Jeff Mitchell
e02acf9943
Fill in release date in Changelog
2015-12-10 13:21:44 -05:00
Jeff Mitchell
e25b3ad344
Update documentation to be consistent with return codes
...
Fixes #831
2015-12-10 10:26:40 -05:00
Jeff Mitchell
d332200495
Merge branch 'master' into pki-csrs
2015-12-09 16:48:07 -05:00
Jeff Mitchell
900b3d8882
Return 400 instead of 500 if generic backend is written to without data.
...
Fixes #825
2015-12-09 10:39:22 -05:00
Jeff Mitchell
448efd56fa
Merge branch 'master' into pki-csrs
2015-12-08 10:57:53 -05:00
Jeff Mitchell
dab0049d0e
Changelogify
2015-12-07 13:22:24 -05:00
Jeff Mitchell
1dbfcc3b45
Merge branch 'master' into pki-csrs
2015-12-03 15:23:08 -05:00
Jeff Mitchell
3bdbd66f7d
Remove datacenter from Consul configuration, as it cannot actually do
...
anything
Fixes #816
2015-12-03 15:16:37 -05:00
Jeff Mitchell
4eec9d69e8
Change allowed_base_domain to allowed_domains and allow_base_domain to
...
allow_bare_domains, for comma-separated multi-domain support.
2015-11-30 23:49:11 -05:00
Jeff Mitchell
b6c49ddf01
Remove token display names from input options as there isn't a viable
...
use-case for it at the moment
2015-11-30 18:07:42 -05:00
Jeff Mitchell
ee8e143555
Add PKI enhancements to Changelog
2015-11-20 13:18:07 -05:00
Jeff Mitchell
1c7157e632
Reintroduce the ability to look up obfuscated values in the audit log
...
with a new endpoint '/sys/audit-hash', which returns the given input
string hashed with the given audit backend's hash function and salt
(currently, always HMAC-SHA256 and a backend-specific salt).
In the process of adding the HTTP handler, this also removes the custom
HTTP handlers for the other audit endpoints, which were simply
forwarding to the logical system backend. This means that the various
audit functions will now redirect correctly from a standby to master.
(Tests all pass.)
Fixes #784
2015-11-18 20:26:03 -05:00
Jeff Mitchell
29135b65ca
Changelogify
2015-11-18 10:34:50 -05:00
Jeff Mitchell
bc4c18a1cf
Rearchitect MountTable locking and fix rollback.
...
The rollback manager was using a saved MountTable rather than the
current table, causing it to attempt to rollback unmounted mounts, and
never rollback new mounts.
In fixing this, it became clear that bad things could happen to the
mount table...the table itself could be locked, but the table pointer
(which is what the rollback manager needs) could be modified at any time
without locking. This commit therefore also returns locking to a mutex
outside the table instead of inside, and plumbs RLock/RUnlock through to
the various places that are reading the table but not holding a write
lock.
Both unit tests and race detection pass.
Fixes #771
2015-11-11 11:54:52 -05:00
Jeff Mitchell
1a45696208
Add no-default-policy flag and API parameter to allow exclusion of the
...
default policy from a token create command.
2015-11-09 17:30:50 -05:00
Jeff Mitchell
d6693129de
Create a "default" policy with sensible rules.
...
It is forced to be included with each token, but can be changed (but not
deleted).
Fixes #732
2015-11-09 15:44:09 -05:00
Jeff Mitchell
8673f36b34
Don't require root tokens for mount and policy endpoints.
2015-11-09 15:29:21 -05:00
Jeff Mitchell
75f1c1e40c
Print version on startup.
...
Fixes #765
2015-11-09 13:52:55 -05:00
Jeff Mitchell
5783f547ab
Display whether a token is an orphan on lookup.
2015-11-09 13:19:59 -05:00
Jeff Mitchell
b1a445dfbf
Changelogify
2015-11-06 09:22:30 -05:00
Jeff Mitchell
fde0bbf4b3
Merge pull request #752 from hashicorp/issue-749
...
Fix removing secondary index from exp manager.
2015-11-05 19:43:11 -05:00
Jeff Mitchell
a121941925
Merge pull request #751 from hashicorp/issue-618
...
Move environment variable reading logic to API.
2015-11-05 19:42:16 -05:00
Jeff Mitchell
08dbc70c9f
Switch etcd default port to 2379, in line with 2.x.
