mirrors/vault
1
0
Fork 0
mirror of https://github.com/hashicorp/vault.git synced 2025-08-24 08:01:07 +02:00
Code Issues Projects Releases Wiki Activity
9,692 Commits 2,840 Branches 445 Tags
Commit Graph

9692 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Jeff Mitchell
1a63c4b756 Merge pull request #745 from hashicorp/issue-714 
Allow creating Consul management tokens
 2015-11-03 15:30:13 -05:00
Jeff Mitchell
07c0146542 Allow creating Consul management tokens 
Fixes #714
 2015-11-03 15:29:58 -05:00
Jeff Mitchell
1878696db5 Merge pull request #746 from hashicorp/issue-677 
Add a PermitPool to physical and consul/inmem
 2015-11-03 15:26:58 -05:00
Jeff Mitchell
e0d2b1af78 Add configuration parameter for max parallel connections to Consul 2015-11-03 15:26:07 -05:00
Jeff Mitchell
7709cbf796 Add create-orphan to documentation 2015-11-03 15:15:33 -05:00
Jeff Mitchell
f4cee49092 Merge pull request #703 from hashicorp/crlsets 
Implement CRLs for the cert authentication backend
 2015-11-03 15:13:08 -05:00
Jeff Mitchell
eb1d4d865b Merge pull request #748 from hashicorp/create-orphan-http 
Add ability to create orphan tokens from the API
 2015-11-03 15:12:42 -05:00
Jeff Mitchell
f6c6cde7a3 Add ability to create orphan tokens from the API 2015-11-03 15:12:21 -05:00
Jeff Mitchell
05810ae786 Address review feedback 2015-11-03 14:48:05 -05:00
Jeff Mitchell
867563de0d Add a PermitPool to physical and consul/inmem 
The permit pool controls the number of outstanding operations that can
be queued for Consul (and inmem, for testing purposes). This prevents
possible situations where Vault launches thousands of concurrent
connections to Consul if e.g. a huge number of leases need to be
expired.

Fixes #677
 2015-11-03 11:49:20 -05:00
Jeff Mitchell
a78033566c Changelogify 2015-11-03 11:43:57 -05:00
Jeff Mitchell
5ccccde6da Fix trailing whitespace complaints 2015-11-03 10:52:20 -05:00
Jeff Mitchell
5e0b16fe69 Use TypeDurationSecond instead of TypeString 2015-11-03 10:52:20 -05:00
Jeff Mitchell
ef21eb6ee4 Clarify that CRLs are not fetched by Vault 2015-11-03 10:52:20 -05:00
Jeff Mitchell
af4af078fa Address first round of feedback from review 2015-11-03 10:52:20 -05:00
Jeff Mitchell
90a9f25d80 Add documentation for CRLs and some minor cleanup. 2015-11-03 10:52:20 -05:00
Jeff Mitchell
b54cb9966c Add tests for the crls path, and fix a couple bugs 2015-11-03 10:52:20 -05:00
Jeff Mitchell
d785ba6d7f Drastically simplify the method and logic; keep an in-memory cache and use that for most operations, only affecting the backend storage when needed. 2015-11-03 10:52:20 -05:00
Jeff Mitchell
2737066e09 Add delete method, and ability to delete only one serial as well as an entire set. 2015-11-03 10:52:20 -05:00
Jeff Mitchell
5eac0671ae Add CRLSets endpoints; write method is done. Add verification logic to 
login path. Change certs "ttl" field to be a string to match common
backend behavior.
 2015-11-03 10:52:19 -05:00
Jeff Mitchell
376fe3601b Merge pull request #744 from hashicorp/issue-733 
Run preSeal if postUnseal fails.
 2015-11-03 10:50:23 -05:00
Jeff Mitchell
7a66911ae1 Update deps 2015-11-02 13:43:12 -05:00
Jeff Mitchell
966e7c621f errwrap -> go-multierror + errwrap 2015-11-02 13:29:33 -05:00
Jeff Mitchell
fda17ccbbd Run preSeal if postUnseal fails. 
This also ensures that every error path out of postUnseal returns an
error.

