Laura Bennett
60ceea5532
initial commit for adding audit file permission changes
2016-10-07 15:09:32 -04:00
Jeff Mitchell
21e1f38e6a
Split HA server command tests from reload tests
2016-10-07 11:06:01 -04:00
Jeff Mitchell
2e9f4c5f5f
Add gitter badge
2016-10-06 12:37:41 -04:00
Jeff Mitchell
b5225fd000
Add KeyNotFoundError to seal file
2016-10-05 17:17:33 -04:00
Vishal Nayak
ec4b944829
Merge pull request #1974 from zendesk/update_iam_documentation
...
Update aws-ec2 configuration help
2016-10-05 16:43:45 -04:00
Michael S. Fischer
c45ab41b39
Update aws-ec2 configuration help
...
Updated to reflect enhanced functionality and clarify necessary
permissions.
2016-10-05 12:40:58 -07:00
Jeff Mitchell
60abb3d991
Cut version 0.6.2
2016-10-05 14:31:35 -04:00
Jeff Mitchell
70a9fc47b4
Don't use quoted identifier for the username
2016-10-05 14:31:19 -04:00
Jeff Mitchell
d580bb1c27
Update upgrade guide
2016-10-05 14:10:27 -04:00
Jeff Mitchell
fa515accf9
changelog++
2016-10-05 14:08:31 -04:00
Jeff Mitchell
7f9a88d8db
Postgres revocation sql, beta mode ( #1972 )
2016-10-05 13:52:59 -04:00
Jeff Mitchell
83b85dea1c
Prep for 0.6.2
2016-10-05 08:23:31 -04:00
Paweł Rozlach
33b4683dfd
Post-review fixes for file/zk recursive empty prefix delete
2016-10-05 08:08:00 -04:00
Jeff Mitchell
bab1471345
changelog++
2016-10-04 23:17:29 -04:00
vishalnayak
cf7f93a7b4
changelog++
2016-10-04 22:53:15 -04:00
Vishal Nayak
80a523b199
Merge pull request #1964 from mesosphere/prozlach/nested_secrets_handling_fix
...
Nested secrets handling fix for zookeeper and file based backend.
2016-10-04 22:45:37 -04:00
Jeff Mitchell
6b0f886756
Update website with breaking change information
2016-10-04 22:35:56 -04:00
Jeff Mitchell
22db55f847
changelog++
2016-10-04 22:15:14 -04:00
Jeff Mitchell
1890a97eba
changelog++
2016-10-04 22:07:06 -04:00
Jeff Mitchell
2a646f74b3
changelog++
2016-10-04 21:57:10 -04:00
Vishal Nayak
6e9bffade5
Merge pull request #1967 from hashicorp/mysql-revoke-sql
...
Refactor mysql's revoke SQL
2016-10-04 20:01:54 -04:00
vishalnayak
2b760d5bb7
changelog++
2016-10-04 19:47:37 -04:00
vishalnayak
de5dec6b15
Refactor mysql's revoke SQL
2016-10-04 19:30:25 -04:00
Vishal Nayak
1ab7023483
Merge pull request #1914 from jpweber/mysql-revoke
...
Mysql revoke with non-wildcard hosts
2016-10-04 17:44:15 -04:00
Jim Weber
87f206b536
removed an unused ok variable. Added warning and force use for default queries if role is nil
2016-10-04 17:15:29 -04:00
vishalnayak
40f4b4647f
changelog++
2016-10-04 16:18:47 -04:00
Pawel Rozlach
41ade15f73
Fix file backend so that it properly removes nested secrets.
...
This patch makes file backend properly remove nested secrets, without leaving
empty directory artifacts, no matter how nested directories were.
2016-10-04 21:56:12 +02:00
Pawel Rozlach
44b4704cfa
Fix zookeeper backend so that properly deletes/lists secrets.
...