...
Fixes #753
2015-11-05 09:47:50 -05:00
Jeff Mitchell
395d6bead4
Fix removing secondary index from exp manager.
...
Due to a typo, revoking ensures that index entries are created rather
than removed. This adds a failing, then fixed test case (and helper
function) to ensure that index entries are properly removed on revoke.
Fixes #749
2015-11-04 10:50:31 -05:00
Jeff Mitchell
32e23bea71
Move environment variable reading logic to API.
...
This allows the same environment variables to be read, parsed, and used
from any API client as was previously handled in the CLI. The CLI now
uses the API environment variable reading capability, then overrides any
values from command line flags, if necessary.
Fixes #618
2015-11-04 10:28:00 -05:00
Jeff Mitchell
f8c13ed69f
Changelog++
2015-11-04 09:42:07 -05:00
Jeff Mitchell
54d47957b5
Allow creating Consul management tokens
...
Fixes #714
2015-11-03 15:29:58 -05:00
Jeff Mitchell
a4322afedb
Merge pull request #746 from hashicorp/issue-677
...
Add a PermitPool to physical and consul/inmem
2015-11-03 15:26:58 -05:00
Jeff Mitchell
4f6ad849b8
Merge pull request #703 from hashicorp/crlsets
...
Implement CRLs for the cert authentication backend
2015-11-03 15:13:08 -05:00
Jeff Mitchell
6ccded7a2f
Add ability to create orphan tokens from the API
2015-11-03 15:12:21 -05:00
Jeff Mitchell
bf2e553785
Add a PermitPool to physical and consul/inmem
...
The permit pool controls the number of outstanding operations that can
be queued for Consul (and inmem, for testing purposes). This prevents
possible situations where Vault launches thousands of concurrent
connections to Consul if e.g. a huge number of leases need to be
expired.
Fixes #677
2015-11-03 11:49:20 -05:00
Jeff Mitchell
c7493fca65
Changelogify
2015-11-03 11:43:57 -05:00
Jeff Mitchell
59cc61cc79
Add documentation for CRLs and some minor cleanup.
2015-11-03 10:52:20 -05:00
Jeff Mitchell
195caa6bf6
Implement LookupSelf, RevokeSelf, and RenewSelf in the API client
...
Fixes #739
2015-10-30 17:27:33 -04:00
Jeff Mitchell
1899bd8ef0
Merge pull request #730 from hashicorp/issue-713
...
Write HMAC-SHA256'd client token to audited requests
2015-10-30 13:36:22 -04:00
Jeff Mitchell
ffa196da0e
Note that the dev server does not fork
...
Fixes #710 .
2015-10-30 12:47:56 -04:00
Jeff Mitchell
64eacd1564
Merge pull request #737 from hashicorp/issue-615
...
Return data on a token with one use left if there is no Lease ID
2015-10-30 12:42:19 -04:00
Jeff Mitchell
a0c5a24c79
Update Postgres tests and changelogify
2015-10-30 12:41:45 -04:00
Jeff Mitchell
94b7be702b
Return data on a token with one use left if there is no Lease ID
...
Fixes #615
2015-10-30 12:35:42 -04:00
Jeff Mitchell
cf4b88c196
Write HMAC-SHA256'd client token to audited requests
...
Fixes #713
2015-10-29 13:26:18 -04:00
Jeff Mitchell
e2d4a5fe0f
Documentation update around path/key name encryption.
...
Make it clear that path/key names in generic are not encrypted.
Fixes #697
2015-10-29 11:21:40 -04:00
Jeff Mitchell
85d4dd6a1d
Check TTL provided to generic backend on write
...
If existing entries have unparseable TTLs, return the value plus a
warning, rather than an error.
Fixes #718
2015-10-29 11:05:21 -04:00
Jeff Mitchell
c1d8b97342
Add reset support to the unseal command.
...
Reset clears the provided unseal keys, allowing the process to be begun
again. Includes documentation and unit test changes.
Fixes #695
2015-10-28 15:59:39 -04:00
Jeff Mitchell
9026b5c127
Update changelog
2015-10-23 09:18:03 -04:00
Jeff Mitchell
691f9e9b92
Rewrap changelog
2015-10-20 12:57:42 -04:00
Jeff Mitchell
ffe531923d
Changelogify
2015-10-20 12:31:01 -04:00
Jeff Mitchell
35a7f0de22
Add '.' to GenericNameRegex; it cannot appear as the first or last
...
character. This allows its usage in a number of extra path-based
variables.
