not yet done 2016-08-20 22:39:41 -04:00
Martin Forssen a617ff0f93 Mention ttl parameter in the documentation of /auth/aws-ec2/role/<role> 
This parameter was not documented
 2016-08-18 13:16:58 +02:00
Matt Hurne 56252fb637 AppRole documentation tweaks (#1735) 
* Fix spelling error in AppRole docs

* Add force flag to sample command to generate a secret ID in AppRole docs

* Update sample output for AppRole login in docs
 2016-08-15 16:12:08 -04:00
Jeff Mitchell 4f0310ed96 Don't allow root from authentication backends either. 
We've disabled this in the token store, but it makes no sense to have
that disabled but have it enabled elsewhere. It's the same issue across
all, so simply remove the ability altogether.
 2016-08-08 17:32:37 -04:00
vishalnayak 4f45910dfc disallowed_policies doc update 2016-08-02 16:33:22 -04:00
Jeff Mitchell b4386032db Fix up some wording 2016-08-02 16:25:00 -04:00
vishalnayak 75c51378ce Updated token auth docs with disallowed_policies 2016-08-02 15:33:03 -04:00
Jeff Mitchell 9902891c81 Alphabetize token store docs 2016-08-01 13:37:12 -04:00
Jeff Mitchell 357f2d972f Add some extra safety checking in accessor listing and update website 
docs.
 2016-08-01 13:12:06 -04:00
Chris Hoffman 2930f2ca39 Preferred method is AppRole since AppId is now deprecated 2016-07-28 14:32:20 -04:00
Adam Greene da8ff50143 documentation cleanup 2016-07-27 10:43:59 -07:00
Jeff Mitchell 6e63af6ad0 Add deprecation notices for App ID 2016-07-26 10:08:46 -04:00
vishalnayak a6907769b0 AppRole authentication backend 2016-07-26 09:32:41 -04:00
Oren Shomron cd6d114e42 LDAP Auth Backend Overhaul 
--------------------------

Added new configuration option to ldap auth backend - groupfilter.
GroupFilter accepts a Go template which will be used in conjunction with
GroupDN for finding the groups a user is a member of. The template will
be provided with context consisting of UserDN and Username.

Simplified group membership lookup significantly to support multiple use-cases:
  * Enumerating groups via memberOf attribute on user object
  * Previous default behavior of querying groups based on member/memberUid/uniqueMember attributes
  * Custom queries to support nested groups in AD via LDAP_MATCHING_RULE_IN_CHAIN matchind rule

There is now a new configuration option - groupattr - which specifies
how to resolve group membership from the objects returned by the primary groupfilter query.

