mirrors/vault
1
0
Fork 0
mirror of https://github.com/hashicorp/vault.git synced 2025-08-26 00:51:08 +02:00
Code Issues Projects Releases Wiki Activity
7,782 Commits 2,840 Branches 445 Tags
Commit Graph

7782 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Calvin Leung Huang
c7b5b8b0b4 aws_region->region on awskms config 2017-11-02 16:31:16 -04:00
Vishal Nayak
66642a0935
External identity groups (#3447) 
* external identity groups

* add local LDAP groups as well to group aliases

* add group aliases for okta credential backend

* Fix panic in tests

* fix build failure

* remove duplicated struct tag

* add test steps to test out removal of group member during renewals

* Add comment for having a prefix check in router

* fix tests

* s/parent_id/canonical_id

* s/parent/canonical in comments and errors
 2017-11-02 16:05:48 -04:00
Jeff Mitchell
6eb744e379 Fix some tests 2017-11-02 15:35:06 -04:00
Jeff Mitchell
d7e48b4aaa changelog++ 2017-11-02 10:38:43 -04:00
Jeff Mitchell
41568317e0
Redo API locking (#3508) 
* Redo the API client quite a bit to make the behavior of NewClient more
predictable and add locking to make it safer to use with Clone() and if
multiple goroutines for some reason decide to change things.

Along the way I discovered that currently, the x/net/http2 package is
broke with the built-in h2 support in released Go. For those using
DefaultConfig (the vast majority of cases) this will be a non-event.
Others can manually call http2.ConfigureTransport as needed. We should
keep an eye on commits on that repo and consider more updates before
release. Alternately we could go back revisions but miss out on bug
fixes; my theory is that this is not a purposeful break and I'll be
following up on this in the Go issue tracker.

In a few tests that don't use NewTestCluster, either for legacy or other
reasons, ensure that http2.ConfigureTransport is called.

* Use tls config cloning

* Don't http2.ConfigureServer anymore as current Go seems to work properly without requiring the http2 package

* Address feedback
 2017-11-02 09:30:04 -05:00
Jeff Mitchell
66b2d26bf7
Ensure revocation happens before seal/step-down since token store isn't (#3500) 
available after when using single-use tokens.

Fixes #3497
 2017-11-02 08:47:02 -05:00
Jeff Mitchell
3e7a3acb22
Change some instances of adding headers to setting headers, since really (#3501) 
we want to replace anything that might be there (e.g. for request
forwarding and content-type).

Hopefully fixes #3485
 2017-11-02 07:31:50 -05:00
Chris Hoffman
ed8cf070c9
Add ability to require parameters in ACLs (#3510) 2017-11-02 07:18:49 -04:00
Jeff Mitchell
962ef74cb2
Add seal type to seal-status output. (#3516) 2017-11-01 21:00:41 -05:00
Jeff Mitchell
972834a610 Use an atomic store in expiration loading test to fix race detector 2017-11-01 15:52:59 -04:00
Vishal Nayak
6d3eb3f814
fix deadlock while loading groups (#3515) 2017-11-01 14:14:21 -04:00
Nicolas Corrarello
ca92922a91 Refactoring readAcessConfig to return a single type of error instead of two 2017-11-01 08:49:31 +00:00
Nicolas Corrarello
dcaec0a880 Refactored config error to just have a single error exit path 2017-11-01 08:41:58 +00:00
Nicolas Corrarello
c4bf80c84f Ignoring userErr as it will be nil anyway 2017-11-01 07:41:58 +00:00
Nicolas Corrarello
5d3513b568 tokenType can never be nil/empty string as there are default values 2017-11-01 07:36:14 +00:00
Jeff Mitchell
c9f01963c3 changelog++ 2017-10-31 21:59:33 -04:00
Jeff Mitchell
83f77d5a5f
Fix memory leak when a connection would hit the cluster port and go away (#3513) 2017-10-31 20:58:45 -05:00
Nicolas Corrarello
ffb9343f5f Should return an error if trying create a management token with policies attached 2017-10-31 21:12:14 +00:00
Nicolas Corrarello
3a0d7ac9a6 Unifying Storage and API path in role 2017-10-31 21:06:10 +00:00
Nicolas Corrarello
482d73aebe Minor/Cosmetic fixes 2017-10-31 19:11:24 +00:00
Brian Kassouf
0caf6e986c
Update CHANGELOG.md 2017-10-30 13:26:15 -07:00
Brian Kassouf
4121791cb9
Add the ability to glob allowed roles in the Database Backend (#3387) 
* Add the ability to glob allowed roles in the Database Backend

