scottk/vault
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/vault.git synced 2026-01-12 23:15:06 +00:00
Code Issues Packages Projects Releases Wiki Activity
2,917 Commits 2,630 Branches 341 Tags
b2a89bf47cb259db3da50f2d69caa3dc419c8e18
Commit Graph

351 Commits

Author SHA1 Message Date
Jeff Mitchell
f3f30022d0 Add forced revocation. 
In some situations, it can be impossible to revoke leases (for instance,
if someone has gone and manually removed users created by Vault). This
can not only cause Vault to cycle trying to revoke them, but it also
prevents mounts from being unmounted, leaving them in a tainted state
where the only operations allowed are to revoke (or rollback), which
will never successfully complete.

This adds a new endpoint that works similarly to `revoke-prefix` but
ignores errors coming from a backend upon revocation (it does not ignore
errors coming from within the expiration manager, such as errors
accessing the data store). This can be used to force Vault to abandon
leases.

Like `revoke-prefix`, this is a very sensitive operation and requires
`sudo`. It is implemented as a separate endpoint, rather than an
argument to `revoke-prefix`, to ensure that control can be delegated
appropriately, as even most administrators should not normally have
this privilege.

Fixes #1135
 2016-03-03 10:13:59 -05:00
Jeff Mitchell
c19641887d Allow specifying an initial root token ID in dev mode. 
Ping #1160
 2016-03-02 12:03:26 -05:00
Jeff Mitchell
143d876c99 Address review feedback 2016-03-01 20:25:40 -05:00
Jeff Mitchell
c3a70bc1bf Allow token-renew to not be given a token; it will then use the 
renew-self endpoint. Otherwise it will use the renew endpoint, even if
the token matches the client token.

Adds an -increment flag to allow increments even with no token passed
in.

Fixes #1150
 2016-03-01 17:02:48 -05:00
vishalnayak
01d61f6f0c fix typo 2016-03-01 11:48:17 -05:00
Grégoire Paris
b42567acfc add missing verb 2016-02-26 14:43:56 +01:00
Jeff Mitchell
949e707006 Fix CLI formatter to show warnings again on CLI list output. 2016-02-24 21:45:58 -05:00
Jeff Mitchell
c24cf2eb50 Merge pull request #1080 from jkanywhere/improve-formatter 
Refactor formatting of output
 2016-02-24 21:36:57 -05:00
vanhalt
5b916974c5 help sentence improved 2016-02-22 09:38:30 -06:00
vanhalt
805cf6d302 When writing from a file it must be a JSON file 
Making clear from write help text that when writing secrets
using @file, the file must be a JSON file.
 2016-02-21 19:02:09 -06:00
vanhalt
4a4550eb04 Fixing auth-enable help text 
auth-enable command help in the "Auth Enable Options" is suggesting
the usage of a non-existing command called 'auth-list' instead of
the correct one "auth -methods"
 2016-02-21 14:54:50 -06:00
Vishal Nayak
685b1f3f9c Merge pull request #1099 from hashicorp/fix-ssh-cli 
ssh: use resolved IP address while executing ssh command
 2016-02-19 13:02:34 -05:00
Jeff Mitchell
99917c5f4e Fix mixed whitespacing in ssh help text 2016-02-19 12:47:58 -05:00
vishalnayak
7e1694d387 ssh: use resolved IP address while executing ssh command 2016-02-19 12:19:10 -05:00
Ron Kuris
32bf42519c Refactor formatting of output 
This change is almost perfectly compatible with the existing code,
except it's a little shorter because it uses a list of a available
formatters that must implement a `command.Formatter` interface.

Also added some basic formatting tests.
 2016-02-16 12:27:29 -08:00
Ryan Hileman
a2565836ac don't panic when config directory is empty 2016-02-12 16:40:19 -08:00
Jeff Mitchell
58a2c4d9a0 Return status for rekey/root generation at init time. This mitigates a 
(very unlikely) potential timing attack between init-ing and fetching
status.

