luxolus/open-vault
2
0
Fork 0
Code Issues 1 Pull requests Releases Activity
4605 commits 1 branch 0 tags 214 MiB
Commit graph

4605 commits

This branch
This branch
All branches
Author SHA1 Message Date
Jeff Mitchell 8d6244f8e7 Don't serialize the full connection state, instead just the peer certificates, and parse them on the other side 2016-08-17 10:29:53 -04:00
Jeff Mitchell e7261bc31f Merge pull request #1740 from hashicorp/fix-upgrade-periodic-roles 
Ensure we don't use a token entry period of 0 in role comparisons.
 2016-08-16 16:59:56 -04:00
Jeff Mitchell 01702415c2 Ensure we don't use a token entry period of 0 in role comparisons. 
When we added support for generating periodic tokens for root/sudo in
auth/token/create we used the token entry's period value to store the
shortest period found to eventually populate the TTL. The problem was
that we then assumed later that this value would be populated for
periodic tokens, when it wouldn't have been in the upgrade case.

Instead, use a temp var to store the proper value to use; populate
te.Period only if actually given; and check that it's not zero before
comparing against role value during renew.
 2016-08-16 16:47:46 -04:00
Jeff Mitchell c1aa89363a Make time logic a bit clearer 2016-08-16 16:29:07 -04:00
Jeff Mitchell 02d9702fbd Add local into handler path for forwarded requests 2016-08-16 11:46:37 -04:00
Jeff Mitchell c6b6901059 update Dockerfile for Go 1.7 final 2016-08-16 11:23:43 -04:00
Jeff Mitchell 734e80ca56 Add permit pool to dynamodb 2016-08-15 19:45:06 -04:00
Jeff Mitchell 638e61192a Actually show the error occurring if a file audit log can't be opened 2016-08-15 16:26:36 -04:00
Jeff Mitchell dcba6129e3 Use dockertest for physical consul tests, and always run them 2016-08-15 16:20:32 -04:00
Matt Hurne 56252fb637 AppRole documentation tweaks (#1735) 
* Fix spelling error in AppRole docs

* Add force flag to sample command to generate a secret ID in AppRole docs

* Update sample output for AppRole login in docs
 2016-08-15 16:12:08 -04:00
Jeff Mitchell c520ab986c changelog++ 2016-08-15 16:02:06 -04:00
Jeff Mitchell 62c69f8e19 Provide base64 keys in addition to hex encoded. (#1734) 
* Provide base64 keys in addition to hex encoded.

Accept these at unseal/rekey time.

Also fix a bug where backup would not be honored when doing a rekey with
no operation currently ongoing.
 2016-08-15 16:01:15 -04:00
Jeff Mitchell 159255b5a6
Cut version 0.6.1-rc3 2016-08-15 09:54:06 -04:00
Jeff Mitchell 8724a6864b Bump version 2016-08-15 09:49:18 -04:00
Jeff Mitchell e0170b268b changelog++ 2016-08-15 09:45:23 -04:00
Jeff Mitchell 37320f8798 Request forwarding (#1721) 
Add request forwarding.
 2016-08-15 09:42:42 -04:00
Jeff Mitchell 122f79b3c1 Merge pull request #1732 from hashicorp/pre0.6.1-restore-compat 
Restore compatibility with pre-0.6.1 servers for CLI/Go API calls
 2016-08-15 08:15:11 -04:00
Jeff Mitchell 86874def5c Parameter change 
Both revocation times are UTC so clarify via parameter name that it's just a formatting difference. Also leave as a time.Time here, as it automatically marshals into RFC3339.
 2016-08-14 21:43:57 -04:00
Jeff Mitchell ba87c6c0d6 Restore compatibility with pre-0.6.1 servers for CLI/Go API calls 2016-08-14 14:52:45 -04:00
Jeff Mitchell a82b6ee9d9 changelog++ 2016-08-14 07:21:05 -04:00
Jeff Mitchell 7cc5e8d0d4 Merge pull request #1725 from hashicorp/periodic-authtokencreate 
Add periodic support for root/sudo tokens to auth/token/create
 2016-08-14 07:17:38 -04:00
Jeff Mitchell 40ece8fd7c Add another test and fix some output 2016-08-14 07:17:14 -04:00
vishalnayak 0038db0f62 Fix typo. Fixes #1731. 2016-08-14 02:13:46 -04:00
Jeff Mitchell 7497b37280 Completely revamp token documentation 2016-08-13 17:05:31 -04:00
Jeff Mitchell b6ef112382 Minor wording change 2016-08-13 15:45:13 -04:00
Jeff Mitchell cdea4b3445 Add some tests and fix some bugs 2016-08-13 14:03:22 -04:00
Jeff Mitchell de60702d76 Don't check the role period again as we've checked it earlier and it may be greater than the te Period 2016-08-13 13:21:56 -04:00
Jeff Mitchell 43361f2991 changelog++ 2016-08-13 11:54:01 -04:00
Jeff Mitchell 66db2dcc26 Merge pull request #1728 from hashicorp/fix-crl-revocation-time 
Ensure values to be encoded in a CRL are in UTC.
 2016-08-13 11:53:11 -04:00
Jeff Mitchell 39cfd116b6 Cleanup 2016-08-13 11:52:09 -04:00
Jeff Mitchell 1b8711e7b7 Ensure utc value is not zero before adding 2016-08-13 11:50:57 -04:00
Jeff Mitchell d6d08250ff Ensure values to be encoded in a CRL are in UTC. This aligns with the 
RFC. You might expect Go to ensure this in the CRL generation call,
but...it doesn't.

