Commit graph

2099 commits

Author SHA1 Message Date
Jeff Mitchell 08dbc70c9f Switch etcd default port to 2379, in line with 2.x.
Fixes #753
2015-11-05 09:47:50 -05:00
Jeff Mitchell 9fff3a350d Don't use the semaphore library as it's racy; instead use a simple
buffered channel. Passes all tests, including inmem, which uses it.
2015-11-04 12:27:13 -05:00
Jeff Mitchell f8c13ed69f Changelog++ 2015-11-04 09:42:07 -05:00
Jeff Mitchell 9550ac565e Merge pull request #750 from svanharmelen/f-configurable-s3-endpoint
Add an option to configure the S3 endpoint
2015-11-04 09:40:44 -05:00
Sander van Harmelen 4ad533a5ba Add a line to the documentation to describe the new feature 2015-11-04 15:36:24 +01:00
Sander van Harmelen c65b63d152 Add an option to configure the S3 endpoint
This enables the use of other (AWS S3 compatible) S3 endpoints.
2015-11-04 15:04:36 +01:00
Jeff Mitchell 94b15b78bc Update godeps 2015-11-04 08:53:58 -05:00
Jeff Mitchell d4e2dc2e72 Merge pull request #745 from hashicorp/issue-714
Allow creating Consul management tokens
2015-11-03 15:30:13 -05:00
Jeff Mitchell 54d47957b5 Allow creating Consul management tokens
Fixes #714
2015-11-03 15:29:58 -05:00
Jeff Mitchell a4322afedb Merge pull request #746 from hashicorp/issue-677
Add a PermitPool to physical and consul/inmem
2015-11-03 15:26:58 -05:00
Jeff Mitchell 7f44a1b812 Add configuration parameter for max parallel connections to Consul 2015-11-03 15:26:07 -05:00
Jeff Mitchell 73e3aa1d64 Add create-orphan to documentation 2015-11-03 15:15:33 -05:00
Jeff Mitchell 4f6ad849b8 Merge pull request #703 from hashicorp/crlsets
Implement CRLs for the cert authentication backend
2015-11-03 15:13:08 -05:00
Jeff Mitchell c794c1ea11 Merge pull request #748 from hashicorp/create-orphan-http
Add ability to create orphan tokens from the API
2015-11-03 15:12:42 -05:00
Jeff Mitchell 6ccded7a2f Add ability to create orphan tokens from the API 2015-11-03 15:12:21 -05:00
Jeff Mitchell 1b83eefd97 Address review feedback 2015-11-03 14:48:05 -05:00
Jeff Mitchell bf2e553785 Add a PermitPool to physical and consul/inmem
The permit pool controls the number of outstanding operations that can
be queued for Consul (and inmem, for testing purposes). This prevents
possible situations where Vault launches thousands of concurrent
connections to Consul if e.g. a huge number of leases need to be
expired.

Fixes #677
2015-11-03 11:49:20 -05:00
Jeff Mitchell c7493fca65 Changelogify 2015-11-03 11:43:57 -05:00
Jeff Mitchell d3f7546602 Fix trailing whitespace complaints 2015-11-03 10:52:20 -05:00
Jeff Mitchell 5e72453b49 Use TypeDurationSecond instead of TypeString 2015-11-03 10:52:20 -05:00
Jeff Mitchell f0a25ed581 Clarify that CRLs are not fetched by Vault 2015-11-03 10:52:20 -05:00
Jeff Mitchell 154fc24777 Address first round of feedback from review 2015-11-03 10:52:20 -05:00
Jeff Mitchell 59cc61cc79 Add documentation for CRLs and some minor cleanup. 2015-11-03 10:52:20 -05:00
Jeff Mitchell 5d562693bd Add tests for the crls path, and fix a couple bugs 2015-11-03 10:52:20 -05:00
Jeff Mitchell b6b62f7dc1 Drastically simplify the method and logic; keep an in-memory cache and use that for most operations, only affecting the backend storage when needed. 2015-11-03 10:52:20 -05:00
Jeff Mitchell c66f0918be Add delete method, and ability to delete only one serial as well as an entire set. 2015-11-03 10:52:20 -05:00
Jeff Mitchell be1a2266cc Add CRLSets endpoints; write method is done. Add verification logic to
login path. Change certs "ttl" field to be a string to match common
backend behavior.
2015-11-03 10:52:19 -05:00
Jeff Mitchell 62eef4e711 Merge pull request #744 from hashicorp/issue-733
Run preSeal if postUnseal fails.
2015-11-03 10:50:23 -05:00
Jeff Mitchell 6f6646fc24 Update deps 2015-11-02 13:43:12 -05:00
Jeff Mitchell a9db12670a errwrap -> go-multierror + errwrap 2015-11-02 13:29:33 -05:00
Jeff Mitchell 7e9918ec8e Run preSeal if postUnseal fails.
This also ensures that every error path out of postUnseal returns an
error.

