luxolus/open-vault
2
0
Fork 0
Code Issues 1 Pull requests Releases Activity
6218 commits 1 branch 0 tags 214 MiB
Commit graph

6218 commits

This branch
This branch
All branches
Author SHA1 Message Date
Katie Bayes cff022a65c update middleman version from 24 to 26 (#2824) 2017-06-06 22:33:26 -04:00
Jeff Mitchell 62526dcec3 changelog++ 2017-06-06 16:04:49 -04:00
Jeff Mitchell a7fca34076 Add ability to specify encryption key version in transit (#2821) 2017-06-06 16:02:54 -04:00
Jeff Mitchell 545cf1de8f changelog++ 2017-06-06 09:50:38 -04:00
Brian Kassouf 606fe393be Use the role name in the db username (#2812) 2017-06-06 09:49:49 -04:00
Jeff Mitchell 778e716677 changelog++ 2017-06-05 18:05:22 -04:00
Brian Rodgers e9b52ed928 Log auth info on permission denied due to ACL (#2754) 2017-06-05 18:04:31 -04:00
Jeff Mitchell 1f3ceba11b changelog++ 2017-06-05 16:44:35 -04:00
Jeff Mitchell abdd39ecb9 changelog++ 2017-06-05 16:37:34 -04:00
Jeff Mitchell fcc9f35c77 Add a no-store option to vault auth (#2809) 
Fixes #2746
 2017-06-05 16:36:28 -04:00
Jeff Mitchell 605d74d889 Don't try to clean up upgrades if we're sealed 2017-06-05 16:00:56 -04:00
Jeff Mitchell fb9029e3dd Log heartbeat stopping 2017-06-05 15:57:04 -04:00
Jeff Mitchell d9b11daec5 changelog++ 2017-06-05 15:03:34 -04:00
Jeff Mitchell 3eebd5cf5a ed25519 support in transit (#2778) 2017-06-05 15:00:39 -04:00
Jeff Mitchell d51b060f17 changelog++ 2017-06-05 12:40:59 -04:00
Scott Sinclair 0c7d240968 Change split on instance profile name (#2802) 
This now splits on the /, so we only get the last component of the instance profile name (ignoring paths)
 2017-06-05 12:39:37 -04:00
Matthew Irish 2bb2623bd0 changelog++ 2017-06-05 11:35:03 -05:00
sam boyer 789d7ab4e0 Minor typos & wordsmithing for clarity (#2807) 2017-06-05 09:32:09 -07:00
Jeff Mitchell 7e02082f5f Use the oauth2 context ability to specify a clean http client. (#2808) 
Hopefully fixes #2793
 2017-06-05 12:27:01 -04:00
Jeff Mitchell b90c84a2c6 Add unsalted test to app-id 2017-06-05 11:37:16 -04:00
Jeff Mitchell 0a8991813b changelog++ 2017-06-05 11:01:48 -04:00
Kiss György 0be37ca78b Add Health() method to Sys client (#2805) 2017-06-05 11:00:45 -04:00
Jeff Mitchell 3496e1c03c changelog++ 2017-06-05 10:55:42 -04:00
Jeff Mitchell 3e7205c4c1 Add another nil guard to S3, follow on from #2785 2017-06-05 10:54:26 -04:00
Vishal Nayak c31b076360 Avoid panic in s3 list operation (#2785) 2017-06-05 10:53:20 -04:00
Jeff Mitchell f7df60b131 Allow accessing Warnings directly in Response. (#2806) 
A change in copystructure has caused some panics due to the custom copy
function. I'm more nervous about production panics than I am about
keeping some bad code wiping out some existing warnings, so remove the
custom copy function and just allow direct setting of Warnings.
 2017-06-05 10:52:43 -04:00
Jeff Mitchell 9095e202d7 Update vendoring 2017-06-05 10:51:53 -04:00
Mevan Samaratunga 731a7f187f fixed bug where the project name was not being read from configuration if it was provided via the "tenant" attribute. this was causing the swift client to crash with an EOF error. (#2803) 2017-06-05 10:48:39 -04:00
Jeff Mitchell 898d3f12fe changelog++ 2017-06-05 10:06:12 -04:00
Jeff Mitchell 8f2ba268a0 Fix instantiation of salt funcs in app-id structs 2017-06-05 10:04:54 -04:00
Jeff Mitchell 357200763e changelog++ 2017-06-03 08:17:02 -04:00
Eugene Bekker b55d972d24 Fixes #2789 (#2790) 2017-06-03 08:15:37 -04:00
Jeff Mitchell dad291c93c Add plugin_directory to configuration page (#2801) 
Fixes #2795
 2017-06-03 08:11:03 -04:00
Dan Stark 9f6b77598e Fixes typos in error message and comment for AWS auth CLI (#2798) 2017-06-02 17:35:25 -07:00
Brian Kassouf 74931c750f changelog++ 2017-06-01 15:24:27 -07:00
Igor Katson 88118dce0f Add max_parallel parameter to MySQL backend. (#2760) 
* Add max_parallel parameter to MySQL backend.

