luxolus/open-vault
2
0
Fork 0
Code Issues 1 Pull requests Releases Activity
7154 commits 1 branch 0 tags 214 MiB
Commit graph

7154 commits

This branch
This branch
All branches
Author SHA1 Message Date
Brian Shumate a0d1092420 Conditionally set file audit log mode (#3649) 2017-12-07 11:44:15 -05:00
Mohsen 2aa576149c Small typo relating to no_store in pki secret backend (#3662) 
* Removed typo :)

* Corrected typo in the website related to no_store
 2017-12-07 10:40:21 -05:00
Vishal Nayak 0928a65c38
remove unused function (#3657) 2017-12-06 18:55:43 -05:00
Vishal Nayak 48ac5caaa9
Transit: Refactor internal representation of key entry map (#3652) 
* convert internal map to index by string

* Add upgrade test for internal key entry map

* address review feedback
 2017-12-06 18:24:00 -05:00
Jeff Mitchell 3e64757013 changelog++ 2017-12-06 16:51:08 -05:00
Dominik Müller bc523fc294 add allowed_names to cert-response (#3654) 2017-12-06 16:50:02 -05:00
Brian Kassouf 34f5d1e637 Remove the note about GKE from the Kubernetes docs (#3658) 2017-12-06 13:38:00 -05:00
Chris Hoffman 8732603a4f changelog++ 2017-12-06 12:32:00 -05:00
Chris Hoffman f966d20225
Adding ability to cache core values, cache transaction improvements (#3640) 2017-12-06 12:25:17 -05:00
Calvin Leung Huang 02706d62db changelog++ 2017-12-05 15:44:08 -05:00
Calvin Leung Huang 41f03b466a
Support MongoDB session-wide write concern (#3646) 
* Initial work on write concern support, set for the lifetime of the session

* Add base64 encoded value support, include docs and tests

* Handle error from json.Unmarshal, fix test and docs

* Remove writeConcern struct, move JSON unmarshal to Initialize

* Return error on empty mapping of write_concern into mgo.Safe struct
 2017-12-05 15:31:01 -05:00
Calvin Leung Huang 8f87854b86
Clarify api_addr related errors on VaultPluginTLSProvider (#3620) 
* Mention api_addr on VaultPluginTLSProvider logs, update docs

* Clarify message and mention automatic api_address detection

* Change error message to use api_addr

* Change error messages to use api_addr
 2017-12-05 12:01:35 -05:00
Jeff Mitchell 8f159b12b1
allowed/disallowed_policies as TypeCommaStringSlice (#3641) 
Our docs apparently claim that this is a list, but the code is
string-only. This fixes that discrepancy.
 2017-12-04 12:47:05 -05:00
Laura Uva 892a0cb5e0 Update example payload and response for pem_keys field which needs \n after header and before footer in order to be accepted as a valid RSA or ECDSA public key (#3632) 2017-12-04 12:12:58 -05:00
Brian Shumate 5a9d8c60ac Docs: Update /sys/policies/ re: beta refs to address #3624 (#3629) 2017-12-04 12:10:26 -05:00
Jeff Mitchell e301ebe91b
Update secrets page 
Fixes #3623
 2017-12-04 12:05:34 -05:00
Jeff Mitchell f762d0615e
Remove beta notice 2017-12-04 08:25:16 -08:00
Chris Hoffman b17fb19b52 Expanding on the quick start guide with how to set up an intermediate authority (#3622) 2017-12-04 11:23:58 -05:00
Brian Shumate ac69680d7b Docs: mlock() notes, fixes #3605 (#3614) 2017-12-04 10:56:16 -05:00
crdotson fd2464c410 Fix spelling (#3609) 
changed "aomma" to "comma"
 2017-12-04 10:53:58 -05:00
Chris White 80745793ea Add command to example to register plugin (#3601) 
The example command to register the plugin into the plugin catalog was missing the command.
 2017-12-04 10:52:30 -05:00
csawyerYumaed 605efa37e9 update relatedtools, add Goldfish UI. (#3597) 
Add link to Goldfish a  web UI for Vault.
 2017-12-04 10:51:16 -05:00
Paul Pieralde ff2c8d4865 Fix docs for Transit API (#3588) 2017-12-04 10:34:05 -05:00
Jeff Mitchell d81a39ab99 Update cassandra docs with consistency value. 
Fixes #3361
 2017-12-02 14:18:23 -05:00
Marc Sensenich 92f937c021 Remove Trailing White space in Kubernetes Doc (#3360) 
Removed a trailing white space from which caused `Error loading data: Invalid key/value pair ' ': format must be key=value` if copying the example

```
vault write auth/kubernetes/role/demo \
    bound_service_account_names=vault-auth \
    bound_service_account_namespaces=default \
    policies=default \
    ttl=1h
```
 2017-12-02 14:12:39 -05:00
immutability 74bd27bdb5 Missing command for vault PUT operation (#3355) 2017-12-02 13:43:37 -05:00
Jeff Mitchell f79a15ddcd Update some rekey docs 
Fixes #3306
 2017-12-02 13:34:52 -05:00
Jeff Mitchell f8a7f4b7d9 changelog++ 2017-12-01 17:11:58 -05:00
Jeff Mitchell 20320cd71e
Move location of quit channel closing in exp manager (#3638) 
* Move location of quit channel closing in exp manager

