Jeff Mitchell
cd86226845
Add forced revocation.
...
In some situations, it can be impossible to revoke leases (for instance,
if someone has gone and manually removed users created by Vault). This
can not only cause Vault to cycle trying to revoke them, but it also
prevents mounts from being unmounted, leaving them in a tainted state
where the only operations allowed are to revoke (or rollback), which
will never successfully complete.
This adds a new endpoint that works similarly to `revoke-prefix` but
ignores errors coming from a backend upon revocation (it does not ignore
errors coming from within the expiration manager, such as errors
accessing the data store). This can be used to force Vault to abandon
leases.
Like `revoke-prefix`, this is a very sensitive operation and requires
`sudo`. It is implemented as a separate endpoint, rather than an
argument to `revoke-prefix`, to ensure that control can be delegated
appropriately, as even most administrators should not normally have
this privilege.
Fixes #1135
2016-03-03 10:13:59 -05:00
Chris Hoffman
0b4a8f5b94
Adding mssql secret backend
2016-03-03 09:19:17 -05:00
Jeff Mitchell
6ed5d10580
Remove proxy function as it's unneeded now
2016-03-02 14:55:51 -05:00
Jeff Mitchell
8ecba87807
Merge pull request #1163 from hashicorp/mux-cleanup
...
Remove sys_policy from special handling as it's implemented in
2016-03-02 14:48:30 -05:00
Jeff Mitchell
9c47b8c0a7
Remove sys_policy from special handling as it's implemented in
...
logical_system too. Clean up the mux handlers.
2016-03-02 14:16:54 -05:00
Jeff Mitchell
7b4478faba
Add a sleep in the RedirectStandby test to try to fix raciness
2016-03-02 12:06:16 -05:00
Jeff Mitchell
32b91bd531
changelog++
2016-03-02 12:05:16 -05:00
Jeff Mitchell
8670f5ac9c
Merge pull request #1162 from hashicorp/dev-root-id
...
Allow specifying an initial root token ID in dev mode.
2016-03-02 12:04:25 -05:00
Jeff Mitchell
8011148fb5
Allow specifying an initial root token ID in dev mode.
...
Ping #1160
2016-03-02 12:03:26 -05:00
Jeff Mitchell
5b9c478a2c
changelog++
2016-03-01 20:27:08 -05:00
Jeff Mitchell
ac57c22fe0
Merge pull request #1156 from hashicorp/renew-self-CLI
...
Allow `token-renew` to not be given a token; it will then use the
2016-03-01 20:26:02 -05:00
Jeff Mitchell
521a956e4d
Address review feedback
2016-03-01 20:25:40 -05:00
vishalnayak
934123d9a3
changelog++
2016-03-01 17:18:20 -05:00
Jeff Mitchell
c438dd186a
changelog++
2016-03-01 17:12:14 -05:00
Jeff Mitchell
addf92e185
Allow token-renew
to not be given a token; it will then use the
...
renew-self endpoint. Otherwise it will use the renew endpoint, even if
the token matches the client token.
Adds an -increment flag to allow increments even with no token passed
in.
Fixes #1150
2016-03-01 17:02:48 -05:00
Vishal Nayak
f965d1d510
Merge pull request #1153 from hashicorp/cert-non-ca-fix
...
Non-CA cert registration to the cert backend
2016-03-01 16:56:59 -05:00
vishalnayak
44208455f6
continue if non-CA policy is not found
2016-03-01 16:43:51 -05:00
vishalnayak
9a3ddc9696
Added ExtKeyUsageAny, changed big.Int comparison and fixed code flow
2016-03-01 16:37:01 -05:00
vishalnayak
cc1592e27a
corrections, policy matching changes and test cert changes
2016-03-01 16:37:01 -05:00
vishalnayak
09eef70853
Added testcase for cert writes
2016-03-01 16:37:01 -05:00
vishalnayak
f056e8a5a5
supporting non-ca certs for verification
2016-03-01 16:37:01 -05:00
Jeff Mitchell
7c5f810bc0
Address first round of feedback
2016-03-01 15:30:37 -05:00
Jeff Mitchell
02362a5873
Update token documentation
2016-03-01 14:00:52 -05:00
Jeff Mitchell
8a500e0181
Add command and token store documentation for roles
2016-03-01 13:02:40 -05:00
Jeff Mitchell
54232eb980
Add other token role unit tests and some minor other changes.
