Commit graph

2156 commits

Author SHA1 Message Date
Jeff Mitchell dab0049d0e Changelogify 2015-12-07 13:22:24 -05:00
Jeff Mitchell eee8386ea9 Add info about cert backend not checking CRL revocation. 2015-12-05 15:12:43 -05:00
Jeff Mitchell bf0909a892 Tab -> space doc fix 2015-12-05 15:04:54 -05:00
Jeff Mitchell 04b04bf2bd Merge pull request #816 from hashicorp/issue-816
Remove datacenter from Consul configuration
2015-12-03 15:22:05 -05:00
Jeff Mitchell 3bdbd66f7d Remove datacenter from Consul configuration, as it cannot actually do
anything

Fixes #816
2015-12-03 15:16:37 -05:00
Jeff Mitchell 83fc154c98 Sync dist script from pki-csrs 2015-12-01 13:12:58 -05:00
Jeff Mitchell 564969acfd Merge pull request #809 from hashicorp/add-monitor-retries
Add new Consul API client MonitorRetries option
2015-12-01 00:08:53 -05:00
Jeff Mitchell 69b522f3ea Add new Consul API client MonitorRetries option 2015-12-01 00:08:14 -05:00
Jeff Mitchell 64cd58463b Fix AWS tests 2015-12-01 00:05:04 -05:00
Jeff Mitchell 2c012c2830 Update godeps, most notably to get Consul client updates 2015-11-30 23:58:03 -05:00
Jeff Mitchell fcd749af75 Merge pull request #786 from hashicorp/issue-784
Reintroduce the ability to look up obfuscated values in the audit log
2015-11-20 12:39:54 -05:00
Jeff Mitchell 1c7157e632 Reintroduce the ability to look up obfuscated values in the audit log
with a new endpoint '/sys/audit-hash', which returns the given input
string hashed with the given audit backend's hash function and salt
(currently, always HMAC-SHA256 and a backend-specific salt).

In the process of adding the HTTP handler, this also removes the custom
HTTP handlers for the other audit endpoints, which were simply
forwarding to the logical system backend. This means that the various
audit functions will now redirect correctly from a standby to master.
(Tests all pass.)

Fixes #784
2015-11-18 20:26:03 -05:00
Jeff Mitchell 45e7e61d71 Update audit documentation around what hash is used 2015-11-18 10:42:42 -05:00
Jeff Mitchell 7ab0c2e917 Update deps 2015-11-18 10:36:57 -05:00
Jeff Mitchell 29135b65ca Changelogify 2015-11-18 10:34:50 -05:00
Jeff Mitchell 4a1a02a123 Merge pull request #780 from vicki-c/master
Port to new etcd client with TLS support
2015-11-18 10:33:09 -05:00
Vicki Cheung eb464ed79d rejecting etcd addresses without url scheme 2015-11-17 15:18:50 -08:00
Vicki Cheung 4a3bcc2adc adding check in etcd backend to validate machine urls 2015-11-16 14:35:04 -08:00
Vicki Cheung dc4374ab79 adding etcd client dependencies 2015-11-16 13:30:27 -08:00
Vicki Cheung dfe284af43 adding PermitPool to etcd backend 2015-11-15 22:38:21 -08:00
Vicki Cheung a21c8fab26 porting to new etcd client 2015-11-15 22:12:06 -08:00
Jeff Mitchell 0b3c7b177a Merge pull request #775 from hashicorp/issue-771
Rearchitect MountTable locking and fix rollback.
2015-11-15 17:33:30 -05:00
Jeff Mitchell bece637eb7 Address feedback from review 2015-11-15 17:32:57 -05:00
Jeff Mitchell bc4c18a1cf Rearchitect MountTable locking and fix rollback.
The rollback manager was using a saved MountTable rather than the
current table, causing it to attempt to rollback unmounted mounts, and
never rollback new mounts.