If it happens after stopping timers any timers firing before all timers
are stopped will still run the revocation function. With plugin
auto-crash-recovery this could end up instantiating a plugin that could
then try to unwrap a token from a nil token store.

This also plumbs in core so that we can grab a read lock during the
operation and check standby/sealed status before running it (after
grabbing the lock).

* Use context instead of checking core values directly

* Use official Go context in a few key places
 2017-12-01 17:08:38 -05:00
Jeff Mitchell bfc37f0847
Re-add some functionality lost during last dep update (#3636) 2017-12-01 10:18:26 -05:00
Jeff Mitchell 548629e8ef Port over some changes 2017-11-30 09:43:07 -05:00
Jeff Mitchell 45d4facb29 Add some delay to postgres create user test to verify expiration isn't immediate 2017-11-30 09:35:47 -05:00
Nicolas Corrarello b5fd1ce953
Adding SealWrap configuration, protecting the config/access path 
Signed-off-by: Nicolas Corrarello <nicolas@corrarello.com>
 2017-11-29 21:53:21 +00:00
Nicolas Corrarello 7b14f41872
Fix docs up to current standards 
Signed-off-by: Nicolas Corrarello <nicolas@corrarello.com>
 2017-11-29 16:53:42 +00:00
Nicolas Corrarello b3799697a2
Rename policy into policies 2017-11-29 16:31:17 +00:00
Nicolas Corrarello 0d8f812dc8
Checking if client is not nil before deleting token 
Signed-off-by: Nicolas Corrarello <nicolas@corrarello.com>
 2017-11-29 16:23:03 +00:00
Nicolas Corrarello 239a9a9985
%q quotes automatically 
Signed-off-by: Nicolas Corrarello <nicolas@corrarello.com>
 2017-11-29 16:19:31 +00:00
Nicolas Corrarello 62fe10204a
Refactoring check for empty accessor as per Vishals suggestion 
Signed-off-by: Nicolas Corrarello <nicolas@corrarello.com>
 2017-11-29 15:58:39 +00:00
Nicolas Corrarello a6d3119e3e
Pull master into f-nomad 
Signed-off-by: Nicolas Corrarello <nicolas@corrarello.com>
 2017-11-29 15:56:37 +00:00
Nicolas Corrarello 89466815ba
Return an error if accesor_id is nil 
Signed-off-by: Nicolas Corrarello <nicolas@corrarello.com>
 2017-11-29 15:18:03 +00:00
Nicolas Corrarello 031f244922
Returning nil config if is actually nil, and catching the error before creating the client in backend.go 
Signed-off-by: Nicolas Corrarello <nicolas@corrarello.com>
 2017-11-29 11:15:54 +00:00
Nicolas Corrarello 2a4f63e4a5
Moving LeaseConfig function to path_config_lease.go 
Signed-off-by: Nicolas Corrarello <nicolas@corrarello.com>
 2017-11-29 11:07:17 +00:00
Nicolas Corrarello 4f91a71c29
Return error before creating a client if conf is nil 2017-11-29 11:01:31 +00:00
Nicolas Corrarello e2be4bfd74
Sanitizing error outputs 2017-11-29 10:58:02 +00:00
Nicolas Corrarello 604ead3a37
Renaming tokenRaw to accessorIDRaw to avoid confusion, as the token is not being used for revoking itself 2017-11-29 10:48:55 +00:00
Nicolas Corrarello 34b5919931
Updating descriptions, defaults for roles 2017-11-29 10:44:40 +00:00
Nicolas Corrarello fc81d8a07c
Validating that Address and Token are provided in path_config_access.go 2017-11-29 10:36:34 +00:00
Nicolas Corrarello aab72464d6
Removing legacy field scheme that belonged to the Consul API 2017-11-29 10:29:39 +00:00
Brian Kassouf 6c0eb32cd0
changelog++ 2017-11-28 10:23:22 -08:00
Brian Kassouf 24b449e6c6
database/mysql: Allow the creation statement to use commands that are… (#3619) 
* database/mysql: Allow the creation statement to use commands that are not yet supported by the prepare statement protocol

* Remove unnecessary else block
 2017-11-28 10:19:49 -08:00