Commit graph

4737 commits

Author SHA1 Message Date
Laura Bennett e5a7e3d6cb initial commit to fix empty consistency option issue 2016-10-08 20:22:26 -04:00
Jeff Mitchell 21e1f38e6a Split HA server command tests from reload tests 2016-10-07 11:06:01 -04:00
Jeff Mitchell 2e9f4c5f5f Add gitter badge 2016-10-06 12:37:41 -04:00
Jeff Mitchell b5225fd000 Add KeyNotFoundError to seal file 2016-10-05 17:17:33 -04:00
Vishal Nayak ec4b944829 Merge pull request #1974 from zendesk/update_iam_documentation
Update aws-ec2 configuration help
2016-10-05 16:43:45 -04:00
Michael S. Fischer c45ab41b39 Update aws-ec2 configuration help
Updated to reflect enhanced functionality and clarify necessary
permissions.
2016-10-05 12:40:58 -07:00
Jeff Mitchell 60abb3d991
Cut version 0.6.2 2016-10-05 14:31:35 -04:00
Jeff Mitchell 70a9fc47b4 Don't use quoted identifier for the username 2016-10-05 14:31:19 -04:00
Jeff Mitchell d580bb1c27 Update upgrade guide 2016-10-05 14:10:27 -04:00
Jeff Mitchell fa515accf9 changelog++ 2016-10-05 14:08:31 -04:00
Jeff Mitchell 7f9a88d8db Postgres revocation sql, beta mode (#1972) 2016-10-05 13:52:59 -04:00
Jeff Mitchell 83b85dea1c Prep for 0.6.2 2016-10-05 08:23:31 -04:00
Paweł Rozlach 33b4683dfd Post-review fixes for file/zk recursive empty prefix delete 2016-10-05 08:08:00 -04:00
Jeff Mitchell bab1471345 changelog++ 2016-10-04 23:17:29 -04:00
vishalnayak cf7f93a7b4 changelog++ 2016-10-04 22:53:15 -04:00
Vishal Nayak 80a523b199 Merge pull request #1964 from mesosphere/prozlach/nested_secrets_handling_fix
Nested secrets handling fix for zookeeper and file based backend.
2016-10-04 22:45:37 -04:00
Jeff Mitchell 6b0f886756 Update website with breaking change information 2016-10-04 22:35:56 -04:00
Jeff Mitchell 22db55f847 changelog++ 2016-10-04 22:15:14 -04:00
Jeff Mitchell 1890a97eba changelog++ 2016-10-04 22:07:06 -04:00
Jeff Mitchell 2a646f74b3 changelog++ 2016-10-04 21:57:10 -04:00
Vishal Nayak 6e9bffade5 Merge pull request #1967 from hashicorp/mysql-revoke-sql
Refactor mysql's revoke SQL
2016-10-04 20:01:54 -04:00
vishalnayak 2b760d5bb7 changelog++ 2016-10-04 19:47:37 -04:00
vishalnayak de5dec6b15 Refactor mysql's revoke SQL 2016-10-04 19:30:25 -04:00
Vishal Nayak 1ab7023483 Merge pull request #1914 from jpweber/mysql-revoke
Mysql revoke with non-wildcard hosts
2016-10-04 17:44:15 -04:00
Jim Weber 87f206b536 removed an unused ok variable. Added warning and force use for default queries if role is nil 2016-10-04 17:15:29 -04:00
vishalnayak 40f4b4647f changelog++ 2016-10-04 16:18:47 -04:00
Pawel Rozlach 41ade15f73 Fix file backend so that it properly removes nested secrets.
This patch makes file backend properly remove nested secrets, without leaving
empty directory artifacts, no matter how nested directories were.
2016-10-04 21:56:12 +02:00
Pawel Rozlach 44b4704cfa Fix zookeeper backend so that properly deletes/lists secrets.
This patch fixes two bugs in Zookeeper backends:
 * backend was determining if the node is a leaf or not basing on the number
   of the childer given node has. This is incorrect if you consider the fact
   that deleteing nested node can leave empty prefixes/dirs behind which have
   neither children nor data inside. The fix changes this situation by testing
   if the node has any data set - if not then it is not a leaf.
