mirrors/vault
1
0
Fork 0
mirror of https://github.com/hashicorp/vault.git synced 2025-08-17 12:07:02 +02:00
Code Issues Projects Releases Wiki Activity
7,543 Commits 2,844 Branches 445 Tags 454 MiB
29551c0b1b
Commit Graph

268 Commits

Author SHA1 Message Date
Mitch Davis
a20815972c Use service bind for searching LDAP groups (#2534) 
Fixes #2387
 2017-04-18 15:52:05 -04:00
Pavel Timofeev
e2d3a06234 Ldap auth doc fix (#2568) 
* Move url parameter to the next line and fix a typo

* Add userdn paramater to the Scenario 1.
Without userdn set Vault can't search with error like

Code: 400. Errors:

* LDAP search failed for detecting user: LDAP Result Code 32 "No Such Object": 0000208D: NameErr: DSID-031001E5, problem 2001 (NO_OBJECT), data 0, best match of:
        ''
 2017-04-05 08:29:38 -07:00
vishalnayak
b228f5eb0f docs: aws-ec2: link sts configuration from cross account access 2017-03-28 14:34:21 -07:00
Jeff Mitchell
7e17de7cf3 Fix AWS-EC2 sts/certificate typo 
Fixes #2512
 2017-03-21 13:29:40 -04:00
Seth Vargo
a8591fbd81
Links 2017-03-17 14:27:32 -04:00
Seth Vargo
d873469210
Use relative links 2017-03-16 12:04:36 -07:00
Vishal Nayak
f4d74fe4cc AppRole: Support restricted use tokens (#2435) 
* approle: added token_num_uses to the role

* approle: added RUD tests for token_num_uses on role

* approle: doc: added token_num_uses
 2017-03-03 09:31:20 -05:00
Vishal Nayak
241835b6f4 Aws Ec2 additional binds for SubnetID, VpcID and Region (#2407) 
* awsec2: Added bound_region

* awsec2: Added bound_subnet_id and bound_vpc_id

* Add bound_subnet_id and bound_vpc_id to docs

* Remove fmt.Printf

* Added crud test for aws ec2 role

* Address review feedback
 2017-02-24 14:19:10 -05:00
vishalnayak
ff7a1a810b awsec2: markdown text alignment 2017-02-23 14:52:38 -05:00
Vishal Nayak
fbcb52aafa aws-ec2 auth: fix docs (#2375) 2017-02-15 06:29:27 -05:00
Jeff Mitchell
c01d394a8d Add support for backup/multiple LDAP URLs. (#2350) 2017-02-08 14:59:24 -08:00
Matteo Sessa
cb293e3e23 RADIUS Authentication Backend (#2268) 2017-02-07 16:04:27 -05:00
Brian Vans
32d5d88119 Fixing a few typos in the docs (#2344) 2017-02-07 11:55:29 -05:00
Jeff Mitchell
487a96fa17 Fix incorrect sample URL in aws-ec2 docs 2017-02-04 19:27:35 -05:00
Vishal Nayak
660e606a7d awsec2: support periodic tokens (#2324) 
* awsec2: support periodic tokens

* awsec2: add api docs for 'period'
 2017-02-02 13:28:01 -05:00
louism517
b548e2860c Support for Cross-Account AWS Auth (#2148) 2017-02-01 14:16:03 -05:00
Shane Starcher
a0b5eecc6d Okta implementation (#1966) 2017-01-26 19:08:52 -05:00
Chris Hoffman
7e89d506bc Fixing a few incorrect entries 2017-01-24 11:08:58 -05:00
Chris Hoffman
fb6f509df5 Adding LDAP API reference and misc docs formatting issues 2017-01-23 22:08:08 -05:00
Vishal Nayak
b706ec9506 ldap: Minor enhancements, tests and doc update (#2272) 2017-01-23 10:56:43 -05:00
Vishal Nayak
c43a7ceb57 tokenStore: document the 'period' field (#2267) 2017-01-18 17:25:52 -05:00
Raja Nadar
c5a059743b fix lookup-self response json 
reflect the true 0.6.4 response.
 2017-01-10 23:19:49 -08:00
Jeff Mitchell
ebfba76f98 Remove documenting that the token to revoke can be part of the URL as (#2250) 
this should never be used and only remains for backwards compat.

