Commit graph

7571 commits

Author SHA1 Message Date
Joel Thompson e4949d644b auth/aws: Allow lists in binds (#3907)
* auth/aws: Allow lists in binds

In the aws auth method, allow a number of binds to take in lists
instead of a single string value. The intended semantic is that, for
each bind type set, clients must match at least one of each of the bind
types set in order to authenticate.
2018-03-02 11:09:14 -05:00
Jeff Mitchell e073e7fc68 Don't output warning about not storing the token if the user uses
-token-only during `vault login`.
2018-03-01 21:02:54 -05:00
Vishal Nayak 2646ed5e2a
update sys/capabilities docs (#4059) 2018-03-01 11:42:39 -05:00
vishalnayak 62b8e89b22 changelog++ 2018-03-01 11:17:30 -05:00
Jeff Mitchell 5034ae2dcb Add the ability to use multiple paths for capability checking (#3663)
* Add the ability to use multiple paths for capability checking. WIP
(tests, docs).

Fixes #3336

* Added tests

* added 'paths' field

* Update docs

* return error if paths is not supplied
2018-03-01 11:14:56 -05:00
Jeff Mitchell ff99c8420e changelog++ 2018-03-01 11:09:30 -05:00
Jeff Mitchell ba459d238e
Fix confusing error messages around help for 'vault auth' (#4058)
Fixes #4056
2018-03-01 10:55:24 -05:00
Paddy 2b2bc2a911 Create a new command/config subpackage. (#4055)
* Create a new command/config subpackage.

This PR extracts the functions associated with loading and parsing
configs, and the DefaultTokenHelper, into a command/config subpackage,
just like TokenHelpers are in the command/token subpackage. The goal is
to allow other clients (in this case, the Vault and Nomad Terraform
providers, but in theory any client that wants to lean on Vault's
default behaviour) to reuse this logic and not drift from Vault, without
vendoring the entirety of Vault.

To retain backwards compatibility, I didn't remove any functions from
the command package; I just copied them into the command/config package,
and update the functions in the command package to call through to the
config package.
2018-02-28 20:09:21 -05:00
Andy Manoske 942aa9bbdc
Update index.html.md
Updated for Unbound
2018-02-28 16:20:54 -08:00
Jeff Mitchell 3d7b2d98fa changelog++ 2018-02-28 10:08:28 -05:00
Bharath B 699f9246e6 Config parameter "tls_disable_client_certs" is wrongly evaluated. (#4049) 2018-02-28 10:07:23 -05:00
Jeff Mitchell 121d5718ea Remove structs/mapstructure tags from auth/aws 2018-02-27 15:27:49 -05:00
Jeff Mitchell c695023bab Remove structs package from auth/aws 2018-02-27 13:22:47 -05:00
Jeff Mitchell 6cd6a7b773 Go 1.9.4 breaks Solaris builds 2018-02-26 18:55:02 -05:00
Jeff Mitchell 81fcd1f028 Fix the version of Go in the Dockerfile 2018-02-26 18:34:14 -05:00
Jeff Mitchell c62927bc4a changelog++ 2018-02-26 17:20:23 -05:00
Jeff Mitchell 20157fd56a Fix broken link on Consul docs 2018-02-26 13:28:15 -05:00
Jeff Mitchell 7873088126
Cut version 0.9.5 2018-02-26 12:41:14 -05:00
Jeff Mitchell 259e425beb It's not a 1.10 thing apparently.
Revert "Revert "Remove netbsd/arm as it won't compile""

