Jeff Mitchell
1a45696208
Add no-default-policy flag and API parameter to allow exclusion of the
...
default policy from a token create command.
2015-11-09 17:30:50 -05:00
Jeff Mitchell
32e23bea71
Move environment variable reading logic to API.
...
This allows the same environment variables to be read, parsed, and used
from any API client as was previously handled in the CLI. The CLI now
uses the API environment variable reading capability, then overrides any
values from command line flags, if necessary.
Fixes #618
2015-11-04 10:28:00 -05:00
Jeff Mitchell
195caa6bf6
Implement LookupSelf, RevokeSelf, and RenewSelf in the API client
...
Fixes #739
2015-10-30 17:27:33 -04:00
Jeff Mitchell
c1d8b97342
Add reset support to the unseal command.
...
Reset clears the provided unseal keys, allowing the process to be begun
again. Includes documentation and unit test changes.
Fixes #695
2015-10-28 15:59:39 -04:00
Jeff Mitchell
22c65c0c07
Use cleanhttp instead of bare http.Client
2015-10-22 14:37:12 -04:00
Jeff Mitchell
cba4e82682
Don't use http.DefaultClient
...
This strips out http.DefaultClient everywhere I could immediately find
it. Too many things use it and then modify it in incompatible ways.
Fixes #700 , I believe.
2015-10-15 17:54:00 -04:00
Jeff Mitchell
b8455be005
Support and use TTL instead of lease for token creation
2015-10-09 19:52:13 -04:00
Jeff Mitchell
b5d674d94e
Add 301 redirect checking to the API client.
...
Vault doesn't generate these, but in some cases Go's internal HTTP
handler does. For instance, during a mount-tune command, finishing the
mount path with / (as in secret/) would cause the final URL path to
contain .../mounts/secret//tune. The double slash would trigger this
behavior in Go's handler and generate a 301. Since Vault generates 307s,
this would cause the client to think that everything was okay when in
fact nothing had happened.
2015-10-09 17:11:31 -04:00
Dejan Golja
87c84db51b
Increase default timeout to 30s which should allow for any operation
...
to complete.
2015-10-09 00:53:35 +11:00
Dejan Golja
ea17b85d94
added a sensible default timeout for the vault client
2015-10-08 18:44:00 +11:00
Jeff Mitchell
c7cec2aabc
Add unit tests
2015-10-07 20:17:06 -04:00
Jeff Mitchell
d740fd4a6a
Add the ability for warnings to be added to responses. These are
...
marshalled into JSON or displayed from the CLI depending on the output
mode. This allows conferring information such as "no such policy exists"
when creating a token -- not an error, but something the user should be
aware of.
Fixes #676
2015-10-07 16:18:39 -04:00
Alexey Grachov
2bb6ec1e18
Fix some lint warnings.
2015-09-29 10:35:16 +03:00
Jeff Mitchell
62ac518ae7
Switch per-mount values to strings going in and seconds coming out, like other commands. Indicate deprecation of 'lease' in the token backend.
2015-09-25 10:41:21 -04:00
Jeff Mitchell
f489c1c24e
Ensure that the response body of logical calls is closed, even if there is an error.
2015-09-14 18:22:33 -04:00
Jeff Mitchell
ace611d56d
Address items from feedback. Make MountConfig use values rather than
...
pointers and change how config is read to compensate.
2015-09-10 15:09:54 -04:00
Jeff Mitchell
488d33c70a
Rejig how dynamic values are represented in system view and location of some functions in various packages; create mount-tune command and API analogues; update documentation
2015-09-10 15:09:54 -04:00
Jeff Mitchell
4239f9d243
Add DynamicSystemView. This uses a pointer to a pointer to always have
...
up-to-date information. This allows remount to be implemented with the
same source and dest, allowing mount options to be changed on the fly.
If/when Vault gains the ability to HUP its configuration, this should
just work for the global values as well.
Need specific unit tests for this functionality.
2015-09-10 15:09:54 -04:00
Jeff Mitchell
696d0c7b1d
Plumb per-mount config options through API
2015-09-10 15:09:53 -04:00
Jeff Mitchell
2002406155
Rather than use http.DefaultClient, which is simply &http.Client{},
...
create our own. This avoids some potential client race conditions when
they are setting values on the Vault API client while the default client
is being used elsewhere in other goroutines, as was seen in
consul-template.
2015-09-03 13:47:20 -04:00
Jeff Mitchell
bc2d914905
Change variable name for clarity
2015-09-03 13:38:24 -04:00
Jeff Mitchell
c56fd6b3fc
Remove redirect handling code that was never being executed (redirects are manually handled within RawRequest). Add a sync.Once to fix a potential data race with setting the CheckRedirect function on the default http.Client
2015-09-03 13:34:45 -04:00
Jeff Mitchell
099deb4392
Merge pull request #587 from hashicorp/sethvargo/auth_token_tests
...