Fixes #1727
 2016-08-13 08:40:09 -04:00
Jeff Mitchell 9e628f0d55 changelog++ 2016-08-13 07:25:46 -04:00
Jeff Mitchell 4114b14601 Merge pull request #1726 from jen20/f-illumos 
build: Add support for building on Illumos
 2016-08-13 07:24:54 -04:00
James Nugent 2c14ff7385 build: Add support for building on Illumos 
This commit adds support for building for Illumos-derived operating
systems. Regrettably, the cyrpto/ssh/terminal package does not include
implementations of the functions IsTerminal, MakeRaw or Restore for the
solaris OS. Consequently this commit implements them in Vault.

makeRaw(fd int) is based on the Illumos implementation of the getpass
function [1] for the correct flags. isTerminal(fd int) is based on the
Illumos libc implementation [2] of isatty.

[1] http://src.illumos.org/source/xref/illumos-gate/usr/src/lib/libast/common/uwin/getpass.c
[2] http://src.illumos.org/source/xref/illumos-gate/usr/src/lib/libbc/libc/gen/common/isatty.c
 2016-08-13 00:20:15 -04:00
Jeff Mitchell bcb4ab5422 Add periodic support for root/sudo tokens to auth/token/create 2016-08-12 21:14:12 -04:00
Jeff Mitchell 92f4fdf892 Add some info about -f to the "expects two arguments" error. 
Ping #1722
 2016-08-12 15:47:16 -04:00
Jeff Mitchell 3e579a51ae changelog++ 2016-08-12 15:15:35 -04:00
Jeff Mitchell 7b5a457877 Merge pull request #1724 from hashicorp/no-redirection-retry 
Don't retry on redirections.
 2016-08-12 15:14:53 -04:00
Jeff Mitchell 9c33224928 Don't retry on redirections. 2016-08-12 15:13:42 -04:00
Vishal Nayak 14c508ea91 Merge pull request #1723 from hashicorp/nil-config-client 
Use default config and read environment by default while creating client object
 2016-08-12 13:09:37 -04:00
vishalnayak ff22640015 Use default config and read environment by default while creating client object 2016-08-12 11:37:13 -04:00
Jeff Mitchell 5800b4ad3e Fix version number 2016-08-11 17:23:47 -04:00
Jeff Mitchell c1a46349fa Change to keybase openpgp fork as it has important fixes 2016-08-11 08:31:43 -04:00
Jeff Mitchell 0a40dcc593 Allow version to build without requiring a build tag 2016-08-10 20:01:15 -04:00
Jeff Mitchell ab2cdc04b5 Fix default makefile target and README 2016-08-10 15:38:17 -04:00
vishalnayak 9a5c386651 changelog++ 2016-08-10 15:35:50 -04:00
Vishal Nayak d49d11eac0 Merge pull request #1715 from hashicorp/fix-cluster-nil 
Fix Cluster object being returned as nil when unsealed
 2016-08-10 15:27:06 -04:00
vishalnayak 3895ea4c2b Address review feedback from @jefferai 2016-08-10 15:22:12 -04:00
vishalnayak 95f9c62523 Fix Cluster object being returned as nil when unsealed 2016-08-10 15:09:16 -04:00