mirrors/vault
1
0
Fork 0
mirror of https://github.com/hashicorp/vault.git synced 2025-08-27 17:41:13 +02:00
Code Issues Projects Releases Wiki Activity
7,166 Commits 2,836 Branches 445 Tags
Commit Graph

900 Commits

Author SHA1 Message Date
Jeff Mitchell
69eca11b62
Fix max_ttl not being honored in database backend when default_ttl is zero (#3814) 
Fixes #3812
 2018-01-18 01:43:38 -05:00
Chris Hoffman
c7b4fc314b Locking updates in database backend (#3774) 2018-01-17 19:21:59 -05:00
Chris Hoffman
3653e4bf1b
Converting OU and Organization role fields to CommaStringSlice (#3804) 2018-01-17 11:53:49 -05:00
Brian Kassouf
a2b9ce7de8
remove the Initialize wrap and call close explicitly (#3769) 2018-01-10 13:07:55 -08:00
Brian Kassouf
05f20305b2
secret/database: ensure plugins are closed if they cannot be initialized (#3768) 2018-01-09 13:14:50 -08:00
Brian Kassouf
2a3243546a
Update plugin deps to include context changes (#3765) 
* Update plugin deps to include context changes

* Fix tests
 2018-01-08 12:26:13 -08:00
Brian Kassouf
78adac0a24
Pass context to backends (#3750) 
* Start work on passing context to backends

* More work on passing context

* Unindent logical system

* Unindent token store

* Unindent passthrough

* Unindent cubbyhole

* Fix tests

* use requestContext in rollback and expiration managers
 2018-01-08 10:31:38 -08:00
Will Glynn
416bb41b35 Document that AWS STS lease revocation is a no-op [fixes #3736] (#3760) 2018-01-08 10:28:07 -06:00
Brian Kassouf
6a74c119f3
secret/database: Fix upgrading database backend (#3714) 2017-12-18 19:38:47 -08:00
Chris Hoffman
abbb1c623a use defaultconfig as base, adding env var test 2017-12-17 10:51:39 -05:00
Chris Hoffman
737dbca37a fixing up config to allow environment vars supported by api client 2017-12-17 09:10:56 -05:00
Chris Hoffman
20aac4dc0a adding existence check for roles 2017-12-15 19:50:20 -05:00
Chris Hoffman
b82493f9de adding access config existence check and delete endpoint 2017-12-15 19:18:32 -05:00
Chris Hoffman
152b6e4305 address some feedback 2017-12-15 17:06:56 -05:00
Chris Hoffman
16e2edf389 Merge remote-tracking branch 'oss/master' into f-nomad 
* oss/master:
  Defer reader.Close that is used to determine sha256
  changelog++
  Avoid unseal failure if plugin backends fail to setup during postUnseal (#3686)
  Add logic for using Auth.Period when handling auth login/renew requests (#3677)
  plugins/database: use context with plugins that use database/sql package (#3691)
  changelog++
  Fix plaintext backup in transit (#3692)
  Database gRPC plugins (#3666)
 2017-12-15 17:05:42 -05:00
Brian Kassouf
a401cc7cb5
Database gRPC plugins (#3666) 
* Start work on context aware backends

* Start work on moving the database plugins to gRPC in order to pass context

* Add context to builtin database plugins

* use byte slice instead of string

* Context all the things

* Move proto messages to the dbplugin package

* Add a grpc mechanism for running backend plugins

* Serve the GRPC plugin

* Add backwards compatibility to the database plugins

* Remove backend plugin changes

* Remove backend plugin changes

* Cleanup the transport implementations

* If grpc connection is in an unexpected state restart the plugin

* Fix tests

* Fix tests

* Remove context from the request object, replace it with context.TODO

* Add a test to verify netRPC plugins still work

* Remove unused mapstructure call

* Code review fixes

* Code review fixes

* Code review fixes
 2017-12-14 14:03:11 -08:00
Jeff Mitchell
96b0c31de5
Merge branch 'master' into f-nomad 2017-12-14 16:44:28 -05:00
Jeff Mitchell
2146f88052
Update Consul to use the role's configured lease on renew. (#3684) 2017-12-14 13:28:19 -05:00
Vishal Nayak
c38f9884ce Transit: backup/restore (#3637) 2017-12-14 12:51:50 -05:00
Florent H. CARRÉ
c1c052f0c1 Hardening RSA keys for PKI and SSH (#3593) 2017-12-11 13:43:56 -05:00
Chris Hoffman
628153979a
Converting key_usage and allowed_domains in PKI to CommaStringSlice (#3621) 2017-12-11 13:13:35 -05:00
Mohsen
77fc89088d Small typo relating to no_store in pki secret backend (#3662) 
* Removed typo :)