Fixes #733
 2015-11-02 13:29:33 -05:00
Jeff Mitchell
a382dd2145 Merge pull request #741 from hashicorp/sethvargo/update_deps 
Update deps
 2015-11-02 12:21:36 -05:00
Seth Vargo
3e2c4ffb7b Fix breaking API changes 2015-10-30 18:22:48 -04:00
Seth Vargo
f8cdc40c6a Update deps 2015-10-30 18:07:00 -04:00
Jeff Mitchell
9c71f59294 Merge pull request #740 from hashicorp/issue-739 
Implement LookupSelf, RevokeSelf, and RenewSelf in the API client
 2015-10-30 17:28:18 -04:00
Jeff Mitchell
b11cb5d964 Implement LookupSelf, RevokeSelf, and RenewSelf in the API client 
Fixes #739
 2015-10-30 17:27:33 -04:00
Jeff Mitchell
8cf0d1444a If we fail to open a file path, show which it is in the error output 2015-10-30 14:30:21 -04:00
Jeff Mitchell
27c2bad4a6 Merge pull request #730 from hashicorp/issue-713 
Write HMAC-SHA256'd client token to audited requests
 2015-10-30 13:36:22 -04:00
Jeff Mitchell
6ded941254 Note that the dev server does not fork 
Fixes #710.
 2015-10-30 12:47:56 -04:00
Jeff Mitchell
c0eec7ed8b Merge pull request #737 from hashicorp/issue-615 
Return data on a token with one use left if there is no Lease ID
 2015-10-30 12:42:19 -04:00
Jeff Mitchell
8a11c2d3c7 Update Postgres tests and changelogify 2015-10-30 12:41:45 -04:00
Jeff Mitchell
fab86fa23f Return data on a token with one use left if there is no Lease ID 
Fixes #615
 2015-10-30 12:35:42 -04:00
Jeff Mitchell
eebf1471c3 Merge pull request #736 from hashicorp/issue-699 
Revoke permissions before dropping user in postgresql.
 2015-10-30 12:01:03 -04:00
Jeff Mitchell
d066aea418 Revoke permissions before dropping user in postgresql. 
Currently permissions are not revoked, which can lead revocation to not
actually work properly. This attempts to revoke all permissions and only
then drop the role.

Fixes issue #699
 2015-10-30 11:58:52 -04:00
Jeff Mitchell
ec0fef0005 Merge pull request #735 from hashicorp/unexport-create-roottoken 
Make the token store's Create and RootToken functions non-exported.
 2015-10-30 11:04:29 -04:00
Jeff Mitchell
035ba4a659 Make the token store's Create and RootToken functions non-exported. 
Nothing requires them to be exported, and I don't want anything in the
future to think it's okay to simply create a root token when it likes.
 2015-10-30 10:59:26 -04:00
Jeff Mitchell
1c91ab9159 Merge pull request #731 from hashicorp/sethvargo/trail 
Force a trailing slash
 2015-10-29 16:22:52 -04:00
Seth Vargo
1edde809ba Force a trailing slash 2015-10-29 16:21:39 -04:00
Jeff Mitchell
1cd129015f Write HMAC-SHA256'd client token to audited requests 
Fixes #713
 2015-10-29 13:26:18 -04:00
Jeff Mitchell
d3aebadc3c Fix wording 2015-10-29 12:58:29 -04:00
Jeff Mitchell
9a835a99cc Merge pull request #729 from hashicorp/issue-697 
Documentation update around path/key name encryption.
 2015-10-29 11:22:50 -04:00
Jeff Mitchell
cee292a06a Documentation update around path/key name encryption. 
Make it clear that path/key names in generic are not encrypted.

Fixes #697
 2015-10-29 11:21:40 -04:00
Jeff Mitchell
b065bdd1d0 Merge pull request #728 from hashicorp/issue-718 
Check TTL provided to generic backend on write
 2015-10-29 11:06:30 -04:00
Jeff Mitchell
385209c6ba Check TTL provided to generic backend on write 
If existing entries have unparseable TTLs, return the value plus a
warning, rather than an error.

Fixes #718
 2015-10-29 11:05:21 -04:00
Jeff Mitchell
b2bb7b579b Merge pull request #725 from hashicorp/add-reset-for-unseal 
Add reset support to the unseal command.
 2015-10-28 16:05:58 -04:00
Jeff Mitchell
d7f528a768 Add reset support to the unseal command. 
Reset clears the provided unseal keys, allowing the process to be begun
again. Includes documentation and unit test changes.

Fixes #695
 2015-10-28 15:59:39 -04:00
Jeff Mitchell
40486da446 Fix cache disabling 2015-10-28 13:05:56 -04:00