luxolus/open-vault
2
0
Fork 0
Code Issues 1 Pull requests Releases Activity
3201 commits 1 branch 0 tags 214 MiB
Commit graph

3201 commits

This branch
This branch
All branches
Author SHA1 Message Date
vishalnayak abfbc74bd4 Remove capabilities changes from logical_system.go 2016-03-04 10:36:03 -05:00
vishalnayak a885f9e8d2 Refactor http/sys_capabilities.go 2016-03-04 10:36:03 -05:00
vishalnayak f1fd5247ad Add vault/capabilities.go 2016-03-04 10:36:02 -05:00
vishalnayak 5749a6718c Added sys/capabililties endpoint 2016-03-04 10:36:02 -05:00
Jeff Mitchell 0998e1cdf9 Update help text exporting dev mode listen address. 
Ping #1160
 2016-03-03 18:10:14 -05:00
Jeff Mitchell a976f4f628 changelog++ 2016-03-03 13:47:00 -05:00
Jeff Mitchell a03ecb64ce Merge pull request #1172 from hashicorp/sanitize-mount-paths 
Create a unified function to sanitize mount paths.
 2016-03-03 13:46:38 -05:00
Jeff Mitchell 7394f97439 Fix out-of-date comment 2016-03-03 13:37:51 -05:00
Jeff Mitchell 0d46fb4696 Create a unified function to sanitize mount paths. 
This allows mount paths to start with '/' in addition to ensuring they
end in '/' before leaving the system backend.
 2016-03-03 13:13:47 -05:00
Jeff Mitchell eb37750951 changelog++ 2016-03-03 12:33:38 -05:00
Jeff Mitchell 3e7bca82a1 Merge pull request #1146 from hashicorp/step-down 
Provide 'sys/step-down' and 'vault step-down'
 2016-03-03 12:30:08 -05:00
Jeff Mitchell 9bf6c40974 Add default case for if the step down channel is blocked 2016-03-03 12:29:30 -05:00
Jeff Mitchell f4d8d04faf changelog++ 2016-03-03 12:06:42 -05:00
Jeff Mitchell bd7b285ab0 changelog++ 2016-03-03 12:04:48 -05:00
Jeff Mitchell c58a9b2c10 Merge pull request #1170 from hashicorp/strip-leading-slash-policies 
Strip leading paths in policies.
 2016-03-03 12:03:56 -05:00
Jeff Mitchell 9717ca5931 Strip leading paths in policies. 
It appears to be a common mistake, but they won't ever match.

Fixes #1167
 2016-03-03 11:32:48 -05:00
Jeff Mitchell f1edaed395 changelog++ 2016-03-03 11:12:15 -05:00
Jeff Mitchell bd2a314a4e Merge pull request #1169 from hashicorp/dev-mode-address 
Add the ability to specify dev mode address via CLI flag and envvar.
 2016-03-03 11:10:51 -05:00
Jeff Mitchell 62f1b3f91c Remove unneeded sleeps in test code 2016-03-03 11:09:27 -05:00
Jeff Mitchell 41dba5dd5d Move descriptions into const block 2016-03-03 11:04:05 -05:00
Jeff Mitchell 5c55c34d6b Update cubbyhole text to be more explicit. 
Fixes #1165
 2016-03-03 10:58:58 -05:00
Jeff Mitchell 69c853fd2f Add the ability to specify dev mode address via CLI flag and envvar. 
Fixes #1160
 2016-03-03 10:48:52 -05:00
Jeff Mitchell 750b33c51b Add ability to control dev root token id with 
VAULT_DEV_ROOT_TOKEN_ID env var, and change the CLI flag to match.

Ping #1160
 2016-03-03 10:24:44 -05:00
Chris Hoffman 08c9a075d8 Adding Godeps for mssql 2016-03-03 10:16:59 -05:00
Jeff Mitchell cd86226845 Add forced revocation. 
In some situations, it can be impossible to revoke leases (for instance,
if someone has gone and manually removed users created by Vault). This
can not only cause Vault to cycle trying to revoke them, but it also
prevents mounts from being unmounted, leaving them in a tainted state
where the only operations allowed are to revoke (or rollback), which
will never successfully complete.

