mirrors/vault
1
0
Fork 0
mirror of https://github.com/hashicorp/vault.git synced 2025-11-19 09:41:29 +01:00
Code Issues Projects Releases Wiki Activity
7,543 Commits 2,846 Branches 459 Tags
Commit Graph

1526 Commits

Author SHA1 Message Date
Chris Hoffman
628153979a
Converting key_usage and allowed_domains in PKI to CommaStringSlice (#3621) 2017-12-11 13:13:35 -05:00
Brad Sickles
dc70b1c21f Adding mfa support to okta auth backend. (#3653) 2017-12-07 14:17:42 -05:00
Brian Shumate
c767dc4ed6 Conditionally set file audit log mode (#3649) 2017-12-07 11:44:15 -05:00
Mohsen
77fc89088d Small typo relating to no_store in pki secret backend (#3662) 
* Removed typo :)

* Corrected typo in the website related to no_store
 2017-12-07 10:40:21 -05:00
Vishal Nayak
18311d253d
Transit: Refactor internal representation of key entry map (#3652) 
* convert internal map to index by string

* Add upgrade test for internal key entry map

* address review feedback
 2017-12-06 18:24:00 -05:00
Dominik Müller
534ea1771d add allowed_names to cert-response (#3654) 2017-12-06 16:50:02 -05:00
Jeff Mitchell
eed45793b9
Re-add some functionality lost during last dep update (#3636) 2017-12-01 10:18:26 -05:00
Nicolas Corrarello
884e25035f
Adding SealWrap configuration, protecting the config/access path 
Signed-off-by: Nicolas Corrarello <nicolas@corrarello.com>
 2017-11-29 21:53:21 +00:00
Nicolas Corrarello
12e77fac51
Rename policy into policies 2017-11-29 16:31:17 +00:00
Nicolas Corrarello
0780c6250b
Checking if client is not nil before deleting token 
Signed-off-by: Nicolas Corrarello <nicolas@corrarello.com>
 2017-11-29 16:23:03 +00:00
Nicolas Corrarello
66840ac4db
%q quotes automatically 
Signed-off-by: Nicolas Corrarello <nicolas@corrarello.com>
 2017-11-29 16:19:31 +00:00
Nicolas Corrarello
9d78bfa721
Refactoring check for empty accessor as per Vishals suggestion 
Signed-off-by: Nicolas Corrarello <nicolas@corrarello.com>
 2017-11-29 15:58:39 +00:00
Nicolas Corrarello
a3df394134
Pull master into f-nomad 
Signed-off-by: Nicolas Corrarello <nicolas@corrarello.com>
 2017-11-29 15:56:37 +00:00
Nicolas Corrarello
e6b3438d92
Return an error if accesor_id is nil 
Signed-off-by: Nicolas Corrarello <nicolas@corrarello.com>
 2017-11-29 15:18:03 +00:00
Nicolas Corrarello
cfa0715d1e
Returning nil config if is actually nil, and catching the error before creating the client in backend.go 
Signed-off-by: Nicolas Corrarello <nicolas@corrarello.com>
 2017-11-29 11:15:54 +00:00
Nicolas Corrarello
f8babf19ad
Moving LeaseConfig function to path_config_lease.go 
Signed-off-by: Nicolas Corrarello <nicolas@corrarello.com>
 2017-11-29 11:07:17 +00:00
Nicolas Corrarello
1db26e73f4
Return error before creating a client if conf is nil 2017-11-29 11:01:31 +00:00
Nicolas Corrarello
a5f01d49e2
Sanitizing error outputs 2017-11-29 10:58:02 +00:00
Nicolas Corrarello
e3a73ead35
Renaming tokenRaw to accessorIDRaw to avoid confusion, as the token is not being used for revoking itself 2017-11-29 10:48:55 +00:00
Nicolas Corrarello
3134c7262d
Updating descriptions, defaults for roles 2017-11-29 10:44:40 +00:00
Nicolas Corrarello
a280884433
Validating that Address and Token are provided in path_config_access.go 2017-11-29 10:36:34 +00:00
Nicolas Corrarello
e1e63f8883
Removing legacy field scheme that belonged to the Consul API 2017-11-29 10:29:39 +00:00
Joel Thompson
8aeea21416 auth/aws: Check credential availability before auth (#3465) 
Checks to ensure we can get a valid credential from the credential chain
when using the vault CLI to do AWS auth.

Fixes #3383
 2017-11-13 15:43:24 -05:00
Vishal Nayak
93c5d288d2
avoid empty group alias names (#3567) 2017-11-10 16:51:37 -05:00
Vishal Nayak
017c0ec283
Avoid race conditions in AppRole (#3561) 
* avoid race conditions in approle

* return a warning from role read if secondary index is missing

* Create a role ID index if a role is missing one

* Fix locking in approle read and add test

* address review feedback
 2017-11-10 11:32:04 -05:00
Jeff Mitchell
0c3db8eaca Remove allow_base_domain from PKI role output. 
It was never used in a release, in favor of allow_bare_domains.

