mirrors/vault
1
0
Fork 0
mirror of https://github.com/hashicorp/vault.git synced 2025-08-20 06:01:10 +02:00
Code Issues Projects Releases Wiki Activity
19,721 Commits 2,844 Branches 445 Tags
Commit Graph

101 Commits

Author SHA1 Message Date
Milena Zlaticanin
309d832462
Add AWS Auth WIF docs (#27054) 
* add aws auth wif docs

* update docs

* update docs
 2024-05-23 12:58:08 -07:00
kpcraig
bef178b4a5
Add ExternalID support to AWS Auth STS configuration (#26628) 
* add basic external id support to aws auth sts configuration

---------

Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com>
 2024-05-07 11:10:57 -04:00
preetibhat6
f3e6bf572f
docs/Update cert.mdx (#26165) 
Changed sample request for Configure TLS certificate method from auth/cert/certs/cert1 to auth/cert/config
 2024-05-01 14:09:38 -07:00
thegatsbylofiexperience
5b845c83ff
Add canonicalArn as a entity alias name (#22460) 
* Add canonicalArn as a entity alias name
* Add Canonical Arn to iam_alias documentation
 2024-04-29 15:56:26 -04:00
JMGoldsmith
7b4f6409c6
[DOCS] Updating approle docs and token partial to include batch token prefer… (#26490) 
* updating approle docs and token partial to include batch token preference

* Update website/content/docs/auth/approle.mdx

Co-authored-by: Brian Shumate <brianshumate@users.noreply.github.com>

* Update website/content/partials/tokenstorefields.mdx

Co-authored-by: Brian Shumate <brianshumate@users.noreply.github.com>

* Update website/content/docs/auth/approle.mdx

Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com>

---------

Co-authored-by: Brian Shumate <brianshumate@users.noreply.github.com>
Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com>
 2024-04-19 12:32:12 -04:00
Adrian Todorov
76be7fb832
Clarify the wordinf AWS auth docs around alias source (#26441) 2024-04-16 17:41:40 +01:00
Thy Ton
df477f6404
docs make kubernetes_ca_cert optional on kubernetes auth (#25963) 
---------

Co-authored-by: Ben Ash <32777270+benashz@users.noreply.github.com>
Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com>
 2024-03-27 15:45:43 -07:00
Steven Clark
6fca34eace
Proceed with cert auth login attempts if ocsp_fail_open is true and servers are unreachable (#25982) 2024-03-19 10:39:37 -04:00
Steven Clark
5785191067
Support OCSP responses without NextUpdate field set (#25912) 
* Support OCSP responses without a NextUpdate value set

 - Validate that the ThisUpdate value is
   properly prior to our current time and
   if NextUpdate is set that, ThisUpdate is
   before NextUpdate.
 - If we don't have a value for NextUpdate just compare against ThisUpdate.

* Add ocsp_this_update_max_ttl support to cert auth

 - Allow configuring a maximum TTL of the OCSP response based on the
   ThisUpdate time like OpenSSL does
 - Add test to validate that we don't cache OCSP responses with no NextUpdate

* Add cl

* Add missing ` in docs

* Rename ocsp_this_update_max_ttl to ocsp_this_update_max_age

* Missed a few TTL references

* Fix error message
 2024-03-18 18:12:37 -04:00
Peter Wilson
a311735761
Support pre-hashed passwords with userpass backend (#25862) 
* allows use of pre-hashed passwords with userpass backend

* Remove unneeded error

* Single error check after switch

* use param name quoted in error message

* updated test for quoted param in error

* white space fixes for markdown doc

* More whitespace fixes

* added changelog

* Password/pre-hashed password are only required on 'create' operation

* docs indentation

* Update website/content/docs/auth/userpass.mdx

Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com>

* Updated docs

* Check length of hash too

* Update builtin/credential/userpass/path_user_password_test.go

:)

Co-authored-by: Kuba Wieczorek <kuba.wieczorek@hashicorp.com>

---------

Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com>
Co-authored-by: Kuba Wieczorek <kuba.wieczorek@hashicorp.com>
 2024-03-12 18:16:11 +00:00
Thy Ton
50aa6eea70
docs: add templated policies workflow example to kubernetes auth (#25694) 
---------

Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com>
Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>
 2024-03-01 15:11:14 -08:00
Austin Gebauer
6d4f5df69c
auth/jwt: adds documentation for multi-jwks config parameter (#25503) 
* auth/jwt: adds documentation for multi-jwks config parameter

* updates bound_issuer parameter

* fix link
 2024-02-20 08:49:53 -08:00
Scott Miller
734afbe09e
Cache trusted cert values, invalidating when anything changes (#25421) 
* Cache trusted cert values, invalidating when anything changes

