Commit graph

2552 commits

Author SHA1 Message Date
Paul Seiffert 3a0ea3bcaa Add documentation for the DynamoDB backend 2016-01-08 17:34:31 +01:00
Paul Seiffert 99f7659bb4 Add recovery option to DynamoDB backend
When Vault is killed without the chance to clean up the lock
entry in DynamoDB, no further Vault nodes can become leaders after
that.

To recover from this situation, this commit adds an environment
variable and a configuration flag that when set to "1" causes Vault
to delete the lock entry from DynamoDB.
2016-01-08 17:31:37 +01:00
Paul Seiffert 8853e50691 Explicitly read AWS credentials from environment 2016-01-08 17:31:37 +01:00
Paul Seiffert 9618d95c4e Godeps: install new requirements from AWS SDK 2016-01-08 17:31:37 +01:00
Paul Seiffert 277de77256 Add tests for DynamoDB backend 2016-01-08 17:31:37 +01:00
Paul Seiffert 870bc6c5b4 Implement DynamoDB physical HA backend 2016-01-08 17:31:37 +01:00
Jeff Mitchell 87f686997f changelog++ 2016-01-07 11:36:32 -05:00
Jeff Mitchell c9f9bcdeaf Merge pull request #912 from hashicorp/fix-renew-regression
Have 'sys/renew' return the value provided in Secret.
2016-01-07 11:35:52 -05:00
Jeff Mitchell 455acc255b Have 'sys/renew' return the value provided in Secret.
Fixes a regression introduced in 0.3.
2016-01-07 11:35:09 -05:00
Jeff Mitchell 2412c078ac Also convert policy store cache to 2q.
Ping #908
2016-01-07 09:26:08 -05:00
Jeff Mitchell d6b6cbe9aa changelog++ 2016-01-07 09:22:45 -05:00
Jeff Mitchell 0cda012d20 Merge pull request #908 from hashicorp/physical-2q
Replace physical cache with TwoQueue instead of LRU.
2016-01-07 09:22:15 -05:00
Jeff Mitchell 287954beef Replace physical cache with TwoQueue instead of LRU. 2016-01-07 09:21:33 -05:00
Jeff Mitchell 85509e7ba5 Simplify some logic and ensure that if key share backup fails, we fail
the operation as well.

Ping #907
2016-01-06 13:14:23 -05:00
Jeff Mitchell 20a6f37b38 Merge pull request #907 from hashicorp/rekey-work
Add rekey nonce/backup.
2016-01-06 09:55:19 -05:00
Jeff Mitchell a094eedce2 Add rekey nonce/backup. 2016-01-06 09:54:35 -05:00
Jeff Mitchell d4bc51751e Fix typo in docs 2016-01-05 11:45:23 -05:00
Jeff Mitchell 06d19e4269 changelog++ 2016-01-05 11:27:08 -05:00
Jeff Mitchell d5c72f2083 Merge pull request #904 from hashicorp/policy-doc
Update documentation with policy fetching information.
2016-01-05 10:26:53 -06:00
Jeff Mitchell e54edd54ac Update documentation with policy fetching information. 2016-01-05 11:26:19 -05:00
Jeff Mitchell d51d723c1f Use int64 for converting time values, not int (will be float64 in JSON anyways, so no need to lose precision, plus could hit a 32-bit max in some edge cases) 2016-01-04 17:11:22 -05:00
Jeff Mitchell a99c29dad4 changelog++ 2016-01-04 17:01:32 -05:00
Jeff Mitchell 0972e60253 Merge pull request #896 from hashicorp/last-renewal-time
Store a last renewal time in the token entry and return it upon lookup
2016-01-04 16:00:21 -06:00
Jeff Mitchell e990b77d6e Address review feedback; move storage of these values to the expiration manager 2016-01-04 16:43:07 -05:00
Jonathan Thomas df5f5d68bd Merge pull request #888 from aedotj/patch-1
Fixed "edit this page" not clickable
2016-01-04 11:29:21 -08:00
Jeff Mitchell 80866d036d update init/rekey documentation around keybase entries 2016-01-04 14:17:51 -05:00
Jeff Mitchell dbd7c9aaab changelog++ 2016-01-04 14:14:51 -05:00
Jeff Mitchell bf79b716ef Merge pull request #901 from hashicorp/keybase-pgp
Add keybase support for PGP keys.
2016-01-04 13:11:11 -06:00
Jeff Mitchell 8d1e5cb50d Add returning which user names could not be looked up 2016-01-04 13:56:45 -05:00
Jeff Mitchell 5ddd243144 Store a last renewal time in the token entry and return it upon lookup
of the token.

Fixes #889
2016-01-04 11:20:49 -05:00
Jeff Mitchell 90ec946dab Address review feedback. 2016-01-04 11:18:04 -05:00
Jeff Mitchell d11509830f Happy New Year everyone! (Add keybase support for PGP keys.)
Keys specified in rekey and init operations can now be sourced from
keybase.io by using "keybase:[username]" as the key.
2015-12-31 20:47:41 -05:00
Jeff Mitchell 80d92903f4 changelog++ 2015-12-31 18:11:32 -05:00
Jeff Mitchell 2bbc140fab Merge pull request #900 from kenjones-cisco/task/pki-doc
Fixes mis-placed html tag
2015-12-31 09:46:27 -06:00
kenjones-cisco 496e9962d0 Fixes mis-placed html tag 2015-12-31 10:37:01 -05:00
Jeff Mitchell 5ef7efffe3 Disable cmd/server tests for now so we can get Travis back on track 2015-12-31 08:48:53 -05:00
Jeff Mitchell c642feebe2 Remove some outdated comments 2015-12-30 21:00:27 -05:00
Jeff Mitchell a7a02b3043 Cert documentation fix.
Fixes #899
2015-12-30 16:44:24 -05:00
Jeff Mitchell 7e93071404 Move the information about the new behavior of token-renew to the breaking changes section 2015-12-30 15:29:24 -05:00
Jeff Mitchell be4277199f changelog++ 2015-12-30 15:20:02 -05:00
Jeff Mitchell 06ee0caecc Merge pull request #897 from hashicorp/filter-duplicate-policies
Filter out duplicate policies during token creation.
2015-12-30 14:19:09 -06:00
Jeff Mitchell df68e3bd4c Filter out duplicate policies during token creation. 2015-12-30 15:18:30 -05:00
Jeff Mitchell e0d0ff6884 changelog++ 2015-12-30 14:43:51 -05:00
Jeff Mitchell 0c7122e956 Merge pull request #894 from hashicorp/renew-self-for-same-token
Use RenewSelf instead of Renew if the token is the same
2015-12-30 13:42:31 -06:00
Jeff Mitchell 0509ad9c29 Use RenewSelf instead of Renew if the token we're renewing is the same as the client 2015-12-30 14:41:50 -05:00
Nicki Watt 62c22a5f73 Updated AWS policy help messages 2015-12-30 19:41:07 +00:00
Jeff Mitchell 0ef4fadb25 changelog++ 2015-12-30 13:28:49 -05:00
Jeff Mitchell a6a002e39d Merge pull request #892 from nickithewatt/token-lookup
Make token-lookup functionality available via Vault CLI
2015-12-30 12:27:39 -06:00
Nicki Watt cd4ca21b58 Allow use of pre-existing policies for AWS users 2015-12-30 18:05:54 +00:00
Nicki Watt 442d538deb Make token-lookup functionality available via Vault CLI 2015-12-29 20:18:59 +00:00