mirrors/vault
1
0
Fork 0
mirror of https://github.com/hashicorp/vault.git synced 2025-08-26 17:11:13 +02:00
Code Issues Projects Releases Wiki Activity
10,543 Commits 2,837 Branches 445 Tags
Commit Graph

1798 Commits

Author SHA1 Message Date
Vishal Nayak
756be6976d Refactoring changes 2015-06-29 22:00:08 -04:00
esell
dac2cd8c62 change skipsslverify to insecure_tls 2015-06-29 19:23:31 -06:00
Armon Dadgar
b49683a40b audit: fixing panic caused by tls connection state. Fixes #322 2015-06-29 17:16:17 -07:00
Armon Dadgar
01dc26bdeb Fixing merge conflict 2015-06-29 15:19:04 -07:00
Armon Dadgar
de6ce89c39 Fixing merge conflict 2015-06-29 14:50:55 -07:00
Vishal Nayak
208e068138 SCP in pure GO and CIDR parsing fix 2015-06-29 11:49:34 -04:00
Vishal Nayak
5da639feff Creating SSH keys and removal of files in pure 'go' 2015-06-26 15:43:27 -04:00
Vishal Nayak
7dbad8386c ssh/lookup implementation and refactoring 2015-06-25 21:47:32 -04:00
Vishal Nayak
e90fb0cc09 Merge branch 'master' of https://github.com/hashicorp/vault into vishalvault 2015-06-24 18:13:26 -04:00
Vishal Nayak
4b07eba487 POC: Rework. Doing away with policy file. 2015-06-24 18:13:12 -04:00
esell
11a0b3b6c6 Set SkipSSLVerify default to false, add warning in help message 2015-06-24 13:38:14 -06:00
esell
e3a3fc8ab1 cleanup the code a bit 2015-06-24 10:09:29 -06:00
esell
ee690118b9 allow skipping SSL verification on ldap auth 2015-06-24 10:05:45 -06:00
Jeff Mitchell
d8ed14a603 Merge remote-tracking branch 'upstream/master' into f-pki 2015-06-19 13:01:26 -04:00
Vishal Nayak
9d709bd5a9 SSHs to multiple users by registering the respective host keys 2015-06-19 12:59:36 -04:00
Jeff Mitchell
435aefc072 A few things: 
* Add comments to every non-obvious (e.g. not basic read/write handler type) function
* Remove revoked/ endpoint, at least for now
* Add configurable CRL lifetime
* Cleanup
* Address some comments from code review

Commit contents (C)2015 Akamai Technologies, Inc. <opensource@akamai.com>
 2015-06-19 12:48:18 -04:00
Nate Brown
71a738ad7d Logging authentication errors and bad token usage 2015-06-18 18:30:18 -07:00
Vishal Nayak
5cd9b7a7d8 merging with master 2015-06-18 20:51:11 -04:00
Vishal Nayak
fe5bb20e92 Roles, key renewal handled. End-to-end basic flow working. 2015-06-18 20:48:41 -04:00
Jeff Mitchell
23ba605068 Refactor to allow only issuing CAs to be set and not have things blow up. This is useful/important for e.g. the Cassandra backend, where you may want to do TLS with a specific CA cert for server validation, but not actually do client authentication with a client cert. 
Commit contents (C)2015 Akamai Technologies, Inc. <opensource@akamai.com>
 2015-06-18 15:22:58 -04:00
Vishal Nayak
f2ace92e98 Implementation for storing and deleting the host information in Vault 2015-06-17 22:10:47 -04:00
Armon Dadgar
96119946f3 secret/transit: allow policies to be upserted 2015-06-17 18:51:05 -07:00
Armon Dadgar
9238c6def3 secret/transit: Use special endpoint to get underlying keys. Fixes #219 2015-06-17 18:42:23 -07:00
Vishal Nayak
c1880de3d1 Merge branch 'master' of https://github.com/hashicorp/vault into vishalvault 2015-06-17 20:34:56 -04:00
Vishal Nayak
fa83fe89f0 Received OTK in SSH client. Forked SSH process from CLI. Added utility file for SSH. 2015-06-17 20:33:03 -04:00
Armon Dadgar
28dd283c93 builtin: fixing API change in logical framework 2015-06-17 14:34:11 -07:00
Armon Dadgar
05fa4a4a48 secret/postgres: Ensure sane username length. Fixes #326 2015-06-17 13:31:56 -07:00
Jeff Mitchell
31e680048e A lot of refactoring: move PEM bundle parsing into helper/certutil, so that it is usable by other backends that want to use it to get the necessary data for TLS auth. 
Also, enhance the raw cert bundle => parsed cert bundle to make it more useful and perform more validation checks.

More refactoring could be done within the PKI backend itself, but that can wait.

