Commit graph

4459 commits

Author SHA1 Message Date
Martin Forssen a617ff0f93 Mention ttl parameter in the documentation of /auth/aws-ec2/role/<role>
This parameter was not documented
2016-08-18 13:16:58 +02:00
Jeff Mitchell 150dd59332 Merge pull request #1744 from hashicorp/jbs-clarification
Add a bit of clarification
2016-08-17 17:47:06 -04:00
Jeff Mitchell 5c33356d14 Protobuf for forwarding (#1743) 2016-08-17 16:15:15 -04:00
Brian Shumate a941dbdd76 Add a bit of clarification 2016-08-17 16:07:30 -04:00
Jeff Mitchell 8d6244f8e7 Don't serialize the full connection state, instead just the peer certificates, and parse them on the other side 2016-08-17 10:29:53 -04:00
Jeff Mitchell e7261bc31f Merge pull request #1740 from hashicorp/fix-upgrade-periodic-roles
Ensure we don't use a token entry period of 0 in role comparisons.
2016-08-16 16:59:56 -04:00
Jeff Mitchell 01702415c2 Ensure we don't use a token entry period of 0 in role comparisons.
When we added support for generating periodic tokens for root/sudo in
auth/token/create we used the token entry's period value to store the
shortest period found to eventually populate the TTL. The problem was
that we then assumed later that this value would be populated for
periodic tokens, when it wouldn't have been in the upgrade case.

Instead, use a temp var to store the proper value to use; populate
te.Period only if actually given; and check that it's not zero before
comparing against role value during renew.
2016-08-16 16:47:46 -04:00
Jeff Mitchell c1aa89363a Make time logic a bit clearer 2016-08-16 16:29:07 -04:00
Jeff Mitchell 02d9702fbd Add local into handler path for forwarded requests 2016-08-16 11:46:37 -04:00
Jeff Mitchell c6b6901059 update Dockerfile for Go 1.7 final 2016-08-16 11:23:43 -04:00
Jeff Mitchell 734e80ca56 Add permit pool to dynamodb 2016-08-15 19:45:06 -04:00
Jeff Mitchell 638e61192a Actually show the error occurring if a file audit log can't be opened 2016-08-15 16:26:36 -04:00
Jeff Mitchell dcba6129e3 Use dockertest for physical consul tests, and always run them 2016-08-15 16:20:32 -04:00
Matt Hurne 56252fb637 AppRole documentation tweaks (#1735)
* Fix spelling error in AppRole docs

* Add force flag to sample command to generate a secret ID in AppRole docs

* Update sample output for AppRole login in docs
2016-08-15 16:12:08 -04:00
Jeff Mitchell c520ab986c changelog++ 2016-08-15 16:02:06 -04:00
Jeff Mitchell 62c69f8e19 Provide base64 keys in addition to hex encoded. (#1734)
* Provide base64 keys in addition to hex encoded.

Accept these at unseal/rekey time.

