luxolus/open-vault
2
0
Fork 0
Code Issues 1 Pull requests Releases Activity
2566 commits 1 branch 0 tags 214 MiB
Commit graph

2566 commits

This branch
This branch
All branches
Author SHA1 Message Date
Nicki Watt 35a0d28620 Docs for AWS backend when using an existing policy 2016-01-26 01:39:24 +00:00
Jeff Mitchell 3761f19932 changelog++ 2016-01-25 14:48:34 -05:00
Jeff Mitchell bb73d796ca Merge pull request #955 from hashicorp/postgres-idle-connections 
Add a max_idle_connections parameter.
 2016-01-25 14:47:28 -05:00
Jeff Mitchell 05e337727f Document changes 2016-01-25 14:47:16 -05:00
Jeff Mitchell 7390cd5264 Add a max_idle_connections parameter. 2016-01-25 14:47:07 -05:00
Jeff Mitchell 21d658c5fe Merge pull request #966 from hashicorp/sethvargo/sdata 
Add structured data
 2016-01-24 13:41:02 -05:00
Seth Vargo 64e521a68b Add structured data 2016-01-24 13:37:20 -05:00
Jeff Mitchell 59fc5d0f8d Merge pull request #964 from hashicorp/patched-1.5.3 
Add a Dockerfile to build 1.5.3 with patches.
 2016-01-23 20:11:02 -05:00
Jeff Mitchell b2ab68f814 Add a Dockerfile to build 1.5.3 with patches. 
Specifically this pulls in the following:

https://go-review.googlesource.com/12717
https://go-review.googlesource.com/17247

These fix bugs users have encountered -- the first with the PKI backend,
and the second with Vault generally, as it can bite any use of a
certificate within Vault (listener, cert credential backend, pki
backend).

These are in 1.6, but it will probably be released too late for us given
what is currently known about their release plans and our known
deadline. This lets us build our releases against a patched 1.5.3.
 2016-01-23 14:50:23 -05:00
Jeff Mitchell 0c2829d2a2 changelog++ 2016-01-23 14:46:20 -05:00
Jeff Mitchell abd9fe1b73 Merge pull request #961 from rajanadar/patch-3 
fixed login link,request params,add json response
 2016-01-23 14:45:27 -05:00
Jeff Mitchell e772a3e695 Merge pull request #963 from hashicorp/fail-unsup-path 
If the path is not correct, don't fail due to existence check, fail d…
 2016-01-23 14:05:32 -05:00
Jeff Mitchell 8b9fa042fe If the path is not correct, don't fail due to existence check, fail due to unsupported path 2016-01-23 14:05:09 -05:00
Raja Nadar d3434f8f03 clarify default mountpoint 2016-01-23 11:02:00 -08:00
Jeff Mitchell e9f067f8e0 Merge pull request #960 from rajanadar/patch-2 
mention that this is an unauthenticated endpoint
 2016-01-23 10:24:16 -05:00
Jeff Mitchell 3b7a533b5a Fix test on 1.6 by comparing to nil instead of a nil-defined map 2016-01-22 21:26:06 -05:00
Jeff Mitchell c7c8dc3f5b changelog++ 2016-01-22 21:24:25 -05:00
Jeff Mitchell 0003eb8506 Merge pull request #954 from hashicorp/backend-tainted-view 
Allow backends to see taint status.
 2016-01-22 21:23:12 -05:00
Raja Nadar 9b82736b9a fixed login link,request params,add json response 
1. fix login link
2. added personal access token to request message
3. added a sample json response
 2016-01-22 17:38:32 -08:00
Raja Nadar b0f33d4d19 mention that this is an unauthenticated endpoint 2016-01-22 17:10:16 -08:00
Jeff Mitchell cd4811e630 Merge pull request #957 from rajanadar/patch-1 
update sys-init.html.md
 2016-01-22 19:57:20 -05:00
Raja Nadar dac5997e14 update sys-init.html.md 
change response field from 'initialize' to 'initialized'
 2016-01-22 16:45:59 -08:00
Jeff Mitchell 12c00b97ef Allow backends to see taint status. 
This can be seen via System(). In the PKI backend, if the CA is
reconfigured but not fully (e.g. an intermediate CSR is generated but no
corresponding cert set) and there are already leases (issued certs), the
CRL is unable to be built. As a result revocation fails. But in this
case we don't actually need revocation to be successful since the CRL is
useless after unmounting. By checking taint status we know if we can
simply fast-path out of revocation with a success in this case.

