3bc53d447a
changelog++
2017-06-07 10:18:35 -04:00
2cc4a761f7
Honor role period for IAM auth type in AWS backend ( #2828 )
...
Fixes #2825
2017-06-07 10:18:02 -04:00
3c765ffef1
changelog++
2017-06-07 10:03:56 -04:00
fdf92aeba5
Add listing to database connections. ( #2827 )
...
Fixes #2823
2017-06-07 10:03:17 -04:00
4f3fb87b9d
Docs typo fixes ( #2830 )
...
* Fix passing payload.json file to curl
* Correct API endpoint
2017-06-07 10:02:58 -04:00
3c727acd61
changelog++
2017-06-06 22:36:12 -04:00
7437ada31c
Check if there's a bound iam arn when renewing ( #2819 )
...
Previously, the renew method would ALWAYS check to ensure the
authenticated IAM principal ARN matched the bound ARN. However, there
is a valid use case in which no bound_iam_principal_arn is specified and
all bindings are done through inferencing. When a role is configured
like this, clients won't be able to renew their token because of the
check.
This now checks to ensure that the bound_iam_principal_arn is not empty
before requriing that it match the originally authenticated client.
Fixes #2781
2017-06-06 22:35:12 -04:00
cff022a65c
update middleman version from 24 to 26 ( #2824 )
2017-06-06 22:33:26 -04:00
62526dcec3
changelog++
2017-06-06 16:04:49 -04:00
a7fca34076
Add ability to specify encryption key version in `transit` ( #2821 )
2017-06-06 16:02:54 -04:00
545cf1de8f
changelog++
2017-06-06 09:50:38 -04:00
606fe393be
Use the role name in the db username ( #2812 )
2017-06-06 09:49:49 -04:00
778e716677
changelog++
2017-06-05 18:05:22 -04:00
e9b52ed928
Log auth info on permission denied due to ACL ( #2754 )
2017-06-05 18:04:31 -04:00
1f3ceba11b
changelog++
2017-06-05 16:44:35 -04:00
abdd39ecb9
changelog++
2017-06-05 16:37:34 -04:00
fcc9f35c77
Add a `no-store` option to `vault auth` ( #2809 )
...
Fixes #2746
2017-06-05 16:36:28 -04:00
605d74d889
Don't try to clean up upgrades if we're sealed
2017-06-05 16:00:56 -04:00
fb9029e3dd
Log heartbeat stopping
2017-06-05 15:57:04 -04:00
d9b11daec5
changelog++
2017-06-05 15:03:34 -04:00
3eebd5cf5a
ed25519 support in transit ( #2778 )
2017-06-05 15:00:39 -04:00
d51b060f17
changelog++
2017-06-05 12:40:59 -04:00
0c7d240968
Change split on instance profile name ( #2802 )
...
This now splits on the /, so we only get the last component of the instance profile name (ignoring paths)
2017-06-05 12:39:37 -04:00
2bb2623bd0
changelog++
2017-06-05 11:35:03 -05:00
789d7ab4e0
Minor typos & wordsmithing for clarity ( #2807 )
2017-06-05 09:32:09 -07:00
7e02082f5f
Use the oauth2 context ability to specify a clean http client. ( #2808 )
...
Hopefully fixes #2793
2017-06-05 12:27:01 -04:00
b90c84a2c6
Add unsalted test to app-id
2017-06-05 11:37:16 -04:00
0a8991813b
changelog++
2017-06-05 11:01:48 -04:00
0be37ca78b
Add Health() method to Sys client ( #2805 )
2017-06-05 11:00:45 -04:00
3496e1c03c
changelog++
2017-06-05 10:55:42 -04:00
3e7205c4c1
Add another nil guard to S3, follow on from #2785
2017-06-05 10:54:26 -04:00
c31b076360
Avoid panic in s3 list operation ( #2785 )
2017-06-05 10:53:20 -04:00
f7df60b131
Allow accessing Warnings directly in Response. ( #2806 )
...
A change in copystructure has caused some panics due to the custom copy
function. I'm more nervous about production panics than I am about
keeping some bad code wiping out some existing warnings, so remove the
custom copy function and just allow direct setting of Warnings.
2017-06-05 10:52:43 -04:00
9095e202d7
Update vendoring
2017-06-05 10:51:53 -04:00
731a7f187f
fixed bug where the project name was not being read from configuration if it was provided via the "tenant" attribute. this was causing the swift client to crash with an EOF error. ( #2803 )
2017-06-05 10:48:39 -04:00
898d3f12fe
changelog++
2017-06-05 10:06:12 -04:00
8f2ba268a0
Fix instantiation of salt funcs in app-id structs
2017-06-05 10:04:54 -04:00
357200763e
changelog++
2017-06-03 08:17:02 -04:00
b55d972d24
Fixes #2789 ( #2790 )
2017-06-03 08:15:37 -04:00
dad291c93c
Add plugin_directory to configuration page ( #2801 )
...
Fixes #2795
2017-06-03 08:11:03 -04:00
9f6b77598e
Fixes typos in error message and comment for AWS auth CLI ( #2798 )
2017-06-02 17:35:25 -07:00
74931c750f
changelog++
2017-06-01 15:24:27 -07:00
88118dce0f
Add max_parallel parameter to MySQL backend. ( #2760 )
...
* Add max_parallel parameter to MySQL backend.
This limits the number of concurrent connections, so that vault does not die
suddenly from "Too many connections".
This can happen when e.g. vault starts up, and tries to load all the
existing leases in parallel. At the time of writing this, the value
ExpirationRestoreWorkerCount in vault/helper/consts/const.go is set to
64, meaning that if there are enough leases in the vault's DB, it will
generate AT LEAST 64 concurrent connections to MySQL when loading the
data during start-up. On certain configurations, e.g. smaller AWS
RDS/Aurora instances, this will cause Vault to fail startup.
* Fix a typo in mysql storage readme
2017-06-01 15:20:32 -07:00
7550b79ce8
Fix policy tests
2017-06-01 17:22:34 -04:00
776019963b
Support custom renewal statements in Postgres ( #2788 )
...
* Support custom renewal statements in Postgres
* Refactored out default/custom renew methods
2017-06-01 13:18:16 -07:00
2ba85b49c7
Adding auth/aws-ec2 redirect to new docs location
2017-06-01 11:18:19 -04:00
9319307398
Add govendor to bootstrap
2017-06-01 10:18:48 -04:00
5fb495c8bf
changelog ++
2017-05-31 13:41:34 -05:00
128907172f
doc: leases are generated only for dynamic secrets ( #2772 )
...
* doc: leases are generated only for dynamic secrets
* Address review feedback
2017-05-31 09:47:17 -04:00
1a8b760790
Bump Go version in cross Dockerfile
2017-05-30 14:33:56 -04:00
Jeff Mitchell