scottk/vault
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/vault.git synced 2025-11-01 11:08:10 +00:00
Code Issues Packages Projects Releases Wiki Activity
12,881 Commits 2,630 Branches 341 Tags
0767980550eec7c220ab3cf408dd46504cb1541e
Commit Graph

12881 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Theron Voran
c8dbbbacae Update OIDC namespace_in_state docs (#10269) 
To reflect the default of true for new configs.
 2020-10-30 08:15:34 -07:00
Brian Kassouf
3bc7d15e6b Backport some OSS changes (#10267) 
* Backport some OSS changes

* go mod vendor
 2020-10-29 16:47:34 -07:00
Theron Voran
ece971b648 changelog++ 2020-10-29 14:30:38 -07:00
Theron Voran
df5b607c40 Updating to jwt plugin@master (#10266) 2020-10-29 14:25:06 -07:00
aphorise
b18f841be5 Docs - examples of IPv6 added in listener section of configurations. (#9601) 2020-10-29 15:12:18 -04:00
akosuadenell
0241143046 Update index.mdx (#10262) 2020-10-29 12:04:48 -07:00
Vishal Nayak
d2bfffeb48 added test for concurrency call of remount handler and proposed fix for logic to avoid duplication of mount names (#10264) 
Co-authored-by: bruj0 <ramakandra@gmail.com>
 2020-10-29 14:39:41 -04:00
Vishal Nayak
07847db961 Fix remount tests (#10265) 2020-10-29 14:31:58 -04:00
Matt Greenfield
363b546a1e Validate to/from parameters when remounting a backend (#9890) 
Vault uses http.ServeMux which issues an HTTP 301 redirect if the
request path contains a double slash (`//`). Additionally, vault
handles all paths to ensure that the path only contains printable
characters. Therefore use the same validation on the to/from parameters
for remounting.

Not doing this can result in a Vault mount that was originally mounted
at `pki/foo` to being remounted at `pki/foo//bar` resulting in mounts
that cannot be accessed.

Co-authored-by: Vishal Nayak <vishalnayak@users.noreply.github.com>
 2020-10-29 14:06:07 -04:00
Hridoy Roy
5ef00b6281 port external test fix (#10263) 2020-10-29 10:55:26 -07:00
Hridoy Roy
8172b1d410 Port: change leader status metric name to active (#10245) 
* change active node metric name

* comment to see if commit is fine

Co-authored-by: Hridoy Roy <hridoyroy@Hridoys-MacBook-Pro.local>
 2020-10-29 10:30:45 -07:00
Calvin Leung Huang
0ba026b3cc changelog++ 2020-10-28 18:20:50 -07:00
Calvin Leung Huang
76cb96bacc mod: update gopsutil@v2.20.9 (#10261) 2020-10-28 17:20:54 -07:00
Jonas-Taha El Sesiy
652fae3e96 Add support for Managed Identity auth for physical/Azure (#10189) 
* Add support for Managed Identity auth for physical/Azure

Obtain OAuth token from IMDS to allow for access to Azure Blob with
short-lived dynamic credentials

Fix #7322

* add tests & update docs/dependencies
 2020-10-28 15:04:26 -07:00
Chelsea Shaw
a8566c4f89 Add Learn More Here link to vault learn pricing metrics tutorial (#10254) 
* Add Learn More Here link to vault learn pricing metrics tutorial

* Fix spacing

Co-authored-by: Vishal Nayak <vishalnayak@users.noreply.github.com>
 2020-10-28 12:48:39 -05:00
Scott Miller
5dbc6c6d7f Wrap the dev logs in a sync.Once and deregister first, to eliminate the possibility of emitting the dev output twice in a race. (#10258) 2020-10-28 10:23:18 -05:00
Jason O'Donnell
ef03f05fc0 docs: fix k8s helm configuration rendering (#10257) 2020-10-28 10:51:40 -04:00
Chelsea Shaw
1c05b47caf Changelog++ 2020-10-27 14:51:54 -05:00
Hridoy Roy
aac17a174c Port: Add metrics to report mount table sizes for auth and logical [Vault 671] (#10201) 
* first commit

* update

* removed some ent features from backport

* final refactor

* backport patch

Co-authored-by: Hridoy Roy <hridoyroy@Hridoys-MacBook-Pro.local>
Co-authored-by: Hridoy Roy <hridoyroy@Hridoys-MBP.hitronhub.home>
 2020-10-27 08:24:43 -07:00
Tom Proctor
20c95cd556 Docs: Support for scopes in MongoDB Atlas database plugin (#10241) 2020-10-27 13:24:51 +00:00
Vishal Nayak
c5fe8a78f4 OCI: Don't store region in the backend struct (#10248) 
* OCI: Don't store region in the backend struct

* Update physical/oci/oci.go

Co-authored-by: Calvin Leung Huang <cleung2010@gmail.com>

Co-authored-by: Calvin Leung Huang <cleung2010@gmail.com>
 2020-10-26 19:41:51 -04:00
Jason Witkowski
45d18b8b52 Add ability to specify region for OCI Storage Backend (#9302) 
* Add ability to specify region for OCI Storage Backend

* Fix capitalization in Vault documentation

Co-authored-by: Josh Black <raskchanky@users.noreply.github.com>
Co-authored-by: Vishal Nayak <vishalnayak@users.noreply.github.com>
 2020-10-26 18:28:32 -04:00
Theron Voran
85d118824b UI/OIDC: allow passing namespace in state (#10171) 
* UI/OIDC: allow passing namespace in state

Suppport in the UI OIDC callback flow to parse namespace out of the
state parameter instead of a separate query parameter in the
redirect_uri. Includes docs for the option that enables this behavior
in the JWT plugin.

