Commit graph

1796 commits

Author SHA1 Message Date
Jeff Mitchell ec57e983f7 Don't allow duplicate x parts in Shamir. Add unit test for verification. 2015-08-26 10:03:44 -07:00
Jeff Mitchell 9db8a5c744 Merge pull request #567 from hobbeswalsh/master
Spaces in displayName break AWS IAM
2015-08-26 12:37:52 -04:00
Robin Walsh 34b84367b5 Adding one more test (for no-op case) 2015-08-26 09:26:20 -07:00
Robin Walsh 4b7c2cc114 Adding unit test for normalizeDisplayName() 2015-08-26 09:23:33 -07:00
Jeff Mitchell 2098446d47 Ensure that the 'file' audit backend can successfully open its given path before returning success. Fixes #550. 2015-08-26 09:13:10 -07:00
Jeff Mitchell 2d8bfff02b Explicitly check for blank leases in AWS, and give a better error message if lease_max cannot be parsed. Fixes #569. 2015-08-26 09:04:47 -07:00
Jeff Mitchell 8669a87fdd When using PGP encryption on unseal keys, encrypt the hexencoded string rather than the raw bytes. 2015-08-26 07:59:50 -07:00
Jeff Mitchell 17cbd9e1ca If JSON decoding fails, make it clear that the problem is failing to
parse the JSON, rather than returning the possibly confusing error from
the JSON decoder.

