vishalnayak
d080107a87
Update docs to contain bound_iam_role_arn
2016-09-26 09:37:38 -04:00
vishalnayak
bf0b7f218e
Implemented bound_iam_role_arn constraint
2016-09-23 21:35:36 -04:00
John
c39eeecaea
tip to override VAULT_ADDR in getting started guide ( #1915 )
2016-09-23 19:34:07 -04:00
Jim Weber
e0ea497cfe
Getting role name from the creds path used in revocation
2016-09-23 16:57:08 -04:00
Jim Weber
8709406eb3
secretCredsRevoke command no longer uses hardcoded query
...
The removal of a user from the db is now handled similar to the
creation. The SQL is read out of a key from the role and then executed
with values substituted for username.
2016-09-23 16:05:49 -04:00
Jim Weber
1bed6bfc2c
Added support for a revokeSQL key value pair to the role
2016-09-23 16:00:23 -04:00
Jeff Mitchell
72b9c4c649
Fix parsing env var, needed to be in the helper too
2016-09-23 13:20:26 -04:00
vishalnayak
a31f9bb0e9
Fix zeroAddr check
2016-09-23 12:50:26 -04:00
Jeff Mitchell
be694f0287
changelog++
2016-09-23 12:33:26 -04:00
Jeff Mitchell
6bf871995b
Don't use time.Time in responses. ( #1912 )
...
This fixes #1911 but not directly; it doesn't address the cause of the
panic. However, it turns out that this is the correct fix anyways,
because it ensures that the value being logged is RFC3339 format, which
is what the time turns into in JSON but not the normal time string
value, so what we audit log (and HMAC) matches what we are returning.
2016-09-23 12:32:07 -04:00
vishalnayak
2d4bfeff49
Update website for bound_iam_instance_profile_arn
2016-09-23 11:23:59 -04:00
vishalnayak
e0c41f02c8
Fix incorrect naming of bound_iam_instance_profile_arn
2016-09-23 11:22:23 -04:00
Evan Phoenix
4214a0199d
Advertise the cluster_(id|name) in the Scada handshake ( #1906 )
2016-09-23 10:55:51 -04:00
vishalnayak
f560e20b28
Address review feedback
2016-09-22 18:07:35 -04:00
Jeff Mitchell
57f3904d74
Use VAULT_LOG_FORMAT as an analogue to LOGXI_FORMAT
2016-09-22 17:22:02 -04:00
vishalnayak
c26754000b
Fix ssh tests
2016-09-22 11:37:55 -04:00
vishalnayak
07b1b244d6
Use net.IPv4zero to check for zero address
2016-09-21 20:29:33 -04:00
vishalnayak
aaadd4ad97
Store the CIDR list in the secret ID storage entry.
...
Use the stored information to validate the source address and credential issue time.
Correct the logic used to verify BoundCIDRList on the role.
Reverify the subset requirements between secret ID and role during credential issue time.
2016-09-21 20:19:26 -04:00
vishalnayak
578b82acf5
Pass only valid inputs to validation methods
2016-09-21 15:44:54 -04:00
Jeff Mitchell
d65da5613c
Add missing dep
2016-09-21 14:02:35 -04:00
Jeff Mitchell
226ef5d78c
Make HA in etcd off by default. ( #1909 )
...
Fixes #1908
(Doesn't really "fix" it but someone from the community needs to step up
if they want to see this fixed.)
2016-09-21 14:01:36 -04:00
vishalnayak
93604e1e2e
Added cidrutil helper
2016-09-21 13:58:32 -04:00
Jeff Mitchell
5c9bd9adcb
changelog++
2016-09-21 13:50:07 -04:00
Jeff Mitchell
676e7e0f07
Ensure upgrades have a valid HMAC key
2016-09-21 11:10:57 -04:00
Jeff Mitchell
0ff76e16d2
Transit and audit enhancements
2016-09-21 10:49:26 -04:00
Jeff Mitchell
982f151722
Update docs to reflect that there is more than one constraint for EC2 now
2016-09-20 16:11:32 -04:00
Jeff Mitchell
bbe87db913
Force tls_disable on scada connection inside outer TLS connection as it's not currently supported anyways
2016-09-20 14:56:16 -04:00
Chris Hoffman
5c241d31e7
Renaming ttl_max -> max_ttl in mssql backend ( #1905 )
2016-09-20 12:39:02 -04:00
Carlo Cabanilla
f6239cf0c0
fix shell quoting ( #1904 )
...
$() doesnt get evaluated in single quotes, so you need to break out of it first
2016-09-19 17:11:16 -04:00
Jeff Mitchell
27782238a1
changelog++
2016-09-19 13:03:03 -04:00
Jeff Mitchell
69c4452344
Merge branch 'master' of https://github.com/hashicorp/vault into master-oss
2016-09-19 13:02:30 -04:00
Jeff Mitchell
f3ab4971a6
Follow Vault convention on DELETE
being idempotent ( #1903 )
...
* Follow Vault convention on `DELETE` being idempotent with
audit/auth/mounts deletes (a.k.a. disabling/unmounting).
2016-09-19 13:02:25 -04:00
Jeff Mitchell
7f3041d6a5
Fix formatting
2016-09-19 13:00:50 -04:00
Jeff Mitchell
6e40d606d4
Bump to newer middleman-hashicorp
2016-09-19 12:42:35 -04:00
Jeff Mitchell
85c51fd861
Update website docs to indicate sudo being required for auth/audit
...
endpoints.
2016-09-19 12:10:08 -04:00
Vishal Nayak
97dc0e9f64
Merge pull request #1897 from hashicorp/secret-id-accessor-locks
...
Safely manipulate secret id accessors
2016-09-19 11:37:38 -04:00
Jeff Mitchell
86c83c3a98
changelog++
2016-09-19 09:41:01 -04:00
vishalnayak
fefd3a6c0b
s/GetOctalFormatted/GetHexFormatted
2016-09-16 17:47:15 -04:00
Jeff Mitchell
f7b3937c77
Fix website display of tune paths
2016-09-16 12:03:50 -04:00
Jeff Mitchell
897d3c6d2c
Rename GetOctalFormatted and add serial number to ParsedCertBundle. Basically a noop.
2016-09-16 11:05:43 -04:00
vishalnayak
271ab5a4bd
changelog++
2016-09-16 10:59:59 -04:00
Vishal Nayak
47a9c45189
Merge pull request #1899 from hashicorp/format-yml
...
Add yml alias for yaml
2016-09-16 10:56:01 -04:00
vishalnayak
e123f33a91
Add yml alias for yaml
2016-09-16 10:43:23 -04:00
vishalnayak
ba72e7887a
Safely manipulate secret id accessors
2016-09-15 18:13:50 -04:00
Vishal Nayak
61664bc653
Merge pull request #1886 from hashicorp/approle-upgrade-notes
...
upgrade notes entry for approle constraint and warning on role read
2016-09-15 12:14:01 -04:00
vishalnayak
5597156886
check for nil role
2016-09-15 12:10:40 -04:00
Vishal Nayak
4f33e8d713
Merge pull request #1892 from hashicorp/role-tag-defaults
...
Specify that role tags are not tied to an instance by default
2016-09-15 12:04:41 -04:00
vishalnayak
6a0f788dee
changelog++
2016-09-15 12:03:48 -04:00
Vishal Nayak
464f479ff0
Merge pull request #1889 from hashicorp/configurable-nonce
...
aws-ec2: generate the client nonce by default during first login attempt
2016-09-15 11:49:38 -04:00
vishalnayak
92986bb2a0
Address review feedback
2016-09-15 11:41:52 -04:00