mirrors/vault
1
0
Fork 0
mirror of https://github.com/hashicorp/vault.git synced 2025-11-20 02:01:37 +01:00
Code Issues Projects Releases Wiki Activity
11,849 Commits 2,847 Branches 460 Tags
Commit Graph

11849 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Clint
66bf106b0f
MySQL HA: Return an error if we fail to get a lock on standby (#8229) 
* return an error if we fail to get a lock on standby

* Add regression test

* minor refactoring to remove a race condition in the test
 2020-02-05 14:08:48 -06:00
Clint
699b87d367
Update CHANGELOG.md 2020-02-05 13:53:34 -06:00
Clint
45cfa720c6
secret/database: Guard against panic with InfluxDB plugin (#8282) 
* database/influx: fix panic when trying to revoke user

Guard against other nil responses

* return an error if response is nil, which is unlikely but best safe than sorry

* refactor a deeply nested statement into a function
 2020-02-05 13:49:02 -06:00
ncabatoff
5b82df92fa
Changes needed so that benchmark-vault can run with Prometheus monitoring (#8295) 2020-02-05 13:45:16 -05:00
Jim Kalafut
02db2b54d3
Add links to changelog Github references (#8293) 
Co-authored-by: Daniel Spangenberg <daniel@spangenberg.io>
 2020-02-05 08:28:19 -08:00
Daniel Spangenberg
473c5d94f3
changelog++ 2020-02-05 10:56:18 +01:00
Dan Lafeir
783d11d573
Add a specific reference to AWS IAM Unique Identifiers (#8209) 
* Add specification about AWS IAM Unique Identifiers

We experienced an issue where IAM roles resources were re-provisioned with the same ARNs and no change had been made to our vault role configuration but users lost access with `-method=aws`. It wasn't immediately clear to us how IAM Unique Identifiers where being used to avoid the same situations outlined in the AWS documentation. We eventually concluded that re-provisioning the roles in our auth/aws/auth would fetch the new IAM Unique Identifiers. 

I hope that this small amendment helps people avoid this problem in the future.
 2020-02-04 15:31:48 -08:00
Jamie Finnigan
4aefe1756f
fix <name> entity encoding for Secrets Engines Metrics section (#8290) 2020-02-04 15:06:10 -08:00
Daniel Spangenberg
e3f37c7751
Allow FQDNs in DNS Name for PKI Secrets Engine (#8288) 
Fixes #4837
 2020-02-04 23:46:38 +01:00
Becca Petrin
286bad2917
changelog++ 2020-02-04 13:08:10 -08:00
Michael Golowka
80c3b5245e
Update changelog with database plugin bugfixes 
Fixes from GH-8240:
- fix inconsistent parameter names
- fix mysql so default static credential rotation statements are used
 2020-02-03 13:59:23 -07:00
Michael Golowka
be052618da
plugins/database: Allow both {{name}} and {{username}} in MySQL & Postgres (#8240) 
* Allow {{name}} or {{username}} in psql templates

* Fix default rotation bug; allow {{user}} and {{username}}
 2020-02-03 13:57:28 -07:00
glerb
961155578d
Improve clarity of IAM flow explanation (#8275) 2020-02-03 10:14:09 -08:00
ncabatoff
cc57b8baad
changelog++ 2020-02-03 12:52:28 -05:00
ncabatoff
45077a4d67
Upgrade okta sdk lib (#8143) 
Upgrade to new official Okta sdk lib.  Since it requires an API token, use old unofficial okta lib for no-apitoken case. 

Update test to use newer field names.  Remove obsolete test invalidated by #4798.  Properly handle case where an error was expected and didn't occur.
 2020-02-03 12:51:10 -05:00
Calvin Leung Huang
620ae8bba6
ci: add context to website-docker-image job (#8272) 
* ci: add context to website-docker-image job

* ci: test context value

* ci: revert test context value
 2020-02-03 09:04:33 -08:00
ncabatoff
d1730bdc8d
changelog++ 2020-02-03 12:01:11 -05:00
ncabatoff
8cfe91ea9d
changelog++ 2020-02-03 11:56:07 -05:00
ncabatoff
7a1bb2ff04
Ensure that http_raw_body is always passed to the audit redaction system as a string 
Before this it was passed as a []byte, which doesn't get HMAC'd.  The original non-HMACing behaviour can be obtained by adding "http_raw_body" to audit_non_hmac_response_keys. (#8130)
 2020-02-03 11:53:02 -05:00
Sebastien Williams-Wynn
0f8f59ef81
Fix minor typo in doc string (#8277) 2020-02-02 20:12:59 +01:00
Becca Petrin
bef1fcfaa0
Update gen_openapi.sh (#8273) 
* enable more auth backends in openapi gen

