Commit graph

1688 commits

Author SHA1 Message Date
Daniel Mangum 3a6d8dbdd1 plugin docs: update example code snippet with correct imports and link to developing plugin backends tutorial (#6843)
Signed-off-by: hasheddan <georgedanielmangum@gmail.com>
2019-07-05 15:35:36 -07:00
Clint 28447e00a3 Combined Database backend: Add Static Account support to MySQL (#6970)
* temp support for mysql+static accounts

* remove create/update database user for static accounts

* update tests after create/delete removed

* small cleanups

* update postgresql setcredentials test

* temp support for mysql+static accounts

* Add Static Account support to MySQL

* add note that MySQL supports static roles

* remove code comment

* tidy up tests

* Update plugins/database/mysql/mysql_test.go

Co-Authored-By: Calvin Leung Huang <cleung2010@gmail.com>

* Update plugins/database/mysql/mysql.go

Co-Authored-By: Calvin Leung Huang <cleung2010@gmail.com>

* update what password we test

* refactor CreateUser and SetCredentials to use a common helper

* add close statements for statements in loops

* remove some redundant checks in the mysql test

* use root rotation statements as default for static accounts

* missed a file save
2019-07-05 14:52:56 -04:00
Michel Vocks 524c7517e9
Add namespace config option to agent auto-auth config (#6988)
* Added namespace option to vault agent auto-auth method

* Implemented review feedback
2019-07-03 09:33:20 +02:00
Garrett T 8fc4a63796 Set MaxIdleConns to reduce connection churn (postgresql physical) (#6967)
* Set MaxIdleConns to reduce connection churn (postgresql physical)

* Make new  "max_idle_connection" config option for physical postgresql

* Add docs for "max_idle_connections" for postgresql storage

* Add minimum version to docs for max_idle_connections
2019-07-02 15:03:56 -07:00
Michael Gaffney 4044cff8f2
Merge branch 'master' into mgaffney/kv-delete-version-after 2019-07-02 17:27:36 -04:00
emily 333d0425b9 fix permissions in GCP auth docs (#7035) 2019-07-01 15:13:36 -07:00
Vishal Nayak 2fcac90052
Raft Docs (#6966)
* Raft configuration doc

* API docs

* join sample

* Fix the Join API

* Add snapshot-force

* Update sys/storage subsection

* Use actual certs in examples

* Add sample configuration response

* Fix link

* remove TLS config options
2019-06-28 14:09:14 -04:00
Calvin Leung Huang 21059820d2
KMIP docs (#6969)
* docs: add docs/secrets/kmip

* Add KMIP API docs.

* small typo fix

* Update website/source/api/secret/kmip/index.html.md

Co-Authored-By: Calvin Leung Huang <cleung2010@gmail.com>

* Update website/source/api/secret/kmip/index.html.md

Co-Authored-By: Calvin Leung Huang <cleung2010@gmail.com>

* Update website/source/api/secret/kmip/index.html.md

Co-Authored-By: Calvin Leung Huang <cleung2010@gmail.com>

* Update website/source/api/secret/kmip/index.html.md

Co-Authored-By: Calvin Leung Huang <cleung2010@gmail.com>

* format tables in api docs

* fix table formatting

* Fix wording.

* Remove references to tls_max_path_length.
2019-06-28 11:05:00 -07:00
Michael Gaffney 3b12c58e33
docs: Add delete-version-after to kv command line docs 2019-06-28 13:36:07 -04:00
Michael Gaffney 9366f95816 Remove delete-version-after from kv put and undelete subcommands
Removes the optional parameter "delete-version-after" from the following
CLI subcommands:

- kv put
- kv undelete
- kv rollback
2019-06-27 14:17:46 -04:00
Michael Gaffney 42324c22ff Add delete-version-after to kv CLI subcommands
Adds a new optional parameter "delete-version-after" to the following
CLI subcommands:

- kv metadata put
- kv put
- kv undelete
- kv rollback
2019-06-27 14:17:46 -04:00
Thomas Kula be998aeeac Cert auth method examples need to use https (#6961)
In order to present a client certificate to use the certificate
auth method, you must use https.
2019-06-27 11:04:09 -04:00
Lexman a4ba0e22ac Identity tokens documentation (#6971) 2019-06-26 07:31:10 -07:00
Jim Kalafut c7283f99ed
Update JWT tips (#6955) 2019-06-21 14:50:12 -07:00
Jim Kalafut 1074b5046f
Minor clean up JWT provider docs (#6952) 2019-06-21 11:49:08 -07:00
Anner J. Bonilla c98caa2cd7 update azure instructions (#6858)
Update instructions in regards to azure AD Authentication and OIDC
2019-06-21 11:28:12 -07:00
Becca Petrin cd0f2ec5f6
Merge pull request #6913 from hashicorp/pcf-docs
PCF documentation
2019-06-20 09:28:06 -07:00
Clint b55303eddb
Combined Database Backend: Static Accounts (#6834)
* Add priority queue to sdk

* fix issue of storing pointers and now copy

* update to use copy structure

* Remove file, put Item struct def. into other file

* add link

* clean up docs

* refactor internal data structure to hide heap method implementations. Other cleanup after feedback

* rename PushItem and PopItem to just Push/Pop, after encapsulating the heap methods

* updates after feedback

* refactoring/renaming

* guard against pushing a nil item

* minor updates after feedback

* Add SetCredentials, GenerateCredentials gRPC methods to combined database backend gPRC

* Initial Combined database backend implementation of static accounts and automatic rotation

* vendor updates

* initial implementation of static accounts with Combined database backend, starting with PostgreSQL implementation

* add lock and setup of rotation queue

* vendor the queue

* rebase on new method signature of queue

* remove mongo tests for now

* update default role sql

* gofmt after rebase

* cleanup after rebasing to remove checks for ErrNotFound error

* rebase cdcr-priority-queue

* vendor dependencies with 'go mod vendor'

* website database docs for Static Role support

* document the rotate-role API endpoint

* postgres specific static role docs

* use constants for paths

* updates from review

* remove dead code

* combine and clarify error message for older plugins

* Update builtin/logical/database/backend.go

Co-Authored-By: Jim Kalafut <jim@kalafut.net>

* cleanups from feedback

* code and comment cleanups

* move db.RLock higher to protect db.GenerateCredentials call

* Return output with WALID if we failed to delete the WAL

* Update builtin/logical/database/path_creds_create.go

Co-Authored-By: Jim Kalafut <jim@kalafut.net>

* updates after running 'make fmt'

* update after running 'make proto'

* Update builtin/logical/database/path_roles.go

Co-Authored-By: Brian Kassouf <briankassouf@users.noreply.github.com>

* Update builtin/logical/database/path_roles.go

Co-Authored-By: Brian Kassouf <briankassouf@users.noreply.github.com>

* update comment and remove and rearrange some dead code

* Update website/source/api/secret/databases/index.html.md

Co-Authored-By: Jim Kalafut <jim@kalafut.net>

* cleanups after review

* Update sdk/database/dbplugin/grpc_transport.go

Co-Authored-By: Brian Kassouf <briankassouf@users.noreply.github.com>

* code cleanup after feedback

* remove PasswordLastSet; it's not used

* document GenerateCredentials and SetCredentials

* Update builtin/logical/database/path_rotate_credentials.go

Co-Authored-By: Brian Kassouf <briankassouf@users.noreply.github.com>

* wrap pop and popbykey in backend methods to protect against nil cred rotation queue

* use strings.HasPrefix instead of direct equality check for path

* Forgot to commit this

* updates after feedback

* re-purpose an outdated test to now check that static and dynamic roles cannot share a name

* check for unique name across dynamic and static roles

* refactor loadStaticWALs to return a map of name/setCredentialsWAL struct to consolidate where we're calling set credentials

* remove commented out code

* refactor to have loadstaticwals filter out wals for roles that no longer exist

* return error if nil input given

* add nil check for input into setStaticAccount

* Update builtin/logical/database/path_roles.go

Co-Authored-By: Brian Kassouf <briankassouf@users.noreply.github.com>

* add constant for queue tick time in seconds, used for comparrison in updates

* Update builtin/logical/database/path_roles.go

Co-Authored-By: Jim Kalafut <jim@kalafut.net>

* code cleanup after review

* remove misplaced code comment

* remove commented out code

* create a queue in the Factory method, even if it's never used

* update path_roles to use a common set of fields, with specific overrides for dynamic/static roles by type