Fixes #2248
 2017-01-09 22:09:29 -05:00
Stenio Ferreira
e9519ebd26 Fixed docs - auth backend aws had a typo on API example (#2211) 2016-12-28 11:41:50 -06:00
Brian Nuszkowski
fed61f6c12 Add Duo pushinfo capabilities (#2118) 2016-12-19 15:37:44 -05:00
Vishal Nayak
42e133b0a8 TokenStore: Added tidy endpoint (#2192) 2016-12-16 15:29:27 -05:00
Vishal Nayak
b4011f7129 Don't add default policy to child token if parent does not have it (#2164) 2016-12-16 00:36:39 -05:00
vishesh92
577366ad9a Fix aws auth login example (#2122) 2016-12-01 10:17:08 -08:00
Brian Nuszkowski
4a5ecd5d6c Disallow passwords LDAP binds by default (#2103) 2016-12-01 10:11:40 -08:00
Daniel Somerfield
c33484c147 Added document to github auth backend covering user-specific policies. (#2084) 2016-11-11 08:59:26 -05:00
Jacob Crowther
ba4420d06b Specify the value of "generated secrets" (#2066) 
This small change is to specify (mostly for new users) that only dynamic secrets are revoked when running revoke-self.
 2016-11-07 15:02:23 -05:00
vishalnayak
e2a5881bc4 s/localhost/127.0.0.1 in approle docs 2016-10-28 09:46:39 -04:00
vishalnayak
52419be7c9 s/localhost/127.0.0.1 2016-10-28 09:23:05 -04:00
vishalnayak
81410d7bc4 Using AppRole as an example. Removed 'root' policy being used in examples 2016-10-28 01:24:25 -04:00
Brian Fallik
84f1995e97 Update aws-ec2.html.md 
fix minor typo
 2016-10-26 15:40:40 -04:00
vishalnayak
174aa4adb1 Update github login output in the docs 2016-10-14 22:39:56 -04:00
Mark Paluch
7652e18aea Use POST method for destroy operations in documentation 
Use POST method as most clients (including Vault cli) cannot send a body when using the DELETE HTTP method.
 2016-10-11 17:12:07 +02:00
Vishal Nayak
a72b7698bb Merge pull request #1961 from hashicorp/aws-ec2-auth-rsa-signature 
aws-ec2-auth using identity doc and RSA digest
 2016-10-04 15:45:12 -04:00
vishalnayak
4e471c41fb Minor doc updates 2016-10-04 15:46:09 -04:00
vishalnayak
84c8caefca Address review feedback 2016-10-04 15:05:44 -04:00
vishalnayak
dda2e81895 Add only relevant certificates 2016-10-03 20:34:28 -04:00
vishalnayak
437ddeaadc aws-ec2 config endpoints support type option to distinguish certs 2016-10-03 20:25:07 -04:00
vishalnayak
5235b9899a Added docs for reading and deleting username 2016-09-30 16:13:57 -04:00
vishalnayak
6b0be2d5c4 Added user listing endpoint to userpass docs 2016-09-30 15:47:33 -04:00
Vishal Nayak
adf868d3a0 Merge pull request #1947 from hashicorp/secret-id-lookup-delete 
Introduce lookup and destroy endpoints for secret IDs and its accessors
 2016-09-29 10:19:54 -04:00
vishalnayak
d672d3c5dc Added website docs for lookup and destroy APIs 2016-09-28 22:11:48 -04:00
Michael S. Fischer
e6b39d4b3f Update documentation for required AWS API permissions 
In order for Vault to map IAM instance profiles to roles, Vault
must query the 'iam:GetInstanceProfile' API, so update the documentation
and help to include the additional permissions needed.
 2016-09-28 16:50:20 -07:00
Jeff Mitchell
c748ff322f Change default TTL from 30 to 32 to accommodate monthly operations (#1942) 2016-09-28 18:32:49 -04:00
vishalnayak
d178d1d26d Remove a mistyped character 2016-09-28 18:30:49 -04:00
vishalnayak
1887fbcd7f Check for prefix match instead of exact match for IAM bound parameters 2016-09-28 18:08:28 -04:00
Vishal Nayak
692bbc0a12 Merge pull request #1913 from hashicorp/bound-iam-instance-profile-arn 
Proper naming for bound_iam_instance_profile_arn
 2016-09-28 15:34:56 -04:00
Vishal Nayak
92cb781be9 Merge pull request #1910 from hashicorp/secret-id-cidr-list 
CIDR restrictions on Secret ID
 2016-09-26 10:22:48 -04:00
vishalnayak
a83acd402e Update docs to contain bound_iam_role_arn 2016-09-26 09:37:38 -04:00
vishalnayak
0d79363b1d Update website for bound_iam_instance_profile_arn 2016-09-23 11:23:59 -04:00
vishalnayak
8ce3fa75ba Store the CIDR list in the secret ID storage entry. 
Use the stored information to validate the source address and credential issue time.
Correct the logic used to verify BoundCIDRList on the role.
Reverify the subset requirements between secret ID and role during credential issue time.
 2016-09-21 20:19:26 -04:00
Jeff Mitchell
425a07ce87 Update docs to reflect that there is more than one constraint for EC2 now 2016-09-20 16:11:32 -04:00
Carlo Cabanilla
15001218e3 fix shell quoting (#1904) 
$() doesnt get evaluated in single quotes, so you need to break out of it first
 2016-09-19 17:11:16 -04:00
Vishal Nayak
5d25f8046e Merge pull request #1892 from hashicorp/role-tag-defaults 
Specify that role tags are not tied to an instance by default
 2016-09-15 12:04:41 -04:00
vishalnayak
e9c8555d12 Updated docs with nonce usage 2016-09-14 19:31:09 -04:00
vishalnayak
1499f21947 Address review feedback 2016-09-14 16:06:38 -04:00
vishalnayak
990402c41a Address review feedback 2016-09-14 15:13:54 -04:00
vishalnayak
79e8d83003 Clarify that tags can be used on all instances that satisfies constraints 2016-09-14 14:55:09 -04:00
vishalnayak
36bf0a25a5 Specify that role tags are not tied to an instance by default 2016-09-14 14:49:18 -04:00
vishalnayak
2de4c8bef2 Generate the nonce by default 2016-09-14 14:28:02 -04:00
vishalnayak
166d67c0a8 Ensure at least one constraint on the role 2016-09-13 16:03:15 -04:00
AJ Bourg
c3bc1f0689 Small change: Fix permission vault requires. 
Vault requires ec2:DescribeInstances, not ec2:DescribeInstance. (the
non-plural form doesn't exist)
 2016-09-12 14:38:10 -06:00
Jeff Mitchell
f02bde7c78 Fix headers in aws-ec2 doc. 2016-08-30 11:53:21 -04:00
Adam Greene
d57fe391f2 fix aws-ec2 formatting around ttl (#1770) 2016-08-23 16:07:57 -04:00
Karl Falconer
fff006bd91 [Documentation] AppRole /login is unauthenticated (#1771) 2016-08-23 16:03:36 -04:00
Jeff Mitchell
58611de06d Swap push/pull. 2016-08-22 19:34:53 -04:00
vishalnayak
1a62fb64c2 Seperate endpoints for read/delete using secret-id and accessor 2016-08-21 14:42:49 -04:00
Jeff Mitchell
826146f9e8 Initial fixups, not yet done 2016-08-20 22:39:41 -04:00
Martin Forssen
7f25a25301 Mention ttl parameter in the documentation of /auth/aws-ec2/role/<role> 
This parameter was not documented
 2016-08-18 13:16:58 +02:00
Matt Hurne
587b481a29 AppRole documentation tweaks (#1735) 
* Fix spelling error in AppRole docs

