Commit graph

2622 commits

Author SHA1 Message Date
Nicolas Corrarello 0b44a55d22 Adding support for Consul 1.4 ACL system (#5586)
* Adding support for Consul 1.4 ACL system

* Working tests

* Fixed logic gate

* Fixed logical gate that evaluate empty policy or empty list of policy names

* Ensure tests are run against appropiate Consul versions

* Running tests against official container with a 1.4.0-rc1 tag

* policies can never be nil (as even if it is empty will be an empty array)

* addressing feedback, refactoring tests

* removing cast

* converting old lease field to ttl, adding max ttl

* cleanup

* adding missing test

* testing wrong version

* adding support for local tokens

* addressing feedback
2018-11-02 10:44:12 -04:00
Jeff Mitchell 87ffca230e Add batch token info to token store, approle, mount tuning 2018-11-01 14:51:06 -04:00
Raymond Kao 24187b2e99 Fixed wording from "SQL" to "MongoDB" for clarity (#5643)
The original wording made it appear as if SQL statements were being executed against a MongoDB backend, which is incorrect and confusing.  Fixed to better reflect what is actually occurring.
2018-11-01 09:26:05 -04:00
Jeff Mitchell 756e4c5f89 Update jwt to pull in groups claim delimiter pattern 2018-10-31 16:04:39 -04:00
Brian Shumate 113380c461 docs: update JWT auth method (#5655)
- Add convenience/contextual link to API documnetation
2018-10-31 11:03:04 -04:00
Jeff Mitchell 6c488921ff Fix website/path-help docs around pki/tidy 2018-10-30 21:33:30 -04:00
Jeff Mitchell 605a7e30ad
Add the ability for secret IDs in agent approle to be wrapped (#5654) 2018-10-30 20:53:49 -04:00
Jeff Escalante 71f68f2199 fix sidebar links (#5653) 2018-10-30 20:51:38 -04:00
Jeff Mitchell 217e244e17 Make MFA links work again 2018-10-30 14:27:00 -04:00
Jeff Mitchell 6d20c8fce2
Add approle agent method removing secret ID file by default. (#5648)
Also, massively update tests.
2018-10-30 14:09:04 -04:00
RJ Spiker 3223d661ce website: community page content update (#5641) 2018-10-30 12:33:51 -04:00
Aleksey Zhukov 5361205d5b WIP Agent AppRole auto-auth (#5621) 2018-10-30 12:17:19 -04:00
Benjamin Dos Santos 1f86528ad8 docs(systemd): Capabilities had been removed (#5579)
* docs(systemd): `Capabilities` had been removed

The `Capabilities=` unit file setting has been removed and is ignored for
backwards compatibility. `AmbientCapabilities=` and `CapabilityBoundingSet=`
should be used instead.

8f968c7321/NEWS (L1357)

* style: remove trailing white space
2018-10-30 10:18:08 -04:00
Balazs Nagy ca5c60642e Use tidy_revoked_certs instead of tidy_revocation_list (#5608) 2018-10-29 19:29:35 -04:00
RJ Spiker fca7cb3794 website: update sidebar_title in front matter to use <code> (#5636)
* website: replace deprecated <tt> with <code> in front matter sidebar_title

* website: wrap front matter sidebar_title in <code> for commands pages
2018-10-29 15:58:37 -04:00
Christophe Tafani-Dereeper fb89c1adc5 Fix typo ('Gase' -> 'Case') (#5638) 2018-10-29 15:19:35 -04:00
Mike Wickett af70c2234b website: update component dependencies (#5637) 2018-10-29 14:29:44 -04:00
Ben Boeckel 1e3d41ffa9 website: add missing @ to example (#5560)
* website: remove mention of `@` in command

The command does not contain the mentioned `@` symbol and can be
confusing.

* docs: use `policy-name` instead of `my-policy`

Just making things consistent.
2018-10-29 13:12:48 -04:00
Seth Vargo 5fcdd6c4e3 More formatting fixes (#5582) 2018-10-29 13:12:19 -04:00
Jeff Mitchell 3c1a82e60c
Add token type to sentinel docs, fix up some names, and better codify what Sentinel reports for various token types (#5630) 2018-10-27 11:07:27 -07:00
RJ Spiker 5f88be68bc website: adjust downloads page responsive behaviors (#5624) 2018-10-26 21:16:55 -04:00
Jeffrey Hogan cd35ecf02e Use H3 for parameters to match existing pattern (#5566) 2018-10-26 19:13:14 -04:00
Chris Hoffman fa380e9be4
Fix seal migration docs (#5623)
* fixing seal migration docs

* do not use deprecated command

* adding redirect for old docs
2018-10-26 10:04:51 -07:00
Joel Thompson 62b54c8a5c Update awskms seal docs (#5618)
The seal already supported an endpoint configuration, but it wasn't
documented, so adding the docs for it. Also adding a note on required
KMS permissions.
2018-10-26 06:18:04 -07:00
Chris Hoffman bbca4729b6
Updating seal docs (#5616)
* updating seal docs

* fixing api docs
2018-10-25 16:44:53 -07:00
RJ Spiker e1bff4b447 website: adjust button-container behavior based on design feedback (#5613) 2018-10-25 14:25:51 -07:00
Seth Vargo a0cffd4c3f Update docs and permissions (#5612) 2018-10-25 14:10:11 -07:00
Justin Shoffstall 65014f790f Clarify that Perf Standbys require Consul backend (#5539)
* Clarify that Perf Standbys require Consul backend