* 1.6 wordsmithing

* pass_namespace_in_state -> namespace_in_state

* re-wording

* use strict equals

Co-authored-by: Vishal Nayak <vishalnayak@users.noreply.github.com>
 2020-10-26 18:17:21 -04:00
Vishal Nayak
96b1aa9929 Fix build 2020-10-26 18:14:01 -04:00
Calvin Leung Huang
923bfc9765 changelog++ 2020-10-26 14:33:59 -07:00
Jeff Mitchell
ced73ab7bf Consolidate locking for sys/health (#9876) 
* Consolidate locking for sys/health

This avoids a second state lock read-lock on every sys/health hit

* Address review feedback

Co-authored-by: Vishal Nayak <vishalnayakv@gmail.com>
Co-authored-by: Vishal Nayak <vishalnayak@users.noreply.github.com>
 2020-10-26 16:47:54 -04:00
Calvin Leung Huang
297faa4129 auth: store period value on tokens created via login (#7885) 
* auth: store period value on tokens created via login

* test: reduce potentially flaskiness due to ttl check

* test: govet on package declaration

* changelog++

* Temporarily remove CL entry

* Add back the CL entry

Co-authored-by: Vishal Nayak <vishalnayakv@gmail.com>
 2020-10-26 16:25:56 -04:00
Clint
0e993e88ab Return logical.StatusBadRequest on requests with missing token (#8457) 
* Add test for 400 status on missing token

* Return logical.StatusBadRequest on missing token

* remove commented out code

Co-authored-by: Vishal Nayak <vishalnayak@users.noreply.github.com>
 2020-10-26 16:17:25 -04:00
Michael Golowka
36d30a2e87 Password policies in DB engine 
Also expanded support for all DBs for root credential rotation & static credential rotation
 2020-10-26 14:01:08 -06:00
Michael Golowka
38b2375ca4 DBPW - Add readme to dbplugin package (#10230) 2020-10-26 13:57:02 -06:00
Jeff Mitchell
ea278ba1a3 Add omitempty's to MountEntry and MountConfig (#7154) 
Co-authored-by: Jim Kalafut <jkalafut@hashicorp.com>
Co-authored-by: Vishal Nayak <vishalnayak@users.noreply.github.com>
 2020-10-26 15:34:55 -04:00
Theron Voran
f2b41e1c42 Add info about aws timeouts to docs (#10209) 
In auth/aws, seal/awskms, and secrets/aws, storage/s3, and
storage/dynamodb.

One blurb for the docs pages and one for the .0 upgrade pages.
 2020-10-26 11:15:59 -07:00
Tom Proctor
c39b1c2ee4 changelog++ 2020-10-26 17:50:32 +00:00
dr-db
2b81b5aca8 Updates Go version in README to 1.14.7, to match reality (#10237) 2020-10-25 22:50:25 -07:00
Aleksandr Bezobchuk
e4421691da Merge PR #10192: Auto-Join: Configurable Scheme & Port (and add k8s provider) 2020-10-23 16:13:09 -04:00
Byungjin Park (BJ)
ac239089b2 Fix outdated enable-versioning command usage in kv (#10212) 2020-10-23 12:46:20 -07:00
Chelsea Shaw
ea1ee28763 Default objects should return a function to avoid breaking ember's idea of what a default value should look like (#10218) 2020-10-23 14:23:51 -05:00
Nick Cabatoff
f7c384fd4c Same seal migration oss (#10224) 
* Refactoring and test improvements.

* Support migrating from a given type of autoseal to that same type but with different parameters.
 2020-10-23 14:16:04 -04:00
Chelsea Shaw
c787c97cec Update language on primary to reflect how many known secondaries there are, and update CTA for viewing all (#10217) 2020-10-23 11:58:06 -05:00
Tom Proctor
be0a3d28f9 DBPW - Migrate Redshift database plugin to v5 interface (#10195) 2020-10-23 14:10:57 +01:00
Ryan Treat
ee09e54d80 Update Venafi Secrets Engine doc to account for recent enhancements (#10221) 2020-10-22 16:25:37 -07:00
Michael Golowka
233a19e8f8 Add couchbase, elasticsearch, and mongodbatlas back (#10222) 
Updated the `Serve` function so these can be added back into Vault
 2020-10-22 17:20:17 -06:00
Michael Golowka
d87657199d DBPW - Enables AutoMTLS for DB plugins (#10220) 
This also temporarily disables couchbase, elasticsearch, and
mongodbatlas because the `Serve` function needs to change signatures
and those plugins are vendored in from external repos, causing problems
when building.
 2020-10-22 15:43:19 -06:00
Theron Voran
0510cdf275 changelog++ 2020-10-22 14:03:04 -07:00
Theron Voran
2a3af728d9 Update auth/jwt to latest master (#10214) 
Fixes oidc config UI, and adds EdDSA (ed25519) to supported algorithms
 2020-10-22 13:59:37 -07:00
Michael Golowka
d59cc1f0b7 Remove newdbplugin package (#10216) 2020-10-22 13:33:27 -06:00
Calvin Leung Huang
8a64de4d7e changelog++ 2020-10-22 11:51:36 -07:00
Mike Grass
df7d3362db Improve errors for aws login with an unbound ARN (#10036) 
* Improve errors for aws login with an unbound ARN

* Factor hasWildcardBind into its own function

Co-authored-by: Calvin Leung Huang <cleung2010@gmail.com>
 2020-10-22 11:24:47 -07:00
Meggie
b62a00b20a Updating latest version to 1.5.5 on website (#10208) 2020-10-21 19:27:43 -04:00
Meggie
63bcdc9694 changelog++ 2020-10-21 19:13:45 -04:00