mirrors/vault
1
0
Fork 0
mirror of https://github.com/hashicorp/vault.git synced 2025-08-26 00:51:08 +02:00
Code Issues Projects Releases Wiki Activity
14,369 Commits 2,840 Branches 445 Tags
Commit Graph

1453 Commits

Author SHA1 Message Date
Jeff Mitchell
48da40964c Move token helper out of meta 2016-04-01 14:23:15 -04:00
Jeff Mitchell
33326b30c3 Move meta into its own package 2016-04-01 13:16:05 -04:00
Jeff Mitchell
61a4f4a6a2 Sort infokeys on startup and add more padding 2016-03-30 12:31:47 -04:00
Jeff Mitchell
c22fc374b6 Merge HA Backend objects 2016-03-21 16:56:13 -04:00
vishalnayak
dfbf2da1e2 Restore the previous valid token if token authentication fails 2016-03-18 14:43:16 -04:00
Pradeep Chhetri
f86c98bca8 Fix Typo 2016-03-18 14:06:49 +00:00
Jeff Mitchell
367add864d Add -field and -format to write command. 
Fixes #1186
 2016-03-17 14:57:30 -04:00
Vishal Nayak
1e432efb20 Merge pull request #1210 from hashicorp/audit-id-path 
Rename id to path and path to file_path, print audit backend paths
 2016-03-15 20:13:21 -04:00
vishalnayak
bac4fe0799 Rename id to path and path to file_path, print audit backend paths 2016-03-14 17:15:07 -04:00
Jeff Mitchell
3a878c3dc4 Add test for listener reloading, and update website docs. 2016-03-14 14:05:47 -04:00
Jeff Mitchell
0c56385d59 Properly scope config objects for reloading 2016-03-14 11:18:02 -04:00
Jeff Mitchell
14f538556e Don't generate an ID; use address for the ID. Generally speaking we'll need to sane against what's in the config 2016-03-11 17:28:03 -05:00
Jeff Mitchell
ca40e06f5d Don't inline factory 2016-03-11 17:02:44 -05:00
Jeff Mitchell
92088f06e4 For not shutdown triggered... 2016-03-11 17:01:26 -05:00
Jeff Mitchell
9f2f5b1c61 Retool to have reloading logic run in command/server 2016-03-11 16:47:03 -05:00
Jeff Mitchell
6430cd97ba Add tests. This actually adds the initial tests for the TLS listener, 
then layers reloading tests on top.
 2016-03-11 14:05:52 -05:00
Jeff Mitchell
7e52796aae Add reload capability for Vault listener certs. No tests (other than 
manual) yet, and no documentation yet.
 2016-03-11 14:05:52 -05:00
Vishal Nayak
640b3b25c5 Merge pull request #1201 from hashicorp/accessor-cli-flags 
Accessor CLI flags
 2016-03-11 09:55:45 -05:00
vishalnayak
a090c9dc54 Added test for token-revoke accessor flag 2016-03-10 21:38:27 -05:00
vishalnayak
1612dfaa1f Added accessor flag to token-revoke CLI 2016-03-10 21:21:20 -05:00
vishalnayak
084cbb2fc9 Added test for token-lookup accessor flag 2016-03-10 21:21:20 -05:00
vishalnayak
82a9fa86ad Add accessor flag to token-lookup command and add lookup-accessor client API 2016-03-10 21:21:20 -05:00
Seth Vargo
f801e30844 Remove log statement 2016-03-10 17:48:34 -05:00
Seth Vargo
80a28004f0 Add missing fixture 2016-03-10 17:40:40 -05:00
Seth Vargo
b381a9d7e0 Fix failing config test 2016-03-10 17:36:10 -05:00
Seth Vargo
e5e66535c8 Fix test fixtures 2016-03-10 16:51:08 -05:00
Seth Vargo
bbb45c4370 Fix failing policy-write integration test 
This was a flawed test. Previously the test passed in a fixture that
corresponded to a CLI config file, not an actual policy. The test
_should_ have been failing, but it wasn't. This commit adds a new
fixture.
 2016-03-10 15:45:49 -05:00
Seth Vargo
80d627fc0a Parse HCL keys in command config 2016-03-10 15:25:25 -05:00
Seth Vargo
ffbe97c7ca Print errors on extra keys in server config 
This does NOT apply to the backend config, since each backend config
