Commit graph

8977 commits

Author SHA1 Message Date
Nageswara Rao Podilapu e12948593b Update page content with a generic noun (#5444)
This might be a typo, It says `A user may have a client token sent to her` instead it should say `A user may have a client token sent to them`
2018-10-02 09:31:01 -04:00
Brian Kassouf 2ec54c3a0b
Fix seal status tests (#5443) 2018-10-01 18:09:20 -07:00
Calvin Leung Huang 74c50adb58 logical/nomad: Reduce flakiness in prepareTestContainer (#5440) 2018-10-01 17:46:37 -07:00
JohnVonNeumann eba56f3f23 Update operator_init.go (#5441)
Minor grammar fix.
2018-10-01 17:19:13 -07:00
Brian Kassouf 813230ed96
changelog++ 2018-10-01 14:41:30 -07:00
Jim Kalafut 43d498983c
Retry failing migration check instead of exiting (#5427) 2018-10-01 14:35:35 -07:00
Matthew Irish 5a8a12aa58
tweak warning about force promoting replication clusters (#5439) 2018-10-01 16:21:00 -05:00
Brian Kassouf e41b388edd
Update CHANGELOG.md 2018-10-01 14:15:00 -07:00
Saurabh Pal 77e635f7e1 Enable TLS based communication with Zookeeper Backend (#4856)
* The added method customTLSDial() creates a tls connection to the zookeeper backend when 'tls_enabled' is set to true in config

* Update to the document for TLS configuration that is  required to enable TLS connection to Zookeeper backend

* Minor formatting update

* Minor update to the description for example config

* As per review comments from @kenbreeman, additional property description indicating support for multiple Root CAs in a single file has been added

* minor formatting
2018-10-01 14:12:08 -07:00
Brian Kassouf 5f34bbbe6d
Update replication-performance.html.md 2018-10-01 13:59:50 -07:00
Brian Kassouf 45c8894c0d
Update replication-dr.html.md 2018-10-01 13:59:17 -07:00
Matthew Irish 87ed1e4f52
ui - add force option when promoting a replication secondary (#5438) 2018-10-01 15:58:43 -05:00
Brian Kassouf 03cf7958ad
Update replication-dr.html.md 2018-10-01 12:53:20 -07:00
Brian Kassouf e6b337b06f
Update replication-performance.html.md 2018-10-01 12:52:44 -07:00
Calvin Leung Huang 4f1af61bda changelog++ 2018-10-01 12:25:11 -07:00
Becca Petrin d1904e972f Discuss ambient credentials in namespaces (#5431)
* discuss ambient credentials in namespaces

* update aws cred chain description
2018-10-01 15:23:54 -04:00
Calvin Leung Huang 37c0b83669
Add denylist check when filtering passthrough headers (#5436)
* Add denylist check when filtering passthrough headers

* Minor comment update
2018-10-01 12:20:31 -07:00
Brian Kassouf ac8816a7a9
changelog++ 2018-10-01 11:55:27 -07:00
vishalnayak 8e52790db5 Fix PR number for a CL entry 2018-10-01 14:48:05 -04:00
Matthew Irish 984462f22b
UI - fix the top level polling and use ember-concurrency (#5433)
* fix the top level pollling and use ember-concurrency

* make suggested changes
2018-10-01 13:04:34 -05:00
Brian Kassouf 8bf1598bff
changelog++ 2018-10-01 10:49:04 -07:00
Martin 03fb39033f Add support for token passed Authorization Bearer header (#5397)
* Support Authorization Bearer as token header

* add requestAuth test

* remove spew debug output in test

* Add Authorization in CORS Allowed headers

* use const where applicable

* use less allocations in bearer token checking

* address PR comments on tests and apply last commit

* reorder error checking in a TestHandler_requestAuth
2018-10-01 10:33:21 -07:00
Chris Pick 36c20e8e2d Note that GCP auth method needs iam API enabled (#5339)
In addition to the specific permissions that are already mentioned, the project also needs the `iam.googleapis.com` API enabled, otherwise authenticating will fail with an error similar to:

```
Error authenticating: Error making API request.

URL: PUT https://localhost:8200/v1/auth/gcp/login
Code: 400. Errors:

* could not find service account key or Google Oauth cert with given 'kid' id
```
2018-10-01 10:09:32 -07:00
Vishal Nayak 8e66e474ca Ensure old group alias is removed when a new one is written (#5350) 2018-10-01 10:06:10 -07:00
Becca Petrin 3da8d38e7d point at a fork of aliyun-oss-go-sdk (#5358) 2018-10-01 10:05:08 -07:00
Chris Hoffman 33accf60be
changelog++ 2018-09-28 17:48:45 -04:00
Matthew Irish 572fb826be
UI aws engine tweaks (#5294)
* allow passing a path for options so that it can be extracted from the model

* add cred type selector for the aws generate form

* style hint text on generate creds form

* add tests for aws-credential adapter

* allow for the case where we might have zero ttl

* show error for TTL picker if a non-number is entered for the duration part of the TTL

