Commit graph

1809 commits

Author SHA1 Message Date
Jeff Mitchell 35906aaa6c
Add ChaCha20-Poly1305 support to transit (#3975) 2018-02-14 11:59:46 -05:00
Nick 11f197dfa5 Update lease.html.md (#3759) 2018-02-14 09:44:34 -05:00
Brian Shumate e6bf69b96b DOCS: update Telemetry with more coverage (#3968)
- Add initial secrets engines metrics
- Update metrics types/values
- Update language for auth methods, secrets engines, audit devices
- Add more linking to relevant documentation
2018-02-14 09:39:51 -05:00
Seth Vargo 602a7c27f8 Fix code in header font size (#3970)
* Fix code in header font size

This fixes the tiny code font in header names.

* Update _global.scss
2018-02-13 22:17:51 -05:00
Brian Shumate bbc196a6e5 Clarify with example of file-backend specific metrics (#3913) 2018-02-13 11:04:11 -05:00
George Perez 6e0ff44bfc Update generate-root.html.md (#3894)
Fix typo: "providers" to "provides"
2018-02-13 11:03:35 -05:00
Brian Shumate 492b3e2277 DOCS: update Telemetry (#3964)
- Correct time to millis
- Correct storage backend summaries from # ops to duration of ops
2018-02-13 10:15:19 -05:00
Paul Stack 3c683dba92 Adding Manta Storage Backend (#3720)
This PR adds a new Storage Backend for Triton's Object Storage - Manta

```
make testacc TEST=./physical/manta
==> Checking that code complies with gofmt requirements...
==> Checking that build is using go version >= 1.9.1...
go generate
VAULT_ACC=1 go test -tags='vault' ./physical/manta -v  -timeout 45m
=== RUN   TestMantaBackend
--- PASS: TestMantaBackend (61.18s)
PASS
ok  	github.com/hashicorp/vault/physical/manta	61.210s
```

Manta behaves differently to how S3 works - it has no such concepts of Buckets - it is merely a filesystem style object store

Therefore, we have chosen the approach of when writing a secret `foo` it will actually map (on disk) as foo/.vault_value

The reason for this is because if we write the secret `foo/bar` and then try and Delete a key using the name `foo` then Manta
will complain that the folder is not empty because `foo/bar` exists. Therefore, `foo/bar` is written as `foo/bar/.vault_value`

The value of the key is *always* written to a directory tree of the name and put in a `.vault_value` file.
2018-02-12 18:22:41 -05:00
Calvin Leung Huang 60732577f5
CLI Enhancements (#3897)
* Use Colored UI if stdout is a tty

* Add format options to operator unseal

* Add format test on operator unseal

* Add -no-color output flag, and use BasicUi if no-color flag is provided

* Move seal status formatting logic to OutputSealStatus

* Apply no-color to warnings from DeprecatedCommands as well

* Add OutputWithFormat to support arbitrary data, add format option to auth list

* Add ability to output arbitrary list data on TableFormatter

* Clear up switch logic on format

* Add format option for list-related commands

* Add format option to rest of commands that returns a client API response

* Remove initOutputYAML and initOutputJSON, and use OutputWithFormat instead

* Remove outputAsYAML and outputAsJSON, and use OutputWithFormat instead

* Remove -no-color flag, use env var exclusively to toggle colored output

* Fix compile

* Remove -no-color flag in main.go

* Add missing FlagSetOutputFormat

* Fix generate-root/decode test

* Migrate init functions to main.go

* Add no-color flag back as hidden

* Handle non-supported data types for TableFormatter.OutputList

* Pull formatting much further up to remove the need to use c.flagFormat (#3950)

* Pull formatting much further up to remove the need to use c.flagFormat

Also remove OutputWithFormat as the logic can cause issues.

* Use const for env var

* Minor updates

* Remove unnecessary check

* Fix SSH output and some tests

* Fix tests

* Make race detector not run on generate root since it kills Travis these days

* Update docs

* Update docs

* Address review feedback

* Handle --format as well as -format
2018-02-12 18:12:16 -05:00
Joel Thompson c61ac21e6c auth/aws: Improve role tag docs as suggested on mailing list (#3915)
Fixes the ambiguity called out in
https://groups.google.com/forum/#!msg/vault-tool/X3s7YY0An_w/yH0KFQxlBgAJ
2018-02-12 17:39:17 -05:00
Jeff Mitchell 4969505c7e
Add transaction-like behavior for Transit persists. (#3959) 2018-02-12 17:27:28 -05:00
Jeff Mitchell db8772f15e Minor website wording updates 2018-02-12 15:28:06 -05:00
Jeff Mitchell 5a047fba68 Document the disable_sealwrap parameter 2018-02-12 15:20:07 -05:00
Jeff Mitchell 6f025fe2ab
Adds the ability to bypass Okta MFA checks. (#3944)
* Adds the ability to bypass Okta MFA checks.

