mirrors/vault
1
0
Fork 0
mirror of https://github.com/hashicorp/vault.git synced 2025-08-22 23:21:08 +02:00
Code Issues Projects Releases Wiki Activity
10,543 Commits 2,843 Branches 445 Tags
Commit Graph

1798 Commits

Author SHA1 Message Date
vishalnayak
5af0395fb2 Address review feedback by @jefferai 2016-08-09 17:45:42 -04:00
vishalnayak
fd3f2182bc Added ttl field to aws-ec2 auth backend role 2016-08-09 17:29:45 -04:00
Jeff Mitchell
031437a98f Fix build 2016-08-08 17:00:59 -04:00
Jeff Mitchell
24bf6fc68e Address review feedback 2016-08-08 16:30:48 -04:00
Jeff Mitchell
c1f53bec10 Merge pull request #1696 from hashicorp/transit-convergent-specify-nonce 
Require nonce specification for more flexibility
 2016-08-08 11:41:10 -04:00
Jeff Mitchell
373e42d60c Return warning about ACLing the LDAP configuration endpoint. 
Fixes #1263
 2016-08-08 10:18:36 -04:00
Jeff Mitchell
84cd3c20b3 Remove context-as-nonce, add docs, and properly support datakey 2016-08-07 15:53:40 -04:00
Jeff Mitchell
b5858e2237 Add unit tests for convergence in non-context mode 2016-08-07 15:16:36 -04:00
Jeff Mitchell
c7bf73f924 Refactor convergent encryption to make specifying a nonce in addition to context possible 2016-08-05 17:52:44 -04:00
Vincent Batoufflet
38a30a92e3 Fix PKI logical backend email alt_names 2016-08-04 12:10:34 +02:00
Jeff Mitchell
9732c10d03 Add postgres test for block statements 2016-08-03 15:34:50 -04:00
Jeff Mitchell
7d1f0facb8 Add arbitrary string slice parsing. 
Like the KV function, this supports either separated strings or JSON
strings, base64-encoded or not.

Fixes #1619 in theory.
 2016-08-03 14:24:16 -04:00
Jeff Mitchell
3329d38959 Cleanup 2016-08-03 13:09:12 -04:00
vishalnayak
ddb6ae18a0 Fix invalid input getting marked as internal error 2016-07-28 16:23:11 -04:00
Jeff Mitchell
4fd83816bf Add convergence tests to transit backend 2016-07-28 11:30:52 -04:00
vishalnayak
59930fda8f AppRole authentication backend 2016-07-26 09:32:41 -04:00
Jeff Mitchell
948fdeacc3 Explicitly set invalid request status when a password isn't included 2016-07-25 11:14:15 -04:00
Jeff Mitchell
41922b2a9c Don't return 500 for user error in userpass when setting password 2016-07-25 11:09:46 -04:00
Jeff Mitchell
d466462b8d Fix re-specification of filter 2016-07-25 09:08:29 -04:00
Oren Shomron
005cb3e042 LDAP Auth Backend Overhaul 
--------------------------

Added new configuration option to ldap auth backend - groupfilter.
GroupFilter accepts a Go template which will be used in conjunction with
GroupDN for finding the groups a user is a member of. The template will
be provided with context consisting of UserDN and Username.

Simplified group membership lookup significantly to support multiple use-cases:
  * Enumerating groups via memberOf attribute on user object
  * Previous default behavior of querying groups based on member/memberUid/uniqueMember attributes
  * Custom queries to support nested groups in AD via LDAP_MATCHING_RULE_IN_CHAIN matchind rule

There is now a new configuration option - groupattr - which specifies
how to resolve group membership from the objects returned by the primary groupfilter query.

