mirrors/vault
1
0
Fork 0
mirror of https://github.com/hashicorp/vault.git synced 2025-08-16 11:37:04 +02:00
Code Issues Projects Releases Wiki Activity
4,533 Commits 2,843 Branches 445 Tags 454 MiB
c3bc1f0689
Commit Graph

153 Commits

Author SHA1 Message Date
AJ Bourg
c3bc1f0689 Small change: Fix permission vault requires. 
Vault requires ec2:DescribeInstances, not ec2:DescribeInstance. (the
non-plural form doesn't exist)
 2016-09-12 14:38:10 -06:00
Jeff Mitchell
f02bde7c78 Fix headers in aws-ec2 doc. 2016-08-30 11:53:21 -04:00
Adam Greene
d57fe391f2 fix aws-ec2 formatting around ttl (#1770) 2016-08-23 16:07:57 -04:00
Karl Falconer
fff006bd91 [Documentation] AppRole /login is unauthenticated (#1771) 2016-08-23 16:03:36 -04:00
Jeff Mitchell
58611de06d Swap push/pull. 2016-08-22 19:34:53 -04:00
vishalnayak
1a62fb64c2 Seperate endpoints for read/delete using secret-id and accessor 2016-08-21 14:42:49 -04:00
Jeff Mitchell
826146f9e8 Initial fixups, not yet done 2016-08-20 22:39:41 -04:00
Martin Forssen
7f25a25301 Mention ttl parameter in the documentation of /auth/aws-ec2/role/<role> 
This parameter was not documented
 2016-08-18 13:16:58 +02:00
Matt Hurne
587b481a29 AppRole documentation tweaks (#1735) 
* Fix spelling error in AppRole docs

* Add force flag to sample command to generate a secret ID in AppRole docs

* Update sample output for AppRole login in docs
 2016-08-15 16:12:08 -04:00
Jeff Mitchell
207d16bf8b Don't allow root from authentication backends either. 
We've disabled this in the token store, but it makes no sense to have
that disabled but have it enabled elsewhere. It's the same issue across
all, so simply remove the ability altogether.
 2016-08-08 17:32:37 -04:00
vishalnayak
3496bf8f16 disallowed_policies doc update 2016-08-02 16:33:22 -04:00
Jeff Mitchell
a3069be5d5 Fix up some wording 2016-08-02 16:25:00 -04:00
vishalnayak
bc4533695c Updated token auth docs with disallowed_policies 2016-08-02 15:33:03 -04:00
Jeff Mitchell
181f90e015 Alphabetize token store docs 2016-08-01 13:37:12 -04:00
Jeff Mitchell
140351733a Add some extra safety checking in accessor listing and update website 
docs.
 2016-08-01 13:12:06 -04:00
Chris Hoffman
49aff132ec Preferred method is AppRole since AppId is now deprecated 2016-07-28 14:32:20 -04:00
Adam Greene
0e73baae5d documentation cleanup 2016-07-27 10:43:59 -07:00
Jeff Mitchell
67c501309e Add deprecation notices for App ID 2016-07-26 10:08:46 -04:00
vishalnayak
59930fda8f AppRole authentication backend 2016-07-26 09:32:41 -04:00
Oren Shomron
005cb3e042 LDAP Auth Backend Overhaul 
--------------------------

Added new configuration option to ldap auth backend - groupfilter.
GroupFilter accepts a Go template which will be used in conjunction with
GroupDN for finding the groups a user is a member of. The template will
be provided with context consisting of UserDN and Username.

Simplified group membership lookup significantly to support multiple use-cases:
  * Enumerating groups via memberOf attribute on user object
  * Previous default behavior of querying groups based on member/memberUid/uniqueMember attributes
  * Custom queries to support nested groups in AD via LDAP_MATCHING_RULE_IN_CHAIN matchind rule

There is now a new configuration option - groupattr - which specifies
how to resolve group membership from the objects returned by the primary groupfilter query.

