mirrors/vault
1
0
Fork 0
mirror of https://github.com/hashicorp/vault.git synced 2025-08-14 10:37:00 +02:00
Code Issues Projects Releases Wiki Activity
10,305 Commits 2,842 Branches 445 Tags 448 MiB
9be1128201
Commit Graph

437 Commits

Author SHA1 Message Date
Jeff Mitchell
7c4e5a775c Fix breakage for HTTP2 support due to changes in wrapping introduced in 1.8 (#2412) 2017-02-27 12:49:35 -05:00
Jeff Mitchell
615945a6b0 Move http-using API tests into http package 2017-02-24 14:23:21 -05:00
Jeff Mitchell
513f8b918d Add WithOptions methods to audit/auth enabling (#2383) 2017-02-16 11:37:27 -05:00
Jason Felice
0a1e7a7be4 ConfigureTLS() sets default HttpClient if nil (#2329) 2017-02-06 17:47:56 -05:00
Jeff Mitchell
ac0f45e45c Add nonce to unseal to allow seeing if the operation has reset (#2276) 2017-01-17 11:47:06 -05:00
Vishal Nayak
20fabef08b Use Vault client's scheme for auto discovery (#2146) 2016-12-02 11:24:57 -05:00
Jeff Mitchell
77d804e483 Better handle nil responses in logical unwrap 2016-12-01 16:38:08 -05:00
Jeff Mitchell
b7c655f45c Fix panic when unwrapping if the server EOFs 2016-11-29 16:50:07 -05:00
Jeff Mitchell
d9f97198bd Set number of pester retries to zero by default and make seal command… (#2093) 
* Set number of pester retries to zero by default and make seal command return 403 if unauthorized instead of 500

* Fix build

* Use 403 instead and update test

* Change another 500 to 403
 2016-11-16 14:08:09 -05:00
Jeff Mitchell
c7ca7aef0a Fix unwrap CLI command when there is no client token set. (#2077) 2016-11-08 11:36:15 -05:00
Jeff Mitchell
57870f7f05 change api so if wrapping token is the same as the client token it doesn't set it in the body 2016-10-27 12:15:30 -04:00
Jeff Mitchell
94ca45b121 Fix NOT logical bug. 
Ping #2014
 2016-10-18 09:51:45 -04:00
Jeff Mitchell
60deff1bad Wrapping enhancements (#1927) 2016-09-28 21:01:28 -07:00
Jeff Mitchell
c748ff322f Change default TTL from 30 to 32 to accommodate monthly operations (#1942) 2016-09-28 18:32:49 -04:00
Jeff Mitchell
941b066780 Add support for PGP encrypting the initial root token. (#1883) 2016-09-13 18:42:24 -04:00
Jeff Mitchell
47aafa6ee1 Reinstate the token parameter to api.RevokeSelf to avoid breaking compatibility 2016-09-13 11:03:05 -04:00
Jeff Mitchell
75f792b27e Add response wrapping to list operations (#1814) 2016-09-02 01:13:14 -04:00
Evan Gilman
d7a139ce4f Add golang api method for creating orphan tokens (#1834) 2016-09-01 15:39:44 -04:00
Jeff Mitchell
f447d21a72 Don't allow tokens in paths. (#1783) 2016-08-24 15:59:43 -04:00
markrzasa
6089d7f2d6 allow a TLS server name to be configured for SSH agents (#1720) 2016-08-23 22:06:56 -04:00
Jeff Mitchell
ed48b008ce Provide base64 keys in addition to hex encoded. (#1734) 
* Provide base64 keys in addition to hex encoded.

Accept these at unseal/rekey time.

