Jeff Mitchell
d7b8ab4380
Use the stable-website branch for documentation pushes, to allow us to update the documentation async from releases.
2015-09-21 16:20:36 -04:00
Jeff Mitchell
29c722dbb6
Enhance SSH backend documentation; remove getting of stored keys and have TTLs honor backends systemview values
2015-09-21 16:14:30 -04:00
Jeff Mitchell
3eb38d19ba
Update transit backend documentation, and also return the min decryption
...
value in a read operation on the key.
2015-09-21 16:13:43 -04:00
Jeff Mitchell
ca33cd8423
Add API endpoint documentation to cubbyhole
2015-09-21 16:13:36 -04:00
Jeff Mitchell
273f13fb41
Add API endpoint documentation to generic
2015-09-21 16:13:29 -04:00
Vishal Nayak
d526c8ce1c
Merge pull request #629 from hashicorp/token-create-sudo
...
TokenStore: Provide access based on sudo permissions and not policy name
2015-09-21 10:12:29 -04:00
vishalnayak
1a01ab3608
Take ClientToken instead of Policies
2015-09-21 10:04:03 -04:00
Jeff Mitchell
ab7d35b95e
Fix up per-backend timing logic; also fix error in TypeDurationSecond in
...
GetOkErr.
2015-09-21 09:55:03 -04:00
Jeff Mitchell
59ba17c601
Add clarity to the lease concepts document.
2015-09-21 08:56:26 -04:00
Jeff Mitchell
5172965850
Merge pull request #630 from hashicorp/barrier-pathing
...
Bump AESGCM version; include path in the GCM tags.
2015-09-21 08:39:30 -04:00
Jeff Mitchell
455b6dafdc
Merge pull request #632 from hashicorp/sethvargo/faster_deploy
...
Use a faster middleman deploy
2015-09-20 14:36:40 -04:00
Seth Vargo
92e3c02f06
Use a faster middleman deploy
2015-09-20 14:09:35 -04:00
vishalnayak
3b51ee1c48
Using core's logger
2015-09-19 19:01:36 -04:00
vishalnayak
02485e7175
Abstraced SudoPrivilege to take list of policies
2015-09-19 18:23:44 -04:00
vishalnayak
a2799b235e
Using acl.RootPrivilege and rewrote mockTokenStore
2015-09-19 17:53:24 -04:00
Jeff Mitchell
c5ddfbc391
Bump AESGCM version; include path in the GCM tags.
2015-09-19 17:04:37 -04:00
vishalnayak
b6d47dd784
fix broken tests
2015-09-19 12:33:52 -04:00
Jeff Mitchell
68c268a6f0
Allow tuning of auth mounts, to set per-mount default/max lease times
2015-09-19 11:50:50 -04:00
Jeff Mitchell
bf8a1e2b71
Merge pull request #627 from hashicorp/enhance-audit-security
...
Enhance audit security with hmac-sha256 on secrets
2015-09-19 11:30:30 -04:00
Jeff Mitchell
c8a0eda224
Use hmac-sha256 for protecting secrets in audit entries
2015-09-19 11:29:31 -04:00
vishalnayak
fb77ec3623
TokenStore: Provide access based on sudo permissions and not policy name
2015-09-19 11:14:51 -04:00
Jeff Mitchell
8d71601221
Changes to salt to clean up HMAC stuff.
2015-09-18 18:13:10 -04:00
Jeff Mitchell
5dde76fa1c
Expand HMAC support in Salt; require an identifier be passed in to specify type but allow generation with and without. Add a StaticSalt ID for testing functions. Fix bugs; unit tests pass.
2015-09-18 17:38:30 -04:00
Jeff Mitchell
b655f6b858
Add HMAC capability to salt. Pass a salt into audit backends. Require it for audit.Hash.
2015-09-18 17:38:22 -04:00
Jeff Mitchell
d775445efe
Store token creation time and TTL. This can be used to properly populate
...
fields in 'lookup-self'. Importantly, this also makes credential
backends use the SystemView per-backend TTL values and fixes unit tests
to expect this.
Fully fixes #527
2015-09-18 16:39:35 -04:00
Jeff Mitchell
61e331200c
Merge pull request #626 from hashicorp/f-transit-enhancements
...
