Gideon
8aee6262c1
Allow InfluxDB to use insecure TLS without cert bundle ( #8778 )
...
Moves the configuration of insecure TLS and TLS version outside of the certificate bundle.
2020-06-09 10:38:58 -04:00
Brian Kassouf
3b4ba9d1fb
Upgrade raft library ( #9170 )
...
* Upgrade raft library
* Update vendor
* Update physical/raft/snapshot_test.go
Co-authored-by: Calvin Leung Huang <cleung2010@gmail.com>
* Update physical/raft/snapshot_test.go
Co-authored-by: Calvin Leung Huang <cleung2010@gmail.com>
2020-06-08 16:34:20 -07:00
Yoan Blanc
77dfab2b62
operator: init -status to return JSON ( #8773 )
2020-06-08 14:35:39 -04:00
Peter J. Li
27cf73afa8
fix error message for when an invalid uri_sans is provided via the api ( #8772 )
2020-06-08 13:43:56 -04:00
joe miller
15661719fa
document all of the supported elliptic curves ( #8722 )
2020-06-08 11:26:56 -04:00
Rob Taylor
76e78605a9
Fixed minor typo in secrets documentation page ( #8856 )
2020-06-08 11:17:26 -04:00
Jim Kalafut
61e795c5e2
Add namespace parameter to ssh helper config ( #9160 )
2020-06-08 08:16:03 -07:00
Frederic Hemberger
4e13db3912
[docs/telemetry] Unnecessary comma in HCL example ( #8817 )
2020-06-08 11:07:28 -04:00
Billie Cleek
009ef0b8a4
document response wrapping behavior ( #8156 )
...
Document response wrapping behavior so that it's clear how
WrappingLookupFuncs should behave.
2020-06-08 10:50:48 -04:00
Rob Jackson
38ca50cdd9
update to include vault_format ( #8876 )
2020-06-08 10:40:03 -04:00
Tomas Bäckman
6e97db6d68
Add note about flag -target=recovery for auto-unseal mode ( #9163 )
2020-06-08 09:26:49 -04:00
Austin Gebauer
bf2ce8d1cb
docs: fix port number in curl command for aws rotate root iam creds ( #9157 )
2020-06-05 16:00:49 -07:00
Calvin Leung Huang
0565e28592
docs: document raft and mlock interaction ( #9093 )
...
* docs: document raft and mlock interaction
* docs: expand on mlock issue when raft is used
* Update website/pages/docs/configuration/index.mdx
Co-authored-by: Brian Kassouf <briankassouf@users.noreply.github.com>
Co-authored-by: Brian Kassouf <briankassouf@users.noreply.github.com>
2020-06-05 15:02:55 -07:00
Scott Miller
e2d5d92b77
Github markdown doesn't use "^" for superscript, have to be explicit ( #9156 )
2020-06-05 16:55:33 -05:00
ncabatoff
6937ec9817
changelog++
2020-06-05 15:56:38 -04:00
Jon Davies
40730db136
certutil/helpers.go: Allow 3072 RSA key sizes. ( #8343 )
2020-06-05 15:54:41 -04:00
Clint
dd9c3b9133
Sync Protobuf dependencies between core and sdk ( #9154 )
...
* update go.mod/sum for root and sdk folders to sync protobuf versions
* run 'go mod vendor'
* bump github.com/golang/protobuf to v1.4.2
2020-06-05 14:15:12 -05:00
Scott Miller
f8f4ae4ab2
Document and give an example of the input size limits when using the FF3-1 transform. ( #9151 )
...
* Document and give an example of the input size limits when using the FF3-1
transform.
2020-06-05 07:45:18 -05:00
ncabatoff
fdba917b66
Fix feature flag persistence: we shouldn't have excluded dr primaries, they too must write feature flags. DR secondaries might not need depend on feature flags being there, but a DR primary could also be (or become) a perf primary. ( #9148 )
2020-06-04 13:00:33 -04:00
Austin Gebauer
85d6886778
changelog++
2020-06-03 12:28:47 -07:00
Jason O'Donnell
e0e29a9586
docs/k8s: Add OpenShift K8s beta documentation ( #9135 )
...
* doc/k8s: add OpenShift examples
* Update requirements
* Update website/pages/docs/platform/k8s/helm/openshift.mdx
Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>
* Fix ha example
* Fix ha doc
* Update image references
* Fix formatting
Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>
2020-06-03 15:10:37 -04:00
Austin Gebauer
cc16c6d08e
fix: remove mount prefix from config path used to invalidate connections ( #9129 )
2020-06-03 12:04:55 -07:00
Dave D'Amico
a60ba90a20
updated 1.3.2 and 1.4.0 upgrade guides to note AWS STS region issue fixed in 1.4.1 ( #9137 )
2020-06-03 10:27:45 -07:00
Michael Golowka
438345c390
Update OpenLDAP secret engine to v0.1.3 ( #9123 )
...
* Adds ability to use password policies
Operations:
Updated go.mod for OpenLDAP to v0.1.3
Ran `go mod tidy`
Ran `go mod vendor`
2020-06-03 10:37:00 -06:00
Theron Voran
7622bee530
Docs updates for vault-helm 0.6.0 release ( #9116 )
...
