Commit graph

4606 commits

Author SHA1 Message Date
Jeff Mitchell 434ed2faf2 Merge pull request #1573 from mickhansen/logical-postgresql-revoke-sequences
handle revocations for roles that have privileges on sequences
2016-07-18 13:30:42 -04:00
Jeff Mitchell a3ce0dcb0c Turn off DynamoDB HA by default.
The semantics are wonky and have caused issues from people not reading
docs. It can be enabled but by default is off.
2016-07-18 13:19:58 -04:00
Jeff Mitchell 4c5ae34ebf Merge pull request #1613 from skippy/update-aws-ec2-docs
[Docs] aws-ec2 -- note IAM action requirement
2016-07-18 10:40:38 -04:00
Jeff Mitchell 73923db995 Merge pull request #1589 from skippy/patch-2
[Docs] aws-ec2 -- clarify aws public cert is already preloaded
2016-07-18 10:02:35 -04:00
Vishal Nayak 7a15830b8b Merge pull request #1596 from hashicorp/json-use-number
Recognize integer values in JSON input as `json.Number` as opposed to float64
2016-07-15 17:22:27 -06:00
vishalnayak c14235b206 Merge branch 'master-oss' into json-use-number
Conflicts:
	http/handler.go
	logical/framework/field_data.go
	logical/framework/wal.go
	vault/logical_passthrough.go
2016-07-15 19:21:55 -04:00
Adam Greene 8f6b97f4e4 [Docs] aws-ec2 -- note IAM action requirement 2016-07-13 15:52:47 -07:00
Adam Greene d6f5c5f491 english tweaks 2016-07-13 15:11:01 -07:00
vishalnayak f1e2e2fe1b changelog++ 2016-07-13 17:17:04 -04:00
Vishal Nayak c55fa03760 Merge pull request #1599 from hashicorp/use-go-uuid
Use go-uuid's GenerateUUID in PutWAL and discard logical.UUID()
2016-07-13 11:36:28 -06:00
Vishal Nayak cdf58da43b Merge pull request #1610 from hashicorp/min-tls-ver-12
Set minimum TLS version in all tls.Config objects
2016-07-13 10:53:14 -06:00
vishalnayak 09a4142fd3 Handled upgrade path for TLSMinVersion 2016-07-13 12:42:51 -04:00
Vishal Nayak 9f1e6c7b26 Merge pull request #1607 from hashicorp/standardize-time
Remove redundant invocations of UTC() call on `time.Time` objects
2016-07-13 10:19:23 -06:00
vishalnayak de19314f18 Address review feedback 2016-07-13 11:52:26 -04:00
vishalnayak f78f303787 git add tlsutil 2016-07-13 11:29:17 -04:00
vishalnayak 407722a9b4 Added tls_min_version to consul storage backend 2016-07-12 20:10:54 -04:00
Nathan J. Mehl 314a5ecec0 allow overriding the default truncation length for mysql usernames
see https://github.com/hashicorp/vault/issues/1605
2016-07-12 17:05:43 -07:00
vishalnayak f34f0ef503 Make 'tls_min_version' configurable 2016-07-12 19:32:47 -04:00
vishalnayak 46d34130ac Set minimum TLS version in all tls.Config objects 2016-07-12 17:06:28 -04:00
vishalnayak 8269f323d3 Revert 'risky' changes 2016-07-12 16:38:07 -04:00
Jeff Mitchell 04cfa4f88d Whoops, fix vendoring 2016-07-11 23:13:26 +00:00
Jeff Mitchell a6682405a3 Migrate number of retries down by one to have it be max retries, not tries 2016-07-11 21:57:14 +00:00
Jeff Mitchell 57cdb58374 Switch to pester from go-retryablehttp to avoid swallowing 500 error messages 2016-07-11 21:37:46 +00:00
Jeff Mitchell 5f1c101ad3 Merge pull request #1608 from hashicorp/tune-duration-second
Factor out parsing duration second type and use it for parsing tune v…
2016-07-11 14:26:36 -06:00
Jeff Mitchell 5b210b2a1f Return a duration instead and port a few other places to use it 2016-07-11 18:19:35 +00:00
Jeff Mitchell ab6c2bc5e8 Factor out parsing duration second type and use it for parsing tune values too 2016-07-11 17:53:39 +00:00
Mick Hansen 9ee4542a7c incorporate code style guidelines 2016-07-11 13:35:35 +02:00
Mick Hansen c25788e1d4 handle revocations for roles that have privileges on sequences 2016-07-11 13:16:45 +02:00
Nathan J. Mehl 2cf4490b37 use role name rather than token displayname in generated mysql usernames
If a single token generates multiple myself roles, the generated mysql
username was previously prepended with the displayname of the vault
user; this makes the output of `show processlist` in mysql potentially
difficult to correlate with the roles actually in use without cross-
checking against the vault audit log.