Also fix a bug where backup would not be honored when doing a rekey with
no operation currently ongoing.
 2016-08-15 16:01:15 -04:00
Jeff Mitchell
92cb23fc85 Restore compatibility with pre-0.6.1 servers for CLI/Go API calls 2016-08-14 14:52:45 -04:00
Jeff Mitchell
146cdc69eb Add periodic support for root/sudo tokens to auth/token/create 2016-08-12 21:14:12 -04:00
Jeff Mitchell
2a0f946f6b Don't retry on redirections. 2016-08-12 15:13:42 -04:00
vishalnayak
b01a4ff1cb Use default config and read environment by default while creating client object 2016-08-12 11:37:13 -04:00
Jeff Mitchell
558ba440d4 Merge pull request #1699 from hashicorp/dataonly 
Return sys values in top level normal api.Secret
 2016-08-09 07:17:02 -04:00
Jeff Mitchell
7f13c4bcff Add ability to specify renew lease ID in POST body. 2016-08-08 18:00:44 -04:00
Jeff Mitchell
593954d40c Fix tests and update mapstructure 2016-08-08 16:00:31 -04:00
Alex Dadgar
bcf98fa8d6 Merge pull request #1682 from hashicorp/f-refactor-tls-config 
Refactor the TLS configuration between meta.Client and the api.Config
 2016-08-02 13:35:37 -07:00
Alex Dadgar
881d67e2fd Address comments 2016-08-02 13:17:45 -07:00
vishalnayak
8f1ccc6eff Add cluster information to 'vault status' 2016-07-29 14:13:53 -04:00
vishalnayak
5c38276598 Added Vault version informationto the 'status' command 2016-07-28 17:37:35 -04:00
Alex Dadgar
5fccb9a83e Refactor the TLS configuration between meta.Client and the api.Config 2016-07-27 17:26:26 -07:00
Jeff Mitchell
1109936700 Plumb request UUID through the API 2016-07-27 09:25:04 -04:00
vishalnayak
d22204914d Add service discovery to init command 2016-07-21 16:17:29 -04:00
Vishal Nayak
4e5c3631f4 Merge pull request #1583 from hashicorp/ssh-allowed-roles 
Add allowed_roles to ssh-helper-config and return role name from verify call
 2016-07-19 12:04:12 -04:00
vishalnayak
5b458db104 Merge branch 'master-oss' into json-use-number 
Conflicts:
	http/handler.go
	logical/framework/field_data.go
	logical/framework/wal.go
	vault/logical_passthrough.go
 2016-07-15 19:21:55 -04:00
Jeff Mitchell
478f420912 Migrate number of retries down by one to have it be max retries, not tries 2016-07-11 21:57:14 +00:00
Jeff Mitchell
7129fd5785 Switch to pester from go-retryablehttp to avoid swallowing 500 error messages 2016-07-11 21:37:46 +00:00
Jeff Mitchell
60df9d3461 Make the API client retry on 5xx errors. 
This should help with transient issues. Full control over min/max delays
and number of retries (and ability to turn off) is provided in the API
and via env vars.

Fix tests.
 2016-07-06 16:50:23 -04:00
vishalnayak
ef97199360 Added JSON Decode and Encode helpers. 
Changed all the occurances of Unmarshal to use the helpers.
Fixed http/ package tests.
 2016-07-06 12:25:40 -04:00
vishalnayak
b632ef58e4 Add allowed_roles to ssh-helper-config and return role name from verify call 2016-07-05 11:14:29 -04:00
vishalnayak
efaffa8f55 Added 'sys/auth/<path>/tune' endpoints. 
Displaying 'Default TTL' and 'Max TTL' in the output of 'vault auth -methods'
 2016-06-15 13:58:24 -04:00
Jeff Mitchell
47dc1ccd25 Add token accessor to wrap information if one exists 2016-06-13 23:58:17 +00:00
Jeff Mitchell
15a40fdde5 Add explicit max TTL capability to token creation API 2016-06-08 14:49:48 -04:00
Jeff Mitchell
517571c04a Add renewable flag and API setting for token creation 2016-06-08 11:14:30 -04:00
Jeff Mitchell
8dffc64388 Use time.Time which does RFC3339 across the wire to handle time zones. Arguably we should change the API to always do this... 2016-06-07 16:01:09 -04:00
Jeff Mitchell
91053b7471 Add creation time to returned wrapped token info 
This makes it easier to understand the expected lifetime without a
lookup call that uses the single use left on the token.

