mirrors/vault
1
0
Fork 0
mirror of https://github.com/hashicorp/vault.git synced 2025-08-26 00:51:08 +02:00
Code Issues Projects Releases Wiki Activity
2,127 Commits 2,840 Branches 445 Tags
Commit Graph

130 Commits

Author SHA1 Message Date
Jeff Mitchell
f600e3ac29 Add no-default-policy flag and API parameter to allow exclusion of the 
default policy from a token create command.
 2015-11-09 17:30:50 -05:00
Jeff Mitchell
673c6d726a Move environment variable reading logic to API. 
This allows the same environment variables to be read, parsed, and used
from any API client as was previously handled in the CLI. The CLI now
uses the API environment variable reading capability, then overrides any
values from command line flags, if necessary.

Fixes #618
 2015-11-04 10:28:00 -05:00
Jeff Mitchell
b11cb5d964 Implement LookupSelf, RevokeSelf, and RenewSelf in the API client 
Fixes #739
 2015-10-30 17:27:33 -04:00
Jeff Mitchell
d7f528a768 Add reset support to the unseal command. 
Reset clears the provided unseal keys, allowing the process to be begun
again. Includes documentation and unit test changes.

Fixes #695
 2015-10-28 15:59:39 -04:00
Jeff Mitchell
5c0a16b16a Use cleanhttp instead of bare http.Client 2015-10-22 14:37:12 -04:00
Jeff Mitchell
0dbbef1ac0 Don't use http.DefaultClient 
This strips out http.DefaultClient everywhere I could immediately find
it. Too many things use it and then modify it in incompatible ways.

Fixes #700, I believe.
 2015-10-15 17:54:00 -04:00
Jeff Mitchell
27029d9744 Support and use TTL instead of lease for token creation 2015-10-09 19:52:13 -04:00
Jeff Mitchell
c9c8398352 Add 301 redirect checking to the API client. 
Vault doesn't generate these, but in some cases Go's internal HTTP
handler does. For instance, during a mount-tune command, finishing the
mount path with / (as in secret/) would cause the final URL path to
contain .../mounts/secret//tune. The double slash would trigger this
behavior in Go's handler and generate a 301. Since Vault generates 307s,
this would cause the client to think that everything was okay when in
fact nothing had happened.
 2015-10-09 17:11:31 -04:00
Dejan Golja
71615a172c Increase default timeout to 30s which should allow for any operation 
to complete.
 2015-10-09 00:53:35 +11:00
Dejan Golja
4ee297408f added a sensible default timeout for the vault client 2015-10-08 18:44:00 +11:00
Jeff Mitchell
c8af19e9dc Add unit tests 2015-10-07 20:17:06 -04:00
Jeff Mitchell
fd2c0f033e Add the ability for warnings to be added to responses. These are 
marshalled into JSON or displayed from the CLI depending on the output
mode. This allows conferring information such as "no such policy exists"
when creating a token -- not an error, but something the user should be
aware of.

Fixes #676
 2015-10-07 16:18:39 -04:00
Alexey Grachov
923d07b6bf Fix some lint warnings. 2015-09-29 10:35:16 +03:00
Jeff Mitchell
70ce824267 Switch per-mount values to strings going in and seconds coming out, like other commands. Indicate deprecation of 'lease' in the token backend. 2015-09-25 10:41:21 -04:00
Jeff Mitchell
1247459ae1 Ensure that the response body of logical calls is closed, even if there is an error. 2015-09-14 18:22:33 -04:00
Jeff Mitchell
b9a5a137c0 Address items from feedback. Make MountConfig use values rather than 
pointers and change how config is read to compensate.
 2015-09-10 15:09:54 -04:00
Jeff Mitchell
dd8ac00daa Rejig how dynamic values are represented in system view and location of some functions in various packages; create mount-tune command and API analogues; update documentation 2015-09-10 15:09:54 -04:00
Jeff Mitchell
aadf039368 Add DynamicSystemView. This uses a pointer to a pointer to always have 
up-to-date information. This allows remount to be implemented with the
same source and dest, allowing mount options to be changed on the fly.
If/when Vault gains the ability to HUP its configuration, this should
just work for the global values as well.

