Commit Graph

7254 Commits

Author SHA1 Message Date
Gobin Sougrakpam 62ac4dfca0 Fix renewAuth to use the increment value (#3904) 2018-02-05 12:22:49 -05:00
Jeff Mitchell 8145b0ce0b Mark old MFA as legacy/unsupported in sidebar 2018-02-05 11:47:59 -05:00
Jeff Mitchell 39bdd318d5 changelog++ 2018-02-05 11:23:03 -05:00
Jeff Mitchell fe6c19d623 Update zookeeper dep
Fixes #3896
2018-02-05 11:22:21 -05:00
Jeff Mitchell 6dfd2d0684 changelog++ 2018-02-05 10:57:22 -05:00
Jeff Mitchell 20465d8040 Add centrify CLI handler support 2018-02-05 10:56:57 -05:00
Jeff Mitchell 05723e1229 Revert cluster.go change 2018-02-04 20:42:45 -05:00
Jeff Mitchell f33563f667 Some vet fixes 2018-02-04 20:37:57 -05:00
Joel Thompson 4f49318b33 auth/aws: Switch role tag processing from strings.Contains to strings.HasPrefix (#3906)
strings.HasPrefix is more correct; if a tag part value ended up
containing the expected prefix of another part, it could cause incorrect
parsing. I don't think that these values would be semantically legal
today, but it's probably better to be defensive.
2018-02-04 19:37:03 -05:00
Jeff Mitchell 0255d4ca10 Make the MFA support status more clear for the legacy system 2018-02-04 19:25:27 -05:00
Jeff Mitchell 041d0d4abf changelog++ 2018-02-03 13:28:15 -05:00
Jeff Mitchell b6614b651f
Differentiate between user/internal error in AppRole login. (#3902)
* Differentiate between user/internal error in AppRole login.

This allows us to properly pass through internal errors back up into
core.

* Separate out error cases
2018-02-02 20:34:32 -05:00
Jeff Mitchell fc6564e4ee
Don't run rollback and upgrade functionality if we are a replication secondary (#3900)
* Don't run rollback and upgrade functionality if we are a replication
secondary, but do if the mount is local.
2018-02-02 20:28:25 -05:00
Vishal Nayak effdc09a71 Add the actual error object to the message (#3901) 2018-02-02 19:06:08 -05:00
Jeff Mitchell 676b302dbf
Add a sysview call to determine if a mount is local. (#3899)
This is useful for deciding when to run upgrade logic, e.g. if on a
performance secondary but local it's fine to run.
2018-02-02 18:17:12 -05:00
George Christou c35af6dd01 website: Include `fish` as a supported shell (#3895) 2018-02-02 10:34:48 -05:00
Brian Kassouf b91dbaf295
changelog++ 2018-02-01 16:47:38 -08:00
Jeff Mitchell ac66586b7a changelog++ 2018-02-01 19:08:39 -05:00
Xiang Li a120544b47 etcd: config etcd3 client's max response size (#3891) 2018-02-01 19:08:09 -05:00
Jeff Mitchell 0e6b45ba5c changelog++ 2018-02-01 19:05:29 -05:00
Xiang Li 5fd85205cc etcd3: only create lock when lock is called (#3893) 2018-02-01 19:04:52 -05:00
Brian Kassouf 1cee2a1415
plugins/gRPC: fix issues with reserved keywords in response data (#3881)
* plugins/gRPC: fix issues with reserved keywords in response data

* Add the path raw file for mock plugin

* Fix panic when special paths is nil

* Add tests for Listing and raw requests from plugins

* Add json.Number case when decoding the status

* Bump the version required for gRPC defaults

* Fix test for gRPC version check
2018-02-01 14:30:17 -08:00
Calvin Leung Huang 413df160df changelog++ 2018-02-01 12:56:02 -05:00
John Eismeier 6d18e0da3d Propose small spelling change (#3890) 2018-02-01 12:51:38 -05:00
Jeff Mitchell 4a519b1a02 changelog++ 2018-02-01 12:45:58 -05:00
Josh Giles 94fe8600b6 Return Okta config TTLs in seconds, not nanos. (#3871) 2018-02-01 12:44:57 -05:00
Vishal Nayak 01b1b9ff6d
docs/telemetry: remove merge conflict remnant (#3882)
* remove merge conflict remnant