Unlike before, the administrator opts-in to this behavior, and is
suitably warned.

Fixes #3872
2018-02-09 17:03:49 -05:00
Vishal Nayak 80ffd07b8b added a flag to make common name optional if desired (#3940)
* added a flag to make common name optional if desired

* Cover one more case where cn can be empty

* remove skipping when empty; instead check for emptiness before calling validateNames

* Add verification before adding to DNS names to also fix #3918
2018-02-09 13:42:19 -05:00
alexandrumd 56f0ff4293 Change 'rules' parameter for Policies requests (#3947)
With Vault Version: 0.9.1, the following is returned when using "rules" for policies operation:
```The following warnings were returned from the Vault server:
* 'rules' is deprecated, please use 'policy' instead```
2018-02-09 07:43:18 -05:00
Roger Berlind 07f587dd05 Updated replication table (#3929) 2018-02-08 18:11:00 -05:00
Jeff Mitchell 4fbeae77ee
Update relatedtools.html.md 2018-02-08 11:15:47 -05:00
Robert Kreuzer a25986391b Add vaultenv to the list of related tools (#3945) 2018-02-08 10:30:45 -05:00
Chris Hoffman d723479b32
Fixing docs links and adding redirects for new guides (#3939)
* updating links

* updating links

* updating links

* updating links

* updating links

* adding redirects
2018-02-07 19:29:07 -05:00
Jed da955a8f1b Lil typo fixes (#3925)
Read through the initial docs and noticed a few typos
2018-02-07 09:38:11 -05:00
emily e086429964 fix IAM diagram for GCP auth method docs (#3927) 2018-02-07 09:37:11 -05:00
Andy Manoske 4d33d5fa34
Merge branch 'master' into new-guides 2018-02-06 13:09:22 -08:00
cikenerd e7973773ac Update etcd storage doc (#3753) 2018-02-06 11:00:00 -05:00
Yoko Hyakuna 1b12d74188 Missing * in the command 2018-02-05 16:17:18 -08:00
Jeff Mitchell 4174019efb Add a space before the MFA super 2018-02-05 12:32:25 -05:00
Jeff Mitchell 855d8cb769 Move MFA to deprecated section, mark with a super 2018-02-05 12:32:21 -05:00
Jeff Mitchell 193278f9a4 Minor grammatical update to MFA doc 2018-02-05 12:26:16 -05:00
Jeff Mitchell 8145b0ce0b Mark old MFA as legacy/unsupported in sidebar 2018-02-05 11:47:59 -05:00
Jeff Mitchell 0255d4ca10 Make the MFA support status more clear for the legacy system 2018-02-04 19:25:27 -05:00
Yoko Hyakuna 6883dc32f4 Merge branch 'master' of github.com:hashicorp/vault into new-guides 2018-02-02 09:03:12 -08:00
George Christou c35af6dd01 website: Include fish as a supported shell (#3895) 2018-02-02 10:34:48 -05:00
Yoko 9c93d2761e
Merge branch 'master' into new-guides 2018-02-01 11:55:18 -08:00
Yoko Hyakuna 2d30bef2af Fixed a typo 'on-demand' 2018-02-01 10:00:18 -08:00
Yoko Hyakuna 7a1a19b6d6 Incorporated review comments 2018-02-01 09:50:59 -08:00
Vishal Nayak 01b1b9ff6d
docs/telemetry: remove merge conflict remnant (#3882)
* remove merge conflict remnant

* s/auth/authentication
2018-02-01 12:09:58 -05:00
Andy Manoske 505e65d0fe
Merge branch 'master' into new-guides 2018-01-31 17:17:00 -08:00
Brian Shumate a7049247d9 Correct cofiguration option in example (#3879) 2018-01-31 13:41:31 -05:00
Yoko Hyakuna cef6f8a758 Replaced deprecated command 2018-01-31 09:27:14 -08:00
Yoko Hyakuna 9fc56991f0 Replaced the deprecated commands with new ones 2018-01-30 10:46:27 -08:00
Jack Pearkes a2f0f0a8e5 website: add note about the 0.9.2+ CLI changes to reduce confusion (#3868)
* website: add note about the 0.9.2+ CLI changes to reduce confusion

* website: fix frontmatter for 0.9.3 guide, add to guides index

* website: add overview title to 0.9.3 guide for spacing
