Commit graph

3673 commits

Author SHA1 Message Date
Vishal Nayak 215118dbf6 Merge pull request #1404 from hashicorp/non-ca-crl-check
Perform CRL checking for non-CA registered certs
2016-05-12 14:50:59 -04:00
Sean Chittenden 99a5213f0b Merge pull request #1355 from hashicorp/f-vault-service
Vault/Consul Service refinement
2016-05-12 11:48:29 -07:00
vishalnayak 85d9523f98 Perform CRL checking for non-CA registered certs 2016-05-12 14:37:07 -04:00
Vishal Nayak f444faf4a8 Merge pull request #1403 from hashicorp/fix-mount-tune
Fix mount tune bounds checking
2016-05-12 12:26:49 -04:00
vishalnayak be88306f92 Name the files based on changed path patterns 2016-05-12 11:52:07 -04:00
vishalnayak 7e8a2d55d0 Update docs and path names to the new patterns 2016-05-12 11:45:10 -04:00
vishalnayak af222a945a Fix mount tune bounds checking 2016-05-12 07:22:00 -04:00
Jeff Mitchell ce5614bf9b Merge branch 'master-oss' into cubbyhole-the-world 2016-05-11 19:29:52 -04:00
Jeff Mitchell e3f2020437 changelog++ 2016-05-11 19:28:01 -04:00
Jeff Mitchell 8a83c19304 Merge pull request #1399 from hashicorp/explicit-max-ttl
Add explicit maximum TTLs to token store roles.
2016-05-11 16:25:02 -07:00
Jeff Mitchell 35d285219d Merge branch 'master-oss' into cubbyhole-the-world 2016-05-11 19:09:51 -04:00
Jeff Mitchell 6ec1ca05c8 Fix bug around disallowing explicit max greater than sysview max 2016-05-11 18:46:55 -04:00
Jeff Mitchell aecc3ad824 Add explicit maximum TTLs to token store roles. 2016-05-11 16:51:18 -04:00
Sean Chittenden ae702f17da Merge pull request #1395 from hashicorp/b-remove-mlock-netbsd
Don't build mlock for NetBSD
2016-05-10 23:33:08 -07:00
vishalnayak 269432ffb2 Merge branch 'master-oss' into pr-1300 2016-05-10 20:47:07 -04:00
Sean Chittenden 8c9dadf82b
Don't build mlock for NetBSD
NetBSD doesn't have the right symbols defined in Go for mlockall support.  The OS supports it just fine, but the definitions aren't present in Go.  If someone wanted to they could add support XOR the values from `sys/mman.h` for `MCL_CURRENT | MCL_FUTURE` which is almost certainly `0x01 | 0x02` but we're not going to do that in code due to the maintenance of a one-off just for NetBSD.  PR's welcome.
2016-05-10 16:39:54 -07:00
Vishal Nayak 95421182ba Merge pull request #1394 from joehillen/patch-1
Fix default etcd address
2016-05-10 15:52:37 -04:00
Joe Hillenbrand 3b14f5043f Fix default etcd address
Should be `127.0.0.1`, not `128.0.0.1`
2016-05-10 12:50:11 -07:00
vishalnayak ddcaf26396 Merge branch 'master-oss' into aws-auth-backend 2016-05-10 14:50:00 -04:00
Jeff Mitchell 965efae798 Add dev-dynamic makefile target 2016-05-09 23:17:38 -04:00
vishalnayak d09748a135 Fix the acceptance tests 2016-05-09 22:07:51 -04:00
vishalnayak 95f3f08d29 Call client config internal from the locking method 2016-05-09 21:01:57 -04:00
Jeff Mitchell c3a3802b6c changelog++ 2016-05-09 20:01:12 -04:00
Jeff Mitchell 7afc80ae71 Merge pull request #1390 from hashicorp/dont-revoke-ca-certs
Don't revoke CA certificates with leases.
2016-05-09 16:54:40 -07:00
Jeff Mitchell d899f9d411 Don't revoke CA certificates with leases. 2016-05-09 19:53:28 -04:00
Jeff Mitchell 4549625367 Update client code to use internal entry fetching 2016-05-09 23:26:00 +00:00
Sean Chittenden 4de8b3824d
Bump Go to 1.6.2 for Travis (just added) 2016-05-08 22:13:41 -07:00
Jeff Mitchell c5008bcaac Add more tests 2016-05-07 21:08:13 -04:00
Jeff Mitchell 31e1ed2417 Implement WrapInfo audit logging 2016-05-07 20:03:56 -04:00
Jeff Mitchell bcbcd22657 Audit wrap info 2016-05-07 19:19:19 -04:00
Jeff Mitchell 2295cadbf4 Make WrapInfo a pointer to match secret/auth in response 2016-05-07 19:17:51 -04:00
Jeff Mitchell 07f8471fd2 Merge remote-tracking branch 'origin/master' into cubbyhole-the-world 2016-05-07 19:00:18 -04:00
Jeff Mitchell 5556429ee6 changelog++ 2016-05-07 19:00:09 -04:00
Jeff Mitchell 41079d691a Merge pull request #1387 from hashicorp/log-display-name
Add DisplayName to request audit object in response audit object
2016-05-07 15:58:01 -07:00
Jeff Mitchell 5b67ce1bac Add DisplayName to request audit object in response audit object 2016-05-07 18:57:38 -04:00
Jeff Mitchell 105d162cf2 Specify more complete wrap-ttl output in help 2016-05-07 16:45:41 -04:00
Jeff Mitchell c5085bc79f Merge response fix over from mfatw 2016-05-07 16:41:24 -04:00
Jeff Mitchell c52d352332 Merge branch 'master-oss' into cubbyhole-the-world 2016-05-07 16:40:04 -04:00
Jeff Mitchell f9c5425d2f changelog++ 2016-05-07 16:36:02 -04:00
Jeff Mitchell d77563994c Merge pull request #1346 from hashicorp/disable-all-caches
Disable all caches
2016-05-07 16:33:45 -04:00
Sean Chittenden f4d69e6d93 Bump Go to 1.6.1 2016-05-07 13:30:43 -07:00
Steve Jansen 597d59962c Adds sts:AssumeRole support to the AWS secret backend
Support use cases where you want to provision STS tokens
using Vault, but, you need to call AWS APIs that are blocked
for federated tokens.  For example, STS federated tokens cannot
invoke IAM APIs, such as  Terraform scripts containing
`aws_iam_*` resources.
2016-05-05 23:32:41 -04:00
Jeff Mitchell 75dbbff1a6 Merge branch 'master-oss' into cubbyhole-the-world 2016-05-05 20:45:36 -04:00
Jeff Mitchell c16b0a4f41 Switch whitelist to use longest max TTL 2016-05-05 20:44:48 -04:00
Jeff Mitchell 7a6c76289a Role tag updates 2016-05-05 15:32:14 -04:00
Jeff Mitchell b58ad615f2 Fix HMAC being overwritten. Also some documentation, and add a lock to role operations 2016-05-05 14:51:09 -04:00
Jeff Mitchell 0eddeb5c94 Guard tidy functions 2016-05-05 14:28:46 -04:00
Jeff Mitchell 2d4c390f87 More updates to mutexes and adjust blacklisted roletag default safety buffer 2016-05-05 14:12:22 -04:00
Jeff Mitchell 8fef6e3ac0 Rename identity whitelist and roletag blacklist api endpoints 2016-05-05 13:34:50 -04:00
Jeff Mitchell c69ba40d05 Move some mutexes around 2016-05-05 12:53:27 -04:00