Commit graph

8986 commits

Author SHA1 Message Date
Brian Kassouf bc36d78df1 Update plugins 2018-10-02 11:14:15 -07:00
Chris Hoffman a4a688764a
changelog++ 2018-10-02 13:50:36 -04:00
Matthew Irish 76bb00c5c4
Update yarn version in the cross Dockerfile 2018-10-02 10:56:51 -05:00
Chris Hoffman 8154500255
changelog++ 2018-10-02 11:23:20 -04:00
sk4ry 0fab335eec Add ability to configure the NotBefore property of certificates in role api (#5325)
* Add ability to configure the NotBefore property of certificates in role api

* Update index.html.md

* converting field to time.Duration

* setting default back to 30s

* renaming the parameter not_before_duration to differentiate between the NotBefore datetime on the cert

* Update description
2018-10-02 11:10:43 -04:00
Matthew Irish a105664141
UI - ent fixes (#5430)
* re-add performancestandycode for health api call

* update debounce timeout for namespace input on the auth page

* re-fetch cluster model on successful init

* 500ms for the debounce

* swap auth methods after successful api call so that the auth box doesn't jump around

* move list capability fetch to namespace component and don't use computed queryRecord to fetch it

* convert ed models to JSON so that they're unaffected by store unloading

* serialize with the id for the auth method models

* speed tests back up with different polling while loop

* login flash isn't in the same run loop so no longer needs withFlash
2018-10-02 10:05:34 -05:00
Joel Thompson 6a9e6cc474 Allow specifying role-default TTLs in AWS secret engine (#5138)
* Allow specifying role-default TTLs in AWS secret engine

* Add an acceptance test

* Add docs for AWS secret role-default TTLs

* Rename default_ttl to default_sts_ttl

* Return default_ttl as int64 instead of time.Duration

* Fix broken tests

The merge of #5383 broke the tests due to some changes in the test style
that didn't actually cause a git merge conflict. This updates the tests
to the new style.
2018-10-02 10:14:16 -04:00
Matthew Irish 9f213c976c
changelog++ 2018-10-02 08:59:45 -05:00
Matthew Irish 42d1047a74
UI - token expiration calculation (#5435)
* fix token expiration calculation

* move authenticate to an ember concurrency task

* don't show logged in nav while still on the auth route

* move current tests to integration folder, add unit test for expiration calculation

* fix auth form tests
2018-10-02 08:53:39 -05:00
Nageswara Rao Podilapu e12948593b Update page content with a generic noun (#5444)
This might be a typo, It says `A user may have a client token sent to her` instead it should say `A user may have a client token sent to them`
2018-10-02 09:31:01 -04:00
Brian Kassouf 2ec54c3a0b
Fix seal status tests (#5443) 2018-10-01 18:09:20 -07:00
Calvin Leung Huang 74c50adb58 logical/nomad: Reduce flakiness in prepareTestContainer (#5440) 2018-10-01 17:46:37 -07:00
JohnVonNeumann eba56f3f23 Update operator_init.go (#5441)
Minor grammar fix.
2018-10-01 17:19:13 -07:00
Brian Kassouf 813230ed96
changelog++ 2018-10-01 14:41:30 -07:00
Jim Kalafut 43d498983c
Retry failing migration check instead of exiting (#5427) 2018-10-01 14:35:35 -07:00
Matthew Irish 5a8a12aa58
tweak warning about force promoting replication clusters (#5439) 2018-10-01 16:21:00 -05:00
Brian Kassouf e41b388edd
Update CHANGELOG.md 2018-10-01 14:15:00 -07:00
Saurabh Pal 77e635f7e1 Enable TLS based communication with Zookeeper Backend (#4856)
* The added method customTLSDial() creates a tls connection to the zookeeper backend when 'tls_enabled' is set to true in config

* Update to the document for TLS configuration that is  required to enable TLS connection to Zookeeper backend

* Minor formatting update

* Minor update to the description for example config

* As per review comments from @kenbreeman, additional property description indicating support for multiple Root CAs in a single file has been added

* minor formatting
2018-10-01 14:12:08 -07:00
Brian Kassouf 5f34bbbe6d
Update replication-performance.html.md 2018-10-01 13:59:50 -07:00
Brian Kassouf 45c8894c0d
Update replication-dr.html.md 2018-10-01 13:59:17 -07:00
Matthew Irish 87ed1e4f52
ui - add force option when promoting a replication secondary (#5438) 2018-10-01 15:58:43 -05:00
Brian Kassouf 03cf7958ad
Update replication-dr.html.md 2018-10-01 12:53:20 -07:00
Brian Kassouf e6b337b06f
Update replication-performance.html.md 2018-10-01 12:52:44 -07:00
Calvin Leung Huang 4f1af61bda changelog++ 2018-10-01 12:25:11 -07:00
Becca Petrin d1904e972f Discuss ambient credentials in namespaces (#5431)
* discuss ambient credentials in namespaces

* update aws cred chain description
2018-10-01 15:23:54 -04:00
Calvin Leung Huang 37c0b83669
Add denylist check when filtering passthrough headers (#5436)
* Add denylist check when filtering passthrough headers

