vault

mirror of https://github.com/hashicorp/vault.git synced 2025-08-20 22:21:09 +02:00

Author	SHA1	Message	Date
Chris Hoffman	563edbe1f6	short circuit cert extensions check (#3712 )	2017-12-18 13:19:05 -05:00
Travis Cosgrave	95328e2fb4	Use Custom Cert Extensions as Cert Auth Constraint (#3634 )	2017-12-18 12:53:44 -05:00
Jeff Mitchell	a572ed480c	Merge pull request #3695 from hashicorp/creds-period-logic	2017-12-18 12:40:03 -05:00
Jeff Mitchell	4f31ee7cc8	Merge branch 'master' into f-nomad	2017-12-18 12:23:39 -05:00
immutability	f8cdeec783	Add Duo MFA to the Github backend (#3696 )	2017-12-18 09:59:17 -05:00
Chris Hoffman	abbb1c623a	use defaultconfig as base, adding env var test	2017-12-17 10:51:39 -05:00
Chris Hoffman	737dbca37a	fixing up config to allow environment vars supported by api client	2017-12-17 09:10:56 -05:00
Chris Hoffman	20aac4dc0a	adding existence check for roles	2017-12-15 19:50:20 -05:00
Chris Hoffman	b82493f9de	adding access config existence check and delete endpoint	2017-12-15 19:18:32 -05:00
Calvin Leung Huang	38df48654e	Use shortMaxTTL on Ec2 paths	2017-12-15 17:29:40 -05:00
Chris Hoffman	152b6e4305	address some feedback	2017-12-15 17:06:56 -05:00
Chris Hoffman	16e2edf389	Merge remote-tracking branch 'oss/master' into f-nomad * oss/master: Defer reader.Close that is used to determine sha256 changelog++ Avoid unseal failure if plugin backends fail to setup during postUnseal (#3686) Add logic for using Auth.Period when handling auth login/renew requests (#3677) plugins/database: use context with plugins that use database/sql package (#3691) changelog++ Fix plaintext backup in transit (#3692) Database gRPC plugins (#3666)	2017-12-15 17:05:42 -05:00
Calvin Leung Huang	ddfe767772	Update logic on renew paths	2017-12-15 16:26:42 -05:00
Calvin Leung Huang	327c28c77d	Update login logic for aws creds backend	2017-12-15 16:18:19 -05:00
Calvin Leung Huang	fff0d199bd	Update login logic for aws creds backend	2017-12-15 16:01:40 -05:00
Calvin Leung Huang	895cffa4cf	Add logic for using Auth.Period when handling auth login/renew requests (#3677 ) * Add logic for using Auth.Period when handling auth login/renew requests * Set auth.TTL if not set in handleLoginRequest * Always set auth.TTL = te.TTL on handleLoginRequest, check TTL and period against sys values on RenewToken * Get sysView from le.Path, revert tests * Add back auth.Policies * Fix TokenStore tests, add resp warning when capping values * Use switch for ttl/period check on RenewToken * Move comments around	2017-12-15 13:30:05 -05:00
Brian Kassouf	a401cc7cb5	Database gRPC plugins (#3666 ) * Start work on context aware backends * Start work on moving the database plugins to gRPC in order to pass context * Add context to builtin database plugins * use byte slice instead of string * Context all the things * Move proto messages to the dbplugin package * Add a grpc mechanism for running backend plugins * Serve the GRPC plugin * Add backwards compatibility to the database plugins * Remove backend plugin changes * Remove backend plugin changes * Cleanup the transport implementations * If grpc connection is in an unexpected state restart the plugin * Fix tests * Fix tests * Remove context from the request object, replace it with context.TODO * Add a test to verify netRPC plugins still work * Remove unused mapstructure call * Code review fixes * Code review fixes * Code review fixes	2017-12-14 14:03:11 -08:00
Jeff Mitchell	96b0c31de5	Merge branch 'master' into f-nomad	2017-12-14 16:44:28 -05:00
Jeff Mitchell	2146f88052	Update Consul to use the role's configured lease on renew. (#3684 )	2017-12-14 13:28:19 -05:00
Vishal Nayak	c38f9884ce	Transit: backup/restore (#3637 )	2017-12-14 12:51:50 -05:00
Vishal Nayak	aef8a1893f	Fix the casing problem in approle (#3665 )	2017-12-11 16:41:17 -05:00
Florent H. CARRÉ	c1c052f0c1	Hardening RSA keys for PKI and SSH (#3593 )	2017-12-11 13:43:56 -05:00
Chris Hoffman	628153979a	Converting key_usage and allowed_domains in PKI to CommaStringSlice (#3621 )	2017-12-11 13:13:35 -05:00
