mirrors/vault
1
0
Fork 0
mirror of https://github.com/hashicorp/vault.git synced 2025-08-20 22:21:09 +02:00
Code Issues Projects Releases Wiki Activity
3,573 Commits 2,844 Branches 445 Tags
Commit Graph

183 Commits

Author SHA1 Message Date
Jeff Mitchell
d3f1176e03 Switch our tri-copy ca loading code to go-rootcerts 2016-05-03 12:23:25 -04:00
Jeff Mitchell
b44d2c01c0 Use UseNumber() on json.Decoder to have numbers be json.Number objects 
instead of float64. This fixes some display bugs.
 2016-04-20 18:38:20 +00:00
Adam Shannon
e0df8e9e88 all: Cleanup from running go vet 2016-04-13 14:38:29 -05:00
Jeff Mitchell
254023f55c Remove RevokePrefix from the API too as we simply do not support it any 
longer.
 2016-04-05 11:00:12 -04:00
Jeff Mitchell
ab93e3aa63 SealInterface 2016-04-04 10:44:22 -04:00
vishalnayak
f97b2e5648 Enable callbacks for handling logical.Request changes before processing requests 2016-03-17 22:29:53 -04:00
vishalnayak
aa0cef3564 Fixed capabilities API to receive logical response 2016-03-17 21:03:32 -04:00
vishalnayak
b812ea1203 Refactoring the capabilities function 2016-03-17 21:03:32 -04:00
vishalnayak
bac4fe0799 Rename id to path and path to file_path, print audit backend paths 2016-03-14 17:15:07 -04:00
Vishal Nayak
640b3b25c5 Merge pull request #1201 from hashicorp/accessor-cli-flags 
Accessor CLI flags
 2016-03-11 09:55:45 -05:00
vishalnayak
f8749bcbdd Restore RevokeSelf API 2016-03-11 06:30:45 -05:00
vishalnayak
1612dfaa1f Added accessor flag to token-revoke CLI 2016-03-10 21:21:20 -05:00
vishalnayak
82a9fa86ad Add accessor flag to token-lookup command and add lookup-accessor client API 2016-03-10 21:21:20 -05:00
Seth Vargo
d88b83d212 Validate HCL for SSHHelper too 2016-03-10 16:47:46 -05:00
Jeff Mitchell
8b6df2a1a4 Merge branch 'master' into token-roles 2016-03-09 17:23:34 -05:00
Jeff Mitchell
2a698c7786 Merge pull request #1168 from hashicorp/revoke-force 
Add forced revocation.
 2016-03-09 16:59:52 -05:00
vishalnayak
2a35de81dc AccessorID --> Accessor, accessor_id --> accessor 2016-03-09 06:23:31 -05:00
vishalnayak
38a5d75caa Introduced AccessorID in TokenEntry and returning it along with token 2016-03-08 14:06:10 -05:00
Jeff Mitchell
c4124bc40a Merge branch 'master' into token-roles 2016-03-07 10:03:54 -05:00
vishalnayak
7f832f22aa refactoring changes due to acl.Capabilities 2016-03-04 18:55:48 -05:00
vishalnayak
a7cfc9cc7a Removing the 'Message' field 2016-03-04 10:36:03 -05:00
vishalnayak
f00261785a Handled root token use case 2016-03-04 10:36:03 -05:00
vishalnayak
ed3e2c6c05 Added sys/capabililties endpoint 2016-03-04 10:36:02 -05:00
Jeff Mitchell
5f0beb7330 Create a unified function to sanitize mount paths. 
This allows mount paths to start with '/' in addition to ensuring they
end in '/' before leaving the system backend.
 2016-03-03 13:13:47 -05:00
Jeff Mitchell
a520728263 Merge pull request #1146 from hashicorp/step-down 
Provide 'sys/step-down' and 'vault step-down'
 2016-03-03 12:30:08 -05:00
Jeff Mitchell
f3f30022d0 Add forced revocation. 
In some situations, it can be impossible to revoke leases (for instance,
if someone has gone and manually removed users created by Vault). This
can not only cause Vault to cycle trying to revoke them, but it also
prevents mounts from being unmounted, leaving them in a tainted state
where the only operations allowed are to revoke (or rollback), which
will never successfully complete.

This adds a new endpoint that works similarly to `revoke-prefix` but
ignores errors coming from a backend upon revocation (it does not ignore
errors coming from within the expiration manager, such as errors
accessing the data store). This can be used to force Vault to abandon
leases.