Commit contents (C)2015 Akamai Technologies, Inc. <opensource@akamai.com>
 2015-06-17 16:07:20 -04:00
Vishal Nayak
fb866f9059 Added: Ssh CLI command and API, config lease impl, sshConnect path to backend, http handler for Ssh connect 2015-06-17 12:39:49 -04:00
Vishal Nayak
647f3a59d9 Vault SSH: POC Stage 1. Skeleton implementation. 2015-06-16 16:58:54 -04:00
Jeff Mitchell
79164f38ad Merge branch 'master' into f-pki 2015-06-16 13:43:25 -04:00
Jeff Mitchell
a2b3e1302a A bunch of cleanup and moving around. logical/certutil is a package that now has helper functions 
useful for other parts of Vault (including the API) to take advantage of.

Commit contents (C)2015 Akamai Technologies, Inc. <opensource@akamai.com>
 2015-06-16 13:43:12 -04:00
Mitchell Hashimoto
a98c07855b credential/github: get rid of stray tab 2015-06-16 10:05:51 -07:00
Mitchell Hashimoto
dcc84749d1 command/auth, github: improve cli docs 
/cc @sethvargo
 2015-06-16 10:05:11 -07:00
Christian Svensson
f184c5985a Record the common name in TLS metadata 
It is useful to be able to save the client cert's Common Name for auditing purposes when using a central CA.

This adds a "common_name" value to the Metadata structure passed from login.
 2015-06-14 23:18:21 +01:00
Jeff Mitchell
8b55d33722 Erp, forgot this feedback... 
Commit contents (C)2015 Akamai Technologies, Inc. <opensource@akamai.com>
 2015-06-11 23:16:13 -04:00
Jeff Mitchell
64c8a437e9 Add locking for revocation/CRL generation. I originally was going to use an RWMutex but punted, because it's not worth trying to save some milliseconds with the possibility of getting something wrong. So the entire operations are now wrapped, which is minimally slower but very safe. 
Commit contents (C)2015 Akamai Technologies, Inc. <opensource@akamai.com>
 2015-06-11 22:28:13 -04:00
Jeff Mitchell
722eca1367 Address most of Armon's initial feedback. 
Commit contents (C)2015 Akamai Technologies, Inc. <opensource@akamai.com>
 2015-06-11 21:57:05 -04:00
Jeff Mitchell
20ac7a46f7 Add acceptance tests 
* CA bundle uploading
* Basic role creation
* Common Name restrictions
* IP SAN restrictions
* EC + RSA keys
* Various key usages
* Lease times
* CA fetching in various formats
* DNS SAN handling

Also, fix a bug when trying to get code signing certificates.

Not tested:
* Revocation (I believe this is impossible with the current testing framework)

Commit contents (C)2015 Akamai Technologies, Inc. <opensource@akamai.com>
 2015-06-08 00:06:09 -04:00
Jeff Mitchell
530b67bbb9 Initial PKI backend implementation. 
Complete:
* Up-to-date API documents
* Backend configuration (root certificate and private key)
* Highly granular role configuration
* Certificate generation
* CN checking against role
* IP and DNS subject alternative names
* Server, client, and code signing usage types
* Later certificate (but not private key) retrieval
* CRL creation and update
* CRL/CA bare endpoints (for cert extensions)
* Revocation (both Vault-native and by serial number)
* CRL force-rotation endpoint

Missing:
* OCSP support (can't implement without changes in Vault)
* Unit tests

Commit contents (C)2015 Akamai Technologies, Inc. <opensource@akamai.com>
 2015-06-08 00:06:09 -04:00
Jonathan Sokolowski
dd7d64dd80 logical/consul: Combine policy and lease into single storage struct 2015-05-28 09:36:23 +10:00
Jonathan Sokolowski
6814b0d63e logical/consul: custom lease time for roles 2015-05-27 09:53:46 +10:00
Ian Unruh
82bca95537 Allow dot in LDAP login username 2015-05-20 11:54:15 -07:00
Armon Dadgar
cce15445c9 auth/cert: Guard against empty certs. Fixes #214 2015-05-18 16:11:09 -07:00
Armon Dadgar
087e84d9a9 cred/app-id: ensure consistent error message 2015-05-15 11:45:57 -07:00
Armon Dadgar
f1683f907f cred/app-id: stricter validation and error messaging 2015-05-15 11:40:45 -07:00
Jonathan Sokolowski
a4f9bacb28 credential/app-id: Test DeleteOperation 2015-05-14 22:30:02 +10:00
Etourneau Gwenn
fd682719a1 Fix Error message 2015-05-12 14:32:09 +09:00
Mitchell Hashimoto
3a9a1b2738 credential/app-id: add hash of user/app ID to metadata for logs 2015-05-11 10:46:11 -07:00
Mitchell Hashimoto
09b3a99d56 Merge pull request #184 from hashicorp/b-github-casing 
credential/github: case insensitive mappings
 2015-05-11 10:27:45 -07:00