* Add force flag to sample command to generate a secret ID in AppRole docs

* Update sample output for AppRole login in docs
 2016-08-15 16:12:08 -04:00
Jeff Mitchell
207d16bf8b Don't allow root from authentication backends either. 
We've disabled this in the token store, but it makes no sense to have
that disabled but have it enabled elsewhere. It's the same issue across
all, so simply remove the ability altogether.
 2016-08-08 17:32:37 -04:00
vishalnayak
3496bf8f16 disallowed_policies doc update 2016-08-02 16:33:22 -04:00
Jeff Mitchell
a3069be5d5 Fix up some wording 2016-08-02 16:25:00 -04:00
vishalnayak
bc4533695c Updated token auth docs with disallowed_policies 2016-08-02 15:33:03 -04:00
Jeff Mitchell
181f90e015 Alphabetize token store docs 2016-08-01 13:37:12 -04:00
Jeff Mitchell
140351733a Add some extra safety checking in accessor listing and update website 
docs.
 2016-08-01 13:12:06 -04:00
Chris Hoffman
49aff132ec Preferred method is AppRole since AppId is now deprecated 2016-07-28 14:32:20 -04:00
Adam Greene
0e73baae5d documentation cleanup 2016-07-27 10:43:59 -07:00
Jeff Mitchell
67c501309e Add deprecation notices for App ID 2016-07-26 10:08:46 -04:00
vishalnayak
59930fda8f AppRole authentication backend 2016-07-26 09:32:41 -04:00
Oren Shomron
005cb3e042 LDAP Auth Backend Overhaul 
--------------------------

