Commit graph

3006 commits

Author SHA1 Message Date
Jeff Mitchell e2c15eb693 Merge pull request #1129 from hashicorp/pki-tidy
Add "pki/tidy" which allows removing expired certificates.
2016-02-25 10:39:54 -05:00
Jeff Mitchell c9a038b142 changelog++ 2016-02-25 08:55:23 -05:00
Jeff Mitchell 6b6005ee2e Remove root token requirement from GitHub configuration 2016-02-25 08:51:53 -05:00
Jeff Mitchell 8ca847c9b3 Be more explicit about buffer type 2016-02-24 22:05:39 -05:00
Jeff Mitchell efc48f2473 Fix CLI formatter to show warnings again on CLI list output. 2016-02-24 21:45:58 -05:00
Jeff Mitchell 5a35ee2ddd Merge pull request #1080 from jkanywhere/improve-formatter
Refactor formatting of output
2016-02-24 21:36:57 -05:00
Jeff Mitchell 151eaf9ec0 Add documentation for pki/tidy 2016-02-24 21:31:29 -05:00
Jeff Mitchell 7d41607b6e Add "tidy/" which allows removing expired certificates.
A buffer is used to ensure that we only remove certificates that are
both expired and for which the buffer has past. Options allow removal
from revoked/ and/or certs/.
2016-02-24 21:24:48 -05:00
Jeff Mitchell 36672bbf1f Add information about the cert renewal enhancements to the upgrade guide 2016-02-24 21:24:20 -05:00
Jeff Mitchell 842f6670d1 Add upgrade information 2016-02-24 21:13:44 -05:00
vishalnayak f16598e338 changelog++ 2016-02-24 21:11:21 -05:00
Vishal Nayak 5dcfe7a231 Merge pull request #1127 from hashicorp/iss1000-cert-renewal
Cert: renewal enhancements
2016-02-24 21:05:12 -05:00
vishalnayak 69bcbb28aa rename verify_cert as disable_binding and invert the logic 2016-02-24 21:01:21 -05:00
vishalnayak cf0156e5b4 documentation for the config endpoint 2016-02-24 17:13:24 -05:00
vishalnayak 902c780f2b make the verification of certs in renewal configurable 2016-02-24 16:42:20 -05:00
vishalnayak bc4710eb06 Cert: renewal enhancements 2016-02-24 14:31:38 -05:00
Jack Pearkes d065425f44 website: fix hover state for annc banner 2016-02-24 11:18:10 -08:00
Jack Pearkes c3fd1f8853 Merge pull request #1119 from hashicorp/jt-enterprise-bnr
Vault Enterprise Banner and Nav
2016-02-24 11:03:09 -08:00
captainill a83db21a77 website: announcement banner for vault enterprise 2016-02-24 10:59:31 -08:00
vishalnayak f40a65be20 changelog++ 2016-02-24 11:04:19 -05:00
Vishal Nayak d92b8cff8e Merge pull request #1039 from hashicorp/vault-iss539-app-id
Added renewal capability to app-id backend
2016-02-24 10:59:58 -05:00
vishalnayak 053bbd97ea check CIDR block for renewal as well 2016-02-24 10:55:31 -05:00
vishalnayak 978075a1b4 Added renewal capability to app-id backend 2016-02-24 10:40:15 -05:00
Vishal Nayak 0f017568e5 Merge pull request #1123 from hashicorp/ssh-add-tls-skip-verify
Use tls_skip_verify in vault-ssh-helper
2016-02-23 22:06:46 -05:00
vishalnayak c42ade8982 Use tls_skip_verify in vault-ssh-helper 2016-02-23 17:32:49 -05:00
Jeff Mitchell f745148249 changelog++ 2016-02-23 13:24:57 -05:00
Jeff Mitchell 536c04a293 Merge pull request #1121 from mhurne/improve-error-on-sts-read-with-arn-policy
Improve error message when client attempts to generate STS creds for managed policy
2016-02-23 13:22:44 -05:00
Matt Hurne f4d8852259 Add note that STS credentials can only be generated for user inline policies in AWS secret backend documentation 2016-02-23 09:06:52 -05:00
Matt Hurne 11187112bc Improve error message returned when client attempts to generate STS credentials for a managed policy; addresses #1113 2016-02-23 08:58:28 -05:00
Vishal Nayak eb95205f99 Merge pull request #1118 from hashicorp/ssh-api-fix
ssh-helper related API changes
2016-02-23 00:20:20 -05:00
vishalnayak 00d01043fd ssh-helper api changes 2016-02-23 00:16:00 -05:00
Jeff Mitchell 434962c632 We treat put/post the same, so allow init to use POST 2016-02-22 20:22:31 -05:00
Jeff Mitchell 291352fd99 changelog++ 2016-02-22 19:52:48 -05:00
Jeff Mitchell 84d87b171b Merge pull request #1117 from hashicorp/add-time-to-responses
Add the server's time in UTC to the health response.
2016-02-22 19:52:03 -05:00
Jeff Mitchell 76923aa28a Add the server's time in UTC to the health response. 2016-02-22 19:51:18 -05:00
Jeff Mitchell f56e4a604d Merge pull request #1114 from hashicorp/dont-delete-certs
Do not delete certs (or revocation information)
2016-02-22 16:11:13 -05:00
Jeff Mitchell 4514192145 Address review feedback 2016-02-22 16:11:01 -05:00
Jeff Mitchell 9a1ddf6d5f changelog++ 2016-02-22 13:40:27 -05:00
Jeff Mitchell f43ab6a25d Remove extra debugging from PKI tests 2016-02-22 13:39:05 -05:00
Jeff Mitchell f27eab1d28 Do not delete certs (or revocation information) to avoid potential
issues related to time synchronization. A function will be added to
allow operators to perform cleanup at chosen times.
2016-02-22 13:36:17 -05:00
Jeff Mitchell 51ced69bf8 Fix issue where leftover values after cn tests could trigger errors in ipsan tests 2016-02-22 13:35:57 -05:00
vishalnayak e2e15376dd changelog++ 2016-02-22 11:41:13 -05:00
Vishal Nayak 949f8a6b69 Merge pull request #1112 from hashicorp/1089-postgres-connection-url
postgres: connection_url fix
2016-02-22 11:36:04 -05:00
Jeff Mitchell 4c327ca4cc More improvements to PKI tests; allow setting a specific seed, output
the seed to the console, and split generated steps to make it
understandable which seed is for which set of steps.
2016-02-22 11:22:52 -05:00
vishalnayak c9899a5300 postgres: connection_url fix 2016-02-22 11:22:49 -05:00
Vishal Nayak 879db1766a Merge pull request #1108 from vanhalt/fixing_write_help
When writing from a file it must be a JSON file
2016-02-22 11:01:21 -05:00
Jeff Mitchell 8d4c6f4c98 Use more fuzziness in PKI backend tests 2016-02-22 10:59:37 -05:00
vanhalt a387725e96 help sentence improved 2016-02-22 09:38:30 -06:00
Jeff Mitchell 392a26e9cd Better handle errors from fetchCertBySerial 2016-02-22 10:36:26 -05:00
vanhalt 31862dc5c2 When writing from a file it must be a JSON file
Making clear from write help text that when writing secrets
using @file, the file must be a JSON file.
2016-02-21 19:02:09 -06:00