Brian Kassouf
1faa5fc020
On change of configuration rotate the database type
2017-04-03 18:30:38 -07:00
Brian Kassouf
b54e1cd295
Merge branch 'database-refactor' of github.com:hashicorp/vault into database-refactor
2017-04-03 17:52:41 -07:00
Brian Kassouf
ac519abecf
Plugin catalog
2017-04-03 17:52:29 -07:00
Calvin Leung Huang
2b08521ab6
Database refactor mssql ( #2562 )
...
* WIP on mssql secret backend refactor
* Add RevokeUser test, and use sqlserver driver internally
* Remove debug statements
* Fix code comment
2017-04-03 09:59:30 -07:00
Brian Kassouf
1d3d3b7803
fix for plugin commands that have more than one paramater
2017-03-28 14:37:57 -07:00
Brian Kassouf
8ef78f0610
Add comments to connection and credential producers
2017-03-28 13:08:11 -07:00
Brian Kassouf
947fd66480
Cleanup the db factory code and add comments
2017-03-28 12:57:30 -07:00
Brian Kassouf
0c562fa3d7
Update tests
2017-03-28 12:20:17 -07:00
Brian Kassouf
6de5cfad5e
Add functionaility to build db objects from disk so restarts work
2017-03-28 11:30:45 -07:00
Brian Kassouf
d93378bb29
Fix for checking types of database on update
2017-03-28 10:04:42 -07:00
Brian Kassouf
b2c4555c1f
Wrap the database calls with tracing information
2017-03-27 15:17:28 -07:00
Brian Kassouf
ca026c6cfd
Remove the unused sync.Once object
2017-03-27 11:46:20 -07:00
Brian Kassouf
e870e399a2
More work on getting tests to pass
2017-03-23 15:54:15 -07:00
Brian Kassouf
a1b72465dd
Remove unsused code block
2017-03-22 17:09:39 -07:00
Brian Kassouf
cab491f7b7
s/postgres/mysql/
2017-03-22 16:44:33 -07:00
Brian Kassouf
73e553af95
Add test files for postgres and mysql databases
2017-03-22 16:39:08 -07:00
Brian Kassouf
9aaec25a4e
Add a error message for empty creation statement
2017-03-22 12:40:16 -07:00
Brian Kassouf
1be813605f
Fix race with deleting the connection
2017-03-22 09:54:19 -07:00
Brian Kassouf
2d6f36df17
Add a delete method
2017-03-21 17:19:30 -07:00
Brian Kassouf
2fdb3422a9
Verify connections regardless of if this connections is already existing
2017-03-21 16:05:59 -07:00
Vishal Nayak
16d41a8b28
sshca: ensure atleast cert type is allowed ( #2508 )
2017-03-19 18:58:48 -04:00
Brian Kassouf
ff6749b198
Comment and fix plugin Type function
2017-03-16 18:24:56 -07:00
Brian Kassouf
404596e261
Change the handshake config from the default
2017-03-16 17:51:25 -07:00
Brian Kassouf
4043f533b8
Add a secure config to verify the checksum of the plugin
2017-03-16 16:20:18 -07:00
Brian Kassouf
2ef1cbf3a6
Comment and slight refactor of the TLS plugin helper
2017-03-16 14:14:49 -07:00
Brian Kassouf
3890f194a4
Break tls code into helper library
2017-03-16 11:55:21 -07:00
Jeff Mitchell
3f67ab489a
Ensure CN check is made when exclude_cn_from_sans is used
...
Fixes #2363
2017-03-16 11:41:13 -04:00
Jeff Mitchell
a5d1808efe
Always include a hash of the public key and "vault" (to know where it ( #2498 )
...
came from) when generating a cert for SSH.
Follow on from #2494
2017-03-16 11:14:17 -04:00
Mike Okner
6f84f7ffd0
Adding allow_user_key_ids field to SSH role config ( #2494 )
...
Adding a boolean field that determines whether users will be allowed to
set the ID of the signed SSH key or whether it will always be the token
display name. Preventing users from changing the ID and always using
the token name is useful for auditing who actually used a key to access
a remote host since sshd logs key IDs.
2017-03-16 08:45:11 -04:00
Brian Kassouf
5b05f62fa3
Work on TLS communication over plugins
2017-03-15 17:14:48 -07:00
Jeff Mitchell
688104e69a
Allow roles to specify whether CSR SANs should be used instead of ( #2489 )
...
request values. Fix up some documentation.
Fixes #2451
Fixes #2488
2017-03-15 14:38:18 -04:00
Jeff Mitchell
799000be20
Set CA chain when intermediate does not have an authority key ID.
...
This is essentially an approved review of the code provided in #2465 .
Fixes #2465
2017-03-15 11:52:02 -04:00
Brian Kassouf
a6ae4bd356
wrap plugin database type with metrics middleware
2017-03-14 13:12:47 -07:00
Brian Kassouf
143166b1ba
Add a metrics middleware
2017-03-14 13:11:28 -07:00
Stanislav Grozev
70b30b40d4
Reads on unconfigured SSH CA public key return 400
2017-03-14 10:21:48 -04:00
Stanislav Grozev
5f3397bff5
Reads on ssh/config/ca return the public keys
...
If configured/generated.
2017-03-14 10:21:48 -04:00
Stanislav Grozev
d22796c644
If generating an SSH CA signing key - return the public part
...
So that the user can actually use the SSH CA, by adding the public key
to their respective sshd_config/authorized_keys, etc.
2017-03-14 10:21:48 -04:00
Brian Kassouf
c111b02568
Add a way to initalize plugins and builtin databases the same way.
2017-03-13 14:39:55 -07:00
Brian Kassouf
a0d207e254
Add checksum attribute
2017-03-10 14:10:42 -08:00
Brian Kassouf
72a878b180
Rename reset to close
2017-03-09 22:35:45 -08:00
Brian Kassouf
b63147b7c2
Add special path to enforce root on plugin configuration
2017-03-09 21:31:29 -08:00
Brian Kassouf
3766ab14e5
Add plugin file
2017-03-09 17:43:58 -08:00
Brian Kassouf
d4ea6c1768
Add plugin features
2017-03-09 17:43:37 -08:00
Vishal Nayak
9af1ca3d2c
doc: ssh allowed_users update ( #2462 )
...
* doc: ssh allowed_users update
* added some more context in default_user field
2017-03-09 10:34:55 -05:00
vishalnayak
3bd667a931
Fix typo
2017-03-08 17:49:39 -05:00
Brian Kassouf
00359cdea4
Update secrets fields
2017-03-08 14:46:53 -08:00
Vishal Nayak
a4e41f6568
SSH CA enhancements ( #2442 )
...
* Use constants for storage paths
* Upgrade path for public key storage
* Fix calculateValidPrincipals, upgrade ca_private_key, and other changes
* Remove a print statement
* Added tests for upgrade case
* Make exporting consistent in creation bundle
* unexporting and constants
* Move keys into a struct instead of plain string
* minor changes
2017-03-08 17:36:21 -05:00
Brian Kassouf
cd68899a4a
Fix renew and revoke calls
2017-03-07 17:21:44 -08:00
Brian Kassouf
73200db1d9
Add defaults to the cassandra databse type
2017-03-07 17:00:52 -08:00
Brian Kassouf
78fdc2ad24
Pass statements object
2017-03-07 16:48:17 -08:00