* Fixed for line length
2018-10-25 13:13:44 -07:00
Alan Tang a69793ae32 fix duplicated word (#5599)
I think that is a duplicated word.
2018-10-24 18:15:24 -07:00
Mike Wickett de34464767 website: change production env var to workaround Dato bug 2018-10-24 13:52:49 -06:00
Mike Wickett bf6c6e12ee website: fix redirects to learn 2018-10-24 13:46:56 -06:00
RJ Spiker 34fdbd785a website - downloads page style adjustments 2018-10-24 13:46:56 -06:00
RJ Spiker 66acfb293b website - fix broken .button-container styles 2018-10-24 13:46:56 -06:00
Mike Wickett 49c07c436d website: add temporary callout to download v1.0 beta 2018-10-24 13:46:56 -06:00
RJ Spiker bbd45ac633 website - dependency version bumps 2018-10-24 13:46:55 -06:00
Mike Wickett 3139263ed6 website: add redirects for intro/getting-started content to Learn 2018-10-24 13:46:43 -06:00
Mike Wickett 2953cd5191 website: fix small font size on code samples 2018-10-24 13:46:43 -06:00
Mike Wickett 9b6026153b website: remove GA snippet - Segment handles this 2018-10-24 13:46:43 -06:00
Jeff Escalante bff998390e Website: small fix for the sidebar (#5595)
* sidebar attempted fix

* fix html errors

* a couple css updates
2018-10-24 12:21:37 -07:00
Andy Manoske 9c2c9d5e13
Update partnerships.html.md 2018-10-23 14:56:55 -07:00
Andy Manoske e19b90e056
Update partnerships.html.md 2018-10-23 14:56:17 -07:00
Andy Manoske f8314f47aa
Update partnerships.html.md 2018-10-23 14:55:51 -07:00
Andy Manoske caad3aff9c
Fix broken links
fix links to old guides infrastructure
2018-10-23 14:22:18 -07:00
Andy Manoske 75c3a5ee9e
Update docs_detailed_categories.yml 2018-10-23 14:01:48 -07:00
Andy Manoske b355c6a3ce
Update partnerships.html.md 2018-10-23 13:58:33 -07:00
Andy Manoske 8b65b243d2
Update partnerships.html.md 2018-10-23 13:48:16 -07:00
Andy Manoske 67c8883a8c
Partnerships docs updates
Updates to include partnerships within new site
2018-10-23 13:45:53 -07:00
Chris Hoffman fc85623b5f
Adding gcpkms docs (#5590)
* adding gcpkms docs

* adding detail links

* adding 1.0 Beta badge
2018-10-23 12:14:32 -07:00
Jeff Mitchell b2f2568a21 Merge branch 'master-oss' into 1.0-beta-oss 2018-10-23 04:02:28 -04:00
Jeff Mitchell 9c9c71189a Prep for 0.11.4 2018-10-23 02:46:18 -04:00
Thomas Kula 434b0a30fb Document that periodic tokens do expire unless explicitly renewed (#5581) 2018-10-22 15:48:16 -04:00
Jeff Mitchell 12f32ad22c Merge branch 'master-oss' into 1.0-beta-oss 2018-10-22 12:32:44 -04:00
Seth Vargo 1fa851eeeb Fix website formatting (#5576) 2018-10-20 20:35:33 -04:00
andrejvanderzee 585911c79e Added role-option max_sts_ttl to cap TTL for AWS STS credentials. (#5500)
* Added role-option max_sts_ttl to cap TTL for AWS STS credentials.

* Allow for setting max_sts_ttl to 0 after it has been set already.

* Fixed message in error response for default_sts_ttl > max_sts_ttl.
2018-10-20 10:36:47 -04:00
Matthew Irish 8073ebcd1e Merge branch 'oss-master' into 1.0-beta-oss 2018-10-19 20:40:36 -05:00
Geoffrey Grosenbach d2c44f1181 Redirect old install link to learn.hashicorp (#5567) 2018-10-19 16:24:04 -07:00
Jim Kalafut 51a240ec74
Fix docs typo 2018-10-19 15:43:45 -07:00
Mitchell Hashimoto cb23b9bb50
website: fix netlify redirects for 404s 2018-10-19 15:38:53 -07:00
Jeff Mitchell 9f6dd376e2 Merge branch 'master-oss' into 1.0-beta-oss 2018-10-19 17:47:58 -04:00
Jeff Escalante 255412f234 fix docs sidebar issue, update product subnav (#5564) 2018-10-19 14:34:23 -07:00
Mitchell Hashimoto 78dedf1f25
website: fix broken link in docs header 2018-10-19 14:10:18 -07:00
RJ Spiker 7ce0ecaad1 fix product-subnav broken links (#5561) 2018-10-19 14:05:23 -07:00
Jeff Escalante 2503568f3c analytics correction to run through segment, clean up extra methods in config.rb (#5562) 2018-10-19 14:04:09 -07:00
Jim Kalafut c1d435c80c
Update Azure Secrets docs (#5554)
Add coverage of application_object_id parameter.
2018-10-19 13:48:15 -07:00
Mitchell Hashimoto 30ef007acf
website: Fix makefile commands to quote command (#5559) 2018-10-19 11:46:36 -07:00
Jeff Escalante 94eb018da9 fix github repo reference (#5555) 2018-10-19 09:54:56 -07:00
Jeff Escalante a3dfde5cec New Docs Website (#5535)
* conversion stage 1

* correct image paths

* add sidebar title to frontmatter

* docs/concepts and docs/internals

* configuration docs and multi-level nav corrections

* commands docs, index file corrections, small item nav correction

* secrets converted

* auth

* add enterprise and agent docs

* add extra dividers

* secret section, wip

* correct sidebar nav title in front matter for apu section, start working on api items

* auth and backend, a couple directory structure fixes

* remove old docs

* intro side nav converted

* reset sidebar styles, add hashi-global-styles

* basic styling for nav sidebar

* folder collapse functionality

* patch up border length on last list item

* wip restructure for content component

* taking middleman hacking to the extreme, but its working

* small css fix

* add new mega nav

* fix a small mistake from the rebase

* fix a content resolution issue with middleman

* title a couple missing docs pages

* update deps, remove temporary markup

* community page

* footer to layout, community page css adjustments

* wip downloads page

* deps updated, downloads page ready

* fix community page

* homepage progress

* add components, adjust spacing

* docs and api landing pages

* a bunch of fixes, add docs and api landing pages

* update deps, add deploy scripts

* add readme note

* update deploy command

* overview page, index title

* Update doc fields

Note this still requires the link fields to be populated -- this is solely related to copy on the description fields

* Update api_basic_categories.yml

Updated API category descriptions. Like the document descriptions you'll still need to update the link headers to the proper target pages.

