luxolus
/
open-vault
2
0
Fork 0
Code Issues 1 Pull Requests Releases Activity
3,416 Commits 1 Branch 0 Tags 214 MiB
Commit Graph

3416 Commits

Author SHA1 Message Date
Jeff Mitchell 62058a0ff8 Update tests for change in raw blacklisting 2016-04-19 20:26:26 +00:00
Jeff Mitchell 556039344a There's no good story around accessing any of core via /sys/raw, so blacklist it all 2016-04-19 16:01:15 +00:00
Jeff Mitchell 055a8e04e4 Change recovery options in init to be 'key'-less 2016-04-18 17:02:07 +00:00
Jeff Mitchell b4620d5d04 Add check against seal type to catch errors before we attempt to use the data 2016-04-15 18:16:48 -04:00
Jeff Mitchell d7ba52f86b Backtick "region" in S3 config 2016-04-15 17:03:35 -04:00
Jeff Mitchell d844be4df5 Merge pull request #1336 from hashicorp/b-sigint-handler 
Fix SIGINT handling.
 2016-04-15 13:14:37 -04:00
Jeff Mitchell 9bc24be343 Move recovery info behind the barrier 2016-04-15 17:04:29 +00:00
Sean Chittenden 069d9cf021 Fix SIGINT handling. 
No signal handler was setup to receive SIGINT.  I didn't investigate to
see if signal(2) mask was setup (ala `SIG_IGN`) or if sigprocmask(2) is
being used, but in either case, the correct behavior is to capture and
treat SIGINT the same as SIGTERM.  At some point in the future these two
signals may affect the running process differently, but we will clarify
that difference in the future.
 2016-04-15 10:03:22 -07:00
Jeff Mitchell 119238149b Add Finalize method to seal. 2016-04-14 20:37:34 +00:00
Vishal Nayak eae78f2ef7 Merge pull request #1332 from hashicorp/fix-revocation-output 
Clarify output of idempotent calls
 2016-04-14 11:52:28 -04:00
vishalnayak 5c336297ad Provide clarity for output statements of idempotent calls. 2016-04-14 15:46:45 +00:00
vishalnayak b7178846c1 Clarify token-revoke operation 2016-04-14 15:34:01 +00:00
Jeff Mitchell 148e6926f9 changelog++ 2016-04-14 08:11:02 -04:00
Jeff Mitchell 1a044e0b57 Merge pull request #1331 from hashicorp/fix-role-suffix-renew 
Register the token entry's path instead of the request path, to handl…
 2016-04-14 08:09:46 -04:00
Jeff Mitchell 53773f12e3 Register the token entry's path instead of the request path, to handle role suffixes correctly 2016-04-14 08:08:28 -04:00
Jeff Mitchell bb0dd624e1 Merge pull request #1330 from hashicorp/sethvargo/clarify_delete 
Clarify delete operation
 2016-04-14 06:11:53 -04:00
Jeff Mitchell ae2d000de4 Make period output nicer -- seconds rather than duration 2016-04-14 06:10:22 -04:00
Seth Vargo 54c414abb2
Clarify delete operation 
One thing that has been a point of confusion for users is Vault's
response when deleting a key that does not actually exist in the system.
For example, consider:

    $ vault delete secret/foo
    Success! Deleted 'secret/foo'

This message is misleading if the secret does not exist, especially if
the same command is run twice in a row.

Obviously the reason for this is clear - returning an error if a secret
does not exist would reveal the existence of a secret (the same reason
everything on S3 is a 403 or why GitHub repos 404 instead of 403 if you
do not have permission to view them).

I think we can make the UX a little bit better by adding just a few
words to the output:

    $ vault delete secret/foo
    Success! Deleted 'secret/foo' if it existed

This makes it clear that the operation was only performed if the secret
existed, but it does not reveal any more information.
 2016-04-14 10:38:10 +01:00
Jeff Mitchell a4ff72841e Check for seal status when initing and change logic order to avoid defer 2016-04-14 01:13:59 +00:00
Seth Vargo 03c09341a4 Add missing path-helps and clarify subpaths in tables 2016-04-13 22:15:54 +01:00
Seth Vargo 86455b4720 Only show params if there are fields 2016-04-13 22:15:06 +01:00
Vishal Nayak 2bc3c12b7d Merge pull request #1327 from Banno/vet-cleanup 
go vet cleanup
 2016-04-13 15:48:25 -04:00
Adam Shannon fb07d07ad9 all: Cleanup from running go vet 2016-04-13 14:38:29 -05:00
Seth Vargo 217035d081 Hint that you don't need to run auth twice 
This came up twice, in two different training courses. The UX is a
little confusing here on the CLI. Users are used to running:

    $ vault auth abcd-1234...

