Commit graph

2448 commits

Author SHA1 Message Date
Jeff Mitchell b3eb5c4957 Add sign method (untested) 2015-11-19 09:51:17 -05:00
Jeff Mitchell 6ea626e9ad Don't show field names when not needed 2015-11-19 09:51:17 -05:00
Jeff Mitchell 1cec03d9ca Implement CA cert/CSR generation. CA certs can be self-signed or
generate an intermediate CSR, which can be signed.
2015-11-19 09:51:17 -05:00
Jeff Mitchell 1c7157e632 Reintroduce the ability to look up obfuscated values in the audit log
with a new endpoint '/sys/audit-hash', which returns the given input
string hashed with the given audit backend's hash function and salt
(currently, always HMAC-SHA256 and a backend-specific salt).

In the process of adding the HTTP handler, this also removes the custom
HTTP handlers for the other audit endpoints, which were simply
forwarding to the logical system backend. This means that the various
audit functions will now redirect correctly from a standby to master.
(Tests all pass.)

Fixes #784
2015-11-18 20:26:03 -05:00
Jeff Mitchell 45e7e61d71 Update audit documentation around what hash is used 2015-11-18 10:42:42 -05:00
Jeff Mitchell 7ab0c2e917 Update deps 2015-11-18 10:36:57 -05:00
Jeff Mitchell 29135b65ca Changelogify 2015-11-18 10:34:50 -05:00
Jeff Mitchell 4a1a02a123 Merge pull request #780 from vicki-c/master
Port to new etcd client with TLS support
2015-11-18 10:33:09 -05:00
Vicki Cheung eb464ed79d rejecting etcd addresses without url scheme 2015-11-17 15:18:50 -08:00
Vicki Cheung 4a3bcc2adc adding check in etcd backend to validate machine urls 2015-11-16 14:35:04 -08:00
Vicki Cheung dc4374ab79 adding etcd client dependencies 2015-11-16 13:30:27 -08:00
Vicki Cheung dfe284af43 adding PermitPool to etcd backend 2015-11-15 22:38:21 -08:00
Vicki Cheung a21c8fab26 porting to new etcd client 2015-11-15 22:12:06 -08:00
Jeff Mitchell 0b3c7b177a Merge pull request #775 from hashicorp/issue-771
Rearchitect MountTable locking and fix rollback.
2015-11-15 17:33:30 -05:00
Jeff Mitchell bece637eb7 Address feedback from review 2015-11-15 17:32:57 -05:00
Jeff Mitchell bc4c18a1cf Rearchitect MountTable locking and fix rollback.
The rollback manager was using a saved MountTable rather than the
current table, causing it to attempt to rollback unmounted mounts, and
never rollback new mounts.

In fixing this, it became clear that bad things could happen to the
mount table...the table itself could be locked, but the table pointer
(which is what the rollback manager needs) could be modified at any time
without locking. This commit therefore also returns locking to a mutex
outside the table instead of inside, and plumbs RLock/RUnlock through to
the various places that are reading the table but not holding a write
lock.

Both unit tests and race detection pass.

Fixes #771
2015-11-11 11:54:52 -05:00
Jeff Mitchell fa646a1eb1 Bump version to 0.4-dev instead of 0.3.1-dev 2015-11-10 10:28:40 -05:00
Jeff Mitchell 847707f4af Merge pull request #772 from hashicorp/origin/new_header
New Header Redesign
2015-11-10 10:16:49 -05:00
captainill 28ae7b2466 edit this page 2015-11-09 21:10:49 -08:00
captainill d931c62d94 sidebar 2015-11-09 21:08:05 -08:00
captainill 2af4092734 redesign header bulk 2015-11-09 20:58:06 -08:00
Jeff Mitchell 201adad4ae Merge pull request #762 from hashicorp/issue-732
Create a "default" policy with sensible rules.
2015-11-09 17:44:09 -05:00
Jeff Mitchell 1a45696208 Add no-default-policy flag and API parameter to allow exclusion of the
default policy from a token create command.
2015-11-09 17:30:50 -05:00
Jeff Mitchell d6693129de Create a "default" policy with sensible rules.
It is forced to be included with each token, but can be changed (but not
deleted).