* Add bottom hero, adjust CSS, responsive friendly

* Add mega nav title

* homepage adjustments, asset boosts

* small fixes

* docs page styling fixes

* meganav title

* some category link corrections

* Update API categories page

updated to reflect the second level headings for api categories

* Update docs_detailed_categories.yml

Updated to represent the existing docs structure

* Update docs_detailed_categories.yml

* docs page data fix, extra operator page remove

* api data fix

* fix makefile

* update deps, add product subnav to docs and api landing pages

* Rearrange non-hands-on guides to _docs_

Since there is no place for these on learn.hashicorp, we'll put them
under _docs_.

* WIP Redirects for guides to docs

* content and component updates

* font weight hotfix, redirects

* fix guides and intro sidenavs

* fix some redirects

* small style tweaks

* Redirects to learn and internally to docs

* Remove redirect to `/vault`

* Remove `.html` from destination on redirects

* fix incorrect index redirect

* final touchups

* address feedback from michell for makefile and product downloads
2018-10-19 08:40:11 -07:00
Jeff Mitchell 841c4fcdd1 Merge branch 'master-oss' into 1.0-beta-oss 2018-10-19 09:25:17 -04:00
Jeff Mitchell 5f6ddc6a33 Update some grammar 2018-10-18 13:32:42 -04:00
Pouyan Azari 6e6318d5a2 Added link to list of all extensions for the ssh. (#5542)
Added a link to the OpenSSH extension list, this is not documented anywhere in vault documentation website.
2018-10-18 08:51:07 -07:00
Jeff Mitchell d843e0b52c Merge branch 'master-oss' into 1.0-beta-oss 2018-10-18 10:28:14 -04:00
Vishal Nayak ec7343b1c6
Transit: Key Trim (#5388)
* Support key trimming

* Add doc

* Move trimming to its own endpoint

* Remove trimmed_min_version field from config endpoint

* Fix description

* Doc updates

* Fix response json in docs

* Address review feedback

* s/min_version/min_available_version

* Commenting and error statement updates
2018-10-17 09:05:05 -07:00
Brian Shumate e2aad73e72 Docs: Basics: Tokens: Note (#5479)
- Add note about token values
2018-10-17 10:40:55 -04:00
Martin f31aee7d47 add mentions of authorization header support in doc (#5478) 2018-10-17 10:38:15 -04:00
Kevin Buchs 1cd1b5a98e Update dynamodb.html.md (#5519) 2018-10-17 10:36:52 -04:00
Gabriel Martinez bbb1c186ae Update dynamic-secrets.html.md (#5530)
1. Using the current tutorial will return a warning after creating the role "my-role:
```bash
WARNING! The following warnings were returned from Vault:

  * Detected use of legacy role or policy parameter. Please upgrade to use the
  new parameters.
```

To fix this we need to update the command and the query. Correct entries can be found in documentation for the [AWS Engine](https://www.vaultproject.io/docs/secrets/aws/index.html).

2. `vault revoke` to `vault lease revoke`. The command bellow is updated, but the text above it was not.
2018-10-17 10:35:15 -04:00
Jeff Mitchell 224fbd4a88 Merge branch 'master-oss' into 1.0-beta-oss 2018-10-16 10:08:03 -04:00
Laura Gjerman-Uva 5fc44ea9e3 Update Replication Guide to clarify how to get a token on a newly activated Secondary replica, including need to use unseal/recovery keys from Primary if doing generate-root. (#5492) 2018-10-15 21:54:23 -07:00
Jeff Mitchell a64fc7d7cb
Batch tokens (#755) 2018-10-15 12:56:24 -04:00
Munif Tanjim cabcd014ed Update database API doc's parameter description (#5512) 2018-10-15 06:47:43 -07:00
Yoko f3fe00a313
[Guide] Fixed issue 5497 (#5508)
* Fixied issue 5497

* Cleaned up the policy
2018-10-12 16:26:03 -07:00
Jeff Mitchell c41cb98ace Update website docs to reflect fix in #5495 2018-10-10 11:56:50 -04:00
Jeff Mitchell 518f095cd7 Update website docs around root token generation 2018-10-10 11:51:05 -04:00
Yoko dfb0974369
Updating the diagrams (#5488) 2018-10-09 14:51:27 -07:00
Jeff Mitchell 30e64b8297 Add note about accepting 200 or 204 2018-10-09 16:54:18 -04:00
Jeff Mitchell ab582c80e8 Remove outdated references to UUIDs for token values 2018-10-08 12:45:17 -04:00
Jeff Mitchell 8e5c7b6265 Prep for release 2018-10-08 11:23:50 -04:00
Jeff Mitchell ff57c14bc2
Set allowed OIDs to any value when generaing a CA. (#5462)
* Set allowed OIDs to any value when generaing a CA.

Also, allow utf-8 in addition to utf8 as the OID type specifier, and
allow `*` to specify any OID of a supported type.

* Update PKI docs
2018-10-08 09:51:43 -04:00
Jim Kalafut b7c8082960
Fix docs typos 2018-10-05 22:53:09 -07:00
Jim Kalafut 24dc42c908
Update examples to use sha256 (#5468)
sha_256 is supported but not referenced in our API docs.
2018-10-04 09:51:54 -07:00
Jeff Mitchell 10d9009eba Remove incorrect api docs text around metadata being supported for identity aliases 2018-10-04 09:09:41 -04:00
Jeff 45f3297739 fix doc typo (#5455) 2018-10-03 11:25:57 -07:00
Martins Sipenko 2e27e96441 Fix missing > (#5452) 2018-10-03 09:16:36 -04:00
Brian Kassouf fc2e32df7c
Fix identity link (#5449) 2018-10-02 17:45:17 -07:00
Brian Kassouf 6d4346f602
mailto link (#5448) 2018-10-02 17:41:04 -07:00
Becca Petrin 8bfb2a335b alicloud auto-unseal docs (#5446) 2018-10-02 17:21:26 -07:00
Chris Hoffman 6639d015e9
adding upgrade guide (#5447) 2018-10-02 20:18:59 -04:00
Brian Kassouf e44ee5181d prepare for release 2018-10-02 11:21:22 -07:00
sk4ry 0fab335eec Add ability to configure the NotBefore property of certificates in role api (#5325)
* Add ability to configure the NotBefore property of certificates in role api

