mirrors/vault
1
0
Fork 0
mirror of https://github.com/hashicorp/vault.git synced 2025-09-07 23:11:10 +02:00
Code Issues Projects Releases Wiki Activity
7,782 Commits 2,846 Branches 446 Tags
Commit Graph

7782 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
vishalnayak
65eff4ea60 Handle upgrade of deprecated fields in token entry 2016-09-26 15:47:48 -04:00
Jeff Mitchell
9e68c5ebf6 Update getting started docs since root can no longer be used from github 2016-09-26 13:09:26 -04:00
Seth Vargo
e8d6b72c77 Update middleman-hashicorp (#1922) 2016-09-26 12:40:48 -04:00
vishalnayak
af8dd75362 changelog++ 2016-09-26 10:49:59 -04:00
Vishal Nayak
92cb781be9 Merge pull request #1910 from hashicorp/secret-id-cidr-list 
CIDR restrictions on Secret ID
 2016-09-26 10:22:48 -04:00
Jeff Mitchell
273cb3c512 Add information about accessors to the token concepts page. 
Fixes #1918
 2016-09-26 10:18:38 -04:00
vishalnayak
a8627936e6 changelog++ 2016-09-26 10:10:00 -04:00
Vishal Nayak
a31ab07615 Merge pull request #1920 from legal90/fix-approle-delete 
Fix panic on deleting the AppRole which doesn't exist
 2016-09-26 10:05:33 -04:00
Mikhail Zholobov
9667cd9377
Fix panic on deleting the AppRole which doesn't exist 
#pathRoleDelete should return silently if the specified  AppRole doesn't exist
Fixes GH-1919
 2016-09-26 16:55:08 +03:00
vishalnayak
c94415d824 Address review feedback from @jefferai 2016-09-26 09:53:24 -04:00
vishalnayak
a83acd402e Update docs to contain bound_iam_role_arn 2016-09-26 09:37:38 -04:00
vishalnayak
2bd8903cf4 Implemented bound_iam_role_arn constraint 2016-09-23 21:35:36 -04:00
John
380bbfca36 tip to override VAULT_ADDR in getting started guide (#1915) 2016-09-23 19:34:07 -04:00
Jim Weber
eebd592f78 Getting role name from the creds path used in revocation 2016-09-23 16:57:08 -04:00
Jim Weber
f56f0b174c secretCredsRevoke command no longer uses hardcoded query 
The removal of a user from the db is now handled similar to the
creation. The SQL is read out of a key from the role and then executed
with values substituted for username.
 2016-09-23 16:05:49 -04:00
Jim Weber
235d67e451 Added support for a revokeSQL key value pair to the role 2016-09-23 16:00:23 -04:00
Jeff Mitchell
721d103f68 Fix parsing env var, needed to be in the helper too 2016-09-23 13:20:26 -04:00
vishalnayak
9dd1a3ce95 Fix zeroAddr check 2016-09-23 12:50:26 -04:00
Jeff Mitchell
c269538621 changelog++ 2016-09-23 12:33:26 -04:00
Jeff Mitchell
bba2ea63f1 Don't use time.Time in responses. (#1912) 
This fixes #1911 but not directly; it doesn't address the cause of the
panic. However, it turns out that this is the correct fix anyways,
because it ensures that the value being logged is RFC3339 format, which
is what the time turns into in JSON but not the normal time string
value, so what we audit log (and HMAC) matches what we are returning.
 2016-09-23 12:32:07 -04:00
vishalnayak
0d79363b1d Update website for bound_iam_instance_profile_arn 2016-09-23 11:23:59 -04:00
vishalnayak
0b233b3fa1 Fix incorrect naming of bound_iam_instance_profile_arn 2016-09-23 11:22:23 -04:00
Evan Phoenix
d5038f34b0 Advertise the cluster_(id|name) in the Scada handshake (#1906) 2016-09-23 10:55:51 -04:00
vishalnayak
7b8683585b Address review feedback 2016-09-22 18:07:35 -04:00
Jeff Mitchell
0358a4b161 Use VAULT_LOG_FORMAT as an analogue to LOGXI_FORMAT 2016-09-22 17:22:02 -04:00
vishalnayak
fb2f7f27ba Fix ssh tests 2016-09-22 11:37:55 -04:00
vishalnayak
47771e7da3 Use net.IPv4zero to check for zero address 2016-09-21 20:29:33 -04:00
vishalnayak
8ce3fa75ba Store the CIDR list in the secret ID storage entry. 
