69434fd13e
etcd: Allow disabling sync for load balanced etcd
...
Some etcd configurations (such as that provided by compose.io) place the
etcd cluster behind multiple load balancers or proxies. In this
configuration, calling Sync (or AutoSync) on the etcd client will
replace the load balancer addresses with the underlying etcd server
address.
This will cause the etcd client to bypass the load balancers, and may
cause the connection to fail completely if the etcd servers are
protected by a firewall.
This patch provides a "sync" option for the etcd backend, which defaults
to the current behavior, but which can be used to turn off of sync.
This corresponds to etcdctl's --no-sync option.
2016-01-11 13:56:58 -05:00
ebabcd857a
etcd: Document existing username and password options
...
These options were present in the source code, but not in the
documentation. They're needed to connect to some hosted etcd services.
2016-01-11 11:30:51 -05:00
2412c078ac
Also convert policy store cache to 2q.
...
Ping #908
2016-01-07 09:26:08 -05:00
d6b6cbe9aa
changelog++
2016-01-07 09:22:45 -05:00
0cda012d20
Merge pull request #908 from hashicorp/physical-2q
...
Replace physical cache with TwoQueue instead of LRU.
2016-01-07 09:22:15 -05:00
287954beef
Replace physical cache with TwoQueue instead of LRU.
2016-01-07 09:21:33 -05:00
85509e7ba5
Simplify some logic and ensure that if key share backup fails, we fail
...
the operation as well.
Ping #907
2016-01-06 13:14:23 -05:00
20a6f37b38
Merge pull request #907 from hashicorp/rekey-work
...
Add rekey nonce/backup.
2016-01-06 09:55:19 -05:00
a094eedce2
Add rekey nonce/backup.
2016-01-06 09:54:35 -05:00
d4bc51751e
Fix typo in docs
2016-01-05 11:45:23 -05:00
06d19e4269
changelog++
2016-01-05 11:27:08 -05:00
d5c72f2083
Merge pull request #904 from hashicorp/policy-doc
...
Update documentation with policy fetching information.
2016-01-05 10:26:53 -06:00
e54edd54ac
Update documentation with policy fetching information.
2016-01-05 11:26:19 -05:00
d51d723c1f
Use int64 for converting time values, not int (will be float64 in JSON anyways, so no need to lose precision, plus could hit a 32-bit max in some edge cases)
2016-01-04 17:11:22 -05:00
a99c29dad4
changelog++
2016-01-04 17:01:32 -05:00
0972e60253
Merge pull request #896 from hashicorp/last-renewal-time
...
Store a last renewal time in the token entry and return it upon lookup
2016-01-04 16:00:21 -06:00
e990b77d6e
Address review feedback; move storage of these values to the expiration manager
2016-01-04 16:43:07 -05:00
df5f5d68bd
Merge pull request #888 from aedotj/patch-1
...
Fixed "edit this page" not clickable
2016-01-04 11:29:21 -08:00
80866d036d
update init/rekey documentation around keybase entries
2016-01-04 14:17:51 -05:00
dbd7c9aaab
changelog++
2016-01-04 14:14:51 -05:00
bf79b716ef
Merge pull request #901 from hashicorp/keybase-pgp
...
Add keybase support for PGP keys.
2016-01-04 13:11:11 -06:00
8d1e5cb50d
Add returning which user names could not be looked up
2016-01-04 13:56:45 -05:00
5ddd243144
Store a last renewal time in the token entry and return it upon lookup
...
of the token.
Fixes #889
2016-01-04 11:20:49 -05:00
90ec946dab
Address review feedback.
2016-01-04 11:18:04 -05:00
d11509830f
Happy New Year everyone! (Add keybase support for PGP keys.)
...
Keys specified in rekey and init operations can now be sourced from
keybase.io by using "keybase:[username]" as the key.
2015-12-31 20:47:41 -05:00
80d92903f4
changelog++
2015-12-31 18:11:32 -05:00
2bbc140fab
Merge pull request #900 from kenjones-cisco/task/pki-doc
...
Fixes mis-placed html tag
2015-12-31 09:46:27 -06:00
496e9962d0
Fixes mis-placed html tag
2015-12-31 10:37:01 -05:00
5ef7efffe3
Disable cmd/server tests for now so we can get Travis back on track
2015-12-31 08:48:53 -05:00
c642feebe2
Remove some outdated comments
2015-12-30 21:00:27 -05:00
a7a02b3043
Cert documentation fix.
...
Fixes #899
2015-12-30 16:44:24 -05:00
7e93071404
Move the information about the new behavior of token-renew to the breaking changes section
2015-12-30 15:29:24 -05:00
be4277199f
changelog++
2015-12-30 15:20:02 -05:00
06ee0caecc
Merge pull request #897 from hashicorp/filter-duplicate-policies
...
Filter out duplicate policies during token creation.
2015-12-30 14:19:09 -06:00
df68e3bd4c
Filter out duplicate policies during token creation.
2015-12-30 15:18:30 -05:00
e0d0ff6884
changelog++
2015-12-30 14:43:51 -05:00
0c7122e956
Merge pull request #894 from hashicorp/renew-self-for-same-token
...
Use RenewSelf instead of Renew if the token is the same
2015-12-30 13:42:31 -06:00
0509ad9c29
Use RenewSelf instead of Renew if the token we're renewing is the same as the client
2015-12-30 14:41:50 -05:00
0ef4fadb25
changelog++
2015-12-30 13:28:49 -05:00
a6a002e39d
Merge pull request #892 from nickithewatt/token-lookup
...
Make token-lookup functionality available via Vault CLI
2015-12-30 12:27:39 -06:00
442d538deb
Make token-lookup functionality available via Vault CLI
2015-12-29 20:18:59 +00:00
0c338f01ea
changelog++
2015-12-29 13:18:36 -05:00
fefa696a33
Merge pull request #886 from ooesili/ssh-error-fetching-username
...
Stop panic when vault ssh username fetching fails
2015-12-29 12:17:51 -06:00
aaca139bd4
Merge pull request #891 from hashicorp/issue-890
...
Build on GH-890 to add other types
2015-12-29 12:08:00 -06:00
134b4d2a42
Built on GH-890 to add other types
2015-12-29 13:07:24 -05:00
b85c29349f
Merge pull request #890 from ironSource/pki-fix
...
fix CA compatibility with OpenSSL
2015-12-29 12:04:03 -06:00
e43656c045
changelog++
2015-12-29 13:03:22 -05:00
fa1676882f
Merge pull request #853 from hashicorp/issue-850
...
Make TokenHelper an interface and split exisiting functionality
2015-12-29 12:01:49 -06:00
822144b321
changelog++
2015-12-29 13:00:57 -05:00
7d67f27a96
Merge pull request #802 from hashicorp/f-disable-tls
...
server: sanity check value for 'tls_disable'
2015-12-29 11:59:23 -06:00
Eric Kidd