luxolus
/
open-vault
2
0
Fork 0
Code Issues 1 Pull Requests Releases Activity
6,682 Commits 1 Branch 0 Tags 214 MiB
Commit Graph

6682 Commits

Author SHA1 Message Date
Jeff Mitchell 6b72b90efa Remove allow_base_domain from PKI role output. 
It was never used in a release, in favor of allow_bare_domains.

Fixes #1452 (again)
 2017-11-09 10:24:36 -05:00
James Soubry f2a98cc662 Fix curl commands (#3558) 
Curl commands require HCL within JSON to work.
 2017-11-09 10:16:09 -05:00
Vishal Nayak 660c9ab382
Merge identity alias lookups into either entity or group lookup endpoints (#3538) 
* merge identity alias lookups into either entity or group lookups

* Address review feedback

* address review feedback
 2017-11-09 01:29:19 -05:00
Jeff Mitchell 3555a17d52 Don't read out an internal role member in PKI 2017-11-08 18:20:53 -05:00
Chris Hoffman a7f510c9b4 converting identity metadata to use TypeKVPairs (#3549) 2017-11-08 14:51:40 -05:00
Calvin Leung Huang b7deec2bec Add docs for /sys/rekey-recovery-key (#3520) 2017-11-08 14:22:30 -05:00
Calvin Leung Huang 882f85740b Move HA-related config values to top level (#3550) 
* Move HA-related config values to top level

* Add config2.hcl test-fixture
 2017-11-08 14:19:41 -05:00
Jeff Mitchell dd551eb12f Put back original test cluster client redirect behavior 2017-11-08 10:15:56 -05:00
Bharath B ab9111827d Remove symbols from vault binary (#3369) 2017-11-08 07:53:08 -05:00
Jeff Mitchell 0c9e692414
Minor mount logic updates (#3553) 2017-11-07 20:30:02 -05:00
Calvin Leung Huang 6aa12999aa
Use RFC3339Nano for AuditRequestEntry.Time (#3551) 2017-11-07 18:09:54 -05:00
Paul Pieralde 01ff6293e0 Doc fix for Create/Update Token API (#3548) 
`orphan` is intended to be default to False. Docs indicate this
is default to True. Simple change to update the docs only.
 2017-11-07 18:06:44 -05:00
Jeff Mitchell febda30382
Fix potential panic reading local mount tables (#3552) 2017-11-07 18:04:37 -05:00
Jeff Mitchell 98dc8e9bea Fix regression involving cluster listener 2017-11-07 17:27:13 -05:00
Jeff Mitchell a2db5671c5 Add logbridge for testing 2017-11-07 15:50:09 -05:00
Brian Shumate 0773031985 Update README to fix horizontal rule Markdown (#3534) 2017-11-07 15:29:02 -05:00
Calvin Leung Huang d9eaacf5de
Barrier unseal using recovery keys (#3541) 
* Barrier unseal using recovery keys

* Remove tests
 2017-11-07 15:15:39 -05:00
Jeff Mitchell 07dfc1da27 Bump deps 2017-11-07 11:57:05 -05:00
Chris Hoffman fe52ce1115
Add TypeKVPairs field type (#3535) 2017-11-07 11:11:49 -05:00
Vishal Nayak 2b8d8f77d2
Handle 'not supplied' case for field type TypeNameString (#3546) 
* Fix panic if value is not supplied for variables of TypeNameString

* Add tests for 'not supplied' case of all field types
 2017-11-07 10:59:57 -05:00
Calvin Leung Huang 9ffe6421c5 Fix deprecated cassandra backend tests (#3543) 2017-11-06 17:15:45 -05:00
Jeff Mitchell 5d50abf2f6 changelog++ 2017-11-06 17:13:28 -05:00
Joel Thompson 2c8cd19e14 auth/aws: Make disallow_reauthentication and allow_instance_migration mutually exclusive (#3291) 2017-11-06 17:12:07 -05:00
Jeff Mitchell 5220ee452f changelog++ 2017-11-06 15:30:12 -05:00
Jonathan Freedman 4109473134 More Mount Conflict Detection (#2919) 2017-11-06 15:29:09 -05:00
Lars Lehtonen 8ccdaa1860 Fix swallowed errors in TestRollbackManager_Join() (#3327) 2017-11-06 14:34:27 -05:00
Jeff Mitchell 71b5aa22e5 changelog++ 2017-11-06 13:32:30 -05:00
Gregory Reshetniak 57c9afa357 added AWS enpoint handling (#3416) 2017-11-06 13:31:38 -05:00
Jeff Mitchell 119607dcb7
Seal wrap all root tokens and their leases (#3540) 2017-11-06 13:10:36 -05:00
Vishal Nayak 2af5b9274f
Return group memberships of entity during read (#3526) 
* return group memberships of entity during read

