Jeff Mitchell
08dbc70c9f
Switch etcd default port to 2379, in line with 2.x.
...
Fixes #753
2015-11-05 09:47:50 -05:00
Jeff Mitchell
9fff3a350d
Don't use the semaphore library as it's racy; instead use a simple
...
buffered channel. Passes all tests, including inmem, which uses it.
2015-11-04 12:27:13 -05:00
Jeff Mitchell
f8c13ed69f
Changelog++
2015-11-04 09:42:07 -05:00
Jeff Mitchell
9550ac565e
Merge pull request #750 from svanharmelen/f-configurable-s3-endpoint
...
Add an option to configure the S3 endpoint
2015-11-04 09:40:44 -05:00
Sander van Harmelen
4ad533a5ba
Add a line to the documentation to describe the new feature
2015-11-04 15:36:24 +01:00
Sander van Harmelen
c65b63d152
Add an option to configure the S3 endpoint
...
This enables the use of other (AWS S3 compatible) S3 endpoints.
2015-11-04 15:04:36 +01:00
Jeff Mitchell
94b15b78bc
Update godeps
2015-11-04 08:53:58 -05:00
Jeff Mitchell
d4e2dc2e72
Merge pull request #745 from hashicorp/issue-714
...
Allow creating Consul management tokens
2015-11-03 15:30:13 -05:00
Jeff Mitchell
54d47957b5
Allow creating Consul management tokens
...
Fixes #714
2015-11-03 15:29:58 -05:00
Jeff Mitchell
a4322afedb
Merge pull request #746 from hashicorp/issue-677
...
Add a PermitPool to physical and consul/inmem
2015-11-03 15:26:58 -05:00
Jeff Mitchell
7f44a1b812
Add configuration parameter for max parallel connections to Consul
2015-11-03 15:26:07 -05:00
Jeff Mitchell
73e3aa1d64
Add create-orphan to documentation
2015-11-03 15:15:33 -05:00
Jeff Mitchell
4f6ad849b8
Merge pull request #703 from hashicorp/crlsets
...
Implement CRLs for the cert authentication backend
2015-11-03 15:13:08 -05:00
Jeff Mitchell
c794c1ea11
Merge pull request #748 from hashicorp/create-orphan-http
...
Add ability to create orphan tokens from the API
2015-11-03 15:12:42 -05:00
Jeff Mitchell
6ccded7a2f
Add ability to create orphan tokens from the API
2015-11-03 15:12:21 -05:00
Jeff Mitchell
1b83eefd97
Address review feedback
2015-11-03 14:48:05 -05:00
Jeff Mitchell
bf2e553785
Add a PermitPool to physical and consul/inmem
...
The permit pool controls the number of outstanding operations that can
be queued for Consul (and inmem, for testing purposes). This prevents
possible situations where Vault launches thousands of concurrent
connections to Consul if e.g. a huge number of leases need to be
expired.
Fixes #677
2015-11-03 11:49:20 -05:00
Jeff Mitchell
c7493fca65
Changelogify
2015-11-03 11:43:57 -05:00
Jeff Mitchell
d3f7546602
Fix trailing whitespace complaints
2015-11-03 10:52:20 -05:00
Jeff Mitchell
5e72453b49
Use TypeDurationSecond instead of TypeString
2015-11-03 10:52:20 -05:00
Jeff Mitchell
f0a25ed581
Clarify that CRLs are not fetched by Vault
2015-11-03 10:52:20 -05:00
Jeff Mitchell
154fc24777
Address first round of feedback from review
2015-11-03 10:52:20 -05:00
Jeff Mitchell
59cc61cc79
Add documentation for CRLs and some minor cleanup.
2015-11-03 10:52:20 -05:00
Jeff Mitchell
5d562693bd
Add tests for the crls path, and fix a couple bugs
2015-11-03 10:52:20 -05:00
Jeff Mitchell
b6b62f7dc1
Drastically simplify the method and logic; keep an in-memory cache and use that for most operations, only affecting the backend storage when needed.
2015-11-03 10:52:20 -05:00
Jeff Mitchell
c66f0918be
Add delete method, and ability to delete only one serial as well as an entire set.