Fixes #946
 2016-01-22 17:01:22 -05:00
Jeff Mitchell d663c46757 changelog++ 2016-01-22 13:09:21 -05:00
Jeff Mitchell 30732274b1 Merge pull request #953 from hashicorp/init-check 
Add -check flag to init.
 2016-01-22 13:08:31 -05:00
Jeff Mitchell d95adc731a Add -check flag to init. 
Fixes #949
 2016-01-22 13:06:40 -05:00
Jeff Mitchell babecad8ac changelog++ 2016-01-22 10:22:43 -05:00
Jeff Mitchell 757250ac14 Merge pull request #617 from hashicorp/f-passthrough-list 
Basic list support
 2016-01-22 10:15:08 -05:00
Jeff Mitchell 9cac7ccd0f Add some commenting 2016-01-22 10:13:49 -05:00
Jeff Mitchell 7b2407093b 0.7 -> 1.0 2016-01-22 10:07:32 -05:00
Jeff Mitchell 3955604d3e Address more list feedback 2016-01-22 10:07:32 -05:00
Jeff Mitchell 7d1d003ba0 Update documentation and use ParseBool for list query param checking 2016-01-22 10:07:32 -05:00
Jeff Mitchell eb847f4e36 Error out if trying to write to a directory path 2016-01-22 10:07:32 -05:00
Jeff Mitchell 8069fa7972 Address some listing review feedback 2016-01-22 10:07:32 -05:00
Jeff Mitchell be1b4c8a46 Only allow listing on folders and enforce this. Also remove string sorting from Consul backend as it's not a requirement and other backends don't do it. 2016-01-22 10:07:32 -05:00
Jeff Mitchell e412ac8461 Remove bare option, prevent writes ending in slash, and return an exact file match as "." 2016-01-22 10:07:32 -05:00
Jeff Mitchell 455931873a Address some review feedback 2016-01-22 10:07:32 -05:00
Jeff Mitchell 5341cb69cc Updates and documentation 2016-01-22 10:07:32 -05:00
Jeff Mitchell d17c3f4407 Fix body closing in List method 2016-01-22 10:07:32 -05:00
Jeff Mitchell 10c307763e Add list capability, which will work with the generic and cubbyhole 
backends for the moment. This is pretty simple; it just adds the actual
capability to make a list call into both the CLI and the HTTP handler.
The real meat was already in those backends.
 2016-01-22 10:07:32 -05:00
Jeff Mitchell 9042315973 Add handling of LIST verb to logical router 2016-01-22 10:07:32 -05:00
Jeff Mitchell d621d7ebe7 Add C# library and do some reorg on the library page 2016-01-22 10:03:02 -05:00
Jeff Mitchell 19e7266406 changelog++ 2016-01-21 16:30:50 -05:00
Jeff Mitchell fd52d8a975 Update godeps to include STS stuff in AWS and others 2016-01-21 16:27:36 -05:00
Jeff Mitchell 6d24a8c6ff Merge pull request #927 from urq/feature-sts 
Adding STS to the aws backend
 2016-01-21 15:43:39 -05:00
Dmitriy Gromov 70ef2e3398 STS now uses root vault user for keys 
The secretAccessKeysRevoke revoke function now asserts that it is
not dealing with STS keys by checking a new internal data flag. Defaults
to IAM when the flag is not found.

Factored out genUsername into its own function to share between STS and
IAM secret creation functions.

Fixed bad call to "WriteOperation" instead of "UpdateOperation" in
aws/backend_test
 2016-01-21 15:04:16 -05:00
Dmitriy Gromov 4abca91d66 Renamed sts duration to ttl and added STS permissions note. 2016-01-21 14:28:34 -05:00
Dmitriy Gromov 0b5e35c8cd documenting the new aws/sts endpoint 2016-01-21 14:05:10 -05:00
Dmitriy Gromov f251b13aaa Removing debug print statement from sts code 2016-01-21 14:05:10 -05:00
Dmitriy Gromov 1cf8153dfd Fixed duration type and added acceptance test for sts 2016-01-21 14:05:10 -05:00