* Update index.html.md

* converting field to time.Duration

* setting default back to 30s

* renaming the parameter not_before_duration to differentiate between the NotBefore datetime on the cert

* Update description
2018-10-02 11:10:43 -04:00
Joel Thompson 6a9e6cc474 Allow specifying role-default TTLs in AWS secret engine (#5138)
* Allow specifying role-default TTLs in AWS secret engine

* Add an acceptance test

* Add docs for AWS secret role-default TTLs

* Rename default_ttl to default_sts_ttl

* Return default_ttl as int64 instead of time.Duration

* Fix broken tests

The merge of #5383 broke the tests due to some changes in the test style
that didn't actually cause a git merge conflict. This updates the tests
to the new style.
2018-10-02 10:14:16 -04:00
Nageswara Rao Podilapu e12948593b Update page content with a generic noun (#5444)
This might be a typo, It says `A user may have a client token sent to her` instead it should say `A user may have a client token sent to them`
2018-10-02 09:31:01 -04:00
Saurabh Pal 77e635f7e1 Enable TLS based communication with Zookeeper Backend (#4856)
* The added method customTLSDial() creates a tls connection to the zookeeper backend when 'tls_enabled' is set to true in config

* Update to the document for TLS configuration that is  required to enable TLS connection to Zookeeper backend

* Minor formatting update

* Minor update to the description for example config

* As per review comments from @kenbreeman, additional property description indicating support for multiple Root CAs in a single file has been added

* minor formatting
2018-10-01 14:12:08 -07:00
Brian Kassouf 5f34bbbe6d
Update replication-performance.html.md 2018-10-01 13:59:50 -07:00
Brian Kassouf 45c8894c0d
Update replication-dr.html.md 2018-10-01 13:59:17 -07:00
Brian Kassouf 03cf7958ad
Update replication-dr.html.md 2018-10-01 12:53:20 -07:00
Brian Kassouf e6b337b06f
Update replication-performance.html.md 2018-10-01 12:52:44 -07:00
Becca Petrin d1904e972f Discuss ambient credentials in namespaces (#5431)
* discuss ambient credentials in namespaces

* update aws cred chain description
2018-10-01 15:23:54 -04:00
Chris Pick 36c20e8e2d Note that GCP auth method needs iam API enabled (#5339)
In addition to the specific permissions that are already mentioned, the project also needs the `iam.googleapis.com` API enabled, otherwise authenticating will fail with an error similar to:

```
Error authenticating: Error making API request.

URL: PUT https://localhost:8200/v1/auth/gcp/login
Code: 400. Errors:

* could not find service account key or Google Oauth cert with given 'kid' id
```
2018-10-01 10:09:32 -07:00
Brian Shumate d62d482033 Guide/Identity: use consistent id/accessor example to fix #5340 (#5432) 2018-09-28 17:43:15 -04:00
Mike Christof f7bf4a4384 fixed read-entity-by-name code (#5422) 2018-09-28 07:23:46 -07:00
Calvin Leung Huang 253d999c55 docs: Update CLI page to include namespace and flags info (#5363) 2018-09-27 17:08:14 -07:00
joe miller d39ffc9e25 add allowed_organiztaional_units parameter to cert credential backend (#5252)
Specifying the `allowed_organiztaional_units` parameter to a cert auth
backend role will require client certificates to contain at least one of
a list of one or more "organizational units" (OU).

Example use cases:

Certificates are issued to entities in an organization arrangement by
organizational unit (OU). The OU may be a department, team, or any other logical
grouping of resources with similar roles. The entities within the OU
should be granted the same policies.

```
$ vault write auth/cert/certs/ou-engineering \
    certificate=@ca.pem \
    policies=engineering \
    allowed_organiztaional_units=engineering

$ vault write auth/cert/certs/ou-engineering \
    certificate=@ca.pem \
    policies=engineering \
    allowed_organiztaional_units=engineering,support
```
2018-09-27 19:04:55 -05:00
Andy Manoske 32feda57fb
Broken link fix
Fix broken links
2018-09-26 19:48:07 -07:00
Andy Manoske d42a78a2b1
partnerships-format
Some small formatting fixes
2018-09-26 19:41:27 -07:00
Andy Manoske 05f51a4332
Fix header issues
Fix partnerships docs formatting issues
2018-09-26 19:30:28 -07:00
Andy Manoske ab1494389c
Merge branch 'master' into partnerships-add-docs 2018-09-26 19:17:26 -07:00
Andy Manoske 860a655814
Update community.html.erb 2018-09-26 19:16:56 -07:00
Andy Manoske 8b9160035c
Delete partnerships.html.erb 2018-09-26 19:14:06 -07:00
Andy Manoske ece77e4789
Update guides.erb 2018-09-26 19:12:03 -07:00
Andy Manoske 367d75c089
Create index.html.md 2018-09-26 19:06:22 -07:00
Andy Manoske d63e66a902
Update partnerships.html.erb 2018-09-26 18:56:48 -07:00
Jim Kalafut 462dc06a88 operator migrate docs (#5400)
* operator migrate docs

* Address feedback

* Fix title
2018-09-26 10:55:04 -07:00
Joel Thompson 2dc468f4d1 auth/aws: Make identity alias configurable (#5247)
* auth/aws: Make identity alias configurable

This is inspired by #4178, though not quite exactly what is requested
there. Rather than just use RoleSessionName as the Identity alias, the
full ARN is uses as the Alias. This mitigates against concerns that an
AWS role with an insufficiently secured trust policy could allow an
attacker to generate arbitrary RoleSessionNames in AssumeRole calls to
impersonate anybody in the Identity store that had an alias set up.
By using the full ARN, the owner of the identity store has to explicitly
trust specific AWS roles in specific AWS accounts to generate an
appropriate RoleSessionName to map back to an identity.