Ping #244
2015-10-13 16:04:10 -04:00
Jeff Mitchell
78b5fcdf51
Serialize changing the state of the expiration manager pointer and
...
calling emitMetrics from its own goroutine.
Fixes #694
2015-10-12 16:33:54 -04:00
Jeff Mitchell
9f0b1547bb
Allow disabling the physical storage cache with 'disable_cache'.
...
Fixes #674 .
2015-10-12 13:00:32 -04:00
Jeff Mitchell
55c26a909e
Documentation updates to remove lease id and duration from generic
...
backend example.
2015-10-12 10:01:15 -04:00
Jeff Mitchell
5fbaa0e64d
Apply mount-tune properties to the token authentication backend.
...
Fixes #688 .
2015-10-09 20:26:39 -04:00
Jeff Mitchell
ee92124357
Fix output of token-create help to use ttl instead of lease
2015-10-09 19:40:30 -04:00
Jeff Mitchell
b5d674d94e
Add 301 redirect checking to the API client.
...
Vault doesn't generate these, but in some cases Go's internal HTTP
handler does. For instance, during a mount-tune command, finishing the
mount path with / (as in secret/) would cause the final URL path to
contain .../mounts/secret//tune. The double slash would trigger this
behavior in Go's handler and generate a 301. Since Vault generates 307s,
this would cause the client to think that everything was okay when in
fact nothing had happened.
2015-10-09 17:11:31 -04:00
Jeff Mitchell
bf70b677b7
Add timeout to changelog
2015-10-08 19:47:16 -04:00
Jeff Mitchell
d58a3b601c
Add a cleanLeaderPrefix function to clean up stale leader entries in core/leader
...
Fixes #679 .
2015-10-08 14:04:58 -04:00
Jeff Mitchell
0ca86fa2cd
Changelogify
2015-10-07 16:18:39 -04:00
Jeff Mitchell
50b9129e65
Normalize policy names to lowercase on write. They are not currently
...
normalized when reading or deleting, for backwards compatibility.
Ping #676 .
2015-10-07 13:52:21 -04:00
Jeff Mitchell
4a52de13e3
Add renew-self endpoint.
...
Fixes #455 .
2015-10-07 12:49:13 -04:00
Jeff Mitchell
ad840233eb
Allow base64-encoded keys to be used on the CLI for init/rekey.
...
Fixes #653 .
2015-10-06 12:47:01 -04:00
Jeff Mitchell
de571c304d
Add changelog entries for 0.3.1 and bump version in CLI
2015-10-06 11:03:55 -04:00
Jeff Mitchell
6fe4139ac3
Changelogify++
2015-09-29 19:03:43 -07:00
Jeff Mitchell
6a7e87d471
Changelogify
2015-09-29 19:01:45 -07:00
Jeff Mitchell
62ac518ae7
Switch per-mount values to strings going in and seconds coming out, like other commands. Indicate deprecation of 'lease' in the token backend.
2015-09-25 10:41:21 -04:00
Jeff Mitchell
af27a99bb7
Remove JWT for the 0.3 release; it needs a lot of rework.
