Skip to content

Commit

Permalink
Merge branch 'master' into VLTFE-19-default-auth-other
Browse files Browse the repository at this point in the history
  • Loading branch information
Monkeychip authored Jan 27, 2020
2 parents 28467b2 + 9de6ed6 commit 3977cd7
Show file tree
Hide file tree
Showing 13 changed files with 79 additions and 5 deletions.
24 changes: 24 additions & 0 deletions api/sys_raft.go
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@ package api

import (
"context"
"fmt"
"io"
"net/http"

Expand Down Expand Up @@ -95,6 +96,29 @@ func (c *Sys) RaftSnapshot(snapWriter io.Writer) error {
return nil
}

// Check for a redirect, only allowing for a single redirect
if resp.StatusCode == 301 || resp.StatusCode == 302 || resp.StatusCode == 307 {
// Parse the updated location
respLoc, err := resp.Location()
if err != nil {
return err
}

// Ensure a protocol downgrade doesn't happen
if req.URL.Scheme == "https" && respLoc.Scheme != "https" {
return fmt.Errorf("redirect would cause protocol downgrade")
}

// Update the request
req.URL = respLoc

// Retry the request
resp, err = c.c.config.HttpClient.Do(req)
if err != nil {
return err
}
}

result = &Response{Response: resp}
if err := result.Error(); err != nil {
return err
Expand Down
24 changes: 24 additions & 0 deletions vendor/github.com/hashicorp/vault/api/sys_raft.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

3 changes: 3 additions & 0 deletions website/pages/docs/enterprise/control-groups/index.mdx
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,9 @@ description: Vault Enterprise has support for Control Group Authorization.

# Vault Enterprise Control Group Support

-> **Note**: This feature requires [Vault Enterprise](https://www.hashicorp.com/products/vault/)
with the Governance And Policy Module.

Vault Enterprise has support for Control Group Authorization. Control Groups
add additional authorization factors to be required before satisfying a request.

Expand Down
3 changes: 3 additions & 0 deletions website/pages/docs/enterprise/entropy-augmentation/index.mdx
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,9 @@ description: |-

# Entropy Augmentation

-> **Note**: This feature requires [Vault Enterprise](https://www.hashicorp.com/products/vault/)
with the Governance & Policy Module.

Vault Enterprise features a mechanism to sample entropy (or randomness for
cryptographic operations) from external cryptographic modules via the [seals](/docs/configuration/seal)
interface. While the system entropy used by Vault is more than capable of
Expand Down
5 changes: 2 additions & 3 deletions website/pages/docs/enterprise/hsm/index.mdx
Original file line number Diff line number Diff line change
Expand Up @@ -9,9 +9,8 @@ description: >-

# Vault Enterprise HSM Support

HSM support is a feature of [Vault
Enterprise](https://www.hashicorp.com/vault) that takes advantage of HSMs
to provide three pieces of special functionality:
-> **Note**: This feature requires [Vault Enterprise](https://www.hashicorp.com/products/vault/)
with the Governance & Policy Module.

- Master Key Wrapping: Vault protects its master key by transiting it through
the HSM for encryption rather than splitting into key shares
Expand Down
3 changes: 3 additions & 0 deletions website/pages/docs/enterprise/mfa/index.mdx
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,9 @@ description: >-

# Vault Enterprise MFA Support

-> **Note**: This feature requires [Vault Enterprise](https://www.hashicorp.com/products/vault/)
with the Governance & Policy Module.

Vault Enterprise has support for Multi-factor Authentication (MFA), using
different authentication types. MFA is built on top of the Identity system of
Vault.
Expand Down
2 changes: 2 additions & 0 deletions website/pages/docs/enterprise/namespaces/index.mdx
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,8 @@ description: >-

## Overview

-> **Note**: This feature is available in all versions of [Vault Enterprise](https://www.hashicorp.com/products/vault/).

Many organizations implement Vault as a "service", providing centralized
management for teams within an organization while ensuring that those teams
operate within isolated environments known as _tenants_.
Expand Down
3 changes: 3 additions & 0 deletions website/pages/docs/enterprise/performance-standby/index.mdx
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,9 @@ description: Performance Standby Nodes - Vault Enterprise

# Performance Standby Nodes

-> **Note**: This feature requires [Vault Enterprise](https://www.hashicorp.com/products/vault/)
with the Multi-Datacenter & Scale Module.

Vault supports a multi-server mode for high availability. This mode protects
against outages by running multiple Vault servers. High availability mode
is automatically enabled when using a data store that supports it. You can
Expand Down
4 changes: 4 additions & 0 deletions website/pages/docs/enterprise/replication/index.mdx
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,10 @@ description: >-

## Overview

-> **Note**: All versions of [Vault Enterprise](https://www.hashicorp.com/products/vault/)
have support for Disaster Recovery replication. Performance Replication requires the
Multi-Datacenter & Scale module.

Many organizations have infrastructure that spans multiple datacenters. Vault
provides the critical services of identity management, secrets storage, and
policy management. This functionality is expected to be highly available and
Expand Down
3 changes: 3 additions & 0 deletions website/pages/docs/enterprise/sealwrap/index.mdx
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,9 @@ description: |-

# Seal Wrap

-> **Note**: This feature requires [Vault Enterprise](https://www.hashicorp.com/products/vault/)
with the Governance & Policy Module.

Vault Enterprise features a mechanism to wrap values with an extra layer of
encryption for supporting [seals](/docs/configuration/seal). This adds an
extra layer of protection and is useful in some compliance and regulatory
Expand Down
3 changes: 3 additions & 0 deletions website/pages/docs/enterprise/sentinel/index.mdx
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,9 @@ description: An overview of how Sentinel interacts with Vault Enterprise.

# Overview

-> **Note**: This feature requires [Vault Enterprise](https://www.hashicorp.com/products/vault/)
with the Governance & Policy Module.

Vault Enterprise integrates HashiCorp Sentinel to provide a rich set of access
control functionality. Because Vault is a security-focused product trusted with
high-risk secrets and assets, and because of its default-deny stance,
Expand Down
4 changes: 2 additions & 2 deletions website/pages/docs/platform/k8s/helm/run.mdx
Original file line number Diff line number Diff line change
Expand Up @@ -76,8 +76,8 @@ configured to auto-unseal using KMS providers such as
[Google Cloud Platform](/docs/platform/k8s/helm/run#google-kms-auto-unseal). This
allows the pods to auto unseal if they're rescheduled in Kubernetes.

If standalone or HA mode are being used, the Vault pods must be initialized and unsealed.
For standalone deployments, only one of the Vault pods needs to be initialized.
If standalone is used, the Vault pod must be initialized and unsealed.
For HA deployments, only one of the Vault pods needs to be initialized and, all Vault pods need to be unsealed.

```sh
$ kubectl exec -ti vault-0 -- vault operator init
Expand Down
3 changes: 3 additions & 0 deletions website/pages/docs/secrets/kmip/index.mdx
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,9 @@ description: |-

# KMIP Secrets Engine

-> **Note**: This secret engine requires [Vault Enterprise](https://www.hashicorp.com/products/vault/)
with the Advanced Data Protection Module.

The KMIP secrets engine allows Vault to act as a [Key Management
Interoperability Protocol](#kmip-spec) (KMIP) server provider and handle
the lifecycle of its KMIP managed objects. KMIP is a standardized protocol that allows
Expand Down

0 comments on commit 3977cd7

Please sign in to comment.