Add test coverage for auth tokens
2015-09-03 11:26:14 -04:00
Seth Vargo
4b33a1669b
Add test coverage for auth tokens
2015-09-03 10:57:17 -04:00
Seth Vargo
6f248425a6
Update documentation around cookies
2015-09-03 10:36:59 -04:00
Mike Sample
e847fbd596
corrected two typos
2015-08-27 00:05:19 -07:00
Jeff Mitchell
cc232e6f79
Address comments from review.
2015-08-25 15:33:58 -07:00
Jeff Mitchell
c887df93cc
Add support for pgp-keys argument to rekey, as well as tests, plus
...
refactor common bits out of init.
2015-08-25 14:52:13 -07:00
Jeff Mitchell
2f3e245b0b
Add support for "pgp-tokens" parameters to init.
...
There are thorough unit tests that read the returned
encrypted tokens, seal the vault, and unseal it
again to ensure all works as expected.
2015-08-25 14:52:13 -07:00
Jeff Mitchell
a8ef0e8a80
Remove cookie authentication.
2015-08-21 19:46:23 -07:00
vishalnayak
2da717fd8b
Vault SSH: Adding the missed out config file
2015-08-20 11:30:21 -07:00
vishalnayak
251cd997ad
Vault SSH: TLS client creation test
2015-08-18 19:00:27 -07:00
vishalnayak
b91ebbc6e2
Vault SSH: Documentation update and minor refactoring changes.
2015-08-17 18:22:03 -07:00
vishalnayak
330ef396ca
Vault SSH: Default lease of 5 min for SSH secrets
2015-08-12 17:10:35 -07:00
vishalnayak
2d23ffe3d2
Vault SSH: Exposed verify request/response messges to agent
2015-08-12 13:22:48 -07:00
vishalnayak
212afb5d9e
Vault SSH: Moved agent's client creation code to Vault's source
2015-08-12 13:09:32 -07:00
vishalnayak
9c8f4d0322
Vault SSH: Moved SSH agent config to Vault's source
2015-08-12 12:52:21 -07:00
vishalnayak
f84347c542
Vault SSH: Added SSHAgent API
2015-08-12 10:48:58 -07:00
vishalnayak
e782717ba8
Vault SSH: Renamed path with mountPoint
2015-08-12 10:30:50 -07:00
vishalnayak
33d7ef71b9
Vault SSH: Fixed constructor of SSH api
2015-08-12 09:56:17 -07:00
vishalnayak
93dfa67039
Merging changes from master
2015-08-12 09:28:16 -07:00
Seth Vargo
4c5a527dad
Remove Sys.Login (unused)
2015-08-11 13:04:11 -04:00
vishalnayak
61c9f884a4
Vault SSH: Review Rework
2015-07-29 14:21:36 -04:00
Vishal Nayak
b532ee0bf4
Vault SSH: Dynamic Key test case fix
2015-07-24 12:13:26 -04:00
Vishal Nayak
791a250732
Vault SSH: Support OTP key type from CLI
2015-07-23 17:20:28 -04:00
Vishal Nayak
27e66e175f
Merge branch 'master' of https://github.com/hashicorp/vault into vishalvault
2015-07-17 17:22:17 -04:00
Armon Dadgar
9e6a0ffe1b
api: fixing 404 handling of GetPolicy
2015-07-13 19:20:00 +10:00
Vishal Nayak
ad9a0da9c4
Merge branch 'master' of https://github.com/hashicorp/vault into vishalvault
2015-07-10 16:18:08 -06:00
Jeff Mitchell
e9730e4491
Fix nil dereference reading policies with a failing connection (for instance, bad cert)
2015-07-10 14:22:33 -04:00
Vishal Nayak
170dae7f91
Vault SSH: Revoking key after SSH session from CLI
2015-07-06 11:05:02 -04:00
Vishal Nayak
a1e2705173
Vault SSH: PR review rework
2015-07-02 17:23:09 -04:00
Vishal Nayak
d691a95531
Vault SSH: PR review rework - 1
2015-07-01 11:58:49 -04:00
Vishal Nayak
91ed2dcdc2
Refactoring changes
2015-06-29 22:00:08 -04:00
Vishal Nayak
8c15e2313b
ssh/lookup implementation and refactoring
2015-06-25 21:47:32 -04:00
Vishal Nayak
b237a3bcc2
POC: Rework. Doing away with policy file.
2015-06-24 18:13:12 -04:00
Vishal Nayak
303a7cef9a
Received OTK in SSH client. Forked SSH process from CLI. Added utility file for SSH.
2015-06-17 20:33:03 -04:00
Vishal Nayak
3ed73d98c2
Added: Ssh CLI command and API, config lease impl, sshConnect path to backend, http handler for Ssh connect
2015-06-17 12:39:49 -04:00
Jeff Mitchell
2de991ac7a
The docs say that if HttpClient is nil, http.DefaultClient will be used. However, the code doesn't do this, resulting in a nil dereference.
