mirrors/vault
1
0
Fork 0
mirror of https://github.com/hashicorp/vault.git synced 2025-09-12 01:11:07 +02:00
Code Issues Projects Releases Wiki Activity
7,782 Commits 2,847 Branches 448 Tags
Commit Graph

7782 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Jeff Mitchell
f3f30022d0 Add forced revocation. 
In some situations, it can be impossible to revoke leases (for instance,
if someone has gone and manually removed users created by Vault). This
can not only cause Vault to cycle trying to revoke them, but it also
prevents mounts from being unmounted, leaving them in a tainted state
where the only operations allowed are to revoke (or rollback), which
will never successfully complete.

This adds a new endpoint that works similarly to `revoke-prefix` but
ignores errors coming from a backend upon revocation (it does not ignore
errors coming from within the expiration manager, such as errors
accessing the data store). This can be used to force Vault to abandon
leases.

Like `revoke-prefix`, this is a very sensitive operation and requires
`sudo`. It is implemented as a separate endpoint, rather than an
argument to `revoke-prefix`, to ensure that control can be delegated
appropriately, as even most administrators should not normally have
this privilege.

Fixes #1135
 2016-03-03 10:13:59 -05:00
Chris Hoffman
ed5ca17b57 Adding mssql secret backend 2016-03-03 09:19:17 -05:00
Jeff Mitchell
f88c6c16db Remove proxy function as it's unneeded now 2016-03-02 14:55:51 -05:00
Jeff Mitchell
21e3bca540 Merge pull request #1163 from hashicorp/mux-cleanup 
Remove sys_policy from special handling as it's implemented in
 2016-03-02 14:48:30 -05:00
Jeff Mitchell
f85c3f48af Remove sys_policy from special handling as it's implemented in 
logical_system too. Clean up the mux handlers.
 2016-03-02 14:16:54 -05:00
Jeff Mitchell
46a71bd648 Add a sleep in the RedirectStandby test to try to fix raciness 2016-03-02 12:06:16 -05:00
Jeff Mitchell
278b4f9f8a changelog++ 2016-03-02 12:05:16 -05:00
Jeff Mitchell
37ea7d9910 Merge pull request #1162 from hashicorp/dev-root-id 
Allow specifying an initial root token ID in dev mode.
 2016-03-02 12:04:25 -05:00
Jeff Mitchell
c19641887d Allow specifying an initial root token ID in dev mode. 
Ping #1160
 2016-03-02 12:03:26 -05:00
Jeff Mitchell
e7f4100437 changelog++ 2016-03-01 20:27:08 -05:00
Jeff Mitchell
08ce2b9c16 Merge pull request #1156 from hashicorp/renew-self-CLI 
Allow `token-renew` to not be given a token; it will then use the
 2016-03-01 20:26:02 -05:00
Jeff Mitchell
143d876c99 Address review feedback 2016-03-01 20:25:40 -05:00
vishalnayak
8f728f8ed3 changelog++ 2016-03-01 17:18:20 -05:00
Jeff Mitchell
e776599315 changelog++ 2016-03-01 17:12:14 -05:00
Jeff Mitchell
c3a70bc1bf Allow token-renew to not be given a token; it will then use the 
renew-self endpoint. Otherwise it will use the renew endpoint, even if
the token matches the client token.

Adds an -increment flag to allow increments even with no token passed
in.

