mirrors/vault
1
0
Fork 0
mirror of https://github.com/hashicorp/vault.git synced 2025-11-22 03:01:10 +01:00
Code Issues Projects Releases Wiki Activity
7,543 Commits 2,848 Branches 460 Tags
Commit Graph

1526 Commits

Author SHA1 Message Date
vishalnayak
8293b19a98 Added revocation_sql to the website docs 2016-10-27 12:15:08 -04:00
vishalnayak
2ac019a9c5 Move policy test to keysutil package 2016-10-26 19:57:28 -04:00
vishalnayak
b30d5f5c57 Pulled out transit's lock manager and policy structs into a helper 2016-10-26 19:52:31 -04:00
Vishal Nayak
e7c57b677e Merge pull request #2004 from hashicorp/role-id-update 
Fix regression caused by not creating a role_id secondary index
 2016-10-26 16:29:46 -04:00
vishalnayak
b408c95e0d ssh: Use temporary file to store the identity file 2016-10-18 12:50:12 -04:00
Vishal Nayak
4ef4411a19 Merge pull request #2005 from hashicorp/dedup-ldap-policies 
Deduplicate the policies in ldap backend
 2016-10-18 10:42:11 -04:00
Chris Hoffman
4406a39da2 Add ability to list keys in transit backend (#1987) 2016-10-18 10:13:01 -04:00
vishalnayak
60b638f3b2 Deduplicate the policies in ldap backend 2016-10-14 17:20:50 -04:00
vishalnayak
4caa09f6e6 Fix regression caused by not creating a role_id secondary index 2016-10-14 12:56:29 -04:00
Laura Bennett
8d423616ec Merge pull request #1980 from hashicorp/audit-update 
Audit file update
 2016-10-10 14:34:53 -04:00
Laura Bennett
6770545cfd test updates to address feedback 2016-10-10 12:58:30 -04:00
Laura Bennett
1cc7c811c7 address feedback 2016-10-10 12:16:55 -04:00
Laura Bennett
7def50799b address latest feedback 2016-10-10 11:58:26 -04:00
Laura Bennett
18028ffcd6 minor fix 2016-10-10 10:05:36 -04:00
Laura Bennett
3bf0520bbb address feedback 2016-10-09 22:23:30 -04:00
Laura Bennett
bef5a625d6 adding unit tests for file mode 2016-10-09 00:33:24 -04:00
Laura Bennett
bc58e02fe8 initial commit to fix empty consistency option issue 2016-10-08 20:22:26 -04:00
Laura Bennett
a8813c4ff2 changes for 'mode' 2016-10-08 19:52:49 -04:00
Laura Bennett
635873cf4a initial commit for adding audit file permission changes 2016-10-07 15:09:32 -04:00
Michael S. Fischer
c6120c26d9 Update aws-ec2 configuration help 
Updated to reflect enhanced functionality and clarify necessary
permissions.
 2016-10-05 12:40:58 -07:00
Jeff Mitchell
d7615b0477 Don't use quoted identifier for the username 2016-10-05 14:31:19 -04:00
Jeff Mitchell
37df43d534 Postgres revocation sql, beta mode (#1972) 2016-10-05 13:52:59 -04:00
vishalnayak
e90acaeb6c Refactor mysql's revoke SQL 2016-10-04 19:30:25 -04:00
Vishal Nayak
b22b4edc71 Merge pull request #1914 from jpweber/mysql-revoke 
Mysql revoke with non-wildcard hosts
 2016-10-04 17:44:15 -04:00
Jim Weber
6b9b646e8a removed an unused ok variable. Added warning and force use for default queries if role is nil 2016-10-04 17:15:29 -04:00
vishalnayak
4e471c41fb Minor doc updates 2016-10-04 15:46:09 -04:00
vishalnayak
18a59edb43 Address review feedback 2 2016-10-04 15:30:42 -04:00
vishalnayak
84c8caefca Address review feedback 2016-10-04 15:05:44 -04:00
Jim Weber
1ec0a2d403 fixed an incorrect assignment 2016-10-03 21:51:40 -04:00
vishalnayak
dda2e81895 Add only relevant certificates 2016-10-03 20:34:28 -04:00
vishalnayak
437ddeaadc aws-ec2 config endpoints support type option to distinguish certs 2016-10-03 20:25:07 -04:00
Jim Weber
1b591fb6d5 More resilient around cases of missing role names and using the default when needed. 2016-10-03 20:20:00 -04:00
vishalnayak
1317753f18 Authenticate aws-ec2 instances using identity document and its RSA signature 2016-10-03 18:57:41 -04:00
Jim Weber
67d991f4ab Refactored logic some to make sure we can always fall back to default revoke statments 
Changed rolename to role
made default sql revoke statments a const
 2016-10-03 15:59:56 -04:00
Jim Weber
179c07075a fixed some more issues I had with the tests. 2016-10-03 15:58:09 -04:00
Jim Weber
aa5bb3b354 renamed rolname to role 2016-10-03 15:57:47 -04:00
Jim Weber
003d0df191 Reduced duplicated code and fixed comments and simple variable name mistakes 2016-10-03 14:53:05 -04:00
Jim Weber
10855b070f Added test for revoking mysql user with wild card host and non-wildcard host 2016-10-02 22:28:54 -04:00
Jim Weber
47465e782c saving role name to the Secret Internal data. Default revoke query added 
The rolename is now saved to the secret internal data for fetching
later during the user revocation process. No longer deriving the role
name from request path