Fixes #733
2015-11-02 13:29:33 -05:00
Jeff Mitchell 4c9d6c7624 Merge pull request #741 from hashicorp/sethvargo/update_deps
Update deps
2015-11-02 12:21:36 -05:00
Seth Vargo 658bc0634a Fix breaking API changes 2015-10-30 18:22:48 -04:00
Seth Vargo 3e15a1f056 Update deps 2015-10-30 18:07:00 -04:00
Jeff Mitchell af37736a38 Merge pull request #740 from hashicorp/issue-739
Implement LookupSelf, RevokeSelf, and RenewSelf in the API client
2015-10-30 17:28:18 -04:00
Jeff Mitchell 195caa6bf6 Implement LookupSelf, RevokeSelf, and RenewSelf in the API client
Fixes #739
2015-10-30 17:27:33 -04:00
Jeff Mitchell 80705b7963 If we fail to open a file path, show which it is in the error output 2015-10-30 14:30:21 -04:00
Jeff Mitchell 1899bd8ef0 Merge pull request #730 from hashicorp/issue-713
Write HMAC-SHA256'd client token to audited requests
2015-10-30 13:36:22 -04:00
Jeff Mitchell ffa196da0e Note that the dev server does not fork
Fixes #710.
2015-10-30 12:47:56 -04:00
Jeff Mitchell 64eacd1564 Merge pull request #737 from hashicorp/issue-615
Return data on a token with one use left if there is no Lease ID
2015-10-30 12:42:19 -04:00
Jeff Mitchell a0c5a24c79 Update Postgres tests and changelogify 2015-10-30 12:41:45 -04:00
Jeff Mitchell 94b7be702b Return data on a token with one use left if there is no Lease ID
Fixes #615
2015-10-30 12:35:42 -04:00
Jeff Mitchell bd17b74456 Merge pull request #736 from hashicorp/issue-699
Revoke permissions before dropping user in postgresql.
2015-10-30 12:01:03 -04:00
Jeff Mitchell 2d8e3b35f2 Revoke permissions before dropping user in postgresql.
Currently permissions are not revoked, which can lead revocation to not
actually work properly. This attempts to revoke all permissions and only
then drop the role.

Fixes issue #699
2015-10-30 11:58:52 -04:00
Jeff Mitchell 24f1da837e Merge pull request #735 from hashicorp/unexport-create-roottoken
Make the token store's Create and RootToken functions non-exported.
2015-10-30 11:04:29 -04:00
Jeff Mitchell 636d57a026 Make the token store's Create and RootToken functions non-exported.
Nothing requires them to be exported, and I don't want anything in the
future to think it's okay to simply create a root token when it likes.
2015-10-30 10:59:26 -04:00
Jeff Mitchell 541312ebee Merge pull request #731 from hashicorp/sethvargo/trail
Force a trailing slash
2015-10-29 16:22:52 -04:00
Seth Vargo f83eba4666 Force a trailing slash 2015-10-29 16:21:39 -04:00
Jeff Mitchell cf4b88c196 Write HMAC-SHA256'd client token to audited requests
Fixes #713
2015-10-29 13:26:18 -04:00
Jeff Mitchell 528e859c4b Fix wording 2015-10-29 12:58:29 -04:00