This patch fixes two bugs in Zookeeper backends:
* backend was determining if the node is a leaf or not basing on the number
of the childer given node has. This is incorrect if you consider the fact
that deleteing nested node can leave empty prefixes/dirs behind which have
neither children nor data inside. The fix changes this situation by testing
if the node has any data set - if not then it is not a leaf.
* zookeeper does not delete nodes that do not have childern just like consul
does and this leads to leaving empty nodes behind. In order to fix it, we
scan the logical path of a secret being deleted for empty dirs/prefixes and
remove them up until first non-empty one.
2016-10-04 21:56:12 +02:00
Pawel Rozlach
68fc52958d
Add tests for nested/prefixed secrets removal.
...
Current tests were not checking if backends are properly removing
nested secrets. We follow here the behaviour of Consul backend, where
empty "directories/prefixes" are automatically removed by Consul itself.
2016-10-04 21:55:33 +02:00
Vishal Nayak
661a8a4734
Merge pull request #1961 from hashicorp/aws-ec2-auth-rsa-signature
...
aws-ec2-auth using identity doc and RSA digest
2016-10-04 15:45:12 -04:00
vishalnayak
0f8c132ede
Minor doc updates
2016-10-04 15:46:09 -04:00
vishalnayak
2e1aa80f31
Address review feedback 2
2016-10-04 15:30:42 -04:00
vishalnayak
59475d7f14
Address review feedback
2016-10-04 15:05:44 -04:00
Vishal Nayak
4141b632fa
Merge pull request #1957 from hashicorp/website-list-userpass
...
Added user listing endpoint to userpass docs
2016-10-04 14:10:49 -04:00
Jim Weber
cc38f3253a
fixed an incorrect assignment
2016-10-03 21:51:40 -04:00
vishalnayak
348a09e05f
Add only relevant certificates
2016-10-03 20:34:28 -04:00
vishalnayak
dbd364453e
aws-ec2 config endpoints support type option to distinguish certs
2016-10-03 20:25:07 -04:00
Jim Weber
ac78ddc178
More resilient around cases of missing role names and using the default when needed.
2016-10-03 20:20:00 -04:00
vishalnayak
b105f8ccf3
Authenticate aws-ec2 instances using identity document and its RSA signature
2016-10-03 18:57:41 -04:00
Vishal Nayak
5fb6758538
Merge pull request #1960 from hashicorp/atlas-listener-docs
...
document the atlas listener
2016-10-03 16:13:32 -04:00
Matthew Irish
61975f4265
add documentation for cluster_name and link atlas listener docs
2016-10-03 15:04:33 -05:00
Jim Weber
0a7f1089ca
Refactored logic some to make sure we can always fall back to default revoke statments
...
Changed rolename to role
made default sql revoke statments a const
2016-10-03 15:59:56 -04:00
Jim Weber
704fccaf2e
fixed some more issues I had with the tests.
2016-10-03 15:58:09 -04:00
Jim Weber
a2d6624a69
renamed rolname to role
2016-10-03 15:57:47 -04:00
Jim Weber
7ab1092c7c
Removed file that should not have been added in the first place.
2016-10-03 14:53:22 -04:00
Jim Weber
bfb0c2d3ff
Reduced duplicated code and fixed comments and simple variable name mistakes
2016-10-03 14:53:05 -04:00
Matthew Irish
34a6abcbb6
document the atlas listener
2016-10-03 10:41:50 -05:00
Jim Weber
bb70ecc5a7
Added test for revoking mysql user with wild card host and non-wildcard host
2016-10-02 22:28:54 -04:00
Jim Weber
dbb00534d9
saving role name to the Secret Internal data. Default revoke query added
...
The rolename is now saved to the secret internal data for fetching
later during the user revocation process. No longer deriving the role
name from request path
Added support for default revoke SQL statements that will provide the
same functionality as before. If not revoke SQL statements are provided
the default statements are used.
Cleaned up personal ignores from the .gitignore file
2016-10-02 18:53:16 -04:00
Jeff Mitchell
8cfcbd7943
changelog++
2016-10-02 14:55:48 -04:00