mirrors/vault
1
0
Fork 0
mirror of https://github.com/hashicorp/vault.git synced 2025-08-11 17:17:01 +02:00
Code Issues Projects Releases Wiki Activity
7,663 Commits 2,838 Branches 445 Tags 445 MiB
792d219aa9
Commit Graph

62 Commits

Author SHA1 Message Date
Becca Petrin
792d219aa9 Move to "github.com/hashicorp/go-hclog" (#4227) 
* logbridge with hclog and identical output

* Initial search & replace

This compiles, but there is a fair amount of TODO
and commented out code, especially around the
plugin logclient/logserver code.

* strip logbridge

* fix majority of tests

* update logxi aliases

* WIP fixing tests

* more test fixes

* Update test to hclog

* Fix format

* Rename hclog -> log

* WIP making hclog and logxi love each other

* update logger_test.go

* clean up merged comments

* Replace RawLogger interface with a Logger

* Add some logger names

* Replace Trace with Debug

* update builtin logical logging patterns

* Fix build errors

* More log updates

* update log approach in command and builtin

* More log updates

* update helper, http, and logical directories

* Update loggers

* Log updates

* Update logging

* Update logging

* Update logging

* Update logging

* update logging in physical

* prefixing and lowercase

* Update logging

* Move phyisical logging name to server command

* Fix som tests

* address jims feedback so far

* incorporate brians feedback so far

* strip comments

* move vault.go to logging package

* update Debug to Trace

* Update go-plugin deps

* Update logging based on review comments

* Updates from review

* Unvendor logxi

* Remove null_logger.go
 2018-04-02 17:46:59 -07:00
Josh Soref
e43b76ef97 Spelling (#4119) 2018-03-20 14:54:10 -04:00
Brian Nuszkowski
ffdbcc4166 Return value when reading a SSH CA Role (#4098) 2018-03-07 23:26:33 -05:00
Brian Kassouf
8142b42d95 Add context to storage backends and wire it through a lot of places (#3817) 2018-01-19 01:44:44 -05:00
Brian Kassouf
78adac0a24
Pass context to backends (#3750) 
* Start work on passing context to backends

* More work on passing context

* Unindent logical system

* Unindent token store

* Unindent passthrough

* Unindent cubbyhole

* Fix tests

* use requestContext in rollback and expiration managers
 2018-01-08 10:31:38 -08:00
Florent H. CARRÉ
c1c052f0c1 Hardening RSA keys for PKI and SSH (#3593) 2017-12-11 13:43:56 -05:00
Calvin Leung Huang
ca76bc4f44
Return role info for each role on pathRoleList (#3532) 
* Return role info for each role on pathRoleList

* Change roles -> key_info, only return key_type

* Do not initialize result map in parseRole, refactor ListResponseWithInfo

* Add role list test
 2017-11-03 17:12:03 -04:00
Jeff Mitchell
3e81fe4c62
Simplify TTL/MaxTTL logic in SSH CA paths and sane with the rest of how (#3507) 
Vault parses/returns TTLs.
 2017-10-30 15:05:47 -05:00
Brian Shumate
99fe56434e DOCS: fix typo in ssh path help (#2966) 2017-07-04 13:59:34 -04:00
Brian Nuszkowski
5bc4dc7540 Add the option to specify a specific key id format that is generated … (#2888) 2017-06-29 04:05:06 +01:00
Jeff Mitchell
14c0000169 Update SSH CA documentation 
Fixes #2551
Fixes #2569
 2017-04-07 11:59:25 -04:00
Vishal Nayak
16d41a8b28 sshca: ensure atleast cert type is allowed (#2508) 2017-03-19 18:58:48 -04:00
Jeff Mitchell
a5d1808efe Always include a hash of the public key and "vault" (to know where it (#2498) 
came from) when generating a cert for SSH.

Follow on from #2494
 2017-03-16 11:14:17 -04:00
Mike Okner
6f84f7ffd0 Adding allow_user_key_ids field to SSH role config (#2494) 
Adding a boolean field that determines whether users will be allowed to
set the ID of the signed SSH key or whether it will always be the token
display name.  Preventing users from changing the ID and always using
the token name is useful for auditing who actually used a key to access
a remote host since sshd logs key IDs.
 2017-03-16 08:45:11 -04:00
Vishal Nayak
9af1ca3d2c doc: ssh allowed_users update (#2462) 
* doc: ssh allowed_users update

* added some more context in default_user field
 2017-03-09 10:34:55 -05:00
Jeff Mitchell
df575f0b3a Rename helper 'duration' to 'parseutil'. (#2449) 
Add a ParseBool function that accepts various kinds of ways of
specifying booleans.