Fixes #1054
 2016-02-12 14:24:36 -05:00
Jeff Mitchell
ef8086b17f Update documentation for status command to reflect new return codes 2016-02-08 11:36:08 -05:00
Jeff Mitchell
c6cfa99284 On the CLI, ensure listing ends with /. 2016-02-03 21:08:46 -05:00
Jeff Mitchell
6c8961af28 Fix build tag 2016-02-03 08:41:31 -05:00
Jeff Mitchell
2cf9afe5d6 Add test for HA availability to command/server 2016-02-02 17:47:02 -05:00
Jeff Mitchell
dcb6901593 remove unneeded assignment 2016-02-02 15:11:35 -05:00
Jeff Mitchell
92c276369d Ensure that we fall back to Backend if HABackend is not specified. 2016-02-02 15:09:58 -05:00
Jeff Mitchell
855985230f Fix command status test with new return value 2016-01-29 19:31:01 -05:00
Jeff Mitchell
09586dd941 Return 2 for sealed instead of 1 to match the new init -check behavior 2016-01-29 10:55:31 -05:00
Jeff Mitchell
afd0bca03a Don't return 1 when flags don't parse for status command, as all other errors return 2; 1 is for when the vault is sealed 2016-01-29 10:53:56 -05:00
James Tancock
6ab184596f Docs typo in server command 2016-01-28 08:26:49 +00:00
Jeff Mitchell
98fada78e4 Fix test on 1.6 by comparing to nil instead of a nil-defined map 2016-01-22 21:26:06 -05:00
Jeff Mitchell
479775806e Add -check flag to init. 
Fixes #949
 2016-01-22 13:06:40 -05:00
Jeff Mitchell
2667f08f97 Only allow listing on folders and enforce this. Also remove string sorting from Consul backend as it's not a requirement and other backends don't do it. 2016-01-22 10:07:32 -05:00
Jeff Mitchell
f1b843d773 Remove bare option, prevent writes ending in slash, and return an exact file match as "." 2016-01-22 10:07:32 -05:00
Jeff Mitchell
f8e569ae0a Address some review feedback 2016-01-22 10:07:32 -05:00
Jeff Mitchell
2613343c3d Updates and documentation 2016-01-22 10:07:32 -05:00
Jeff Mitchell
4b67fd139f Add list capability, which will work with the generic and cubbyhole 
backends for the moment. This is pretty simple; it just adds the actual
capability to make a list call into both the CLI and the HTTP handler.
The real meat was already in those backends.
 2016-01-22 10:07:32 -05:00
Jeff Mitchell
2c4da115ff Add -decode flag verification 2016-01-21 12:18:57 -05:00
Jeff Mitchell
e9538f1441 RootGeneration->GenerateRoot 2016-01-19 18:28:10 -05:00
Jeff Mitchell
a25514d4f7 Address most of the review feedback 2016-01-19 18:28:10 -05:00
Jeff Mitchell
4cc7694a3a Add the ability to generate root tokens via unseal keys. 2016-01-19 18:28:10 -05:00
Jeff Mitchell
3ecd88bd5c Allow ASCII-armored PGP pub keys to be passed into -pgp-keys. 
Fixes #940
 2016-01-18 17:01:52 -05:00
Jeff Mitchell
0478a4f7c2 Fix read panic when an empty argument is given. 
Fixes #923
 2016-01-12 08:46:49 -05:00
Jeff Mitchell
996cb54b99 Fix up PGP tests from earlier code fixes 2016-01-08 22:21:41 -05:00
Jeff Mitchell
71e320eae8 Lotsa warnings if you choose not to be safe 2016-01-08 17:35:07 -05:00
Jeff Mitchell
839b804e43 Some minor rekey backup fixes 2016-01-08 14:09:40 -05:00
Jeff Mitchell
027c84c62a Add rekey nonce/backup. 2016-01-06 09:54:35 -05:00
Jeff Mitchell
139ab81f58 update init/rekey documentation around keybase entries 2016-01-04 14:17:51 -05:00
Jeff Mitchell
b0f075cc1f Disable cmd/server tests for now so we can get Travis back on track 2015-12-31 08:48:53 -05:00
Jeff Mitchell
5f49615fc1 Remove some outdated comments 2015-12-30 21:00:27 -05:00
Jeff Mitchell
70561c0fe2 Use RenewSelf instead of Renew if the token we're renewing is the same as the client 2015-12-30 14:41:50 -05:00
Nicki Watt
05c9e5b5ad Make token-lookup functionality available via Vault CLI 2015-12-29 20:18:59 +00:00
Jeff Mitchell
f8682021c5 Merge pull request #886 from ooesili/ssh-error-fetching-username 
Stop panic when vault ssh username fetching fails
 2015-12-29 12:17:51 -06:00