Fixes #4178

* Respond to PR feedback

* Remove CreateOperation

Response to PR feedback
2018-09-26 08:27:12 -07:00
Joel Thompson 5e6f8904d8 Add AWS Secret Engine Root Credential Rotation (#5140)
* Add AWS Secret Engine Root Credential Rotation

This allows the AWS Secret Engine to rotate its credentials used to
access AWS. This will only work when the AWS Secret Engine has been
provided explicit IAM credentials via the config/root endpoint, and
further, when the IAM credentials provided are the only access key on
the IAM user associated wtih the access key (because AWS allows a
maximum of 2 access keys per user).

Fixes #4385

* Add test for AWS root credential rotation

Also fix a typo in the root credential rotation code

* Add docs for AWS root rotation

* Add locks around reading and writing config/root

And wire the backend up in a bunch of places so the config can get the
lock

* Respond to PR feedback

* Fix casing in error messages

* Fix merge errors

* Fix locking bugs
2018-09-26 07:10:00 -07:00
Clint fec3b70374
Allow force restore for Transit Key Restores (#5382)
* Add test file for testing path_restore in Transit backend. Fails because 'force' is not implemented yet

* initial implementation of 'force', to force restore of existing transit key atomically
2018-09-25 15:20:59 -05:00
Vishal Nayak 68a496dde4
Support operating on entities and groups by their names (#5355)
* Support operating on entities and groups by their names

* address review feedback
2018-09-25 12:28:28 -07:00
Becca Petrin b427a23bbb
update ffi (#5395) 2018-09-25 11:26:58 -07:00
emily b37b8b7edf Docs PR for GCP secrets backend access token changes (#5366)
* initial docs pass

* fix docs
2018-09-21 10:31:49 -07:00
Brian Shumate b43c52d89b Add Enterprise Replication metrics (#3981) 2018-09-21 12:01:44 -04:00
Brian Shumate 25d6d03222 Docs: update policy read API output to address #5298 (#5299) 2018-09-21 10:52:46 -04:00
Brian Shumate 7d692ee614 Update screenshot (#5378)
- Use a Vault dashboard example (previous example was for Consul)
- Rename image file
2018-09-21 09:53:49 -04:00
Roman Iuvshyn 0832153f7d fixes file path option in samples (#5377)
fixes file path option in samples
2018-09-20 15:55:20 -07:00
Yoko 3600f3dfa5
[Guide] Tokens & Leases guide **Correction** (#5375)
* Added Azure Key Vault

* Corrected the info about orphan token creation
2018-09-20 13:58:29 -07:00
Calvin Leung Huang 189b893b35
Add ability to provide env vars to plugins (#5359)
* Add ability to provide env vars to plugins

* Update docs

* Update docs with examples

* Refactor TestAddTestPlugin, remove TestAddTestPluginTempDir
2018-09-20 10:50:29 -07:00
Brian Shumate 74ec835b3b Docs: update Tidy API (#5374)
- Add a sample response to /auth/token/tidy API docs
- Document /auth/approle/tidy/secret-id API docs
2018-09-20 13:25:33 -04:00
Laura Gjerman-Uva 6fcf6ea6fe Add -dr-token flag to commands to generate OTP and decode with OTP (required on DR secondary as of 0.11) (#5368) 2018-09-20 09:19:01 -07:00
Richard Lane 43837ecdf1 Documentation correction - update list identity whitelist sample request (#5369)
Path was incorrectly referencing the roletag-blacklist

Updated the sample to match the correct path
2018-09-19 21:21:57 -07:00
Becca Petrin d05484b586
AliCloud Secrets Docs (#5351) 2018-09-19 08:42:59 -07:00
Jeff Mitchell 43aebacfa8 Fix default_max_request_duration HCL name and update docs (#5321)
* Fix default_max_request_duration HCL name and update docs

* Update tcp.html.md
2018-09-18 14:30:21 -07:00
Yoko 512b64ad77
[Guide] Secure Introduction - Update (#5323)
* Adding Vault Agent to the Secure Intro guide

* Incorporated the feedback

* Deleted extra spaces

* methods -> approaches
2018-09-14 13:51:23 -07:00
Yoko 2cc8610abb
[Guide] Namespaces policy (#5296)
* Added policy info

* Fixed the API URL

* Added webinar recording as a reference material
2018-09-14 11:23:46 -07:00
Evan Grim 7f5c193ace Fix small grammatical error in plugin docs (#5334) 2018-09-13 14:23:24 -07:00
Yoko 04a0dd6d0e
ACL Policy Templating -> ACL Policy Path Templating (#5330) 2018-09-12 16:14:31 -07:00
Clint 5f5af90dfe
Update AWS auth backend iam_request_headers to be TypeHeader (#5320)
Update AWS Auth backend to use TypeHeader for iam request headers

- Remove parseIamRequestHeaders function and test, no longer needed with new TypeHeader
- Update AWS auth login docs
2018-09-12 16:16:16 -05:00
Becca Petrin b2ff87c9c2
Poll for new creds in the AWS auth agent (#5300) 2018-09-12 13:30:57 -07:00
Brian Shumate 168b956fbb Docs: clarify max_ttl in Database Secrets Create (#5311)
- Clarify max_ttl on Database Secrets Create API
- Crosslink to TTL general case docs
2018-09-11 19:55:15 -04:00
Jeremy Gerson 7c51265de9 Update pki-engine.html.md (#5322) 2018-09-11 19:49:31 -04:00
Yoko 7683aa3e57
[Guide] Performance Standby Nodes (#5272)
* Performance Standby Nodes guide

* Added a link in the Vault HA guide

* Added links

* Clarified the node selection info

* Incorporated feedback

* Added 'when the Enterprise license includes this feature'

