mirrors/vault
1
0
Fork 0
mirror of https://github.com/hashicorp/vault.git synced 2025-08-17 12:07:02 +02:00
Code Issues Projects Releases Wiki Activity
4,755 Commits 2,844 Branches 445 Tags 454 MiB
174aa4adb1
Commit Graph

183 Commits

Author SHA1 Message Date
vishalnayak
174aa4adb1 Update github login output in the docs 2016-10-14 22:39:56 -04:00
Mark Paluch
7652e18aea Use POST method for destroy operations in documentation 
Use POST method as most clients (including Vault cli) cannot send a body when using the DELETE HTTP method.
 2016-10-11 17:12:07 +02:00
Vishal Nayak
a72b7698bb Merge pull request #1961 from hashicorp/aws-ec2-auth-rsa-signature 
aws-ec2-auth using identity doc and RSA digest
 2016-10-04 15:45:12 -04:00
vishalnayak
4e471c41fb Minor doc updates 2016-10-04 15:46:09 -04:00
vishalnayak
84c8caefca Address review feedback 2016-10-04 15:05:44 -04:00
vishalnayak
dda2e81895 Add only relevant certificates 2016-10-03 20:34:28 -04:00
vishalnayak
437ddeaadc aws-ec2 config endpoints support type option to distinguish certs 2016-10-03 20:25:07 -04:00
vishalnayak
5235b9899a Added docs for reading and deleting username 2016-09-30 16:13:57 -04:00
vishalnayak
6b0be2d5c4 Added user listing endpoint to userpass docs 2016-09-30 15:47:33 -04:00
Vishal Nayak
adf868d3a0 Merge pull request #1947 from hashicorp/secret-id-lookup-delete 
Introduce lookup and destroy endpoints for secret IDs and its accessors
 2016-09-29 10:19:54 -04:00
vishalnayak
d672d3c5dc Added website docs for lookup and destroy APIs 2016-09-28 22:11:48 -04:00
Michael S. Fischer
e6b39d4b3f Update documentation for required AWS API permissions 
In order for Vault to map IAM instance profiles to roles, Vault
must query the 'iam:GetInstanceProfile' API, so update the documentation
and help to include the additional permissions needed.
 2016-09-28 16:50:20 -07:00
Jeff Mitchell
c748ff322f Change default TTL from 30 to 32 to accommodate monthly operations (#1942) 2016-09-28 18:32:49 -04:00
vishalnayak
d178d1d26d Remove a mistyped character 2016-09-28 18:30:49 -04:00
vishalnayak
1887fbcd7f Check for prefix match instead of exact match for IAM bound parameters 2016-09-28 18:08:28 -04:00
Vishal Nayak
692bbc0a12 Merge pull request #1913 from hashicorp/bound-iam-instance-profile-arn 
Proper naming for bound_iam_instance_profile_arn
 2016-09-28 15:34:56 -04:00
Vishal Nayak
92cb781be9 Merge pull request #1910 from hashicorp/secret-id-cidr-list 
CIDR restrictions on Secret ID
 2016-09-26 10:22:48 -04:00
vishalnayak
a83acd402e Update docs to contain bound_iam_role_arn 2016-09-26 09:37:38 -04:00
vishalnayak
0d79363b1d Update website for bound_iam_instance_profile_arn 2016-09-23 11:23:59 -04:00
vishalnayak
8ce3fa75ba Store the CIDR list in the secret ID storage entry. 
Use the stored information to validate the source address and credential issue time.
Correct the logic used to verify BoundCIDRList on the role.
Reverify the subset requirements between secret ID and role during credential issue time.
 2016-09-21 20:19:26 -04:00
Jeff Mitchell
425a07ce87 Update docs to reflect that there is more than one constraint for EC2 now 2016-09-20 16:11:32 -04:00
Carlo Cabanilla
15001218e3 fix shell quoting (#1904) 
$() doesnt get evaluated in single quotes, so you need to break out of it first
 2016-09-19 17:11:16 -04:00
Vishal Nayak
5d25f8046e Merge pull request #1892 from hashicorp/role-tag-defaults 
Specify that role tags are not tied to an instance by default
 2016-09-15 12:04:41 -04:00
vishalnayak
e9c8555d12 Updated docs with nonce usage 2016-09-14 19:31:09 -04:00
vishalnayak
1499f21947 Address review feedback 2016-09-14 16:06:38 -04:00
vishalnayak
990402c41a Address review feedback 2016-09-14 15:13:54 -04:00
vishalnayak
79e8d83003 Clarify that tags can be used on all instances that satisfies constraints 2016-09-14 14:55:09 -04:00
vishalnayak
36bf0a25a5 Specify that role tags are not tied to an instance by default 2016-09-14 14:49:18 -04:00
vishalnayak
2de4c8bef2 Generate the nonce by default 2016-09-14 14:28:02 -04:00
vishalnayak
166d67c0a8 Ensure at least one constraint on the role 2016-09-13 16:03:15 -04:00
AJ Bourg
c3bc1f0689 Small change: Fix permission vault requires. 
Vault requires ec2:DescribeInstances, not ec2:DescribeInstance. (the
non-plural form doesn't exist)
 2016-09-12 14:38:10 -06:00
Jeff Mitchell
f02bde7c78 Fix headers in aws-ec2 doc. 2016-08-30 11:53:21 -04:00
Adam Greene
d57fe391f2 fix aws-ec2 formatting around ttl (#1770) 2016-08-23 16:07:57 -04:00
Karl Falconer
fff006bd91 [Documentation] AppRole /login is unauthenticated (#1771) 2016-08-23 16:03:36 -04:00
Jeff Mitchell
58611de06d Swap push/pull. 2016-08-22 19:34:53 -04:00
vishalnayak
1a62fb64c2 Seperate endpoints for read/delete using secret-id and accessor 2016-08-21 14:42:49 -04:00
Jeff Mitchell
826146f9e8 Initial fixups, not yet done 2016-08-20 22:39:41 -04:00
Martin Forssen
7f25a25301 Mention ttl parameter in the documentation of /auth/aws-ec2/role/<role> 
This parameter was not documented
 2016-08-18 13:16:58 +02:00
Matt Hurne
587b481a29 AppRole documentation tweaks (#1735) 
* Fix spelling error in AppRole docs