Need specific unit tests for this functionality.
 2015-09-10 15:09:54 -04:00
Jeff Mitchell
dffcf0548e Plumb per-mount config options through API 2015-09-10 15:09:53 -04:00
Jeff Mitchell
81505f5f97 Rather than use http.DefaultClient, which is simply &http.Client{}, 
create our own. This avoids some potential client race conditions when
they are setting values on the Vault API client while the default client
is being used elsewhere in other goroutines, as was seen in
consul-template.
 2015-09-03 13:47:20 -04:00
Jeff Mitchell
4d6ebab007 Change variable name for clarity 2015-09-03 13:38:24 -04:00
Jeff Mitchell
1a2c44d805 Remove redirect handling code that was never being executed (redirects are manually handled within RawRequest). Add a sync.Once to fix a potential data race with setting the CheckRedirect function on the default http.Client 2015-09-03 13:34:45 -04:00
Jeff Mitchell
566aba71b7 Merge pull request #587 from hashicorp/sethvargo/auth_token_tests 
Add test coverage for auth tokens
 2015-09-03 11:26:14 -04:00
Seth Vargo
8df186fd37 Add test coverage for auth tokens 2015-09-03 10:57:17 -04:00
Seth Vargo
f0b3ad6a2a Update documentation around cookies 2015-09-03 10:36:59 -04:00
Mike Sample
02ac5e1ec6 corrected two typos 2015-08-27 00:05:19 -07:00
Jeff Mitchell
4d877dc4eb Address comments from review. 2015-08-25 15:33:58 -07:00
Jeff Mitchell
e133536b79 Add support for pgp-keys argument to rekey, as well as tests, plus 
refactor common bits out of init.
 2015-08-25 14:52:13 -07:00
Jeff Mitchell
d2023234b9 Add support for "pgp-tokens" parameters to init. 
There are thorough unit tests that read the returned
encrypted tokens, seal the vault, and unseal it
again to ensure all works as expected.
 2015-08-25 14:52:13 -07:00
Jeff Mitchell
f1a301922d Remove cookie authentication. 2015-08-21 19:46:23 -07:00
vishalnayak
440b11c279 Vault SSH: Adding the missed out config file 2015-08-20 11:30:21 -07:00
vishalnayak
d6c5031169 Vault SSH: TLS client creation test 2015-08-18 19:00:27 -07:00
vishalnayak
d63726b41b Vault SSH: Documentation update and minor refactoring changes. 2015-08-17 18:22:03 -07:00
vishalnayak
d1b75e9d28 Vault SSH: Default lease of 5 min for SSH secrets 2015-08-12 17:10:35 -07:00
vishalnayak
f74a0c9bfa Vault SSH: Exposed verify request/response messges to agent 2015-08-12 13:22:48 -07:00
vishalnayak
c008a8d796 Vault SSH: Moved agent's client creation code to Vault's source 2015-08-12 13:09:32 -07:00
vishalnayak
f2e4867555 Vault SSH: Moved SSH agent config to Vault's source 2015-08-12 12:52:21 -07:00
vishalnayak
67b705565e Vault SSH: Added SSHAgent API 2015-08-12 10:48:58 -07:00
vishalnayak
f21c64e874 Vault SSH: Renamed path with mountPoint 2015-08-12 10:30:50 -07:00
vishalnayak
6b86811503 Vault SSH: Fixed constructor of SSH api 2015-08-12 09:56:17 -07:00
vishalnayak
2ac3cabf87 Merging changes from master 2015-08-12 09:28:16 -07:00
Seth Vargo
83bc2692f9 Remove Sys.Login (unused) 2015-08-11 13:04:11 -04:00
vishalnayak
9aa02ad560 Vault SSH: Review Rework 2015-07-29 14:21:36 -04:00
Vishal Nayak
0a4854e542 Vault SSH: Dynamic Key test case fix 2015-07-24 12:13:26 -04:00
Vishal Nayak
3a1eaf1869 Vault SSH: Support OTP key type from CLI 2015-07-23 17:20:28 -04:00
Vishal Nayak
c564f643a4 Merge branch 'master' of https://github.com/hashicorp/vault into vishalvault 2015-07-17 17:22:17 -04:00
Armon Dadgar
3d216c34d0 api: fixing 404 handling of GetPolicy 2015-07-13 19:20:00 +10:00
Vishal Nayak
820e503321 Merge branch 'master' of https://github.com/hashicorp/vault into vishalvault 2015-07-10 16:18:08 -06:00
Jeff Mitchell
4d8b88ef34 Fix nil dereference reading policies with a failing connection (for instance, bad cert) 2015-07-10 14:22:33 -04:00
Vishal Nayak
0a59e84cef Vault SSH: Revoking key after SSH session from CLI 2015-07-06 11:05:02 -04:00