Use the stored information to validate the source address and credential issue time.
Correct the logic used to verify BoundCIDRList on the role.
Reverify the subset requirements between secret ID and role during credential issue time.
 2016-09-21 20:19:26 -04:00
vishalnayak
7f89bb5f68 Pass only valid inputs to validation methods 2016-09-21 15:44:54 -04:00
Jeff Mitchell
f62f53a09f Add missing dep 2016-09-21 14:02:35 -04:00
Jeff Mitchell
2ffc6949c0 Make HA in etcd off by default. (#1909) 
Fixes #1908

(Doesn't really "fix" it but someone from the community needs to step up
if they want to see this fixed.)
 2016-09-21 14:01:36 -04:00
vishalnayak
c93bded97b Added cidrutil helper 2016-09-21 13:58:32 -04:00
Jeff Mitchell
e618e8ae5c changelog++ 2016-09-21 13:50:07 -04:00
Jeff Mitchell
902067d620 Ensure upgrades have a valid HMAC key 2016-09-21 11:10:57 -04:00
Jeff Mitchell
8482118ac6 Transit and audit enhancements 2016-09-21 10:49:26 -04:00
Jeff Mitchell
425a07ce87 Update docs to reflect that there is more than one constraint for EC2 now 2016-09-20 16:11:32 -04:00
Jeff Mitchell
ce7680022b Force tls_disable on scada connection inside outer TLS connection as it's not currently supported anyways 2016-09-20 14:56:16 -04:00
Chris Hoffman
cd567eb480 Renaming ttl_max -> max_ttl in mssql backend (#1905) 2016-09-20 12:39:02 -04:00
Carlo Cabanilla
15001218e3 fix shell quoting (#1904) 
$() doesnt get evaluated in single quotes, so you need to break out of it first
 2016-09-19 17:11:16 -04:00
Jeff Mitchell
67622fa4b8 changelog++ 2016-09-19 13:03:03 -04:00
Jeff Mitchell
9f9f8fc559 Merge branch 'master' of https://github.com/hashicorp/vault into master-oss 2016-09-19 13:02:30 -04:00
Jeff Mitchell
01ffc31c88 Follow Vault convention on DELETE being idempotent (#1903) 
* Follow Vault convention on `DELETE` being idempotent with
audit/auth/mounts deletes (a.k.a. disabling/unmounting).
 2016-09-19 13:02:25 -04:00
Jeff Mitchell
fe1b8f9bff Fix formatting 2016-09-19 13:00:50 -04:00
Jeff Mitchell
a6e0ef2888 Bump to newer middleman-hashicorp 2016-09-19 12:42:35 -04:00
Jeff Mitchell
8a9df17b93 Update website docs to indicate sudo being required for auth/audit 
endpoints.
 2016-09-19 12:10:08 -04:00
Vishal Nayak
ee22bb4f29 Merge pull request #1897 from hashicorp/secret-id-accessor-locks 
Safely manipulate secret id accessors
 2016-09-19 11:37:38 -04:00
Jeff Mitchell
bae8164b10 changelog++ 2016-09-19 09:41:01 -04:00
vishalnayak
c44f1c9817 s/GetOctalFormatted/GetHexFormatted 2016-09-16 17:47:15 -04:00
Jeff Mitchell
b6eabd1ec3 Fix website display of tune paths 2016-09-16 12:03:50 -04:00
Jeff Mitchell
6f6d1f7237 Rename GetOctalFormatted and add serial number to ParsedCertBundle. Basically a noop. 2016-09-16 11:05:43 -04:00