* rename to something more indicative

* defer

* changelog

* Use an LRU cache rather than a static map so we can't use too much memory.  Add docs, unit tests

* Don't add to cache if disabled.  But this races if just a bool, so make the disabled an atomic
 2024-02-15 21:48:30 +00:00
Thy Ton
aab72100fb
add new config option use_annotations_as_alias_metadata for k8s auth on api docs (#24941) 2024-02-01 11:45:53 -08:00
Jakob Beckmann
2a566f40fc
docs(kubernetes-auth): add API documentation for kubernetes auth namespace selectors (#19318) 
Co-authored-by: Thy Ton <maithytonn@gmail.com>
 2024-02-01 11:41:07 -08:00
Stefan Zhelyazkov
f4978b3efd
Updating Vault docs for JWT support of numeric bound_claims (#24921) 
* Add a note that the role name is available as role in entity alias metadata

* Update JWT docs for numeric bound_claims
 2024-01-18 13:57:30 +00:00
Max Winslow
54bfd792be
Sample payload is empty for AWS auth login request in API docs (#24106) 
* Update aws.mdx

* Update aws.mdx
 2024-01-09 12:28:37 -05:00
Thy Ton
2cd8bbaa75
add token_reviewer_jwt_set to resp data on config read example on k8s auth api doc (#24564) 2024-01-04 13:27:49 -05:00
owenzorrin
7df1b64a3d
Update ldap.mdx (#24338) 
add missing use_token_groups parameter

* use_token_groups - (Optional) Use the Active Directory tokenGroups constructed attribute of the user to find the group memberships
https://registry.terraform.io/providers/hashicorp/vault/latest/docs/resources/ldap_auth_backend#use_token_groups
 2023-12-13 15:06:20 -08:00
Sungyoon Jeong
7336cf70ad
docs: fix typo in aws.mdx (#24435) 2023-12-13 12:37:13 -08:00
Skybladev2
d74d920b6e
Fix Read config title level (#23543) 2023-10-09 13:06:18 -07:00
Austin Gebauer
526d0f4502
auth/saml: adds API docs for verbose_logging config (#23370) 2023-09-29 11:15:38 +09:00
Austin Gebauer
e3617218df
auth/saml: adds documentation (#23183) 
* auth/saml: adds documentation

