* Update cert.mdx
Adding the missing parameter `url` for CRL create endpoint.
* Update website/content/api-docs/auth/cert.mdx
Co-authored-by: Steven Clark <steven.clark@hashicorp.com>
* Update cert.mdx
Corrected the duplicate `crl` line.
---------
Co-authored-by: Steven Clark <steven.clark@hashicorp.com>
* Add description about how RGP evaluation works
* Add missing '/'
* Update website/content/docs/enterprise/sentinel/index.mdx
Co-authored-by: Max Bowsher <maxbowsher@gmail.com>
* Implement the review feedback: 'may not' -> 'does not'
* Change 'Vault Enterprise Plus' -> 'Vault Enterprise' since the pricing page does not mention 'plus'
---------
Co-authored-by: Max Bowsher <maxbowsher@gmail.com>
* Don't allow setting dead server last contact threshold to less than 1 minute
* add changelog
* document the minimum dead server last contact threshold
* When support for service tags was added, the only way we had to parse
and dedup a list of strings also forced them to be lowercase. Now there's
another helper func that doesn't smash the case so use that instead.
* update Consul 'service_tag' documentation to include case sensitivity
* added upgrade guide for 1.15
* test for service tags
Co-authored-by: Nick Cabatoff <ncabatoff@hashicorp.com>
Co-authored-by: Peter Wilson <peter.wilson@hashicorp.com>
* Docs: fix inaccurate claim that audit log contains all requests
* I realised there is another category of paths to add
* Unauthenticated requests such as pki/cert/FINGERPRINT are logged
So, remove "authenticated" qualifier.
* Update libraries.mdx
Hello! We now maintain a dotnet client for Vault, updating the docs to include this info.
* Update libraries.mdx
Removed version flag from Install-Package.
Changed formatting slightly of ansible-vault to match as I think the hyphen + capital first letter looks nicer.
* Remove extra '('
---------
Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>
* Fix sudo paths missing from OpenAPI and docs
Various sudo (a.k.a. root-protected) paths are implemented in
non-standard ways, and as a result:
* are not declared as x-vault-sudo in the OpenAPI spec
* and as a result of that, are not included in the hardcoded patterns
powering the Vault CLI `-output-policy` flag
* and in some cases are missing from the table of all sudo paths in the
docs too
Fix these problems by:
* Adding `seal` and `step-down` to the list of root paths for the system
backend. They don't need to be there for enforcement, as those two
special endpoints bypass the standard request handling code, but they
do need to be there for the OpenAPI generator to be able to know they
require sudo.
The way in which those two endpoints do things differently can be
observed in the code search results for `RootPrivsRequired`:
https://github.com/search?q=repo%3Ahashicorp%2Fvault%20RootPrivsRequired&type=code
* Fix the implementation of `auth/token/revoke-orphan` to implement
endpoint sudo requirements in the standard way. Currently, it has an
**incorrect** path declared in the special paths metadata, and then
compensates with custom code throwing an error within the request
handler function itself.
* changelog
* As discussed in PR, delete test which is just testing equality of a constant
* Restore sudo check as requested, and add comment
* Update vault/token_store.go
Co-authored-by: Anton Averchenkov <84287187+averche@users.noreply.github.com>
---------
Co-authored-by: Anton Averchenkov <84287187+averche@users.noreply.github.com>
* imprv: Add a parameter to allow ExtKeyUsage field usage from a role
* chore: Add the changelog entry
* imprv: Reword UI and changelog
* doc: Add allow_role_extkeyusage in parameter list
* imprv: Align variable names with existing fields/codebase
* Add unit test and tweak some labels
---------
Co-authored-by: Steve Clark <steven.clark@hashicorp.com>
