diff --git a/CHANGELOG.md b/CHANGELOG.md index a5d202718c..3540b315ae 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,10 @@ IMPROVEMENTS: * core: `/sys/auth` allows for PUT requests as well +BUG FIXES: + + * command/*: commands accepting `k=v` allow blank values + ## 0.1.2 (May 11, 2015) FEATURES: diff --git a/builtin/credential/cert/path_login.go b/builtin/credential/cert/path_login.go index bb5b2358cc..14dbf8212a 100644 --- a/builtin/credential/cert/path_login.go +++ b/builtin/credential/cert/path_login.go @@ -62,6 +62,7 @@ func (b *backend) pathLogin( DisplayName: matched.Entry.DisplayName, Metadata: map[string]string{ "cert_name": matched.Entry.Name, + "common_name": connState.PeerCertificates[0].Subject.CommonName, }, LeaseOptions: logical.LeaseOptions{ Renewable: true, diff --git a/builtin/credential/github/cli.go b/builtin/credential/github/cli.go index 6c8ec4e31b..aef1b7c88a 100644 --- a/builtin/credential/github/cli.go +++ b/builtin/credential/github/cli.go @@ -43,6 +43,12 @@ account settings page on GitHub. Example: vault auth -method=github token= +Key/Value Pairs: + + mount=github The mountpoint for the GitHub credential provider. + Defaults to "github" + + token= The GitHub personal access token for authentication. ` return strings.TrimSpace(help) diff --git a/command/auth.go b/command/auth.go index af5945c870..130dd7d278 100644 --- a/command/auth.go +++ b/command/auth.go @@ -242,7 +242,13 @@ Usage: vault auth [options] [token or config...] By specifying -method, alternate authentication methods can be used such as OAuth or TLS certificates. For these, additional values for configuration can be specified with "key=value" pairs just like - "vault write". + "vault write". Specify the "-method-help" flag to get help for a specific + method. + + If you've mounted a credential backend to a different path, such + as mounting "github" to "github-private", the "method" flag should + still be "github." Most credential providers support the "mount" option + to specify the mount point. See the "-method-help" for more info. General Options: diff --git a/helper/kv-builder/builder.go b/helper/kv-builder/builder.go index 767cff4b1c..f83eaf6c2d 100644 --- a/helper/kv-builder/builder.go +++ b/helper/kv-builder/builder.go @@ -78,30 +78,32 @@ func (b *Builder) add(raw string) error { } key, value := parts[0], parts[1] - if len(value) > 0 && value[0] == '@' { - contents, err := ioutil.ReadFile(value[1:]) - if err != nil { - return fmt.Errorf("error reading file: %s", err) - } + if len(value) > 0 { + if value[0] == '@' { + contents, err := ioutil.ReadFile(value[1:]) + if err != nil { + return fmt.Errorf("error reading file: %s", err) + } - value = string(contents) - } else if value[0] == '\\' && value[1] == '@' { - value = value[1:] - } else if value == "-" { - if b.Stdin == nil { - return fmt.Errorf("stdin is not supported") - } - if b.stdin { - return fmt.Errorf("stdin already consumed") - } - b.stdin = true + value = string(contents) + } else if value[0] == '\\' && value[1] == '@' { + value = value[1:] + } else if value == "-" { + if b.Stdin == nil { + return fmt.Errorf("stdin is not supported") + } + if b.stdin { + return fmt.Errorf("stdin already consumed") + } + b.stdin = true - var buf bytes.Buffer - if _, err := io.Copy(&buf, b.Stdin); err != nil { - return err - } + var buf bytes.Buffer + if _, err := io.Copy(&buf, b.Stdin); err != nil { + return err + } - value = buf.String() + value = buf.String() + } } b.result[key] = value diff --git a/helper/kv-builder/builder_test.go b/helper/kv-builder/builder_test.go index 90e892969a..f64c8e46e2 100644 --- a/helper/kv-builder/builder_test.go +++ b/helper/kv-builder/builder_test.go @@ -8,7 +8,7 @@ import ( func TestBuilder_basic(t *testing.T) { var b Builder - err := b.Add("foo=bar", "bar=baz") + err := b.Add("foo=bar", "bar=baz", "baz=") if err != nil { t.Fatalf("err: %s", err) } @@ -16,6 +16,7 @@ func TestBuilder_basic(t *testing.T) { expected := map[string]interface{}{ "foo": "bar", "bar": "baz", + "baz": "", } actual := b.Map() if !reflect.DeepEqual(actual, expected) { diff --git a/website/Gemfile.lock b/website/Gemfile.lock index 7366999a6c..9448c1f9a8 100644 --- a/website/Gemfile.lock +++ b/website/Gemfile.lock @@ -26,7 +26,7 @@ GEM minitest (~> 5.1) thread_safe (~> 0.1) tzinfo (~> 1.1) - autoprefixer-rails (5.1.11) + autoprefixer-rails (5.2.0) execjs json bootstrap-sass (3.3.4.1) @@ -67,10 +67,10 @@ GEM hitimes (1.2.2) hooks (0.4.0) uber (~> 0.0.4) - htmlcompressor (0.1.2) + htmlcompressor (0.2.0) http_parser.rb (0.6.0) i18n (0.7.0) - json (1.8.2) + json (1.8.3) kramdown (1.7.0) less (2.6.0) commonjs (~> 0.2.7) @@ -79,18 +79,18 @@ GEM celluloid (~> 0.16.0) rb-fsevent (>= 0.9.3) rb-inotify (>= 0.9) - middleman (3.3.13) + middleman (3.3.12) coffee-script (~> 2.2) compass (>= 1.0.0, < 2.0.0) compass-import-once (= 1.0.5) execjs (~> 2.0) haml (>= 4.0.5) kramdown (~> 1.2) - middleman-core (= 3.3.13) + middleman-core (= 3.3.12) middleman-sprockets (>= 3.1.2) sass (>= 3.4.0, < 4.0) uglifier (~> 2.5) - middleman-core (3.3.13) + middleman-core (3.3.12) activesupport (~> 4.1.0) bundler (~> 1.1) erubis @@ -106,8 +106,8 @@ GEM em-websocket (~> 0.5.1) middleman-core (>= 3.3) rack-livereload (~> 0.3.15) - middleman-minify-html (3.4.0) - htmlcompressor (~> 0.1.0) + middleman-minify-html (3.4.1) + htmlcompressor (~> 0.2.0) middleman-core (>= 3.2) middleman-sprockets (3.4.2) middleman-core (>= 3.3) @@ -117,8 +117,8 @@ GEM middleman-syntax (2.0.0) middleman-core (~> 3.2) rouge (~> 1.0) - minitest (5.6.1) - multi_json (1.11.0) + minitest (5.7.0) + multi_json (1.11.1) padrino-helpers (0.12.5) i18n (~> 0.6, >= 0.6.7) padrino-support (= 0.12.5) @@ -134,13 +134,13 @@ GEM rack-ssl-enforcer (0.2.8) rack-test (0.6.3) rack (>= 1.0) - rb-fsevent (0.9.4) + rb-fsevent (0.9.5) rb-inotify (0.9.5) ffi (>= 0.5.0) - redcarpet (3.2.3) + redcarpet (3.3.1) ref (1.0.5) - rouge (1.8.0) - sass (3.4.13) + rouge (1.9.0) + sass (3.4.14) sprockets (2.12.3) hike (~> 1.2) multi_json (~> 1.0) @@ -175,3 +175,6 @@ PLATFORMS DEPENDENCIES middleman-hashicorp! + +BUNDLED WITH + 1.10.3 diff --git a/website/source/docs/concepts/policies.html.md b/website/source/docs/concepts/policies.html.md index ad44dea7c6..d7bba0b85d 100644 --- a/website/source/docs/concepts/policies.html.md +++ b/website/source/docs/concepts/policies.html.md @@ -37,6 +37,10 @@ This works well due to Vault's architecture of being like a filesystem: everything has a path associated with it, including the core configuration mechanism under "sys". +~> Policy paths are matched using a longest-prefix match, which is the most +specific defined policy. This means if you define a policy for `"secret/foo"`, +the policy would also match `"secret/foobar"`. + ## Policies Allowed policies for a path are: diff --git a/website/source/docs/secrets/transit/index.html.md b/website/source/docs/secrets/transit/index.html.md index 5073d8735e..3506eca03a 100644 --- a/website/source/docs/secrets/transit/index.html.md +++ b/website/source/docs/secrets/transit/index.html.md @@ -65,7 +65,7 @@ Now, if we wanted to encrypt a piece of plain text, we use the encrypt endpoint using our named key: ``` -$ echo "the quick brown fox" | base64 | vault write transit/encrypt/foo plaintext=- +$ echo -n "the quick brown fox" | base64 | vault write transit/encrypt/foo plaintext=- Key Value ciphertext vault:v0:czEwyKqGZY/limnuzDCUUe5AK0tbBObWqeZgFqxCuIqq7A84SeiOq3sKD0Y/KUvv ```