This project is mirrored from https://gitee.com/NQL886/vault.git.
Pull mirroring failed .
Repository mirroring has been paused due to too many failed attempts. It can be resumed by a project maintainer.
Repository mirroring has been paused due to too many failed attempts. It can be resumed by a project maintainer.
- 01 Oct, 2018 14 commits
-
-
Matthew Irish authored
-
Brian Kassouf authored
-
Brian Kassouf authored
-
Calvin Leung Huang authored
-
Becca Petrin authored
* discuss ambient credentials in namespaces * update aws cred chain description
-
Calvin Leung Huang authored
* Add denylist check when filtering passthrough headers * Minor comment update
-
Brian Kassouf authored
-
vishalnayak authored
-
Matthew Irish authored
* fix the top level pollling and use ember-concurrency * make suggested changes
-
Brian Kassouf authored
-
Martin authored
* Support Authorization Bearer as token header * add requestAuth test * remove spew debug output in test * Add Authorization in CORS Allowed headers * use const where applicable * use less allocations in bearer token checking * address PR comments on tests and apply last commit * reorder error checking in a TestHandler_requestAuth
-
Chris Pick authored
In addition to the specific permissions that are already mentioned, the project also needs the `iam.googleapis.com` API enabled, otherwise authenticating will fail with an error similar to: ``` Error authenticating: Error making API request. URL: PUT https://localhost:8200/v1/auth/gcp/login Code: 400. Errors: * could not find service account key or Google Oauth cert with given 'kid' id ```
-
Vishal Nayak authored
-
Becca Petrin authored
-
- 28 Sep, 2018 11 commits
-
-
Chris Hoffman authored
-
Matthew Irish authored
* allow passing a path for options so that it can be extracted from the model * add cred type selector for the aws generate form * style hint text on generate creds form * add tests for aws-credential adapter * allow for the case where we might have zero ttl * show error for TTL picker if a non-number is entered for the duration part of the TTL * fix positioning of tooltips * fix ttl rendering with invalid input for initialValue
-
Brian Shumate authored
-
Chris Hoffman authored
-
Jeff Mitchell authored
-
Jeff Mitchell authored
Fixes #5409
-
Matthew Irish authored
* allow for enterprise init attributes * allow moving from init to auth in the init flow on the tutorial machine * show loading spinner while cluster is unsealing * use seal-status type to determine the init attrs * add init acceptance tests * stored_shares should always be 1 * fix lint * format template * remove explicity model attr from init controller
-
Mike Christof authored
-
Calvin Leung Huang authored
-
Chris Hoffman authored
-
joe miller authored
Specifying the `allowed_organiztaional_units` parameter to a cert auth backend role will require client certificates to contain at least one of a list of one or more "organizational units" (OU). Example use cases: Certificates are issued to entities in an organization arrangement by organizational unit (OU). The OU may be a department, team, or any other logical grouping of resources with similar roles. The entities within the OU should be granted the same policies. ``` $ vault write auth/cert/certs/ou-engineering \ certificate=@ca.pem \ policies=engineering \ allowed_organiztaional_units=engineering $ vault write auth/cert/certs/ou-engineering \ certificate=@ca.pem \ policies=engineering \ allowed_organiztaional_units=engineering,support ```
-
- 27 Sep, 2018 15 commits
-
-
Jeff Mitchell authored
-
Jeff Mitchell authored
-
Ben Boeckel authored
-
Martin authored
-
vishalnayak authored
-
Joel Thompson authored
* logical/aws: Harden WAL entry creation If AWS IAM user creation failed in any way, the WAL corresponding to the IAM user would get left around and Vault would try to roll it back. However, because the user never existed, the rollback failed. Thus, the WAL would essentially get "stuck" and Vault would continually attempt to roll it back, failing every time. A similar situation could arise if the IAM user that Vault created got deleted out of band, or if Vault deleted it but was unable to write the lease revocation back to storage (e.g., a storage failure). This attempts to harden it in two ways. One is by deleting the WAL log entry if the IAM user creation fails. However, the WAL deletion could still fail, and this wouldn't help where the user is deleted out of band, so second, consider the user rolled back if the user just doesn't exist, under certain circumstances. Fixes #5190 * Fix segfault in expiration unit tests TestExpiration_Tidy was passing in a leaseEntry that had a nil Secret, which then caused a segfault as the changes to revokeEntry didn't check whether Secret was nil; this is probably unlikely to occur in real life, but good to be extra cautious. * Fix potential segfault Missed the else... * Respond to PR feedback
-
Andy Manoske authored
Broken link fix
-
Andy Manoske authored
Fix broken links
-
Andy Manoske authored
partnerships-format
-
Andy Manoske authored
Some small formatting fixes
-
Andy Manoske authored
Fix header issues
-
Andy Manoske authored
Fix partnerships docs formatting issues
-
Andy Manoske authored
Partnerships docs updates
-
Andy Manoske authored
-
Andy Manoske authored
-