mirrors/vault
1
0
Fork 0
mirror of https://github.com/hashicorp/vault.git synced 2025-08-26 09:01:13 +02:00
Code Issues Projects Releases Wiki Activity
9,692 Commits 2,837 Branches 445 Tags
Commit Graph

9692 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Jeff Mitchell
6ff18aae59 Merge pull request #1170 from hashicorp/strip-leading-slash-policies 
Strip leading paths in policies.
 2016-03-03 12:03:56 -05:00
Jeff Mitchell
3b84ae6cca Strip leading paths in policies. 
It appears to be a common mistake, but they won't ever match.

Fixes #1167
 2016-03-03 11:32:48 -05:00
Jeff Mitchell
93e8ce28c3 changelog++ 2016-03-03 11:12:15 -05:00
Jeff Mitchell
202f93bb3b Merge pull request #1169 from hashicorp/dev-mode-address 
Add the ability to specify dev mode address via CLI flag and envvar.
 2016-03-03 11:10:51 -05:00
Jeff Mitchell
1ae2f2fd34 Remove unneeded sleeps in test code 2016-03-03 11:09:27 -05:00
Jeff Mitchell
097e6ce93a Move descriptions into const block 2016-03-03 11:04:05 -05:00
Jeff Mitchell
2b7edf6bfd Update cubbyhole text to be more explicit. 
Fixes #1165
 2016-03-03 10:58:58 -05:00
Jeff Mitchell
00721af2c1 Add the ability to specify dev mode address via CLI flag and envvar. 
Fixes #1160
 2016-03-03 10:48:52 -05:00
Jeff Mitchell
a05ea4720c Add ability to control dev root token id with 
VAULT_DEV_ROOT_TOKEN_ID env var, and change the CLI flag to match.

Ping #1160
 2016-03-03 10:24:44 -05:00
Chris Hoffman
ba34a1b278 Adding Godeps for mssql 2016-03-03 10:16:59 -05:00
Jeff Mitchell
f3f30022d0 Add forced revocation. 
In some situations, it can be impossible to revoke leases (for instance,
if someone has gone and manually removed users created by Vault). This
can not only cause Vault to cycle trying to revoke them, but it also
prevents mounts from being unmounted, leaving them in a tainted state
where the only operations allowed are to revoke (or rollback), which
will never successfully complete.

This adds a new endpoint that works similarly to `revoke-prefix` but
ignores errors coming from a backend upon revocation (it does not ignore
errors coming from within the expiration manager, such as errors
accessing the data store). This can be used to force Vault to abandon
leases.

Like `revoke-prefix`, this is a very sensitive operation and requires
`sudo`. It is implemented as a separate endpoint, rather than an
argument to `revoke-prefix`, to ensure that control can be delegated
appropriately, as even most administrators should not normally have
this privilege.

Fixes #1135
 2016-03-03 10:13:59 -05:00
Chris Hoffman
ed5ca17b57 Adding mssql secret backend 2016-03-03 09:19:17 -05:00
Jeff Mitchell
f88c6c16db Remove proxy function as it's unneeded now 2016-03-02 14:55:51 -05:00
Jeff Mitchell
21e3bca540 Merge pull request #1163 from hashicorp/mux-cleanup 
Remove sys_policy from special handling as it's implemented in
 2016-03-02 14:48:30 -05:00
Jeff Mitchell
f85c3f48af Remove sys_policy from special handling as it's implemented in 
logical_system too. Clean up the mux handlers.
 2016-03-02 14:16:54 -05:00
Jeff Mitchell
46a71bd648 Add a sleep in the RedirectStandby test to try to fix raciness 2016-03-02 12:06:16 -05:00
Jeff Mitchell
278b4f9f8a changelog++ 2016-03-02 12:05:16 -05:00
Jeff Mitchell
37ea7d9910 Merge pull request #1162 from hashicorp/dev-root-id 
Allow specifying an initial root token ID in dev mode.
 2016-03-02 12:04:25 -05:00
Jeff Mitchell
c19641887d Allow specifying an initial root token ID in dev mode. 
Ping #1160
 2016-03-02 12:03:26 -05:00
Jeff Mitchell
e7f4100437 changelog++ 2016-03-01 20:27:08 -05:00
Jeff Mitchell
08ce2b9c16 Merge pull request #1156 from hashicorp/renew-self-CLI 
Allow `token-renew` to not be given a token; it will then use the
 2016-03-01 20:26:02 -05:00
Jeff Mitchell
143d876c99 Address review feedback 2016-03-01 20:25:40 -05:00
vishalnayak
8f728f8ed3 changelog++ 2016-03-01 17:18:20 -05:00
Jeff Mitchell
e776599315 changelog++ 2016-03-01 17:12:14 -05:00
Jeff Mitchell
c3a70bc1bf Allow token-renew to not be given a token; it will then use the 
renew-self endpoint. Otherwise it will use the renew endpoint, even if
the token matches the client token.

