luxolus
/
open-vault
2
0
Fork 0
Code Issues 1 Pull Requests Releases Activity
2,527 Commits 1 Branch 0 Tags 214 MiB
Commit Graph

2527 Commits

Author SHA1 Message Date
Jeff Mitchell 9c5ad28632 Update deps, and adjust usage of go-uuid to match new return values 2016-01-13 13:40:08 -05:00
Jeff Mitchell 55a802f9ca changelog++ 2016-01-12 21:19:25 -05:00
Jeff Mitchell f9bbe0fb04 Use logical operations instead of strings for comparison 2016-01-12 21:16:31 -05:00
Jeff Mitchell d949043cac Merge pull request #914 from hashicorp/acl-rework 
More granular ACL capabilities
 2016-01-12 21:11:52 -05:00
Jeff Mitchell 4253299dfe Store uint32s in radix 2016-01-12 17:24:01 -05:00
Jeff Mitchell e58705b34c Cleanup 2016-01-12 17:10:48 -05:00
Jeff Mitchell 87fba5dad0 Convert map to bitmap 2016-01-12 17:08:10 -05:00
Jeff Mitchell da87d490eb Add some commenting around create/update 2016-01-12 15:13:54 -05:00
Jeff Mitchell 9db22dcfad Address some more review feedback 2016-01-12 15:09:16 -05:00
Jeff Mitchell ce5bd64244 Clean up HelpOperation 2016-01-12 14:34:49 -05:00
Jeff Mitchell 1efb33cfd5 changelog++ 2016-01-12 09:31:07 -05:00
Jeff Mitchell e89a1b1396 Merge pull request #924 from richardzone/patch-1 
Fix typo
 2016-01-12 09:30:40 -05:00
Ziyi, LIU 5204da4edd Fix typo 
Change "...implements is own login endpoint..." to "...implements its own login endpoint..."
 2016-01-12 22:22:13 +08:00
Jeff Mitchell ae6df99b19 changelog++ 2016-01-12 08:47:33 -05:00
Jeff Mitchell 8cb23835d7 Fix read panic when an empty argument is given. 
Fixes #923
 2016-01-12 08:46:49 -05:00
Jeff Mitchell e815db8756 Update audit sys docs 2016-01-11 19:08:23 -05:00
Jeff Mitchell 8e131e4ea4 Make sure VAULT_TOKEN is empty during unit tests 2016-01-09 14:47:55 -05:00
Jeff Mitchell 2527a9d18e changelog++ 2016-01-09 14:21:36 -05:00
Jeff Mitchell b7e68633a3 Merge pull request #878 from seiffert/dynamodb_backend 
Add DynamoDB physical backend.
 2016-01-09 14:16:15 -05:00
Jeff Mitchell a2bd31d493 Fix up PGP tests from earlier code fixes 2016-01-08 22:21:41 -05:00
Jeff Mitchell a99787afeb Don't allow a policy with no name, even though it is a valid slice member 2016-01-08 21:23:40 -05:00
Jeff Mitchell 676008b2c5 Lotsa warnings if you choose not to be safe 2016-01-08 17:35:07 -05:00
Jeff Mitchell f6d2271a3c Use an array of keys so that if the same fingerprint is used none are lost when using PGP key backup 2016-01-08 14:29:23 -05:00
Jeff Mitchell 26e1837a82 Some minor rekey backup fixes 2016-01-08 14:09:40 -05:00
Jeff Mitchell 4f4ddbf017 Create more granular ACL capabilities. 
This commit splits ACL policies into more fine-grained capabilities.
This both drastically simplifies the checking code and makes it possible
to support needed workflows that are not possible with the previous
method. It is backwards compatible; policies containing a "policy"
string are simply converted to a set of capabilities matching previous
behavior.