* Minor comment update
2018-10-01 12:20:31 -07:00
Brian Kassouf ac8816a7a9
changelog++ 2018-10-01 11:55:27 -07:00
vishalnayak 8e52790db5 Fix PR number for a CL entry 2018-10-01 14:48:05 -04:00
Matthew Irish 984462f22b
UI - fix the top level polling and use ember-concurrency (#5433)
* fix the top level pollling and use ember-concurrency

* make suggested changes
2018-10-01 13:04:34 -05:00
Brian Kassouf 8bf1598bff
changelog++ 2018-10-01 10:49:04 -07:00
Martin 03fb39033f Add support for token passed Authorization Bearer header (#5397)
* Support Authorization Bearer as token header

* add requestAuth test

* remove spew debug output in test

* Add Authorization in CORS Allowed headers

* use const where applicable

* use less allocations in bearer token checking

* address PR comments on tests and apply last commit

* reorder error checking in a TestHandler_requestAuth
2018-10-01 10:33:21 -07:00
Chris Pick 36c20e8e2d Note that GCP auth method needs iam API enabled (#5339)
In addition to the specific permissions that are already mentioned, the project also needs the `iam.googleapis.com` API enabled, otherwise authenticating will fail with an error similar to:

```
Error authenticating: Error making API request.

URL: PUT https://localhost:8200/v1/auth/gcp/login
Code: 400. Errors:

* could not find service account key or Google Oauth cert with given 'kid' id
```
2018-10-01 10:09:32 -07:00
Vishal Nayak 8e66e474ca Ensure old group alias is removed when a new one is written (#5350) 2018-10-01 10:06:10 -07:00
Becca Petrin 3da8d38e7d point at a fork of aliyun-oss-go-sdk (#5358) 2018-10-01 10:05:08 -07:00
Chris Hoffman 33accf60be
changelog++ 2018-09-28 17:48:45 -04:00
Matthew Irish 572fb826be
UI aws engine tweaks (#5294)
* allow passing a path for options so that it can be extracted from the model

* add cred type selector for the aws generate form

* style hint text on generate creds form

* add tests for aws-credential adapter

* allow for the case where we might have zero ttl

* show error for TTL picker if a non-number is entered for the duration part of the TTL

* fix positioning of tooltips

* fix ttl rendering with invalid input for initialValue
2018-09-28 16:45:30 -05:00
Brian Shumate d62d482033 Guide/Identity: use consistent id/accessor example to fix #5340 (#5432) 2018-09-28 17:43:15 -04:00
Chris Hoffman 8ff89b972c
changelog++ 2018-09-28 17:39:48 -04:00
Jeff Mitchell 6814b0e88a changelog++ 2018-09-28 11:29:28 -04:00
Jeff Mitchell 13f98d9a4b
Fix reading Okta token parameter when config param exists (#5429)
Fixes #5409
2018-09-28 11:28:06 -04:00
Matthew Irish a22861cee9
UI - ent init (#5428)
* allow for enterprise init attributes

* allow moving from init to auth in the init flow on the tutorial machine

* show loading spinner while cluster is unsealing

* use seal-status type to determine the init attrs

* add init acceptance tests

* stored_shares should always be 1

* fix lint

* format template

* remove explicity model attr from init controller
2018-09-28 09:36:18 -05:00
Mike Christof f7bf4a4384 fixed read-entity-by-name code (#5422) 2018-09-28 07:23:46 -07:00
Calvin Leung Huang 253d999c55 docs: Update CLI page to include namespace and flags info (#5363) 2018-09-27 17:08:14 -07:00
Chris Hoffman e34a9c5395
changelog++ 2018-09-27 20:07:23 -04:00
joe miller d39ffc9e25 add allowed_organiztaional_units parameter to cert credential backend (#5252)
Specifying the `allowed_organiztaional_units` parameter to a cert auth
backend role will require client certificates to contain at least one of
a list of one or more "organizational units" (OU).

Example use cases:

Certificates are issued to entities in an organization arrangement by
organizational unit (OU). The OU may be a department, team, or any other logical
grouping of resources with similar roles. The entities within the OU
should be granted the same policies.

```
$ vault write auth/cert/certs/ou-engineering \
    certificate=@ca.pem \
    policies=engineering \
    allowed_organiztaional_units=engineering

$ vault write auth/cert/certs/ou-engineering \
    certificate=@ca.pem \
    policies=engineering \
    allowed_organiztaional_units=engineering,support
```
2018-09-27 19:04:55 -05:00
Jeff Mitchell dbae477cca changelog++ 2018-09-27 18:35:38 -04:00
Jeff Mitchell ef144c4c25 Send initialized information via sys/seal-status (#5424) 2018-09-27 14:03:37 -07:00
Ben Boeckel a5378c8c1f ask-a-question: remove mobile link (#5426) 2018-09-27 13:31:34 -07:00
Martin ea509fd2f2 only run cassandra RotateRootCred test when in Travis (#5420) 2018-09-27 10:43:33 -05:00
vishalnayak c91266950f Fix broken build 2018-09-27 10:58:04 -04:00