mirrors/vault
1
0
Fork 0
mirror of https://github.com/hashicorp/vault.git synced 2025-08-25 16:41:08 +02:00
Code Issues Projects Releases Wiki Activity
9,692 Commits 2,840 Branches 445 Tags
Commit Graph

9692 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Jeff Mitchell
2667f08f97 Only allow listing on folders and enforce this. Also remove string sorting from Consul backend as it's not a requirement and other backends don't do it. 2016-01-22 10:07:32 -05:00
Jeff Mitchell
f1b843d773 Remove bare option, prevent writes ending in slash, and return an exact file match as "." 2016-01-22 10:07:32 -05:00
Jeff Mitchell
f8e569ae0a Address some review feedback 2016-01-22 10:07:32 -05:00
Jeff Mitchell
2613343c3d Updates and documentation 2016-01-22 10:07:32 -05:00
Jeff Mitchell
41332a692b Fix body closing in List method 2016-01-22 10:07:32 -05:00
Jeff Mitchell
4b67fd139f Add list capability, which will work with the generic and cubbyhole 
backends for the moment. This is pretty simple; it just adds the actual
capability to make a list call into both the CLI and the HTTP handler.
The real meat was already in those backends.
 2016-01-22 10:07:32 -05:00
Jeff Mitchell
fdc7e717ee Add handling of LIST verb to logical router 2016-01-22 10:07:32 -05:00
Jeff Mitchell
eaba2b9df3 Add C# library and do some reorg on the library page 2016-01-22 10:03:02 -05:00
Jeff Mitchell
ac4a0556bd changelog++ 2016-01-21 16:30:50 -05:00
Jeff Mitchell
a2debd4b61 Update godeps to include STS stuff in AWS and others 2016-01-21 16:27:36 -05:00
Jeff Mitchell
5de04e1810 Merge pull request #927 from urq/feature-sts 
Adding STS to the aws backend
 2016-01-21 15:43:39 -05:00
Devin Christensen
b874846837 Merge 'upstream/master' into postgres_physical 2016-01-21 13:04:27 -07:00
Dmitriy Gromov
df65547eca STS now uses root vault user for keys 
The secretAccessKeysRevoke revoke function now asserts that it is
not dealing with STS keys by checking a new internal data flag. Defaults
to IAM when the flag is not found.

Factored out genUsername into its own function to share between STS and
IAM secret creation functions.

Fixed bad call to "WriteOperation" instead of "UpdateOperation" in
aws/backend_test
 2016-01-21 15:04:16 -05:00
Dmitriy Gromov
ea1e29fa33 Renamed sts duration to ttl and added STS permissions note. 2016-01-21 14:28:34 -05:00
Dmitriy Gromov
e13f58713e documenting the new aws/sts endpoint 2016-01-21 14:05:10 -05:00
Dmitriy Gromov
b37a963841 Removing debug print statement from sts code 2016-01-21 14:05:10 -05:00
Dmitriy Gromov
6f50cd9439 Fixed duration type and added acceptance test for sts 2016-01-21 14:05:10 -05:00
Dmitriy Gromov
522e8a3450 Configurable sts duration 2016-01-21 14:05:09 -05:00
Jack DeLoach
d206599b80 Add STS path to AWS backend. 
The new STS path allows for obtaining the same credentials that you would get
from the AWS "creds" path, except it will also provide a security token, and
will not have an annoyingly long propagation time before returning to the user.
 2016-01-21 14:05:09 -05:00
Jeff Mitchell
4fc58e8b41 Merge pull request #895 from nickithewatt/aws-prexisting-policies 
Allow use of pre-existing policies for AWS users
 2016-01-21 13:23:37 -05:00
Jeff Mitchell
034d78cbb5 Add generate-root info to changelog 2016-01-21 12:37:26 -05:00
Jeff Mitchell
55212cffa3 Merge pull request #915 from hashicorp/generate-root 
Add the ability to generate root tokens via unseal keys.
 2016-01-21 12:31:37 -05:00
Jeff Mitchell
2c4da115ff Add -decode flag verification 2016-01-21 12:18:57 -05:00
Devin Christensen
a2b1b697a0 Remove DDL statements from the code 2016-01-20 18:52:49 -07:00
Devin Christensen
1886fe81f9 Remove superfluous comparison 2016-01-20 17:05:21 -07:00
Devin Christensen
6002154cb6 Ensure rows.Close() is called in List 2016-01-20 17:02:23 -07:00
Devin Christensen
fb55a46d81 Prefer TEXT over VARCHAR 
From the PostgreSQL docs
(http://www.postgresql.org/docs/9.4/static/datatype-character.html):