This also adds a couple of safety checks and for JSON uses int, rather
than int64, for the TTL for the wrapped token.
 2016-06-07 15:00:35 -04:00
Jeff Mitchell
6a2ad76035 Make Unwrap a first-party API command and refactor UnwrapCommand to use it 2016-05-27 21:04:30 +00:00
Jeff Mitchell
810e914730 Add unwrap test function and some robustness around paths for the wrap lookup function 2016-05-19 11:49:46 -04:00
Jeff Mitchell
b626bfa725 Address most review feedback. Change responses to multierror to better return more useful values when there are multiple errors 2016-05-16 16:11:33 -04:00
Jeff Mitchell
fd67b15bb0 Add more tests 2016-05-07 21:08:13 -04:00
Jeff Mitchell
a110f6cae6 Merge branch 'master-oss' into cubbyhole-the-world 2016-05-04 14:42:14 -04:00
Jeff Mitchell
d3f1176e03 Switch our tri-copy ca loading code to go-rootcerts 2016-05-03 12:23:25 -04:00
Jeff Mitchell
ff4dc0b853 Add wrap support to API/CLI 2016-05-02 02:03:23 -04:00
Jeff Mitchell
b44d2c01c0 Use UseNumber() on json.Decoder to have numbers be json.Number objects 
instead of float64. This fixes some display bugs.
 2016-04-20 18:38:20 +00:00
Adam Shannon
e0df8e9e88 all: Cleanup from running go vet 2016-04-13 14:38:29 -05:00
Jeff Mitchell
254023f55c Remove RevokePrefix from the API too as we simply do not support it any 
longer.
 2016-04-05 11:00:12 -04:00
Jeff Mitchell
ab93e3aa63 SealInterface 2016-04-04 10:44:22 -04:00
vishalnayak
f97b2e5648 Enable callbacks for handling logical.Request changes before processing requests 2016-03-17 22:29:53 -04:00
vishalnayak
aa0cef3564 Fixed capabilities API to receive logical response 2016-03-17 21:03:32 -04:00
vishalnayak
b812ea1203 Refactoring the capabilities function 2016-03-17 21:03:32 -04:00
vishalnayak
bac4fe0799 Rename id to path and path to file_path, print audit backend paths 2016-03-14 17:15:07 -04:00
Vishal Nayak
640b3b25c5 Merge pull request #1201 from hashicorp/accessor-cli-flags 
Accessor CLI flags
 2016-03-11 09:55:45 -05:00
vishalnayak
f8749bcbdd Restore RevokeSelf API 2016-03-11 06:30:45 -05:00
vishalnayak
1612dfaa1f Added accessor flag to token-revoke CLI 2016-03-10 21:21:20 -05:00
vishalnayak
82a9fa86ad Add accessor flag to token-lookup command and add lookup-accessor client API 2016-03-10 21:21:20 -05:00
Seth Vargo
d88b83d212 Validate HCL for SSHHelper too 2016-03-10 16:47:46 -05:00
Jeff Mitchell
8b6df2a1a4 Merge branch 'master' into token-roles 2016-03-09 17:23:34 -05:00
Jeff Mitchell
2a698c7786 Merge pull request #1168 from hashicorp/revoke-force 
Add forced revocation.
 2016-03-09 16:59:52 -05:00
vishalnayak
2a35de81dc AccessorID --> Accessor, accessor_id --> accessor 2016-03-09 06:23:31 -05:00
vishalnayak
38a5d75caa Introduced AccessorID in TokenEntry and returning it along with token 2016-03-08 14:06:10 -05:00
Jeff Mitchell
c4124bc40a Merge branch 'master' into token-roles 2016-03-07 10:03:54 -05:00
vishalnayak
7f832f22aa refactoring changes due to acl.Capabilities 2016-03-04 18:55:48 -05:00
vishalnayak
a7cfc9cc7a Removing the 'Message' field 2016-03-04 10:36:03 -05:00
vishalnayak
f00261785a Handled root token use case 2016-03-04 10:36:03 -05:00
vishalnayak
ed3e2c6c05 Added sys/capabililties endpoint 2016-03-04 10:36:02 -05:00
Jeff Mitchell
5f0beb7330 Create a unified function to sanitize mount paths. 
This allows mount paths to start with '/' in addition to ensuring they
end in '/' before leaving the system backend.
 2016-03-03 13:13:47 -05:00
Jeff Mitchell
a520728263 Merge pull request #1146 from hashicorp/step-down 
Provide 'sys/step-down' and 'vault step-down'
 2016-03-03 12:30:08 -05:00
Jeff Mitchell
f3f30022d0 Add forced revocation. 
In some situations, it can be impossible to revoke leases (for instance,
if someone has gone and manually removed users created by Vault). This
can not only cause Vault to cycle trying to revoke them, but it also
prevents mounts from being unmounted, leaving them in a tainted state
where the only operations allowed are to revoke (or rollback), which
will never successfully complete.

This adds a new endpoint that works similarly to `revoke-prefix` but
ignores errors coming from a backend upon revocation (it does not ignore
errors coming from within the expiration manager, such as errors
accessing the data store). This can be used to force Vault to abandon
leases.

Like `revoke-prefix`, this is a very sensitive operation and requires
`sudo`. It is implemented as a separate endpoint, rather than an
argument to `revoke-prefix`, to ensure that control can be delegated
appropriately, as even most administrators should not normally have
this privilege.

