Commit graph

1046 commits

Author SHA1 Message Date
Jeff Mitchell 1a45696208 Add no-default-policy flag and API parameter to allow exclusion of the
default policy from a token create command.
2015-11-09 17:30:50 -05:00
Jeff Mitchell d6693129de Create a "default" policy with sensible rules.
It is forced to be included with each token, but can be changed (but not
deleted).

Fixes #732
2015-11-09 15:44:09 -05:00
Jeff Mitchell 8673f36b34 Don't require root tokens for mount and policy endpoints. 2015-11-09 15:29:21 -05:00
Jeff Mitchell 75f1c1e40c Print version on startup.
Fixes #765
2015-11-09 13:52:55 -05:00
Jeff Mitchell 5783f547ab Display whether a token is an orphan on lookup. 2015-11-09 13:19:59 -05:00
Jeff Mitchell b1a445dfbf Changelogify 2015-11-06 09:22:30 -05:00
Jeff Mitchell fde0bbf4b3 Merge pull request #752 from hashicorp/issue-749
Fix removing secondary index from exp manager.
2015-11-05 19:43:11 -05:00
Jeff Mitchell a121941925 Merge pull request #751 from hashicorp/issue-618
Move environment variable reading logic to API.
2015-11-05 19:42:16 -05:00
Jeff Mitchell 08dbc70c9f Switch etcd default port to 2379, in line with 2.x.
Fixes #753
2015-11-05 09:47:50 -05:00
Jeff Mitchell 395d6bead4 Fix removing secondary index from exp manager.
Due to a typo, revoking ensures that index entries are created rather
than removed. This adds a failing, then fixed test case (and helper
function) to ensure that index entries are properly removed on revoke.

Fixes #749
2015-11-04 10:50:31 -05:00
Jeff Mitchell 32e23bea71 Move environment variable reading logic to API.
This allows the same environment variables to be read, parsed, and used
from any API client as was previously handled in the CLI. The CLI now
uses the API environment variable reading capability, then overrides any
values from command line flags, if necessary.

Fixes #618
2015-11-04 10:28:00 -05:00
Jeff Mitchell f8c13ed69f Changelog++ 2015-11-04 09:42:07 -05:00
Jeff Mitchell 54d47957b5 Allow creating Consul management tokens
Fixes #714
2015-11-03 15:29:58 -05:00
Jeff Mitchell a4322afedb Merge pull request #746 from hashicorp/issue-677
Add a PermitPool to physical and consul/inmem
2015-11-03 15:26:58 -05:00
Jeff Mitchell 4f6ad849b8 Merge pull request #703 from hashicorp/crlsets
Implement CRLs for the cert authentication backend
2015-11-03 15:13:08 -05:00
Jeff Mitchell 6ccded7a2f Add ability to create orphan tokens from the API 2015-11-03 15:12:21 -05:00
Jeff Mitchell bf2e553785 Add a PermitPool to physical and consul/inmem
The permit pool controls the number of outstanding operations that can
be queued for Consul (and inmem, for testing purposes). This prevents
possible situations where Vault launches thousands of concurrent
connections to Consul if e.g. a huge number of leases need to be
expired.

Fixes #677
2015-11-03 11:49:20 -05:00
Jeff Mitchell c7493fca65 Changelogify 2015-11-03 11:43:57 -05:00
Jeff Mitchell 59cc61cc79 Add documentation for CRLs and some minor cleanup. 2015-11-03 10:52:20 -05:00
Jeff Mitchell 195caa6bf6 Implement LookupSelf, RevokeSelf, and RenewSelf in the API client
Fixes #739
2015-10-30 17:27:33 -04:00
Jeff Mitchell 1899bd8ef0 Merge pull request #730 from hashicorp/issue-713
Write HMAC-SHA256'd client token to audited requests
2015-10-30 13:36:22 -04:00
Jeff Mitchell ffa196da0e Note that the dev server does not fork
Fixes #710.
2015-10-30 12:47:56 -04:00
Jeff Mitchell 64eacd1564 Merge pull request #737 from hashicorp/issue-615
Return data on a token with one use left if there is no Lease ID
2015-10-30 12:42:19 -04:00
Jeff Mitchell a0c5a24c79 Update Postgres tests and changelogify 2015-10-30 12:41:45 -04:00
Jeff Mitchell 94b7be702b Return data on a token with one use left if there is no Lease ID
Fixes #615
2015-10-30 12:35:42 -04:00
Jeff Mitchell cf4b88c196 Write HMAC-SHA256'd client token to audited requests
Fixes #713
2015-10-29 13:26:18 -04:00
Jeff Mitchell e2d4a5fe0f Documentation update around path/key name encryption.
Make it clear that path/key names in generic are not encrypted.

