mirrors/vault
1
0
Fork 0
mirror of https://github.com/hashicorp/vault.git synced 2025-11-24 04:01:37 +01:00
Code Issues Projects Releases Wiki Activity
7,543 Commits 2,848 Branches 460 Tags
Commit Graph

1526 Commits

Author SHA1 Message Date
vishalnayak
70246395d6 Not exposing structs from the backend's package 2016-09-01 11:57:28 -04:00
Jeff Mitchell
201cd2e1f7 Use unexported kdf const names 2016-08-31 07:19:58 -04:00
Vishal Nayak
763ab83d34 Merge pull request #1799 from hashicorp/fix-role-locking 
approle: fix racy updates problem for roles
 2016-08-30 16:46:40 -04:00
vishalnayak
7c743ecd0a Address review feedback 2016-08-30 16:36:58 -04:00
Jeff Mitchell
9a97f436ef Use hkdf for transit key derivation for new keys (#1812) 
Use hkdf for transit key derivation for new keys
 2016-08-30 16:29:09 -04:00
vishalnayak
edd7b3deb5 approle: fix racy updates problem for roles 2016-08-30 16:11:14 -04:00
vishalnayak
8cc5cdb746 STS path field description update 2016-08-30 10:53:21 -04:00
vishalnayak
39b75c6ae9 Added UpdateOperation to logical AWS STS path 2016-08-30 10:30:13 -04:00
Vishal Nayak
fb775993f3 Merge pull request #1804 from hashicorp/issue-1800 
Mark STS secrets as non-renwable
 2016-08-29 11:46:19 -04:00
navinanandaraj
7fbdf927c1 Fixes #1801 Reuse Cassandra session object for create creds (#1802) 2016-08-28 17:32:41 -04:00
Jeff Mitchell
9cd4243362 Mark STS secrets as non-renwable 
Ping #1800
 2016-08-28 14:27:56 -04:00
Jeff Mitchell
a542df0173 Derive nonce fully in convergent mode (#1796) 
Ping #1794
 2016-08-26 17:01:56 -04:00
Jeff Mitchell
c9aa308804 Use key derivation for convergent nonce. (#1794) 
Use key derivation for convergent nonce.

Fixes #1792
 2016-08-26 14:11:03 -04:00
Jeff Mitchell
c2f3c465d3 Decode secret internal data into struct and fix type assertion. (#1781) 2016-08-24 15:04:04 -04:00
Jeff Mitchell
6beadc1e1c Merge pull request #1755 from hashicorp/logxi 
Convert to logxi
 2016-08-21 19:28:18 -04:00
Jeff Mitchell
68345eb770 Convert to logxi 2016-08-21 18:13:37 -04:00
vishalnayak
7d772e445f Extract out common code 2016-08-21 15:46:11 -04:00
vishalnayak
1a62fb64c2 Seperate endpoints for read/delete using secret-id and accessor 2016-08-21 14:42:49 -04:00
Jeff Mitchell
357ecb4dfe gofmt 2016-08-19 16:48:32 -04:00
vishalnayak
0fbc9b1d7b Pretty print the warning 2016-08-18 16:09:10 -04:00
vishalnayak
a57588303d Use shortestTTL value during renewals too 2016-08-18 15:43:58 -04:00
vishalnayak
eac454a385 When TTL is not set, consider the system default TTL as well 2016-08-18 15:37:59 -04:00
vishalnayak
22e4577725 aws-ec2: se max_ttl when ttl is not set, during login 2016-08-18 15:16:32 -04:00
Jeff Mitchell
e65b48a7e4 Actually show the error occurring if a file audit log can't be opened 2016-08-15 16:26:36 -04:00
Jeff Mitchell
6eca449261 Parameter change 
Both revocation times are UTC so clarify via parameter name that it's just a formatting difference. Also leave as a time.Time here, as it automatically marshals into RFC3339.
 2016-08-14 21:43:57 -04:00
Jeff Mitchell
5a12143f16 Cleanup 2016-08-13 11:52:09 -04:00
Jeff Mitchell
f0e0f960ca Ensure utc value is not zero before adding 2016-08-13 11:50:57 -04:00
Jeff Mitchell
8fd8ae7330 Ensure values to be encoded in a CRL are in UTC. This aligns with the 
RFC. You might expect Go to ensure this in the CRL generation call,
but...it doesn't.