This reverts commit 8b43db120c5b3f15723e7ea61edcf0d4c2c7fc9f.
2018-02-26 12:40:49 -05:00
Jeff Mitchell fb41cf74d7 Revert "Remove netbsd/arm as it won't compile"
This reverts commit 3d4bd6f3cb083e8ee5dac980db58474382a99834.
2018-02-26 12:27:25 -05:00
Jeff Mitchell ba40b1bd07 Sync plugins 2018-02-26 12:24:04 -05:00
Jeff Mitchell abeb0fd45c Bump versions in preparation for release 2018-02-26 12:20:19 -05:00
Jeff Mitchell 9b086e45a8 changelog++ 2018-02-26 12:17:43 -05:00
Jeff Mitchell e42033a566 Minor fixes from vet 2018-02-26 02:23:24 -05:00
Jeff Mitchell 7b1a793d6f Migrate Dockerfile back down to 1.9 2018-02-25 20:29:01 -05:00
vishalnayak 4b0f27923f ssh: clarify optional behavior of cidr_list 2018-02-24 06:55:55 -05:00
vishalnayak e3aceecb78 changelog++ 2018-02-23 21:30:51 -05:00
Jason 865cb8786b Update CHANGELOG.md (#4035) 2018-02-23 21:28:56 -05:00
Jeff Mitchell f1bd0cbe74
Use atomic values in seal to avoid some data races (#4040) 2018-02-23 17:18:48 -05:00
Brian Kassouf c82d39c77e helper/gpgkeys: fix for vault 1.10 (#4038) 2018-02-23 14:47:25 -05:00
Jeff Mitchell d4a431b298
Move local cluster parameters to atomic values to fix some potential data races (#4036) 2018-02-23 14:47:07 -05:00
Brian Kassouf cb08fb92d2 Port some replicated cluster changes from ent (#4037) 2018-02-23 14:01:15 -05:00
Jeff Mitchell 1a814803d7 Add core object to policy store for some ent uses 2018-02-23 14:00:46 -05:00
Jeff Mitchell 8b09949a81 changelog++ 2018-02-23 11:16:26 -05:00
chris trott 78df6a630e Configurable Consul Service Address (#3971)
* Consul service address is blank

Setting an explicit service address eliminates the ability for Consul
to dynamically decide what it should be based on its translate_wan_addrs
setting.

translate_wan_addrs configures Consul to return its lan address to nodes
in its same datacenter but return its wan address to nodes in foreign
datacenters.

* service_address parameter for Consul storage backend

This parameter allows users to override the use of what Vault knows to
be its HA redirect address.

This option is particularly commpelling because if set to a blank
string, Consul will leverage the node configuration where the service is
registered which includes the `translate_wan_addrs` option. This option
conditionally associates nodes' lan or wan address based on where
requests originate.

* Add TestConsul_ServiceAddress

Ensures that the service_address configuration parameter is setting the
serviceAddress field of ConsulBackend instances properly.

If the "service_address" parameter is not set, the ConsulBackend
serviceAddress field must instantiate as nil to indicate that it can be
ignored.
2018-02-23 11:15:29 -05:00
Jeff Mitchell b1cf13f14c Fix certutil test 2018-02-23 01:35:07 -05:00
Yoko 099d89ff9d
Fixed a broken link (#4032) 2018-02-22 19:43:27 -08:00
Jeff Mitchell d19b10e680 Update comment to replication consts 2018-02-22 21:38:52 -05:00
Jeff Mitchell 7f479c4547 Add a helpful comment to replication consts 2018-02-22 21:37:54 -05:00
Jeff Mitchell 1ceaadabfb changelog++ 2018-02-22 20:56:10 -05:00
Joel Thompson b0592d2161 auth/aws: Add functional test for detached RSA signature (#4031)
Previously the functional test was only testing the PCKS7-signed identity
document, not the detached RSA signature, so adding a test for that in the
functional test suite.
2018-02-22 20:55:45 -05:00
Jeff Mitchell 8ee8f4265d Change Go min version check 2018-02-22 20:53:25 -05:00
Jeff Mitchell abeb5b05aa changelog++ 2018-02-22 20:35:59 -05:00
Jeff Mitchell 8fe43cd98e Revert Go dep to 1.9
Ping GH-4028
2018-02-22 20:21:07 -05:00
Jeff Mitchell cf7c86e0f8 *Partially* revert "Remove now-unneeded PKCS8 code and update certutil tests for Go 1.10"
This partially reverts commit 83f6b21d3ef930df0352a4ae7b1e971790e3eb22.
2018-02-22 20:15:56 -05:00
Jeff Mitchell 9584a085b6 Revert "Remove unneeded looping since Go 1.10 cover it already (#4010)"
This reverts commit 8aeba427d239613bf78b7d1ce96900da74d2bd5d.
2018-02-22 20:13:36 -05:00
Jeff Mitchell 177ecc946b Bump pkcs7 library version to fix #4024 2018-02-22 20:11:49 -05:00
Jeff Mitchell 15c3bffcc9 Revert "Switch to a forked copy of pkcs7 to fix aws pkcs7 verification error (#4024)"
This reverts commit f75c7dd15784831aef0bd9fda8a230b0a08556f3.
2018-02-22 20:09:19 -05:00
Jeff Mitchell 9f984333ec changelog++ 2018-02-22 20:08:28 -05:00
Yoko 5389550cdc
Changed the layout category menu (#4007)
* Changed the layout category menu

* Fixed typos

* Fixed a typo, and removed the duplicated generate-root guide

* Fixed the redirect.txt
2018-02-22 16:24:01 -08:00