Fixes #697
2015-10-29 11:21:40 -04:00
Jeff Mitchell 85d4dd6a1d Check TTL provided to generic backend on write
If existing entries have unparseable TTLs, return the value plus a
warning, rather than an error.

Fixes #718
2015-10-29 11:05:21 -04:00
Jeff Mitchell c1d8b97342 Add reset support to the unseal command.
Reset clears the provided unseal keys, allowing the process to be begun
again. Includes documentation and unit test changes.

Fixes #695
2015-10-28 15:59:39 -04:00
Jeff Mitchell 9026b5c127 Update changelog 2015-10-23 09:18:03 -04:00
Jeff Mitchell 691f9e9b92 Rewrap changelog 2015-10-20 12:57:42 -04:00
Jeff Mitchell ffe531923d Changelogify 2015-10-20 12:31:01 -04:00
Jeff Mitchell 35a7f0de22 Add '.' to GenericNameRegex; it cannot appear as the first or last
character. This allows its usage in a number of extra path-based
variables.

Ping #244
2015-10-13 16:04:10 -04:00
Jeff Mitchell 78b5fcdf51 Serialize changing the state of the expiration manager pointer and
calling emitMetrics from its own goroutine.

Fixes #694
2015-10-12 16:33:54 -04:00
Jeff Mitchell 9f0b1547bb Allow disabling the physical storage cache with 'disable_cache'.
Fixes #674.
2015-10-12 13:00:32 -04:00
Jeff Mitchell 55c26a909e Documentation updates to remove lease id and duration from generic
backend example.
2015-10-12 10:01:15 -04:00
Jeff Mitchell 5fbaa0e64d Apply mount-tune properties to the token authentication backend.
Fixes #688.
2015-10-09 20:26:39 -04:00
Jeff Mitchell ee92124357 Fix output of token-create help to use ttl instead of lease 2015-10-09 19:40:30 -04:00
Jeff Mitchell b5d674d94e Add 301 redirect checking to the API client.
Vault doesn't generate these, but in some cases Go's internal HTTP
handler does. For instance, during a mount-tune command, finishing the
mount path with / (as in secret/) would cause the final URL path to
contain .../mounts/secret//tune. The double slash would trigger this
behavior in Go's handler and generate a 301. Since Vault generates 307s,
this would cause the client to think that everything was okay when in
fact nothing had happened.
2015-10-09 17:11:31 -04:00
Jeff Mitchell bf70b677b7 Add timeout to changelog 2015-10-08 19:47:16 -04:00
Jeff Mitchell d58a3b601c Add a cleanLeaderPrefix function to clean up stale leader entries in core/leader
Fixes #679.
2015-10-08 14:04:58 -04:00
Jeff Mitchell 0ca86fa2cd Changelogify 2015-10-07 16:18:39 -04:00
Jeff Mitchell 50b9129e65 Normalize policy names to lowercase on write. They are not currently
normalized when reading or deleting, for backwards compatibility.

