* When support for service tags was added, the only way we had to parse
and dedup a list of strings also forced them to be lowercase. Now there's
another helper func that doesn't smash the case so use that instead.
* update Consul 'service_tag' documentation to include case sensitivity
* added upgrade guide for 1.15
* test for service tags
Co-authored-by: Nick Cabatoff <ncabatoff@hashicorp.com>
Co-authored-by: Peter Wilson <peter.wilson@hashicorp.com>
* Docs: fix inaccurate claim that audit log contains all requests
* I realised there is another category of paths to add
* Unauthenticated requests such as pki/cert/FINGERPRINT are logged
So, remove "authenticated" qualifier.
* Fix sudo paths missing from OpenAPI and docs
Various sudo (a.k.a. root-protected) paths are implemented in
non-standard ways, and as a result:
* are not declared as x-vault-sudo in the OpenAPI spec
* and as a result of that, are not included in the hardcoded patterns
powering the Vault CLI `-output-policy` flag
* and in some cases are missing from the table of all sudo paths in the
docs too
Fix these problems by:
* Adding `seal` and `step-down` to the list of root paths for the system
backend. They don't need to be there for enforcement, as those two
special endpoints bypass the standard request handling code, but they
do need to be there for the OpenAPI generator to be able to know they
require sudo.
The way in which those two endpoints do things differently can be
observed in the code search results for `RootPrivsRequired`:
https://github.com/search?q=repo%3Ahashicorp%2Fvault%20RootPrivsRequired&type=code
* Fix the implementation of `auth/token/revoke-orphan` to implement
endpoint sudo requirements in the standard way. Currently, it has an
**incorrect** path declared in the special paths metadata, and then
compensates with custom code throwing an error within the request
handler function itself.
* changelog
* As discussed in PR, delete test which is just testing equality of a constant
* Restore sudo check as requested, and add comment
* Update vault/token_store.go
Co-authored-by: Anton Averchenkov <84287187+averche@users.noreply.github.com>
---------
Co-authored-by: Anton Averchenkov <84287187+averche@users.noreply.github.com>
* Add naming restriction
* Update website/content/docs/enterprise/namespaces.mdx
Co-authored-by: Jonathan Frappier <92055993+jonathanfrappier@users.noreply.github.com>
* Use sentence case for heading
---------
Co-authored-by: Jonathan Frappier <92055993+jonathanfrappier@users.noreply.github.com>
These don't do anything but reject requests:
> The server will not issue certificates for the identifier:
> role (something) will not issue certificate for name
> xps15.local.cipherboy.com
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
* Add notes on PKI performance and key types
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
* Add ACME Public Internet section
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
* Add note on importance of tidy
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
* Add note on cluster scalability
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
* Add note about server log location
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
* Fix ToC, finish public ACME discussion
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
* Add note on role restrictions and ACLs
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
* Add note on security considerations of ACME
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
* Add consideration note about cluster URLs
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
* Add note on 90 day certificates
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
* Add note about client counts and ACME
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
---------
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
* Update docs for new 1.14 ACME health checks
* Remove wording about informational warning only
- The health check can report back warnings if permissions are an issue
or if the local cluster configuration is missing.
* first pass at docs
Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>
* try to add anchors
Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>
* links didn't work correctly, just remove
Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>
* add partial
Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>
* use new style
Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>
* add to index
Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>
* edit index
Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>
* add config
Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>
* Apply suggestions from code review
Co-authored-by: Anton Averchenkov <84287187+averche@users.noreply.github.com>
* update file name
Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>
* more changes from PR review
Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>
* updated name
Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>
* exec -> process supervisor
* convert to old paragraph markers
Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>
* exec -> process supervisor
* add link
Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>
* exec -> process supervisor
* exec -> process supervisor
* "full stop"
Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>
* little blurb about exit behavior
Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>
* grammar
Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>
* Apply suggestions from code review
* add link
Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>
* expand the config section
* add env_template example
Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>
* expand config description
* fix links
Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>
* config example
* doesn't support anchors?
Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>
* update functionality
* Update website/content/docs/agent-and-proxy/agent/process-supervisor.mdx
Co-authored-by: Daniel Huckins <dhuckins@users.noreply.github.com>
* Update website/content/docs/agent-and-proxy/agent/process-supervisor.mdx
* fix link
* move process supervisor mode in alphabetical order
* reference templating language
---------
Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>
Co-authored-by: Anton Averchenkov <84287187+averche@users.noreply.github.com>
Co-authored-by: Anton Averchenkov <anton.averchenkov@hashicorp.com>
* [docs] Remove beta tag and update example code, add HCP as a supported platform.
* [docs] extend vault secrets operator secret CRD examples (#20913)
* [docs] update helm docs for vso GA (#21150)
* [docs] Add some initial telemetry documentation (#21144)
* [docs] update api reference for VSO (#21153)
---------
Co-authored-by: Thy Ton <maithytonn@gmail.com>