Enhancements to the transit backend
2015-09-18 14:48:24 -04:00
Jeff Mitchell
01ee6c4fe1
Move no_plaintext to two separate paths for datakey.
2015-09-18 14:41:05 -04:00
Jeff Mitchell
448249108c
Add datakey generation to transit.
...
Can specify 128 bits (defaults to 256) and control whether or not
plaintext is returned (default true).
Unit tests for all of the new functionality.
2015-09-18 14:41:05 -04:00
Jeff Mitchell
61398f1b01
Remove enable/disable and make deletion_allowed a configurable property. On read, return the version and creation time of each key
2015-09-18 14:41:05 -04:00
Jeff Mitchell
801e531364
Enhance transit backend:
...
* Remove raw endpoint from transit
* Add multi-key structure
* Add enable, disable, rewrap, and rotate functionality
* Upgrade functionality, and record creation time of keys in metadata. Add flag in config function to control the minimum decryption version, and enforce that in the decrypt function
* Unit tests for everything
2015-09-18 14:41:05 -04:00
Jeff Mitchell
9c5dcac90c
Make TLS backend honor SystemView default values. Expose lease TTLs on read. Make auth command show lease TTL if one exists. Addresses most of #527
2015-09-18 14:01:28 -04:00
Vishal Nayak
e27b824dcb
Merge pull request #623 from hashicorp/userpass-renewal
...
Vault userpass: Enable renewals for login tokens
2015-09-17 16:41:09 -04:00
vishalnayak
1f53376ae6
Userpass Bk: Added tests for TTL duration verifications
2015-09-17 16:33:26 -04:00
vishalnayak
a2e88414f5
Throw error if system view boundaries are violated
2015-09-17 15:47:36 -04:00
vishalnayak
4332eb9d05
Vault userpass: Enable renewals for login tokens
2015-09-17 14:35:50 -04:00
Jeff Mitchell
8f79e8be82
Add revoke-self endpoint.
...
Fixes #620 .
2015-09-17 13:22:30 -04:00
Vishal Nayak
5b6d6bf79a
Merge pull request #624 from hashicorp/vault-i583
...
CLI: Avoiding CR when printing specific fields
2015-09-17 11:47:51 -04:00
vishalnayak
fdf05e8ead
Adding type checking to ensure only BasicUi is affected
2015-09-17 11:37:21 -04:00
vishalnayak
7f640c4374
Error on violating SysView boundaries
2015-09-17 11:24:46 -04:00
vishalnayak
e885dff580
CLI: Avoiding CR when printing specific fields
2015-09-17 10:05:56 -04:00
Jeff Mitchell
91bcf83e5f
Merge pull request #606 from tsilen/renew-etcd-semaphore-key
...
Renew the semaphore key periodically
2015-09-17 10:00:06 -04:00
vishalnayak
6a4089b2a8
Vault userpass: Enable renewals for login tokens
2015-09-16 23:55:35 -04:00
Jeff Mitchell
b08f6e5540
Merge pull request #622 from Poohblah/log-level-help
...
improve documentation for available log levels
2015-09-16 15:15:36 -04:00
hendrenj
0532682816
improve documentation for available log levels
2015-09-16 11:01:33 -06:00
Jeff Mitchell
047ba90a44
Restrict orphan revocation to root tokens
2015-09-16 09:22:15 -04:00
Seth Vargo
5c363a1bd3
Merge pull request #621 from jklein/patch-1
...
Grammar fix
2015-09-15 20:54:24 +01:00
Jonathan Klein
dff6e468f9
Grammar fix
2015-09-15 15:53:27 -04:00
Jeff Mitchell
461609b754
Merge pull request #612 from hashicorp/f-cubby
...
Implement the cubbyhole backend
2015-09-15 14:04:07 -04:00
Jeff Mitchell
e7d5a18e94
Directly pass the cubbyhole backend to the token store and bypass logic in router
2015-09-15 13:50:37 -04:00
Jeff Mitchell
849b78daee
Move more cubby logic outside of router into auth setup
2015-09-15 13:50:37 -04:00