Ping #676.
2015-10-07 13:52:21 -04:00
Jeff Mitchell 4a52de13e3 Add renew-self endpoint.
Fixes #455.
2015-10-07 12:49:13 -04:00
Jeff Mitchell ad840233eb Allow base64-encoded keys to be used on the CLI for init/rekey.
Fixes #653.
2015-10-06 12:47:01 -04:00
Jeff Mitchell de571c304d Add changelog entries for 0.3.1 and bump version in CLI 2015-10-06 11:03:55 -04:00
Jeff Mitchell 6fe4139ac3 Changelogify++ 2015-09-29 19:03:43 -07:00
Jeff Mitchell 6a7e87d471 Changelogify 2015-09-29 19:01:45 -07:00
Jeff Mitchell 62ac518ae7 Switch per-mount values to strings going in and seconds coming out, like other commands. Indicate deprecation of 'lease' in the token backend. 2015-09-25 10:41:21 -04:00
Jeff Mitchell af27a99bb7 Remove JWT for the 0.3 release; it needs a lot of rework. 2015-09-24 16:23:44 -04:00
Jeff Mitchell 8fa7d3bd0b Add revoke-self to docs 2015-09-24 12:05:00 -04:00
Jeff Mitchell fb7c05d7f6 Reorder changelog slightly 2015-09-24 10:55:32 -04:00
Jeff Mitchell 07288b3dcb Forgot to add JWT to the chnangelog 2015-09-23 14:26:31 -04:00
Jeff Mitchell 0454d04097 Minor typo fix 2015-09-23 10:07:55 -04:00
Jeff Mitchell 44166bb241 Update Changelog to 0.3 2015-09-22 11:44:28 -04:00
Jeff Mitchell 9860ea9e46 Update godeps 2015-09-22 10:15:06 -04:00
Armon Dadgar 9f9f53adbf CHANGELOG updates 2015-08-17 12:18:14 -07:00
Armon Dadgar 2d32b0a1ca Cutting v0.2.0 2015-07-13 19:40:01 +10:00
Armon Dadgar 190400a456 CHANGELOG updates 2015-07-13 19:34:11 +10:00
Armon Dadgar 8a4d6487f4 CHANGELOG updates 2015-07-13 17:08:30 +10:00
Armon Dadgar 334dbe430c CHANGELOG updates 2015-07-08 16:58:25 -06:00
Armon Dadgar eb51cdb8c8 CHANGELOG update is bolded 2015-07-06 11:20:55 -06:00
Armon Dadgar 9abc602215 CHANGELOG updates 2015-07-06 11:19:59 -06:00
Armon Dadgar de51ba0997 CHANGELOG update 2015-07-06 10:51:50 -06:00
Armon Dadgar 0521c6df6c http: support ?standbyok for 200 status on standby. Fixes #389 2015-07-02 17:49:35 -07:00
Armon Dadgar 3f189f2c57 CHANGELOG updates 2015-07-01 16:53:00 -07:00
Mitchell Hashimoto c249bc46e4 update CHANGELOG 2015-06-16 10:00:38 -07:00
Mitchell Hashimoto 644caf74c4 update CHANGELOG 2015-05-13 10:35:20 -07:00
Mitchell Hashimoto afbe744629 v0.1.2 2015-05-11 11:29:07 -07:00
Mitchell Hashimoto 8acc0fb9d3 update CHANGELOG 2015-05-11 11:28:22 -07:00
Mitchell Hashimoto b0c688cb8b update CHANGELOG 2015-05-11 11:01:52 -07:00
Mitchell Hashimoto 42d6b2a916 http: allow header for auth token [GH-124] 2015-05-11 10:56:58 -07:00
Mitchell Hashimoto 0cea01607b update CL 2015-05-11 10:46:11 -07:00
Armon Dadgar 3337e9bd45 CL update 2015-05-11 10:43:03 -07:00
Mitchell Hashimoto 1ee09f7cdf update CL 2015-05-11 10:31:47 -07:00
Mitchell Hashimoto 0e5217faf4 update CL 2015-05-11 10:28:11 -07:00
Mitchell Hashimoto 1ee7218796 update CL 2015-05-11 10:14:36 -07:00
Mitchell Hashimoto 2ef43005e8 update CHANGELOG 2015-05-11 10:10:56 -07:00
Mitchell Hashimoto 4e3e60b4c4 update CL 2015-05-11 10:09:21 -07:00
Mitchell Hashimoto 48e3835b4a update CHANGELOG 2015-05-11 10:06:36 -07:00
Mitchell Hashimoto eaac7a6dd3 up version for dev 2015-05-02 13:37:26 -07:00
Mitchell Hashimoto 44862e0819 update CHANGELOG 2015-05-02 13:34:39 -07:00
Mitchell Hashimoto deab183cbd token/disk: write token with 0600 2015-05-02 13:34:01 -07:00
Mitchell Hashimoto 8ff38717eb v0.1.1 2015-05-02 13:29:32 -07:00
Mitchell Hashimoto 727e0e90cd vault: validate advertise addr is valid URL [GH-106] 2015-05-02 13:28:33 -07:00
Mitchell Hashimoto 83af64dbd1 update cHANGELOG 2015-05-02 13:21:51 -07:00
Mitchell Hashimoto 81b12660c5 logical/framework: PathMap allows hyphens in keys [GH-119] 2015-05-02 13:17:42 -07:00
Mitchell Hashimoto 2eba902d0d update CHANGELOG 2015-05-02 13:12:09 -07:00
Mitchell Hashimoto d4155ef9d8 api: human friendly error for TLS [GH-123] 2015-05-02 13:08:35 -07:00
Mitchell Hashimoto fcde0fa942 update CHANGELOG 2015-04-29 11:30:00 -07:00
Mitchell Hashimoto fb7053bbb2 update CHANGELOG 2015-04-29 09:59:05 -07:00
Mitchell Hashimoto 97285af6b8 update CHANGELOG 2015-04-28 18:56:44 -07:00
Mitchell Hashimoto 74888ff179 update CHANGELOG 2015-04-28 15:12:20 -07:00
Mitchell Hashimoto 2961712e6e update CHANGELOG 2015-04-28 14:54:14 -07:00
Mitchell Hashimoto f31fa990a1 up version for dev 2015-04-28 14:45:38 -07:00
Mitchell Hashimoto c92aed4ac0 Add CHANGELOG 2015-04-28 09:12:09 -07:00