could have a variation of options that differ based off of the
configured backend itself. This may be an optimization that can be made
in the future, but I think each backend should be responsible for
performing its own configuration validation instead of overloading the
config itself with this functionality.
 2016-03-10 15:25:25 -05:00
Jeff Mitchell
8b6df2a1a4 Merge branch 'master' into token-roles 2016-03-09 17:23:34 -05:00
Jeff Mitchell
2a698c7786 Merge pull request #1168 from hashicorp/revoke-force 
Add forced revocation.
 2016-03-09 16:59:52 -05:00
vishalnayak
2a35de81dc AccessorID --> Accessor, accessor_id --> accessor 2016-03-09 06:23:31 -05:00
vishalnayak
38a5d75caa Introduced AccessorID in TokenEntry and returning it along with token 2016-03-08 14:06:10 -05:00
vishalnayak
1b9e486bfd use errwrap to check the type of error message, fix typos 2016-03-07 18:36:26 -05:00
Jeff Mitchell
c4124bc40a Merge branch 'master' into token-roles 2016-03-07 10:03:54 -05:00
vishalnayak
b5ca8ba5bc Documentation for capabilities and capabilities-self APIs 2016-03-07 06:13:56 -05:00
vishalnayak
0f82724f1f test cases for capabilities endpoint 2016-03-05 00:03:55 -05:00
vishalnayak
7f832f22aa refactoring changes due to acl.Capabilities 2016-03-04 18:55:48 -05:00
vishalnayak
a7cfc9cc7a Removing the 'Message' field 2016-03-04 10:36:03 -05:00
vishalnayak
5b9ef4ec2e testcase changes 2016-03-04 10:36:03 -05:00
vishalnayak
42a7bab69e Test files for capabilities endpoint 2016-03-04 10:36:03 -05:00
vishalnayak
894f2ccef1 self review rework 2016-03-04 10:36:03 -05:00
vishalnayak
f00261785a Handled root token use case 2016-03-04 10:36:03 -05:00
vishalnayak
b2f394d779 Added capabilities and capabilities-self endpoints to http muxer 2016-03-04 10:36:03 -05:00
vishalnayak
ed3e2c6c05 Added sys/capabililties endpoint 2016-03-04 10:36:02 -05:00
Jeff Mitchell
67b8eab204 Update help text exporting dev mode listen address. 
Ping #1160
 2016-03-03 18:10:14 -05:00
Jeff Mitchell
a520728263 Merge pull request #1146 from hashicorp/step-down 
Provide 'sys/step-down' and 'vault step-down'
 2016-03-03 12:30:08 -05:00
Jeff Mitchell
00721af2c1 Add the ability to specify dev mode address via CLI flag and envvar. 
Fixes #1160
 2016-03-03 10:48:52 -05:00
Jeff Mitchell
a05ea4720c Add ability to control dev root token id with 
VAULT_DEV_ROOT_TOKEN_ID env var, and change the CLI flag to match.

Ping #1160
 2016-03-03 10:24:44 -05:00
Jeff Mitchell
f3f30022d0 Add forced revocation. 
In some situations, it can be impossible to revoke leases (for instance,
if someone has gone and manually removed users created by Vault). This
can not only cause Vault to cycle trying to revoke them, but it also
prevents mounts from being unmounted, leaving them in a tainted state
where the only operations allowed are to revoke (or rollback), which
will never successfully complete.

This adds a new endpoint that works similarly to `revoke-prefix` but
ignores errors coming from a backend upon revocation (it does not ignore
errors coming from within the expiration manager, such as errors
accessing the data store). This can be used to force Vault to abandon
leases.

Like `revoke-prefix`, this is a very sensitive operation and requires
`sudo`. It is implemented as a separate endpoint, rather than an
argument to `revoke-prefix`, to ensure that control can be delegated
appropriately, as even most administrators should not normally have
this privilege.

Fixes #1135
 2016-03-03 10:13:59 -05:00