mirrors/vault
1
0
Fork 0
mirror of https://github.com/hashicorp/vault.git synced 2025-08-16 19:47:02 +02:00
Code Issues Projects Releases Wiki Activity
10,305 Commits 2,843 Branches 445 Tags 454 MiB
9be1128201
Commit Graph

128 Commits

Author SHA1 Message Date
Jeff Mitchell
ce81df0ba2 Remove vault.rocks from some that were missed 2018-07-10 10:47:30 -04:00
Becca Petrin
b3a711d717 Add bound cidrs to tokens in AppRole (#4680) 2018-06-19 22:57:11 -04:00
Becca Petrin
fe3404ad46
clarify aws role tag doc (#4797) 2018-06-19 15:59:57 -07:00
Jeff Mitchell
56cb1e05a9
Update index.html.md 
Fixes #4763
 2018-06-14 10:19:38 -04:00
Becca Petrin
71fb24e5ac add userpass note on bound cidrs (#4610) 2018-05-25 14:35:09 -04:00
Jeff Mitchell
c4f8a3a5c3 Changelogify and fix some minor website bits 2018-05-25 10:39:23 -04:00
Nicholas Jackson
61e0eda70c Breakout parameters for x.509 certificate login (#4463) 2018-05-25 10:34:46 -04:00
Kevin Paulisse
7a6777b41a Docs: Clarify that revoking token revokes dynamic secrets (#4592) 2018-05-18 23:27:53 -07:00
Jeff Mitchell
2f97c3017f Flip documented resolve_aws_unique_id value 
Fixes #4583
 2018-05-18 12:05:52 -04:00
Jeff Mitchell
9a9638c93d Update website ldap url text 2018-05-16 11:58:10 -04:00
Becca Petrin
df4b650e61
Restrict cert auth by CIDR (#4478) 2018-05-09 15:39:55 -07:00
Nándor István Krácser
420a9b9321 Fix mapping read paths (#4448) 2018-04-25 09:22:30 -04:00
vishalnayak
4222df38c6 Merge branch 'master-oss' into approle-local-secretid 2018-04-24 16:17:56 -04:00
Brian Shumate
7a5d7713fd Update curl commands / replace invalid '--payload' flag (#4440) 2018-04-24 11:20:29 -04:00
vishalnayak
20c7f20265 error on enable_local_secret_ids update after role creation 2018-04-23 17:05:53 -04:00
vishalnayak
b4f6b6fd31 update docs 2018-04-23 16:54:23 -04:00
Jeff Mitchell
bc0918a350
Add the ability to restrict token usage by IP. Add to token roles. (#4412) 
Fixes #815
 2018-04-21 10:49:16 -04:00
vishalnayak
46d4ded928 docs: update accessor lookup response 2018-04-17 11:52:58 -04:00
vishalnayak
73df4a6f8b docs: update token lookup response 2018-04-17 11:40:00 -04:00
Sohex
f676ca9db7 Update index.html.md (#4372) 
Remove duplicate of max_ttl description from end of period description under create role parameters.
 2018-04-17 11:05:50 -04:00
Jeff Mitchell
a7f604ff91 Fix token store role documentation around explicit max ttl 2018-04-13 09:59:12 -04:00
Jeff Mitchell
266a57fab2
Case insensitive behavior for LDAP (#4238) 2018-04-03 09:52:43 -04:00
Jeff Mitchell
4b45cb7f91 Merge branch 'master-oss' into 0.10-beta 2018-03-27 12:40:30 -04:00
Yoko
e5788b8860
Update Github auth method API reference (#4202) 
* Update Github auth method API reference

* Replaced vault.rocks in API
 2018-03-26 16:56:14 -07:00
Seth Vargo
04708d554c Drop vault.rocks (#4186) 2018-03-23 11:41:51 -04:00
Chris Hoffman
505f0ea495
adding Azure docs (#4185) 
Adding Azure Auth Method docs
 2018-03-22 18:28:42 -04:00
Josh Soref
e43b76ef97 Spelling (#4119) 2018-03-20 14:54:10 -04:00
Jeff Mitchell
9e596fcef2 Update path-help to make clear you shouldn't put things in the URL. 
Remove from website docs as those have been long deprecated.
 2018-03-19 11:50:16 -04:00
Joel Thompson
29551c0b1b Allow non-prefix-matched IAM role and instance profile ARNs in AWS auth backend (#4071) 
* Update aws auth docs with new semantics

Moving away from implicitly globbed bound_iam_role_arn and
bound_iam_instance_profile_arn variables to make them explicit

* Refactor tests to reduce duplication

auth/aws EC2 login tests had the same flow duplicated a few times, so
refactoring to reduce duplication

* Add tests for aws auth explicit wildcard constraints

* Remove implicit prefix matching from AWS auth backend

In the aws auth backend, bound_iam_role_arn and
bound_iam_instance_profile_arn were ALWAYS prefix matched, and there was
no way to opt out of this implicit prefix matching. This now makes the
implicit prefix matching an explicit opt-in feature by requiring users
to specify a * at the end of an ARN if they want the prefix matching.
 2018-03-17 21:24:49 -04:00
Joel Thompson
d349f5b0a7 auth/aws: Allow binding by EC2 instance IDs (#3816) 
* auth/aws: Allow binding by EC2 instance IDs

This allows specifying a list of EC2 instance IDs that are allowed to
bind to the role. To keep style formatting with the other bindings, this
is still called bound_ec2_instance_id rather than bound_ec2_instance_ids
as I intend to convert the other bindings to accept lists as well (where
it makes sense) and keeping them with singular names would be the
easiest for backwards compatibility.

