* Add ability to configure the NotBefore property of certificates in role api
* Update index.html.md
* converting field to time.Duration
* setting default back to 30s
* renaming the parameter not_before_duration to differentiate between the NotBefore datetime on the cert
* Update description
* re-add performancestandycode for health api call
* update debounce timeout for namespace input on the auth page
* re-fetch cluster model on successful init
* 500ms for the debounce
* swap auth methods after successful api call so that the auth box doesn't jump around
* move list capability fetch to namespace component and don't use computed queryRecord to fetch it
* convert ed models to JSON so that they're unaffected by store unloading
* serialize with the id for the auth method models
* speed tests back up with different polling while loop
* login flash isn't in the same run loop so no longer needs withFlash
* Allow specifying role-default TTLs in AWS secret engine
* Add an acceptance test
* Add docs for AWS secret role-default TTLs
* Rename default_ttl to default_sts_ttl
* Return default_ttl as int64 instead of time.Duration
* Fix broken tests
The merge of #5383 broke the tests due to some changes in the test style
that didn't actually cause a git merge conflict. This updates the tests
to the new style.
* fix token expiration calculation
* move authenticate to an ember concurrency task
* don't show logged in nav while still on the auth route
* move current tests to integration folder, add unit test for expiration calculation
* fix auth form tests
* The added method customTLSDial() creates a tls connection to the zookeeper backend when 'tls_enabled' is set to true in config
* Update to the document for TLS configuration that is required to enable TLS connection to Zookeeper backend
* Minor formatting update
* Minor update to the description for example config
* As per review comments from @kenbreeman, additional property description indicating support for multiple Root CAs in a single file has been added
* minor formatting
* Support Authorization Bearer as token header
* add requestAuth test
* remove spew debug output in test
* Add Authorization in CORS Allowed headers
* use const where applicable
* use less allocations in bearer token checking
* address PR comments on tests and apply last commit
* reorder error checking in a TestHandler_requestAuth
In addition to the specific permissions that are already mentioned, the project also needs the `iam.googleapis.com` API enabled, otherwise authenticating will fail with an error similar to:
```
Error authenticating: Error making API request.
URL: PUT https://localhost:8200/v1/auth/gcp/login
Code: 400. Errors:
* could not find service account key or Google Oauth cert with given 'kid' id
```
* allow passing a path for options so that it can be extracted from the model
* add cred type selector for the aws generate form
* style hint text on generate creds form
* add tests for aws-credential adapter
* allow for the case where we might have zero ttl
* show error for TTL picker if a non-number is entered for the duration part of the TTL
* fix positioning of tooltips
* fix ttl rendering with invalid input for initialValue
* allow for enterprise init attributes
* allow moving from init to auth in the init flow on the tutorial machine
* show loading spinner while cluster is unsealing
* use seal-status type to determine the init attrs
* add init acceptance tests
* stored_shares should always be 1
* fix lint
* format template
* remove explicity model attr from init controller
Specifying the `allowed_organiztaional_units` parameter to a cert auth
backend role will require client certificates to contain at least one of
a list of one or more "organizational units" (OU).
Example use cases:
Certificates are issued to entities in an organization arrangement by
organizational unit (OU). The OU may be a department, team, or any other logical
grouping of resources with similar roles. The entities within the OU
should be granted the same policies.
```
$ vault write auth/cert/certs/ou-engineering \
certificate=@ca.pem \
policies=engineering \
allowed_organiztaional_units=engineering
$ vault write auth/cert/certs/ou-engineering \
certificate=@ca.pem \
policies=engineering \
allowed_organiztaional_units=engineering,support
```