2015-11-03 10:52:20 -05:00
Jeff Mitchell
be1a2266cc
Add CRLSets endpoints; write method is done. Add verification logic to
...
login path. Change certs "ttl" field to be a string to match common
backend behavior.
2015-11-03 10:52:19 -05:00
Jeff Mitchell
62eef4e711
Merge pull request #744 from hashicorp/issue-733
...
Run preSeal if postUnseal fails.
2015-11-03 10:50:23 -05:00
Jeff Mitchell
6f6646fc24
Update deps
2015-11-02 13:43:12 -05:00
Jeff Mitchell
a9db12670a
errwrap -> go-multierror + errwrap
2015-11-02 13:29:33 -05:00
Jeff Mitchell
7e9918ec8e
Run preSeal if postUnseal fails.
...
This also ensures that every error path out of postUnseal returns an
error.
Fixes #733
2015-11-02 13:29:33 -05:00
Jeff Mitchell
4c9d6c7624
Merge pull request #741 from hashicorp/sethvargo/update_deps
...
Update deps
2015-11-02 12:21:36 -05:00
Seth Vargo
658bc0634a
Fix breaking API changes
2015-10-30 18:22:48 -04:00
Seth Vargo
3e15a1f056
Update deps
2015-10-30 18:07:00 -04:00
Jeff Mitchell
af37736a38
Merge pull request #740 from hashicorp/issue-739
...
Implement LookupSelf, RevokeSelf, and RenewSelf in the API client
2015-10-30 17:28:18 -04:00
Jeff Mitchell
195caa6bf6
Implement LookupSelf, RevokeSelf, and RenewSelf in the API client
...
Fixes #739
2015-10-30 17:27:33 -04:00
Jeff Mitchell
80705b7963
If we fail to open a file path, show which it is in the error output
2015-10-30 14:30:21 -04:00
Jeff Mitchell
1899bd8ef0
Merge pull request #730 from hashicorp/issue-713
...
Write HMAC-SHA256'd client token to audited requests
2015-10-30 13:36:22 -04:00
Jeff Mitchell
ffa196da0e
Note that the dev server does not fork
...
Fixes #710 .
2015-10-30 12:47:56 -04:00
Jeff Mitchell
64eacd1564
Merge pull request #737 from hashicorp/issue-615
...
Return data on a token with one use left if there is no Lease ID
2015-10-30 12:42:19 -04:00
Jeff Mitchell
a0c5a24c79
Update Postgres tests and changelogify
2015-10-30 12:41:45 -04:00
Jeff Mitchell
94b7be702b
Return data on a token with one use left if there is no Lease ID
...
Fixes #615
2015-10-30 12:35:42 -04:00
Jeff Mitchell
bd17b74456
Merge pull request #736 from hashicorp/issue-699
...
Revoke permissions before dropping user in postgresql.
2015-10-30 12:01:03 -04:00
Jeff Mitchell
2d8e3b35f2
Revoke permissions before dropping user in postgresql.
...
Currently permissions are not revoked, which can lead revocation to not
actually work properly. This attempts to revoke all permissions and only
then drop the role.
Fixes issue #699
2015-10-30 11:58:52 -04:00
Jeff Mitchell
24f1da837e
Merge pull request #735 from hashicorp/unexport-create-roottoken
...
Make the token store's Create and RootToken functions non-exported.
2015-10-30 11:04:29 -04:00
Jeff Mitchell
636d57a026
Make the token store's Create and RootToken functions non-exported.
...
Nothing requires them to be exported, and I don't want anything in the
future to think it's okay to simply create a root token when it likes.
2015-10-30 10:59:26 -04:00
Jeff Mitchell
541312ebee
Merge pull request #731 from hashicorp/sethvargo/trail
...
Force a trailing slash
2015-10-29 16:22:52 -04:00
Seth Vargo
f83eba4666
Force a trailing slash
2015-10-29 16:21:39 -04:00
Jeff Mitchell
cf4b88c196
Write HMAC-SHA256'd client token to audited requests
...
Fixes #713
2015-10-29 13:26:18 -04:00
Jeff Mitchell
528e859c4b
Fix wording
2015-10-29 12:58:29 -04:00