Added new configuration option to ldap auth backend - groupfilter.
GroupFilter accepts a Go template which will be used in conjunction with
GroupDN for finding the groups a user is a member of. The template will
be provided with context consisting of UserDN and Username.

Simplified group membership lookup significantly to support multiple use-cases:
  * Enumerating groups via memberOf attribute on user object
  * Previous default behavior of querying groups based on member/memberUid/uniqueMember attributes
  * Custom queries to support nested groups in AD via LDAP_MATCHING_RULE_IN_CHAIN matchind rule

There is now a new configuration option - groupattr - which specifies
how to resolve group membership from the objects returned by the primary groupfilter query.

Additional changes:
  * Clarify documentation for LDAP auth backend.
  * Reworked how default values are set, added tests
  * Removed Dial from LDAP config read. Network should not affect configuration.
 2016-07-22 21:20:05 -04:00
Jeff Mitchell
f16992d6fa Merge pull request #1613 from skippy/update-aws-ec2-docs 
[Docs] aws-ec2 -- note IAM action requirement
 2016-07-18 10:40:38 -04:00
Jeff Mitchell
2dc001b388 Merge pull request #1589 from skippy/patch-2 
[Docs] aws-ec2 -- clarify aws public cert is already preloaded
 2016-07-18 10:02:35 -04:00
Adam Greene
72bd7db1e7 [Docs] aws-ec2 -- note IAM action requirement 2016-07-13 15:52:47 -07:00
Adam Greene
71ad0989ac english tweaks 2016-07-13 15:11:01 -07:00
Eric Herot
1a2b13c204 Pretty sure the method to delete a token role is not GET 2016-07-07 13:54:20 -04:00
Adam Greene
7d5209c251 Update aws-ec2.html.md 
per #1582, updating the docs to include notes about pkcs#7 handling, specifically that aws returns the pkcs#7 cert with newlines and that they need to be stripped before sending them to the login endpoint
 2016-07-05 13:21:56 -07:00
Adam Greene
4ce975bb36 Update aws-ec2.html.md 
clarify, and make more explicit, the language around the default AWS public certificate
 2016-07-05 13:14:29 -07:00
vishalnayak
664104af3a Merge branch 'master-oss' into bind-account-id-aws-ec2 
Conflicts:
	website/source/docs/auth/aws-ec2.html.md
 2016-06-17 12:41:21 -04:00
Martin Forssen
84c396f6fa Fixed a number of spelling errors in aws-ec2.html.md 2016-06-15 13:32:36 +02:00
vishalnayak
0d3973b1fa Merge branch 'master-oss' into bind-account-id-aws-ec2 
Conflicts:
	builtin/credential/aws-ec2/backend_test.go
	builtin/credential/aws-ec2/path_login.go
	builtin/credential/aws-ec2/path_role.go
 2016-06-14 14:46:08 -04:00
Ivan Fuyivara
6fd7e798c8 added tests, nil validations and doccumentation 2016-06-14 16:58:50 +00:00
vishalnayak
baac0975ea Added bound_account_id to aws-ec2 auth backend 2016-06-14 11:58:19 -04:00
Jon Benson
1e61184085 Update aws-ec2.html.md 2016-06-09 23:08:08 -07:00
vishalnayak
4e38509ac2 s/VAULT_GITHUB_AUTH_TOKEN/VAULT_AUTH_GITHUB_TOKEN 2016-06-09 14:00:56 -04:00
vishalnayak
0bea4ff7ff Added VAULT_GITHUB_AUTH_TOKEN env var to receive GitHub auth token 2016-06-09 13:45:56 -04:00