Fixes #1135
 2016-03-03 10:13:59 -05:00
Jeff Mitchell
5883848f60 Add other token role unit tests and some minor other changes. 2016-03-01 12:41:41 -05:00
Jeff Mitchell
c1677c0b55 Initial work on token roles 2016-03-01 12:41:40 -05:00
vishalnayak
9fbfd1aff2 moved the test cert keys to appropriate test-fixtures folder 2016-02-29 15:49:08 -05:00
Jeff Mitchell
2a347d2eb4 Merge branch 'master' into step-down 2016-02-29 11:02:09 -05:00
vishalnayak
48f3f4b5d0 replaced old certs, with new certs generated from PKI backend, containing IP SANs 2016-02-28 22:15:54 -05:00
Jeff Mitchell
6b0c692385 Provide 'sys/step-down' and 'vault step-down' 
This endpoint causes the node it's hit to step down from active duty.
It's a noop if the node isn't active or not running in HA mode. The node
will wait one second before attempting to reacquire the lock, to give
other nodes a chance to grab it.

Fixes #1093
 2016-02-26 19:43:55 -05:00
vishalnayak
9394e5f212 fix api tests 2016-02-26 17:01:40 -05:00
Robert M. Thomson
b906f22fe9 Add VAULT_TLS_SERVER_NAME environment variable 
If specified, verify a specific server name during TLS negotiation
rather than the server name in the URL.
 2016-02-25 17:28:49 +01:00
vishalnayak
26cdd93088 Use tls_skip_verify in vault-ssh-helper 2016-02-23 17:32:49 -05:00
vishalnayak
1e4ee603a7 ssh-helper api changes 2016-02-23 00:16:00 -05:00
Jeff Mitchell
58a2c4d9a0 Return status for rekey/root generation at init time. This mitigates a 
(very unlikely) potential timing attack between init-ing and fetching
status.

Fixes #1054
 2016-02-12 14:24:36 -05:00
Jeff Mitchell
37a63e6e40 Add some documentation to the API revoke functions 2016-02-03 11:42:13 -05:00
Paul Hinze
1f78f07d7b Parse and return MountConfigOutput from API 
When working on the Terraform / Vault integration I came across the fact
that `Sys().MountConfig(...)` didn't seem to return a response struct,
even though it's a `GET` method.

Looks like just a simple oversight to me. This fix does break API BC,
but the method had no use without its return value so I feel like that's
probably a mitigating factor.
 2016-02-02 17:11:05 -06:00
Jeff Mitchell
a80481792e Fix up unit tests to expect new values 2016-01-29 19:36:56 -05:00
Jeff Mitchell
2613343c3d Updates and documentation 2016-01-22 10:07:32 -05:00
Jeff Mitchell
41332a692b Fix body closing in List method 2016-01-22 10:07:32 -05:00
Jeff Mitchell
4b67fd139f Add list capability, which will work with the generic and cubbyhole 
backends for the moment. This is pretty simple; it just adds the actual
capability to make a list call into both the CLI and the HTTP handler.
The real meat was already in those backends.
 2016-01-22 10:07:32 -05:00
Jeff Mitchell
e9538f1441 RootGeneration->GenerateRoot 2016-01-19 18:28:10 -05:00
Jeff Mitchell
4cc7694a3a Add the ability to generate root tokens via unseal keys. 2016-01-19 18:28:10 -05:00
Jeff Mitchell
1c9b00524f Use an array of keys so that if the same fingerprint is used none are lost when using PGP key backup 2016-01-08 14:29:23 -05:00
Jeff Mitchell
839b804e43 Some minor rekey backup fixes 2016-01-08 14:09:40 -05:00
Jeff Mitchell
027c84c62a Add rekey nonce/backup. 2016-01-06 09:54:35 -05:00
Nicki Watt
05c9e5b5ad Make token-lookup functionality available via Vault CLI 2015-12-29 20:18:59 +00:00
Nicki Watt
9db5180803 Corrected HTTP Method for api.TokenAuth.LookupSelf() method 2015-12-28 00:05:15 +00:00
Jeff Mitchell
b38394e456 Use cleanhttp.DefaultTransport rather than instantiating directly to avoid leaked FDs 2015-12-17 15:23:13 -05:00
Jeff Mitchell
583882efdc Update documentation to be consistent with return codes 
Fixes #831
 2015-12-10 10:26:40 -05:00
Jeff Mitchell
49d525ebf3 Reintroduce the ability to look up obfuscated values in the audit log 
with a new endpoint '/sys/audit-hash', which returns the given input
string hashed with the given audit backend's hash function and salt
(currently, always HMAC-SHA256 and a backend-specific salt).

In the process of adding the HTTP handler, this also removes the custom
HTTP handlers for the other audit endpoints, which were simply
forwarding to the logical system backend. This means that the various
audit functions will now redirect correctly from a standby to master.
(Tests all pass.)