2016-03-01 12:41:41 -05:00
Jeff Mitchell
df2e337e4c
Update tests to add expected role parameters
2016-03-01 12:41:40 -05:00
Jeff Mitchell
b8b59560dc
Add token role CRUD tests
2016-03-01 12:41:40 -05:00
Jeff Mitchell
ef990a3681
Initial work on token roles
2016-03-01 12:41:40 -05:00
vishalnayak
6314057b9a
fix typo
2016-03-01 11:48:17 -05:00
Vishal Nayak
89e778b2d0
Merge pull request #1154 from hashicorp/ssh-docs-fix
...
zeroaddress documentation fix
2016-03-01 11:22:45 -05:00
vishalnayak
fd585ecf8a
removed datatype and corrected a sentense
2016-03-01 11:21:29 -05:00
vishalnayak
724823b8f7
zeroaddress documentation fix
2016-03-01 10:57:00 -05:00
Jeff Mitchell
b5a8e5d724
Fix commenting
2016-02-29 20:29:04 -05:00
vishalnayak
aee006ba2d
moved the test cert keys to appropriate test-fixtures folder
2016-02-29 15:49:08 -05:00
Jeff Mitchell
64ab16d137
Don't spawn consul servers when testing unless it's an acceptance test
2016-02-29 14:58:06 -05:00
Jeff Mitchell
f6092f8311
Don't run transit fuzzing if not during acceptance tests
2016-02-29 14:44:04 -05:00
Jeff Mitchell
2205133ae4
Only run PKI backend setup functions when TF_ACC is set
2016-02-29 14:41:14 -05:00
Jeff Mitchell
d131d99c34
Merge branch 'master' into step-down
2016-02-29 11:02:09 -05:00
Vishal Nayak
88aefca25a
Merge pull request #1152 from hashicorp/cert-tests-fix
...
tls backend: replaced test certs and disabled InsecureSkipVerify
2016-02-29 10:41:55 -05:00
vishalnayak
cf672400d6
fixed the error log message
2016-02-29 10:41:10 -05:00
Jeff Mitchell
3cc35a554b
Update doc, it's now 10 seconds
2016-02-29 10:09:11 -05:00
vishalnayak
cc2c989b07
delete old certs
2016-02-28 22:21:45 -05:00
vishalnayak
dca18aec2e
replaced old certs, with new certs generated from PKI backend, containing IP SANs
2016-02-28 22:15:54 -05:00
Jeff Mitchell
6a980b88fd
Address review feedback
2016-02-28 21:51:50 -05:00
Jeff Mitchell
11ddd2290b
Provide 'sys/step-down' and 'vault step-down'
...
This endpoint causes the node it's hit to step down from active duty.
It's a noop if the node isn't active or not running in HA mode. The node
will wait one second before attempting to reacquire the lock, to give
other nodes a chance to grab it.
Fixes #1093
2016-02-26 19:43:55 -05:00
vishalnayak
d02d3124b5
fix api tests
2016-02-26 17:01:40 -05:00
Jeff Mitchell
4c87c101f7
Fix tests
2016-02-26 16:44:35 -05:00
Jeff Mitchell
a73c43564e
changelog++
2016-02-26 15:28:12 -05:00
Jeff Mitchell
a57cc9e1ff
Merge pull request #1144 from hashicorp/fix-cassandra-displayName-hyphens
...
Apply hyphen/underscore replacement across the entire username.
2016-02-26 15:27:20 -05:00
Jeff Mitchell
7ae573b35b
Apply hyphen/underscore replacement across the entire username.
...
Handles app-id generated display names.
Fixes #1140
2016-02-26 15:26:23 -05:00