* Update website/content/api-docs/auth/saml.mdx

Co-authored-by: John-Michael Faircloth <fairclothjm@users.noreply.github.com>

* use sentence case for titles

* Update website/content/api-docs/auth/saml.mdx

Co-authored-by: Rémi Lapeyre <remi.lapeyre@lenstra.fr>

* Update website/content/docs/auth/saml.mdx

Co-authored-by: Rémi Lapeyre <remi.lapeyre@lenstra.fr>

* Update website/content/docs/auth/saml.mdx

Co-authored-by: Rémi Lapeyre <remi.lapeyre@lenstra.fr>

* Update website/content/docs/auth/saml.mdx

Co-authored-by: Rémi Lapeyre <remi.lapeyre@lenstra.fr>

* Update website/content/docs/auth/saml.mdx

Co-authored-by: Rémi Lapeyre <remi.lapeyre@lenstra.fr>

* Update website/content/api-docs/auth/saml.mdx

Co-authored-by: Rémi Lapeyre <remi.lapeyre@lenstra.fr>

* Update website/content/api-docs/auth/saml.mdx

Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com>

* Update website/content/api-docs/auth/saml.mdx

Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com>

* Update website/content/api-docs/auth/saml.mdx

Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com>

* Update website/content/api-docs/auth/saml.mdx

Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com>

* Update website/content/api-docs/auth/saml.mdx

Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com>

* Update website/content/api-docs/auth/saml.mdx

Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com>

* Update website/content/api-docs/auth/saml.mdx

Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com>

* Update website/content/api-docs/auth/saml.mdx

Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com>

* Update website/content/api-docs/auth/saml.mdx

Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com>

* fixup technical detail on bound_subjects

* Update website/content/api-docs/auth/saml.mdx

Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com>

* Update website/content/api-docs/auth/saml.mdx

Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com>

* Update website/content/api-docs/auth/saml.mdx

Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com>

* Update website/content/api-docs/auth/saml.mdx

Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com>

* Update website/content/api-docs/auth/saml.mdx

Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com>

* fixup relay state

* Update website/content/api-docs/auth/saml.mdx

Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com>

* Update website/content/docs/auth/saml.mdx

Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com>

* Update website/content/docs/auth/saml.mdx

Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com>

* Update website/content/docs/auth/saml.mdx

Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com>

* Update website/content/docs/auth/saml.mdx

Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com>

* updates wording for bound_attributes

* updates bound_attributes_type

* updates groups_attribute

* lowercase saml entities, add note to unauthenticated APIs

* updates token api description

* adds section for replication configuration

* adds section for namespace config of acs

* use tabs for authentication section

* change word

---------

Co-authored-by: John-Michael Faircloth <fairclothjm@users.noreply.github.com>
Co-authored-by: Rémi Lapeyre <remi.lapeyre@lenstra.fr>
Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com>
 2023-09-27 15:34:43 +09:00
Jason O'Donnell
27d647f97a
Update changelog for auth/azure v0.16.2 (#23059) 
* update changelog for azure v0.16.2

* Add retry docs
 2023-09-13 21:23:01 +00:00
Theron Voran
afd1302cce
docs/k8s-auth: non-JWT tokens are now allowed for token_reviewer_jwt (#22857) 2023-09-08 10:40:29 -07:00
Brian Shumate
614f50de66
Docs: AppRole API docs updates (#19162) 
- Add example response for Read AppRole Secret ID
- Add example response for Read AppRole Secret ID Accessor
 2023-08-17 16:25:06 -07:00
Michael Dempsey
d6b7e5bfa1
Add support for signed GET requests for aws authentication (#10961) 
* Support GET requests for aws-iam

This is required to support presigned requests from aws-sdk-go-v2

* Add GET method tests for aws-iam auth login path

* Update Website Documenation

* Validate GET action even if iam-server header is not set

* Combine URL checks

* Add const amzSignedHeaders to aws credential builtin

* Add test for multiple GET request actions

* Add Changelog Entry

---------

Co-authored-by: Max Coulombe <109547106+maxcoulombe@users.noreply.github.com>
 2023-08-15 15:40:12 -04:00
Raymond Ho
0d0cda43d5
clarify docs in ldap/auth for userfilter (#22210) 2023-08-07 13:13:52 -07:00
Raymond Ho
4f7a8fb494
AWS auth login with multi region STS support (#21960) 2023-07-28 08:42:22 -07:00
Florin Cătălin Țiucra-Popa
24a7d966d5
Update cert.mdx (#22076) 
* Update cert.mdx

Adding the missing parameter `url` for CRL create endpoint.

* Update website/content/api-docs/auth/cert.mdx

Co-authored-by: Steven Clark <steven.clark@hashicorp.com>

* Update cert.mdx

Corrected the duplicate `crl` line.

---------

Co-authored-by: Steven Clark <steven.clark@hashicorp.com>
 2023-07-27 17:09:17 +02:00
Rachel Culpepper
71841c51be
Vault-17911: add support for hex values in oid extension (#21830) 
* add support for hex values in oid extension

* add changelog

* add length check on split and error handling on unmarshal
 2023-07-17 10:58:18 -04:00
Anton Averchenkov
f4f0412b6a
[docs] Convert titles to sentense case (#21426) 
* Convert documentation titles to sentense case

* Docker, Google, Foundry, Cloud proper case
 2023-06-30 19:22:07 -04:00
Rowan Smith
c7db2d61b0
[Docs] ldap auth add VAULT_LDAP_PASSWORD environment variable (#21407) 
Add VAULT_LDAP_PASSWORD environment variable
 2023-06-22 11:31:26 -07:00
Violet Hynes
d76424cb53
Miscellaneous docs cleanups (#21327) 2023-06-16 15:38:58 -04:00
Luis (LT) Carbonell
21b3262e9f
Correct Default for MaximumPageSize (#20453) 
* default max page size for config

* Add changelog

* update test int to *int

* add testing defaults

* update default to -1, i.e. dont paginate

* update test

* Add error message for invalid search

* Make 0 the default

* cleanup

* Add to known issues doc

* Update website/content/docs/upgrading/upgrade-to-1.13.x.mdx

* Update website/content/docs/upgrading/upgrade-to-1.11.x.mdx

Co-authored-by: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com>

* Update website/content/docs/upgrading/upgrade-to-1.13.x.mdx

Co-authored-by: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com>

* Update website/content/docs/upgrading/upgrade-to-1.12.x.mdx

Co-authored-by: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com>

* Add workaround to docs

* Update changelog/20453.txt

Co-authored-by: Austin Gebauer <34121980+austingebauer@users.noreply.github.com>

---------

Co-authored-by: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com>
Co-authored-by: Austin Gebauer <34121980+austingebauer@users.noreply.github.com>
 2023-05-17 20:56:53 +00:00
Luis (LT) Carbonell
7f2deb1420
Add Configurable LDAP Max Page Size (#19032) 
* Add config flag for LDAP max page size

