Commit graph

2793 commits

Author SHA1 Message Date
Jeff Mitchell 386aa408b7 Remove need for PUT in rekey. We've decided that POST and PUT are to
stay as synonyms for writes, so there's no reason to limit it for this
operation.
2016-01-14 16:52:34 -05:00
Seth Vargo 6d655d75fe Do not use compressed javascripts
Minifier gets really confused when you give it already-compressed
javascript.
2016-01-14 15:00:41 -05:00
Jeff Mitchell 1001566a26 Keep ordering consistent in config doc, and put HA backends first 2016-01-14 13:55:53 -05:00
Jeff Mitchell b30e185d25 Merge pull request #931 from hashicorp/sethvargo/deploy
Add scripts to deploy via Atlas
2016-01-14 13:47:57 -05:00
Seth Vargo 94f590581a Add scripts to deploy via Atlas 2016-01-14 13:42:53 -05:00
Seth Vargo e40c77ff27 Use HTTPS + www where appropriate 2016-01-14 13:42:47 -05:00
Seth Vargo d210b561a2 ImageOptim 2016-01-14 13:42:34 -05:00
Seth Vargo 13b1e8f9df Fix image asset URLs 2016-01-14 13:42:28 -05:00
Seth Vargo 2d7555f442 Remove Heroku stuff 2016-01-14 13:42:13 -05:00
Jeff Mitchell 5873824ee2 Version 0.4.1
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQEcBAABAgAGBQJWls/HAAoJEFGFLYc0j/xMarQH/i6rW+wLm9DadkFV23jwjttt
 TRumTPDoBxHQDoB0wkC4CmA8UiZnzc68o5OlxisC8KAz/89HWZf8sUDxkOSY1vUX
 BGDkiv+KF6LiDRAdDyIqK6PYUkKHaJgue9Vnwu5+1iRv1sjK5PyPb992Wmt/DtOM
 nRn8Hn5qmmDCUm79TKXpZNMs/CRx21VM7q2Sm139kLzTr0Qg2Oyxcp3mB8TR7LtV
 ATdMQ//HzL/tGJ6Yw7zkgZzdf7EMFFO1SSVqAzqag6kqNqwjvmDGrQaTzkdl7anv
 72zMXqVcryeSL6DRZuR+OrHs63aaoTwIXcqO56nBrZ1NAEqkI0oCcvDZNLt7yi4=
 =YCXl
 -----END PGP SIGNATURE-----

Merge tag 'v0.4.1'

Version 0.4.1
2016-01-14 09:57:21 -05:00
Jeff Mitchell 5fb4b4982c
Cut version 0.4.1 2016-01-13 17:29:16 -05:00
Jeff Mitchell eeac69939c Bump values to 0.4.1 2016-01-13 17:28:17 -05:00
Jeff Mitchell 9c5ad28632 Update deps, and adjust usage of go-uuid to match new return values 2016-01-13 13:40:08 -05:00
Jeff Mitchell 55a802f9ca changelog++ 2016-01-12 21:19:25 -05:00
Jeff Mitchell f9bbe0fb04 Use logical operations instead of strings for comparison 2016-01-12 21:16:31 -05:00
Jeff Mitchell d949043cac Merge pull request #914 from hashicorp/acl-rework
More granular ACL capabilities
2016-01-12 21:11:52 -05:00
Jeff Mitchell 4253299dfe Store uint32s in radix 2016-01-12 17:24:01 -05:00
Jeff Mitchell e58705b34c Cleanup 2016-01-12 17:10:48 -05:00
Jeff Mitchell 87fba5dad0 Convert map to bitmap 2016-01-12 17:08:10 -05:00
Jeff Mitchell da87d490eb Add some commenting around create/update 2016-01-12 15:13:54 -05:00
Jeff Mitchell 9db22dcfad Address some more review feedback 2016-01-12 15:09:16 -05:00
Jeff Mitchell ce5bd64244 Clean up HelpOperation 2016-01-12 14:34:49 -05:00
Jeff Mitchell 1efb33cfd5 changelog++ 2016-01-12 09:31:07 -05:00
Jeff Mitchell e89a1b1396 Merge pull request #924 from richardzone/patch-1
Fix typo
2016-01-12 09:30:40 -05:00
Ziyi, LIU 5204da4edd Fix typo
Change "...implements is own login endpoint..." to "...implements its own login endpoint..."
2016-01-12 22:22:13 +08:00
Jeff Mitchell ae6df99b19 changelog++ 2016-01-12 08:47:33 -05:00
Jeff Mitchell 8cb23835d7 Fix read panic when an empty argument is given.
Fixes #923
2016-01-12 08:46:49 -05:00
Jeff Mitchell e815db8756 Update audit sys docs 2016-01-11 19:08:23 -05:00
Eric Kidd 69434fd13e etcd: Allow disabling sync for load balanced etcd
Some etcd configurations (such as that provided by compose.io) place the
etcd cluster behind multiple load balancers or proxies.  In this
configuration, calling Sync (or AutoSync) on the etcd client will
replace the load balancer addresses with the underlying etcd server
address.