* Add force flag to sample command to generate a secret ID in AppRole docs

* Update sample output for AppRole login in docs
 2016-08-15 16:12:08 -04:00
Jeff Mitchell
207d16bf8b Don't allow root from authentication backends either. 
We've disabled this in the token store, but it makes no sense to have
that disabled but have it enabled elsewhere. It's the same issue across
all, so simply remove the ability altogether.
 2016-08-08 17:32:37 -04:00
vishalnayak
3496bf8f16 disallowed_policies doc update 2016-08-02 16:33:22 -04:00
Jeff Mitchell
a3069be5d5 Fix up some wording 2016-08-02 16:25:00 -04:00
vishalnayak
bc4533695c Updated token auth docs with disallowed_policies 2016-08-02 15:33:03 -04:00
Jeff Mitchell
181f90e015 Alphabetize token store docs 2016-08-01 13:37:12 -04:00
Jeff Mitchell
140351733a Add some extra safety checking in accessor listing and update website 
docs.
 2016-08-01 13:12:06 -04:00
Chris Hoffman
49aff132ec Preferred method is AppRole since AppId is now deprecated 2016-07-28 14:32:20 -04:00
Adam Greene
0e73baae5d documentation cleanup 2016-07-27 10:43:59 -07:00
Jeff Mitchell
67c501309e Add deprecation notices for App ID 2016-07-26 10:08:46 -04:00
vishalnayak
59930fda8f AppRole authentication backend 2016-07-26 09:32:41 -04:00
Oren Shomron
005cb3e042 LDAP Auth Backend Overhaul 
--------------------------

Added new configuration option to ldap auth backend - groupfilter.
GroupFilter accepts a Go template which will be used in conjunction with
GroupDN for finding the groups a user is a member of. The template will
be provided with context consisting of UserDN and Username.

Simplified group membership lookup significantly to support multiple use-cases:
  * Enumerating groups via memberOf attribute on user object
  * Previous default behavior of querying groups based on member/memberUid/uniqueMember attributes
  * Custom queries to support nested groups in AD via LDAP_MATCHING_RULE_IN_CHAIN matchind rule

There is now a new configuration option - groupattr - which specifies
how to resolve group membership from the objects returned by the primary groupfilter query.

Additional changes:
  * Clarify documentation for LDAP auth backend.
  * Reworked how default values are set, added tests
  * Removed Dial from LDAP config read. Network should not affect configuration.
 2016-07-22 21:20:05 -04:00