Nathan J. Mehl
ea294f1d27
use both role name and token display name to form mysql username
2016-07-20 10:17:00 -07:00
Nathan J. Mehl
0483457ad2
respond to feedback from @vishalnayak
...
- split out usernameLength and displaynameLength truncation values,
as they are different things
- fetch username and displayname lengths from the role, not from
the request parameters
- add appropriate defaults for username and displayname lengths
2016-07-20 06:36:51 -07:00
Nathan J. Mehl
314a5ecec0
allow overriding the default truncation length for mysql usernames
...
see https://github.com/hashicorp/vault/issues/1605
2016-07-12 17:05:43 -07:00
Nathan J. Mehl
2cf4490b37
use role name rather than token displayname in generated mysql usernames
...
If a single token generates multiple myself roles, the generated mysql
username was previously prepended with the displayname of the vault
user; this makes the output of `show processlist` in mysql potentially
difficult to correlate with the roles actually in use without cross-
checking against the vault audit log.
See https://github.com/hashicorp/vault/pull/1603 for further discussion.
2016-07-10 15:57:47 -07:00
Jeff Mitchell
7a224ec0bd
changelog++
2016-07-08 10:42:13 -04:00
Jeff Mitchell
4aa557ffa6
Add documentation of retry env vars
2016-07-08 10:41:11 -04:00
Jeff Mitchell
1c0a96a815
Merge pull request #1594 from hashicorp/api-retryable
...
Make the API client retry on 5xx errors.
2016-07-08 10:34:56 -04:00
Jeff Mitchell
c7d72fea90
Do some extra checking in the modified renewal check
2016-07-08 10:34:49 -04:00
Jeff Mitchell
96a6bc388e
Merge pull request #1601 from hashicorp/clarify-policy
...
Some policy concept page clarifications
2016-07-08 01:06:16 -04:00
Jeff Mitchell
cf42b28487
Some policy concept page clarifications
2016-07-08 05:05:46 +00:00
Vishal Nayak
98c13d74d6
Merge pull request #1598 from evertrue/evertrue/eherot/doc_fix
...
Pretty sure the method to delete a token role is DELETE (not GET)
2016-07-07 14:10:13 -04:00
Eric Herot
cbc76c357e
Pretty sure the method to delete a token role is not GET
2016-07-07 13:54:20 -04:00
Jeff Mitchell
4146ebed9c
Add go-retryablehttp dep
2016-07-07 10:42:08 -04:00
Jeff Mitchell
4a597c3a7a
Fix upgrade to 0.6 docs
2016-07-06 19:00:23 -04:00
Jeff Mitchell
7023eafc67
Make the API client retry on 5xx errors.
...
This should help with transient issues. Full control over min/max delays
and number of retries (and ability to turn off) is provided in the API
and via env vars.
Fix tests.
2016-07-06 16:50:23 -04:00
Jeff Mitchell
a6d3210163
Merge pull request #1590 from skippy/patch-3
...
Update aws-ec2.html.md -- clarify pkcs7 cert cleanup before use
2016-07-06 21:31:12 +02:00
Brian Shumate
07dd449e9e
Minor grammar edit
2016-07-06 10:02:52 -04:00
Jeff Mitchell
2c0e677fe5
Fix website upgrade menu for 0.6.0
2016-07-06 09:28:21 -04:00
Jeff Mitchell
11ff12bf76
Merge pull request #1592 from stojg/patch-1
...
Correcting grammar
2016-07-06 13:16:42 +02:00
Stig Lindqvist
71b481ba40
Correcting grammar
2016-07-06 17:57:22 +12:00
Jeff Mitchell
0091a3ab80
Merge pull request #1591 from hashicorp/dont-panic-empty-config
...
Don't panic on an empty configuration during merge
2016-07-05 22:49:43 +02:00
Jeff Mitchell
61250157d7
Don't panic on an empty configuration during merge
2016-07-05 16:49:15 -04:00
Adam Greene
2405b7f078
Update aws-ec2.html.md
...
per #1582 , updating the docs to include notes about pkcs#7 handling, specifically that aws returns the pkcs#7 cert with newlines and that they need to be stripped before sending them to the login endpoint
2016-07-05 13:21:56 -07:00
Jeff Mitchell
1da55a151c
Update dockertest dep
2016-07-05 15:13:42 -04:00
Jeff Mitchell
88c7292023
Fix broken test
2016-07-05 12:54:27 -04:00
Jeff Mitchell
0071c9e10b
changelog++
2016-07-05 12:19:36 -04:00
Jeff Mitchell
9869666510
Merge pull request #1588 from hashicorp/issue-1587
...
