Commit graph

4651 commits

Author SHA1 Message Date
vishalnayak e01f99f042 Check for prefix match instead of exact match for IAM bound parameters 2016-09-28 18:08:28 -04:00
vishalnayak a9c719b555 changelog++ 2016-09-28 15:41:53 -04:00
Vishal Nayak 4a30a6b4f8 Merge pull request #1913 from hashicorp/bound-iam-instance-profile-arn
Proper naming for bound_iam_instance_profile_arn
2016-09-28 15:34:56 -04:00
vishalnayak 31e450a175 Add some validation checks 2016-09-28 15:36:02 -04:00
vishalnayak 69df3fb95e Added a few checks to the CIDR Subset checking util 2016-09-28 14:04:02 -04:00
Laura Bennett 62ea73ad6b changelog++ 2016-09-27 21:13:51 -04:00
Laura Bennett 010293ccc3 Merge pull request #1931 from hashicorp/cass-consistency
Adding consistency into cassandra
2016-09-27 21:12:02 -04:00
Jeff Mitchell b8f2841376 changelog++ 2016-09-27 21:05:52 -04:00
Jeff Mitchell bcee7dce17 changelog++ 2016-09-27 20:53:13 -04:00
Chris Hoffman d235acf809 Adding support for chained intermediate CAs in pki backend (#1694) 2016-09-27 17:50:17 -07:00
Jeff Mitchell 447cb8d5fb changelog++ 2016-09-27 20:49:25 -04:00
Laura Bennett 5ac43873c4 minor updates 2016-09-27 20:35:11 -04:00
Laura Bennett 6f7428d4c0 changelog++ 2016-09-27 16:46:09 -04:00
Laura Bennett 883b5db420 typo correction 2016-09-27 16:38:27 -04:00
Laura Bennett 648a71fa11 updates to the documents 2016-09-27 16:36:20 -04:00
Laura Bennett e14fe05c13 added parsing at role creation 2016-09-27 16:01:51 -04:00
Laura Bennett 4938aa56bf initial commit for consistency added into cassandra 2016-09-27 13:25:18 -04:00
Vishal Nayak 0dde3bb559 Merge pull request #1928 from legal90/fix-secretid-num-uses
Fix "SecretIDNumUses" in AppRole auth backend
2016-09-27 13:02:37 -04:00
vishalnayak 25ae17d0fe changelog++ 2016-09-27 13:01:16 -04:00
Vishal Nayak 38428e90ea Merge pull request #1924 from hashicorp/token-entry-upgrade
Handle token entry upgrade gracefully
2016-09-27 12:55:06 -04:00
Mikhail Zholobov 5eff59c410
Fix "SecretIDNumUses" in AppRole auth backend
There was a typo.
2016-09-27 17:26:52 +03:00
vishalnayak 57b21acabb Added unit tests for token entry upgrade 2016-09-26 18:17:50 -04:00
vishalnayak af888573be Handle upgrade of deprecated fields in token entry 2016-09-26 15:47:48 -04:00
Jeff Mitchell 96afb1d27a Update getting started docs since root can no longer be used from github 2016-09-26 13:09:26 -04:00
Seth Vargo be9fb99a99 Update middleman-hashicorp (#1922) 2016-09-26 12:40:48 -04:00
vishalnayak 69e662d374 changelog++ 2016-09-26 10:49:59 -04:00
Vishal Nayak b1ee56a15b Merge pull request #1910 from hashicorp/secret-id-cidr-list
CIDR restrictions on Secret ID
2016-09-26 10:22:48 -04:00
Jeff Mitchell f8e3cf4591 Add information about accessors to the token concepts page.
Fixes #1918
2016-09-26 10:18:38 -04:00
vishalnayak ecf45e7e3d changelog++ 2016-09-26 10:10:00 -04:00
Vishal Nayak a4b119dc25 Merge pull request #1920 from legal90/fix-approle-delete
Fix panic on deleting the AppRole which doesn't exist
2016-09-26 10:05:33 -04:00
Mikhail Zholobov 3f77013004
Fix panic on deleting the AppRole which doesn't exist
#pathRoleDelete should return silently if the specified  AppRole doesn't exist
Fixes GH-1919
2016-09-26 16:55:08 +03:00
vishalnayak da5b5d3a8e Address review feedback from @jefferai 2016-09-26 09:53:24 -04:00
vishalnayak d080107a87 Update docs to contain bound_iam_role_arn 2016-09-26 09:37:38 -04:00
vishalnayak bf0b7f218e Implemented bound_iam_role_arn constraint 2016-09-23 21:35:36 -04:00
John c39eeecaea tip to override VAULT_ADDR in getting started guide (#1915) 2016-09-23 19:34:07 -04:00
Jeff Mitchell 72b9c4c649 Fix parsing env var, needed to be in the helper too 2016-09-23 13:20:26 -04:00
vishalnayak a31f9bb0e9 Fix zeroAddr check 2016-09-23 12:50:26 -04:00
Jeff Mitchell be694f0287 changelog++ 2016-09-23 12:33:26 -04:00
Jeff Mitchell 6bf871995b Don't use time.Time in responses. (#1912)
This fixes #1911 but not directly; it doesn't address the cause of the
panic. However, it turns out that this is the correct fix anyways,
because it ensures that the value being logged is RFC3339 format, which
is what the time turns into in JSON but not the normal time string
value, so what we audit log (and HMAC) matches what we are returning.
2016-09-23 12:32:07 -04:00
vishalnayak 2d4bfeff49 Update website for bound_iam_instance_profile_arn 2016-09-23 11:23:59 -04:00
vishalnayak e0c41f02c8 Fix incorrect naming of bound_iam_instance_profile_arn 2016-09-23 11:22:23 -04:00
Evan Phoenix 4214a0199d Advertise the cluster_(id|name) in the Scada handshake (#1906) 2016-09-23 10:55:51 -04:00
vishalnayak f560e20b28 Address review feedback 2016-09-22 18:07:35 -04:00
Jeff Mitchell 57f3904d74 Use VAULT_LOG_FORMAT as an analogue to LOGXI_FORMAT 2016-09-22 17:22:02 -04:00
vishalnayak c26754000b Fix ssh tests 2016-09-22 11:37:55 -04:00
vishalnayak 07b1b244d6 Use net.IPv4zero to check for zero address 2016-09-21 20:29:33 -04:00
vishalnayak aaadd4ad97 Store the CIDR list in the secret ID storage entry.
Use the stored information to validate the source address and credential issue time.
Correct the logic used to verify BoundCIDRList on the role.
Reverify the subset requirements between secret ID and role during credential issue time.
2016-09-21 20:19:26 -04:00
vishalnayak 578b82acf5 Pass only valid inputs to validation methods 2016-09-21 15:44:54 -04:00
Jeff Mitchell d65da5613c Add missing dep 2016-09-21 14:02:35 -04:00
Jeff Mitchell 226ef5d78c Make HA in etcd off by default. (#1909)
Fixes #1908

(Doesn't really "fix" it but someone from the community needs to step up
if they want to see this fixed.)
2016-09-21 14:01:36 -04:00