Commit graph

2559 commits

Author SHA1 Message Date
Jeff Mitchell 59fc5d0f8d Merge pull request #964 from hashicorp/patched-1.5.3
Add a Dockerfile to build 1.5.3 with patches.
2016-01-23 20:11:02 -05:00
Jeff Mitchell b2ab68f814 Add a Dockerfile to build 1.5.3 with patches.
Specifically this pulls in the following:

https://go-review.googlesource.com/12717
https://go-review.googlesource.com/17247

These fix bugs users have encountered -- the first with the PKI backend,
and the second with Vault generally, as it can bite any use of a
certificate within Vault (listener, cert credential backend, pki
backend).

These are in 1.6, but it will probably be released too late for us given
what is currently known about their release plans and our known
deadline. This lets us build our releases against a patched 1.5.3.
2016-01-23 14:50:23 -05:00
Jeff Mitchell 0c2829d2a2 changelog++ 2016-01-23 14:46:20 -05:00
Jeff Mitchell abd9fe1b73 Merge pull request #961 from rajanadar/patch-3
fixed login link,request params,add json response
2016-01-23 14:45:27 -05:00
Jeff Mitchell e772a3e695 Merge pull request #963 from hashicorp/fail-unsup-path
If the path is not correct, don't fail due to existence check, fail d…
2016-01-23 14:05:32 -05:00
Jeff Mitchell 8b9fa042fe If the path is not correct, don't fail due to existence check, fail due to unsupported path 2016-01-23 14:05:09 -05:00
Raja Nadar d3434f8f03 clarify default mountpoint 2016-01-23 11:02:00 -08:00
Jeff Mitchell e9f067f8e0 Merge pull request #960 from rajanadar/patch-2
mention that this is an unauthenticated endpoint
2016-01-23 10:24:16 -05:00
Jeff Mitchell 3b7a533b5a Fix test on 1.6 by comparing to nil instead of a nil-defined map 2016-01-22 21:26:06 -05:00
Jeff Mitchell c7c8dc3f5b changelog++ 2016-01-22 21:24:25 -05:00
Jeff Mitchell 0003eb8506 Merge pull request #954 from hashicorp/backend-tainted-view
Allow backends to see taint status.
2016-01-22 21:23:12 -05:00
Raja Nadar 9b82736b9a fixed login link,request params,add json response
1. fix login link
2. added personal access token to request message
3. added a sample json response
2016-01-22 17:38:32 -08:00
Raja Nadar b0f33d4d19 mention that this is an unauthenticated endpoint 2016-01-22 17:10:16 -08:00
Jeff Mitchell cd4811e630 Merge pull request #957 from rajanadar/patch-1
update sys-init.html.md
2016-01-22 19:57:20 -05:00
Raja Nadar dac5997e14 update sys-init.html.md
change response field from 'initialize' to 'initialized'
2016-01-22 16:45:59 -08:00
Jeff Mitchell 12c00b97ef Allow backends to see taint status.
This can be seen via System(). In the PKI backend, if the CA is
reconfigured but not fully (e.g. an intermediate CSR is generated but no
corresponding cert set) and there are already leases (issued certs), the
CRL is unable to be built. As a result revocation fails. But in this
case we don't actually need revocation to be successful since the CRL is
useless after unmounting. By checking taint status we know if we can
simply fast-path out of revocation with a success in this case.