Fixes #784
 2015-11-18 20:26:03 -05:00
Jeff Mitchell
f600e3ac29 Add no-default-policy flag and API parameter to allow exclusion of the 
default policy from a token create command.
 2015-11-09 17:30:50 -05:00
Jeff Mitchell
673c6d726a Move environment variable reading logic to API. 
This allows the same environment variables to be read, parsed, and used
from any API client as was previously handled in the CLI. The CLI now
uses the API environment variable reading capability, then overrides any
values from command line flags, if necessary.

Fixes #618
 2015-11-04 10:28:00 -05:00
Jeff Mitchell
b11cb5d964 Implement LookupSelf, RevokeSelf, and RenewSelf in the API client 
Fixes #739
 2015-10-30 17:27:33 -04:00
Jeff Mitchell
d7f528a768 Add reset support to the unseal command. 
Reset clears the provided unseal keys, allowing the process to be begun
again. Includes documentation and unit test changes.

Fixes #695
 2015-10-28 15:59:39 -04:00
Jeff Mitchell
5c0a16b16a Use cleanhttp instead of bare http.Client 2015-10-22 14:37:12 -04:00
Jeff Mitchell
0dbbef1ac0 Don't use http.DefaultClient 
This strips out http.DefaultClient everywhere I could immediately find
it. Too many things use it and then modify it in incompatible ways.

Fixes #700, I believe.
 2015-10-15 17:54:00 -04:00
Jeff Mitchell
27029d9744 Support and use TTL instead of lease for token creation 2015-10-09 19:52:13 -04:00
Jeff Mitchell
c9c8398352 Add 301 redirect checking to the API client. 
Vault doesn't generate these, but in some cases Go's internal HTTP
handler does. For instance, during a mount-tune command, finishing the
mount path with / (as in secret/) would cause the final URL path to
contain .../mounts/secret//tune. The double slash would trigger this
behavior in Go's handler and generate a 301. Since Vault generates 307s,
this would cause the client to think that everything was okay when in
fact nothing had happened.
 2015-10-09 17:11:31 -04:00
Dejan Golja
71615a172c Increase default timeout to 30s which should allow for any operation 
to complete.
 2015-10-09 00:53:35 +11:00
Dejan Golja
4ee297408f added a sensible default timeout for the vault client 2015-10-08 18:44:00 +11:00
Jeff Mitchell
c8af19e9dc Add unit tests 2015-10-07 20:17:06 -04:00
Jeff Mitchell
fd2c0f033e Add the ability for warnings to be added to responses. These are 
marshalled into JSON or displayed from the CLI depending on the output
mode. This allows conferring information such as "no such policy exists"
when creating a token -- not an error, but something the user should be
aware of.

Fixes #676
 2015-10-07 16:18:39 -04:00
Alexey Grachov
923d07b6bf Fix some lint warnings. 2015-09-29 10:35:16 +03:00
Jeff Mitchell
70ce824267 Switch per-mount values to strings going in and seconds coming out, like other commands. Indicate deprecation of 'lease' in the token backend. 2015-09-25 10:41:21 -04:00
Jeff Mitchell
1247459ae1 Ensure that the response body of logical calls is closed, even if there is an error. 2015-09-14 18:22:33 -04:00
Jeff Mitchell
b9a5a137c0 Address items from feedback. Make MountConfig use values rather than 
pointers and change how config is read to compensate.
 2015-09-10 15:09:54 -04:00
Jeff Mitchell
dd8ac00daa Rejig how dynamic values are represented in system view and location of some functions in various packages; create mount-tune command and API analogues; update documentation 2015-09-10 15:09:54 -04:00
Jeff Mitchell
aadf039368 Add DynamicSystemView. This uses a pointer to a pointer to always have 
up-to-date information. This allows remount to be implemented with the
same source and dest, allowing mount options to be changed on the fly.
If/when Vault gains the ability to HUP its configuration, this should
just work for the global values as well.