This limits the number of concurrent connections, so that vault does not die
suddenly from "Too many connections".

This can happen when e.g. vault starts up, and tries to load all the
existing leases in parallel. At the time of writing this, the value
ExpirationRestoreWorkerCount in vault/helper/consts/const.go is set to
64, meaning that if there are enough leases in the vault's DB, it will
generate AT LEAST 64 concurrent connections to MySQL when loading the
data during start-up. On certain configurations, e.g. smaller AWS
RDS/Aurora instances, this will cause Vault to fail startup.

* Fix a typo in mysql storage readme
 2017-06-01 15:20:32 -07:00
vishalnayak 7550b79ce8 Fix policy tests 2017-06-01 17:22:34 -04:00
Andrew Paulin 776019963b Support custom renewal statements in Postgres (#2788) 
* Support custom renewal statements in Postgres

* Refactored out default/custom renew methods
 2017-06-01 13:18:16 -07:00
Chris Hoffman 2ba85b49c7 Adding auth/aws-ec2 redirect to new docs location 2017-06-01 11:18:19 -04:00
Jeff Mitchell 9319307398 Add govendor to bootstrap 2017-06-01 10:18:48 -04:00
Matthew Irish 5fb495c8bf changelog ++ 2017-05-31 13:41:34 -05:00
Vishal Nayak 128907172f doc: leases are generated only for dynamic secrets (#2772) 
* doc: leases are generated only for dynamic secrets

* Address review feedback
 2017-05-31 09:47:17 -04:00
Jeff Mitchell 1a8b760790 Bump Go version in cross Dockerfile 2017-05-30 14:33:56 -04:00
Jeff Mitchell 88c0367fa6 Add grpc keepalives as a fallback option for our heartbeating 2017-05-26 13:32:13 -04:00
Vishal Nayak 3696c9b779 Input checks for policy rules (#2771) 
* Input checks for policy rules

* Address review feedback
 2017-05-26 10:48:41 -04:00
vishalnayak cac8d34d41 changelog++ 2017-05-26 08:40:22 -04:00
Andrew e33e489eee Improve EC2 describe instances performance (#2766) 
Query the EC2 API for the instance ID rather than filter the results of
all instances.
 2017-05-26 08:38:01 -04:00
Jeff Mitchell 435f1def27 Have step-down request forward. 
Unlike seal, this command has no meaning other than on the active node,
so when issuing it the expected behavior would be for whichever node is
currently active to step down.
 2017-05-25 11:57:59 -04:00
vishalnayak 5957d9889d changelog++ 2017-05-25 11:00:20 -04:00
Vishal Nayak 3c968260a8 Cert verification for non-CA certs (#2761) 
* Cert verification for non-CA certs

* Added test case to ensure login fails with expired non-CA cert

* Address review feedback
 2017-05-25 10:49:09 -04:00