In fixing this, it became clear that bad things could happen to the
mount table...the table itself could be locked, but the table pointer
(which is what the rollback manager needs) could be modified at any time
without locking. This commit therefore also returns locking to a mutex
outside the table instead of inside, and plumbs RLock/RUnlock through to
the various places that are reading the table but not holding a write
lock.

Both unit tests and race detection pass.

Fixes #771
2015-11-11 11:54:52 -05:00
Jeff Mitchell fa646a1eb1 Bump version to 0.4-dev instead of 0.3.1-dev 2015-11-10 10:28:40 -05:00
Jeff Mitchell 847707f4af Merge pull request #772 from hashicorp/origin/new_header
New Header Redesign
2015-11-10 10:16:49 -05:00
captainill 28ae7b2466 edit this page 2015-11-09 21:10:49 -08:00
captainill d931c62d94 sidebar 2015-11-09 21:08:05 -08:00
captainill 2af4092734 redesign header bulk 2015-11-09 20:58:06 -08:00
Jeff Mitchell 201adad4ae Merge pull request #762 from hashicorp/issue-732
Create a "default" policy with sensible rules.
2015-11-09 17:44:09 -05:00
Jeff Mitchell 1a45696208 Add no-default-policy flag and API parameter to allow exclusion of the
default policy from a token create command.
2015-11-09 17:30:50 -05:00
Jeff Mitchell d6693129de Create a "default" policy with sensible rules.
It is forced to be included with each token, but can be changed (but not
deleted).

Fixes #732
2015-11-09 15:44:09 -05:00
Jeff Mitchell 1a621b7000 Minor test fix 2015-11-09 15:37:30 -05:00
Jeff Mitchell c9e3699751 Merge pull request #769 from hashicorp/issue-769
Don't require root tokens for mount and policy endpoints.
2015-11-09 15:29:56 -05:00
Jeff Mitchell 8673f36b34 Don't require root tokens for mount and policy endpoints. 2015-11-09 15:29:21 -05:00
Jeff Mitchell 5d5d58ffe4 Fix unmount help output 2015-11-09 15:23:49 -05:00
Jeff Mitchell 9d9bf9f2f8 Merge pull request #768 from hashicorp/issue-765
Print version on startup.
2015-11-09 13:53:33 -05:00
Jeff Mitchell 75f1c1e40c Print version on startup.
Fixes #765
2015-11-09 13:52:55 -05:00
Jeff Mitchell 3717b31b63 Merge pull request #766 from hashicorp/issue-766
Display whether a token is an orphan on lookup.
2015-11-09 13:20:42 -05:00
Jeff Mitchell 5783f547ab Display whether a token is an orphan on lookup. 2015-11-09 13:19:59 -05:00
Jeff Mitchell 10913e2e6b Update cert documentation to note requiring sudo access. 2015-11-06 16:09:42 -05:00
Jeff Mitchell f098e1dd07 Tag with dev for builds 2015-11-06 13:39:30 -05:00
Jeff Mitchell 7aa3faa626 Rename core's 'policy' to 'policyStore' for clarification 2015-11-06 12:07:42 -05:00
Jeff Mitchell b987c47c9e Merge pull request #759 from hashicorp/remove-root-warning
Remove warning about nonexistent root policy by using GetPolicy instead
2015-11-06 11:37:39 -05:00
Jeff Mitchell 7d8371c4a3 Remove warning about nonexistent root policy by using GetPolicy instead
of the listing function.
2015-11-06 11:36:40 -05:00
Jeff Mitchell ffa879d6e2 Update S3 docs 2015-11-06 09:26:09 -05:00
Jeff Mitchell b1a445dfbf Changelogify 2015-11-06 09:22:30 -05:00
Jeff Mitchell 601f85a934 Merge pull request #758 from ys/s3-bucket-config-var
Allow s3 bucket to come from config vars
2015-11-06 09:21:35 -05:00
Yannick 8a594a7f61 Allow s3 bucket to come from config vars 2015-11-06 14:05:29 +01:00
Greg Brockman 141a71974a Correct typo in comment 2015-11-06 00:41:14 -08:00