mirrors/vault
1
0
Fork 0
mirror of https://github.com/hashicorp/vault.git synced 2025-08-28 01:51:09 +02:00
Code Issues Projects Releases Wiki Activity
7,782 Commits 2,836 Branches 445 Tags
Commit Graph

7782 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Brian Kassouf
7951a15d65 update database interface in the docs 2017-06-07 11:20:13 -07:00
Jeff Mitchell
d06b36ce8d changelog++ 2017-06-07 13:56:02 -04:00
Jeff Mitchell
42973f3d79 Clone policy permissions and then use existing values rather than policy values for modifications (#2826) 
Should fix #2804
 2017-06-07 13:49:51 -04:00
Jeff Mitchell
35f92f13f9 Add new transit features to documentation 2017-06-07 13:00:14 -04:00
Matthew Irish
d90f71fb19 changelog ++ 2017-06-07 10:23:13 -05:00
Jeff Mitchell
4c89803c0e changelog++ 2017-06-07 10:28:21 -04:00
Joel Thompson
d858511fdf Resolve AWS IAM unique IDs (#2814) 2017-06-07 10:27:11 -04:00
Jeff Mitchell
5be733dad5 changelog++ 2017-06-07 10:18:35 -04:00
Jeff Mitchell
fc724a2f8f Honor role period for IAM auth type in AWS backend (#2828) 
Fixes #2825
 2017-06-07 10:18:02 -04:00
Jeff Mitchell
e3910ccbaa changelog++ 2017-06-07 10:03:56 -04:00
Jeff Mitchell
2daf018361 Add listing to database connections. (#2827) 
Fixes #2823
 2017-06-07 10:03:17 -04:00
Dan Brown
25fd17a9c1 Docs typo fixes (#2830) 
* Fix passing payload.json file to curl

* Correct API endpoint
 2017-06-07 10:02:58 -04:00
Jeff Mitchell
16631f5670 changelog++ 2017-06-06 22:36:12 -04:00
Joel Thompson
ee55e36af6 Check if there's a bound iam arn when renewing (#2819) 
Previously, the renew method would ALWAYS check to ensure the
authenticated IAM principal ARN matched the bound ARN.  However, there
is a valid use case in which no bound_iam_principal_arn is specified and
all bindings are done through inferencing. When a role is configured
like this, clients won't be able to renew their token because of the
check.

This now checks to ensure that the bound_iam_principal_arn is not empty
before requriing that it match the originally authenticated client.