2015-09-24 16:23:44 -04:00
Jeff Mitchell
8fa7d3bd0b
Add revoke-self to docs
2015-09-24 12:05:00 -04:00
Jeff Mitchell
fb7c05d7f6
Reorder changelog slightly
2015-09-24 10:55:32 -04:00
Jeff Mitchell
07288b3dcb
Forgot to add JWT to the chnangelog
2015-09-23 14:26:31 -04:00
Jeff Mitchell
0454d04097
Minor typo fix
2015-09-23 10:07:55 -04:00
Jeff Mitchell
44166bb241
Update Changelog to 0.3
2015-09-22 11:44:28 -04:00
Jeff Mitchell
9860ea9e46
Update godeps
2015-09-22 10:15:06 -04:00
Armon Dadgar
9f9f53adbf
CHANGELOG updates
2015-08-17 12:18:14 -07:00
Armon Dadgar
2d32b0a1ca
Cutting v0.2.0
2015-07-13 19:40:01 +10:00
Armon Dadgar
190400a456
CHANGELOG updates
2015-07-13 19:34:11 +10:00
Armon Dadgar
8a4d6487f4
CHANGELOG updates
2015-07-13 17:08:30 +10:00
Armon Dadgar
334dbe430c
CHANGELOG updates
2015-07-08 16:58:25 -06:00
Armon Dadgar
eb51cdb8c8
CHANGELOG update is bolded
2015-07-06 11:20:55 -06:00
Armon Dadgar
9abc602215
CHANGELOG updates
2015-07-06 11:19:59 -06:00
Armon Dadgar
de51ba0997
CHANGELOG update
2015-07-06 10:51:50 -06:00
Armon Dadgar
0521c6df6c
http: support ?standbyok for 200 status on standby. Fixes #389
2015-07-02 17:49:35 -07:00
Armon Dadgar
3f189f2c57
CHANGELOG updates
2015-07-01 16:53:00 -07:00
Mitchell Hashimoto
c249bc46e4
update CHANGELOG
2015-06-16 10:00:38 -07:00
Mitchell Hashimoto
644caf74c4
update CHANGELOG
2015-05-13 10:35:20 -07:00
Mitchell Hashimoto
afbe744629
v0.1.2
2015-05-11 11:29:07 -07:00
Mitchell Hashimoto
8acc0fb9d3
update CHANGELOG
2015-05-11 11:28:22 -07:00
Mitchell Hashimoto
b0c688cb8b
update CHANGELOG
2015-05-11 11:01:52 -07:00
Mitchell Hashimoto
42d6b2a916
http: allow header for auth token [GH-124]
2015-05-11 10:56:58 -07:00
Mitchell Hashimoto
0cea01607b
update CL
2015-05-11 10:46:11 -07:00
Armon Dadgar
3337e9bd45
CL update
2015-05-11 10:43:03 -07:00
Mitchell Hashimoto
1ee09f7cdf
update CL
2015-05-11 10:31:47 -07:00
Mitchell Hashimoto
0e5217faf4
update CL
2015-05-11 10:28:11 -07:00
Mitchell Hashimoto
1ee7218796
update CL
2015-05-11 10:14:36 -07:00
Mitchell Hashimoto
2ef43005e8
update CHANGELOG
2015-05-11 10:10:56 -07:00
Mitchell Hashimoto
4e3e60b4c4
update CL
2015-05-11 10:09:21 -07:00
Mitchell Hashimoto
48e3835b4a
update CHANGELOG
2015-05-11 10:06:36 -07:00
Mitchell Hashimoto
eaac7a6dd3
up version for dev
2015-05-02 13:37:26 -07:00
Mitchell Hashimoto
44862e0819
update CHANGELOG
2015-05-02 13:34:39 -07:00
Mitchell Hashimoto
deab183cbd
token/disk: write token with 0600
2015-05-02 13:34:01 -07:00
Mitchell Hashimoto
8ff38717eb
v0.1.1
2015-05-02 13:29:32 -07:00
Mitchell Hashimoto
727e0e90cd
vault: validate advertise addr is valid URL [GH-106]
2015-05-02 13:28:33 -07:00
Mitchell Hashimoto
83af64dbd1
update cHANGELOG
2015-05-02 13:21:51 -07:00
Mitchell Hashimoto
81b12660c5
logical/framework: PathMap allows hyphens in keys [GH-119]
2015-05-02 13:17:42 -07:00
Mitchell Hashimoto
2eba902d0d
update CHANGELOG
2015-05-02 13:12:09 -07:00
Mitchell Hashimoto
d4155ef9d8
api: human friendly error for TLS [GH-123]
2015-05-02 13:08:35 -07:00
Mitchell Hashimoto
fcde0fa942
update CHANGELOG
2015-04-29 11:30:00 -07:00
Mitchell Hashimoto
fb7053bbb2
update CHANGELOG
2015-04-29 09:59:05 -07:00
Mitchell Hashimoto
97285af6b8
update CHANGELOG
2015-04-28 18:56:44 -07:00
Mitchell Hashimoto
74888ff179
update CHANGELOG
2015-04-28 15:12:20 -07:00
Mitchell Hashimoto
2961712e6e
update CHANGELOG
2015-04-28 14:54:14 -07:00
Mitchell Hashimoto
f31fa990a1
up version for dev
2015-04-28 14:45:38 -07:00
Mitchell Hashimoto
c92aed4ac0
Add CHANGELOG
2015-04-28 09:12:09 -07:00