Fixes #946
2016-01-22 17:01:22 -05:00
Jeff Mitchell d663c46757 changelog++ 2016-01-22 13:09:21 -05:00
Jeff Mitchell 30732274b1 Merge pull request #953 from hashicorp/init-check
Add -check flag to init.
2016-01-22 13:08:31 -05:00
Jeff Mitchell d95adc731a Add -check flag to init.
Fixes #949
2016-01-22 13:06:40 -05:00
Jeff Mitchell babecad8ac changelog++ 2016-01-22 10:22:43 -05:00
Jeff Mitchell 757250ac14 Merge pull request #617 from hashicorp/f-passthrough-list
Basic list support
2016-01-22 10:15:08 -05:00
Jeff Mitchell 9cac7ccd0f Add some commenting 2016-01-22 10:13:49 -05:00
Jeff Mitchell 7b2407093b 0.7 -> 1.0 2016-01-22 10:07:32 -05:00
Jeff Mitchell 3955604d3e Address more list feedback 2016-01-22 10:07:32 -05:00
Jeff Mitchell 7d1d003ba0 Update documentation and use ParseBool for list query param checking 2016-01-22 10:07:32 -05:00
Jeff Mitchell eb847f4e36 Error out if trying to write to a directory path 2016-01-22 10:07:32 -05:00
Jeff Mitchell 8069fa7972 Address some listing review feedback 2016-01-22 10:07:32 -05:00
Jeff Mitchell be1b4c8a46 Only allow listing on folders and enforce this. Also remove string sorting from Consul backend as it's not a requirement and other backends don't do it. 2016-01-22 10:07:32 -05:00
Jeff Mitchell e412ac8461 Remove bare option, prevent writes ending in slash, and return an exact file match as "." 2016-01-22 10:07:32 -05:00
Jeff Mitchell 455931873a Address some review feedback 2016-01-22 10:07:32 -05:00
Jeff Mitchell 5341cb69cc Updates and documentation 2016-01-22 10:07:32 -05:00
Jeff Mitchell d17c3f4407 Fix body closing in List method 2016-01-22 10:07:32 -05:00
Jeff Mitchell 10c307763e Add list capability, which will work with the generic and cubbyhole
backends for the moment. This is pretty simple; it just adds the actual
capability to make a list call into both the CLI and the HTTP handler.
The real meat was already in those backends.
2016-01-22 10:07:32 -05:00
Jeff Mitchell 9042315973 Add handling of LIST verb to logical router 2016-01-22 10:07:32 -05:00
Jeff Mitchell d621d7ebe7 Add C# library and do some reorg on the library page 2016-01-22 10:03:02 -05:00
Jeff Mitchell 19e7266406 changelog++ 2016-01-21 16:30:50 -05:00
Jeff Mitchell fd52d8a975 Update godeps to include STS stuff in AWS and others 2016-01-21 16:27:36 -05:00
Jeff Mitchell 6d24a8c6ff Merge pull request #927 from urq/feature-sts
Adding STS to the aws backend
2016-01-21 15:43:39 -05:00
Dmitriy Gromov 70ef2e3398 STS now uses root vault user for keys
The secretAccessKeysRevoke revoke function now asserts that it is
not dealing with STS keys by checking a new internal data flag. Defaults
to IAM when the flag is not found.

Factored out genUsername into its own function to share between STS and
IAM secret creation functions.

Fixed bad call to "WriteOperation" instead of "UpdateOperation" in
aws/backend_test
2016-01-21 15:04:16 -05:00
Dmitriy Gromov 4abca91d66 Renamed sts duration to ttl and added STS permissions note. 2016-01-21 14:28:34 -05:00
Dmitriy Gromov 0b5e35c8cd documenting the new aws/sts endpoint 2016-01-21 14:05:10 -05:00
Dmitriy Gromov f251b13aaa Removing debug print statement from sts code 2016-01-21 14:05:10 -05:00
Dmitriy Gromov 1cf8153dfd Fixed duration type and added acceptance test for sts 2016-01-21 14:05:10 -05:00
Dmitriy Gromov 71afb7cff0 Configurable sts duration 2016-01-21 14:05:09 -05:00
Jack DeLoach 8fecccde21 Add STS path to AWS backend.
The new STS path allows for obtaining the same credentials that you would get
from the AWS "creds" path, except it will also provide a security token, and
will not have an annoyingly long propagation time before returning to the user.
2016-01-21 14:05:09 -05:00
Jeff Mitchell 0f0949ab06 Merge pull request #895 from nickithewatt/aws-prexisting-policies
Allow use of pre-existing policies for AWS users
2016-01-21 13:23:37 -05:00
Jeff Mitchell b2d2bb9545 Add generate-root info to changelog 2016-01-21 12:37:26 -05:00
Jeff Mitchell 9d032f46fd Merge pull request #915 from hashicorp/generate-root
Add the ability to generate root tokens via unseal keys.
2016-01-21 12:31:37 -05:00
Jeff Mitchell 9adfdfd6e7 Add -decode flag verification 2016-01-21 12:18:57 -05:00
Jeff Mitchell b2bde47b01 Pull out setting the root token ID; use the new ParseUUID method in
go-uuid instead, and revoke if there is an error.
2016-01-19 19:44:33 -05:00