Fixes #553.
2015-08-26 07:03:33 -07:00
Jeff Mitchell b940d214bd Merge pull request #568 from ctennis/add_some_s3_info
Make it clear for physical S3 backend we support instance profiles as well.
2015-08-26 09:03:38 -04:00
Jeff Mitchell 003029938d Merge pull request #570 from hashicorp/pgp-init-keys
PGP keys at init/rekey time
2015-08-25 19:41:21 -04:00
Jeff Mitchell ea08678189 Update godeps 2015-08-25 16:24:25 -07:00
Jeff Mitchell cc232e6f79 Address comments from review. 2015-08-25 15:33:58 -07:00
Jeff Mitchell 0b580d0521 Update website documentation for init and rekey with secret_pgp_keys API option 2015-08-25 14:52:13 -07:00
Jeff Mitchell c887df93cc Add support for pgp-keys argument to rekey, as well as tests, plus
refactor common bits out of init.
2015-08-25 14:52:13 -07:00
Jeff Mitchell f57e7892e7 Don't store the given public keys in the seal config 2015-08-25 14:52:13 -07:00
Jeff Mitchell a7316f2e24 Handle people specifying PGP key files with @ in front 2015-08-25 14:52:13 -07:00
Jeff Mitchell 2f3e245b0b Add support for "pgp-tokens" parameters to init.
There are thorough unit tests that read the returned
encrypted tokens, seal the vault, and unseal it
again to ensure all works as expected.
2015-08-25 14:52:13 -07:00
Caleb Tennis 6c30f9a0f9 Make it clear we support instance profiles as well, the existing docs seem to indicate static credentials are required 2015-08-25 06:47:07 -07:00
Robin Walsh 8530f14fee s/string replacement/regexp replacement 2015-08-24 17:00:54 -07:00
Robin Walsh 69f5abdc91 spaces in displayName break AWS IAM 2015-08-24 16:12:45 -07:00
Vishal Nayak 07b4091cae Merge pull request #566 from hashicorp/fix-install-script
Cleanup of public key install script
2015-08-24 15:06:28 -04:00
vishalnayak c35d78b3cb Vault SSH: Documentation update 2015-08-24 14:18:37 -04:00
vishalnayak e6987beb61 Vault SSH: Replace args with named vars 2015-08-24 14:07:07 -04:00
vishalnayak eb91a3451b Merging with master 2015-08-24 13:55:20 -04:00
vishalnayak 44c07cff5b Vault SSH: Cleanup of aux files in install script 2015-08-24 13:50:46 -04:00
Jeff Mitchell 025ec5057e Merge pull request #564 from hashicorp/remove-cookie-auth
Remove cookie authentication
2015-08-21 19:55:00 -07:00
Jeff Mitchell a8ef0e8a80 Remove cookie authentication. 2015-08-21 19:46:23 -07:00
Jeff Mitchell f7845234b4 Merge pull request #555 from hashicorp/toggleable-hostname-enforcement
Allow enforcement of hostnames to be toggleable for certificates.
2015-08-21 19:23:09 -07:00
Jeff Mitchell 5695d57ba0 Merge pull request #561 from hashicorp/fix-wild-cards
Allow hyphens in endpoint patterns of most backends
2015-08-21 11:40:42 -07:00
Armon Dadgar 88a7b57491 Merge pull request #558 from captainill/master
make sure header is below clickable area that hides sidebar
2015-08-21 10:21:40 -07:00
vishalnayak 6822af68e1 Vault SSH: Undo changes which does not belong to wild card changes 2015-08-21 09:58:15 -07:00
vishalnayak 6c2927ede0 Vault: Fix wild card paths for all backends 2015-08-21 00:56:13 -07:00
Jeff Mitchell 065e4e3fdb Merge pull request #560 from hashicorp/refactor-lease-ttl
Refactor Lease names internally for logical consistency
2015-08-20 23:30:31 -07:00
Jeff Mitchell ea9fbb90bc Rejig Lease terminology internally; also, put a few JSON names back to their original values 2015-08-20 22:27:01 -07:00
Jeff Mitchell 93ef9a54bd Internally refactor Lease/LeaseGracePeriod into TTL/GracePeriod 2015-08-20 18:00:51 -07:00
Jeff Mitchell 04a6a814cc Merge pull request #557 from hashicorp/generic-lease-to-ttl
Change "lease" parameter in the generic backend to be "ttl" to reduce confusion.
2015-08-20 18:00:11 -07:00
Jeff Mitchell 0fa783f850 Update help text for TTL values in generic backend 2015-08-20 17:59:30 -07:00
captainill ad9e00b166 make sure header is below clickable area that hides sidebar 2015-08-20 17:22:48 -07:00
Jeff Mitchell b57ce8e5c2 Change "lease" parameter in the generic backend to be "ttl" to reduce confusion. "lease" is now deprecated but will remain valid until 0.4.
Fixes #528.
2015-08-20 16:41:25 -07:00
vishalnayak 54db77a3f1 Vault SSH: +script link, -script file, in docs 2015-08-20 16:35:16 -07:00
vishalnayak 0ffad79548 Vault SSH: Make the script readable 2015-08-20 16:12:17 -07:00
Jeff Mitchell 133380915a Disallow non-client X509 key usages for client TLS cert authentication. 2015-08-20 15:50:47 -07:00
Jeff Mitchell 41b85a1c83 Allow enforcement of hostnames to be toggleable for certificates. Fixes #451. 2015-08-20 14:33:37 -07:00
Jeff Mitchell c84ccc08d4 sys_mount.go is now unnecessary 2015-08-20 14:09:15 -07:00
Jeff Mitchell 271255b008 Send sys mounting logic directly to logical backend. Unit tests run. 2015-08-20 13:59:57 -07:00
Jeff Mitchell 15f57082e0 Begin factoring out sys paths into logical routes. Also, standardize on 307 as redirect code. 2015-08-20 13:20:35 -07:00
vishalnayak 2da717fd8b Vault SSH: Adding the missed out config file 2015-08-20 11:30:21 -07:00
Jeff Mitchell 46d06144a8 Merge pull request #552 from hashicorp/fix-uselimit-decrement
Fix #461 properly by defering potential revocation of a token until a…
2015-08-20 10:39:24 -07:00
Jeff Mitchell db79dd8c22 Don't defer revocation when sealing, and clear out response/auth if there is a token use error 2015-08-20 10:37:42 -07:00
Jeff Mitchell 0e8e3660ff Fix #461 properly by defering potential revocation of a token until after the request is fully handled. 2015-08-20 10:14:13 -07:00