 > Tip: There is no performance difference among these three types,
 > apart from increased storage space when using the blank-padded type,
 > and a few extra CPU cycles to check the length when storing into a
 > length-constrained column. While character(n) has performance
 > advantages in some other database systems, there is no such advantage
 > in PostgreSQL; in fact character(n) is usually the slowest of the
 > three because of its additional storage costs. In most situations
 > text or character varying should be used instead.
 2016-01-20 16:56:46 -07:00
Devin Christensen
3d7a81f226 Use native upsert when available 2016-01-20 10:47:54 -07:00
Jeff Mitchell
e816b9d477 Pull out setting the root token ID; use the new ParseUUID method in 
go-uuid instead, and revoke if there is an error.
 2016-01-19 19:44:33 -05:00
Jeff Mitchell
152f4a9391 Fix lost code after rebase 2016-01-19 19:19:07 -05:00
Devin Christensen
5bea0d9731 Add support for PostgreSQL as a physical backend 2016-01-19 17:00:09 -07:00
Jeff Mitchell
e9538f1441 RootGeneration->GenerateRoot 2016-01-19 18:28:10 -05:00
Jeff Mitchell
a25514d4f7 Address most of the review feedback 2016-01-19 18:28:10 -05:00
Jeff Mitchell
4cc7694a3a Add the ability to generate root tokens via unseal keys. 2016-01-19 18:28:10 -05:00
Jeff Mitchell
60303244bc Merge pull request #943 from imjorge/patch-1 
/encryption key/master key/
 2016-01-19 12:51:45 -07:00
Jorge Ferreira
ed5de6b33a /encryption key/master key/ 2016-01-19 15:42:50 +00:00
Chi Vinh Le
555834f83d Cleanly close SSH connections 2016-01-19 07:59:08 +01:00
Jeff Mitchell
3d7947b05b changelog++ 2016-01-18 17:05:51 -05:00
Jeff Mitchell
aa9da9aa64 Merge pull request #941 from hashicorp/armored-pgp-keys 
Allow ASCII-armored PGP pub keys to be passed into -pgp-keys.
 2016-01-18 15:03:08 -07:00
Jeff Mitchell
3ecd88bd5c Allow ASCII-armored PGP pub keys to be passed into -pgp-keys. 
Fixes #940
 2016-01-18 17:01:52 -05:00
Jeff Mitchell
0e2a0cd5b5 Merge pull request #937 from hashicorp/cubbyhole-existence-check 
Implement existence check for cubbyhole
 2016-01-16 17:35:38 -07:00
Jeff Mitchell
d1c8800676 Implement existence check for cubbyhole 2016-01-16 19:35:11 -05:00
Jeff Mitchell
56c9148b5b changelog++ 2016-01-16 18:03:58 -05:00
Jeff Mitchell
34a35fd58f Merge pull request #936 from hashicorp/cubbyhole-def-policy 
Use capabilities rather than policies in default policy. Also add cub…
 2016-01-16 18:03:03 -05:00
Jeff Mitchell
280fc12c85 Use capabilities rather than policies in default policy. Also add cubbyhole to it. 2016-01-16 18:02:31 -05:00
Jeff Mitchell
47503076f2 Move rekey to its own files for cleanliness 2016-01-14 17:01:04 -05:00
Jeff Mitchell
427a0f054b Merge pull request #932 from hashicorp/rekey-PUT 
Remove need for PUT in rekey. We've decided that POST and PUT are to
 2016-01-14 16:53:14 -05:00
Jeff Mitchell
887085afbf Remove need for PUT in rekey. We've decided that POST and PUT are to 
stay as synonyms for writes, so there's no reason to limit it for this
operation.
 2016-01-14 16:52:34 -05:00
Seth Vargo
3c2b29d528 Do not use compressed javascripts 
Minifier gets really confused when you give it already-compressed
javascript.
 2016-01-14 15:00:41 -05:00
Jeff Mitchell
4f9e1e9843 Keep ordering consistent in config doc, and put HA backends first 2016-01-14 13:55:53 -05:00