See https://github.com/hashicorp/vault/pull/1603 for further discussion.
2016-07-10 15:57:47 -07:00
Matt Hurne 8232de5095 Merge branch 'master' into mongodb-secret-backend 2016-07-09 21:14:21 -04:00
Matt Hurne 6505e85dae mongodb secret backend: Improve safety of MongoDB roles storage 2016-07-09 21:12:42 -04:00
vishalnayak fcb0b580ab Fix broken build 2016-07-08 23:16:58 -04:00
vishalnayak 55a667b8cd Fix broken build 2016-07-08 20:30:27 -04:00
vishalnayak dc690d6233 Place error check before the response check in expiration test 2016-07-08 19:01:36 -04:00
vishalnayak e09b40e155 Remove Unix() invocations on 'time.Time' objects and removed conversion of time to UTC 2016-07-08 18:30:18 -04:00
Jeff Mitchell 7a224ec0bd changelog++ 2016-07-08 10:42:13 -04:00
Jeff Mitchell 4aa557ffa6 Add documentation of retry env vars 2016-07-08 10:41:11 -04:00
Jeff Mitchell 1c0a96a815 Merge pull request #1594 from hashicorp/api-retryable
Make the API client retry on 5xx errors.
2016-07-08 10:34:56 -04:00
Jeff Mitchell c7d72fea90 Do some extra checking in the modified renewal check 2016-07-08 10:34:49 -04:00
Matt Hurne 253d4e86fc Merge branch 'master' into mongodb-secret-backend 2016-07-08 08:32:03 -04:00
Jeff Mitchell 96a6bc388e Merge pull request #1601 from hashicorp/clarify-policy
Some policy concept page clarifications
2016-07-08 01:06:16 -04:00
Jeff Mitchell cf42b28487 Some policy concept page clarifications 2016-07-08 05:05:46 +00:00
Matt Hurne bb8a45eb8b Format code in mongodb secret backend 2016-07-07 23:16:11 -04:00
Matt Hurne 8d5a7992c1 mongodb secret backend: Improve and correct errors in documentation; improve "parameter is required" error response messages 2016-07-07 23:09:45 -04:00
Matt Hurne 1d5133b8c0 Add note about MongoDB secret backend to changelog 2016-07-07 22:53:57 -04:00
Matt Hurne a5f5b26e4b Update mongodb secret backend documentation to indicate that ttl and max_ttl lease config parameters are optional rather than required 2016-07-07 22:34:00 -04:00
Matt Hurne b1dd5bf449 mongodb secret backend documentation: Use single quotes around roles JSON to avoid needing to escape double quotes within the JSON 2016-07-07 22:31:35 -04:00
Matt Hurne eee6f04e40 mongodb secret backend: Refactor to eliminate unnecessary variable 2016-07-07 22:29:17 -04:00
Matt Hurne ce845df43c mongodb secret backend: Consider a "user not found" response a success when removing a user from Mongo 2016-07-07 22:27:47 -04:00
Matt Hurne 138d74f745 mongodb secret backend: Improve roles path help 2016-07-07 22:16:34 -04:00