So when they auth using a method, the output leads them to believe the
need to "re-auth" as the generated token:

    $ vault auth -method=userpass username=foo password=bar
    Successfully authenticated!
    token: defg-5678...

A number of users then run:

    $ vault auth defg-5678

I've added some helpful text to hint this is not required if the method
is not "token".
 2016-04-13 19:45:48 +01:00
Jeff Mitchell b90286996f Update cert website docs 2016-04-13 16:28:23 +00:00
Jeff Mitchell abf0e84bb8 Merge pull request #1323 from hashicorp/sethvargo/ws_md 
Update website push script to fix metadata
 2016-04-12 16:24:42 -04:00
Seth Vargo 082b25d6b0 Update website push script to fix metadata 2016-04-12 20:15:51 +01:00
Vishal Nayak 4d4d80e788 Merge pull request #1321 from sidick/fix-token-renew-typo 
Should be renew not revoke
 2016-04-12 09:10:13 -04:00
Simon Dick 66f84077d3 Should be renew not revoke 2016-04-12 14:04:26 +01:00
Jeff Mitchell f55468ef93 Merge pull request #1317 from hashicorp/vault-acc 
Skip acceptance tests if VAULT_ACC is not set
 2016-04-11 20:15:04 -04:00
vishalnayak 06eeaecef6 Skip acceptance tests if VAULT_ACC is not set 2016-04-11 20:00:15 -04:00
Jeff Mitchell 7ab94c1e49 Merge pull request #1316 from kunickiaj/patch-1 
Add unofficial client library written in Kotlin
 2016-04-11 12:42:21 -04:00
Adam Kunicki 7fb48fd2c8 Add unofficial client library written in Kotlin 
I've been working on a Vault client written in Kotlin. Still a work in progress but will soon be on-par with the official Ruby client.
 2016-04-11 09:37:42 -07:00
Jeff Mitchell f319bae358 Merge pull request #1314 from chiefy/patch-1 
Update github doc with note about slugifying team
 2016-04-10 12:55:07 -04:00
Christopher "Chief" Najewicz 67e8328a76 Update github doc with note about slugifying team 2016-04-10 11:11:40 -04:00
Jeff Mitchell 4da2e80dfe changelog++ 2016-04-09 18:30:37 -04:00
Jeff Mitchell c1590299d2 Merge pull request #1312 from hashicorp/issue-911 
Add list support to userpass users.
 2016-04-09 18:29:30 -04:00
Jeff Mitchell d92b960f7a Add list support to userpass users. Remove some unneeded existence 
checks. Remove paths from requiring root.

Fixes #911
 2016-04-09 18:28:55 -04:00
Jeff Mitchell e46629f943 changelog++ 2016-04-07 22:18:07 +00:00
Jeff Mitchell 63736a1584 Merge pull request #1309 from hashicorp/issue-1308 
Fix panic when using -field with read or write with a non-string value.
 2016-04-07 18:17:13 -04:00
Jeff Mitchell 759915bb55 Fix panic when using -field with read or write with a non-string value. 
Fixes #1308
 2016-04-07 22:16:33 +00:00
Jeff Mitchell 650d40a258 changelog++ 2016-04-07 21:52:59 +00:00
Paul Hinze d5b73e2590 Merge pull request #1307 from hashicorp/phinze/website-mime-types 
website: force JS/CSS mime-types on deploy
 2016-04-07 13:03:18 -05:00
Paul Hinze c59ce316eb website: force mime-types for some assets on deploy 
Should fix occassional issues with application/octet-stream mime type
assets breaking things on the site.
 2016-04-07 12:54:17 -05:00
Jeff Mitchell 3de7dd324b Merge pull request #1306 from hashicorp/fix-token-ttl-display 
Construct token path from request to fix displaying TTLs when using
 2016-04-07 11:48:35 -04:00
Jeff Mitchell 1db6808912 Construct token path from request to fix displaying TTLs when using 
create-orphan.
 2016-04-07 15:45:38 +00:00
Jeff Mitchell f2880561d1 Ensure we only use sysview's max if it's not zero. It never should be, but safety. 2016-04-07 15:27:14 +00:00
Sean Chittenden 8dc94ea4e1 Add CL note re: *BSD mlock support 2016-04-06 14:00:29 -07:00
Sean Chittenden 09ad6317ea Merge pull request #1297 from hashicorp/f-bsd-mlock 
F bsd mlock
 2016-04-06 13:57:34 -07:00
Vishal Nayak 11bb4586b3 Merge pull request #1304 from hashicorp/fix-errorok-handling 
Fix ErrorOk handling
 2016-04-06 12:52:59 -04:00