Fixes #732
2015-11-09 15:44:09 -05:00
Jeff Mitchell 1a621b7000 Minor test fix 2015-11-09 15:37:30 -05:00
Jeff Mitchell c9e3699751 Merge pull request #769 from hashicorp/issue-769
Don't require root tokens for mount and policy endpoints.
2015-11-09 15:29:56 -05:00
Jeff Mitchell 8673f36b34 Don't require root tokens for mount and policy endpoints. 2015-11-09 15:29:21 -05:00
Jeff Mitchell 5d5d58ffe4 Fix unmount help output 2015-11-09 15:23:49 -05:00
Jeff Mitchell 9d9bf9f2f8 Merge pull request #768 from hashicorp/issue-765
Print version on startup.
2015-11-09 13:53:33 -05:00
Jeff Mitchell 75f1c1e40c Print version on startup.
Fixes #765
2015-11-09 13:52:55 -05:00
Jeff Mitchell 3717b31b63 Merge pull request #766 from hashicorp/issue-766
Display whether a token is an orphan on lookup.
2015-11-09 13:20:42 -05:00
Jeff Mitchell 5783f547ab Display whether a token is an orphan on lookup. 2015-11-09 13:19:59 -05:00
Jeff Mitchell 10913e2e6b Update cert documentation to note requiring sudo access. 2015-11-06 16:09:42 -05:00
Jeff Mitchell f098e1dd07 Tag with dev for builds 2015-11-06 13:39:30 -05:00
Jeff Mitchell 7aa3faa626 Rename core's 'policy' to 'policyStore' for clarification 2015-11-06 12:07:42 -05:00
Jeff Mitchell b987c47c9e Merge pull request #759 from hashicorp/remove-root-warning
Remove warning about nonexistent root policy by using GetPolicy instead
2015-11-06 11:37:39 -05:00
Jeff Mitchell 7d8371c4a3 Remove warning about nonexistent root policy by using GetPolicy instead
of the listing function.
2015-11-06 11:36:40 -05:00
Jeff Mitchell ffa879d6e2 Update S3 docs 2015-11-06 09:26:09 -05:00
Jeff Mitchell b1a445dfbf Changelogify 2015-11-06 09:22:30 -05:00
Jeff Mitchell 601f85a934 Merge pull request #758 from ys/s3-bucket-config-var
Allow s3 bucket to come from config vars
2015-11-06 09:21:35 -05:00
Yannick 8a594a7f61 Allow s3 bucket to come from config vars 2015-11-06 14:05:29 +01:00
Greg Brockman 141a71974a Correct typo in comment 2015-11-06 00:41:14 -08:00
Greg Brockman 171bd84330 Add support for etcd over TLS 2015-11-06 00:41:14 -08:00
Jeff Mitchell fde0bbf4b3 Merge pull request #752 from hashicorp/issue-749
Fix removing secondary index from exp manager.
2015-11-05 19:43:11 -05:00
Jeff Mitchell a121941925 Merge pull request #751 from hashicorp/issue-618
Move environment variable reading logic to API.
2015-11-05 19:42:16 -05:00
Jeff Mitchell 483f4f8b8d Add canonical import path to main package for those using golang-builder 2015-11-05 16:44:20 -05:00
Jeff Mitchell 26572d3798 Merge pull request #754 from hashicorp/issue-753
Switch etcd default port to 2379, in line with 2.x.
2015-11-05 09:48:26 -05:00
Jeff Mitchell 08dbc70c9f Switch etcd default port to 2379, in line with 2.x.
Fixes #753
2015-11-05 09:47:50 -05:00
Jeff Mitchell 9fff3a350d Don't use the semaphore library as it's racy; instead use a simple
buffered channel. Passes all tests, including inmem, which uses it.
2015-11-04 12:27:13 -05:00
Jeff Mitchell 395d6bead4 Fix removing secondary index from exp manager.
Due to a typo, revoking ensures that index entries are created rather
than removed. This adds a failing, then fixed test case (and helper
function) to ensure that index entries are properly removed on revoke.

Fixes #749
2015-11-04 10:50:31 -05:00