448efd56fa
Merge branch 'master' into pki-csrs
2015-12-08 10:57:53 -05:00
dab0049d0e
Changelogify
2015-12-07 13:22:24 -05:00
1dbfcc3b45
Merge branch 'master' into pki-csrs
2015-12-03 15:23:08 -05:00
3bdbd66f7d
Remove datacenter from Consul configuration, as it cannot actually do
...
anything
Fixes #816
2015-12-03 15:16:37 -05:00
4eec9d69e8
Change allowed_base_domain to allowed_domains and allow_base_domain to
...
allow_bare_domains, for comma-separated multi-domain support.
2015-11-30 23:49:11 -05:00
b6c49ddf01
Remove token display names from input options as there isn't a viable
...
use-case for it at the moment
2015-11-30 18:07:42 -05:00
ee8e143555
Add PKI enhancements to Changelog
2015-11-20 13:18:07 -05:00
1c7157e632
Reintroduce the ability to look up obfuscated values in the audit log
...
with a new endpoint '/sys/audit-hash', which returns the given input
string hashed with the given audit backend's hash function and salt
(currently, always HMAC-SHA256 and a backend-specific salt).
In the process of adding the HTTP handler, this also removes the custom
HTTP handlers for the other audit endpoints, which were simply
forwarding to the logical system backend. This means that the various
audit functions will now redirect correctly from a standby to master.
(Tests all pass.)
Fixes #784
2015-11-18 20:26:03 -05:00
29135b65ca
Changelogify
2015-11-18 10:34:50 -05:00
bc4c18a1cf
Rearchitect MountTable locking and fix rollback.
...
The rollback manager was using a saved MountTable rather than the
current table, causing it to attempt to rollback unmounted mounts, and
never rollback new mounts.
In fixing this, it became clear that bad things could happen to the
mount table...the table itself could be locked, but the table pointer
(which is what the rollback manager needs) could be modified at any time
without locking. This commit therefore also returns locking to a mutex
outside the table instead of inside, and plumbs RLock/RUnlock through to
the various places that are reading the table but not holding a write
lock.
Both unit tests and race detection pass.
Fixes #771
2015-11-11 11:54:52 -05:00
1a45696208
Add no-default-policy flag and API parameter to allow exclusion of the
...
default policy from a token create command.
2015-11-09 17:30:50 -05:00
d6693129de
Create a "default" policy with sensible rules.
...
It is forced to be included with each token, but can be changed (but not
deleted).
Fixes #732
2015-11-09 15:44:09 -05:00
8673f36b34
Don't require root tokens for mount and policy endpoints.
2015-11-09 15:29:21 -05:00
75f1c1e40c
Print version on startup.
...
Fixes #765
2015-11-09 13:52:55 -05:00
5783f547ab
Display whether a token is an orphan on lookup.
2015-11-09 13:19:59 -05:00
b1a445dfbf
Changelogify
2015-11-06 09:22:30 -05:00
fde0bbf4b3
Merge pull request #752 from hashicorp/issue-749
...
Fix removing secondary index from exp manager.
2015-11-05 19:43:11 -05:00
a121941925
Merge pull request #751 from hashicorp/issue-618
...
Move environment variable reading logic to API.
2015-11-05 19:42:16 -05:00
08dbc70c9f
Switch etcd default port to 2379, in line with 2.x.
...
Fixes #753
2015-11-05 09:47:50 -05:00
395d6bead4
Fix removing secondary index from exp manager.
...
Due to a typo, revoking ensures that index entries are created rather
than removed. This adds a failing, then fixed test case (and helper
function) to ensure that index entries are properly removed on revoke.
Fixes #749
2015-11-04 10:50:31 -05:00
32e23bea71
Move environment variable reading logic to API.
...
This allows the same environment variables to be read, parsed, and used
from any API client as was previously handled in the CLI. The CLI now
uses the API environment variable reading capability, then overrides any
values from command line flags, if necessary.
Fixes #618
2015-11-04 10:28:00 -05:00
f8c13ed69f
Changelog++
2015-11-04 09:42:07 -05:00
54d47957b5
Allow creating Consul management tokens
...
Fixes #714
2015-11-03 15:29:58 -05:00
a4322afedb
Merge pull request #746 from hashicorp/issue-677
...
Add a PermitPool to physical and consul/inmem
2015-11-03 15:26:58 -05:00
4f6ad849b8
Merge pull request #703 from hashicorp/crlsets
...
Implement CRLs for the cert authentication backend
2015-11-03 15:13:08 -05:00
6ccded7a2f
Add ability to create orphan tokens from the API
2015-11-03 15:12:21 -05:00
bf2e553785
Add a PermitPool to physical and consul/inmem
...