* fix positioning of tooltips

* fix ttl rendering with invalid input for initialValue
2018-09-28 16:45:30 -05:00
Brian Shumate d62d482033 Guide/Identity: use consistent id/accessor example to fix #5340 (#5432) 2018-09-28 17:43:15 -04:00
Chris Hoffman 8ff89b972c
changelog++ 2018-09-28 17:39:48 -04:00
Jeff Mitchell 6814b0e88a changelog++ 2018-09-28 11:29:28 -04:00
Jeff Mitchell 13f98d9a4b
Fix reading Okta token parameter when config param exists (#5429)
Fixes #5409
2018-09-28 11:28:06 -04:00
Matthew Irish a22861cee9
UI - ent init (#5428)
* allow for enterprise init attributes

* allow moving from init to auth in the init flow on the tutorial machine

* show loading spinner while cluster is unsealing

* use seal-status type to determine the init attrs

* add init acceptance tests

* stored_shares should always be 1

* fix lint

* format template

* remove explicity model attr from init controller
2018-09-28 09:36:18 -05:00
Mike Christof f7bf4a4384 fixed read-entity-by-name code (#5422) 2018-09-28 07:23:46 -07:00
Calvin Leung Huang 253d999c55 docs: Update CLI page to include namespace and flags info (#5363) 2018-09-27 17:08:14 -07:00
Chris Hoffman e34a9c5395
changelog++ 2018-09-27 20:07:23 -04:00
joe miller d39ffc9e25 add allowed_organiztaional_units parameter to cert credential backend (#5252)
Specifying the `allowed_organiztaional_units` parameter to a cert auth
backend role will require client certificates to contain at least one of
a list of one or more "organizational units" (OU).

Example use cases:

Certificates are issued to entities in an organization arrangement by
organizational unit (OU). The OU may be a department, team, or any other logical
grouping of resources with similar roles. The entities within the OU
should be granted the same policies.

```
$ vault write auth/cert/certs/ou-engineering \
    certificate=@ca.pem \
    policies=engineering \
    allowed_organiztaional_units=engineering

$ vault write auth/cert/certs/ou-engineering \
    certificate=@ca.pem \
    policies=engineering \
    allowed_organiztaional_units=engineering,support
```
2018-09-27 19:04:55 -05:00
Jeff Mitchell dbae477cca changelog++ 2018-09-27 18:35:38 -04:00
Jeff Mitchell ef144c4c25 Send initialized information via sys/seal-status (#5424) 2018-09-27 14:03:37 -07:00
Ben Boeckel a5378c8c1f ask-a-question: remove mobile link (#5426) 2018-09-27 13:31:34 -07:00
Martin ea509fd2f2 only run cassandra RotateRootCred test when in Travis (#5420) 2018-09-27 10:43:33 -05:00
vishalnayak c91266950f Fix broken build 2018-09-27 10:58:04 -04:00
Joel Thompson 73112c49fb logical/aws: Harden WAL entry creation (#5202)
* logical/aws: Harden WAL entry creation

If AWS IAM user creation failed in any way, the WAL corresponding to the
IAM user would get left around and Vault would try to roll it back.
However, because the user never existed, the rollback failed. Thus, the
WAL would essentially get "stuck" and Vault would continually attempt to
roll it back, failing every time. A similar situation could arise if the
IAM user that Vault created got deleted out of band, or if Vault deleted
it but was unable to write the lease revocation back to storage (e.g., a
storage failure).

This attempts to harden it in two ways. One is by deleting the WAL log
entry if the IAM user creation fails. However, the WAL deletion could
still fail, and this wouldn't help where the user is deleted out of
band, so second, consider the user rolled back if the user just doesn't
exist, under certain circumstances.

Fixes #5190

* Fix segfault in expiration unit tests

TestExpiration_Tidy was passing in a leaseEntry that had a nil Secret,
which then caused a segfault as the changes to revokeEntry didn't check
whether Secret was nil; this is probably unlikely to occur in real life,
but good to be extra cautious.

* Fix potential segfault

Missed the else...

* Respond to PR feedback
2018-09-27 09:54:59 -05:00
Andy Manoske 463c90ae32
Merge pull request #5415 from hashicorp/partnership-broken-links
Broken link fix
2018-09-26 19:48:29 -07:00
Andy Manoske 32feda57fb
Broken link fix
Fix broken links
2018-09-26 19:48:07 -07:00
Andy Manoske 1797eb92ee
Merge pull request #5413 from hashicorp/partnerships-format
partnerships-format
2018-09-26 19:41:50 -07:00
Andy Manoske d42a78a2b1
partnerships-format
Some small formatting fixes
2018-09-26 19:41:27 -07:00
Andy Manoske 9503821d70
Merge pull request #5411 from hashicorp/partnerships-docs-fix
Fix header issues
2018-09-26 19:31:00 -07:00
Andy Manoske 05f51a4332
Fix header issues
Fix partnerships docs formatting issues
2018-09-26 19:30:28 -07:00
Andy Manoske 73eb50a791
Merge pull request #5285 from hashicorp/partnerships-add-docs
Partnerships docs updates
2018-09-26 19:18:07 -07:00
Andy Manoske ab1494389c
Merge branch 'master' into partnerships-add-docs 2018-09-26 19:17:26 -07:00