* Support trimming trailing slashes via a mount tuneable to support CMPv2
* changelog/
* Perform trimming in handleLoginRequest too
* Eagerly fetch the mount entry so we only test this once
* Add a mount match function that gets path and entry
* Update vault/request_handling.go
Co-authored-by: Steven Clark <steven.clark@hashicorp.com>
* more docs
* Some patches (from ENT) didnt apply
* patch fail
* Update vault/router.go
Co-authored-by: Steven Clark <steven.clark@hashicorp.com>
* PR feedback
* dupe
* another dupe
* Add support for enabling trim_request_trailing_slashes on mount creation
* Fix read mount api returning configuration for trim_request_trailing_slashes
* Fix test assertion
* Switch enable and tune arguments to BoolPtrVal to allow end-users to specify false flag
* Add trim-request-trailing-slashes to the auth enable API and CLI
---------
Co-authored-by: Steven Clark <steven.clark@hashicorp.com>
* Docs: VAULT_DISABLE_REDIRECTS added further clarity
Added limit to HTTP redirects - where the current text does not explicitly call out that only a single redirect will be followed.
* corrected typo
* Update website/content/docs/commands/index.mdx
Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com>
---------
Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com>
* Add missing delegated_auth_accessors config field to /sys/mounts/<path> response
- The field hadn't been properly populated in the JSON struct being returned
through the API response, but had been properly set in the stored structs
in the backend.
- Add missing update to the command tune docs for the -delegated-auth-accessors
option that existed
- Add -delegated-auth-accessors to the secret enable vault command along with
a docs update
* Add cl
* Fix documentation, using a comma separated list does not work
* Apply suggestions from code review
Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com>
* Drop plural on doc update
---------
Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com>
* Replace 'HCP Vault' with 'HCP Vault Dedicated'
* Replace 'HCP Vault' with 'HCP Vault Dedicated' where applicable
* Replace 'Terraform Cloud' with 'HCP Terraform'
* Minor format fixes
* Update the side-nav title to 'HCP Terraform'
* Undo changes to Terraform Cloud secrets engine
* Start import docs
* Use hideClipboard block on output
* Reorganize mappings and source docs
* Change experimental to alpha
* Change list tag to alpha
* Apply suggestions from code review
---------
Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com>
* Extra information about how to escape an @ as the first char in kv value
* Update website/content/docs/commands/index.mdx
Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com>
---------
Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com>
This removes the WebSockets endpoint for events
(which will be moved to the Enterprise repo) and
disables tests that rely on it unless they are
running in Enterprise.
It also updates documentation to document that
events are only available in Vault Enterprise.
* docs(web repl): add initial docs about the UI REPL
* feature(repl): add link to the new docs in the REPL
* chore(repl): Web CLI or Broweser CLI -> Web REPL
* Use Hds::Link::Inline instead of DocLink
Co-authored-by: claire bontempo <68122737+hellobontempo@users.noreply.github.com>
* Update ui/app/templates/components/console/ui-panel.hbs
Co-authored-by: claire bontempo <68122737+hellobontempo@users.noreply.github.com>
* Update website/content/docs/commands/web.mdx
Co-authored-by: claire bontempo <68122737+hellobontempo@users.noreply.github.com>
* Update website/content/docs/commands/web.mdx
Co-authored-by: claire bontempo <68122737+hellobontempo@users.noreply.github.com>
* Fix typos and update phrasing.
Co-authored-by: claire bontempo <68122737+hellobontempo@users.noreply.github.com>
* docs(web repl): add a refrence to the repl docs on the ui config page
* Update KV version 2 reference
Co-authored-by: Chelsea Shaw <82459713+hashishaw@users.noreply.github.com>
* fix linting
---------
Co-authored-by: claire bontempo <68122737+hellobontempo@users.noreply.github.com>
Co-authored-by: Chelsea Shaw <82459713+hashishaw@users.noreply.github.com>
* VAULT-21427 change ui references from K/V to KV
* references in docs/
* website json data
* go command errors
* replace Key/Value with Key Value
* add changelog
* update test
* update secret list header badge
* two more test updates
* Added `vault operator raft snapshot inspect` usage
* Update website/content/docs/commands/operator/raft.mdx
Forcing suggestion commit so we can merge and publish the changes.
---------
Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com>
* fix -log-file so that it uses the correct name and only adds timestamps on rotation
* added some tests for naming/rotation
* changelog
* revert to previous way of getting created time
* remove unused stat
* comment shuffle
* Update changelog/24297.txt
Co-authored-by: Violet Hynes <violet.hynes@hashicorp.com>
* Update website/content/docs/agent-and-proxy/agent/index.mdx
Update 'agent' docs page
Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com>
* Update website/content/docs/agent-and-proxy/proxy/index.mdx
Update 'proxy' docs page
Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com>
* Update website/content/docs/commands/server.mdx
Update 'server' docs page
Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com>
* fix typos
---------
Co-authored-by: Violet Hynes <violet.hynes@hashicorp.com>
Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com>
* Pulls in github.com/go-secure-stdlib/plugincontainer@v0.3.0 which exposes a new `Config.Rootless` option to opt in to extra container configuration options that allow establishing communication with a non-root plugin within a rootless container runtime.
* Adds a new "rootless" option for plugin runtimes, so Vault needs to be explicitly told whether the container runtime on the machine is rootless or not. It defaults to false as rootless installs are not the default.
* Updates `run_config.go` to use the new option when the plugin runtime is rootless.
* Adds new `-rootless` flag to `vault plugin runtime register`, and `rootless` API option to the register API.
* Adds rootless Docker installation to CI to support tests for the new functionality.
* Minor test refactor to minimise the number of test Vault cores that need to be made for the external plugin container tests.
* Documentation for the new rootless configuration and the new (reduced) set of restrictions for plugin containers.
* As well as adding rootless support, we've decided to drop explicit support for podman for now, but there's no barrier other than support burden to adding it back again in future so it will depend on demand.
* Fix formatting issue within pki health-check cli
- Missing a ``` within the CRL validity period which caused a bunch of sections to be collected within the box
- One shell session was shifted over too much in the Too many certificates section
* Add missing '$' in front of the command
* Reorder pki entry in nav bar and add more missing $ in vault commands
---------
Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>
* add a test to show the bug
* do not output a "Success!" message if a specific field was requested
* Create 21545.txt
* Fix changelog name
---------
Co-authored-by: Violet Hynes <violet.hynes@hashicorp.com>
Updating the vault leader step down documentation to include some extra info about possible failed requests during leader step down
* Add changelog.txt
* Update website/content/docs/commands/operator/step-down.mdx
Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com>
* Major overhaul of `vault operator generate-root` CLI help
Resolves#15252
A major overhaul of the `vault operator generate-root` CLI help to
surface the fact that it is actually six separate commands in one,
rather than requiring users to independently deduce this mental model
themselves.
In the process of doing so, also standardize some terminology:
* Fix places which used the phrase "operational token" instead of
"operation token" to be consistent with the prevailing terminology.
* Fix places which used the phrase "recovery operation token" instead of
"recovery token" to be consistent with the prevailing terminology.
This PR currently focusses on the CLI help, but following review and
feedback, I assume I'll need to replicate many of the same changes in
website/content/docs/commands/operator/generate-root.mdx as well.
* Fix some tab characters which should have been spaces
* Update command/operator_generate_root.go
---------
Co-authored-by: Violet Hynes <violet.hynes@hashicorp.com>
* Update docs for new 1.14 ACME health checks
* Remove wording about informational warning only
- The health check can report back warnings if permissions are an issue
or if the local cluster configuration is missing.