Like `revoke-prefix`, this is a very sensitive operation and requires
`sudo`. It is implemented as a separate endpoint, rather than an
argument to `revoke-prefix`, to ensure that control can be delegated
appropriately, as even most administrators should not normally have
this privilege.

Fixes #1135
 2016-03-03 10:13:59 -05:00
Jeff Mitchell
5883848f60 Add other token role unit tests and some minor other changes. 2016-03-01 12:41:41 -05:00
Jeff Mitchell
c1677c0b55 Initial work on token roles 2016-03-01 12:41:40 -05:00
vishalnayak
9fbfd1aff2 moved the test cert keys to appropriate test-fixtures folder 2016-02-29 15:49:08 -05:00
Jeff Mitchell
2a347d2eb4 Merge branch 'master' into step-down 2016-02-29 11:02:09 -05:00
vishalnayak
48f3f4b5d0 replaced old certs, with new certs generated from PKI backend, containing IP SANs 2016-02-28 22:15:54 -05:00
Jeff Mitchell
6b0c692385 Provide 'sys/step-down' and 'vault step-down' 
This endpoint causes the node it's hit to step down from active duty.
It's a noop if the node isn't active or not running in HA mode. The node
will wait one second before attempting to reacquire the lock, to give
other nodes a chance to grab it.

Fixes #1093
 2016-02-26 19:43:55 -05:00
vishalnayak
9394e5f212 fix api tests 2016-02-26 17:01:40 -05:00
Robert M. Thomson
b906f22fe9 Add VAULT_TLS_SERVER_NAME environment variable 
If specified, verify a specific server name during TLS negotiation
rather than the server name in the URL.
 2016-02-25 17:28:49 +01:00
vishalnayak
26cdd93088 Use tls_skip_verify in vault-ssh-helper 2016-02-23 17:32:49 -05:00
vishalnayak
1e4ee603a7 ssh-helper api changes 2016-02-23 00:16:00 -05:00
Jeff Mitchell
58a2c4d9a0 Return status for rekey/root generation at init time. This mitigates a 
(very unlikely) potential timing attack between init-ing and fetching
status.

Fixes #1054
 2016-02-12 14:24:36 -05:00
Jeff Mitchell
37a63e6e40 Add some documentation to the API revoke functions 2016-02-03 11:42:13 -05:00
Paul Hinze
1f78f07d7b Parse and return MountConfigOutput from API 
When working on the Terraform / Vault integration I came across the fact
that `Sys().MountConfig(...)` didn't seem to return a response struct,
even though it's a `GET` method.

Looks like just a simple oversight to me. This fix does break API BC,
but the method had no use without its return value so I feel like that's
probably a mitigating factor.
 2016-02-02 17:11:05 -06:00
Jeff Mitchell
a80481792e Fix up unit tests to expect new values 2016-01-29 19:36:56 -05:00
Jeff Mitchell
2613343c3d Updates and documentation 2016-01-22 10:07:32 -05:00
Jeff Mitchell
41332a692b Fix body closing in List method 2016-01-22 10:07:32 -05:00
Jeff Mitchell
4b67fd139f Add list capability, which will work with the generic and cubbyhole 
backends for the moment. This is pretty simple; it just adds the actual
capability to make a list call into both the CLI and the HTTP handler.
The real meat was already in those backends.
 2016-01-22 10:07:32 -05:00
Jeff Mitchell
e9538f1441 RootGeneration->GenerateRoot 2016-01-19 18:28:10 -05:00
Jeff Mitchell
4cc7694a3a Add the ability to generate root tokens via unseal keys. 2016-01-19 18:28:10 -05:00
Jeff Mitchell
1c9b00524f Use an array of keys so that if the same fingerprint is used none are lost when using PGP key backup 2016-01-08 14:29:23 -05:00
Jeff Mitchell
839b804e43 Some minor rekey backup fixes 2016-01-08 14:09:40 -05:00
Jeff Mitchell
027c84c62a Add rekey nonce/backup. 2016-01-06 09:54:35 -05:00
Nicki Watt
05c9e5b5ad Make token-lookup functionality available via Vault CLI 2015-12-29 20:18:59 +00:00
Nicki Watt
9db5180803 Corrected HTTP Method for api.TokenAuth.LookupSelf() method 2015-12-28 00:05:15 +00:00