The permit pool controls the number of outstanding operations that can
be queued for Consul (and inmem, for testing purposes). This prevents
possible situations where Vault launches thousands of concurrent
connections to Consul if e.g. a huge number of leases need to be
expired.
Fixes #677
2015-11-03 11:49:20 -05:00
c7493fca65
Changelogify
2015-11-03 11:43:57 -05:00
59cc61cc79
Add documentation for CRLs and some minor cleanup.
2015-11-03 10:52:20 -05:00
195caa6bf6
Implement LookupSelf, RevokeSelf, and RenewSelf in the API client
...
Fixes #739
2015-10-30 17:27:33 -04:00
1899bd8ef0
Merge pull request #730 from hashicorp/issue-713
...
Write HMAC-SHA256'd client token to audited requests
2015-10-30 13:36:22 -04:00
ffa196da0e
Note that the dev server does not fork
...
Fixes #710 .
2015-10-30 12:47:56 -04:00
64eacd1564
Merge pull request #737 from hashicorp/issue-615
...
Return data on a token with one use left if there is no Lease ID
2015-10-30 12:42:19 -04:00
a0c5a24c79
Update Postgres tests and changelogify
2015-10-30 12:41:45 -04:00
94b7be702b
Return data on a token with one use left if there is no Lease ID
...
Fixes #615
2015-10-30 12:35:42 -04:00
cf4b88c196
Write HMAC-SHA256'd client token to audited requests
...
Fixes #713
2015-10-29 13:26:18 -04:00
e2d4a5fe0f
Documentation update around path/key name encryption.
...
Make it clear that path/key names in generic are not encrypted.
Fixes #697
2015-10-29 11:21:40 -04:00
85d4dd6a1d
Check TTL provided to generic backend on write
...
If existing entries have unparseable TTLs, return the value plus a
warning, rather than an error.
Fixes #718
2015-10-29 11:05:21 -04:00
c1d8b97342
Add reset support to the unseal command.
...
Reset clears the provided unseal keys, allowing the process to be begun
again. Includes documentation and unit test changes.
Fixes #695
2015-10-28 15:59:39 -04:00
9026b5c127
Update changelog
2015-10-23 09:18:03 -04:00
691f9e9b92
Rewrap changelog
2015-10-20 12:57:42 -04:00
ffe531923d
Changelogify
2015-10-20 12:31:01 -04:00
35a7f0de22
Add '.' to GenericNameRegex; it cannot appear as the first or last
...
character. This allows its usage in a number of extra path-based
variables.
Ping #244
2015-10-13 16:04:10 -04:00
78b5fcdf51
Serialize changing the state of the expiration manager pointer and
...
calling emitMetrics from its own goroutine.
Fixes #694
2015-10-12 16:33:54 -04:00
9f0b1547bb
Allow disabling the physical storage cache with 'disable_cache'.
...
Fixes #674 .
2015-10-12 13:00:32 -04:00
55c26a909e
Documentation updates to remove lease id and duration from generic
...
backend example.
2015-10-12 10:01:15 -04:00
5fbaa0e64d
Apply mount-tune properties to the token authentication backend.
...
Fixes #688 .
2015-10-09 20:26:39 -04:00
ee92124357
Fix output of token-create help to use ttl instead of lease
2015-10-09 19:40:30 -04:00
b5d674d94e
Add 301 redirect checking to the API client.
...
Vault doesn't generate these, but in some cases Go's internal HTTP
handler does. For instance, during a mount-tune command, finishing the
mount path with / (as in secret/) would cause the final URL path to
contain .../mounts/secret//tune. The double slash would trigger this
behavior in Go's handler and generate a 301. Since Vault generates 307s,
this would cause the client to think that everything was okay when in
fact nothing had happened.
2015-10-09 17:11:31 -04:00
bf70b677b7
Add timeout to changelog
2015-10-08 19:47:16 -04:00
d58a3b601c
Add a cleanLeaderPrefix function to clean up stale leader entries in core/leader
...
Fixes #679 .
2015-10-08 14:04:58 -04:00
0ca86fa2cd
Changelogify
2015-10-07 16:18:39 -04:00
50b9129e65
Normalize policy names to lowercase on write. They are not currently
...
normalized when reading or deleting, for backwards compatibility.
Ping #676 .
2015-10-07 13:52:21 -04:00
4a52de13e3
Add renew-self endpoint.
...
Fixes #455 .
2015-10-07 12:49:13 -04:00
ad840233eb
Allow base64-encoded keys to be used on the CLI for init/rekey.
...
Fixes #653 .