Fixes #2781
 2017-06-06 22:35:12 -04:00
Katie Bayes
cf6c3d7729 update middleman version from 24 to 26 (#2824) 2017-06-06 22:33:26 -04:00
Jeff Mitchell
b0888ea619 changelog++ 2017-06-06 16:04:49 -04:00
Jeff Mitchell
bca213cf6d Add ability to specify encryption key version in transit (#2821) 2017-06-06 16:02:54 -04:00
Jeff Mitchell
1fd2bdc086 changelog++ 2017-06-06 09:50:38 -04:00
Brian Kassouf
abc900157b Use the role name in the db username (#2812) 2017-06-06 09:49:49 -04:00
Jeff Mitchell
2631bde3ef changelog++ 2017-06-05 18:05:22 -04:00
Brian Rodgers
d4fb2624b4 Log auth info on permission denied due to ACL (#2754) 2017-06-05 18:04:31 -04:00
Jeff Mitchell
043b3f82c3 changelog++ 2017-06-05 16:44:35 -04:00
Jeff Mitchell
28d7c6f90f changelog++ 2017-06-05 16:37:34 -04:00
Jeff Mitchell
6b0ca941a6 Add a no-store option to vault auth (#2809) 
Fixes #2746
 2017-06-05 16:36:28 -04:00
Jeff Mitchell
becf796c9a Don't try to clean up upgrades if we're sealed 2017-06-05 16:00:56 -04:00
Jeff Mitchell
fe19bc3f07 Log heartbeat stopping 2017-06-05 15:57:04 -04:00
Jeff Mitchell
7b30613214 changelog++ 2017-06-05 15:03:34 -04:00
Jeff Mitchell
a52fae256a ed25519 support in transit (#2778) 2017-06-05 15:00:39 -04:00
Jeff Mitchell
09be3f6744 changelog++ 2017-06-05 12:40:59 -04:00
Scott Sinclair
f6ba66ca06 Change split on instance profile name (#2802) 
This now splits on the /, so we only get the last component of the instance profile name (ignoring paths)
 2017-06-05 12:39:37 -04:00
Matthew Irish
4b1045eee1 changelog++ 2017-06-05 11:35:03 -05:00
sam boyer
00383246a7 Minor typos & wordsmithing for clarity (#2807) 2017-06-05 09:32:09 -07:00
Jeff Mitchell
a2a0b44d79 Use the oauth2 context ability to specify a clean http client. (#2808) 
Hopefully fixes #2793
 2017-06-05 12:27:01 -04:00
Jeff Mitchell
186e7dd1f4 Add unsalted test to app-id 2017-06-05 11:37:16 -04:00
Jeff Mitchell
55e16eacfa changelog++ 2017-06-05 11:01:48 -04:00
Kiss György
57ba312941 Add Health() method to Sys client (#2805) 2017-06-05 11:00:45 -04:00
Jeff Mitchell
1c1937514b changelog++ 2017-06-05 10:55:42 -04:00
Jeff Mitchell
c655dee721 Add another nil guard to S3, follow on from #2785 2017-06-05 10:54:26 -04:00
Vishal Nayak
a337f9fcff Avoid panic in s3 list operation (#2785) 2017-06-05 10:53:20 -04:00
Jeff Mitchell
83ecd0f9ad Allow accessing Warnings directly in Response. (#2806) 
A change in copystructure has caused some panics due to the custom copy
function. I'm more nervous about production panics than I am about
keeping some bad code wiping out some existing warnings, so remove the
custom copy function and just allow direct setting of Warnings.
 2017-06-05 10:52:43 -04:00
Jeff Mitchell
b938163ad1 Update vendoring 2017-06-05 10:51:53 -04:00
Mevan Samaratunga
65b9c35229 fixed bug where the project name was not being read from configuration if it was provided via the "tenant" attribute. this was causing the swift client to crash with an EOF error. (#2803) 2017-06-05 10:48:39 -04:00
Jeff Mitchell
e3cc07cab8 changelog++ 2017-06-05 10:06:12 -04:00
Jeff Mitchell
24fab528f8 Fix instantiation of salt funcs in app-id structs 2017-06-05 10:04:54 -04:00
Jeff Mitchell
d3d9370294 changelog++ 2017-06-03 08:17:02 -04:00
Eugene Bekker
0701658936 Fixes #2789 (#2790) 2017-06-03 08:15:37 -04:00
Jeff Mitchell
c18589f590 Add plugin_directory to configuration page (#2801) 
Fixes #2795
 2017-06-03 08:11:03 -04:00
Dan Stark
da2c918195 Fixes typos in error message and comment for AWS auth CLI (#2798) 2017-06-02 17:35:25 -07:00
Brian Kassouf
4c9ea2ec7c changelog++ 2017-06-01 15:24:27 -07:00
Igor Katson
32c7efe7ca Add max_parallel parameter to MySQL backend. (#2760) 
* Add max_parallel parameter to MySQL backend.

This limits the number of concurrent connections, so that vault does not die
suddenly from "Too many connections".

This can happen when e.g. vault starts up, and tries to load all the
existing leases in parallel. At the time of writing this, the value
ExpirationRestoreWorkerCount in vault/helper/consts/const.go is set to
64, meaning that if there are enough leases in the vault's DB, it will
generate AT LEAST 64 concurrent connections to MySQL when loading the
data during start-up. On certain configurations, e.g. smaller AWS
RDS/Aurora instances, this will cause Vault to fail startup.

* Fix a typo in mysql storage readme
 2017-06-01 15:20:32 -07:00