Partially fixes #3797
 2018-03-15 09:19:28 -07:00
Vishal Nayak
1d8baa9b9c
approle: Use TypeCommaStringSlice for BoundCIDRList (#4078) 
* Use TypeCommaStringSlice for Approle bound_cidr_list

* update docs

* Add comments in the test
 2018-03-08 17:49:08 -05:00
Joel Thompson
8a115c73d9 auth/aws: Allow lists in binds (#3907) 
* auth/aws: Allow lists in binds

In the aws auth method, allow a number of binds to take in lists
instead of a single string value. The intended semantic is that, for
each bind type set, clients must match at least one of each of the bind
types set in order to authenticate.
 2018-03-02 11:09:14 -05:00
Vishal Nayak
1deaed2ffe
Verify DNS SANs if PermittedDNSDomains is set (#3982) 
* Verify DNS SANs if PermittedDNSDomains is set

* Use DNSNames check and not PermittedDNSDomains on leaf certificate

* Document the check

* Add RFC link

* Test for success case

* fix the parameter name

* rename the test

* remove unneeded commented code
 2018-02-16 17:42:29 -05:00
Jeff Mitchell
d325b32a9d Update website for AWS client max_retries 2018-02-16 11:13:55 -05:00
Joel Thompson
d4465fdfcd auth/aws: Improve role tag docs as suggested on mailing list (#3915) 
Fixes the ambiguity called out in
https://groups.google.com/forum/#!msg/vault-tool/X3s7YY0An_w/yH0KFQxlBgAJ
 2018-02-12 17:39:17 -05:00
Jeff Mitchell
a9a322aa39
Adds the ability to bypass Okta MFA checks. (#3944) 
* Adds the ability to bypass Okta MFA checks.

Unlike before, the administrator opts-in to this behavior, and is
suitably warned.

Fixes #3872
 2018-02-09 17:03:49 -05:00
Vishal Nayak
4551b9250f docs: Fix the expected type of metadata (#3835) 2018-01-23 16:30:15 -05:00
Brian Shumate
28d6b91fe2 Update API endpoint references for revoke-prefix (#3828) 2018-01-22 18:04:43 -05:00
Josh Giles
2b719ae6cd Support JSON lists for Okta user groups+policies. (#3801) 
* Support JSON lists for Okta user groups+policies.

Migrate the manually-parsed comma-separated string field types for user
groups and user policies to TypeCommaStringSlice. This means user
endpoints now accept proper lists as input for these fields in addition
to comma-separated string values. The value for reads remains a list.

Update the Okta API documentation for users and groups to reflect that
both user group and user/group policy fields are list-valued.

Update the Okta acceptance tests to cover passing a list value for the
user policy field, and require the OKTA_API_TOKEN env var to be set
(required for the "everyone" policy tests to pass).

* Fix typo, add comma-separated docs.
 2018-01-16 18:20:19 -05:00
Jake Scaltreto
2e51b1562b Fix minor typo in word "certificate" (#3783) 2018-01-15 15:52:41 -05:00
Jeff Mitchell
d6552a11cc Merge branch 'master-oss' into sethvargo/cli-magic 2018-01-03 14:02:31 -05:00
Brian Nuszkowski
326e1ab24c Update '/auth/token/revoke-self' endpoint documentation to reflect the proper response code (#3735) 2018-01-03 12:09:43 -05:00
Calvin Leung Huang
40b8314c4d Add period and max_ttl to cert role creation (#3642) 2017-12-18 15:29:45 -05:00
Travis Cosgrave
95328e2fb4 Use Custom Cert Extensions as Cert Auth Constraint (#3634) 2017-12-18 12:53:44 -05:00
Ernest W. Durbin III
a6c0194b68 Correct documentation for Kubernetes Auth Plugin (#3708) 2017-12-18 12:12:08 -05:00
Laura Uva
291edb9746 Update example payload and response for pem_keys field which needs \n after header and before footer in order to be accepted as a valid RSA or ECDSA public key (#3632) 2017-12-04 12:12:58 -05:00
Brian Kassouf
f67feaea20
Add token_reviewer_jwt to the kubernetes docs (#3586) 2017-11-14 13:27:09 -08:00
Paul Pieralde
91d2c05a34 Doc fix for Create/Update Token API (#3548) 
`orphan` is intended to be default to False. Docs indicate this
is default to True. Simple change to update the docs only.
 2017-11-07 18:06:44 -05:00
Joel Thompson
50aa3d9e1f auth/aws: Make disallow_reauthentication and allow_instance_migration mutually exclusive (#3291) 2017-11-06 17:12:07 -05:00
Seth Vargo
50caac0bb6
More naming cleanup 2017-10-24 09:35:03 -04:00
Seth Vargo
e118a16f63
Oops typo 2017-10-24 09:34:30 -04:00
Seth Vargo
94fdc0e7d2
Update k8s documentation 2017-10-24 09:34:12 -04:00
Seth Vargo
b8e4b0d515
Standardize on "auth method" 
This removes all references I could find to:

- credential provider
- authentication backend
- authentication provider
- auth provider
- auth backend

in favor of the unified:

- auth method
 2017-10-24 09:32:15 -04:00
Brendan
6ecbad6c62 Update index.html.md (#3433) 
Fixed typo in json property used to create custom secret_id
 2017-10-11 09:25:43 -04:00
emily
ea412e52b7 add GCP APIs that need to be enabled to GCP auth docs, small doc fixes (#3446) 2017-10-11 09:18:32 -04:00
Nicolas Corrarello
c99b741bed A few simple fixes for the Github API docs (#3432) 2017-10-06 06:13:47 -04:00
Daniel DeFisher
57b8871e58 upgrade ldap api docs to refrect 0.8.3 change to returned json of policies (#3421) 2017-10-04 15:40:28 -04:00
Alex Dadgar
b314c13882 Fix spelling errors (#3390) 2017-09-28 07:54:40 -04:00
Paulo Ribeiro
b8082675e8 Fix grammatical error (#3395) 
Also changed capitalization for consistency.
 2017-09-28 06:28:48 -04:00
Brian Kassouf
539cb262f1 Kubernetes Docs Update (#3386) 
* Update Kubnernetes Docs

* Add a note about alpha clusters on GKE

* Fix JSON formatting

* Update kubernetes.html.md

* Fix a few review comments
 2017-09-27 14:02:18 -07:00
Vishal Nayak
5d805a252e docs: Added certificate deletion operation API (#3385) 2017-09-26 20:28:52 -04:00
Brian Kassouf
4fb3f163ee Kubernetes auth (#3350) 
* Import the kubernetes credential backend

* Add kubernetes docs

* Escape * characters

* Revert "Import the kubernetes credential backend"

This reverts commit f12627a942.

* Update the vendored directory
 2017-09-19 09:27:26 -05:00
emily
08c2e2ce44 Add GCE docs for GCP Auth Backend (#3341) 2017-09-19 07:44:05 -05:00
Bruno Miguel Custódio
14714f399a Fix a few quirks in the GCP auth backend's docs. (#3322) 2017-09-19 07:41:41 -05:00
Chris Hoffman
3aa68c0034 Adding support for base_url for Okta api (#3316) 
* Adding support for base_url for Okta api

* addressing feedback suggestions, bringing back optional group query

* updating docs

* cleaning up the login method

* clear out production flag if base_url is set

* docs updates

* docs updates
 2017-09-15 00:27:45 -04:00
Chris Hoffman
ef89549f11 remove token header from login samples (#3320) 2017-09-11 18:14:05 -04:00
Paul Pieralde
33579a84b4 Fix docs for Certificate authentication (#3301) 
Fix discrepencies in the documentation for TLS Certificate
authentication. The Delete CRL method has a misleading title and
description.
 2017-09-07 10:28:14 -04:00
Jeff Mitchell
4f3dfb22cf Fix compile after dep update 2017-09-05 18:18:34 -04:00
Chris Hoffman
e54a3dbe47 Updating Okta lib for credential backend (#3245) 
* migrating to chrismalek/oktasdk-go Okta library

* updating path docs

* updating bool reference from config
 2017-08-30 22:37:21 -04:00
Joel Thompson
c641938cef auth/aws: Allow wildcard in bound_iam_principal_id (#3213) 2017-08-30 17:51:48 -04:00
djboris9
76e3ffc58f Fix API/AUTH/AppRole doc issue concerning bound_cidr_list (#3205) 
This patch fixes a little documentation issue.
bind_cidr_list doesn't exist as parameter to AppRole creation. It should be "bound_cidr_list".
In "path-help" it is documented correctly.
 2017-08-29 12:37:20 -04:00
Hamza Tümtürk
ae825401e1 Add missing code ending to Sample Payload (#3239) 2017-08-25 12:34:12 -04:00
Chris Hoffman
950eaeea55 fix docs formatting 2017-08-24 11:23:26 -04:00
Chris Hoffman
a7105536d6 Add GET variant on LIST endpoints (#3232) 2017-08-23 17:59:22 -04:00
Paulo Ribeiro
e4c87052ab Fix typo in AppRole API page (#3207) 2017-08-18 10:46:29 -04:00
emily
376bd88479 Initial GCP auth backend documentation (#3167) 2017-08-15 22:03:04 -04:00
Chris Hoffman
7b55c457c7 API Docs updates (#3135) 2017-08-09 11:22:19 -04:00
Chris Hoffman
d60dd42c81 API Docs updates (#3101) 2017-08-08 12:28:17 -04:00