Fixes #1150
 2016-03-01 17:02:48 -05:00
Vishal Nayak
6e910095ce Merge pull request #1153 from hashicorp/cert-non-ca-fix 
Non-CA cert registration to the cert backend
 2016-03-01 16:56:59 -05:00
vishalnayak
4d5634528c continue if non-CA policy is not found 2016-03-01 16:43:51 -05:00
vishalnayak
86df49b992 Added ExtKeyUsageAny, changed big.Int comparison and fixed code flow 2016-03-01 16:37:01 -05:00
vishalnayak
d8213e8094 corrections, policy matching changes and test cert changes 2016-03-01 16:37:01 -05:00
vishalnayak
9e610f6417 Added testcase for cert writes 2016-03-01 16:37:01 -05:00
vishalnayak
c506988cde supporting non-ca certs for verification 2016-03-01 16:37:01 -05:00
Jeff Mitchell
88348ec798 Address first round of feedback 2016-03-01 15:30:37 -05:00
Jeff Mitchell
6e8033b5bd Update token documentation 2016-03-01 14:00:52 -05:00
Jeff Mitchell
42501e388b Add command and token store documentation for roles 2016-03-01 13:02:40 -05:00
Jeff Mitchell
5883848f60 Add other token role unit tests and some minor other changes. 2016-03-01 12:41:41 -05:00
Jeff Mitchell
8be467a31a Update tests to add expected role parameters 2016-03-01 12:41:40 -05:00
Jeff Mitchell
c5c2c2362b Add token role CRUD tests 2016-03-01 12:41:40 -05:00
Jeff Mitchell
c1677c0b55 Initial work on token roles 2016-03-01 12:41:40 -05:00
vishalnayak
01d61f6f0c fix typo 2016-03-01 11:48:17 -05:00
Vishal Nayak
1a8fc05a80 Merge pull request #1154 from hashicorp/ssh-docs-fix 
zeroaddress documentation fix
 2016-03-01 11:22:45 -05:00
vishalnayak
8feae7eb1f removed datatype and corrected a sentense 2016-03-01 11:21:29 -05:00
vishalnayak
a40e0fc8d4 zeroaddress documentation fix 2016-03-01 10:57:00 -05:00
Jeff Mitchell
d986685200 Fix commenting 2016-02-29 20:29:04 -05:00
vishalnayak
9fbfd1aff2 moved the test cert keys to appropriate test-fixtures folder 2016-02-29 15:49:08 -05:00
Jeff Mitchell
404a7fafff Don't spawn consul servers when testing unless it's an acceptance test 2016-02-29 14:58:06 -05:00
Jeff Mitchell
581d2cfee0 Don't run transit fuzzing if not during acceptance tests 2016-02-29 14:44:04 -05:00
Jeff Mitchell
a86c1ba264 Only run PKI backend setup functions when TF_ACC is set 2016-02-29 14:41:14 -05:00
Jeff Mitchell
2a347d2eb4 Merge branch 'master' into step-down 2016-02-29 11:02:09 -05:00
Vishal Nayak
3def72260d Merge pull request #1152 from hashicorp/cert-tests-fix 
tls backend: replaced test certs and disabled InsecureSkipVerify
 2016-02-29 10:41:55 -05:00
vishalnayak
b3d639a29f fixed the error log message 2016-02-29 10:41:10 -05:00
Jeff Mitchell
d0ec85f4ba Update doc, it's now 10 seconds 2016-02-29 10:09:11 -05:00
vishalnayak
61718f0b58 delete old certs 2016-02-28 22:21:45 -05:00
vishalnayak
48f3f4b5d0 replaced old certs, with new certs generated from PKI backend, containing IP SANs 2016-02-28 22:15:54 -05:00
Jeff Mitchell
ef4466d6d3 Address review feedback 2016-02-28 21:51:50 -05:00
Jeff Mitchell
6b0c692385 Provide 'sys/step-down' and 'vault step-down' 
This endpoint causes the node it's hit to step down from active duty.
It's a noop if the node isn't active or not running in HA mode. The node
will wait one second before attempting to reacquire the lock, to give
other nodes a chance to grab it.

Fixes #1093
 2016-02-26 19:43:55 -05:00
vishalnayak
9394e5f212 fix api tests 2016-02-26 17:01:40 -05:00
Jeff Mitchell
30be5da0bb Fix tests 2016-02-26 16:44:35 -05:00
Jeff Mitchell
80df3c7a37 changelog++ 2016-02-26 15:28:12 -05:00
Jeff Mitchell
d4cd60a4f6 Merge pull request #1144 from hashicorp/fix-cassandra-displayName-hyphens 
Apply hyphen/underscore replacement across the entire username.
 2016-02-26 15:27:20 -05:00
Jeff Mitchell
1f3b089a49 Apply hyphen/underscore replacement across the entire username. 
Handles app-id generated display names.

Fixes #1140
 2016-02-26 15:26:23 -05:00