2015-06-04 14:01:10 -04:00
boncheff
5f15d1e5cc
Update SPEC.md
2015-06-02 14:51:43 +01:00
Armon Dadgar
84618a2fde
api: Support the rekey endpoints
2015-05-28 14:37:20 -07:00
Armon Dadgar
efcdfd0066
api: Adding Rotate and KeyStatus
2015-05-27 18:05:23 -07:00
Seth Vargo
fc2ac74c5f
Improve error message when TLS is disabled
...
Fixes #198
2015-05-14 10:33:38 -04:00
Mitchell Hashimoto
d4155ef9d8
api: human friendly error for TLS [GH-123]
2015-05-02 13:08:35 -07:00
Seth Vargo
ee6963ee01
Use lowercase JSON keys for client_token
2015-04-24 12:00:00 -04:00
Seth Vargo
cc25b8b15c
Remove api dependency on http package
2015-04-23 19:58:44 -04:00
Seth Vargo
e5fca055f7
Use VAULT_ADDR instead
2015-04-23 11:46:22 -04:00
Seth Vargo
835e14dda0
Add docs
2015-04-23 11:45:37 -04:00
Seth Vargo
b421689ab4
Read environment variables for VAULT_HTTP_ADDR and VAULT_TOKEN
2015-04-23 11:43:20 -04:00
Seth Vargo
3fa76e0ea9
Use a pointer config instead
2015-04-23 11:13:52 -04:00
Armon Dadgar
39cb908662
api: Support sys/leader endpoint
2015-04-20 12:04:13 -07:00
Armon Dadgar
fbaca87f56
api: Support redirect for HA
2015-04-20 11:30:35 -07:00
Armon Dadgar
57f3ceac14
api: Allow reseting of request body
2015-04-20 10:44:51 -07:00
Mitchell Hashimoto
fb3645214c
command/token-create: add display name and one time use
2015-04-19 18:08:08 -07:00
Mitchell Hashimoto
58d476edd0
command/token-renew
2015-04-19 18:04:01 -07:00
Mitchell Hashimoto
0ebf2508e0
command/policy-delete
2015-04-19 16:36:11 -07:00
Mitchell Hashimoto
2bd9223247
api: update docs
2015-04-13 20:42:07 -07:00
Mitchell Hashimoto
0cc0fb066b
command/renew
2015-04-13 20:42:07 -07:00
Armon Dadgar
466c7575d3
Replace VaultID with LeaseID for terminology simplification
2015-04-08 13:35:32 -07:00
Mitchell Hashimoto
7442bc1ef6
command/delete
2015-04-07 11:15:20 -07:00
Mitchell Hashimoto
3001c245e5
api: Logical delete
2015-04-07 11:04:56 -07:00
Mitchell Hashimoto
f2ee82a17f
command/remount
2015-04-07 10:46:47 -07:00
Mitchell Hashimoto
62f4d1dd0e
credential/github: CLI handler
2015-04-06 09:53:43 -07:00
Mitchell Hashimoto
2744d84e0b
api: make API a bit nicer
2015-04-04 17:54:16 -07:00
Mitchell Hashimoto
5d105b0cc8
api: client library methods to get tokens
2015-04-04 17:53:59 -07:00
Mitchell Hashimoto
2c1d334156
http: fix tests
2015-04-04 17:42:19 -07:00
Mitchell Hashimoto
aabcaee0c0
api: add auth information to results
2015-04-04 15:40:41 -07:00
Mitchell Hashimoto
2e3d6d6a0e
command/help
2015-04-02 22:42:05 -07:00
Mitchell Hashimoto
3caedf19bd
api: help
2015-04-02 22:26:45 -07:00
Mitchell Hashimoto
020af2fac2
http: help
2015-04-02 22:26:45 -07:00
Mitchell Hashimoto
d4ef9a552f
api: audit methods
2015-04-01 18:38:25 -07:00
Mitchell Hashimoto
a3d1502c2d
api: SPEC
2015-04-01 18:16:31 -07:00
Mitchell Hashimoto
db6a7ab7ce
api: policy methods
2015-04-01 17:59:50 -07:00
Mitchell Hashimoto
c25b7010d9
http: all policy endpoints
2015-04-01 17:59:50 -07:00
Mitchell Hashimoto
fce856d19c
http: list policies
2015-04-01 17:43:58 -07:00
Mitchell Hashimoto
f21da26766
command/auth-enable
2015-04-01 17:09:11 -07:00
Mitchell Hashimoto
36691190cc
api: fix compile
2015-03-31 20:29:20 -07:00
Mitchell Hashimoto
6cbe88cf99
api: fix auth API
2015-03-31 20:28:05 -07:00
Mitchell Hashimoto
aba7fc1910
http: auth handlers
2015-03-31 20:24:51 -07:00
Mitchell Hashimoto
214218a993
api: RevokePrefix
2015-03-31 19:23:52 -07:00
Mitchell Hashimoto
bbaa137f4e
command/revoke: revoke
2015-03-31 19:21:02 -07:00