Need specific unit tests for this functionality.
 2015-09-10 15:09:54 -04:00
Jeff Mitchell
dffcf0548e Plumb per-mount config options through API 2015-09-10 15:09:53 -04:00
Jeff Mitchell
81505f5f97 Rather than use http.DefaultClient, which is simply &http.Client{}, 
create our own. This avoids some potential client race conditions when
they are setting values on the Vault API client while the default client
is being used elsewhere in other goroutines, as was seen in
consul-template.
 2015-09-03 13:47:20 -04:00
Jeff Mitchell
4d6ebab007 Change variable name for clarity 2015-09-03 13:38:24 -04:00
Jeff Mitchell
1a2c44d805 Remove redirect handling code that was never being executed (redirects are manually handled within RawRequest). Add a sync.Once to fix a potential data race with setting the CheckRedirect function on the default http.Client 2015-09-03 13:34:45 -04:00
Jeff Mitchell
566aba71b7 Merge pull request #587 from hashicorp/sethvargo/auth_token_tests 
Add test coverage for auth tokens
 2015-09-03 11:26:14 -04:00
Seth Vargo
8df186fd37 Add test coverage for auth tokens 2015-09-03 10:57:17 -04:00
Seth Vargo
f0b3ad6a2a Update documentation around cookies 2015-09-03 10:36:59 -04:00
Mike Sample
02ac5e1ec6 corrected two typos 2015-08-27 00:05:19 -07:00
Jeff Mitchell
4d877dc4eb Address comments from review. 2015-08-25 15:33:58 -07:00
Jeff Mitchell
e133536b79 Add support for pgp-keys argument to rekey, as well as tests, plus 
refactor common bits out of init.
 2015-08-25 14:52:13 -07:00
Jeff Mitchell
d2023234b9 Add support for "pgp-tokens" parameters to init. 
There are thorough unit tests that read the returned
encrypted tokens, seal the vault, and unseal it
again to ensure all works as expected.
 2015-08-25 14:52:13 -07:00
Jeff Mitchell
f1a301922d Remove cookie authentication. 2015-08-21 19:46:23 -07:00
vishalnayak
440b11c279 Vault SSH: Adding the missed out config file 2015-08-20 11:30:21 -07:00
vishalnayak
d6c5031169 Vault SSH: TLS client creation test 2015-08-18 19:00:27 -07:00
vishalnayak
d63726b41b Vault SSH: Documentation update and minor refactoring changes. 2015-08-17 18:22:03 -07:00
vishalnayak
d1b75e9d28 Vault SSH: Default lease of 5 min for SSH secrets 2015-08-12 17:10:35 -07:00
vishalnayak
f74a0c9bfa Vault SSH: Exposed verify request/response messges to agent 2015-08-12 13:22:48 -07:00
vishalnayak
c008a8d796 Vault SSH: Moved agent's client creation code to Vault's source 2015-08-12 13:09:32 -07:00
vishalnayak
f2e4867555 Vault SSH: Moved SSH agent config to Vault's source 2015-08-12 12:52:21 -07:00
vishalnayak
67b705565e Vault SSH: Added SSHAgent API 2015-08-12 10:48:58 -07:00
vishalnayak
f21c64e874 Vault SSH: Renamed path with mountPoint 2015-08-12 10:30:50 -07:00
vishalnayak
6b86811503 Vault SSH: Fixed constructor of SSH api 2015-08-12 09:56:17 -07:00
vishalnayak
2ac3cabf87 Merging changes from master 2015-08-12 09:28:16 -07:00
Seth Vargo
83bc2692f9 Remove Sys.Login (unused) 2015-08-11 13:04:11 -04:00
vishalnayak
9aa02ad560 Vault SSH: Review Rework 2015-07-29 14:21:36 -04:00
Vishal Nayak
0a4854e542 Vault SSH: Dynamic Key test case fix 2015-07-24 12:13:26 -04:00
Vishal Nayak
3a1eaf1869 Vault SSH: Support OTP key type from CLI 2015-07-23 17:20:28 -04:00
Vishal Nayak
c564f643a4 Merge branch 'master' of https://github.com/hashicorp/vault into vishalvault 2015-07-17 17:22:17 -04:00
Armon Dadgar
3d216c34d0 api: fixing 404 handling of GetPolicy 2015-07-13 19:20:00 +10:00
Vishal Nayak
820e503321 Merge branch 'master' of https://github.com/hashicorp/vault into vishalvault 2015-07-10 16:18:08 -06:00