* Fixed the label: server 8 -> VM8

* Incorporated the feedback
2018-09-11 15:22:36 -07:00
Jeff Mitchell d96d10957c Update some text around encrypting with agent 2018-09-11 15:05:44 -04:00
Becca Petrin 625592c5e6
update to match aws (#5315) 2018-09-11 11:10:50 -07:00
Brian Shumate 67bd5e460b Docs: namespaces edit lookup subcommand text (#5310)
* Docs: namespaces edit lookup subcommand text

* precise
2018-09-10 11:56:01 -04:00
Jeff Mitchell f61a3709ee Finish updating jwt auth docs 2018-09-10 11:46:50 -04:00
mg db56672529 resolve incorrect scope (#5307)
https://github.com/terraform-providers/terraform-provider-azurerm/issues/943

> Turns out the problem is that the scope was invalid. There was a missing s on resourceGroup. The error message though is absolutely awful for detecting that.
2018-09-07 16:56:02 -07:00
Joakim Bakke Hellum 6331f8bdf3 Fix typos in Azure Secrets Engine docs (#5295) 2018-09-06 15:31:19 -07:00
Geoff Meakin 3085c53ffe Update relatedtools.html.md (#5287)
Add ansible-modules-hashivault to the list of third-party tools
2018-09-06 08:37:03 -07:00
Andy Manoske 79f707edd2
Create partnerships.html.erb 2018-09-05 17:06:49 -07:00
Andy Manoske c97428a0cb
Update community.html.erb 2018-09-05 16:44:46 -07:00
Jeff Mitchell c28ed23972
Allow most parts of Vault's logging to have its level changed on-the-fly (#5280)
* Allow most parts of Vault's logging to have its level changed on-the-fly

* Use a const for not set
2018-09-05 15:52:54 -04:00
Steven Black 0a482e9bd2 Fix misspelling (#5279) 2018-09-05 15:40:01 -04:00
Jeff Mitchell cdd08cba58 Bump for release 2018-09-05 13:17:37 -04:00
Brian Shumate 76293834cc Update terminology (#5225)
- Change "key ring" references to "key" to match Transit API docs
2018-09-05 12:05:02 -04:00
Becca Petrin 7e0e49656a Add AliCloud auth to the Vault Agent (#5179) 2018-09-05 11:56:30 -04:00
Seth Vargo 81e9efb658 Fix resource binding examples (#5273) 2018-09-05 11:55:45 -04:00
Dan Brown 19406ecd32 EA validation of material against Vault 0.11 (#5276)
* Validate RA against Vault 0.11

* Validate DG against Vault 0.11
2018-09-05 11:55:27 -04:00
Jeff Mitchell c9b06f3b62
Remove certificates from store if tidying revoked certificates (#5231)
This will cause them to be removed even if they have not expired yet,
whereas before it would simply leave them in the store until they were
expired, but remove from revocation info.
2018-09-05 11:47:27 -04:00
RobinsonWM cf525cb934 Documentation: Corrected typo in CLI init doc (#5269) 2018-09-04 15:44:41 -06:00
Jeff Mitchell 761f06d3a3
Update index.html.md 2018-09-04 12:15:05 -04:00
Dan Brown d7d6c295b4 Update Azure VM sizes in Reference Architecture (#5251) 2018-09-03 20:24:27 -07:00
Yoko 0da1c762cb
[Guide] Updates on Namespaces guide (#5243)
* Added 'Additional Discussion' section

* s/at the root/in the root namespace/

* one more place that I said 'at the root' - fixed
2018-08-31 18:24:07 -07:00
Chris Hoffman 218ca527be
adding known issue 2018-08-31 17:29:21 -04:00
Yoko 5cfc84238d
Fixed the incomplete sentense (#5240) 2018-08-31 11:37:28 -07:00
Yoko c52f3c5a24
[Guide] ACL Templating (#5226)
* WIP - ACL Templating

* WIP

* WIP - ACL Templating

* WIP

* Updated

* ACL Policy Templating guide

* Updated to use kv-v2 instead of kv

* Fixed the incomplete sentense and cleaned it up a little

* WIP Formatting and grammar

* Minor fixes
2018-08-31 09:06:43 -07:00
Chris Hoffman 3f56e989a3
adding known issues section 2018-08-30 19:09:30 -04:00
Yoko 2e7e2778e1
[Guide] Update for Vault HA (0.11) (#5104)
* For 0.11 - Performance Nodes

* Added the doc link

* Performance Node -> Performance Standby Nodes

* Updated to say 'most read-only requests'
2018-08-30 14:45:34 -07:00
Andy Manoske e8ef5afb5f
namespace docs updates
Post-launch clarifications on namespace docs
2018-08-30 14:20:14 -07:00
Yoko cc8eceb849
[Guide] Fixed the reported issue (#5230)
* Fixed the message

* Fixed the message
2018-08-30 09:45:18 -07:00
Jeff Mitchell b1f462d7f9 Fix up sidebar JWT description 2018-08-30 12:00:20 -04:00
Jeff Mitchell 5da6fc2f77 Remove some confusing language on perf standby page 2018-08-29 19:51:23 -04:00
Brian Shumate eeb3b71fc0 Minor edits (#5221)
- Correct typo
- Remove trailing spaces
2018-08-29 12:01:33 -04:00
Chris Hoffman 774359f3b5
adding namespaces example 2018-08-29 11:26:23 -04:00
Jeff Mitchell 24946fe43e
Add namespace/mfa docs (#5215) 2018-08-28 15:33:34 -07:00
Jeff Mitchell b509ea4926 Make the usernames match in all examples in userpass 2018-08-28 18:33:00 -04:00
Brian Kassouf 85f06f7e88
Add Performance Standby Docs (#5214)
* Add Performance Standby Docs