Added support for default revoke SQL statements that will provide the
same functionality as before. If not revoke SQL statements are provided
the default statements are used.

Cleaned up personal ignores from the .gitignore file
 2016-10-02 18:53:16 -04:00
Jeff Mitchell
81cdd76a5c Adds HUP support for audit log files to close and reopen. (#1953) 
Adds HUP support for audit log files to close and reopen. This makes it
much easier to deal with normal log rotation methods.

As part of testing this I noticed that HUP and other items that come out
of command/server.go are going to stderr, which is where our normal log
lines go. This isn't so much problematic with our normal output but as
we officially move to supporting other formats this can cause
interleaving issues, so I moved those to stdout instead.
 2016-09-30 12:04:50 -07:00
Vishal Nayak
adf868d3a0 Merge pull request #1947 from hashicorp/secret-id-lookup-delete 
Introduce lookup and destroy endpoints for secret IDs and its accessors
 2016-09-29 10:19:54 -04:00
vishalnayak
d672d3c5dc Added website docs for lookup and destroy APIs 2016-09-28 22:11:48 -04:00
vishalnayak
11614805e0 Make secret-id reading and deleting, a POST op instead of GET 2016-09-28 20:22:37 -04:00
Michael S. Fischer
e6b39d4b3f Update documentation for required AWS API permissions 
In order for Vault to map IAM instance profiles to roles, Vault
must query the 'iam:GetInstanceProfile' API, so update the documentation
and help to include the additional permissions needed.
 2016-09-28 16:50:20 -07:00
Jeff Mitchell
c748ff322f Change default TTL from 30 to 32 to accommodate monthly operations (#1942) 2016-09-28 18:32:49 -04:00
Vishal Nayak
c68b7bd4fe Merge pull request #1939 from hashicorp/secret-id-upgrade 
Respond secret_id_num_uses and deprecate SecretIDNumUses
 2016-09-28 18:16:07 -04:00
vishalnayak
f1f66279c4 Added todo to remind removal of upgrade code 2016-09-28 18:17:13 -04:00
vishalnayak
1887fbcd7f Check for prefix match instead of exact match for IAM bound parameters 2016-09-28 18:08:28 -04:00
vishalnayak
5c5871ee5a Don't reset the deprecated value yet 2016-09-28 15:48:50 -04:00
Vishal Nayak
692bbc0a12 Merge pull request #1913 from hashicorp/bound-iam-instance-profile-arn 
Proper naming for bound_iam_instance_profile_arn
 2016-09-28 15:34:56 -04:00