Fixes #1727
 2016-08-13 08:40:09 -04:00
vishalnayak
5af0395fb2 Address review feedback by @jefferai 2016-08-09 17:45:42 -04:00
vishalnayak
fd3f2182bc Added ttl field to aws-ec2 auth backend role 2016-08-09 17:29:45 -04:00
Jeff Mitchell
031437a98f Fix build 2016-08-08 17:00:59 -04:00
Jeff Mitchell
24bf6fc68e Address review feedback 2016-08-08 16:30:48 -04:00
Jeff Mitchell
c1f53bec10 Merge pull request #1696 from hashicorp/transit-convergent-specify-nonce 
Require nonce specification for more flexibility
 2016-08-08 11:41:10 -04:00
Jeff Mitchell
373e42d60c Return warning about ACLing the LDAP configuration endpoint. 
Fixes #1263
 2016-08-08 10:18:36 -04:00
Jeff Mitchell
84cd3c20b3 Remove context-as-nonce, add docs, and properly support datakey 2016-08-07 15:53:40 -04:00
Jeff Mitchell
b5858e2237 Add unit tests for convergence in non-context mode 2016-08-07 15:16:36 -04:00
Jeff Mitchell
c7bf73f924 Refactor convergent encryption to make specifying a nonce in addition to context possible 2016-08-05 17:52:44 -04:00
Vincent Batoufflet
38a30a92e3 Fix PKI logical backend email alt_names 2016-08-04 12:10:34 +02:00
Jeff Mitchell
9732c10d03 Add postgres test for block statements 2016-08-03 15:34:50 -04:00
Jeff Mitchell
7d1f0facb8 Add arbitrary string slice parsing. 
Like the KV function, this supports either separated strings or JSON
strings, base64-encoded or not.

Fixes #1619 in theory.
 2016-08-03 14:24:16 -04:00
Jeff Mitchell
3329d38959 Cleanup 2016-08-03 13:09:12 -04:00
vishalnayak
ddb6ae18a0 Fix invalid input getting marked as internal error 2016-07-28 16:23:11 -04:00
Jeff Mitchell
4fd83816bf Add convergence tests to transit backend 2016-07-28 11:30:52 -04:00
vishalnayak
59930fda8f AppRole authentication backend 2016-07-26 09:32:41 -04:00
Jeff Mitchell
948fdeacc3 Explicitly set invalid request status when a password isn't included 2016-07-25 11:14:15 -04:00
Jeff Mitchell
41922b2a9c Don't return 500 for user error in userpass when setting password 2016-07-25 11:09:46 -04:00
Jeff Mitchell
d466462b8d Fix re-specification of filter 2016-07-25 09:08:29 -04:00
Oren Shomron
005cb3e042 LDAP Auth Backend Overhaul 
--------------------------

Added new configuration option to ldap auth backend - groupfilter.
GroupFilter accepts a Go template which will be used in conjunction with
GroupDN for finding the groups a user is a member of. The template will
be provided with context consisting of UserDN and Username.

Simplified group membership lookup significantly to support multiple use-cases:
  * Enumerating groups via memberOf attribute on user object
  * Previous default behavior of querying groups based on member/memberUid/uniqueMember attributes
  * Custom queries to support nested groups in AD via LDAP_MATCHING_RULE_IN_CHAIN matchind rule

There is now a new configuration option - groupattr - which specifies
how to resolve group membership from the objects returned by the primary groupfilter query.

Additional changes:
  * Clarify documentation for LDAP auth backend.
  * Reworked how default values are set, added tests
  * Removed Dial from LDAP config read. Network should not affect configuration.
 2016-07-22 21:20:05 -04:00
Jeff Mitchell
c664c4091b Fix panic if no certificates are supplied by client 
Fixes #1637
 2016-07-21 10:20:41 -04:00
Jeff Mitchell
2701ea16d1 Fix build 2016-07-21 09:53:41 -04:00