mirrors/vault
1
0
Fork 0
mirror of https://github.com/hashicorp/vault.git synced 2025-08-24 16:11:08 +02:00
Code Issues Projects Releases Wiki Activity
10,543 Commits 2,840 Branches 445 Tags
Commit Graph

1798 Commits

Author SHA1 Message Date
Vishal Nayak
7dac5efe27 Merge pull request #1112 from hashicorp/1089-postgres-connection-url 
postgres: connection_url fix
 2016-02-22 11:36:04 -05:00
Jeff Mitchell
7c60548b9a More improvements to PKI tests; allow setting a specific seed, output 
the seed to the console, and split generated steps to make it
understandable which seed is for which set of steps.
 2016-02-22 11:22:52 -05:00
vishalnayak
046d7f87b4 postgres: connection_url fix 2016-02-22 11:22:49 -05:00
Jeff Mitchell
ec97c6c8e2 Use more fuzziness in PKI backend tests 2016-02-22 10:59:37 -05:00
Jeff Mitchell
d993993f18 Better handle errors from fetchCertBySerial 2016-02-22 10:36:26 -05:00
Kevin Pike
6ac1a8c48b Update update operation and uuid references 2016-02-21 15:31:22 -08:00
Kevin Pike
79ed734a2f Merge branch 'master' into rabbitmq 2016-02-21 14:55:06 -08:00
Kevin Pike
d805f2ef57 Add RabbitMQ secret backend 2016-02-21 14:52:57 -08:00
Jeff Mitchell
e065a1cd22 Remove root requirement for certs/ and crls/ in TLS auth backend. 
Fixes #468
 2016-02-21 15:33:33 -05:00
Jeff Mitchell
d3af63193b Add tests for minimum key size checking. (This will also verify that the 
key type matches that of the role, since type assertions are required to
check the bit size). Like the rest, these are fuzz tests; I have
verified that the random seed will eventually hit error conditions if
ErrorOk is not set correctly when we expect an error.
 2016-02-19 21:39:40 -05:00
Jeff Mitchell
5da2949d45 Check role key type and bits when signing CSR. 
Two exceptions: signing an intermediate CA CSR, and signing a CSR via
the 'sign-verbatim' path.
 2016-02-19 20:50:49 -05:00
vishalnayak
992a32975c Cap the length midString in IAM user's username to 42 2016-02-19 18:31:10 -05:00
Vishal Nayak
d123d4c02e Merge pull request #1102 from hashicorp/shorten-aws-usernames 
Set limits on generated IAM user and STS token names.
 2016-02-19 18:25:29 -05:00
Jeff Mitchell
9b57078b26 Some minor changes in mysql commenting and names 2016-02-19 16:44:52 -05:00
Jeff Mitchell
63a8061e87 Set limits on generated IAM user and STS token names. 
Fixes #1031
Fixes #1063
 2016-02-19 16:35:06 -05:00
vishalnayak
b4cd7d019e mysql: fix error message 2016-02-19 16:07:06 -05:00
vishalnayak
20342d9049 Don't deprecate value field yet 2016-02-19 16:07:06 -05:00
vishalnayak
d8f72887fc Removed connectionString.ConnectionString 2016-02-19 16:07:05 -05:00
vishalnayak
5f19c77897 mysql: provide allow_verification option to disable connection_url check 2016-02-19 16:07:05 -05:00
Jeff Mitchell
65494f8268 Merge pull request #1100 from hashicorp/issue-1030 
Properly escape filter values in LDAP filters
 2016-02-19 14:56:40 -05:00
Jeff Mitchell
ac3191ad02 Disallow 1024-bit RSA keys. 
Existing certificates are kept but roles with key bits < 2048 will need
to be updated as the signing/issuing functions now enforce this.
 2016-02-19 14:33:02 -05:00
Jeff Mitchell
73e84b8c38 Address some feedback on ldap escaping help text 2016-02-19 13:47:26 -05:00
Jeff Mitchell
a2aad0bbd6 Properly escape filter values. 
Fixes #1030
 2016-02-19 13:16:52 -05:00
Jeff Mitchell
331f57c082 Update LDAP documentation with a note on escaping 2016-02-19 13:16:18 -05:00
Jeff Mitchell
6ef35dcbb7 Add tests to ldap using the discover capability 2016-02-19 11:46:59 -05:00
Jeff Mitchell
7458084e09 Add ldap tests that use a bind dn and bind password 2016-02-19 11:38:27 -05:00
Vishal Nayak
81f849ad6a Merge pull request #1047 from hashicorp/vault-iss999-github-renewal 
GitHub renewal enhancements
 2016-02-18 16:47:15 -05:00
Vishal Nayak
ba9c0dced1 Merge pull request #1086 from hashicorp/iss962-verify-otp-response-code 
SSH: Fix response code for ssh/verify
 2016-02-18 13:32:28 -05:00
vishalnayak
f5f9a9a056 ssh: Fix response code for ssh/verify 2016-02-16 19:46:29 -05:00
vishalnayak
3bad2a3af0 Pki: Respond user error when cert is not found instead of internal error 2016-02-16 17:58:57 -05:00
vishalnayak
3b6ea0c3cb Github renewal enhancement 2016-02-11 20:42:42 -05:00
Jeff Mitchell
4923624593 Merge pull request #1061 from tomrittervg/tomrittervg-typos-1 
Fix some typos
 2016-02-11 15:12:09 -05:00
Jeff Mitchell
4ff2b119eb Merge pull request #1062 from tomrittervg/tomrittervg-AllowedBaseDomain-migration 
AllowedBaseDomain will stay non-empty in certain error conditions. None of these conditions should be hit anyways, but this provides an extra safety check.
 2016-02-11 15:07:54 -05:00
Jeff Mitchell
a1a7c11154 Merge pull request #1053 from mwielgoszewski/postgresql-revocation 
Fix PostgreSQL secret backend issues revoking users
 2016-02-11 12:52:37 -05:00
Tom Ritter
b6ef18cad0 Fix AllowedBaseDomain Migration 
AllowedBaseDomain is only zero-ed out if the domain is not found in the (new) AllowedDomains configuration setting. If the domain is found, AllowedBaseDomain is not emptied and this code will be run every single time.

