mirrors/vault
1
0
Fork 0
mirror of https://github.com/hashicorp/vault.git synced 2025-11-21 18:51:41 +01:00
Code Issues Projects Releases Wiki Activity
7,543 Commits 2,848 Branches 460 Tags
Commit Graph

1526 Commits

Author SHA1 Message Date
Brian Kassouf
01300e026b Remove unused sql object 2017-03-07 15:34:23 -08:00
Brian Kassouf
1d23bbbe28 Remove double lock 2017-03-07 15:33:05 -08:00
Brian Kassouf
c823ad0597 Update locking functionaility 2017-03-07 13:48:29 -08:00
Jeff Mitchell
99a74e323d Use locks in a slice rather than a map, which is faster and makes things cleaner (#2446) 2017-03-07 11:21:32 -05:00
Jeff Mitchell
df575f0b3a Rename helper 'duration' to 'parseutil'. (#2449) 
Add a ParseBool function that accepts various kinds of ways of
specifying booleans.

Have config use ParseBool for UI and disabling mlock/cache.
 2017-03-07 11:21:22 -05:00
Brian Kassouf
354233f91d rename mysql variable 2017-03-03 15:07:41 -08:00
Brian Kassouf
4d335099de Make db instances immutable and add a reset path to tear down and create a new database instance with an updated config 2017-03-03 14:38:49 -08:00
Brian Kassouf
fa8da4cf91 Fix mysql connections 2017-03-03 14:38:49 -08:00
Brian Kassouf
e442917e26 Add mysql into the factory 2017-03-03 14:38:48 -08:00
Brian Kassouf
5e2cffcdd0 Add max connection lifetime param and set consistancy on cassandra session 2017-03-03 14:38:48 -08:00
Brian Kassouf
cee3dc9b9e s/Statement/Statements/ 2017-03-03 14:38:48 -08:00
Brian Kassouf
bfbb104e19 Add mysql database type 2017-03-03 14:38:48 -08:00
Brian Kassouf
ad17d113c7 More work on refactor and cassandra database 2017-03-03 14:38:48 -08:00
Brian Kassouf
3d77a9a6f4 Begin work on database refactor 2017-03-03 14:38:48 -08:00
Vishal Nayak
8491db3ce6 ssh: Added DeleteOperation to config/ca (#2434) 
* ssh: Added DeleteOperation to config/ca

* Address review feedback
 2017-03-03 10:19:45 -05:00
Vishal Nayak
f4d74fe4cc AppRole: Support restricted use tokens (#2435) 
* approle: added token_num_uses to the role

* approle: added RUD tests for token_num_uses on role

* approle: doc: added token_num_uses
 2017-03-03 09:31:20 -05:00
Jeff Mitchell
5fe459f91a Update SSH CA logic/tests 2017-03-02 16:39:22 -05:00
Vishal Nayak
93b74ebe71 Refactor the generate_signing_key processing (#2430) 2017-03-02 16:22:06 -05:00
Jeff Mitchell
1c821e448d Update error text to make it more obvious what the issue is when valid principals aren't found 2017-03-02 15:56:08 -05:00
Jeff Mitchell
db29bde264 Fix a bunch of errors from returning 5xx, and parse more duration types 2017-03-02 15:38:34 -05:00
Will May
ffb5ee7fda Changes from code review 2017-03-02 14:36:13 -05:00
Will May
f9d853f7f0 Allow internal generation of the signing SSH key pair 2017-03-02 14:36:13 -05:00
Vishal Nayak
d30a833db7 Rework ssh ca (#2419) 
* docs: input format for default_critical_options and default_extensions

* s/sshca/ssh

* Added default_critical_options and default_extensions to the read endpoint of role

* Change default time return value to 0
 2017-03-01 15:50:23 -05:00
Will May
7d9cb5bffe Changes from code review 
Major changes are:
* Remove duplicate code
* Check the public key used to configure the backend is a valid one
 2017-03-01 15:19:18 -05:00
Will May
59397250da Changes from code review 
Major changes are:
* Change `allow_{user,host}_certificates` to default to false
* Add separate `allowed_domains` role property
 2017-03-01 15:19:18 -05:00
Will May
1d59b965cb Add ability to create SSH certificates 2017-03-01 15:19:18 -05:00
Jeff Mitchell
4045c1791e Fix github compile breakage after dep upgrade 2017-02-24 15:32:05 -05:00
Vishal Nayak
241835b6f4 Aws Ec2 additional binds for SubnetID, VpcID and Region (#2407) 
* awsec2: Added bound_region