* s/auth/authentication
2018-02-01 12:09:58 -05:00
Calvin Leung Huang 848ce6427b
Handle period's zero value in token store's token creation (#3880)
* Handle period's zero value on handleCreateCommon

* Add test for period zero value
2018-02-01 12:01:46 -05:00
Chris Hoffman ffa6fdaf1e
Adding tests to ensure all backends are mountable (#3861) 2018-02-01 11:30:04 -05:00
Brian Kassouf dc326a83d4 helper/storagepacker: Fix panic when bucket doesn't exist (#3875) 2018-01-31 18:42:22 -05:00
Brian Shumate a7049247d9 Correct cofiguration option in example (#3879) 2018-01-31 13:41:31 -05:00
Jack Pearkes a2f0f0a8e5 website: add note about the 0.9.2+ CLI changes to reduce confusion (#3868)
* website: add note about the 0.9.2+ CLI changes to reduce confusion

* website: fix frontmatter for 0.9.3 guide, add to guides index

* website: add overview title to 0.9.3 guide for spacing
2018-01-30 13:30:47 -05:00
Andy Manoske 9fed040807
Update CHANGELOG.md 2018-01-29 15:56:00 -08:00
Jeff Mitchell 0afaa4827f Merge branch 'rel-0.9.3' into master-oss 2018-01-28 16:09:31 -05:00
Jeff Mitchell 2d93cfdb1a
Cut version 0.9.3 2018-01-28 15:34:14 -05:00
Jeff Mitchell a5816dd2ae Prep for 0.9.3 2018-01-28 15:33:29 -05:00
Jeff Mitchell f967d10f04 Use debian:testing for building 2018-01-28 14:58:52 -05:00
Jeff Mitchell 1b982750f5 (Re...)Add Nomad secrets engine.
Fixes #3858
2018-01-28 14:38:19 -05:00
Jeff Mitchell 98b479ab58 Bump deps 2018-01-26 18:51:00 -05:00
Jeff Mitchell 8f24bdee1f Typo fixes on upgrading page 2018-01-26 16:11:25 -05:00
Jeff Mitchell c6d8222236 Add 0.9.2 upgrade guide 2018-01-26 16:07:41 -05:00
Jeff Mitchell 7dc3def7b5
Cut version 0.9.2 2018-01-26 14:13:20 -05:00
Jeff Mitchell f3d1e8170b Prep for 0.9.2 2018-01-26 13:59:01 -05:00
Jeff Mitchell 063f5a982b Sync plugins 2018-01-26 09:04:48 -05:00
Jeff Mitchell 60e2209532
Remove core restriction in cache and turn it into an active/standby restriction instead (#3849) 2018-01-25 22:21:51 -05:00
Chris Bartlett c7580b2961 #3850 Fixed documentation for aws/sts ttl (#3851) 2018-01-25 22:20:30 -05:00
Vishal Nayak 150ad8405b
Remove logical.Initialize() method (#3848)
* Remove logical.Initialize() method

* More cleanup

* Fix test
2018-01-25 20:19:27 -05:00
Jeff Mitchell c6f35c3890 Update plugins 2018-01-24 23:24:16 -05:00
Jeff Mitchell dbae34a4bb changelog++ 2018-01-24 23:09:59 -05:00
Joel Thompson 2cd8051607 auth/aws: Fix error with empty bound_iam_principal_arn (#3843)
* auth/aws: Fix error with empty bound_iam_principal_arn

In cases where there doesn't need to be a bound_iam_principal_arn, i.e.,
either auth_type is ec2 or there are other bindings with the iam
auth_type, but it is specified explicitly anyway, Vault tried to parse
it to resolve to internal unique IDs. This now checks to ensure that
bound_iam_principal_arn is non-empty before attempting to resolve it.

Fixes #3837

* Fix extraneous newline
2018-01-24 23:08:05 -05:00