Also fix a bug where backup would not be honored when doing a rekey with
no operation currently ongoing.
2016-08-15 16:01:15 -04:00
Jeff Mitchell 159255b5a6
Cut version 0.6.1-rc3 2016-08-15 09:54:06 -04:00
Jeff Mitchell 8724a6864b Bump version 2016-08-15 09:49:18 -04:00
Jeff Mitchell e0170b268b changelog++ 2016-08-15 09:45:23 -04:00
Jeff Mitchell 37320f8798 Request forwarding (#1721)
Add request forwarding.
2016-08-15 09:42:42 -04:00
Jeff Mitchell 122f79b3c1 Merge pull request #1732 from hashicorp/pre0.6.1-restore-compat
Restore compatibility with pre-0.6.1 servers for CLI/Go API calls
2016-08-15 08:15:11 -04:00
Jeff Mitchell 86874def5c Parameter change
Both revocation times are UTC so clarify via parameter name that it's just a formatting difference. Also leave as a time.Time here, as it automatically marshals into RFC3339.
2016-08-14 21:43:57 -04:00
Jeff Mitchell ba87c6c0d6 Restore compatibility with pre-0.6.1 servers for CLI/Go API calls 2016-08-14 14:52:45 -04:00
Jeff Mitchell a82b6ee9d9 changelog++ 2016-08-14 07:21:05 -04:00
Jeff Mitchell 7cc5e8d0d4 Merge pull request #1725 from hashicorp/periodic-authtokencreate
Add periodic support for root/sudo tokens to auth/token/create
2016-08-14 07:17:38 -04:00
Jeff Mitchell 40ece8fd7c Add another test and fix some output 2016-08-14 07:17:14 -04:00
vishalnayak 0038db0f62 Fix typo. Fixes #1731. 2016-08-14 02:13:46 -04:00
Jeff Mitchell 7497b37280 Completely revamp token documentation 2016-08-13 17:05:31 -04:00
Jeff Mitchell b6ef112382 Minor wording change 2016-08-13 15:45:13 -04:00
Jeff Mitchell cdea4b3445 Add some tests and fix some bugs 2016-08-13 14:03:22 -04:00
Jeff Mitchell de60702d76 Don't check the role period again as we've checked it earlier and it may be greater than the te Period 2016-08-13 13:21:56 -04:00
Jeff Mitchell 43361f2991 changelog++ 2016-08-13 11:54:01 -04:00
Jeff Mitchell 66db2dcc26 Merge pull request #1728 from hashicorp/fix-crl-revocation-time
Ensure values to be encoded in a CRL are in UTC.
2016-08-13 11:53:11 -04:00
Jeff Mitchell 39cfd116b6 Cleanup 2016-08-13 11:52:09 -04:00
Jeff Mitchell 1b8711e7b7 Ensure utc value is not zero before adding 2016-08-13 11:50:57 -04:00
Jeff Mitchell d6d08250ff Ensure values to be encoded in a CRL are in UTC. This aligns with the
RFC. You might expect Go to ensure this in the CRL generation call,
but...it doesn't.

Fixes #1727
2016-08-13 08:40:09 -04:00
Jeff Mitchell 9e628f0d55 changelog++ 2016-08-13 07:25:46 -04:00
Jeff Mitchell 4114b14601 Merge pull request #1726 from jen20/f-illumos
build: Add support for building on Illumos
2016-08-13 07:24:54 -04:00
James Nugent 2c14ff7385 build: Add support for building on Illumos
This commit adds support for building for Illumos-derived operating
systems. Regrettably, the cyrpto/ssh/terminal package does not include
implementations of the functions IsTerminal, MakeRaw or Restore for the
solaris OS. Consequently this commit implements them in Vault.

makeRaw(fd int) is based on the Illumos implementation of the getpass
function [1] for the correct flags. isTerminal(fd int) is based on the
Illumos libc implementation [2] of isatty.

[1] http://src.illumos.org/source/xref/illumos-gate/usr/src/lib/libast/common/uwin/getpass.c
[2] http://src.illumos.org/source/xref/illumos-gate/usr/src/lib/libbc/libc/gen/common/isatty.c
2016-08-13 00:20:15 -04:00
Jeff Mitchell bcb4ab5422 Add periodic support for root/sudo tokens to auth/token/create 2016-08-12 21:14:12 -04:00
Jeff Mitchell 92f4fdf892 Add some info about -f to the "expects two arguments" error.
Ping #1722
2016-08-12 15:47:16 -04:00
Jeff Mitchell 3e579a51ae changelog++ 2016-08-12 15:15:35 -04:00
Jeff Mitchell 7b5a457877 Merge pull request #1724 from hashicorp/no-redirection-retry
Don't retry on redirections.
2016-08-12 15:14:53 -04:00
Jeff Mitchell 9c33224928 Don't retry on redirections. 2016-08-12 15:13:42 -04:00
Vishal Nayak 14c508ea91 Merge pull request #1723 from hashicorp/nil-config-client
Use default config and read environment by default while creating client object
2016-08-12 13:09:37 -04:00
vishalnayak ff22640015 Use default config and read environment by default while creating client object 2016-08-12 11:37:13 -04:00
Jeff Mitchell 5800b4ad3e Fix version number 2016-08-11 17:23:47 -04:00
Jeff Mitchell c1a46349fa Change to keybase openpgp fork as it has important fixes 2016-08-11 08:31:43 -04:00
Jeff Mitchell 0a40dcc593 Allow version to build without requiring a build tag 2016-08-10 20:01:15 -04:00
Jeff Mitchell ab2cdc04b5 Fix default makefile target and README 2016-08-10 15:38:17 -04:00