16059b4e94
Fix policy lookup when entity is part of multiple groups ( #3524 )
2017-11-03 07:19:29 -04:00
a7acc23034
docs: Add config/ca delete operation ( #3525 )
2017-11-03 06:19:21 -04:00
783b38c9c4
Not storing the Nomad token as we have the accesor for administrative operations
2017-11-03 07:25:47 +00:00
4b572c064c
Overhauling the client method and attaching it to the backend
2017-11-03 07:19:49 +00:00
87c3fb2d54
changelog++
2017-11-02 17:41:52 -04:00
3a2440a651
Check input size to avoid a panic ( #3521 )
2017-11-02 16:40:52 -05:00
707e270f54
Added lookup endpoint for entity ( #3519 )
...
* Added lookup endpoint for entity
* Address review comments
2017-11-02 16:38:15 -04:00
0762ac14cf
aws_region->region on awskms config
2017-11-02 16:31:16 -04:00
7bae606662
External identity groups ( #3447 )
...
* external identity groups
* add local LDAP groups as well to group aliases
* add group aliases for okta credential backend
* Fix panic in tests
* fix build failure
* remove duplicated struct tag
* add test steps to test out removal of group member during renewals
* Add comment for having a prefix check in router
* fix tests
* s/parent_id/canonical_id
* s/parent/canonical in comments and errors
2017-11-02 16:05:48 -04:00
710243ab26
Fix some tests
2017-11-02 15:35:06 -04:00
595c9032c8
changelog++
2017-11-02 10:38:43 -04:00
d229d7d5b0
Redo API locking ( #3508 )
...
* Redo the API client quite a bit to make the behavior of NewClient more
predictable and add locking to make it safer to use with Clone() and if
multiple goroutines for some reason decide to change things.
Along the way I discovered that currently, the x/net/http2 package is
broke with the built-in h2 support in released Go. For those using
DefaultConfig (the vast majority of cases) this will be a non-event.
Others can manually call http2.ConfigureTransport as needed. We should
keep an eye on commits on that repo and consider more updates before
release. Alternately we could go back revisions but miss out on bug
fixes; my theory is that this is not a purposeful break and I'll be
following up on this in the Go issue tracker.
In a few tests that don't use NewTestCluster, either for legacy or other
reasons, ensure that http2.ConfigureTransport is called.
* Use tls config cloning
* Don't http2.ConfigureServer anymore as current Go seems to work properly without requiring the http2 package
* Address feedback
2017-11-02 09:30:04 -05:00
1ba4e828b4
Ensure revocation happens before seal/step-down since token store isn't ( #3500 )
...
available after when using single-use tokens.
Fixes #3497
2017-11-02 08:47:02 -05:00
3be99466d6
Change some instances of adding headers to setting headers, since really ( #3501 )
...
we want to replace anything that might be there (e.g. for request
forwarding and content-type).
Hopefully fixes #3485
2017-11-02 07:31:50 -05:00
3d8d887676
Add ability to require parameters in ACLs ( #3510 )
2017-11-02 07:18:49 -04:00
e0669746b6
Add seal type to seal-status output. ( #3516 )
2017-11-01 21:00:41 -05:00
e670447947
Use an atomic store in expiration loading test to fix race detector
2017-11-01 15:52:59 -04:00
859cdd35fd
fix deadlock while loading groups ( #3515 )
2017-11-01 14:14:21 -04:00
eb7a0c0e83
Refactoring readAcessConfig to return a single type of error instead of two
2017-11-01 08:49:31 +00:00
55dd69437a
Refactored config error to just have a single error exit path
2017-11-01 08:41:58 +00:00
5f748a1217
Ignoring userErr as it will be nil anyway
2017-11-01 07:41:58 +00:00
3ce4da75ac
tokenType can never be nil/empty string as there are default values
2017-11-01 07:36:14 +00:00
7f58c55fbc
changelog++
2017-10-31 21:59:33 -04:00
d548181d50
Fix memory leak when a connection would hit the cluster port and go away ( #3513 )
2017-10-31 20:58:45 -05:00
afb5d123b9
Should return an error if trying create a management token with policies attached
2017-10-31 21:12:14 +00:00
d540985926
Unifying Storage and API path in role
2017-10-31 21:06:10 +00:00
0fc65cabc7
Minor/Cosmetic fixes
2017-10-31 19:11:24 +00:00
7974be031c
Update CHANGELOG.md
2017-10-30 13:26:15 -07:00
7fed43c035
Add the ability to glob allowed roles in the Database Backend ( #3387 )
...
* Add the ability to glob allowed roles in the Database Backend
* Make the error messages better
* Switch to the go-glob repo
2017-10-30 13:24:25 -07:00
6680bab684
changelog++
2017-10-30 16:08:18 -04:00
7486df810c
Simplify TTL/MaxTTL logic in SSH CA paths and sane with the rest of how ( #3507 )
...
Vault parses/returns TTLs.
2017-10-30 15:05:47 -05:00
0345dca20f
Should these names not reference Vault? ( #3506 )
...
Since we are in the Vault docs, should these names not reference Vault instead of Nomad?
2017-10-30 11:04:38 -05:00
bb924a404f
Update seal type names
2017-10-27 17:28:50 -04:00
963f516ac9
Fix C&P in docs.
...
Fixes #3454
2017-10-27 16:43:26 -04:00
dc9d24c69c
Update kube stuff
2017-10-27 16:12:14 -04:00
343d1714c1
Bump deps
2017-10-27 15:06:04 -04:00
08d9353c60
Only call ConfigureTransport if "h2" is not already in NextProtos.
...
Fixes #3435
2017-10-27 14:08:30 -04:00
46afada06d
Only copy hooks if building from a git repo
...
Fixes #3498
2017-10-27 13:11:04 -04:00
d8e2179a42
Rejig some error messages in pki
2017-10-27 12:02:18 -04:00
f16e164753
changelog++
2017-10-27 11:29:30 -04:00
b16084fdaf
aws-ec2: Avoid audit logging of custom nonces ( #3381 )
2017-10-27 11:23:15 -04:00
c575435040
Updated cli arg to reflect text description ( #3487 )
2017-10-27 09:44:56 -05:00
a71add2973
Add a doc for the token helper ( #3411 )
...
* Add token helper docs.
* Update it so the new token helpers page appears in the navigation.
2017-10-27 09:42:33 -05:00
05db6937f3
changelog++
2017-10-26 15:30:55 -04:00
9b9c4db6fb
Merge pull request #3479 from hashicorp/issue-3476
...
Allow underscores at the start of directories in file backend.
2017-10-26 15:30:11 -04:00
0c8bda2061
Merge branch 'master' into issue-3476
2017-10-26 15:29:32 -04:00
8a610e1e78
Move underscore tests to file from physical testing
2017-10-26 15:29:10 -04:00
28b0db38cc
Revert couchdb changes
2017-10-26 15:27:20 -04:00
85500b5c3a
Change prefix to a string that can be specified, rather than a bool
2017-10-26 15:26:28 -04:00
7e32ac15ec
Add prefixing to couch to fix the error that was exposed
2017-10-26 15:26:28 -04:00
Chris Hoffman