Additional changes:
  * Clarify documentation for LDAP auth backend.
  * Reworked how default values are set, added tests
  * Removed Dial from LDAP config read. Network should not affect configuration.
 2016-07-22 21:20:05 -04:00
Jeff Mitchell 4c5ae34ebf Merge pull request #1613 from skippy/update-aws-ec2-docs 
[Docs] aws-ec2 -- note IAM action requirement
 2016-07-18 10:40:38 -04:00
Jeff Mitchell 73923db995 Merge pull request #1589 from skippy/patch-2 
[Docs] aws-ec2 -- clarify aws public cert is already preloaded
 2016-07-18 10:02:35 -04:00
Adam Greene 8f6b97f4e4 [Docs] aws-ec2 -- note IAM action requirement 2016-07-13 15:52:47 -07:00
Adam Greene d6f5c5f491 english tweaks 2016-07-13 15:11:01 -07:00
Eric Herot cbc76c357e Pretty sure the method to delete a token role is not GET 2016-07-07 13:54:20 -04:00
Adam Greene 2405b7f078 Update aws-ec2.html.md 
per #1582, updating the docs to include notes about pkcs#7 handling, specifically that aws returns the pkcs#7 cert with newlines and that they need to be stripped before sending them to the login endpoint
 2016-07-05 13:21:56 -07:00
Adam Greene 5ef359ff6c Update aws-ec2.html.md 
clarify, and make more explicit, the language around the default AWS public certificate
 2016-07-05 13:14:29 -07:00
vishalnayak d0a142c75a Merge branch 'master-oss' into bind-account-id-aws-ec2 
Conflicts:
	website/source/docs/auth/aws-ec2.html.md
 2016-06-17 12:41:21 -04:00
Martin Forssen f8558ca1f2 Fixed a number of spelling errors in aws-ec2.html.md 2016-06-15 13:32:36 +02:00
vishalnayak 8e03c1448b Merge branch 'master-oss' into bind-account-id-aws-ec2 
Conflicts:
	builtin/credential/aws-ec2/backend_test.go
	builtin/credential/aws-ec2/path_login.go
	builtin/credential/aws-ec2/path_role.go
 2016-06-14 14:46:08 -04:00
Ivan Fuyivara 0ffbef0ccd added tests, nil validations and doccumentation 2016-06-14 16:58:50 +00:00
vishalnayak 26f7fcf6a1 Added bound_account_id to aws-ec2 auth backend 2016-06-14 11:58:19 -04:00
Jon Benson 7883e98eb8 Update aws-ec2.html.md 2016-06-09 23:08:08 -07:00
vishalnayak c6a27f2fa8 s/VAULT_GITHUB_AUTH_TOKEN/VAULT_AUTH_GITHUB_TOKEN 2016-06-09 14:00:56 -04:00
vishalnayak 308294db46 Added VAULT_GITHUB_AUTH_TOKEN env var to receive GitHub auth token 2016-06-09 13:45:56 -04:00
Jeff Mitchell 2b4b6559e3 Merge pull request #1504 from hashicorp/token-store-roles-renewability 
Add renewable flag to token store roles
 2016-06-08 15:56:54 -04:00
Jeff Mitchell cf8f38bd4c Add renewable flag to token store roles 2016-06-08 15:17:22 -04:00
Jeff Mitchell 65d8973864 Add explicit max TTL capability to token creation API 2016-06-08 14:49:48 -04:00
vishalnayak dbee3cd81b Address review feedback 2016-06-01 10:36:58 -04:00
vishalnayak 5c25265fce rename aws.html.md as aws-ec2.html.md 2016-05-30 14:11:15 -04:00
vishalnayak a072f2807d Rename aws as aws-ec2 2016-05-30 14:11:15 -04:00
Vishal Nayak 53fc941761 Merge pull request #1300 from hashicorp/aws-auth-backend 
AWS EC2 instances authentication backend
 2016-05-14 19:42:03 -04:00
vishalnayak 4122ed860b Rename 'role_name' to 'role' 2016-05-13 14:31:13 -04:00
vishalnayak 7e8a2d55d0 Update docs and path names to the new patterns 2016-05-12 11:45:10 -04:00
Jeff Mitchell aecc3ad824 Add explicit maximum TTLs to token store roles. 2016-05-11 16:51:18 -04:00
Jeff Mitchell 3e71221839 Merge remote-tracking branch 'origin/master' into aws-auth-backend 2016-05-05 10:04:52 -04:00
Jeff Mitchell 3600b2573d Update website docs re token store role period parsing 2016-05-04 02:17:20 -04:00
vishalnayak b7c48ba109 Change image/ to a more flexible /role endpoint 2016-05-03 23:36:59 -04:00
vishalnayak 9f2a111e85 Allow custom endpoint URLs to be supplied to make EC2 API calls 2016-05-02 17:21:52 -04:00
Jeff Mitchell 4182d711c3 Merge branch 'master-oss' into aws-auth-backend 2016-04-29 14:23:16 +00:00
Jeff Mitchell 81da06de05 Fix fetching parameters in token store when it's optionally in the URL 2016-04-28 15:15:37 -04:00
vishalnayak 2a2dc0befb Added allow_instance_migration to the role tag 2016-04-28 11:43:48 -04:00
vishalnayak b7b1f80a83 Updated docs 2016-04-28 11:25:47 -04:00
vishalnayak 779d73ce2b Removed existence check on blacklist/roletags, docs fixes 2016-04-27 21:29:32 -04:00
vishalnayak de1a1be564 tidy endpoint fixes 2016-04-26 10:22:29 -04:00
vishalnayak 21854776af Added cooldown period for periodic tidying operation 2016-04-26 10:22:29 -04:00
vishalnayak 5a2e1340df Removed redundant AWS public certificate. Docs update. 2016-04-26 10:22:29 -04:00
vishalnayak 58c485f519 Support providing multiple certificates. 
Append all the certificates to the PKCS#7 parser during signature verification.
 2016-04-26 10:22:29 -04:00
Jeff Mitchell fd977bb478 Updating to docs 2016-04-26 10:22:29 -04:00
vishalnayak 9d4a7c5901 Docs update 2016-04-26 10:22:29 -04:00
Jeff Mitchell 0f0a6ae368 Merge pull request #1282 from rileytg/patch-1 
change github example team to admins
 2016-04-25 15:45:01 -04:00
Jeff Mitchell b90286996f Update cert website docs 2016-04-13 16:28:23 +00:00
Simon Dick 66f84077d3 Should be renew not revoke 2016-04-12 14:04:26 +01:00
Christopher "Chief" Najewicz 67e8328a76 Update github doc with note about slugifying team 2016-04-10 11:11:40 -04:00
vishalnayak e3a1ee92b5 Utility Enhancements 2016-04-05 20:32:59 -04:00
Riley Guerin 5620e00f9c fix typo 2016-04-01 07:49:25 -07:00
Riley Guerin 0fac5b906e change github example team to admins 
somewhat recently github has gone away from the previous model of an "owners" team 
https://help.github.com/articles/converting-your-previous-owners-team-to-the-improved-organization-permissions/

