Commit graph

2154 commits

Author SHA1 Message Date
Jeff Mitchell 69794c7078 Fix otto import of uuid 2015-11-19 09:51:17 -05:00
Jeff Mitchell f16d8b8cd2 Cleanup, and add ability to sign CA CSRs that aren't destined for Vault 2015-11-19 09:51:17 -05:00
Jeff Mitchell ea676ad4cc Add tests for intermediate signing and CRL, and fix a couple things
Completes extra functionality.
2015-11-19 09:51:17 -05:00
Jeff Mitchell b2df079446 Add unit tests to test signing logic, fix up test logic for names 2015-11-19 09:51:17 -05:00
Jeff Mitchell fe7dbfaada Handle email address alternative names, fix up tests, fix up logic around name verification 2015-11-19 09:51:17 -05:00
Jeff Mitchell aa3d6dc85b Add allow_base_domain to control whether or not the actual base domain is allowed as a cert common name and/or DNS SAN 2015-11-19 09:51:17 -05:00
Jeff Mitchell 7d2730d370 Add email protection flag plumbing and tests; don't call generate bundle when making an intermediate CSR since everything is now ignored 2015-11-19 09:51:17 -05:00
Jeff Mitchell b3eb5c4957 Add sign method (untested) 2015-11-19 09:51:17 -05:00
Jeff Mitchell 6ea626e9ad Don't show field names when not needed 2015-11-19 09:51:17 -05:00
Jeff Mitchell 1cec03d9ca Implement CA cert/CSR generation. CA certs can be self-signed or
generate an intermediate CSR, which can be signed.
2015-11-19 09:51:17 -05:00
Jeff Mitchell 45e7e61d71 Update audit documentation around what hash is used 2015-11-18 10:42:42 -05:00
Jeff Mitchell 7ab0c2e917 Update deps 2015-11-18 10:36:57 -05:00
Jeff Mitchell 29135b65ca Changelogify 2015-11-18 10:34:50 -05:00
Jeff Mitchell 4a1a02a123 Merge pull request #780 from vicki-c/master
Port to new etcd client with TLS support
2015-11-18 10:33:09 -05:00
Vicki Cheung eb464ed79d rejecting etcd addresses without url scheme 2015-11-17 15:18:50 -08:00
Vicki Cheung 4a3bcc2adc adding check in etcd backend to validate machine urls 2015-11-16 14:35:04 -08:00
Vicki Cheung dc4374ab79 adding etcd client dependencies 2015-11-16 13:30:27 -08:00
Vicki Cheung dfe284af43 adding PermitPool to etcd backend 2015-11-15 22:38:21 -08:00
Vicki Cheung a21c8fab26 porting to new etcd client 2015-11-15 22:12:06 -08:00
Jeff Mitchell 0b3c7b177a Merge pull request #775 from hashicorp/issue-771
Rearchitect MountTable locking and fix rollback.
2015-11-15 17:33:30 -05:00
Jeff Mitchell bece637eb7 Address feedback from review 2015-11-15 17:32:57 -05:00
Jeff Mitchell bc4c18a1cf Rearchitect MountTable locking and fix rollback.
The rollback manager was using a saved MountTable rather than the
current table, causing it to attempt to rollback unmounted mounts, and
never rollback new mounts.

In fixing this, it became clear that bad things could happen to the
mount table...the table itself could be locked, but the table pointer
(which is what the rollback manager needs) could be modified at any time
without locking. This commit therefore also returns locking to a mutex
outside the table instead of inside, and plumbs RLock/RUnlock through to
the various places that are reading the table but not holding a write
lock.

Both unit tests and race detection pass.

Fixes #771
2015-11-11 11:54:52 -05:00
Jeff Mitchell fa646a1eb1 Bump version to 0.4-dev instead of 0.3.1-dev 2015-11-10 10:28:40 -05:00
Jeff Mitchell 847707f4af Merge pull request #772 from hashicorp/origin/new_header
New Header Redesign
2015-11-10 10:16:49 -05:00
captainill 28ae7b2466 edit this page 2015-11-09 21:10:49 -08:00
captainill d931c62d94 sidebar 2015-11-09 21:08:05 -08:00
captainill 2af4092734 redesign header bulk 2015-11-09 20:58:06 -08:00
Jeff Mitchell 201adad4ae Merge pull request #762 from hashicorp/issue-732
Create a "default" policy with sensible rules.
2015-11-09 17:44:09 -05:00
Jeff Mitchell 1a45696208 Add no-default-policy flag and API parameter to allow exclusion of the
default policy from a token create command.
2015-11-09 17:30:50 -05:00
Jeff Mitchell d6693129de Create a "default" policy with sensible rules.
It is forced to be included with each token, but can be changed (but not
deleted).

Fixes #732
2015-11-09 15:44:09 -05:00
Jeff Mitchell 1a621b7000 Minor test fix 2015-11-09 15:37:30 -05:00
Jeff Mitchell c9e3699751 Merge pull request #769 from hashicorp/issue-769
Don't require root tokens for mount and policy endpoints.
2015-11-09 15:29:56 -05:00
Jeff Mitchell 8673f36b34 Don't require root tokens for mount and policy endpoints. 2015-11-09 15:29:21 -05:00
Jeff Mitchell 5d5d58ffe4 Fix unmount help output 2015-11-09 15:23:49 -05:00
Jeff Mitchell 9d9bf9f2f8 Merge pull request #768 from hashicorp/issue-765
Print version on startup.
2015-11-09 13:53:33 -05:00
Jeff Mitchell 75f1c1e40c Print version on startup.
Fixes #765
2015-11-09 13:52:55 -05:00
Jeff Mitchell 3717b31b63 Merge pull request #766 from hashicorp/issue-766
Display whether a token is an orphan on lookup.
2015-11-09 13:20:42 -05:00
Jeff Mitchell 5783f547ab Display whether a token is an orphan on lookup. 2015-11-09 13:19:59 -05:00
Jeff Mitchell 10913e2e6b Update cert documentation to note requiring sudo access. 2015-11-06 16:09:42 -05:00
Jeff Mitchell f098e1dd07 Tag with dev for builds 2015-11-06 13:39:30 -05:00
Jeff Mitchell 7aa3faa626 Rename core's 'policy' to 'policyStore' for clarification 2015-11-06 12:07:42 -05:00
Jeff Mitchell b987c47c9e Merge pull request #759 from hashicorp/remove-root-warning
Remove warning about nonexistent root policy by using GetPolicy instead
2015-11-06 11:37:39 -05:00
Jeff Mitchell 7d8371c4a3 Remove warning about nonexistent root policy by using GetPolicy instead
of the listing function.
2015-11-06 11:36:40 -05:00
Jeff Mitchell ffa879d6e2 Update S3 docs 2015-11-06 09:26:09 -05:00
Jeff Mitchell b1a445dfbf Changelogify 2015-11-06 09:22:30 -05:00
Jeff Mitchell 601f85a934 Merge pull request #758 from ys/s3-bucket-config-var
Allow s3 bucket to come from config vars
2015-11-06 09:21:35 -05:00
Yannick 8a594a7f61 Allow s3 bucket to come from config vars 2015-11-06 14:05:29 +01:00
Greg Brockman 141a71974a Correct typo in comment 2015-11-06 00:41:14 -08:00
Greg Brockman 171bd84330 Add support for etcd over TLS 2015-11-06 00:41:14 -08:00
Jeff Mitchell fde0bbf4b3 Merge pull request #752 from hashicorp/issue-749
Fix removing secondary index from exp manager.
2015-11-05 19:43:11 -05:00