38428e90ea
Merge pull request #1924 from hashicorp/token-entry-upgrade
...
Handle token entry upgrade gracefully
2016-09-27 12:55:06 -04:00
5eff59c410
Fix "SecretIDNumUses" in AppRole auth backend
...
There was a typo.
2016-09-27 17:26:52 +03:00
57b21acabb
Added unit tests for token entry upgrade
2016-09-26 18:17:50 -04:00
af888573be
Handle upgrade of deprecated fields in token entry
2016-09-26 15:47:48 -04:00
96afb1d27a
Update getting started docs since root can no longer be used from github
2016-09-26 13:09:26 -04:00
be9fb99a99
Update middleman-hashicorp ( #1922 )
2016-09-26 12:40:48 -04:00
69e662d374
changelog++
2016-09-26 10:49:59 -04:00
b1ee56a15b
Merge pull request #1910 from hashicorp/secret-id-cidr-list
...
CIDR restrictions on Secret ID
2016-09-26 10:22:48 -04:00
f8e3cf4591
Add information about accessors to the token concepts page.
...
Fixes #1918
2016-09-26 10:18:38 -04:00
ecf45e7e3d
changelog++
2016-09-26 10:10:00 -04:00
a4b119dc25
Merge pull request #1920 from legal90/fix-approle-delete
...
Fix panic on deleting the AppRole which doesn't exist
2016-09-26 10:05:33 -04:00
3f77013004
Fix panic on deleting the AppRole which doesn't exist
...
#pathRoleDelete should return silently if the specified AppRole doesn't exist
Fixes GH-1919
2016-09-26 16:55:08 +03:00
da5b5d3a8e
Address review feedback from @jefferai
2016-09-26 09:53:24 -04:00
d080107a87
Update docs to contain bound_iam_role_arn
2016-09-26 09:37:38 -04:00
bf0b7f218e
Implemented bound_iam_role_arn constraint
2016-09-23 21:35:36 -04:00
c39eeecaea
tip to override VAULT_ADDR in getting started guide ( #1915 )
2016-09-23 19:34:07 -04:00
e0ea497cfe
Getting role name from the creds path used in revocation
2016-09-23 16:57:08 -04:00
8709406eb3
secretCredsRevoke command no longer uses hardcoded query
...
The removal of a user from the db is now handled similar to the
creation. The SQL is read out of a key from the role and then executed
with values substituted for username.
2016-09-23 16:05:49 -04:00
1bed6bfc2c
Added support for a revokeSQL key value pair to the role
2016-09-23 16:00:23 -04:00
72b9c4c649
Fix parsing env var, needed to be in the helper too
2016-09-23 13:20:26 -04:00
a31f9bb0e9
Fix zeroAddr check
2016-09-23 12:50:26 -04:00
be694f0287
changelog++
2016-09-23 12:33:26 -04:00
6bf871995b
Don't use time.Time in responses. ( #1912 )
...
This fixes #1911 but not directly; it doesn't address the cause of the
panic. However, it turns out that this is the correct fix anyways,
because it ensures that the value being logged is RFC3339 format, which
is what the time turns into in JSON but not the normal time string
value, so what we audit log (and HMAC) matches what we are returning.
2016-09-23 12:32:07 -04:00
2d4bfeff49
Update website for bound_iam_instance_profile_arn
2016-09-23 11:23:59 -04:00
e0c41f02c8
Fix incorrect naming of bound_iam_instance_profile_arn
2016-09-23 11:22:23 -04:00
4214a0199d
Advertise the cluster_(id|name) in the Scada handshake ( #1906 )
2016-09-23 10:55:51 -04:00
f560e20b28
Address review feedback
2016-09-22 18:07:35 -04:00
57f3904d74
Use VAULT_LOG_FORMAT as an analogue to LOGXI_FORMAT
2016-09-22 17:22:02 -04:00
c26754000b
Fix ssh tests
2016-09-22 11:37:55 -04:00
07b1b244d6
Use net.IPv4zero to check for zero address
2016-09-21 20:29:33 -04:00
aaadd4ad97
Store the CIDR list in the secret ID storage entry.
...
Use the stored information to validate the source address and credential issue time.
Correct the logic used to verify BoundCIDRList on the role.
Reverify the subset requirements between secret ID and role during credential issue time.
2016-09-21 20:19:26 -04:00
578b82acf5
Pass only valid inputs to validation methods
2016-09-21 15:44:54 -04:00
d65da5613c
Add missing dep
2016-09-21 14:02:35 -04:00
226ef5d78c
Make HA in etcd off by default. ( #1909 )
...
Fixes #1908
(Doesn't really "fix" it but someone from the community needs to step up
if they want to see this fixed.)
2016-09-21 14:01:36 -04:00
93604e1e2e
Added cidrutil helper
2016-09-21 13:58:32 -04:00
5c9bd9adcb
changelog++
2016-09-21 13:50:07 -04:00
676e7e0f07
Ensure upgrades have a valid HMAC key
2016-09-21 11:10:57 -04:00
0ff76e16d2
Transit and audit enhancements
2016-09-21 10:49:26 -04:00
982f151722
Update docs to reflect that there is more than one constraint for EC2 now
2016-09-20 16:11:32 -04:00
bbe87db913
Force tls_disable on scada connection inside outer TLS connection as it's not currently supported anyways
2016-09-20 14:56:16 -04:00
5c241d31e7
Renaming ttl_max -> max_ttl in mssql backend ( #1905 )
2016-09-20 12:39:02 -04:00
f6239cf0c0
fix shell quoting ( #1904 )
...
$() doesnt get evaluated in single quotes, so you need to break out of it first
2016-09-19 17:11:16 -04:00
27782238a1
changelog++
2016-09-19 13:03:03 -04:00
69c4452344
Merge branch 'master' of https://github.com/hashicorp/vault into master-oss
2016-09-19 13:02:30 -04:00
f3ab4971a6
Follow Vault convention on `DELETE` being idempotent ( #1903 )
...
* Follow Vault convention on `DELETE` being idempotent with
audit/auth/mounts deletes (a.k.a. disabling/unmounting).
2016-09-19 13:02:25 -04:00
7f3041d6a5
Fix formatting
2016-09-19 13:00:50 -04:00
6e40d606d4
Bump to newer middleman-hashicorp
2016-09-19 12:42:35 -04:00
85c51fd861
Update website docs to indicate sudo being required for auth/audit
...
endpoints.
2016-09-19 12:10:08 -04:00
97dc0e9f64
Merge pull request #1897 from hashicorp/secret-id-accessor-locks
...
Safely manipulate secret id accessors
2016-09-19 11:37:38 -04:00
86c83c3a98
changelog++
2016-09-19 09:41:01 -04:00
Vishal Nayak