you can be an "Owner" of the org still but this does not map to vault as one *might* expect given these docs
 2016-04-01 07:48:54 -07:00
Jeff Mitchell 2efaf5272c Documentation update 2016-03-31 18:07:43 -04:00
Amit Khare 218a713293 Update userpass.html.md 2016-03-23 10:47:28 -04:00
vishalnayak 2914ff7502 Use helper for existence check. Avoid panic by fetching default values for field data 2016-03-16 11:26:33 -04:00
vishalnayak 1513ade19a Added API documentation for userpass backend 2016-03-15 22:19:31 -04:00
Jeff Mitchell 21b2a658e2 Remove name param from docs 2016-03-15 14:58:10 -04:00
Jeff Mitchell 8bf935bc2b Add list support to certs in cert auth backend. 
Fixes #1212
 2016-03-15 14:07:40 -04:00
vishalnayak 65c1040149 Documentation to provide optional parameters to token store API 2016-03-14 19:36:53 -04:00
Jeff Mitchell a798bdb822 Update app-id docs to use new endpoint 2016-03-14 16:43:02 -04:00
Jeff Mitchell fa2ba47a5c Merge branch 'master' into token-roles 2016-03-09 17:23:34 -05:00
vishalnayak 007142262f Provide accessor to revove-accessor in the URL itself 2016-03-09 13:08:37 -05:00
vishalnayak 7407c27778 Add docs for new token endpoints 2016-03-09 09:31:09 -05:00
Jeff Mitchell 7c5f810bc0 Address first round of feedback 2016-03-01 15:30:37 -05:00
Jeff Mitchell 02362a5873 Update token documentation 2016-03-01 14:00:52 -05:00
vishalnayak 69bcbb28aa rename verify_cert as disable_binding and invert the logic 2016-02-24 21:01:21 -05:00
vishalnayak cf0156e5b4 documentation for the config endpoint 2016-02-24 17:13:24 -05:00
Jeff Mitchell 05b5ff69ed Address some feedback on ldap escaping help text 2016-02-19 13:47:26 -05:00
Jeff Mitchell c67871c36e Update LDAP documentation with a note on escaping 2016-02-19 13:16:18 -05:00
Jeff Minard 1985fa3313 Minor spelling fix 2016-02-13 08:41:16 -08:00
Jeff Mitchell df536a8f0a Fix token backend doc bug 
Fixes #990
 2016-01-29 21:01:08 -05:00
Hanno Hecker 0db33274b7 discover bind dn with anonymous binds 2016-01-27 17:06:27 +01:00
Hanno Hecker 22c22095d2 samaccountname as login example 2016-01-27 09:25:05 +01:00
Hanno Hecker c6acb340a8 docs for binddn/bindpass 2016-01-27 07:51:10 +01:00
Raja Nadar cf9b3c7c66 fixing the description of the /lookup/<token> api 2016-01-25 23:26:29 -08:00
Raja Nadar d3434f8f03 clarify default mountpoint 2016-01-23 11:02:00 -08:00
Raja Nadar 9b82736b9a fixed login link,request params,add json response 
1. fix login link
2. added personal access token to request message
3. added a sample json response
 2016-01-22 17:38:32 -08:00
Jeff Mitchell a7a02b3043 Cert documentation fix. 
Fixes #899
 2015-12-30 16:44:24 -05:00
Terry Corley d6884b85e1 Change API endpoint path for app-id 
The /login path was confusing because its not relative and not consistent with other documentation. Other documentation (e.g., username and password at https://www.vaultproject.io/docs/auth/userpass.html) uses relative path.
 2015-12-15 12:45:04 -06:00
Jeff Mitchell eee8386ea9 Add info about cert backend not checking CRL revocation. 2015-12-05 15:12:43 -05:00
Jeff Mitchell bf0909a892 Tab -> space doc fix 2015-12-05 15:04:54 -05:00
Jeff Mitchell 1a45696208 Add no-default-policy flag and API parameter to allow exclusion of the 
default policy from a token create command.
 2015-11-09 17:30:50 -05:00
Jeff Mitchell 10913e2e6b Update cert documentation to note requiring sudo access. 2015-11-06 16:09:42 -05:00
Jeff Mitchell 73e3aa1d64 Add create-orphan to documentation 2015-11-03 15:15:33 -05:00
Jeff Mitchell d3f7546602 Fix trailing whitespace complaints 2015-11-03 10:52:20 -05:00
Jeff Mitchell f0a25ed581 Clarify that CRLs are not fetched by Vault 2015-11-03 10:52:20 -05:00
Jeff Mitchell 154fc24777 Address first round of feedback from review 2015-11-03 10:52:20 -05:00
Jeff Mitchell 59cc61cc79 Add documentation for CRLs and some minor cleanup. 2015-11-03 10:52:20 -05:00