This will cause the etcd client to bypass the load balancers, and may
cause the connection to fail completely if the etcd servers are
protected by a firewall.

This patch provides a "sync" option for the etcd backend, which defaults
to the current behavior, but which can be used to turn off of sync.
This corresponds to etcdctl's --no-sync option.
2016-01-11 13:56:58 -05:00
Eric Kidd ebabcd857a etcd: Document existing username and password options
These options were present in the source code, but not in the
documentation.  They're needed to connect to some hosted etcd services.
2016-01-11 11:30:51 -05:00
Jeff Mitchell 8e131e4ea4 Make sure VAULT_TOKEN is empty during unit tests 2016-01-09 14:47:55 -05:00
Jeff Mitchell 2527a9d18e changelog++ 2016-01-09 14:21:36 -05:00
Jeff Mitchell b7e68633a3 Merge pull request #878 from seiffert/dynamodb_backend
Add DynamoDB physical backend.
2016-01-09 14:16:15 -05:00
Jeff Mitchell a2bd31d493 Fix up PGP tests from earlier code fixes 2016-01-08 22:21:41 -05:00
Jeff Mitchell a99787afeb Don't allow a policy with no name, even though it is a valid slice member 2016-01-08 21:23:40 -05:00
Jeff Mitchell 676008b2c5 Lotsa warnings if you choose not to be safe 2016-01-08 17:35:07 -05:00
Jeff Mitchell f6d2271a3c Use an array of keys so that if the same fingerprint is used none are lost when using PGP key backup 2016-01-08 14:29:23 -05:00
Jeff Mitchell 26e1837a82 Some minor rekey backup fixes 2016-01-08 14:09:40 -05:00
Jeff Mitchell 4f4ddbf017 Create more granular ACL capabilities.
This commit splits ACL policies into more fine-grained capabilities.
This both drastically simplifies the checking code and makes it possible
to support needed workflows that are not possible with the previous
method. It is backwards compatible; policies containing a "policy"
string are simply converted to a set of capabilities matching previous
behavior.

Fixes #724 (and others).
2016-01-08 13:05:14 -05:00
Jeff Mitchell f3ce90164f WriteOperation -> UpdateOperation 2016-01-08 13:03:03 -05:00
Paul Seiffert 3a0ea3bcaa Add documentation for the DynamoDB backend 2016-01-08 17:34:31 +01:00
Paul Seiffert 99f7659bb4 Add recovery option to DynamoDB backend
When Vault is killed without the chance to clean up the lock
entry in DynamoDB, no further Vault nodes can become leaders after
that.

To recover from this situation, this commit adds an environment
variable and a configuration flag that when set to "1" causes Vault
to delete the lock entry from DynamoDB.
2016-01-08 17:31:37 +01:00
Paul Seiffert 8853e50691 Explicitly read AWS credentials from environment 2016-01-08 17:31:37 +01:00
Paul Seiffert 9618d95c4e Godeps: install new requirements from AWS SDK 2016-01-08 17:31:37 +01:00
Paul Seiffert 277de77256 Add tests for DynamoDB backend 2016-01-08 17:31:37 +01:00
Paul Seiffert 870bc6c5b4 Implement DynamoDB physical HA backend 2016-01-08 17:31:37 +01:00
Jeff Mitchell 87f686997f changelog++ 2016-01-07 11:36:32 -05:00
Jeff Mitchell c9f9bcdeaf Merge pull request #912 from hashicorp/fix-renew-regression
Have 'sys/renew' return the value provided in Secret.
2016-01-07 11:35:52 -05:00
Jeff Mitchell 455acc255b Have 'sys/renew' return the value provided in Secret.
Fixes a regression introduced in 0.3.
2016-01-07 11:35:09 -05:00
Jeff Mitchell 2412c078ac Also convert policy store cache to 2q.
Ping #908
2016-01-07 09:26:08 -05:00