* cf and pcf are the same, with cf being preferred
 2020-01-31 16:05:39 -08:00
Jeff Escalante
4cf6df7e22
update dependencies (#8271) 2020-01-31 14:27:39 -05:00
Jason O'Donnell
3c107faf43
docs: update vault k8s to 0.2.0 (#8269) 
* doc: update vault-k8s to 0.2.0

* Add debugging note
 2020-01-31 11:22:39 -05:00
ncabatoff
492ae16c31
Fix flaky test of api renewer by moving away from legacy api. (#8265) 2020-01-30 15:12:21 -05:00
Vitaly Velikodny
8d468563cb
Clean AlibabaCloud physical backend code (#8186) 2020-01-30 12:08:24 -08:00
Jim Kalafut
3ce37f9b5e
Update GH issue template to point to forum (#8226) 2020-01-30 11:39:46 -08:00
Daniel Spangenberg
2989c1df69
Fix default max_open_connections for db plugins (#8262) 2020-01-30 17:33:04 +01:00
Sarai
5a8f47bf40
Fix broken link (#8259) 
- https://www.vaultproject.io/api/secret/pki/index.html#create-update-role
- https://www.vaultproject.io/api/secret/pki/index.html#createupdate-role
 2020-01-30 08:12:24 -08:00
ncabatoff
20c514cc60
Removing timing-dependent aspects of test. (#8261) 2020-01-30 11:02:48 -05:00
Clint
f3d1cc21f2
Changelog++ 2020-01-30 09:11:54 -06:00
Alex Antonov
963e71c33e
Added flag to disable X-Vault-Token header proxy if client passes the token (#8101) 
* Added flag to disable X-Vault-Token header proxy if client passes the token

* Reveresed the flag value to better match the name intent

* Introduced UseAutoAuthTokenRaw for Cache to support triplicate value of true/false/force

Co-authored-by: Clint <catsby@users.noreply.github.com>
 2020-01-30 09:08:42 -06:00
Michel Vocks
8d123920b3
changelog++ 2020-01-30 11:13:32 +01:00
Becca Petrin
16af5d18dd changelog++ 2020-01-29 10:59:19 -08:00
Calvin Leung Huang
8f8ba51449
test: fix TestAgent_Template_Basic (#8257) 
* test: fix TestAgent_Template_Basic

* test: fix TestAgent_Template_ExitCounter
 2020-01-29 09:31:29 -08:00
Raoof Mohammed
ca28eef813
docs: fix api path for merge entity identity doc (#8258) 2020-01-29 08:56:36 -08:00
Michel Vocks
96ff398e50
Bump etcd client API dep (#8037) 2020-01-29 15:16:38 +01:00
Michel Vocks
b52049a749
Add Consul TLS options to access API endpoint (#8253) 2020-01-29 09:44:35 +01:00
Michel Vocks
a806b0b4ef
Docs: Add nomad TLS options (#8254) 2020-01-29 09:38:54 +01:00
Noelle Daley
8527ee4da2
Update CHANGELOG.md 2020-01-28 11:23:07 -06:00
Noelle Daley
5dbfd445d4
show kmip details in wizard (#8255) 2020-01-28 11:21:04 -06:00
Michel Vocks
0e232caf89
changelog++ 2020-01-28 11:06:27 +01:00
Michel Vocks
b879d61f02
Fix Vault Agent Template TLS config parameters (#8243) 2020-01-28 10:59:31 +01:00
Jim Kalafut
060775d9e9
Run goimports (#8251) 2020-01-27 21:11:00 -08:00
Chris Hoffman
443404ee01
fixing static pdf compliance letter (#8248) 2020-01-27 15:40:55 -05:00
Theron Voran
b5bcd61d19
Show bound_service_accounts in gce example (#8236) 
Shows that the GCP auth option `bound_service_accounts` can be used
for gce-type roles as well as iam.
 2020-01-27 11:48:21 -08:00
Angel Garbarino
ef84c75e50
Update CHANGELOG.md 2020-01-27 09:45:02 -07:00
Angel Garbarino
2a4125fcba
Allow default auth method to be either "other" or auth of the enabled listing-visibility unauth (#8218) 
* remove default for authMethod as it's preventing the other auth methods from being selected as default when they are marked as List method when unauthenticated.

* fix test

* fix test

* fix typo

* fix missed query params

* fix missing backend.type, and adjust formatting per prettier requirements
 2020-01-27 09:41:44 -07:00
Daniel Spangenberg
9de6ed66ee
Clarify the k8s helm run docs (#8235) 2020-01-27 14:54:59 +01:00
Michel Vocks
267665ecc0
Fix redoing redirect response raft snapshot cli (#8211) 
* Fix redoing redirect response raft snapshot cli

* Removed unnecessary lines of code

* go mod vendor
 2020-01-27 11:25:52 +01:00
Chris Hoffman
a2ea0b5502
Adding pricing module note for enterprise features (#8217) 
* adding pricing module note for enterprise features

* fixing incorrectly committed go.mod
 2020-01-24 19:18:22 -05:00