b5225fd000
Add KeyNotFoundError to seal file
2016-10-05 17:17:33 -04:00
6d00f0c483
Adds HUP support for audit log files to close and reopen. ( #1953 )
...
Adds HUP support for audit log files to close and reopen. This makes it
much easier to deal with normal log rotation methods.
As part of testing this I noticed that HUP and other items that come out
of command/server.go are going to stderr, which is where our normal log
lines go. This isn't so much problematic with our normal output but as
we officially move to supporting other formats this can cause
interleaving issues, so I moved those to stdout instead.
2016-09-30 12:04:50 -07:00
85315ff188
Rejig where the reload functions live
2016-09-30 00:07:22 -04:00
4a505bfa3e
Update text around cubbyhole/response
2016-09-29 17:44:15 -04:00
5657789627
Audit unwrapped response ( #1950 )
2016-09-29 12:03:47 -07:00
b45a481365
Wrapping enhancements ( #1927 )
2016-09-28 21:01:28 -07:00
f0203741ff
Change default TTL from 30 to 32 to accommodate monthly operations ( #1942 )
2016-09-28 18:32:49 -04:00
57b21acabb
Added unit tests for token entry upgrade
2016-09-26 18:17:50 -04:00
af888573be
Handle upgrade of deprecated fields in token entry
2016-09-26 15:47:48 -04:00
f3ab4971a6
Follow Vault convention on `DELETE` being idempotent ( #1903 )
...
* Follow Vault convention on `DELETE` being idempotent with
audit/auth/mounts deletes (a.k.a. disabling/unmounting).
2016-09-19 13:02:25 -04:00
722e26f27a
Add support for PGP encrypting the initial root token. ( #1883 )
2016-09-13 18:42:24 -04:00
fffee5611a
Rejig locks during unmount/remount. ( #1855 )
2016-09-13 11:50:14 -04:00
1c6f2fd82b
Add response wrapping to list operations ( #1814 )
2016-09-02 01:13:14 -04:00
19d64a476a
Apply fix from #1827 to rekey
2016-09-01 17:42:28 -04:00
5bd93b62d4
Return bad request error on providing same key for root generation ( #1833 )
...
Fixes #1827
2016-09-01 17:40:01 -04:00
328de60338
Description consistency
2016-08-29 15:53:11 -04:00
ac38863884
Add back token/accessor URL parameters but return a warning.
...
CC @sethvargo
2016-08-29 15:15:57 -04:00
aec05fdf02
Remove the upgrade code to update the mount table from 'aws' to 'aws-ec2'
2016-08-29 11:53:52 -04:00
7e41d5ab45
Pass headers back when request forwarding ( #1795 )
2016-08-26 17:53:47 -04:00
2ce4397deb
Plumb through the ability to set the storage read cache size. ( #1784 )
...
Plumb through the ability to set the storage read cache size.
Fixes #1772
2016-08-26 10:27:06 -04:00
9fee9ce8ff
Don't allow tokens in paths. ( #1783 )
2016-08-24 15:59:43 -04:00
b89073f7e6
Error when an invalid (as opposed to incorrect) unseal key is given. ( #1782 )
...
Fixes #1777
2016-08-24 14:15:25 -04:00
58b32e5432
Convert to logxi
2016-08-21 18:13:37 -04:00
2bb8adcbde
Cleanup and avoid unnecessary advertisement parsing in leader check
2016-08-19 14:49:11 -04:00
b7acf5b5ab
Rename proto service stuff and change log levels for some messages
2016-08-19 11:49:25 -04:00
bdcfe05517
Clustering enhancements ( #1747 )
2016-08-19 11:03:53 -04:00
87c42a796b
s/advertisement/redirect
2016-08-19 10:52:14 -04:00
01702415c2
Ensure we don't use a token entry period of 0 in role comparisons.
...
When we added support for generating periodic tokens for root/sudo in
auth/token/create we used the token entry's period value to store the
shortest period found to eventually populate the TTL. The problem was
that we then assumed later that this value would be populated for
periodic tokens, when it wouldn't have been in the upgrade case.
Instead, use a temp var to store the proper value to use; populate
te.Period only if actually given; and check that it's not zero before
comparing against role value during renew.
2016-08-16 16:47:46 -04:00
c1aa89363a
Make time logic a bit clearer
2016-08-16 16:29:07 -04:00
02d9702fbd
Add local into handler path for forwarded requests
2016-08-16 11:46:37 -04:00
62c69f8e19
Provide base64 keys in addition to hex encoded. ( #1734 )
...
* Provide base64 keys in addition to hex encoded.
Accept these at unseal/rekey time.
Also fix a bug where backup would not be honored when doing a rekey with
no operation currently ongoing.
2016-08-15 16:01:15 -04:00
37320f8798
Request forwarding ( #1721 )
...
Add request forwarding.
2016-08-15 09:42:42 -04:00
40ece8fd7c
Add another test and fix some output
2016-08-14 07:17:14 -04:00
b6ef112382
Minor wording change
2016-08-13 15:45:13 -04:00
cdea4b3445
Add some tests and fix some bugs
2016-08-13 14:03:22 -04:00
de60702d76
Don't check the role period again as we've checked it earlier and it may be greater than the te Period
2016-08-13 13:21:56 -04:00
bcb4ab5422
Add periodic support for root/sudo tokens to auth/token/create
2016-08-12 21:14:12 -04:00
c1a46349fa
Change to keybase openpgp fork as it has important fixes
2016-08-11 08:31:43 -04:00
3895ea4c2b
Address review feedback from @jefferai
2016-08-10 15:22:12 -04:00
95f9c62523
Fix Cluster object being returned as nil when unsealed
2016-08-10 15:09:16 -04:00
0f40fba40d
Don't allow a root token that expires to create one that doesn't
2016-08-09 20:32:40 -04:00
b5d55a9f47
Fix broken mount_test
2016-08-09 12:06:59 -04:00
4246ab1220
Change local cluster info path
2016-08-09 11:28:42 -04:00
c27a52069c
Merge pull request #1693 from hashicorp/mount-table-compress
...
Added utilities to compress the JSON encoded string.
2016-08-09 11:23:14 -04:00
cc10fd7a7e
Use config file cluster name after automatic gen
2016-08-09 11:03:50 -04:00
b43cc03f0e
Address review feedback from @jefferai
2016-08-09 10:47:55 -04:00
94c9fc3b49
Minor test fix
2016-08-09 07:13:29 -04:00
78d57520fb
Refactoring and test fixes
2016-08-09 03:43:03 -04:00
5866cee5b4
Added utilities to compress the data
2016-08-09 00:50:19 -04:00
d2124486ef
Merge pull request #1702 from hashicorp/renew-post-body
...
Add ability to specify renew lease ID in POST body.
2016-08-08 20:01:25 -04:00
Jeff Mitchell