Jeff Mitchell
aa3d6dc85b
Add allow_base_domain to control whether or not the actual base domain is allowed as a cert common name and/or DNS SAN
2015-11-19 09:51:17 -05:00
Jeff Mitchell
7d2730d370
Add email protection flag plumbing and tests; don't call generate bundle when making an intermediate CSR since everything is now ignored
2015-11-19 09:51:17 -05:00
Jeff Mitchell
b3eb5c4957
Add sign method (untested)
2015-11-19 09:51:17 -05:00
Jeff Mitchell
6ea626e9ad
Don't show field names when not needed
2015-11-19 09:51:17 -05:00
Jeff Mitchell
1cec03d9ca
Implement CA cert/CSR generation. CA certs can be self-signed or
...
generate an intermediate CSR, which can be signed.
2015-11-19 09:51:17 -05:00
Jeff Mitchell
45e7e61d71
Update audit documentation around what hash is used
2015-11-18 10:42:42 -05:00
Jeff Mitchell
7ab0c2e917
Update deps
2015-11-18 10:36:57 -05:00
Jeff Mitchell
29135b65ca
Changelogify
2015-11-18 10:34:50 -05:00
Jeff Mitchell
4a1a02a123
Merge pull request #780 from vicki-c/master
...
Port to new etcd client with TLS support
2015-11-18 10:33:09 -05:00
Vicki Cheung
eb464ed79d
rejecting etcd addresses without url scheme
2015-11-17 15:18:50 -08:00
Vicki Cheung
4a3bcc2adc
adding check in etcd backend to validate machine urls
2015-11-16 14:35:04 -08:00
Vicki Cheung
dc4374ab79
adding etcd client dependencies
2015-11-16 13:30:27 -08:00
Vicki Cheung
dfe284af43
adding PermitPool to etcd backend
2015-11-15 22:38:21 -08:00
Vicki Cheung
a21c8fab26
porting to new etcd client
2015-11-15 22:12:06 -08:00
Jeff Mitchell
0b3c7b177a
Merge pull request #775 from hashicorp/issue-771
...
Rearchitect MountTable locking and fix rollback.
2015-11-15 17:33:30 -05:00
Jeff Mitchell
bece637eb7
Address feedback from review
2015-11-15 17:32:57 -05:00
Jeff Mitchell
bc4c18a1cf
Rearchitect MountTable locking and fix rollback.
...
The rollback manager was using a saved MountTable rather than the
current table, causing it to attempt to rollback unmounted mounts, and
never rollback new mounts.
In fixing this, it became clear that bad things could happen to the
mount table...the table itself could be locked, but the table pointer
(which is what the rollback manager needs) could be modified at any time
without locking. This commit therefore also returns locking to a mutex
outside the table instead of inside, and plumbs RLock/RUnlock through to
the various places that are reading the table but not holding a write
lock.
Both unit tests and race detection pass.
Fixes #771
2015-11-11 11:54:52 -05:00
Jeff Mitchell
fa646a1eb1
Bump version to 0.4-dev instead of 0.3.1-dev
2015-11-10 10:28:40 -05:00
Jeff Mitchell
847707f4af
Merge pull request #772 from hashicorp/origin/new_header
...
New Header Redesign
2015-11-10 10:16:49 -05:00
captainill
28ae7b2466
edit this page
2015-11-09 21:10:49 -08:00
captainill
d931c62d94
sidebar
2015-11-09 21:08:05 -08:00
captainill
2af4092734
redesign header bulk
2015-11-09 20:58:06 -08:00
Jeff Mitchell
201adad4ae
Merge pull request #762 from hashicorp/issue-732
...
Create a "default" policy with sensible rules.
2015-11-09 17:44:09 -05:00
Jeff Mitchell
1a45696208
Add no-default-policy flag and API parameter to allow exclusion of the
...
default policy from a token create command.
2015-11-09 17:30:50 -05:00
Jeff Mitchell
d6693129de
Create a "default" policy with sensible rules.