* Review updates
2018-08-28 12:48:02 -07:00
Frederic Hemberger d343f00b64 Fix ssh command in example (#5209) 2018-08-28 12:34:48 -07:00
Jeff Mitchell 5cf0e3e87e
Update API section index file with fixes, updates, and namespace info. (#5213) 2018-08-28 12:33:19 -07:00
Chris Hoffman 4b87a0fd2c
remove beta language 2018-08-28 14:00:55 -04:00
Yoko d28e993e1b
Added Deployment Guide in the index (#5211) 2018-08-28 10:55:30 -07:00
Jeff Mitchell d56682ee9d Update upgrade guide 2018-08-28 12:17:43 -04:00
Jeff Mitchell d986c8813b Update upgrade guide for 0.11.0 2018-08-28 12:12:40 -04:00
Jeff Mitchell 2a8e510a27 Document disable_performance_standby 2018-08-28 12:09:13 -04:00
Chris Hoffman c81efa0fa2
fixing link 2018-08-28 07:19:35 -04:00
Dan Brown 9954bddcf0 Add Deployment Guide, links and reformat Ref Arch (#5041)
* Add Deployment Guide, links and reformat Ref Arch

* Improve systemd service file and links
2018-08-28 04:53:36 -06:00
Jeff Mitchell efadc93c4a Update version numbers 2018-08-28 02:41:24 -04:00
Jim Kalafut abe86a48f4 Fix Azure Secrets API example 2018-08-27 20:44:00 -06:00
Austin Workman e8991e8fe9 Adding documentation clarifying oracle plugin setup and requirements (#5183) 2018-08-25 12:27:13 -07:00
Becca Petrin 55b3dfbcc0
use ldaps in docs (#5180) 2018-08-24 10:36:20 -07:00
Laura Gjerman-Uva 70bf87c25b Update ad/creds/:rolename endpoint to include the table with method/path for consistency/clarity. Also, remove payload.json from example, since this endpoint doesn't take a payload. (#5172) 2018-08-24 09:19:51 -07:00
Chris Hoffman e6abba9558
Revert "Add Configuration Builder and Better Download page" (#5171) 2018-08-23 19:34:50 -04:00
Jim Kalafut 7eb0403ad2
Fix Azure Secrets docs error 2018-08-23 14:27:47 -07:00
Joshua Ogle 6819af20b5
Merge branch 'master' into oss-download-config-path 2018-08-23 14:01:39 -06:00
Jeff Mitchell ba0d029247
Restricts ACL templating to paths but allows failures (#5167)
When a templating failure happens, we now simply ignore that path,
rather than fail all access to all policies
2018-08-23 12:15:02 -04:00
Chris Hoffman d736324b50 Docs: ACL Templating (#5159) 2018-08-23 10:05:44 -04:00
Jim Kalafut 18b21275d9 Fix docs typos (#5158) 2018-08-22 18:26:48 -04:00
Greg Oledzki d5a3010498 Update delete.html.md (#5155)
Minor typo in `delete` command docs
2018-08-22 11:26:21 -07:00
Becca Petrin fb6a06a3fe
Alibaba auth docs (#5132) 2018-08-22 10:23:33 -07:00
Chris Hoffman 52af323257
fixing feature name 2018-08-22 11:41:28 -04:00
Chris Hoffman b1c5e1f91c
fixing feature name 2018-08-22 11:40:48 -04:00
Hugo Wood 203269a5d4 JWT/OIDC documentation fixes (#5157)
* Fix argument name in JWT/OIDC login CLI example

* Fix groups_claim documented as required when creating roles for JWT/OIDC
2018-08-22 10:44:08 -04:00
Stenio Ferreira 8dfedb2693 Fixed a typo in the Namespaces guide (#5151) 2018-08-21 13:33:40 -07:00
Jeff Mitchell e58a8a63a7
Add the ability to specify token CIDR restrictions on secret IDs. (#5136)
Fixes #5034
2018-08-21 11:54:04 -04:00
Jeff Mitchell 051bb9fc13
Two PKI improvements: (#5134)
* Disallow adding CA's serial to revocation list
* Allow disabling revocation list generation. This returns an empty (but
signed) list, but does not affect tracking of revocations so turning it
back on will populate the list properly.
2018-08-21 11:20:57 -04:00
Gerardo Rodriguez 43c733b460 Edit, missing "to" (#5147) 2018-08-21 11:09:41 -04:00
Chris Hoffman 4d574c1d6c
adding namespace docs (#5133) 2018-08-17 12:17:11 -04:00
Chris Hoffman d25b7fa477
Add additional clarification 2018-08-17 08:55:49 -04:00
Raja Nadar 797141f8ae vaultsharp - multi platform capabilities (#5127) 2018-08-17 08:47:16 -04:00
Yoko 56636735bc [Guide] Multi-Tenant Pattern with ACL Namespaces (0.11) (#5103)
* WIP - ACL Namespace

* WIP - ACL Namepaces

* WIP

* WIP

* WIP

* WIP

* WIP

* Added UI screenshots

* Added summary at the end

* Added the Web UI steps in Step 5

* Update multi-tenant.html.md

Updated text to ensure that we use the final "ship" name of namespaces (namespaces vs. ACL Namespaces) and introduced some industry-specific terminology (highlighting this is about Secure Multi-Tenancy)
2018-08-16 16:51:53 -07:00
Andy Manoske 50edc43df0
Merge pull request #5112 from hashicorp/namespaces-docs
Merge for Beta Launch
2018-08-16 15:36:43 -07:00
Chris Hoffman b18d9cc830
doc updates 2018-08-16 17:59:39 -04:00
Brian Kassouf bf77a69f4d
Update upgrade-to-0.11.0.html.md 2018-08-16 14:29:18 -07:00
Brian Kassouf 95800f76b0
Add upgrade notes (#5125) 2018-08-16 14:22:27 -07:00
Andy Manoske 8ef8da0886
Update docs.erb 2018-08-16 13:44:13 -07:00
Andy Manoske de52752e86
Update index.html.md
Updated to include Yoko's guide URL
2018-08-16 13:38:24 -07:00
Clint 96d8bd4bf7 [WIP] Support custom max Nomad token name length [supersedes https://github.com/hashicorp/vault/pull/4361] (#5117)
* Nomad: updating max token length to 256