* document new method

* move rotation things into a specific file

* rename test file and consolidate some static account tests

* Update builtin/logical/database/path_roles.go

Co-Authored-By: Brian Kassouf <briankassouf@users.noreply.github.com>

* Update builtin/logical/database/rotation.go

Co-Authored-By: Brian Kassouf <briankassouf@users.noreply.github.com>

* Update builtin/logical/database/rotation.go

Co-Authored-By: Brian Kassouf <briankassouf@users.noreply.github.com>

* Update builtin/logical/database/rotation.go

Co-Authored-By: Brian Kassouf <briankassouf@users.noreply.github.com>

* Update builtin/logical/database/rotation.go

Co-Authored-By: Brian Kassouf <briankassouf@users.noreply.github.com>

* Update builtin/logical/database/rotation.go

Co-Authored-By: Brian Kassouf <briankassouf@users.noreply.github.com>

* update code comments, method names, and move more methods into rotation.go

* update comments to be capitalized

* remove the item from the queue before we try to destroy it

* findStaticWAL returns an error

* use lowercase keys when encoding WAL entries

* small cleanups

* remove vestigial static account check

* remove redundant DeleteWAL call in populate queue

* if we error on loading role, push back to queue with 10 second backoff

* poll in initqueue to make sure the backend is setup and can write/delete data

* add revoke_user_on_delete flag to allow users to opt-in to revoking the static database user on delete of the Vault role. Default false

* add code comments on read-only loop

* code comment updates

* re-push if error returned from find static wal

* add locksutil and acquire locks when pop'ing from the queue

* grab exclusive locks for updating static roles

* Add SetCredentials and GenerateCredentials stubs to mockPlugin

* add a switch in initQueue to listen for cancelation

* remove guard on zero time, it should have no affect

* create a new context in Factory to pass on and use for closing the backend queue

* restore master copy of vendor dir
2019-06-19 14:45:39 -05:00
Becca Petrin 35faaef504 update field name to change from pr feedback 2019-06-19 09:54:18 -07:00
Yoko ba82b04b15
Added a note about JWT (#6899) 2019-06-18 12:36:51 -07:00
Becca Petrin 7be6286966 fix typo 2019-06-18 09:32:14 -07:00
Becca Petrin cd1b53b350 add agent docs 2019-06-17 15:24:10 -07:00
Becca Petrin 30d7f742b3 fix more typos 2019-06-17 15:09:43 -07:00
Becca Petrin 1ca20773c2 fix typos 2019-06-17 15:08:37 -07:00
Becca Petrin a420b966bb add docs 2019-06-17 15:00:30 -07:00
Becca Petrin ca165ffdef add es docs to sidebars 2019-06-17 12:05:57 -07:00
Becca Petrin 7927cc3a43
Update elasticdb.html.md 2019-06-17 11:24:42 -07:00
Becca Petrin 17a682da40 Merge branch 'opensource-master' into add-elasticsearch-auth 2019-06-17 11:12:51 -07:00
Becca Petrin fd2e859617 update doc to 7.1.1 2019-06-17 11:12:16 -07:00
Jason O'Donnell d2e620ae70
Fix multiline jwt config setup example (#6873) 2019-06-12 13:34:26 -04:00
Yoko 2b81ea64c3
Adding vault kv command doc (#6845)
* Adding vault kv command doc

* Update website/source/docs/commands/kv/delete.html.md

Co-Authored-By: Becca Petrin <beccapetrin@gmail.com>

* Update website/source/docs/commands/kv/delete.html.md

Co-Authored-By: Becca Petrin <beccapetrin@gmail.com>

* Update website/source/docs/commands/kv/destroy.html.md

Co-Authored-By: Becca Petrin <beccapetrin@gmail.com>

* Update website/source/docs/commands/kv/destroy.html.md

Co-Authored-By: Becca Petrin <beccapetrin@gmail.com>

* Update website/source/docs/commands/kv/undelete.html.md

Co-Authored-By: Becca Petrin <beccapetrin@gmail.com>

* Update website/source/docs/commands/kv/delete.html.md

Co-Authored-By: Becca Petrin <beccapetrin@gmail.com>
2019-06-10 10:41:55 -07:00
Yoko daebe65d1c
upgrade guide warning about downgrading (#6836)
* upgrade guide warning about downgrading