* Add changelog

* move changelog to correct file

* cleanup

* Default to non-paged searching for with -1

* Update website/content/api-docs/auth/ldap.mdx

Co-authored-by: Austin Gebauer <34121980+austingebauer@users.noreply.github.com>

* Update website/content/docs/auth/ldap.mdx

Co-authored-by: Austin Gebauer <34121980+austingebauer@users.noreply.github.com>

* Update tests

---------

Co-authored-by: Austin Gebauer <34121980+austingebauer@users.noreply.github.com>
 2023-04-20 20:39:27 +00:00
Austin Gebauer
c94e213ac6
Add OIDC provider docs for IBM ISAM (#19247) 
* Add OIDC provider docs for IBM ISAM

* Add changelog, api docs and docs-nav-data

---------

Co-authored-by: Benjamin Voigt <benjamin.voigt@god.dev>
 2023-04-20 11:30:59 -07:00
Scott Miller
fc21d357ff
Add documentation for cert auth OCSP checking (#18064) 2023-04-13 18:33:21 +00:00
Jason O'Donnell
2f7f0d2db9
sdk/ldaputil: add connection_timeout configurable (#20144) 
* sdk/ldaputil: add connection_timeout configurable

* changelog

* Update doc

* Fix test

* Change default to 30s
 2023-04-13 12:43:28 -04:00
Rowan Smith
538bb799e4
approle naming syntax documentation (#19369) 
Documentation does not currently detail the accepted naming scheme for approle roles, this aims to provide clarity based on customer feedback. https://github.com/hashicorp/vault/blob/main/sdk/framework/path.go#L16-L18 details the regex used.
 2023-02-27 12:08:15 -08:00
Jakob Beckmann
39f9e5e775
Allow alias dereferencing in LDAP searches (#18230) 
* impr(auth/ldap): allow to dereference aliases in searches

* docs: add documentation for LDAP alias dereferencing

* chore(auth/ldap): add changelog entry for PR 18230

* chore: run formatter

* fix: update default LDAP configuration with new default

* Update website/content/docs/auth/ldap.mdx

Co-authored-by: tjperry07 <tjperry07@users.noreply.github.com>

* docs(ldap): add alias dereferencing to API docs for LDAP

---------

Co-authored-by: tjperry07 <tjperry07@users.noreply.github.com>
 2023-02-24 13:49:17 -05:00
Austin Gebauer
298fb06e7e
docs/oidc: make it clear that contents of CA certificate are expected (#19297) 2023-02-22 11:33:53 -08:00
Max Coulombe
72d0632e4b
Added disambiguation that creation request can also update roles (#17371) 
+ added  disambiguation that creation request can also update roles
 2023-02-22 12:02:31 -05:00
Raymond Ho
77e80a8030
use github token env var if present when fetching org id (#19244) 2023-02-21 12:17:35 -08:00
Milena Zlaticanin
8958d00263
Azure Auth - rotate-root documentation (#18780) 
* add documentation for rotate root

* commit suggestions

* move api permissions section
 2023-02-08 18:14:28 -07:00
Ashlee M Boyer
06df5b9d95
docs: Migrate link formats (#18696) 
* Adding check-legacy-links-format workflow

* Adding test-link-rewrites workflow

* Updating docs-content-check-legacy-links-format hash

* Migrating links to new format

Co-authored-by: Kendall Strautman <kendallstrautman@gmail.com>
 2023-01-25 16:12:15 -08:00
John-Michael Faircloth
6d257c1b8e
docs: update azure docs to reflect new managed identity support (#18357) 
* docs: update azure docs to reflect new managed identity support

* update links and formatting

* update wording

* update resource_id description

* fix formatting; add section on token limitations

* fix link and formatting
 2022-12-16 09:40:59 -06:00
Steven Clark
6795afe14d
Document adding metadata to entity alias within cert auth (#18308) 
* Document adding metadata to entity alias within cert auth

* Update website/content/api-docs/auth/cert.mdx

Co-authored-by: tjperry07 <tjperry07@users.noreply.github.com>

Co-authored-by: tjperry07 <tjperry07@users.noreply.github.com>
 2022-12-12 13:08:00 -05:00
Roberto Pommella Alegro
b2354e5aed
Docs: improve bound_audiences documentation for jwt role (#18265) 2022-12-07 12:50:09 -05:00
Alexander Scheel
762dc29f62
Add list to cert auth's CRLs (#18043) 
* Add crl list capabilities to cert auth

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add docs on cert auth CRL listing

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add changelog

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add test for cert auth listing

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
 2022-11-18 11:39:17 -05:00