Brad Sickles	dc70b1c21f	Adding mfa support to okta auth backend. (#3653 )	2017-12-07 14:17:42 -05:00
Brian Shumate	c767dc4ed6	Conditionally set file audit log mode (#3649 )	2017-12-07 11:44:15 -05:00
Mohsen	77fc89088d	Small typo relating to no_store in pki secret backend (#3662 ) * Removed typo :) * Corrected typo in the website related to no_store	2017-12-07 10:40:21 -05:00
Vishal Nayak	18311d253d	Transit: Refactor internal representation of key entry map (#3652 ) * convert internal map to index by string * Add upgrade test for internal key entry map * address review feedback	2017-12-06 18:24:00 -05:00
Dominik Müller	534ea1771d	add allowed_names to cert-response (#3654 )	2017-12-06 16:50:02 -05:00
Jeff Mitchell	eed45793b9	Re-add some functionality lost during last dep update (#3636 )	2017-12-01 10:18:26 -05:00
Nicolas Corrarello	884e25035f	Adding SealWrap configuration, protecting the config/access path Signed-off-by: Nicolas Corrarello <nicolas@corrarello.com>	2017-11-29 21:53:21 +00:00
Nicolas Corrarello	12e77fac51	Rename policy into policies	2017-11-29 16:31:17 +00:00
Nicolas Corrarello	0780c6250b	Checking if client is not nil before deleting token Signed-off-by: Nicolas Corrarello <nicolas@corrarello.com>	2017-11-29 16:23:03 +00:00
Nicolas Corrarello	66840ac4db	%q quotes automatically Signed-off-by: Nicolas Corrarello <nicolas@corrarello.com>	2017-11-29 16:19:31 +00:00
Nicolas Corrarello	9d78bfa721	Refactoring check for empty accessor as per Vishals suggestion Signed-off-by: Nicolas Corrarello <nicolas@corrarello.com>	2017-11-29 15:58:39 +00:00
Nicolas Corrarello	a3df394134	Pull master into f-nomad Signed-off-by: Nicolas Corrarello <nicolas@corrarello.com>	2017-11-29 15:56:37 +00:00
Nicolas Corrarello	e6b3438d92	Return an error if accesor_id is nil Signed-off-by: Nicolas Corrarello <nicolas@corrarello.com>	2017-11-29 15:18:03 +00:00
Nicolas Corrarello	cfa0715d1e	Returning nil config if is actually nil, and catching the error before creating the client in backend.go Signed-off-by: Nicolas Corrarello <nicolas@corrarello.com>	2017-11-29 11:15:54 +00:00
Nicolas Corrarello	f8babf19ad	Moving LeaseConfig function to path_config_lease.go Signed-off-by: Nicolas Corrarello <nicolas@corrarello.com>	2017-11-29 11:07:17 +00:00
Nicolas Corrarello	1db26e73f4	Return error before creating a client if conf is nil	2017-11-29 11:01:31 +00:00
Nicolas Corrarello	a5f01d49e2	Sanitizing error outputs	2017-11-29 10:58:02 +00:00
Nicolas Corrarello	e3a73ead35	Renaming tokenRaw to accessorIDRaw to avoid confusion, as the token is not being used for revoking itself	2017-11-29 10:48:55 +00:00
Nicolas Corrarello	3134c7262d	Updating descriptions, defaults for roles	2017-11-29 10:44:40 +00:00
Nicolas Corrarello	a280884433	Validating that Address and Token are provided in path_config_access.go	2017-11-29 10:36:34 +00:00
Nicolas Corrarello	e1e63f8883	Removing legacy field scheme that belonged to the Consul API	2017-11-29 10:29:39 +00:00
Joel Thompson	8aeea21416	auth/aws: Check credential availability before auth (#3465 ) Checks to ensure we can get a valid credential from the credential chain when using the vault CLI to do AWS auth. Fixes #3383	2017-11-13 15:43:24 -05:00
Vishal Nayak	93c5d288d2	avoid empty group alias names (#3567 )	2017-11-10 16:51:37 -05:00
Vishal Nayak	017c0ec283	Avoid race conditions in AppRole (#3561 ) * avoid race conditions in approle * return a warning from role read if secondary index is missing * Create a role ID index if a role is missing one * Fix locking in approle read and add test * address review feedback	2017-11-10 11:32:04 -05:00
Jeff Mitchell	0c3db8eaca	Remove allow_base_domain from PKI role output. It was never used in a release, in favor of allow_bare_domains. Fixes #1452 (again)	2017-11-09 10:24:36 -05:00
Jeff Mitchell	4535c8c38d	Don't read out an internal role member in PKI	2017-11-08 18:20:53 -05:00
Chris Hoffman	b2549f3922	adding ttl to secret, refactoring for consistency	2017-11-07 09:58:19 -05:00

... 6 7 8 9 10 ...

1798 Commits