* Changed the wording
2019-06-10 09:54:21 -07:00
Becca Petrin 5b9d49fc2d add elasticsearch database engine 2019-06-10 09:19:11 -07:00
Justin Weissig 0ae53eb5aa docs: minor fixes to improve sentence flow (#6839) 2019-06-06 08:25:59 -07:00
Justin Weissig fb75728c71 docs: minor spelling fix (#6818)
Fixed spelling: PostgresSQL/PostgreSQL.
2019-06-04 02:28:44 -05:00
Justin Weissig ff3e23e050 docs: fixed typos (#6809)
Fixed two typos: lifecyle + specfied.
2019-05-31 14:33:13 -05:00
Martin Lee b7dadc11e6 Add hard-won practical knowledge to the Okta notes (#6808) 2019-05-31 11:44:59 -05:00
benz0 2e6686cc18 Explain owner role requirement (#6801) 2019-05-30 21:25:30 -05:00
Justin Weissig 3fc537da0b docs: spelling (#6799)
Fixed spelling: Specifiy/Specify.
2019-05-30 21:20:57 -05:00
Justin Weissig 7643eda03f docs: wording (#6798)
Fixed minor sentence flow: an sealed state -> a sealed state.
2019-05-29 19:13:13 -05:00
Justin Weissig 2d727a5640 docs: wording (#6746)
* docs: wording

Fixed wording: "lets create an"/"lets create a"

* Update website/source/docs/secrets/nomad/index.html.md

Co-Authored-By: Jeff Mitchell <jeffrey.mitchell@gmail.com>
2019-05-24 15:44:09 -04:00
Brian Shumate 543e149b8c Docs: Minor updates to PKI Secrets Engine (#6778)
* Docs: Minor updates to PKI Secrets Engine

- Update `ttl` and `max-lease-ttl` values from _43800_ which
  appears to be a typo, to _4380_; this helps avoid warnings
  like: "The expiration time for the signed certificate is
  after the CA's expiration time. If the new certificate is
  not treated as a root, validation paths with the
  certificate past the issuing CA's expiration time will
  fail." when following the Quick Start and using the tuned
  Root CA TTL of 8760h
- Change _my-role_ role name to _example-dot-com_ in **Setup**
  to help reduce confusion and match what is used in
  **Quick Start**

* ttl changes
2019-05-24 15:39:56 -04:00
Srikanth Venkatesh d08edf7483 Typo in concepts/policy-syntax (#6782) 2019-05-24 15:39:11 -04:00
Srikanth Venkatesh b9f67e5622 Fixed typo in documentation on vault internals/architecture (#6781) 2019-05-23 21:58:31 -07:00
Joel Thompson 4e2ad1e568 docs: Fix Markdown formatting error in AWS Auth (#6745) 2019-05-15 21:12:08 -07:00
Jim Kalafut 1c507e3367
Update OIDC Provider Setup docs (#6739) 2019-05-15 11:57:18 -07:00
Justin Weissig e57866d558 docs: fixed typo (#6732)
Fixed typo: follwing/following.
2019-05-15 10:30:18 +02:00
Justin Weissig cf3954f580 docs: fixed typo (#6721)
Fixed typo: appropiate/appropriate
2019-05-13 07:50:29 -04:00
Lexman b2850ac624
http timeout values are configurable (#6666)
* http timeout fields are configurable

* move return statement for server config tests outside of range loop

* adds documentation for configurable listener http_* values

* fixed some formatting for the docs markdown
2019-05-10 10:41:42 -07:00
bjorndolk e8f10814b6 Added HA backend for postgres based on dynamodb model (#5731)
Add optional HA support for postgres backend if Postgres version >= 9.5.
2019-05-10 12:48:42 -04:00