Jeff Mitchell
4d8b88ef34 Fix nil dereference reading policies with a failing connection (for instance, bad cert) 2015-07-10 14:22:33 -04:00
Vishal Nayak
0a59e84cef Vault SSH: Revoking key after SSH session from CLI 2015-07-06 11:05:02 -04:00
Vishal Nayak
fbaea45101 Vault SSH: PR review rework 2015-07-02 17:23:09 -04:00
Vishal Nayak
13ab7fc40b Vault SSH: PR review rework - 1 2015-07-01 11:58:49 -04:00
Vishal Nayak
756be6976d Refactoring changes 2015-06-29 22:00:08 -04:00
Vishal Nayak
7dbad8386c ssh/lookup implementation and refactoring 2015-06-25 21:47:32 -04:00
Vishal Nayak
4b07eba487 POC: Rework. Doing away with policy file. 2015-06-24 18:13:12 -04:00
Vishal Nayak
fa83fe89f0 Received OTK in SSH client. Forked SSH process from CLI. Added utility file for SSH. 2015-06-17 20:33:03 -04:00
Vishal Nayak
fb866f9059 Added: Ssh CLI command and API, config lease impl, sshConnect path to backend, http handler for Ssh connect 2015-06-17 12:39:49 -04:00
Jeff Mitchell
6f5f247b28 The docs say that if HttpClient is nil, http.DefaultClient will be used. However, the code doesn't do this, resulting in a nil dereference. 2015-06-04 14:01:10 -04:00
boncheff
89a75bac51 Update SPEC.md 2015-06-02 14:51:43 +01:00
Armon Dadgar
a7ebd51391 api: Support the rekey endpoints 2015-05-28 14:37:20 -07:00
Armon Dadgar
0d22532537 api: Adding Rotate and KeyStatus 2015-05-27 18:05:23 -07:00
Seth Vargo
f0520916d6 Improve error message when TLS is disabled 
Fixes #198
 2015-05-14 10:33:38 -04:00
Mitchell Hashimoto
4f2b244d72 api: human friendly error for TLS [GH-123] 2015-05-02 13:08:35 -07:00
Seth Vargo
5ee6b5edfa Use lowercase JSON keys for client_token 2015-04-24 12:00:00 -04:00
Seth Vargo
6a104b22db Remove api dependency on http package 2015-04-23 19:58:44 -04:00
Seth Vargo
25962851ba Use VAULT_ADDR instead 2015-04-23 11:46:22 -04:00
Seth Vargo
b3cc97d71f Add docs 2015-04-23 11:45:37 -04:00
Seth Vargo
aa94080ad8 Read environment variables for VAULT_HTTP_ADDR and VAULT_TOKEN 2015-04-23 11:43:20 -04:00
Seth Vargo
d19aa41b21 Use a pointer config instead 2015-04-23 11:13:52 -04:00
Armon Dadgar
3fd6a7f12a api: Support sys/leader endpoint 2015-04-20 12:04:13 -07:00
Armon Dadgar
462ff7f374 api: Support redirect for HA 2015-04-20 11:30:35 -07:00
Armon Dadgar
0454e1f48e api: Allow reseting of request body 2015-04-20 10:44:51 -07:00
Mitchell Hashimoto
6e9a966e77 command/token-create: add display name and one time use 2015-04-19 18:08:08 -07:00
Mitchell Hashimoto
be5d8d0a29 command/token-renew 2015-04-19 18:04:01 -07:00
Mitchell Hashimoto
42743eb109 command/policy-delete 2015-04-19 16:36:11 -07:00
Mitchell Hashimoto
96f7d05e4b api: update docs 2015-04-13 20:42:07 -07:00
Mitchell Hashimoto
4faf951f03 command/renew 2015-04-13 20:42:07 -07:00
Armon Dadgar
9f577b39b4 Replace VaultID with LeaseID for terminology simplification 2015-04-08 13:35:32 -07:00
Mitchell Hashimoto
7a54437355 command/delete 2015-04-07 11:15:20 -07:00
Mitchell Hashimoto
23a8cdc92a api: Logical delete 2015-04-07 11:04:56 -07:00
Mitchell Hashimoto
6c6480dc4f command/remount 2015-04-07 10:46:47 -07:00
Mitchell Hashimoto
e4f0563dd4 credential/github: CLI handler 2015-04-06 09:53:43 -07:00
Mitchell Hashimoto
935101ed86 api: make API a bit nicer 2015-04-04 17:54:16 -07:00
Mitchell Hashimoto
3111c2396e api: client library methods to get tokens 2015-04-04 17:53:59 -07:00
Mitchell Hashimoto
a9bd83b4ef http: fix tests 2015-04-04 17:42:19 -07:00
Mitchell Hashimoto
7ac32b5da5 api: add auth information to results 2015-04-04 15:40:41 -07:00