Fixes #724 (and others).
 2016-01-08 13:05:14 -05:00
Jeff Mitchell f3ce90164f WriteOperation -> UpdateOperation 2016-01-08 13:03:03 -05:00
Paul Seiffert 3a0ea3bcaa Add documentation for the DynamoDB backend 2016-01-08 17:34:31 +01:00
Paul Seiffert 99f7659bb4 Add recovery option to DynamoDB backend 
When Vault is killed without the chance to clean up the lock
entry in DynamoDB, no further Vault nodes can become leaders after
that.

To recover from this situation, this commit adds an environment
variable and a configuration flag that when set to "1" causes Vault
to delete the lock entry from DynamoDB.
 2016-01-08 17:31:37 +01:00
Paul Seiffert 8853e50691 Explicitly read AWS credentials from environment 2016-01-08 17:31:37 +01:00
Paul Seiffert 9618d95c4e Godeps: install new requirements from AWS SDK 2016-01-08 17:31:37 +01:00
Paul Seiffert 277de77256 Add tests for DynamoDB backend 2016-01-08 17:31:37 +01:00
Paul Seiffert 870bc6c5b4 Implement DynamoDB physical HA backend 2016-01-08 17:31:37 +01:00
Jeff Mitchell 87f686997f changelog++ 2016-01-07 11:36:32 -05:00
Jeff Mitchell c9f9bcdeaf Merge pull request #912 from hashicorp/fix-renew-regression 
Have 'sys/renew' return the value provided in Secret.
 2016-01-07 11:35:52 -05:00
Jeff Mitchell 455acc255b Have 'sys/renew' return the value provided in Secret. 
Fixes a regression introduced in 0.3.
 2016-01-07 11:35:09 -05:00
Jeff Mitchell 2412c078ac Also convert policy store cache to 2q. 
Ping #908
 2016-01-07 09:26:08 -05:00
Jeff Mitchell d6b6cbe9aa changelog++ 2016-01-07 09:22:45 -05:00
Jeff Mitchell 0cda012d20 Merge pull request #908 from hashicorp/physical-2q 
Replace physical cache with TwoQueue instead of LRU.
 2016-01-07 09:22:15 -05:00
Jeff Mitchell 287954beef Replace physical cache with TwoQueue instead of LRU. 2016-01-07 09:21:33 -05:00
Jeff Mitchell 85509e7ba5 Simplify some logic and ensure that if key share backup fails, we fail 
the operation as well.

Ping #907
 2016-01-06 13:14:23 -05:00
Jeff Mitchell 20a6f37b38 Merge pull request #907 from hashicorp/rekey-work 
Add rekey nonce/backup.
 2016-01-06 09:55:19 -05:00
Jeff Mitchell a094eedce2 Add rekey nonce/backup. 2016-01-06 09:54:35 -05:00
Jeff Mitchell d4bc51751e Fix typo in docs 2016-01-05 11:45:23 -05:00
Jeff Mitchell 06d19e4269 changelog++ 2016-01-05 11:27:08 -05:00
Jeff Mitchell d5c72f2083 Merge pull request #904 from hashicorp/policy-doc 
Update documentation with policy fetching information.
 2016-01-05 10:26:53 -06:00
Jeff Mitchell e54edd54ac Update documentation with policy fetching information. 2016-01-05 11:26:19 -05:00
Jeff Mitchell d51d723c1f Use int64 for converting time values, not int (will be float64 in JSON anyways, so no need to lose precision, plus could hit a 32-bit max in some edge cases) 2016-01-04 17:11:22 -05:00
Jeff Mitchell a99c29dad4 changelog++ 2016-01-04 17:01:32 -05:00
Jeff Mitchell 0972e60253 Merge pull request #896 from hashicorp/last-renewal-time 
Store a last renewal time in the token entry and return it upon lookup
 2016-01-04 16:00:21 -06:00
Jeff Mitchell e990b77d6e Address review feedback; move storage of these values to the expiration manager 2016-01-04 16:43:07 -05:00