Additional changes:
  * Clarify documentation for LDAP auth backend.
  * Reworked how default values are set, added tests
  * Removed Dial from LDAP config read. Network should not affect configuration.
 2016-07-22 21:20:05 -04:00
Jeff Mitchell
f16992d6fa Merge pull request #1613 from skippy/update-aws-ec2-docs 
[Docs] aws-ec2 -- note IAM action requirement
 2016-07-18 10:40:38 -04:00
Jeff Mitchell
2dc001b388 Merge pull request #1589 from skippy/patch-2 
[Docs] aws-ec2 -- clarify aws public cert is already preloaded
 2016-07-18 10:02:35 -04:00
Adam Greene
72bd7db1e7 [Docs] aws-ec2 -- note IAM action requirement 2016-07-13 15:52:47 -07:00
Adam Greene
71ad0989ac english tweaks 2016-07-13 15:11:01 -07:00
Eric Herot
1a2b13c204 Pretty sure the method to delete a token role is not GET 2016-07-07 13:54:20 -04:00
Adam Greene
7d5209c251 Update aws-ec2.html.md 
per #1582, updating the docs to include notes about pkcs#7 handling, specifically that aws returns the pkcs#7 cert with newlines and that they need to be stripped before sending them to the login endpoint
 2016-07-05 13:21:56 -07:00
Adam Greene
4ce975bb36 Update aws-ec2.html.md 
clarify, and make more explicit, the language around the default AWS public certificate
 2016-07-05 13:14:29 -07:00
vishalnayak
664104af3a Merge branch 'master-oss' into bind-account-id-aws-ec2 
Conflicts:
	website/source/docs/auth/aws-ec2.html.md
 2016-06-17 12:41:21 -04:00
Martin Forssen
84c396f6fa Fixed a number of spelling errors in aws-ec2.html.md 2016-06-15 13:32:36 +02:00
vishalnayak
0d3973b1fa Merge branch 'master-oss' into bind-account-id-aws-ec2 
Conflicts:
	builtin/credential/aws-ec2/backend_test.go
	builtin/credential/aws-ec2/path_login.go
	builtin/credential/aws-ec2/path_role.go
 2016-06-14 14:46:08 -04:00
Ivan Fuyivara
6fd7e798c8 added tests, nil validations and doccumentation 2016-06-14 16:58:50 +00:00
vishalnayak
baac0975ea Added bound_account_id to aws-ec2 auth backend 2016-06-14 11:58:19 -04:00
Jon Benson
1e61184085 Update aws-ec2.html.md 2016-06-09 23:08:08 -07:00
vishalnayak
4e38509ac2 s/VAULT_GITHUB_AUTH_TOKEN/VAULT_AUTH_GITHUB_TOKEN 2016-06-09 14:00:56 -04:00
vishalnayak
0bea4ff7ff Added VAULT_GITHUB_AUTH_TOKEN env var to receive GitHub auth token 2016-06-09 13:45:56 -04:00
Jeff Mitchell
4ab63c8232 Merge pull request #1504 from hashicorp/token-store-roles-renewability 
Add renewable flag to token store roles
 2016-06-08 15:56:54 -04:00
Jeff Mitchell
9c6a03ade9 Add renewable flag to token store roles 2016-06-08 15:17:22 -04:00
Jeff Mitchell
15a40fdde5 Add explicit max TTL capability to token creation API 2016-06-08 14:49:48 -04:00
vishalnayak
386abbad9e Address review feedback 2016-06-01 10:36:58 -04:00
vishalnayak
5500df40cb rename aws.html.md as aws-ec2.html.md 2016-05-30 14:11:15 -04:00
vishalnayak
b3ca9cf14b Rename aws as aws-ec2 2016-05-30 14:11:15 -04:00
Vishal Nayak
943789a11e Merge pull request #1300 from hashicorp/aws-auth-backend 
AWS EC2 instances authentication backend
 2016-05-14 19:42:03 -04:00
vishalnayak
b53f0cb624 Rename 'role_name' to 'role' 2016-05-13 14:31:13 -04:00
vishalnayak
4aa01d390a Update docs and path names to the new patterns 2016-05-12 11:45:10 -04:00
Jeff Mitchell
67a746be30 Add explicit maximum TTLs to token store roles. 2016-05-11 16:51:18 -04:00
Jeff Mitchell
50e3f7d40e Merge remote-tracking branch 'origin/master' into aws-auth-backend 2016-05-05 10:04:52 -04:00
Jeff Mitchell
37d425f873 Update website docs re token store role period parsing 2016-05-04 02:17:20 -04:00
vishalnayak
ef83605f58 Change image/ to a more flexible /role endpoint 2016-05-03 23:36:59 -04:00
vishalnayak
7945e4668a Allow custom endpoint URLs to be supplied to make EC2 API calls 2016-05-02 17:21:52 -04:00
Jeff Mitchell
7fd49439f6 Merge branch 'master-oss' into aws-auth-backend 2016-04-29 14:23:16 +00:00