luxolus/open-vault
2
0
Fork 0
Code Issues 1 Pull requests Releases Activity
open-vault/command
History
Jeff Mitchell cd86226845 Add forced revocation. 
In some situations, it can be impossible to revoke leases (for instance,
if someone has gone and manually removed users created by Vault). This
can not only cause Vault to cycle trying to revoke them, but it also
prevents mounts from being unmounted, leaving them in a tainted state
where the only operations allowed are to revoke (or rollback), which
will never successfully complete.

This adds a new endpoint that works similarly to `revoke-prefix` but
ignores errors coming from a backend upon revocation (it does not ignore
errors coming from within the expiration manager, such as errors
accessing the data store). This can be used to force Vault to abandon
leases.

Like `revoke-prefix`, this is a very sensitive operation and requires
`sudo`. It is implemented as a separate endpoint, rather than an
argument to `revoke-prefix`, to ensure that control can be delegated
appropriately, as even most administrators should not normally have
this privilege.

Fixes #1135
2016-03-03 10:13:59 -05:00
..
server
test-fixtures
token
audit_disable.go
audit_disable_test.go
audit_enable.go
audit_enable_test.go
audit_list.go
audit_list_test.go
auth.go
auth_disable.go
auth_disable_test.go
auth_enable.go Fixing auth-enable help text 2016-02-21 14:54:50 -06:00
auth_enable_test.go
auth_test.go
command_test.go
config.go
config_test.go
delete.go
delete_test.go
format.go Fix CLI formatter to show warnings again on CLI list output. 2016-02-24 21:45:58 -05:00
format_test.go Fix CLI formatter to show warnings again on CLI list output. 2016-02-24 21:45:58 -05:00
generate-root.go Return status for rekey/root generation at init time. This mitigates a 2016-02-12 14:24:36 -05:00
generate-root_test.go Fix test on 1.6 by comparing to nil instead of a nil-defined map 2016-01-22 21:26:06 -05:00
init.go add missing verb 2016-02-26 14:43:56 +01:00
init_test.go Add -check flag to init. 2016-01-22 13:06:40 -05:00
key_status.go
key_status_test.go
list.go On the CLI, ensure listing ends with /. 2016-02-03 21:08:46 -05:00
list_test.go Only allow listing on folders and enforce this. Also remove string sorting from Consul backend as it's not a requirement and other backends don't do it. 2016-01-22 10:07:32 -05:00
meta.go
meta_test.go
mount.go
mount_test.go
mounts.go
mounts_test.go
mounttune.go
path_help.go
path_help_test.go
pgp_test.go
policy_delete.go fix typo 2016-03-01 11:48:17 -05:00
policy_delete_test.go
policy_list.go
policy_list_test.go
policy_write.go
policy_write_test.go
read.go
read_test.go
rekey.go add missing verb 2016-02-26 14:43:56 +01:00
rekey_test.go
remount.go
remount_test.go
renew.go
renew_test.go
revoke.go Add forced revocation. 2016-03-03 10:13:59 -05:00
revoke_test.go
rotate.go
rotate_test.go
seal.go
seal_test.go
server.go Allow specifying an initial root token ID in dev mode. 2016-03-02 12:03:26 -05:00
server_test.go Fix build tag 2016-02-03 08:41:31 -05:00
ssh.go Merge pull request #1099 from hashicorp/fix-ssh-cli 2016-02-19 13:02:34 -05:00
ssh_test.go
status.go Update documentation for status command to reflect new return codes 2016-02-08 11:36:08 -05:00
status_test.go Fix command status test with new return value 2016-01-29 19:31:01 -05:00
token_create.go
token_create_test.go
token_lookup.go
token_lookup_test.go
token_renew.go Address review feedback 2016-03-01 20:25:40 -05:00
token_renew_test.go Allow token-renew to not be given a token; it will then use the 2016-03-01 17:02:48 -05:00
token_revoke.go
token_revoke_test.go
unmount.go
unmount_test.go
unseal.go
unseal_test.go
version.go
version_test.go
write.go help sentence improved 2016-02-22 09:38:30 -06:00
write_test.go