 * zookeeper does not delete nodes that do not have childern just like consul
   does and this leads to leaving empty nodes behind. In order to fix it, we
   scan the logical path of a secret being deleted for empty dirs/prefixes and
   remove them up until first non-empty one.
2016-10-04 21:56:12 +02:00
Pawel Rozlach 68fc52958d Add tests for nested/prefixed secrets removal.
Current tests were not checking if backends are properly removing
nested secrets. We follow here the behaviour of Consul backend, where
empty "directories/prefixes" are automatically removed by Consul itself.
2016-10-04 21:55:33 +02:00
Vishal Nayak 661a8a4734 Merge pull request #1961 from hashicorp/aws-ec2-auth-rsa-signature
aws-ec2-auth using identity doc and RSA digest
2016-10-04 15:45:12 -04:00
vishalnayak 0f8c132ede Minor doc updates 2016-10-04 15:46:09 -04:00
vishalnayak 2e1aa80f31 Address review feedback 2 2016-10-04 15:30:42 -04:00
vishalnayak 59475d7f14 Address review feedback 2016-10-04 15:05:44 -04:00
Vishal Nayak 4141b632fa Merge pull request #1957 from hashicorp/website-list-userpass
Added user listing endpoint to userpass docs
2016-10-04 14:10:49 -04:00
Jim Weber cc38f3253a fixed an incorrect assignment 2016-10-03 21:51:40 -04:00
vishalnayak 348a09e05f Add only relevant certificates 2016-10-03 20:34:28 -04:00
vishalnayak dbd364453e aws-ec2 config endpoints support type option to distinguish certs 2016-10-03 20:25:07 -04:00
Jim Weber ac78ddc178 More resilient around cases of missing role names and using the default when needed. 2016-10-03 20:20:00 -04:00
vishalnayak b105f8ccf3 Authenticate aws-ec2 instances using identity document and its RSA signature 2016-10-03 18:57:41 -04:00
Vishal Nayak 5fb6758538 Merge pull request #1960 from hashicorp/atlas-listener-docs
document the atlas listener
2016-10-03 16:13:32 -04:00
Matthew Irish 61975f4265 add documentation for cluster_name and link atlas listener docs 2016-10-03 15:04:33 -05:00
Jim Weber 0a7f1089ca Refactored logic some to make sure we can always fall back to default revoke statments
Changed rolename to role
made default sql revoke statments a const
2016-10-03 15:59:56 -04:00
Jim Weber 704fccaf2e fixed some more issues I had with the tests. 2016-10-03 15:58:09 -04:00
Jim Weber a2d6624a69 renamed rolname to role 2016-10-03 15:57:47 -04:00
Jim Weber 7ab1092c7c Removed file that should not have been added in the first place. 2016-10-03 14:53:22 -04:00
Jim Weber bfb0c2d3ff Reduced duplicated code and fixed comments and simple variable name mistakes 2016-10-03 14:53:05 -04:00
Matthew Irish 34a6abcbb6 document the atlas listener 2016-10-03 10:41:50 -05:00
Jim Weber bb70ecc5a7 Added test for revoking mysql user with wild card host and non-wildcard host 2016-10-02 22:28:54 -04:00
Jim Weber dbb00534d9 saving role name to the Secret Internal data. Default revoke query added
The rolename is now saved to the secret internal data for fetching
later during the user revocation process. No longer deriving the role
name from request path

Added support for default revoke SQL statements that will provide the
same functionality as before. If not revoke SQL statements are provided
the default statements are used.

Cleaned up personal ignores from the .gitignore file
2016-10-02 18:53:16 -04:00
Jeff Mitchell 8cfcbd7943 changelog++ 2016-10-02 14:55:48 -04:00