Commit graph

3989 commits

Author SHA1 Message Date
Nathan J. Mehl ea294f1d27 use both role name and token display name to form mysql username 2016-07-20 10:17:00 -07:00
Nathan J. Mehl 0483457ad2 respond to feedback from @vishalnayak
- split out usernameLength and displaynameLength truncation values,
  as they are different things

- fetch username and displayname lengths from the role, not from
  the request parameters

- add appropriate defaults for username and displayname lengths
2016-07-20 06:36:51 -07:00
Nathan J. Mehl 314a5ecec0 allow overriding the default truncation length for mysql usernames
see https://github.com/hashicorp/vault/issues/1605
2016-07-12 17:05:43 -07:00
Nathan J. Mehl 2cf4490b37 use role name rather than token displayname in generated mysql usernames
If a single token generates multiple myself roles, the generated mysql
username was previously prepended with the displayname of the vault
user; this makes the output of `show processlist` in mysql potentially
difficult to correlate with the roles actually in use without cross-
checking against the vault audit log.

See https://github.com/hashicorp/vault/pull/1603 for further discussion.
2016-07-10 15:57:47 -07:00
Jeff Mitchell 7a224ec0bd changelog++ 2016-07-08 10:42:13 -04:00
Jeff Mitchell 4aa557ffa6 Add documentation of retry env vars 2016-07-08 10:41:11 -04:00
Jeff Mitchell 1c0a96a815 Merge pull request #1594 from hashicorp/api-retryable
Make the API client retry on 5xx errors.
2016-07-08 10:34:56 -04:00
Jeff Mitchell c7d72fea90 Do some extra checking in the modified renewal check 2016-07-08 10:34:49 -04:00
Jeff Mitchell 96a6bc388e Merge pull request #1601 from hashicorp/clarify-policy
Some policy concept page clarifications
2016-07-08 01:06:16 -04:00
Jeff Mitchell cf42b28487 Some policy concept page clarifications 2016-07-08 05:05:46 +00:00
Vishal Nayak 98c13d74d6 Merge pull request #1598 from evertrue/evertrue/eherot/doc_fix
Pretty sure the method to delete a token role is DELETE (not GET)
2016-07-07 14:10:13 -04:00
Eric Herot cbc76c357e Pretty sure the method to delete a token role is not GET 2016-07-07 13:54:20 -04:00
Jeff Mitchell 4146ebed9c Add go-retryablehttp dep 2016-07-07 10:42:08 -04:00
Jeff Mitchell 4a597c3a7a Fix upgrade to 0.6 docs 2016-07-06 19:00:23 -04:00
Jeff Mitchell 7023eafc67 Make the API client retry on 5xx errors.
This should help with transient issues. Full control over min/max delays
and number of retries (and ability to turn off) is provided in the API
and via env vars.

Fix tests.
2016-07-06 16:50:23 -04:00
Jeff Mitchell a6d3210163 Merge pull request #1590 from skippy/patch-3
Update aws-ec2.html.md -- clarify pkcs7 cert cleanup before use
2016-07-06 21:31:12 +02:00
Brian Shumate 07dd449e9e Minor grammar edit 2016-07-06 10:02:52 -04:00
Jeff Mitchell 2c0e677fe5 Fix website upgrade menu for 0.6.0 2016-07-06 09:28:21 -04:00
Jeff Mitchell 11ff12bf76 Merge pull request #1592 from stojg/patch-1
Correcting grammar
2016-07-06 13:16:42 +02:00
Stig Lindqvist 71b481ba40 Correcting grammar 2016-07-06 17:57:22 +12:00
Jeff Mitchell 0091a3ab80 Merge pull request #1591 from hashicorp/dont-panic-empty-config
Don't panic on an empty configuration during merge
2016-07-05 22:49:43 +02:00
Jeff Mitchell 61250157d7 Don't panic on an empty configuration during merge 2016-07-05 16:49:15 -04:00
Adam Greene 2405b7f078 Update aws-ec2.html.md
per #1582, updating the docs to include notes about pkcs#7 handling, specifically that aws returns the pkcs#7 cert with newlines and that they need to be stripped before sending them to the login endpoint
2016-07-05 13:21:56 -07:00
Jeff Mitchell 1da55a151c Update dockertest dep 2016-07-05 15:13:42 -04:00
Jeff Mitchell 88c7292023 Fix broken test 2016-07-05 12:54:27 -04:00
Jeff Mitchell 0071c9e10b changelog++ 2016-07-05 12:19:36 -04:00
Jeff Mitchell 9869666510 Merge pull request #1588 from hashicorp/issue-1587
Add response wrapping support to login endpoints.
2016-07-05 18:18:52 +02:00
Jeff Mitchell 8ce13b3f68 Add non-wrapped step 2016-07-05 12:11:40 -04:00
Jeff Mitchell b6ca7e9423 Add response wrapping support to login endpoints.
Fixes #1587
2016-07-05 11:46:21 -04:00
Jeff Mitchell b1d6e684eb Update to new hc-releases syntax 2016-07-04 19:44:38 -04:00
Sean Chittenden e6bfb06dee Merge pull request #1584 from hashicorp/b-remove-sprintf
Use `lib/pq`'s `QuoteIdentifier()` on all identifiers and Prepare for all literals.