* Docs updates for vault-helm 0.6.0 release
* added openshift and postStart values
* noting that openshift support is a beta feature
2020-06-03 11:44:32 -04:00
Theron Voran
fa17e22050
Docs updates for vault-k8s 0.4.0 ( #9107 )
...
* Adding changes for vault-k8s 0.4.0
* add note about run-as-same-user rejecting root
2020-06-03 10:06:20 -04:00
Brian Kassouf
fbd9fd4510
Fix upgrade guide ( #9133 )
2020-06-02 16:27:19 -07:00
Mark Gritter
475fe0eede
Token creation counters ( #9052 )
...
* Add token creation counters.
* Created a utility to change TTL to bucket name.
* Add counter covering token creation for response wrapping.
* Fix namespace label, with a new utility function.
2020-06-02 13:40:54 -05:00
Michael Golowka
5ca4d819d1
Update OpenLDAP Secrets Docs with Password Policies ( #9088 )
...
* Update OpenLDAP docs to use password policies
2020-06-02 11:34:01 -06:00
Michael Golowka
bd587da491
Add docs for password policies ( #8974 )
...
* Add docs for password policies
2020-06-02 11:12:22 -06:00
Jason O'Donnell
ab0bbc595b
agent/raft: fix typo in help strings ( #9114 )
2020-06-02 10:17:08 -04:00
Jim Kalafut
34fab8ae09
Update gcp secrets plugin ( #9004 )
2020-06-01 11:02:33 -07:00
Alexander Bezobchuk
eb0b3ac286
Merge PR #9100 : Add key_version to Transit Logical Response
2020-06-01 13:16:01 -04:00
Alexander Bezobchuk
9dd67cbeb6
Merge PR #9027 : Integrated Storage (Raft): Add Support for max_entry_size Config
2020-06-01 10:17:24 -04:00
ncabatoff
da3377ce6a
changelog++
2020-05-29 14:23:09 -04:00
ncabatoff
8870b2e51c
Add mongodbatlas static roles support ( #8987 )
...
* Refactor PG container creation.
* Rework rotation tests to use shorter sleeps.
* Refactor rotation tests.
* Add a static role rotation test for MongoDB Atlas.
2020-05-29 14:21:23 -04:00
dddugan
a098e313a9
correct sockaddr.is_contained example ( #9104 )
...
Syntax for sockaddr.is_contained should be outer, inner - i.e. range, IP. See https://docs.hashicorp.com/sentinel/imports/sockaddr/ for reference.
2020-05-29 10:51:31 -07:00
ncabatoff
4481521c0e
Extend agent template tests to also validate that updated templates get re-rendered. ( #9097 )
2020-05-29 13:36:59 -04:00
Scott Miller
12d704d97f
Provide token ttl and issue time in the audit log. ( #9091 )
...
* Populate a token_ttl and token_issue_time field on the Auth struct of audit log entries, and in the Auth portion of a response for login methods
* Revert go fmt, better zero checking
* Update unit tests
* changelog++
2020-05-29 12:30:47 -05:00
Jeff Escalante
0e3229a3d8
add missing styles for mdx components ( #9103 )
2020-05-29 13:29:24 -04:00
ncabatoff
9987b71a36
Update seal docs to reflect 1.3 changes. ( #9086 )
2020-05-29 13:28:03 -04:00
Christophe Drevet-Droguet
932c1834cc
ssh certificate signing: fix documentation of extensions ( #8859 )
2020-05-29 13:23:19 -04:00
Elthariel
3a07bd0bc4
doc: Add an example of templated policy using k8s metadata ( #9101 )
2020-05-28 17:54:56 -07:00
Meggie
a8ed7d3edd
changelog++
...
Fixing a version typo in 1.3.6 notes.
2020-05-27 15:16:35 -04:00
Michael Golowka
755ecf7fa6
Changelog++ (Password Policies)
2020-05-27 12:46:00 -06:00
Michael Golowka
b52950f884
Add user configurable password policies available to secret engines ( #8637 )
...
* Add random string generator with rules engine
This adds a random string generation library that validates random
strings against a set of rules. The library is designed for use as generating
passwords, but can be used to generate any random strings.
2020-05-27 12:28:00 -06:00
ncabatoff
d8c52a4b44
Add note regarding LDAP regression. ( #9038 )
2020-05-27 12:29:30 -04:00
Jim Kalafut
62dfb3f481
changelog++
2020-05-26 21:09:11 -07:00
Thomas L. Kula
3ce9615992
Allow auto_auth with templates without specifying a sink ( #8812 )
...
For situations where you want the Vault agent to handle one or more templates but do not require the acquired credentials elsewhere.
Modify the logic in SyncServer so that if there are no sinks, ignore any new credentials. Since SyncServer is responsible for shutting down the agent, make sure it still properly shuts down in this new situation.
Solves #7988
2020-05-26 13:52:14 -04:00
Alexander Bezobchuk
1dd2113755
Merge PR #9078 : Add go version to server message output
2020-05-26 12:28:51 -04:00