Commit graph

4143 commits

Author SHA1 Message Date
vishalnayak de19314f18 Address review feedback 2016-07-13 11:52:26 -04:00
vishalnayak f78f303787 git add tlsutil 2016-07-13 11:29:17 -04:00
vishalnayak 407722a9b4 Added tls_min_version to consul storage backend 2016-07-12 20:10:54 -04:00
Nathan J. Mehl 314a5ecec0 allow overriding the default truncation length for mysql usernames
see https://github.com/hashicorp/vault/issues/1605
2016-07-12 17:05:43 -07:00
vishalnayak f34f0ef503 Make 'tls_min_version' configurable 2016-07-12 19:32:47 -04:00
vishalnayak 46d34130ac Set minimum TLS version in all tls.Config objects 2016-07-12 17:06:28 -04:00
vishalnayak 8269f323d3 Revert 'risky' changes 2016-07-12 16:38:07 -04:00
Jeff Mitchell 04cfa4f88d Whoops, fix vendoring 2016-07-11 23:13:26 +00:00
Jeff Mitchell a6682405a3 Migrate number of retries down by one to have it be max retries, not tries 2016-07-11 21:57:14 +00:00
Jeff Mitchell 57cdb58374 Switch to pester from go-retryablehttp to avoid swallowing 500 error messages 2016-07-11 21:37:46 +00:00
Jeff Mitchell 5f1c101ad3 Merge pull request #1608 from hashicorp/tune-duration-second
Factor out parsing duration second type and use it for parsing tune v…
2016-07-11 14:26:36 -06:00
Jeff Mitchell 5b210b2a1f Return a duration instead and port a few other places to use it 2016-07-11 18:19:35 +00:00
Jeff Mitchell ab6c2bc5e8 Factor out parsing duration second type and use it for parsing tune values too 2016-07-11 17:53:39 +00:00
Mick Hansen 9ee4542a7c incorporate code style guidelines 2016-07-11 13:35:35 +02:00
Mick Hansen c25788e1d4 handle revocations for roles that have privileges on sequences 2016-07-11 13:16:45 +02:00
Nathan J. Mehl 2cf4490b37 use role name rather than token displayname in generated mysql usernames
If a single token generates multiple myself roles, the generated mysql
username was previously prepended with the displayname of the vault
user; this makes the output of `show processlist` in mysql potentially
difficult to correlate with the roles actually in use without cross-
checking against the vault audit log.

See https://github.com/hashicorp/vault/pull/1603 for further discussion.
2016-07-10 15:57:47 -07:00
Matt Hurne 8232de5095 Merge branch 'master' into mongodb-secret-backend 2016-07-09 21:14:21 -04:00
Matt Hurne 6505e85dae mongodb secret backend: Improve safety of MongoDB roles storage 2016-07-09 21:12:42 -04:00
vishalnayak fcb0b580ab Fix broken build 2016-07-08 23:16:58 -04:00
vishalnayak 55a667b8cd Fix broken build 2016-07-08 20:30:27 -04:00
vishalnayak dc690d6233 Place error check before the response check in expiration test 2016-07-08 19:01:36 -04:00
vishalnayak e09b40e155 Remove Unix() invocations on 'time.Time' objects and removed conversion of time to UTC 2016-07-08 18:30:18 -04:00
Jeff Mitchell 7a224ec0bd changelog++ 2016-07-08 10:42:13 -04:00
Jeff Mitchell 4aa557ffa6 Add documentation of retry env vars 2016-07-08 10:41:11 -04:00
Jeff Mitchell 1c0a96a815 Merge pull request #1594 from hashicorp/api-retryable
Make the API client retry on 5xx errors.
2016-07-08 10:34:56 -04:00
Jeff Mitchell c7d72fea90 Do some extra checking in the modified renewal check 2016-07-08 10:34:49 -04:00
Matt Hurne 253d4e86fc Merge branch 'master' into mongodb-secret-backend 2016-07-08 08:32:03 -04:00
Jeff Mitchell 96a6bc388e Merge pull request #1601 from hashicorp/clarify-policy
Some policy concept page clarifications
2016-07-08 01:06:16 -04:00
Jeff Mitchell cf42b28487 Some policy concept page clarifications 2016-07-08 05:05:46 +00:00
Matt Hurne bb8a45eb8b Format code in mongodb secret backend 2016-07-07 23:16:11 -04:00
Matt Hurne 8d5a7992c1 mongodb secret backend: Improve and correct errors in documentation; improve "parameter is required" error response messages 2016-07-07 23:09:45 -04:00
Matt Hurne 1d5133b8c0 Add note about MongoDB secret backend to changelog 2016-07-07 22:53:57 -04:00
Matt Hurne a5f5b26e4b Update mongodb secret backend documentation to indicate that ttl and max_ttl lease config parameters are optional rather than required 2016-07-07 22:34:00 -04:00
Matt Hurne b1dd5bf449 mongodb secret backend documentation: Use single quotes around roles JSON to avoid needing to escape double quotes within the JSON 2016-07-07 22:31:35 -04:00
Matt Hurne eee6f04e40 mongodb secret backend: Refactor to eliminate unnecessary variable 2016-07-07 22:29:17 -04:00
Matt Hurne ce845df43c mongodb secret backend: Consider a "user not found" response a success when removing a user from Mongo 2016-07-07 22:27:47 -04:00
Matt Hurne 138d74f745 mongodb secret backend: Improve roles path help 2016-07-07 22:16:34 -04:00
Matt Hurne 7f9d91acb6 mongodb secret backend: Remove default value for Mongo authentication DB for roles; validate that role name and authentication db were specified when creating a role 2016-07-07 22:09:00 -04:00
Matt Hurne de84cdabe6 mongodb secret backend: Leverage framework.TypeDurationSecond to simplify storage of lease ttl and max_ttl 2016-07-07 21:48:44 -04:00
Matt Hurne 6d7c9f5424 mongodb secret backend: Verify existing Session is still working before reusing it 2016-07-07 21:37:44 -04:00
Matt Hurne da0bd77dc4 Merge branch 'master' into mongodb-secret-backend 2016-07-07 21:24:40 -04:00
vishalnayak 581b293a26 Use go-uuid's GenerateUUID in PutWAL and discart logical.UUID() 2016-07-07 17:57:36 -04:00
Vishal Nayak 98c13d74d6 Merge pull request #1598 from evertrue/evertrue/eherot/doc_fix
Pretty sure the method to delete a token role is DELETE (not GET)
2016-07-07 14:10:13 -04:00
Eric Herot cbc76c357e Pretty sure the method to delete a token role is not GET 2016-07-07 13:54:20 -04:00
vishalnayak 10b5f6648b Added jsonutil functional tests 2016-07-07 12:12:51 -04:00
vishalnayak 14fd963d9f Input validations for jsonutil 2016-07-07 11:29:38 -04:00
vishalnayak 60912bdf65 Added jsonutil helper 2016-07-07 10:51:49 -04:00
Jeff Mitchell 4146ebed9c Add go-retryablehttp dep 2016-07-07 10:42:08 -04:00
vishalnayak db3670c353 Fix transit tests 2016-07-06 22:04:08 -04:00
Jeff Mitchell 4a597c3a7a Fix upgrade to 0.6 docs 2016-07-06 19:00:23 -04:00