Have config use ParseBool for UI and disabling mlock/cache.
 2017-03-07 11:21:22 -05:00
Jeff Mitchell
db29bde264 Fix a bunch of errors from returning 5xx, and parse more duration types 2017-03-02 15:38:34 -05:00
Vishal Nayak
d30a833db7 Rework ssh ca (#2419) 
* docs: input format for default_critical_options and default_extensions

* s/sshca/ssh

* Added default_critical_options and default_extensions to the read endpoint of role

* Change default time return value to 0
 2017-03-01 15:50:23 -05:00
Will May
7d9cb5bffe Changes from code review 
Major changes are:
* Remove duplicate code
* Check the public key used to configure the backend is a valid one
 2017-03-01 15:19:18 -05:00
Will May
59397250da Changes from code review 
Major changes are:
* Change `allow_{user,host}_certificates` to default to false
* Add separate `allowed_domains` role property
 2017-03-01 15:19:18 -05:00
Will May
1d59b965cb Add ability to create SSH certificates 2017-03-01 15:19:18 -05:00
vishalnayak
b408c95e0d ssh: Use temporary file to store the identity file 2016-10-18 12:50:12 -04:00
vishalnayak
fb2f7f27ba Fix ssh tests 2016-09-22 11:37:55 -04:00
vishalnayak
c93bded97b Added cidrutil helper 2016-09-21 13:58:32 -04:00
vishalnayak
9280dda5f4 rename verify_cert as disable_binding and invert the logic 2016-02-24 21:01:21 -05:00
Jeff Mitchell
886f641e5d Add listing of roles to ssh backend 2016-01-28 12:48:00 -05:00
Jeff Mitchell
45e32756ea WriteOperation -> UpdateOperation 2016-01-08 13:03:03 -05:00
vishalnayak
79be357030 Vault SSH: Zeroaddress roles and CIDR overlap check 2015-08-29 15:24:15 -04:00
vishalnayak
1226251d14 Vault SSH: Added exclude_cidr_list option to role 2015-08-27 23:19:55 -04:00
vishalnayak
06ac073684 Vault SSH: Docs for default CIDR value 2015-08-27 13:10:15 -04:00
vishalnayak
140013aebd Vault SSH: Default CIDR for roles 2015-08-27 13:04:15 -04:00
vishalnayak
630f348dbf Vault SSH: Provide key option specifications for dynamic keys 2015-08-27 11:41:29 -04:00
vishalnayak
41678f18ae Vault: Fix wild card paths for all backends 2015-08-21 00:56:13 -07:00
vishalnayak
36bf873a47 Vault SSH: 1024 is default key size and removed 4096 2015-08-19 12:51:33 -07:00
vishalnayak
d6c5031169 Vault SSH: TLS client creation test 2015-08-18 19:00:27 -07:00
vishalnayak
d63726b41b Vault SSH: Documentation update and minor refactoring changes. 2015-08-17 18:22:03 -07:00
vishalnayak
a98b3befd9 Vault SSH: Website page for SSH backend 2015-08-14 12:41:26 -07:00
vishalnayak
52d4c0be9c Vault SSH: Install script is optional now. Default script will be for Linux host. 2015-08-13 17:07:43 -07:00
vishalnayak
ffaf80167d Vault SSH: CLI embellishments 2015-08-13 16:55:47 -07:00
vishalnayak
3958136a78 Vault SSH: Introduced allowed_users option. Added helpers getKey and getOTP 2015-08-13 14:18:30 -07:00
vishalnayak
9b1ea2f20c Vault SSH: Helper for OTP creation and role read 2015-08-13 11:12:30 -07:00
vishalnayak
3d77058773 Vault SSH: Mandate default_user. Other refactoring 2015-08-13 10:36:31 -07:00
vishalnayak
2dd82aeb9a Vault SSH: cidr to cidr_list 2015-08-13 08:46:55 -07:00
vishalnayak
1a1ce742dd Vault SSH: Default lease duration, policy/ to role/ 2015-08-12 17:36:27 -07:00
vishalnayak
044a2257e7 Vault SSH: Automate OTP typing if sshpass is installed 2015-08-06 17:00:50 -04:00
vishalnayak
c26782acad Vault SSH: Script to install dynamic keys in target 2015-08-06 14:48:19 -04:00
vishalnayak
e9826c635c Vault SSH: CRUD test for dynamic role 2015-07-31 15:17:40 -04:00
vishalnayak
8dbbb8b8e6 Vault SSH: CRUD test case for OTP Role 2015-07-31 13:24:23 -04:00
vishalnayak
9aa02ad560 Vault SSH: Review Rework 2015-07-29 14:21:36 -04:00
Vishal Nayak
6a91529f4e Vault SSH: admin_user/default_user fix 2015-07-27 15:03:10 -04:00