//untested
 2016-02-09 15:42:15 -06:00
Tom Ritter
88ae7ae9fe Typo in error message in path_intermediate.go 2016-02-09 15:08:30 -06:00
Tom Ritter
ccdbb5d910 Typo in policy.go 2016-02-08 12:00:06 -06:00
Jeff Mitchell
122773ba71 Add slack on NotBefore value for generated certs. 
This fixes an issue where, due to clock skew, one system can get a cert
and try to use it before it thinks it's actually valid. The tolerance of
30 seconds should be high enough for pretty much any set of systems
using NTP.

Fixes #1035
 2016-02-07 14:00:03 -05:00
Jeff Mitchell
f75e121d8c Introduce a locking inmem storage for unit tests that are doing concurrent things 2016-02-04 09:40:35 -05:00
Jeff Mitchell
f4df0d828e Add transit fuzz test 2016-02-03 17:36:15 -05:00
Vishal Nayak
eb482c4066 Merge pull request #1013 from hashicorp/fix-ssh-tests 
Fix SSH tests
 2016-02-02 14:22:09 -05:00
vishalnayak
6b5b96d795 Fix SSH test cases. 2016-02-02 12:32:50 -05:00
Jeff Mitchell
3ac40a7ae5 Use capabilities to determine upsert-ability in transit. 2016-02-02 10:03:14 -05:00
Jeff Mitchell
216fe1b9da Revert "Re-add upsert into transit. Defaults to off and a new endpoint /config" 
This reverts commit dc27d012c0357f93bfd5bd8d480f3e229166307a.
 2016-02-02 09:26:25 -05:00
Jeff Mitchell
dc27d012c0 Re-add upsert into transit. Defaults to off and a new endpoint /config 
can be used to turn it on for a given mount.
 2016-02-01 20:13:57 -05:00
Jeff Mitchell
d402292f85 Fix comment text 2016-02-01 17:20:16 -05:00
Jeff Mitchell
7fb8db2e6c Allow the format to be specified as pem_bundle, which creates a 
concatenated PEM file.

Fixes #992
 2016-02-01 13:19:41 -05:00
Jeff Mitchell
3b77905c75 Cassandra: 
* Add ability to change protocol version
* Remove config as a root path, use normal ACLs
* Update docs
 2016-02-01 10:27:26 -05:00
Jeff Mitchell
c60a9cd130 Remove grace periods 2016-01-31 19:33:16 -05:00
Jeff Mitchell
c067cdc926 Remove app-id renewal for the moment until verification logic is added 2016-01-31 19:12:20 -05:00