Adds an -increment flag to allow increments even with no token passed
in.

Fixes #1150
 2016-03-01 17:02:48 -05:00
Vishal Nayak
6e910095ce Merge pull request #1153 from hashicorp/cert-non-ca-fix 
Non-CA cert registration to the cert backend
 2016-03-01 16:56:59 -05:00
vishalnayak
4d5634528c continue if non-CA policy is not found 2016-03-01 16:43:51 -05:00
vishalnayak
86df49b992 Added ExtKeyUsageAny, changed big.Int comparison and fixed code flow 2016-03-01 16:37:01 -05:00
vishalnayak
d8213e8094 corrections, policy matching changes and test cert changes 2016-03-01 16:37:01 -05:00
vishalnayak
9e610f6417 Added testcase for cert writes 2016-03-01 16:37:01 -05:00
vishalnayak
c506988cde supporting non-ca certs for verification 2016-03-01 16:37:01 -05:00
Jeff Mitchell
88348ec798 Address first round of feedback 2016-03-01 15:30:37 -05:00
Jeff Mitchell
6e8033b5bd Update token documentation 2016-03-01 14:00:52 -05:00
Jeff Mitchell
42501e388b Add command and token store documentation for roles 2016-03-01 13:02:40 -05:00
Jeff Mitchell
5883848f60 Add other token role unit tests and some minor other changes. 2016-03-01 12:41:41 -05:00
Jeff Mitchell
8be467a31a Update tests to add expected role parameters 2016-03-01 12:41:40 -05:00
Jeff Mitchell
c5c2c2362b Add token role CRUD tests 2016-03-01 12:41:40 -05:00
Jeff Mitchell
c1677c0b55 Initial work on token roles 2016-03-01 12:41:40 -05:00
vishalnayak
01d61f6f0c fix typo 2016-03-01 11:48:17 -05:00
Vishal Nayak
1a8fc05a80 Merge pull request #1154 from hashicorp/ssh-docs-fix 
zeroaddress documentation fix
 2016-03-01 11:22:45 -05:00
vishalnayak
8feae7eb1f removed datatype and corrected a sentense 2016-03-01 11:21:29 -05:00
vishalnayak
a40e0fc8d4 zeroaddress documentation fix 2016-03-01 10:57:00 -05:00
Jeff Mitchell
d986685200 Fix commenting 2016-02-29 20:29:04 -05:00
vishalnayak
9fbfd1aff2 moved the test cert keys to appropriate test-fixtures folder 2016-02-29 15:49:08 -05:00
Jeff Mitchell
404a7fafff Don't spawn consul servers when testing unless it's an acceptance test 2016-02-29 14:58:06 -05:00
Jeff Mitchell
581d2cfee0 Don't run transit fuzzing if not during acceptance tests 2016-02-29 14:44:04 -05:00
Jeff Mitchell
a86c1ba264 Only run PKI backend setup functions when TF_ACC is set 2016-02-29 14:41:14 -05:00
Jeff Mitchell
2a347d2eb4 Merge branch 'master' into step-down 2016-02-29 11:02:09 -05:00
Vishal Nayak
3def72260d Merge pull request #1152 from hashicorp/cert-tests-fix 
tls backend: replaced test certs and disabled InsecureSkipVerify
 2016-02-29 10:41:55 -05:00
vishalnayak
b3d639a29f fixed the error log message 2016-02-29 10:41:10 -05:00