2018-01-30 13:30:47 -05:00
Yoko Hyakuna dded969da6 Merge master 2018-01-30 09:57:30 -08:00
Yoko Hyakuna 470e913af7 resolved the file name conflict 2018-01-29 16:41:44 -08:00
Yoko Hyakuna 1a532cb993 Re-categorized the guides on the navigation 2018-01-26 15:13:15 -08:00
Jeff Mitchell 8f24bdee1f Typo fixes on upgrading page 2018-01-26 16:11:25 -05:00
Jeff Mitchell c6d8222236 Add 0.9.2 upgrade guide 2018-01-26 16:07:41 -05:00
Chris Bartlett c7580b2961 #3850 Fixed documentation for aws/sts ttl (#3851) 2018-01-25 22:20:30 -05:00
Yoko Hyakuna d5262f7896 Fixed typos in the command 2018-01-25 15:07:35 -08:00
Yoko Hyakuna 8a9dc208fb Fixed the sample admin policies 2018-01-24 22:15:40 -08:00
Yoko Hyakuna d8de750f97 Fixed the sample admin policies 2018-01-24 21:21:23 -08:00
Yoko Hyakuna 3e043170a0 Fixed the sample admin policies 2018-01-24 18:10:56 -08:00
Yoko Hyakuna 3fc84bff3a Added policy requirements & scenario diagrams 2018-01-24 16:01:44 -08:00
Andy Manoske 909f0d34fc
Policy Feedback from PM 2018-01-24 11:47:31 -08:00
Yoko Hyakuna d45a247bec Cleaned up the diagram 2018-01-23 16:22:17 -08:00
Yoko Hyakuna 9df839e446 More detailed descriptions were added 2018-01-23 15:43:07 -08:00
Vishal Nayak b9a5a35895 docs: Fix the expected type of metadata (#3835) 2018-01-23 16:30:15 -05:00
Jeff Mitchell 8e8675053b Sync some bits over 2018-01-22 21:44:49 -05:00
Yoko Hyakuna 358f95553c WIP - new guides 2018-01-22 18:14:23 -08:00
Brian Shumate dec64ecfd7 Update API endpoint references for revoke-prefix (#3828) 2018-01-22 18:04:43 -05:00
Yoko Hyakuna df16089491 WIP - Added personas 2018-01-18 17:40:35 -08:00
Yoko Hyakuna ac4bd212fc WIP - new guides 2018-01-17 17:39:21 -08:00
Yoko Hyakuna fd77a55dc1 WIP - new guides 2018-01-16 17:16:20 -08:00
Josh Giles 9c46431b80 Support JSON lists for Okta user groups+policies. (#3801)
* Support JSON lists for Okta user groups+policies.

Migrate the manually-parsed comma-separated string field types for user
groups and user policies to TypeCommaStringSlice. This means user
endpoints now accept proper lists as input for these fields in addition
to comma-separated string values. The value for reads remains a list.

Update the Okta API documentation for users and groups to reflect that
both user group and user/group policy fields are list-valued.

Update the Okta acceptance tests to cover passing a list value for the
user policy field, and require the OKTA_API_TOKEN env var to be set
(required for the "everyone" policy tests to pass).

* Fix typo, add comma-separated docs.
2018-01-16 18:20:19 -05:00
Jake Scaltreto 3ad372d65d Fix minor typo in word "certificate" (#3783) 2018-01-15 15:52:41 -05:00
Paweł Słomka b994e83c65 Cleanup of deprecated commands in tests, docs (#3788) 2018-01-15 15:19:28 -05:00
Harrison Brown 6b7f57caab Suggested website copy changes (#3791)
* Adds comma

* Adds comma

* Suggested copy change
2018-01-15 14:33:41 -05:00
Vishal Nayak 8ef51c0065
Delete group alias upon group deletion (#3773) 2018-01-11 10:58:05 -05:00
Yoko Hyakuna 588e3bcd2d WIP - New Vault guides 2018-01-10 17:28:00 -08:00
Yoko Hyakuna 6f7ed3016d WIP - New Vault guides 2018-01-10 11:14:59 -08:00
Jeff Mitchell d8009bced1 Merge branch 'master-oss' into sethvargo/cli-magic 2018-01-10 11:15:49 -05:00
Yoko Hyakuna 5e0ac2aee0 WIP - New Vault guides 2018-01-09 15:12:08 -08:00
Yoko Hyakuna f61f32f0c6 WIP - New Vault guides 2018-01-09 15:06:00 -08:00
Laura Uva b242800958 Fixed the link to the section on generating DR operation token for promoting secondary. (#3766) 2018-01-09 10:02:09 -06:00