Additional changes:
  * Clarify documentation for LDAP auth backend.
  * Reworked how default values are set, added tests
  * Removed Dial from LDAP config read. Network should not affect configuration.
 2016-07-22 21:20:05 -04:00
Jeff Mitchell
c664c4091b Fix panic if no certificates are supplied by client 
Fixes #1637
 2016-07-21 10:20:41 -04:00
Jeff Mitchell
2701ea16d1 Fix build 2016-07-21 09:53:41 -04:00
Jeff Mitchell
d16cefa544 Ensure we never return a nil set of trusted CA certs 
Fixes #1637
 2016-07-21 09:50:31 -04:00
Laura Bennett
c6cc73b3bd Merge pull request #1635 from hashicorp/mysql-idle-conns 
Added maximum idle connections to mysql to close hashicorp/vault#1616
 2016-07-20 15:31:37 -04:00
Jeff Mitchell
6708b5d75f Set defaults to handle upgrade cases. 
Ping #1604
 2016-07-20 14:07:19 -04:00
Jeff Mitchell
a8a2886538 Merge pull request #1604 from memory/mysql-displayname-2 
concat role name and token displayname to form mysql username
 2016-07-20 14:02:17 -04:00
Nathan J. Mehl
e824f6040b use both role name and token display name to form mysql username 2016-07-20 10:17:00 -07:00
Laura Bennett
f5ed650966 whitespace error corrected 2016-07-20 12:00:05 -04:00
Nathan J. Mehl
83635c16b6 respond to feedback from @vishalnayak 
- split out usernameLength and displaynameLength truncation values,
  as they are different things

- fetch username and displayname lengths from the role, not from
  the request parameters

- add appropriate defaults for username and displayname lengths
 2016-07-20 06:36:51 -07:00
Laura Bennett
badaabc17d max_idle_connections added 2016-07-20 09:26:26 -04:00
Laura Bennett
b99c692f0d initial commit before rebase to stay current with master 2016-07-19 14:18:37 -04:00
Jeff Mitchell
8cbd94e13e Merge pull request #1414 from mhurne/mongodb-secret-backend 
Add mongodb secret backend
 2016-07-19 13:56:15 -04:00
Jeff Mitchell
33624201c2 Some minor linting 2016-07-19 13:54:18 -04:00
Matt Hurne
2f8a1daa7d Merge branch 'master' into mongodb-secret-backend 2016-07-19 12:47:58 -04:00
Matt Hurne
35472ba9f9 mongodb secret backend: Remove redundant type declarations 2016-07-19 12:35:14 -04:00
Matt Hurne
3c68002cc2 mongodb secret backend: Fix broken tests, clean up unused parameters 2016-07-19 12:26:23 -04:00
Vishal Nayak
3f0a1e4b88 Merge pull request #1629 from hashicorp/remove-verify-connection 
Remove unused VerifyConnection from storage entries of SQL backends
 2016-07-19 12:21:23 -04:00
Vishal Nayak
4e5c3631f4 Merge pull request #1583 from hashicorp/ssh-allowed-roles 
Add allowed_roles to ssh-helper-config and return role name from verify call
 2016-07-19 12:04:12 -04:00
vishalnayak
ca22b6cfdb Remove unused VerifyConnection from storage entries of SQL backends 2016-07-19 11:55:49 -04:00
Matt Hurne
a130c13c34 mongodb secret backend: Return lease ttl and max_ttl in lease read in seconds rather than as duration strings 2016-07-19 11:23:56 -04:00
Matt Hurne
8be8714e86 mongodb secret backend: Don't bother persisting verify_connection field in connection config 2016-07-19 11:20:45 -04:00
Matt Hurne
047db0ffef mongodb secret backend: Handle cases where stored username or db is not a string as expected when revoking credentials 2016-07-19 11:18:00 -04:00
Matt Hurne
d23ba11a0c Merge branch 'master' into mongodb-secret-backend 2016-07-19 10:38:45 -04:00
Jeff Mitchell
aa9c05002e Merge pull request #1573 from mickhansen/logical-postgresql-revoke-sequences 
handle revocations for roles that have privileges on sequences
 2016-07-18 13:30:42 -04:00
vishalnayak
5b458db104 Merge branch 'master-oss' into json-use-number 
Conflicts:
	http/handler.go
	logical/framework/field_data.go
	logical/framework/wal.go
	vault/logical_passthrough.go
 2016-07-15 19:21:55 -04:00
Vishal Nayak
1970ad74d7 Merge pull request #1610 from hashicorp/min-tls-ver-12 
Set minimum TLS version in all tls.Config objects
 2016-07-13 10:53:14 -06:00
vishalnayak
6977bdd490 Handled upgrade path for TLSMinVersion 2016-07-13 12:42:51 -04:00
Vishal Nayak
64bdeec926 Merge pull request #1607 from hashicorp/standardize-time 
Remove redundant invocations of UTC() call on `time.Time` objects
 2016-07-13 10:19:23 -06:00
vishalnayak
98d5684699 Address review feedback 2016-07-13 11:52:26 -04:00
vishalnayak
150cba24a7 Added tls_min_version to consul storage backend 2016-07-12 20:10:54 -04:00