2015-10-06 12:47:01 -04:00
de571c304d
Add changelog entries for 0.3.1 and bump version in CLI
2015-10-06 11:03:55 -04:00
6fe4139ac3
Changelogify++
2015-09-29 19:03:43 -07:00
6a7e87d471
Changelogify
2015-09-29 19:01:45 -07:00
62ac518ae7
Switch per-mount values to strings going in and seconds coming out, like other commands. Indicate deprecation of 'lease' in the token backend.
2015-09-25 10:41:21 -04:00
af27a99bb7
Remove JWT for the 0.3 release; it needs a lot of rework.
2015-09-24 16:23:44 -04:00
8fa7d3bd0b
Add revoke-self to docs
2015-09-24 12:05:00 -04:00
fb7c05d7f6
Reorder changelog slightly
2015-09-24 10:55:32 -04:00
07288b3dcb
Forgot to add JWT to the chnangelog
2015-09-23 14:26:31 -04:00
0454d04097
Minor typo fix
2015-09-23 10:07:55 -04:00
44166bb241
Update Changelog to 0.3
2015-09-22 11:44:28 -04:00
9860ea9e46
Update godeps
2015-09-22 10:15:06 -04:00
9f9f53adbf
CHANGELOG updates
2015-08-17 12:18:14 -07:00
2d32b0a1ca
Cutting v0.2.0
2015-07-13 19:40:01 +10:00
190400a456
CHANGELOG updates
2015-07-13 19:34:11 +10:00
8a4d6487f4
CHANGELOG updates
2015-07-13 17:08:30 +10:00
334dbe430c
CHANGELOG updates
2015-07-08 16:58:25 -06:00
eb51cdb8c8
CHANGELOG update is bolded
2015-07-06 11:20:55 -06:00
9abc602215
CHANGELOG updates
2015-07-06 11:19:59 -06:00
de51ba0997
CHANGELOG update
2015-07-06 10:51:50 -06:00
0521c6df6c
http: support ?standbyok for 200 status on standby. Fixes #389
2015-07-02 17:49:35 -07:00
3f189f2c57
CHANGELOG updates
2015-07-01 16:53:00 -07:00
c249bc46e4
update CHANGELOG
2015-06-16 10:00:38 -07:00
644caf74c4
update CHANGELOG
2015-05-13 10:35:20 -07:00
afbe744629
v0.1.2
2015-05-11 11:29:07 -07:00
8acc0fb9d3
update CHANGELOG
2015-05-11 11:28:22 -07:00
b0c688cb8b
update CHANGELOG
2015-05-11 11:01:52 -07:00
42d6b2a916
http: allow header for auth token [GH-124]
2015-05-11 10:56:58 -07:00
0cea01607b
update CL
2015-05-11 10:46:11 -07:00
3337e9bd45
CL update
2015-05-11 10:43:03 -07:00
1ee09f7cdf
update CL
2015-05-11 10:31:47 -07:00
0e5217faf4
update CL
2015-05-11 10:28:11 -07:00
1ee7218796
update CL
2015-05-11 10:14:36 -07:00
2ef43005e8
update CHANGELOG
2015-05-11 10:10:56 -07:00
4e3e60b4c4
update CL
2015-05-11 10:09:21 -07:00
48e3835b4a
update CHANGELOG
2015-05-11 10:06:36 -07:00
eaac7a6dd3
up version for dev
2015-05-02 13:37:26 -07:00
44862e0819
update CHANGELOG
2015-05-02 13:34:39 -07:00
deab183cbd
token/disk: write token with 0600
2015-05-02 13:34:01 -07:00
8ff38717eb
v0.1.1
2015-05-02 13:29:32 -07:00
727e0e90cd
vault: validate advertise addr is valid URL [GH-106]
2015-05-02 13:28:33 -07:00
83af64dbd1
update cHANGELOG
2015-05-02 13:21:51 -07:00
81b12660c5
logical/framework: PathMap allows hyphens in keys [GH-119]
2015-05-02 13:17:42 -07:00
2eba902d0d
update CHANGELOG
2015-05-02 13:12:09 -07:00
d4155ef9d8
api: human friendly error for TLS [GH-123]
2015-05-02 13:08:35 -07:00
fcde0fa942
update CHANGELOG
2015-04-29 11:30:00 -07:00
fb7053bbb2
update CHANGELOG
2015-04-29 09:59:05 -07:00
97285af6b8
update CHANGELOG
2015-04-28 18:56:44 -07:00
74888ff179
update CHANGELOG
2015-04-28 15:12:20 -07:00
2961712e6e
update CHANGELOG
2015-04-28 14:54:14 -07:00
f31fa990a1
up version for dev
2015-04-28 14:45:38 -07:00
c92aed4ac0
Add CHANGELOG
2015-04-28 09:12:09 -07:00
Jeff Mitchell