7d20380c42
Merge pull request #1280 from hashicorp/remove-ts-revoke-prefix
...
Remove auth/token/revoke-prefix in favor of sys/revoke-prefix.
2016-04-01 09:48:52 -04:00
9a992f93f7
changelog++
2016-03-31 20:17:30 -04:00
2b2541e13f
Merge pull request #1277 from hashicorp/suprious-revoke-timer-logs
...
Keep the expiration manager from keeping old token entries.
2016-03-31 20:16:31 -04:00
2efaf5272c
Documentation update
2016-03-31 18:07:43 -04:00
2fd02b8dca
Remove auth/token/revoke-prefix in favor of sys/revoke-prefix.
2016-03-31 18:04:05 -04:00
7a6df4a8ab
changelog++
2016-03-31 17:43:44 -04:00
86ba95e1b2
Merge pull request #1278 from hashicorp/ts-prefix-checkpath
...
Check for auth/ in the path of the prefix for revoke-prefix in the token
2016-03-31 16:41:18 -04:00
7442867d53
Check for auth/ in the path of the prefix for revoke-prefix in the token
...
store.
2016-03-31 16:21:56 -04:00
25b2320899
changelog++
2016-03-31 15:38:21 -04:00
75650ec1ad
Keep the expiration manager from keeping old token entries.
...
The expiration manager would never be poked to remove token entries upon
token revocation, if that revocation was initiated in the token store
itself. It might have been to avoid deadlock, since during revocation of
tokens the expiration manager is called, which then calls back into the
token store, and so on.
This adds a way to skip that last call back into the token store if we
know that we're on the revocation path because we're in the middle of
revoking a token. That way the lease is cleaned up. This both prevents
log entries appearing for already-revoked tokens, and it also releases
timer/memory resources since we're not keeping the leases around.
2016-03-31 15:10:25 -04:00
1915582a24
Merge pull request #1276 from hashicorp/token-roles-blank-policies
...
Two items:
2016-03-31 15:09:32 -04:00
ddce1efd0d
Two items:
...
1: Fix path check in core to handle renew paths from the token store
that aren't simply renew/
2: Use token policy logic if token store role policies are empty
2016-03-31 14:52:49 -04:00
36215ab5df
Merge pull request #1275 from gdevos/patch-2
...
Update index.html.md
2016-03-31 14:35:06 +02:00
eadf2faf83
Update index.html.md
...
According to the source it is expecting a description. log_raw is one of the options.
2016-03-31 14:19:03 +02:00
cdf6e5d1ee
Merge pull request #1274 from gdevos/patch-1
...
Update index.html.md
2016-03-31 14:07:27 +02:00
13763203b6
Update index.html.md
...
description -> log_raw
2016-03-31 14:06:19 +02:00
7fd5a679ca
Fix potential error scoping issue.
...
Ping #1262
2016-03-30 19:48:23 -04:00
1be69ae235
Sort infokeys on startup and add more padding
2016-03-30 12:31:47 -04:00
e6d20d1356
Merge pull request #1271 from jangie/patch-1
...
Update consul.html.md
2016-03-30 10:14:29 -04:00
36d22a0c8d
Update consul.html.md
2016-03-30 09:57:14 -04:00
9932efea08
Merge pull request #1268 from hashicorp/fix-audit-doc
...
Fix audit docs
2016-03-30 00:55:39 -04:00
7a34cea28d
Fix audit docs
2016-03-30 00:54:40 -04:00
3cfcd4ddf1
Check for nil connection back from go-ldap, which apparently can happen even with no error
...
Ping #1262
2016-03-29 10:00:04 -04:00
bff4dace78
changelog++
2016-03-24 10:34:52 -04:00
37b5697779
Merge pull request #1258 from hashicorp/issue-1256
...
Properly check for policy equivalency during renewal.
2016-03-24 10:33:56 -04:00
c50276ec17
Fix using wrong var
2016-03-24 10:23:09 -04:00
17613f5fcf
Removing debugging comment
2016-03-24 09:48:13 -04:00
4c4a65ebd0
Properly check for policy equivalency during renewal.
...
This introduces a function that compares two string policy sets while
ignoring the presence of "default" (since it's added by core, not the
backend), and ensuring that ordering and/or duplication are not failure
conditions.
Fixes #1256
2016-03-24 09:41:51 -04:00
a64de522b9
Merge pull request #1255 from hashicorp/revert-1254-master
...
Revert "Change mysql connection to match new"
2016-03-23 15:18:49 -04:00
05b4c7102f
Revert "Change mysql connection to match new"
2016-03-23 15:18:09 -04:00
5399d0c087
Merge pull request #1254 from shokunin/master
...
Change mysql connection to match new
2016-03-23 15:13:18 -04:00
e27bcaf9a4
Change mysql connection to match new
...
Documentation update to reflect mysql config connection from the old to the newer format
2016-03-23 12:09:06 -07:00
5e15ebdb43
Merge pull request #1252 from adkhare/master
...
Update userpass.html.md
2016-03-23 10:54:10 -04:00
218a713293
Update userpass.html.md
2016-03-23 10:47:28 -04:00
90ebf0bf99
changelog++
2016-03-23 10:08:04 -04:00
27bf5b7048
Merge pull request #1251 from hashicorp/remove-usecsrvalues-isca-check
...
Remove check for using CSR values with non-CA certificate.
2016-03-23 10:07:07 -04:00
dfc5a745ee
Remove check for using CSR values with non-CA certificate.
...
The endpoint enforces whether the certificate is a CA or not anyways, so
this ends up not actually providing benefit and causing a bug.
Fixes #1250
2016-03-23 10:05:38 -04:00
528b25c5f4
Merge HA Backend objects
2016-03-21 16:56:13 -04:00
16f5a68a78
Merge pull request #1238 from jippi/patch-1
...
Update sys-step-down.html.md
2016-03-20 13:34:12 -04:00
ec0af1c71d
Update sys-step-down.html.md
2016-03-20 18:02:32 +01:00
574df68071
Merge pull request #1237 from ezbercih/patch-1
...
Fix a typo
2016-03-20 10:02:10 -04:00
7ad97279d5
Fix a typo
2016-03-19 21:24:17 -07:00
5edad1137a
Add some clarification to advertise_addr
2016-03-19 10:21:51 -04:00
72bb2b73d4
changelog++
2016-03-18 16:32:56 -04:00
afffbfc6a1
changelog++
2016-03-18 14:59:58 -04:00
87673976a8
Merge pull request #1233 from hashicorp/auth-token-restore
...
Restore the previous valid token if token authentication fails
2016-03-18 14:57:50 -04:00
119fa1653b
Restore the previous valid token if token authentication fails
2016-03-18 14:43:16 -04:00
034ffd8af3
Fix capabilities test case
2016-03-18 12:55:18 -04:00
71ef433649
changelog++
2016-03-18 12:43:00 -04:00
796dcc8090
Merge pull request #1221 from hashicorp/acl-sys-capabilities
...
Enfore ACLs for sys-capabilities endpoint
2016-03-18 12:44:37 -04:00
Jeff Mitchell