* run oidcPeriodicFunc for each namespace id store
* remove unused noNamespace var
* properly check for errors getting namespace
not sure why I decided to ignore the NoNamespace error before
or not log the unexpected error, that doesn't make sense.
* add changelog
* improve changelog
* remove too many namespace warning for OIDC rotations
this was already in the ENT PR, I had already checked that the file didn't exist on CE before but somehow I missed it.
* database/mssql: set default root rotation stmt for contained db
* changelog
* add rotate root test
* fix test
* update passwords to make mssql happy
* create admin user
* update contained user create query
* remove test
* Adds an option to enable sAMAccountname logins when upndomain is set
* Adds an option to enable sAMAccountname logins when upndomain is set
* Updated changelog entry
* Update 29118.txt
* Updated cap/ldap version due to needed dependency
* Updated cap/ldap version due to needed dependency
* Restart CI
* Updated LDAP api-docs and docs describing the enable_samaccountname_login option
* Added missing comma in config_test.go
* Update enables_samaccountname
Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com>
* Update enable_samaccountname_login feature documentation
Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com>
---------
Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com>
* Updated the PostgreSQL database creation command to ensure the static role name is consistent.
The role name specified in allowed_roles="my-role" under the section "Rootless Configuration and Password Rotation for Static Roles" should align with the static role name in step #3. Previously, the command incorrectly used "my-static-role"; it should be "my-role" to match the earlier step.
The same role name should also be used when reading the static credentials in step #4
* Added the file changelog/29138.txt
* Delete changelog/29138.txt
---------
Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>
Co-authored-by: akshya96 <87045294+akshya96@users.noreply.github.com>
Co-authored-by: Violet Hynes <violet.hynes@hashicorp.com>
* Add information about an enterprise feature related to validating issued certificates to the PKI API docs.
* Update website/content/api-docs/secret/pki/index.mdx
Update RFC name and link, as suggested by Steve.
Co-authored-by: Steven Clark <steven.clark@hashicorp.com>
* Update website/content/api-docs/secret/pki/index.mdx
Update RFC name and link, as suggested by Steve.
Co-authored-by: Steven Clark <steven.clark@hashicorp.com>
* Update website/content/api-docs/secret/pki/index.mdx
Update RFC name and link, as suggested by Steve.
Co-authored-by: Steven Clark <steven.clark@hashicorp.com>
* Update website/content/api-docs/secret/pki/index.mdx
Update RFC name and link, as suggested by Steve.
Co-authored-by: Steven Clark <steven.clark@hashicorp.com>
* Update enterprise tag to be on the same line for vercel reasons.
---------
Co-authored-by: Steven Clark <steven.clark@hashicorp.com>
* go get github.com/hashicorp/cap/ldap@main && go mod tidy
* add 1.19 upgrade note
* changelog
* cd sdk && go get github.com/hashicorp/cap/ldap@main && go mod tidy
* add more detail in changelog
* update changelog
* go mod tidy after resolving merge conflicts
* Allow a Vault operator to list, read and update PKI ACME accounts
- This allows an operator to list the ACME account key ids, read
the ACME account getting all the various information along with
the account's associated orders and update the ACME account's
status to either valid or revoked
* Add tests for new ACME management APIs
* Update PKI api-docs
* Add cl
* Add missing error handling and a few more test assertions
* PR feedback
* Fix Note tags within the website
* Apply suggestions from docscode review
Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com>
* Update website/content/api-docs/secret/pki/issuance.mdx
* Update website/content/api-docs/secret/pki/issuance.mdx
* Update website/content/api-docs/secret/pki/issuance.mdx
---------
Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com>
Support all fields of the name constraints extension when generating CA certs.
The PKI secrets engine only provided parameter permitted_dns_domains to create
the name constraints extension when generating CA certificates.
Add the following parameters to provide full support for the extension:
* permitted_email_addresses
* permitted_ip_ranges
* permitted_uri_domains
* excluded_dns_domains
* excluded_email_addresses
* excluded_ip_ranges
* excluded_uri_domains
Specifying any combination of these parameters will trigger the creation of the
name constraints extension as per RFC 5280 section 4.2.1.10.
* Update the page description for SEO improvement
* Update the description for SEO improvement
* Update the description
* Update website/content/docs/secrets/transform/ff3-tweak-details.mdx
Co-authored-by: Jonathan Frappier <92055993+jonathanfrappier@users.noreply.github.com>
* Fixing a typo
* Incorporate review feedback
---------
Co-authored-by: Jonathan Frappier <92055993+jonathanfrappier@users.noreply.github.com>
-path must bevor auth method, otherwise an error is thrown
"Command flags must be provided before positional arguments. The following arguments will not be parsed as flags: [-path=my-auth]"
Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>