* Make the error messages better

* Switch to the go-glob repo
 2017-10-30 13:24:25 -07:00
Jeff Mitchell
3e831ecf3f changelog++ 2017-10-30 16:08:18 -04:00
Jeff Mitchell
3e81fe4c62
Simplify TTL/MaxTTL logic in SSH CA paths and sane with the rest of how (#3507) 
Vault parses/returns TTLs.
 2017-10-30 15:05:47 -05:00
Nathan Valentine
ad6b4df9a8 Should these names not reference Vault? (#3506) 
Since we are in the Vault docs, should these names not reference Vault instead of Nomad?
 2017-10-30 11:04:38 -05:00
Jeff Mitchell
d538dc13ba Update seal type names 2017-10-27 17:28:50 -04:00
Jeff Mitchell
bba371c7de Fix C&P in docs. 
Fixes #3454
 2017-10-27 16:43:26 -04:00
Jeff Mitchell
d573b4637c Update kube stuff 2017-10-27 16:12:14 -04:00
Jeff Mitchell
6df6041088 Bump deps 2017-10-27 15:06:04 -04:00
Jeff Mitchell
2afbbb3400 Only call ConfigureTransport if "h2" is not already in NextProtos. 
Fixes #3435
 2017-10-27 14:08:30 -04:00
Jeff Mitchell
ed1cbb0a78 Only copy hooks if building from a git repo 
Fixes #3498
 2017-10-27 13:11:04 -04:00
Jeff Mitchell
6cfdd7b40c Rejig some error messages in pki 2017-10-27 12:02:18 -04:00
vishalnayak
f7314938bf changelog++ 2017-10-27 11:29:30 -04:00
Vishal Nayak
30aab2aa2f aws-ec2: Avoid audit logging of custom nonces (#3381) 2017-10-27 11:23:15 -04:00
smeach
6157a89f1b Updated cli arg to reflect text description (#3487) 2017-10-27 09:44:56 -05:00
AJ Bourg
e26573cb78 Add a doc for the token helper (#3411) 
* Add token helper docs.

* Update it so the new token helpers page appears in the navigation.
 2017-10-27 09:42:33 -05:00
Jeff Mitchell
672feed0e8 changelog++ 2017-10-26 15:30:55 -04:00
Jeff Mitchell
bc6631f5d7 Merge pull request #3479 from hashicorp/issue-3476 
Allow underscores at the start of directories in file backend.
 2017-10-26 15:30:11 -04:00
Jeff Mitchell
af1ae58c05 Merge branch 'master' into issue-3476 2017-10-26 15:29:32 -04:00
Jeff Mitchell
4ed4fb800b Move underscore tests to file from physical testing 2017-10-26 15:29:10 -04:00
Jeff Mitchell
9973d28293 Revert couchdb changes 2017-10-26 15:27:20 -04:00
Jeff Mitchell
5d1e06ae93 Change prefix to a string that can be specified, rather than a bool 2017-10-26 15:26:28 -04:00
Jeff Mitchell
04f7af1f55 Add prefixing to couch to fix the error that was exposed 2017-10-26 15:26:28 -04:00
Jeff Mitchell
9c7b0d05ff Fix more tests 2017-10-26 15:26:28 -04:00
Jeff Mitchell
037dfeb83c Fix testing 2017-10-26 15:26:28 -04:00
Jeff Mitchell
67485b4705 Add some more tests 2017-10-26 15:26:28 -04:00
Jeff Mitchell
1eaa214d1e Allow underscores at the start of directories in file backend. 
Fixes #3476
 2017-10-26 15:26:28 -04:00
Brian Kassouf
bdd70ff032 Fix a logic bug in the respondRaw function (#3491) 2017-10-26 00:08:10 -07:00
Jeff Mitchell
55109f6c56 Properly format autogenerated clusteraddr 2017-10-25 14:43:05 -04:00
Jeff Mitchell
4ac059d25f Update storedBarrierKeysPath name 2017-10-25 11:59:02 -04:00