LGTM from @jefferai out of band.
2016-07-03 17:00:55 -07:00
Sean Chittenden 2e828383e0
Move the parameter down to where the statement is executed. 2016-07-03 16:20:27 -07:00
Sean Chittenden 08fb1a30d4
Use lib/pq's QuoteIdentifier() on all identifiers and Prepare
for all literals.
2016-07-03 16:01:39 -07:00
Jeff Mitchell 4a8d9eb942 Shave off a lot of PKI testing time by not requiring key generation when testing CSRs. Also enable all tests all the time. 2016-07-01 17:28:48 -04:00
Jeff Mitchell 22f0656252 changelog++ 2016-07-01 16:34:23 -04:00
Jeff Mitchell 369dcff5f9 Merge pull request #1581 from mp911de/cassandra_connect_timeout
Support connect_timeout for Cassandra and align timeout.
2016-07-01 22:33:24 +02:00
Mark Paluch ab63c938c4 Address review feedback.
Switch ConnectTimeout to framework.TypeDurationSecond  with a default of 5. Remove own parsing code.
2016-07-01 22:26:08 +02:00
Jeff Mitchell dc7eea4265 Update git attributes to fix Linguist 2016-07-01 15:54:16 -04:00
Mark Paluch 3859f7938a Support connect_timeout for Cassandra and align timeout.
The cassandra backend now supports a configurable connect timeout. The timeout is configured using the connect_timeout parameter in the session configuration.  Also align the timeout to 5 seconds which is the default for the Python and Java drivers.

Fixes #1538
2016-07-01 21:22:37 +02:00
Jeff Mitchell 04e863c750 Incorporate consul dockertest review feedback 2016-07-01 14:16:38 -04:00
Jeff Mitchell 51cd67115c Run appid/cert auth tests always 2016-07-01 14:06:33 -04:00
Jeff Mitchell ee2d32e5e0 Merge pull request #1580 from hashicorp/consul-dockerize-tests
Migrate Consul acceptance tests to Docker
2016-07-01 20:00:35 +02:00
Jeff Mitchell db211a4b61 Migrate Consul acceptance tests to Docker 2016-07-01 13:59:56 -04:00
Jeff Mitchell 87149b1e53 Merge pull request #1579 from hashicorp/ping-sql-dbs
Have SQL backends Ping() before access.
2016-07-01 18:12:41 +02:00
Jeff Mitchell a2e95614d6 Have SQL backends Ping() before access.
If unsuccessful, reestablish connections as needed.
2016-07-01 12:02:17 -04:00
Jeff Mitchell 90c2f5bb55 Fix some more too-tight timing in the token store tests 2016-07-01 11:59:39 -04:00
Jeff Mitchell e50e331ffc Always run transit acceptance tests 2016-07-01 11:45:56 -04:00
Jeff Mitchell 5313ae8a1b Merge pull request #1578 from hashicorp/dockerize-mysql-acc-tests
Convert MySQL tests to Dockerized versions
2016-07-01 17:38:52 +02:00
Jeff Mitchell 5d707c41ff Always run userpass acceptance tests 2016-07-01 11:37:38 -04:00
Jeff Mitchell f3e6e4ee28 Fix timing in explicit max ttl test 2016-07-01 11:37:27 -04:00