fe7dbfaada
Handle email address alternative names, fix up tests, fix up logic around name verification
2015-11-19 09:51:17 -05:00
aa3d6dc85b
Add allow_base_domain to control whether or not the actual base domain is allowed as a cert common name and/or DNS SAN
2015-11-19 09:51:17 -05:00
7d2730d370
Add email protection flag plumbing and tests; don't call generate bundle when making an intermediate CSR since everything is now ignored
2015-11-19 09:51:17 -05:00
b3eb5c4957
Add sign method (untested)
2015-11-19 09:51:17 -05:00
6ea626e9ad
Don't show field names when not needed
2015-11-19 09:51:17 -05:00
1cec03d9ca
Implement CA cert/CSR generation. CA certs can be self-signed or
...
generate an intermediate CSR, which can be signed.
2015-11-19 09:51:17 -05:00
1c7157e632
Reintroduce the ability to look up obfuscated values in the audit log
...
with a new endpoint '/sys/audit-hash', which returns the given input
string hashed with the given audit backend's hash function and salt
(currently, always HMAC-SHA256 and a backend-specific salt).
In the process of adding the HTTP handler, this also removes the custom
HTTP handlers for the other audit endpoints, which were simply
forwarding to the logical system backend. This means that the various
audit functions will now redirect correctly from a standby to master.
(Tests all pass.)
Fixes #784
2015-11-18 20:26:03 -05:00
45e7e61d71
Update audit documentation around what hash is used
2015-11-18 10:42:42 -05:00
7ab0c2e917
Update deps
2015-11-18 10:36:57 -05:00
29135b65ca
Changelogify
2015-11-18 10:34:50 -05:00
4a1a02a123
Merge pull request #780 from vicki-c/master
...
Port to new etcd client with TLS support
2015-11-18 10:33:09 -05:00
eb464ed79d
rejecting etcd addresses without url scheme
2015-11-17 15:18:50 -08:00
4a3bcc2adc
adding check in etcd backend to validate machine urls
2015-11-16 14:35:04 -08:00
dc4374ab79
adding etcd client dependencies
2015-11-16 13:30:27 -08:00
dfe284af43
adding PermitPool to etcd backend
2015-11-15 22:38:21 -08:00
a21c8fab26
porting to new etcd client
2015-11-15 22:12:06 -08:00
0b3c7b177a
Merge pull request #775 from hashicorp/issue-771
...
Rearchitect MountTable locking and fix rollback.
2015-11-15 17:33:30 -05:00
bece637eb7
Address feedback from review
2015-11-15 17:32:57 -05:00
bc4c18a1cf
Rearchitect MountTable locking and fix rollback.
...
The rollback manager was using a saved MountTable rather than the
current table, causing it to attempt to rollback unmounted mounts, and
never rollback new mounts.
In fixing this, it became clear that bad things could happen to the
mount table...the table itself could be locked, but the table pointer
(which is what the rollback manager needs) could be modified at any time
without locking. This commit therefore also returns locking to a mutex
outside the table instead of inside, and plumbs RLock/RUnlock through to
the various places that are reading the table but not holding a write
lock.
Both unit tests and race detection pass.
Fixes #771
2015-11-11 11:54:52 -05:00
fa646a1eb1
Bump version to 0.4-dev instead of 0.3.1-dev
2015-11-10 10:28:40 -05:00
847707f4af
Merge pull request #772 from hashicorp/origin/new_header
...
New Header Redesign
2015-11-10 10:16:49 -05:00
28ae7b2466
edit this page
2015-11-09 21:10:49 -08:00
d931c62d94
sidebar
2015-11-09 21:08:05 -08:00
2af4092734
redesign header bulk
2015-11-09 20:58:06 -08:00
201adad4ae
Merge pull request #762 from hashicorp/issue-732
...
Create a "default" policy with sensible rules.
2015-11-09 17:44:09 -05:00
1a45696208
Add no-default-policy flag and API parameter to allow exclusion of the
...
default policy from a token create command.
2015-11-09 17:30:50 -05:00
d6693129de
Create a "default" policy with sensible rules.
...
It is forced to be included with each token, but can be changed (but not
deleted).
Fixes #732
2015-11-09 15:44:09 -05:00
1a621b7000
Minor test fix
2015-11-09 15:37:30 -05:00
c9e3699751
Merge pull request #769 from hashicorp/issue-769
...
Don't require root tokens for mount and policy endpoints.
2015-11-09 15:29:56 -05:00
8673f36b34
Don't require root tokens for mount and policy endpoints.
2015-11-09 15:29:21 -05:00
5d5d58ffe4
Fix unmount help output
2015-11-09 15:23:49 -05:00
9d9bf9f2f8
Merge pull request #768 from hashicorp/issue-765
...
Print version on startup.
2015-11-09 13:53:33 -05:00
75f1c1e40c
Print version on startup.
...
Fixes #765
2015-11-09 13:52:55 -05:00
3717b31b63
Merge pull request #766 from hashicorp/issue-766
...
Display whether a token is an orphan on lookup.
2015-11-09 13:20:42 -05:00
5783f547ab
Display whether a token is an orphan on lookup.
2015-11-09 13:19:59 -05:00
10913e2e6b
Update cert documentation to note requiring sudo access.
2015-11-06 16:09:42 -05:00
f098e1dd07
Tag with dev for builds
2015-11-06 13:39:30 -05:00
7aa3faa626
Rename core's 'policy' to 'policyStore' for clarification
2015-11-06 12:07:42 -05:00
b987c47c9e
Merge pull request #759 from hashicorp/remove-root-warning
...
Remove warning about nonexistent root policy by using GetPolicy instead
2015-11-06 11:37:39 -05:00
7d8371c4a3
Remove warning about nonexistent root policy by using GetPolicy instead
...
of the listing function.
2015-11-06 11:36:40 -05:00
ffa879d6e2
Update S3 docs
2015-11-06 09:26:09 -05:00
b1a445dfbf
Changelogify
2015-11-06 09:22:30 -05:00
601f85a934
Merge pull request #758 from ys/s3-bucket-config-var
...
Allow s3 bucket to come from config vars
2015-11-06 09:21:35 -05:00
8a594a7f61
Allow s3 bucket to come from config vars
2015-11-06 14:05:29 +01:00
141a71974a
Correct typo in comment
2015-11-06 00:41:14 -08:00
171bd84330
Add support for etcd over TLS
2015-11-06 00:41:14 -08:00
fde0bbf4b3
Merge pull request #752 from hashicorp/issue-749
...
Fix removing secondary index from exp manager.
2015-11-05 19:43:11 -05:00
a121941925
Merge pull request #751 from hashicorp/issue-618
...
Move environment variable reading logic to API.
2015-11-05 19:42:16 -05:00
483f4f8b8d
Add canonical import path to main package for those using golang-builder
2015-11-05 16:44:20 -05:00
26572d3798
Merge pull request #754 from hashicorp/issue-753
...
Switch etcd default port to 2379, in line with 2.x.
2015-11-05 09:48:26 -05:00
Jeff Mitchell