Commit graph

1920 commits

Author SHA1 Message Date
Sam Handler b274e94413 Add Makefile 2015-09-24 13:51:25 -07:00
Jeff Mitchell af27a99bb7 Remove JWT for the 0.3 release; it needs a lot of rework. 2015-09-24 16:23:44 -04:00
Jeff Mitchell f10343921b Start rejigging JWT 2015-09-24 16:20:22 -04:00
Jeff Mitchell e38c21e0ca Documentation fix for global TTLs 2015-09-24 12:17:26 -04:00
Jeff Mitchell 8fa7d3bd0b Add revoke-self to docs 2015-09-24 12:05:00 -04:00
Jeff Mitchell fb7c05d7f6 Reorder changelog slightly 2015-09-24 10:55:32 -04:00
Jeff Mitchell cc62bec8b4 Merge pull request #642 from dol/fix/jwt-docs
Fixes docs for new JWT secret backend
2015-09-24 10:55:00 -04:00
Dominic Luechinger 89511e6977 Fixes docs for new JWT secret backend 2015-09-24 16:47:17 +02:00
Jeff Mitchell 07288b3dcb Forgot to add JWT to the chnangelog 2015-09-23 14:26:31 -04:00
Jeff Mitchell 0454d04097 Minor typo fix 2015-09-23 10:07:55 -04:00
Jeff Mitchell 9231476428 Bump version to v0.3.0-rc 2015-09-22 13:29:29 -04:00
Jeff Mitchell bf6b0b89c4 Add Dockerfile to build a cross-compilation container 2015-09-22 13:19:58 -04:00
Jeff Mitchell fb7e7bfa7b Bump Travis go version 2015-09-22 11:52:20 -04:00
Jeff Mitchell 44166bb241 Update Changelog to 0.3 2015-09-22 11:44:28 -04:00
Jeff Mitchell e3d1222dd7 Update deps 2015-09-22 11:44:21 -04:00
Jeff Mitchell 3e881d18d5 Merge pull request #637 from Banno/pg-username-doc-fix
docs: pg username not prefixed with vault-
2015-09-22 11:23:40 -04:00
Spencer Herzberg 54c62fe5aa docs: pg username not prefixed with vault-
due to
05fa4a4a48,
vault no longer prefixes the username with `vault-`
2015-09-22 10:14:47 -05:00
Jeff Mitchell 9860ea9e46 Update godeps 2015-09-22 10:15:06 -04:00
Jeff Mitchell c694c7d31d Fix situation where a new required singleton backend would not be activated upon upgrade. 2015-09-21 17:54:36 -04:00
Jeff Mitchell 8f7e56b81d Merge pull request #631 from hashicorp/remove-generic-leases
Don't use leases on the generic backend
2015-09-21 16:57:57 -04:00
Jeff Mitchell 81e535dc2d Minor updates to passthrough and additional tests 2015-09-21 16:57:41 -04:00
Jeff Mitchell e7dfb4f943 Use 'ttl_seconds' in CLI output so as not to shadow actual 'ttl' parameter 2015-09-21 16:37:37 -04:00
Jeff Mitchell 425e286f90 If there's no lease, output ttl instead of lease_duration 2015-09-21 16:37:37 -04:00
Jeff Mitchell 15e1a2281d If lease_duration is not zero, output it even if there is no lease. 2015-09-21 16:37:37 -04:00
Jeff Mitchell 47e8c0070a Don't use leases on the generic backend...with a caveat.
You can now turn on and off the lease behavior in the generic backend by
using one of two factories. Core uses the normal one if it's not already
set, so unit tests can use the custom one and all stay working.

This also adds logic into core to check, when the response is coming
from a generic backend, whether that backend has leases enabled. This
adds some slight overhead.
2015-09-21 16:37:37 -04:00
Jeff Mitchell a5f52f43b1 Minor doc update to SSH 2015-09-21 16:26:07 -04:00
Jeff Mitchell d7b8ab4380 Use the stable-website branch for documentation pushes, to allow us to update the documentation async from releases. 2015-09-21 16:20:36 -04:00
Jeff Mitchell 29c722dbb6 Enhance SSH backend documentation; remove getting of stored keys and have TTLs honor backends systemview values 2015-09-21 16:14:30 -04:00
Jeff Mitchell 3eb38d19ba Update transit backend documentation, and also return the min decryption
value in a read operation on the key.
2015-09-21 16:13:43 -04:00
Jeff Mitchell ca33cd8423 Add API endpoint documentation to cubbyhole 2015-09-21 16:13:36 -04:00
Jeff Mitchell 273f13fb41 Add API endpoint documentation to generic 2015-09-21 16:13:29 -04:00
Vishal Nayak d526c8ce1c Merge pull request #629 from hashicorp/token-create-sudo
TokenStore: Provide access based on sudo permissions and not policy name
2015-09-21 10:12:29 -04:00
vishalnayak 1a01ab3608 Take ClientToken instead of Policies 2015-09-21 10:04:03 -04:00
Jeff Mitchell ab7d35b95e Fix up per-backend timing logic; also fix error in TypeDurationSecond in
GetOkErr.
2015-09-21 09:55:03 -04:00
Jeff Mitchell 59ba17c601 Add clarity to the lease concepts document. 2015-09-21 08:56:26 -04:00
Jeff Mitchell 5172965850 Merge pull request #630 from hashicorp/barrier-pathing
Bump AESGCM version; include path in the GCM tags.
2015-09-21 08:39:30 -04:00
Jeff Mitchell 455b6dafdc Merge pull request #632 from hashicorp/sethvargo/faster_deploy
Use a faster middleman deploy
2015-09-20 14:36:40 -04:00
Seth Vargo 92e3c02f06 Use a faster middleman deploy 2015-09-20 14:09:35 -04:00
vishalnayak 3b51ee1c48 Using core's logger 2015-09-19 19:01:36 -04:00
vishalnayak 02485e7175 Abstraced SudoPrivilege to take list of policies 2015-09-19 18:23:44 -04:00
vishalnayak a2799b235e Using acl.RootPrivilege and rewrote mockTokenStore 2015-09-19 17:53:24 -04:00
Jeff Mitchell c5ddfbc391 Bump AESGCM version; include path in the GCM tags. 2015-09-19 17:04:37 -04:00
vishalnayak b6d47dd784 fix broken tests 2015-09-19 12:33:52 -04:00
Jeff Mitchell 68c268a6f0 Allow tuning of auth mounts, to set per-mount default/max lease times 2015-09-19 11:50:50 -04:00
Jeff Mitchell bf8a1e2b71 Merge pull request #627 from hashicorp/enhance-audit-security
Enhance audit security with hmac-sha256 on secrets
2015-09-19 11:30:30 -04:00
Jeff Mitchell c8a0eda224 Use hmac-sha256 for protecting secrets in audit entries 2015-09-19 11:29:31 -04:00
vishalnayak fb77ec3623 TokenStore: Provide access based on sudo permissions and not policy name 2015-09-19 11:14:51 -04:00
Jeff Mitchell 8d71601221 Changes to salt to clean up HMAC stuff. 2015-09-18 18:13:10 -04:00
Jeff Mitchell 5dde76fa1c Expand HMAC support in Salt; require an identifier be passed in to specify type but allow generation with and without. Add a StaticSalt ID for testing functions. Fix bugs; unit tests pass. 2015-09-18 17:38:30 -04:00
Jeff Mitchell b655f6b858 Add HMAC capability to salt. Pass a salt into audit backends. Require it for audit.Hash. 2015-09-18 17:38:22 -04:00