* Initial support for supporting custom max token name length for Nomad

* simplify/correct tests

* document nomad max_token_name_length

* removed support for max token length env var. Rename field for clarity

* cleanups after removing env var support

* move RandomWithPrefix to testhelpers

* fix spelling

* Remove default 256 value. Use zero as a sentinel value and ignore it

* update docs
2018-08-16 15:48:23 -04:00
Jim Kalafut 4ced3b0f77
Initial Azure Secrets docs (#5121) 2018-08-16 12:10:56 -07:00
brianvans f79385346f Add ha_enabled for mysql backend (#5122)
* Slight cleanup around mysql ha lock implementation

* Removes some duplication around lock table naming
* Escapes lock table name with backticks to handle weird characters
* Lock table defaults to regular table name + "_lock"
* Drop lock table after tests run

* Add `ha_enabled` option for mysql storage

It defaults to false, and we gate a few things like creating the lock
table and preparing lock related statements on it
2018-08-16 11:03:16 -07:00
Yamamoto, Hirotaka 6673e579a0 [etcd] fix the deafult prefix in website (#5116)
etcd storage stores all Vault data under a prefix.
The default prefix is "/vault/" according to source codes.

However, the default prefix shown in the website is "vault/".
If the access to etcd is restricted to this wrong prefix, vault
cannot use etcd.
2018-08-16 10:38:11 -04:00
Joel Thompson 0941c7a24a Make AWS credential types more explicit (#4360)
* Make AWS credential types more explicit

The AWS secret engine had a lot of confusing overloading with role
paramemters and how they mapped to each of the three credential types
supported. This now adds parameters to remove the overloading while
maintaining backwards compatibility.

With the change, it also becomes easier to add other feature requests.
Attaching multiple managed policies to IAM users and adding a policy
document to STS AssumedRole credentials is now also supported.

Fixes #4229
Fixes #3751
Fixes #2817

* Add missing write action to STS endpoint

* Allow unsetting policy_document with empty string

This allows unsetting the policy_document by passing in an empty string.
Previously, it would fail because the empty string isn't a valid JSON
document.

* Respond to some PR feedback

* Refactor and simplify role reading/upgrading

This gets rid of the duplicated role upgrade code between both role
reading and role writing by handling the upgrade all in the role
reading.

* Eliminate duplicated AWS secret test code

The testAccStepReadUser and testAccStepReadSTS were virtually identical,
so they are consolidated into a single method with the path passed in.

* Switch to use AWS ARN parser
2018-08-16 06:38:13 -04:00
Andy Manoske bd4c047713
Update index.html.md 2018-08-15 17:44:36 -07:00
Andy Manoske 9d41d4c407
Update index.html.md 2018-08-15 17:44:00 -07:00
Clint 48e5c71b33 Update apis.html.md (#5071)
We disable TLS for example purposes, not exemplary purposes 😄
2018-08-15 19:41:29 -04:00
Christoph Ludwig 24a368c1ba Add support for "sovereign" Azure cloud environments (#4997)
* Add support for "sovereign" Azure cloud environments

* Shorten variable names
2018-08-15 19:40:36 -04:00
Andy Manoske 0a71ea9a58
Create index.html.md 2018-08-15 15:27:11 -07:00
RichardWLaub 8d7a983bba Update usage section for kv-v1 docs (#5105)
While following along with the usage section in the kv-v1 docs I noticed this error.
Running the given command gives:

```text
$ vault kv list kv/my-secret
No value found at kv/my-secret/
```

Running `vault kv list kv/` gives the desired output. 

Also, I removed some trailing whitespace.
2018-08-15 10:57:36 -07:00
Seth Vargo 324c8fab24 Fix docs typo (service-account => service_account) (#5102)
Fixes hashicorp/vault-plugin-auth-gcp#47
2018-08-14 15:46:41 -07:00
Gerald 9192bd6b07 Add ttl params into csr signing docs (#5094) 2018-08-13 23:38:03 -04:00
Yoko 1395d6ea1a
[Guide] Control Groups (#5072)
* Control Group guide

* Fixed user policy list

* Fixed a typo

* Replaced the wrong screenshot

* Added missing period
2018-08-13 14:51:32 -07:00
Frank Allenby ddc77d62f0 Added a link to the "previous section" mentioned (#5018)
This is for clarity since I had to check back to remember where it was mentioned.
2018-08-13 17:13:42 -04:00
Jim Kalafut 3822e2997b
Clarify "Commands" docs (#5092)
Fixes #4890
2018-08-13 14:09:48 -07:00
Nándor István Krácser b9fab6375b Alibaba Object Storage support (#4783) 2018-08-13 17:03:24 -04:00
Michael Schuett 63e7ac034f MySQL HA Backend Support (#4686) 2018-08-13 17:02:31 -04:00
Jim Kalafut 92f0e1a39e Revert "Add ttl parameter to pki api docs (#5063)"
This reverts commit 7824826ca72c503677559cf9e5c1a7193433b34a.
2018-08-13 09:34:05 -07:00
Yoko 140e3d5402
[Guide] Vault Cluster Monitoring Guide (#5084)
* Vault cluster monitoring guide

* Updated the download link

* Fixed broken link
2018-08-10 13:52:02 -07:00
Jim Kalafut aa8dac9bd2
Add RDS notes to MSSQL docs (#5062) 2018-08-10 08:52:21 -07:00
Jeff Mitchell 65d2cc768c Website typo fix 2018-08-08 15:53:40 -04:00
Jim Kalafut 7b7f1cc7ff
Add ttl parameter to pki api docs (#5063) 2018-08-08 09:12:14 -07:00
Conor Mongey 5454c15a7e Fix typo: Consult Template -> Consul Template (#5066) 2018-08-08 09:01:45 -07:00
Ian Grayson 931c289b95 Update policies.html.md (#5007)
Allow admins to run CLI: `vault secrets list`
2018-08-07 10:35:23 -07:00
Jeff Escalante 2a21e85580 html syntax corrections (#5009) 2018-08-07 10:34:35 -07:00
Rob ca3aa1f36b Update dev-server.html.md (#5035)
The instructions were in backwards order. #3591
2018-08-07 10:33:30 -07:00
Yoko 3ae63b06d7
Typo fix (#5052) 2018-08-06 15:50:39 -07:00