Mitchell Hashimoto
8e39a1e7d8 command/help 2015-04-02 22:42:05 -07:00
Mitchell Hashimoto
3ad31ea6e2 api: help 2015-04-02 22:26:45 -07:00
Mitchell Hashimoto
ce9ed56be6 http: help 2015-04-02 22:26:45 -07:00
Mitchell Hashimoto
933e790ad0 api: audit methods 2015-04-01 18:38:25 -07:00
Mitchell Hashimoto
a8390aa2db api: SPEC 2015-04-01 18:16:31 -07:00
Mitchell Hashimoto
4cf15d5195 api: policy methods 2015-04-01 17:59:50 -07:00
Mitchell Hashimoto
d8f9d61453 http: all policy endpoints 2015-04-01 17:59:50 -07:00
Mitchell Hashimoto
9e7ea8a4ef http: list policies 2015-04-01 17:43:58 -07:00
Mitchell Hashimoto
1e6bc65763 command/auth-enable 2015-04-01 17:09:11 -07:00
Mitchell Hashimoto
a7f4f636ec api: fix compile 2015-03-31 20:29:20 -07:00
Mitchell Hashimoto
772fa8dbf0 api: fix auth API 2015-03-31 20:28:05 -07:00
Mitchell Hashimoto
2e80156641 http: auth handlers 2015-03-31 20:24:51 -07:00
Mitchell Hashimoto
56dd1dbea0 api: RevokePrefix 2015-03-31 19:23:52 -07:00
Mitchell Hashimoto
ea234d9cbf command/revoke: revoke 2015-03-31 19:21:02 -07:00
Mitchell Hashimoto
edde6ed160 command/seal: test should use the token 2015-03-31 11:46:55 -07:00
Mitchell Hashimoto
9784fc18f2 api: SetToken 2015-03-30 21:20:23 -07:00
Mitchell Hashimoto
5a4eb13750 api: update the SPEC 2015-03-30 12:22:34 -07:00
Mitchell Hashimoto
f547b717a7 api: re-use proper token constant 2015-03-30 11:14:51 -07:00
Mitchell Hashimoto
b89ac8e3c5 command/init: show root token 2015-03-29 16:25:53 -07:00
Mitchell Hashimoto
06e06cde9c http: support auth 2015-03-29 16:14:54 -07:00
Armon Dadgar
e69df0e947 all: Removing fields from Lease 2015-03-16 13:29:51 -07:00
Mitchell Hashimoto
fe4fe231f8 http: fix mount endpoints 2015-03-16 10:51:13 -07:00
Mitchell Hashimoto
8093f94c65 command/write 2015-03-15 20:35:33 -07:00
Mitchell Hashimoto
fb32e64f74 api: logical Read/Write 2015-03-15 19:47:32 -07:00
Mitchell Hashimoto
05d37bf9f1 http: generic read/write endpoint for secrets 2015-03-15 19:35:04 -07:00
Mitchell Hashimoto
722a3875cf api: use /v1 prefix 2015-03-13 12:53:08 -07:00
Mitchell Hashimoto
cee2928616 api: add init 2015-03-12 12:42:40 -07:00
Mitchell Hashimoto
637b939113 http: init endpoints 2015-03-12 12:37:54 -07:00
Mitchell Hashimoto
019f9ae5b9 api: update mount API 2015-03-11 22:34:54 -07:00
Mitchell Hashimoto
aa0f561723 api: lease renew should parse the secret 2015-03-11 19:48:32 -05:00
Mitchell Hashimoto
440b537c77 api: secret parsing and leasing 2015-03-11 19:48:31 -05:00
Mitchell Hashimoto
c15ba2f71d api: mount API client 2015-03-11 19:48:31 -05:00
Mitchell Hashimoto
78ef15d413 api: store token cookie, tests 2015-03-11 17:46:42 -05:00
Mitchell Hashimoto
7c8f723c57 api: separate sys out further 2015-03-11 17:46:41 -05:00
Mitchell Hashimoto
8894987d0b api: document jar requirement 2015-03-11 17:46:41 -05:00
Mitchell Hashimoto
a32e3a3ca1 api: auth methods 2015-03-11 17:46:41 -05:00
Mitchell Hashimoto
6f48a19c44 api: automatically get errors in RawRequest 2015-03-11 17:46:41 -05:00
Mitchell Hashimoto
ca13e2501e api: Response can decode errors 2015-03-11 17:46:41 -05:00
Mitchell Hashimoto
f0c804e42a api: sys methods 2015-03-11 17:46:41 -05:00
Mitchell Hashimoto
da6210d3c1 api: start the groundwork API stuff 2015-03-09 11:38:50 -07:00
Mitchell Hashimoto
36b7b84ec4 api: update spec 2015-03-04 15:41:21 -08:00
Mitchell Hashimoto
c24137e914 api: SPEC 2015-03-04 15:03:06 -08:00
Mitchell Hashimoto
c2cecb713e api: update SPEC 2015-03-04 13:17:12 -08:00
Mitchell Hashimoto
cbf2d74670 api: spec 2015-03-04 13:10:10 -08:00