* Add implied group memberships to read response of entity

* distinguish between all, direct and inherited group IDs of an entity

* address review feedback

* address review feedback

* s/implied/inherited in tests
 2017-11-06 13:01:48 -05:00
Calvin Leung Huang d7305a4681
Add note on support for using rec keys on /sys/rekey (#3517) 2017-11-06 12:18:15 -05:00
Jason Antman af649c60d0 Add third party tools list to website (#3488) 2017-11-06 12:11:02 -05:00
Jeff Mitchell 7e80b4b7ad
Minor client refactoring (#3539) 2017-11-06 12:06:19 -05:00
Jeff Mitchell 5f254f0245 changelog++ 2017-11-06 12:05:44 -05:00
Jeff Mitchell 17310654a1
Add PKCS8 marshaling to PKI (#3518) 2017-11-06 12:05:07 -05:00
Calvin Leung Huang 93917743df
Update SSH list roles docs (#3536) 2017-11-03 18:00:46 -04:00
Jeff Mitchell 357b8df0c5 Merge branch 'master' of https://github.com/hashicorp/vault into master-oss 2017-11-03 17:30:40 -04:00
Jeff Mitchell 85ea7363d4 Update gocql dep 2017-11-03 17:30:34 -04:00
Calvin Leung Huang e91e2278e3 changelog++ 2017-11-03 17:24:20 -04:00
Calvin Leung Huang 512b254820
Return role info for each role on pathRoleList (#3532) 
* Return role info for each role on pathRoleList

* Change roles -> key_info, only return key_type

* Do not initialize result map in parseRole, refactor ListResponseWithInfo

* Add role list test
 2017-11-03 17:12:03 -04:00
Jeff Mitchell 7672b1d168 changelog++ 2017-11-03 13:40:19 -04:00
Jeff Mitchell 1b7a7d9b98 changelog++ 2017-11-03 13:38:55 -04:00
Ben Higgins f78ab356d4 vault: recover from standby losing etcd lease (#3031) (#3511) 
This change makes these errors transient instead of permanent:

[ERROR] core: failed to acquire lock: error=etcdserver: requested lease not found

After this change, there can still be one of these errors when a
standby vault that lost its lease tries to become leader, but on the
next lock acquisition attempt a new session will be created. With this
new session, the standby will be able to become the leader.
 2017-11-03 13:38:16 -04:00
Jeff Mitchell 9952ddaf69
Add some more SealWrap declarations (#3531) 2017-11-03 11:43:31 -04:00
Chris Hoffman 1e03e1bad3
Fix group/policy iterators with multiple groups (#3527) 
* fixing some group iterators

* fix slice rewrite
 2017-11-03 11:26:22 -04:00
Vishal Nayak e4e4a7ba67
Capabilities responds considering policies on entities and groups (#3522) 
* Capabilities endpoint will now return considering policies on entities and groups

* refactor the policy derivation into a separate function

* Docs: Update docs to reflect the change in capabilities endpoint
 2017-11-03 11:20:10 -04:00
Vishal Nayak 06923430cc
docs: s/persona/alias (#3529) 2017-11-03 11:17:59 -04:00
vishalnayak 472efb66b6 changelog++ 2017-11-03 10:48:39 -04:00
Vishal Nayak 52df62d4ff
Encrypt/Decrypt/Sign/Verify using RSA in Transit backend (#3489) 
* encrypt/decrypt/sign/verify RSA

* update path-help and doc

* Fix the bug which was breaking convergent encryption

* support both 2048 and 4096

* update doc to contain both 2048 and 4096

* Add test for encrypt, decrypt and rotate on RSA keys

* Support exporting RSA keys

* Add sign and verify test steps

* Remove 'RSA' from PEM header

* use the default salt length

* Add 'RSA' to PEM header since openssl is expecting that

* export rsa keys as signing-key as well

* Comment the reasoning behind the PEM headers

* remove comment

* update comment

* Parameterize hashing for RSA signing and verification

* Added test steps to check hash algo choice for RSA sign/verify

* fix test by using 'prehashed'
 2017-11-03 10:45:53 -04:00
Chris Hoffman 83ea47f706
fixing test after field rename (#3530) 2017-11-03 10:29:42 -04:00