Joel Thompson
de419a6c99
Properly store iam_server_id_header_value ( #3014 )
...
In auth/aws/config/client, when only the iam_server_id_header_value was
being updated on an existing config, it wouldn't get stored because I
was trying to avoid unnecessarily flushing the cache of AWS clients, and
the flag to not flush the cache also meant that the updated entry didn't
get written back to the storage. This now adds a new flag for when
other changes occur that don't require flushing the cache but do require
getting written to the storage. It also adds a test for this explicitly.
Fixes #3004
2017-07-17 11:08:57 -04:00
Jeff Mitchell
2c020a0e07
changelog++
2017-07-17 11:00:02 -04:00
Joel Thompson
06dda97445
Look up proper AWS account ID on aws token renew ( #3012 )
...
Also properly handle renewing tokens when bound_iam_principal_arn has a
path component.
Fixes #2990
2017-07-17 10:59:18 -04:00
Jeff Mitchell
9a8d7a76b1
changelog++
2017-07-17 10:51:18 -04:00
Gobin Sougrakpam
048f2c3ca4
Adding validation for certificates to be proper x509 PEM encoded ( #3016 )
2017-07-17 10:49:50 -04:00
Seth Vargo
ce1808f77d
Update Policies and Auth concepts pages ( #3011 )
2017-07-14 11:15:22 -04:00
Jeff Mitchell
ccd782e763
changelog++
2017-07-14 11:05:51 -04:00
Jeff Mitchell
96dbc98815
Add metrics counters for audit log failures ( #3001 )
...
Fixes #2863
2017-07-14 11:03:56 -04:00
Jeff Mitchell
0c77305c6b
changelog++
2017-07-14 11:03:41 -04:00
Jeff Mitchell
98f64e5154
Opportunistically try re-opening file audit fd on error ( #2999 )
...
Addresses a pain point from
https://github.com/hashicorp/vault/issues/2863#issuecomment-309434605
2017-07-14 11:03:01 -04:00
Jeff Mitchell
cbf48d4e8c
changelog++
2017-07-13 19:07:54 -04:00
Jeff Mitchell
6adee19987
Add approle role name to metadata ( #2985 )
2017-07-13 19:07:15 -04:00
Jeff Mitchell
8903f68bf6
Reformat some wrapping docs
2017-07-13 19:02:15 -04:00
Jeff Mitchell
f3f4452334
Revert "Remove wrapping/wrap from default policy and add a note about guarantees ( #2957 )" ( #3008 )
...
This reverts commit b2d2459711d9cb7552daf1cc2330c07d31ef4f51.
2017-07-13 18:47:29 -04:00
Jeff Mitchell
2c6b7db279
Remove wrapping/wrap from default policy and add a note about guarantees ( #2957 )
2017-07-13 15:29:04 -07:00
Chris Hoffman
d481e65c5a
Cleaning up logical and auth unmount functions ( #2994 )
2017-07-13 10:57:14 -07:00
Chris Hoffman
11725705d1
changelog++
2017-07-13 08:34:44 -07:00
Chris Hoffman
a449424bde
only check special characters on CLI when not in key=value format ( #2998 )
2017-07-12 13:28:57 -07:00
Chris Hoffman
6651f3aa33
checking for nil backends before attempting to rollback on a backend ( #2997 )
2017-07-12 13:12:55 -07:00
Jeff Mitchell
3fe372c7da
changelog++
2017-07-12 15:05:34 -04:00
Jeff Mitchell
76d1402a44
Add token-only. ( #2971 )
2017-07-12 15:04:34 -04:00
Seth Vargo
b7ccf8c18b
Merge pull request #2995 from hashicorp/sethvargo/renewer_bug
...
Do not double-convert to seconds
2017-07-11 17:12:54 -07:00
Seth Vargo
c77986d03e
Do not double-convert to seconds
2017-07-11 16:06:50 -07:00
Seth Vargo
751501dced
Update CHANGELOG.md
2017-07-10 22:32:20 -07:00
Seth Vargo
0ac4cf7ac5
Merge pull request #2886 from hashicorp/sethvargo/renew_api
...
Add API helper for renewing a secret
2017-07-10 22:28:12 -07:00
Seth Vargo
cfad705ddc
Fix typo
2017-07-10 22:26:42 -07:00
Chris Hoffman
8fee1ec31d
updating for TestCluster changes
2017-07-10 20:47:03 -07:00
Seth Vargo
725e0e5b73
Fix doc
2017-07-07 17:15:43 -04:00
Seth Vargo
8da29a5a23
Use the core client
2017-07-07 17:14:49 -04:00
Seth Vargo
994cf1db5c
Fix failing test
2017-07-07 17:14:49 -04:00
Seth Vargo
462d30fd38
Buffer doneCh
2017-07-07 17:14:49 -04:00
Seth Vargo
d48c51185d
Add configurable buffer size
2017-07-07 17:14:48 -04:00
Seth Vargo
29255fd2eb
Do not block writing to doneCh if stopped
2017-07-07 17:14:48 -04:00
Seth Vargo
e22b3d9ec8
Make lock private
2017-07-07 17:14:48 -04:00
Seth Vargo
7f47f06014
Remove init() seed
2017-07-07 17:14:47 -04:00
Seth Vargo
81a24fda29
Fix vet errors
2017-07-07 17:14:47 -04:00
Seth Vargo
ae7d6da993
Allow a custom randomizer
2017-07-07 17:14:47 -04:00
Seth Vargo
5f658abc12
Use Fatalf
2017-07-07 17:14:47 -04:00
Seth Vargo
207e1d5dd3
Use a more heurstic function for calculating sleep backoff
2017-07-07 17:14:46 -04:00
Seth Vargo
f18b7fd6dc
Seed the random generator
2017-07-07 17:14:46 -04:00
Seth Vargo
10cdc62c62
Move renewer integration tests into separate package
2017-07-07 17:14:46 -04:00
Seth Vargo
a09c84ce75
Use a separate package for API integration tests
...
This removes the cyclic dependency
2017-07-07 17:14:45 -04:00
Seth Vargo
d711dfebd1
Send a more useful struct for renewal
2017-07-07 17:14:45 -04:00
Seth Vargo
951421e613
Reorg
2017-07-07 17:14:45 -04:00
Seth Vargo
1ea998e2f5
Use unbuffered channels
2017-07-07 17:14:45 -04:00
Seth Vargo
dcdbef1dfb
Use a time.Duration instead of an int for grace
2017-07-07 17:14:44 -04:00
Seth Vargo
62e1f5c498
Use RenewTokenAsSelf instead
2017-07-07 17:14:44 -04:00
Seth Vargo
77ee95cb82
Add secret renewer
2017-07-07 17:14:44 -04:00
Seth Vargo
4069eb21b6
Add test stubs for starting a vault server and pg database
2017-07-07 17:14:43 -04:00
Seth Vargo
506a304ecc
Add API helper for renewing a token as another token
2017-07-07 17:14:42 -04:00