Joel Thompson ee55e36af6 Check if there's a bound iam arn when renewing (#2819) ...

Previously, the renew method would ALWAYS check to ensure the
authenticated IAM principal ARN matched the bound ARN.  However, there
is a valid use case in which no bound_iam_principal_arn is specified and
all bindings are done through inferencing. When a role is configured
like this, clients won't be able to renew their token because of the
check.

This now checks to ensure that the bound_iam_principal_arn is not empty
before requriing that it match the originally authenticated client.

Fixes #2781

2017-06-06 22:35:12 -04:00

..

audit

audit: support a configurable prefix string to write before each message (#2359)

2017-02-10 16:56:28 -08:00

auth

Check if there's a bound iam arn when renewing (#2819)

2017-06-06 22:35:12 -04:00

commands

Updated doc to match real output (#2443)

2017-03-06 10:39:34 -05:00

concepts

doc: leases are generated only for dynamic secrets (#2772)

2017-05-31 09:47:17 -04:00

configuration

Minor typos & wordsmithing for clarity (#2807)

2017-06-05 09:32:09 -07:00

guides

[docs] Add header to fix formatting.

2017-04-05 10:35:59 +10:00

install

Move upgrade into guides (#2460)

2017-03-08 17:33:58 -05:00

internals

Use the role name in the db username (#2812)

2017-06-06 09:49:49 -04:00

secrets

Use the role name in the db username (#2812)

2017-06-06 09:49:49 -04:00

vault-enterprise

Add UI docs (#2664)

2017-05-01 17:36:37 -04:00

index.html.markdown

Fix broken link

2016-12-13 10:56:18 +05:30