Add response wrapping support to login endpoints.
2016-07-05 18:18:52 +02:00
Jeff Mitchell
8ce13b3f68
Add non-wrapped step
2016-07-05 12:11:40 -04:00
Jeff Mitchell
b6ca7e9423
Add response wrapping support to login endpoints.
...
Fixes #1587
2016-07-05 11:46:21 -04:00
Jeff Mitchell
b1d6e684eb
Update to new hc-releases syntax
2016-07-04 19:44:38 -04:00
Sean Chittenden
e6bfb06dee
Merge pull request #1584 from hashicorp/b-remove-sprintf
...
Use `lib/pq`'s `QuoteIdentifier()` on all identifiers and Prepare for all literals.
LGTM from @jefferai out of band.
2016-07-03 17:00:55 -07:00
Sean Chittenden
2e828383e0
Move the parameter down to where the statement is executed.
2016-07-03 16:20:27 -07:00
Sean Chittenden
08fb1a30d4
Use lib/pq
's QuoteIdentifier()
on all identifiers and Prepare
...
for all literals.
2016-07-03 16:01:39 -07:00
Jeff Mitchell
4a8d9eb942
Shave off a lot of PKI testing time by not requiring key generation when testing CSRs. Also enable all tests all the time.
2016-07-01 17:28:48 -04:00
Jeff Mitchell
22f0656252
changelog++
2016-07-01 16:34:23 -04:00
Jeff Mitchell
369dcff5f9
Merge pull request #1581 from mp911de/cassandra_connect_timeout
...
Support connect_timeout for Cassandra and align timeout.
2016-07-01 22:33:24 +02:00
Mark Paluch
ab63c938c4
Address review feedback.
...
Switch ConnectTimeout to framework.TypeDurationSecond with a default of 5. Remove own parsing code.
2016-07-01 22:26:08 +02:00
Jeff Mitchell
dc7eea4265
Update git attributes to fix Linguist
2016-07-01 15:54:16 -04:00
Mark Paluch
3859f7938a
Support connect_timeout for Cassandra and align timeout.
...
The cassandra backend now supports a configurable connect timeout. The timeout is configured using the connect_timeout parameter in the session configuration. Also align the timeout to 5 seconds which is the default for the Python and Java drivers.
Fixes #1538
2016-07-01 21:22:37 +02:00
Jeff Mitchell
04e863c750
Incorporate consul dockertest review feedback
2016-07-01 14:16:38 -04:00
Jeff Mitchell
51cd67115c
Run appid/cert auth tests always
2016-07-01 14:06:33 -04:00
Jeff Mitchell
ee2d32e5e0
Merge pull request #1580 from hashicorp/consul-dockerize-tests
...
Migrate Consul acceptance tests to Docker
2016-07-01 20:00:35 +02:00
Jeff Mitchell
db211a4b61
Migrate Consul acceptance tests to Docker
2016-07-01 13:59:56 -04:00
Jeff Mitchell
87149b1e53
Merge pull request #1579 from hashicorp/ping-sql-dbs
...
Have SQL backends Ping() before access.
2016-07-01 18:12:41 +02:00
Jeff Mitchell
a2e95614d6
Have SQL backends Ping() before access.
...
If unsuccessful, reestablish connections as needed.
2016-07-01 12:02:17 -04:00
Jeff Mitchell
90c2f5bb55
Fix some more too-tight timing in the token store tests
2016-07-01 11:59:39 -04:00
Jeff Mitchell
e50e331ffc
Always run transit acceptance tests
2016-07-01 11:45:56 -04:00
Jeff Mitchell
5313ae8a1b
Merge pull request #1578 from hashicorp/dockerize-mysql-acc-tests
...
Convert MySQL tests to Dockerized versions
2016-07-01 17:38:52 +02:00
Jeff Mitchell
5d707c41ff
Always run userpass acceptance tests
2016-07-01 11:37:38 -04:00
Jeff Mitchell
f3e6e4ee28
Fix timing in explicit max ttl test
2016-07-01 11:37:27 -04:00