...
It is forced to be included with each token, but can be changed (but not
deleted).
Fixes #732
2015-11-09 15:44:09 -05:00
Jeff Mitchell
1a621b7000
Minor test fix
2015-11-09 15:37:30 -05:00
Jeff Mitchell
c9e3699751
Merge pull request #769 from hashicorp/issue-769
...
Don't require root tokens for mount and policy endpoints.
2015-11-09 15:29:56 -05:00
Jeff Mitchell
8673f36b34
Don't require root tokens for mount and policy endpoints.
2015-11-09 15:29:21 -05:00
Jeff Mitchell
5d5d58ffe4
Fix unmount help output
2015-11-09 15:23:49 -05:00
Jeff Mitchell
9d9bf9f2f8
Merge pull request #768 from hashicorp/issue-765
...
Print version on startup.
2015-11-09 13:53:33 -05:00
Jeff Mitchell
75f1c1e40c
Print version on startup.
...
Fixes #765
2015-11-09 13:52:55 -05:00
Jeff Mitchell
3717b31b63
Merge pull request #766 from hashicorp/issue-766
...
Display whether a token is an orphan on lookup.
2015-11-09 13:20:42 -05:00
Jeff Mitchell
5783f547ab
Display whether a token is an orphan on lookup.
2015-11-09 13:19:59 -05:00
Jeff Mitchell
10913e2e6b
Update cert documentation to note requiring sudo access.
2015-11-06 16:09:42 -05:00
Jeff Mitchell
f098e1dd07
Tag with dev for builds
2015-11-06 13:39:30 -05:00
Jeff Mitchell
7aa3faa626
Rename core's 'policy' to 'policyStore' for clarification
2015-11-06 12:07:42 -05:00
Jeff Mitchell
b987c47c9e
Merge pull request #759 from hashicorp/remove-root-warning
...
Remove warning about nonexistent root policy by using GetPolicy instead
2015-11-06 11:37:39 -05:00
Jeff Mitchell
7d8371c4a3
Remove warning about nonexistent root policy by using GetPolicy instead
...
of the listing function.
2015-11-06 11:36:40 -05:00
Jeff Mitchell
ffa879d6e2
Update S3 docs
2015-11-06 09:26:09 -05:00
Jeff Mitchell
b1a445dfbf
Changelogify
2015-11-06 09:22:30 -05:00
Jeff Mitchell
601f85a934
Merge pull request #758 from ys/s3-bucket-config-var
...
Allow s3 bucket to come from config vars
2015-11-06 09:21:35 -05:00
Yannick
8a594a7f61
Allow s3 bucket to come from config vars
2015-11-06 14:05:29 +01:00
Greg Brockman
141a71974a
Correct typo in comment
2015-11-06 00:41:14 -08:00
Greg Brockman
171bd84330
Add support for etcd over TLS
2015-11-06 00:41:14 -08:00
Jeff Mitchell
fde0bbf4b3
Merge pull request #752 from hashicorp/issue-749
...
Fix removing secondary index from exp manager.
2015-11-05 19:43:11 -05:00
Jeff Mitchell
a121941925
Merge pull request #751 from hashicorp/issue-618
...
Move environment variable reading logic to API.
2015-11-05 19:42:16 -05:00
Jeff Mitchell
483f4f8b8d
Add canonical import path to main package for those using golang-builder
2015-11-05 16:44:20 -05:00
Jeff Mitchell
26572d3798
Merge pull request #754 from hashicorp/issue-753
...
Switch etcd default port to 2379, in line with 2.x.
2015-11-05 09:48:26 -05:00
Jeff Mitchell
08dbc70c9f
Switch etcd default port to 2379, in line with 2.x.
...
Fixes #753
2015-11-05 09:47:50 -05:00
Jeff Mitchell
9fff3a350d
Don't use the semaphore library as it's racy; instead use a simple
...
buffered channel. Passes all tests, including inmem, which uses it.
2015-11-04 12:27:13 -05:00