Jason Antman c7ff26b650 add documentation for GitHub Auth Backend 'ttl' and 'max_ttl' parameters 2015-10-23 09:30:48 -04:00
Jason Antman b27e80d090 add GitHub Enterprise base_url to docs 
In https://github.com/hashicorp/vault/issues/716 @jefferai confirmed that the GitHub Auth Backend supports GitHub enterprise using an undocumented ``base_url`` parameter. This adds that parameter to the relevant documentation page.
 2015-10-23 09:18:07 -04:00
Jeff Mitchell 189b72c3ba Document the renew-self call 2015-10-21 10:53:20 -04:00
Seth Vargo 50f720bc06 Remove tabs from terminal output 
This also standardizes on the indentation we use for multi-line commands as
well as prefixes all commands with a $ to indicate a shell.
 2015-10-12 12:10:22 -04:00
Jeff Mitchell 62ac518ae7 Switch per-mount values to strings going in and seconds coming out, like other commands. Indicate deprecation of 'lease' in the token backend. 2015-09-25 10:41:21 -04:00
Jeff Mitchell 8f79e8be82 Add revoke-self endpoint. 
Fixes #620.
 2015-09-17 13:22:30 -04:00
vishalnayak 142cb563a6 Improve documentation of token renewal 2015-09-11 21:08:32 -04:00
Seth Vargo 6f248425a6 Update documentation around cookies 2015-09-03 10:36:59 -04:00
Armon Dadgar 4d08cfdf6f Merge pull request #469 from kgutwin/f-config-defaultlease 
Add configuration options for default lease duration and max lease duration
 2015-08-04 10:06:41 -07:00
Rusty Ross 719ac6e714 update doc for app-id 
make clearer in doc that user-id can accept multiple app-id mappngs as comma-separated values
 2015-08-03 09:44:26 -07:00
Bradley Girardeau aa55d36f03 Clean up naming and add documentation 2015-07-30 17:36:40 -07:00
Karl Gutwin 151ec72d00 Add configuration options for default lease duration and max lease duration. 2015-07-30 09:42:49 -04:00
Bradley Girardeau 112f98d86f mfa: cleanup website documentation 2015-07-28 12:25:01 -07:00
Bradley Girardeau 6c24a000a3 mfa: add website documentation 2015-07-28 11:00:57 -07:00
Bradley Girardeau e8d26d244b ldap: change setting user policies to setting user groups 2015-07-20 11:33:39 -07:00
Bradley Girardeau 1e1d4ba66d ldap: add documentation for setting policies based on user 2015-07-14 16:13:40 -07:00
Bradley Girardeau 0e2edc2378 ldap: add ability to login with a userPrincipalName (user@upndomain) 2015-07-14 15:37:46 -07:00
Armon Dadgar 3042452def website: fixing lots of references to vault help 2015-07-13 20:12:09 +10:00
Armon Dadgar 8dd9478e14 website: fixing documentation errors. Fixes #412 2015-07-13 19:10:44 +10:00
mootpt 872593d1e1 fixed secrets backend url 
minor doc fix
 2015-07-06 11:11:58 -07:00
Bradley Girardeau 42050fe77b ldap: add starttls support and option to specificy ca certificate 2015-07-02 15:49:51 -07:00
Armon Dadgar 3c58773598 Merge pull request #380 from kgutwin/cert-cli 
Enable TLS client cert authentication via the CLI
 2015-06-30 11:44:28 -07:00
Armon Dadgar b8f2e8d498 website: document insecure_tls for LDAP backend 2015-06-30 09:42:18 -07:00
Karl Gutwin 70fc49be84 Website docs. 2015-06-30 09:18:39 -04:00
Justin Campbell 2a1eac837c docs: Fix examples of auth via JSON 
For both userpass and LDAP
 2015-06-04 10:38:11 -04:00
joe miller fd57ca0e39 fix doc example to submit valid json in POST body 
I don't know if there is some version of curl that auto-generates json but the example didn't work for me on curl 7.32.0. Submitting the data as JSON works though.
 2015-05-20 13:11:54 -07:00
Aaron Bedra ed9b44bb44 Fix typo in app-id docs 2015-05-20 09:36:54 -05:00
Armon Dadgar 9c916386de Update github.html.md 
Fixing incorrect documentation about case sensitivity
 2015-05-18 09:37:31 -07:00
Armon Dadgar 3f3133b066 Merge pull request #204 from nrocine/master 
Added implementation details to the GitHub Auth Docs on the Vault Website
 2015-05-18 09:36:35 -07:00