Brian Shumate fd424c74ba Docs: add DR secondary/active HTTP 472 code (#3748) 2018-01-03 15:07:36 -05:00
Jeff Mitchell d1803098ae Merge branch 'master-oss' into sethvargo/cli-magic 2018-01-03 14:02:31 -05:00
Jon Davies 66e2593ef9 s3.go: Added options to use paths with S3 and the ability to disable SSL (#3730) 2018-01-03 12:11:00 -05:00
Brian Nuszkowski 9c3e96b591 Update '/auth/token/revoke-self' endpoint documentation to reflect the proper response code (#3735) 2018-01-03 12:09:43 -05:00
Didi Kohen 089a0793bd Clarify that keybase is supported only in the CLI (#3744) 2018-01-03 11:18:38 -05:00
dmwilcox 39dd122663 Update docs to reflect ability to load cold CA certs to output full chains. (#3740) 2018-01-03 10:59:18 -05:00
Alexandre Nicastro 19b4062801 docs: fix typo (change 'a' to 'an' - indefinite article) (#3741) 2018-01-03 10:47:15 -05:00
markpaine c50c597b62 Spelling correction. "specifig" -> "specific" (#3739) 2018-01-03 10:38:55 -05:00
markpaine 3c483b3e87 Spelling correction "datatabse" -> "database" (#3738) 2018-01-03 10:38:16 -05:00
Brian Shumate 4a9333b076 Docs: Updated Telemetry documentation (#3722) 2017-12-26 13:51:15 -05:00
Brian Shumate bbf1c67d80 Update backend config docs - addresses #3718 (#3724) 2017-12-26 13:48:45 -05:00
Jeff Mitchell 1a2eba5f87 Port website changes from ent side 2017-12-21 09:00:35 -05:00
Jeff Mitchell 121d5bfeaa Bump vars for 0.9.1 2017-12-21 08:39:41 -05:00
Jeff Mitchell e6d60ee551 Clarify control group APIs are enterprise only.
Fixes #3702
2017-12-19 11:00:02 -05:00
Calvin Leung Huang c4e951efb8 Add period and max_ttl to cert role creation (#3642) 2017-12-18 15:29:45 -05:00
Roger Berlind 27cdb42258 Added example for Azure SQL Database (#3700) 2017-12-18 13:55:56 -05:00
Travis Cosgrave cf3e284396 Use Custom Cert Extensions as Cert Auth Constraint (#3634) 2017-12-18 12:53:44 -05:00
Jeff Mitchell 77a7c52392
Merge branch 'master' into f-nomad 2017-12-18 12:23:39 -05:00
Ernest W. Durbin III 98e04c42d3 Correct documentation for Kubernetes Auth Plugin (#3708) 2017-12-18 12:12:08 -05:00
James Nugent e320d0580a physical/dynamodb: Clarify ha_enabled type (#3703)
The example in the documentation correctly passes a quoted boolean (i.e.
true or false as a string) instead of a "real" HCL boolean. This commit
corrects the parameter list to document that fact.

While it would be more desirable to change the implementation to accept
an unquoted boolean, it seems that the use of `hcl.DecodeObject` for
parameters which are not common to all storage back ends would make this
a rather more involved change than this necessarily warrants.
2017-12-18 09:30:29 -05:00
James Nugent 618b52d72d docs: Add correct method for mlock on systemd (#3704)
Although the previously described method of running setcap works if
setcap is available, the built-in LimitMEMLOCK directive is better.
2017-12-18 09:29:37 -05:00
Raja Nadar 446b87ee0e added the missing nonce and type fields (#3694) 2017-12-17 16:26:07 -05:00
Chris Hoffman f6bed8b925 fixing up config to allow environment vars supported by api client 2017-12-17 09:10:56 -05:00
Chris Hoffman ef56322369 Merge remote-tracking branch 'oss/master' into f-nomad
* oss/master:
  Add support for encrypted TLS key files (#3685)
2017-12-15 19:51:28 -05:00
Chris Hoffman 164849f056
Add support for encrypted TLS key files (#3685) 2017-12-15 17:33:55 -05:00
Chris Hoffman c71f596fbd address some feedback 2017-12-15 17:06:56 -05:00
Jeff Mitchell b478ba8bac
Merge branch 'master' into f-nomad 2017-12-14 16:44:28 -05:00