mirrors/vault
1
0
Fork 0
mirror of https://github.com/hashicorp/vault.git synced 2025-08-10 08:37:00 +02:00
Code Issues Projects Releases Wiki Activity
14,920 Commits 2,838 Branches 445 Tags 444 MiB
6f6e901b0a
Commit Graph

30 Commits

Author SHA1 Message Date
Steven Clark
1ab5b68916
PKI: Add missing default cases within switch statements (#14661) 
* Misc PKI code fixes.

 - Harden the code base a bit adding default's to switch statements
   to various error handlers and processing statements.
 - Fixup some error messages to include proper values we support.

* Additional default case missing within PKI

* Fix typo in PKI error message
 2022-03-23 15:19:56 -04:00
Scott Miller
ba533d006f
OSS side changes for PKI HSM type handling fix (#14364) 2022-03-03 15:30:18 -06:00
Steven Clark
ab0944d965
Force certain PKI operations to go to the Primary Performance cluster immediately (#14287) 2022-02-25 13:26:34 -05:00
Tom Proctor
5f5012c745
Add make fmt CI check (#13803) 
* Add make fmt CI check

* Don't suppress patch output
 2022-01-31 23:24:16 +00:00
Steven Clark
afb9449656
OSS integration of the PKI plugin with managed key infrastructure (#13793) 
- The OSS side of things to leverage managed keys from the PKI secrets engine
 2022-01-26 23:06:25 -05:00
Scott Miller
8478615217
Use the system rand reader for CA root and intermediate generation (#12559) 
* Use the system rand reader for CA root and intermediate generation

* changelog
 2021-09-15 11:59:12 -05:00
Lars Lehtonen
7ca2caf3d0
builtin: deprecate errwrap.Wrapf() throughout (#11430) 
* audit: deprecate errwrap.Wrapf()

* builtin/audit/file: deprecate errwrap.Wrapf()

* builtin/crediential/app-id: deprecate errwrap.Wrapf()

* builtin/credential/approle: deprecate errwrap.Wrapf()

* builtin/credential/aws: deprecate errwrap.Wrapf()

* builtin/credentials/token: deprecate errwrap.Wrapf()

* builtin/credential/github: deprecate errwrap.Wrapf()

* builtin/credential/cert: deprecate errwrap.Wrapf()

* builtin/logical/transit: deprecate errwrap.Wrapf()

* builtin/logical/totp: deprecate errwrap.Wrapf()

* builtin/logical/ssh: deprecate errwrap.Wrapf()

* builtin/logical/rabbitmq: deprecate errwrap.Wrapf()

* builtin/logical/postgresql: deprecate errwrap.Wrapf()

* builtin/logical/pki: deprecate errwrap.Wrapf()

* builtin/logical/nomad: deprecate errwrap.Wrapf()

* builtin/logical/mssql: deprecate errwrap.Wrapf()

* builtin/logical/database: deprecate errwrap.Wrapf()

* builtin/logical/consul: deprecate errwrap.Wrapf()

* builtin/logical/cassandra: deprecate errwrap.Wrapf()

* builtin/logical/aws: deprecate errwrap.Wrapf()
 2021-04-22 11:20:59 -04:00
Brian Kassouf
a24653cc5c
Run a more strict formatter over the code (#11312) 
* Update tooling

* Run gofumpt

* go mod vendor
 2021-04-08 09:43:39 -07:00
Denis Subbotin
375ab6f102
fix minor potential nil-pointer panic on line 89 (#8488) 2020-03-06 13:32:36 -08:00
ncabatoff
1d13290b36
Refactor cert util (#6676) 
Break dataBundle into two pieces: inputBundle, which contains data that
is specific to the pki backend, and creationBundle, which is a more
generic bundle of validated inputs given to certificate creation/signing routines.

Move functions that only take creationBundle to certutil and make them public.
 2019-05-09 11:43:11 -04:00
Jeff Mitchell
278bdd1f4e
Switch to go modules (#6585) 
* Switch to go modules

* Make fmt
 2019-04-13 03:44:06 -04:00
Jeff Mitchell
170521481d
Create sdk/ and api/ submodules (#6583) 2019-04-12 17:54:35 -04:00
Jeff Mitchell
b54b2648f1
Two PKI improvements: (#5134) 
* Disallow adding CA's serial to revocation list
* Allow disabling revocation list generation. This returns an empty (but
signed) list, but does not affect tracking of revocations so turning it
back on will populate the list properly.
 2018-08-21 11:20:57 -04:00
Vishal Nayak
e2bb2ec3b9
Errwrap everywhere (#4252) 
* package api

* package builtin/credential

* package builtin/logical

* package command

* package helper

* package http and logical

* package physical

* package shamir

* package vault

* package vault

* address feedback

* more fixes
 2018-04-05 11:49:21 -04:00
Jeff Mitchell
904a3a1bab
Add ability to set CA:true when generating intermediate CSR. (#4163) 
Fixes #3883
 2018-03-20 10:09:59 -04:00
Jeff Mitchell
a43a854740
Support other names in SANs (#3889) 2018-02-16 17:19:34 -05:00
Brian Kassouf
8142b42d95 Add context to storage backends and wire it through a lot of places (#3817) 2018-01-19 01:44:44 -05:00
Brian Kassouf
78adac0a24
Pass context to backends (#3750) 
* Start work on passing context to backends

* More work on passing context

* Unindent logical system

* Unindent token store

* Unindent passthrough

* Unindent cubbyhole

* Fix tests

* use requestContext in rollback and expiration managers
 2018-01-08 10:31:38 -08:00
Jeff Mitchell
33cf98026e
Add PKCS8 marshaling to PKI (#3518) 2017-11-06 12:05:07 -05:00
Seth Rutner
8675332afa Fix typos in error message (#2692) 2017-05-10 10:28:35 -04:00
Calvin Leung Huang
96bcd50de0 Include and use normalizeSerial func 2017-05-03 10:12:58 -04:00
Jeff Mitchell
dba2de57de Change storage of entries from colons to hyphens and add a 
lookup/migration path

Still TODO: tests on migration path

Fixes #2552
 2017-04-18 11:14:23 -04:00
Chris Hoffman
10c8024fa3 Adding support for chained intermediate CAs in pki backend (#1694) 2016-09-27 17:50:17 -07:00
vishalnayak
ddb6ae18a0 Fix invalid input getting marked as internal error 2016-07-28 16:23:11 -04:00
Jeff Mitchell
7ed0399e1f Add "tidy/" which allows removing expired certificates. 
A buffer is used to ensure that we only remove certificates that are
both expired and for which the buffer has past. Options allow removal
from revoked/ and/or certs/.
 2016-02-24 21:24:48 -05:00
Tom Ritter
88ae7ae9fe Typo in error message in path_intermediate.go 2016-02-09 15:08:30 -06:00
Jeff Mitchell
7fb8db2e6c Allow the format to be specified as pem_bundle, which creates a 
concatenated PEM file.

Fixes #992
 2016-02-01 13:19:41 -05:00
Jeff Mitchell
45e32756ea WriteOperation -> UpdateOperation 2016-01-08 13:03:03 -05:00
Jeff Mitchell
7eed5db86f Update documentation, some comments, make code cleaner, and make generated roots be revoked when their TTL is up 2015-11-19 17:14:22 -05:00
Jeff Mitchell
3437af0711 Split root and intermediate functionality into their own sections in the API. Update documentation. Add sign-verbatim endpoint. 2015-11-19 09:51:18 -05:00