Fixes #1452 (again)
 2017-11-09 10:24:36 -05:00
Jeff Mitchell
4535c8c38d Don't read out an internal role member in PKI 2017-11-08 18:20:53 -05:00
Chris Hoffman
b2549f3922 adding ttl to secret, refactoring for consistency 2017-11-07 09:58:19 -05:00
Calvin Leung Huang
1cf3414352 Fix deprecated cassandra backend tests (#3543) 2017-11-06 17:15:45 -05:00
Joel Thompson
50aa3d9e1f auth/aws: Make disallow_reauthentication and allow_instance_migration mutually exclusive (#3291) 2017-11-06 17:12:07 -05:00
Chris Hoffman
26daf9d432 minor cleanup 2017-11-06 16:36:37 -05:00
Chris Hoffman
cbe172fb65 minor cleanup 2017-11-06 16:34:20 -05:00
Gregory Reshetniak
81e18aeccd added AWS enpoint handling (#3416) 2017-11-06 13:31:38 -05:00
Jeff Mitchell
33cf98026e
Add PKCS8 marshaling to PKI (#3518) 2017-11-06 12:05:07 -05:00
Nicolas Corrarello
d1e3eff618
Refactored Lease into the Backend configuration 2017-11-06 15:09:56 +00:00
Nicolas Corrarello
6560e3c24a
Attaching secretToken to backend 2017-11-06 14:28:30 +00:00
Calvin Leung Huang
ca76bc4f44
Return role info for each role on pathRoleList (#3532) 
* Return role info for each role on pathRoleList

* Change roles -> key_info, only return key_type

* Do not initialize result map in parseRole, refactor ListResponseWithInfo

* Add role list test
 2017-11-03 17:12:03 -04:00
Jeff Mitchell
8004f052da
Add some more SealWrap declarations (#3531) 2017-11-03 11:43:31 -04:00
Vishal Nayak
ced60dbc0c
Encrypt/Decrypt/Sign/Verify using RSA in Transit backend (#3489) 
* encrypt/decrypt/sign/verify RSA

* update path-help and doc

* Fix the bug which was breaking convergent encryption

* support both 2048 and 4096

* update doc to contain both 2048 and 4096

* Add test for encrypt, decrypt and rotate on RSA keys

* Support exporting RSA keys

* Add sign and verify test steps

* Remove 'RSA' from PEM header

* use the default salt length

* Add 'RSA' to PEM header since openssl is expecting that

* export rsa keys as signing-key as well

* Comment the reasoning behind the PEM headers

* remove comment

* update comment

* Parameterize hashing for RSA signing and verification

* Added test steps to check hash algo choice for RSA sign/verify

* fix test by using 'prehashed'
 2017-11-03 10:45:53 -04:00
Nicolas Corrarello
7015139ece Not storing the Nomad token as we have the accesor for administrative operations 2017-11-03 07:25:47 +00:00
Nicolas Corrarello
f3aaacc3fc Overhauling the client method and attaching it to the backend 2017-11-03 07:19:49 +00:00
Jeff Mitchell
87e98dce23
Check input size to avoid a panic (#3521) 2017-11-02 16:40:52 -05:00
Vishal Nayak
66642a0935
External identity groups (#3447) 
* external identity groups

* add local LDAP groups as well to group aliases

* add group aliases for okta credential backend

* Fix panic in tests

* fix build failure

* remove duplicated struct tag

* add test steps to test out removal of group member during renewals

* Add comment for having a prefix check in router

* fix tests

* s/parent_id/canonical_id

* s/parent/canonical in comments and errors
 2017-11-02 16:05:48 -04:00
Nicolas Corrarello
ca92922a91 Refactoring readAcessConfig to return a single type of error instead of two 2017-11-01 08:49:31 +00:00
Nicolas Corrarello
dcaec0a880 Refactored config error to just have a single error exit path 2017-11-01 08:41:58 +00:00
Nicolas Corrarello
c4bf80c84f Ignoring userErr as it will be nil anyway 2017-11-01 07:41:58 +00:00
Nicolas Corrarello
5d3513b568 tokenType can never be nil/empty string as there are default values 2017-11-01 07:36:14 +00:00
Nicolas Corrarello
ffb9343f5f Should return an error if trying create a management token with policies attached 2017-10-31 21:12:14 +00:00
Nicolas Corrarello
3a0d7ac9a6 Unifying Storage and API path in role 2017-10-31 21:06:10 +00:00
Nicolas Corrarello
482d73aebe Minor/Cosmetic fixes 2017-10-31 19:11:24 +00:00