* awsec2: Added bound_subnet_id and bound_vpc_id

* Add bound_subnet_id and bound_vpc_id to docs

* Remove fmt.Printf

* Added crud test for aws ec2 role

* Address review feedback
 2017-02-24 14:19:10 -05:00
vishalnayak
041817b300 Fix broken build caused due to resolve merge conflicts 2017-02-24 12:41:20 -05:00
Vishal Nayak
e3016053b3 PKI: Role switch to control lease generation (#2403) 
* pki: Make generation of leases optional

* pki: add tests for upgrading generate_lease

* pki: add tests for leased and non-leased certs

* docs++ pki generate_lease

* Generate lease is applicable for both issuing and signing

* pki: fix tests

* Address review feedback

* Address review feedback
 2017-02-24 12:12:40 -05:00
Saj Goonatilleke
9cd9fbbad3 pki: Include private_key_type on DER-formatted responses from /pki/issue/ (#2405) 2017-02-24 11:17:59 -05:00
Jeff Mitchell
8acbdefdf2 More porting from rep (#2388) 
* More porting from rep

* Address review feedback
 2017-02-16 16:29:30 -05:00
Jeff Mitchell
98c7bd6c03 Port some replication bits to OSS (#2386) 2017-02-16 15:15:02 -05:00
Jeff Mitchell
64d63ba55a Add some repcluster handling to audit and add some tests (#2384) 
* Add some repcluster handling to audit and add some tests

* Fix incorrect assumption about nil auth
 2017-02-16 13:09:53 -05:00
Jeff Mitchell
28883acc16 Fix copypasta, thanks tests 2017-02-16 01:32:39 -05:00
Jeff Mitchell
5e5d9baabe Add Organization support to PKI backend. (#2380) 
Fixes #2369
 2017-02-16 01:04:29 -05:00
Vishal Nayak
37297080f2 cidrutil: added test data points (#2378) 2017-02-16 00:51:02 -05:00
Vishal Nayak
c61dc69d19 aws-ec2 auth: Return the role period in seconds (#2374) 
* aws-ec2 auth: Return the role period in seconds

* cast return values to int64 for comparison with expected values
 2017-02-15 10:57:57 -05:00
Jeff Mitchell
ed51388c02 Fix Okta auth issue when a user has no policies and/or groups set. (#2371) 
Fixes #2367
 2017-02-14 16:28:16 -05:00
Tommy Murphy
57aac16cd2 audit: support a configurable prefix string to write before each message (#2359) 
A static token at the beginning of a log line can help systems parse
logs better. For example, rsyslog and syslog-ng will recognize the
'@cee: ' prefix and will parse the rest of the line as a valid json message.
This is useful in environments where there is a mix of structured and
unstructured logs.
 2017-02-10 16:56:28 -08:00
vishalnayak
8b9f3a0b49 use net.JoinHostPort 2017-02-08 18:39:09 -05:00
Jeff Mitchell
c01d394a8d Add support for backup/multiple LDAP URLs. (#2350) 2017-02-08 14:59:24 -08:00
Jeff Mitchell
50ddab2a60 Merge pull request #2154 from fcantournet/default-ldap-username 
ldap auth via cli defaults username to env (#2137)
 2017-02-07 21:47:59 -08:00
Jeff Mitchell
9b96276ec1 Use Getenv instead of LookupEnv 
This prevents returning empty username if LOGNAME is set but empty and USER is set but not empty.
 2017-02-07 21:47:06 -08:00
Jeff Mitchell
aba31b7092 Update error text 2017-02-07 21:44:23 -08:00
Jeff Mitchell
3086be9d80 Update some help text for RADIUS 2017-02-07 16:06:27 -05:00
Matteo Sessa
cb293e3e23 RADIUS Authentication Backend (#2268) 2017-02-07 16:04:27 -05:00
Brian Kassouf
68fdd34840 Merge pull request #2326 from hashicorp/pr-2161 
Add Socket Audit Backend
 2017-02-07 11:27:25 -08:00
Vishal Nayak
a9121ff733 transit: change batch input format (#2331) 
* transit: change batch input format

* transit: no json-in-json for batch response

* docs: transit: update batch input format

* transit: fix tests after changing response format
 2017-02-06 14:56:16 -05:00
Brian Kassouf
541c53d354 Added a single retry after a reconnection 2017-02-06 11:38:38 -08:00