This adds a new endpoint that works similarly to `revoke-prefix` but
ignores errors coming from a backend upon revocation (it does not ignore
errors coming from within the expiration manager, such as errors
accessing the data store). This can be used to force Vault to abandon
leases.

Like `revoke-prefix`, this is a very sensitive operation and requires
`sudo`. It is implemented as a separate endpoint, rather than an
argument to `revoke-prefix`, to ensure that control can be delegated
appropriately, as even most administrators should not normally have
this privilege.

Fixes #1135
 2016-03-03 10:13:59 -05:00
Chris Hoffman 0b4a8f5b94 Adding mssql secret backend 2016-03-03 09:19:17 -05:00
Jeff Mitchell 6ed5d10580 Remove proxy function as it's unneeded now 2016-03-02 14:55:51 -05:00
Jeff Mitchell 8ecba87807 Merge pull request #1163 from hashicorp/mux-cleanup 
Remove sys_policy from special handling as it's implemented in
 2016-03-02 14:48:30 -05:00
Jeff Mitchell 9c47b8c0a7 Remove sys_policy from special handling as it's implemented in 
logical_system too. Clean up the mux handlers.
 2016-03-02 14:16:54 -05:00
Jeff Mitchell 7b4478faba Add a sleep in the RedirectStandby test to try to fix raciness 2016-03-02 12:06:16 -05:00
Jeff Mitchell 32b91bd531 changelog++ 2016-03-02 12:05:16 -05:00
Jeff Mitchell 8670f5ac9c Merge pull request #1162 from hashicorp/dev-root-id 
Allow specifying an initial root token ID in dev mode.
 2016-03-02 12:04:25 -05:00
Jeff Mitchell 8011148fb5 Allow specifying an initial root token ID in dev mode. 
Ping #1160
 2016-03-02 12:03:26 -05:00
Jeff Mitchell 5b9c478a2c changelog++ 2016-03-01 20:27:08 -05:00
Jeff Mitchell ac57c22fe0 Merge pull request #1156 from hashicorp/renew-self-CLI 
Allow `token-renew` to not be given a token; it will then use the
 2016-03-01 20:26:02 -05:00
Jeff Mitchell 521a956e4d Address review feedback 2016-03-01 20:25:40 -05:00
vishalnayak 934123d9a3 changelog++ 2016-03-01 17:18:20 -05:00
Jeff Mitchell c438dd186a changelog++ 2016-03-01 17:12:14 -05:00
Jeff Mitchell addf92e185 Allow token-renew to not be given a token; it will then use the 
renew-self endpoint. Otherwise it will use the renew endpoint, even if
the token matches the client token.

Adds an -increment flag to allow increments even with no token passed
in.

Fixes #1150
 2016-03-01 17:02:48 -05:00
Vishal Nayak f965d1d510 Merge pull request #1153 from hashicorp/cert-non-ca-fix 
Non-CA cert registration to the cert backend
 2016-03-01 16:56:59 -05:00
vishalnayak 44208455f6 continue if non-CA policy is not found 2016-03-01 16:43:51 -05:00
vishalnayak 9a3ddc9696 Added ExtKeyUsageAny, changed big.Int comparison and fixed code flow 2016-03-01 16:37:01 -05:00
vishalnayak cc1592e27a corrections, policy matching changes and test cert changes 2016-03-01 16:37:01 -05:00
vishalnayak 09eef70853 Added testcase for cert writes 2016-03-01 16:37:01 -05:00
vishalnayak f056e8a5a5 supporting non-ca certs for verification 2016-03-01 16:37:01 -05:00
Jeff Mitchell 7c5f810bc0 Address first round of feedback 2016-03-01 15:30:37 -05:00
Jeff Mitchell 02362a5873 Update token documentation 2016-03-01 14:00:52 -05:00
Jeff Mitchell 8a500e0181 Add command and token store documentation for roles 2016-03-01 13:02:40 -05:00
Jeff Mitchell 54232eb980 Add other token role unit tests and some minor other changes. 2016-03-01 12:41:41 -05:00
Jeff Mitchell df2e337e4c Update tests to add expected role parameters 2016-03-01 12:41:40 -05:00