* Corrected typo in the website related to no_store
 2017-12-07 10:40:21 -05:00
Vishal Nayak
18311d253d
Transit: Refactor internal representation of key entry map (#3652) 
* convert internal map to index by string

* Add upgrade test for internal key entry map

* address review feedback
 2017-12-06 18:24:00 -05:00
Nicolas Corrarello
884e25035f
Adding SealWrap configuration, protecting the config/access path 
Signed-off-by: Nicolas Corrarello <nicolas@corrarello.com>
 2017-11-29 21:53:21 +00:00
Nicolas Corrarello
12e77fac51
Rename policy into policies 2017-11-29 16:31:17 +00:00
Nicolas Corrarello
0780c6250b
Checking if client is not nil before deleting token 
Signed-off-by: Nicolas Corrarello <nicolas@corrarello.com>
 2017-11-29 16:23:03 +00:00
Nicolas Corrarello
66840ac4db
%q quotes automatically 
Signed-off-by: Nicolas Corrarello <nicolas@corrarello.com>
 2017-11-29 16:19:31 +00:00
Nicolas Corrarello
9d78bfa721
Refactoring check for empty accessor as per Vishals suggestion 
Signed-off-by: Nicolas Corrarello <nicolas@corrarello.com>
 2017-11-29 15:58:39 +00:00
Nicolas Corrarello
a3df394134
Pull master into f-nomad 
Signed-off-by: Nicolas Corrarello <nicolas@corrarello.com>
 2017-11-29 15:56:37 +00:00
Nicolas Corrarello
e6b3438d92
Return an error if accesor_id is nil 
Signed-off-by: Nicolas Corrarello <nicolas@corrarello.com>
 2017-11-29 15:18:03 +00:00
Nicolas Corrarello
cfa0715d1e
Returning nil config if is actually nil, and catching the error before creating the client in backend.go 
Signed-off-by: Nicolas Corrarello <nicolas@corrarello.com>
 2017-11-29 11:15:54 +00:00
Nicolas Corrarello
f8babf19ad
Moving LeaseConfig function to path_config_lease.go 
Signed-off-by: Nicolas Corrarello <nicolas@corrarello.com>
 2017-11-29 11:07:17 +00:00
Nicolas Corrarello
1db26e73f4
Return error before creating a client if conf is nil 2017-11-29 11:01:31 +00:00
Nicolas Corrarello
a5f01d49e2
Sanitizing error outputs 2017-11-29 10:58:02 +00:00
Nicolas Corrarello
e3a73ead35
Renaming tokenRaw to accessorIDRaw to avoid confusion, as the token is not being used for revoking itself 2017-11-29 10:48:55 +00:00
Nicolas Corrarello
3134c7262d
Updating descriptions, defaults for roles 2017-11-29 10:44:40 +00:00
Nicolas Corrarello
a280884433
Validating that Address and Token are provided in path_config_access.go 2017-11-29 10:36:34 +00:00
Nicolas Corrarello
e1e63f8883
Removing legacy field scheme that belonged to the Consul API 2017-11-29 10:29:39 +00:00
Jeff Mitchell
0c3db8eaca Remove allow_base_domain from PKI role output. 
It was never used in a release, in favor of allow_bare_domains.

Fixes #1452 (again)
 2017-11-09 10:24:36 -05:00
Jeff Mitchell
4535c8c38d Don't read out an internal role member in PKI 2017-11-08 18:20:53 -05:00
Chris Hoffman
b2549f3922 adding ttl to secret, refactoring for consistency 2017-11-07 09:58:19 -05:00
Calvin Leung Huang
1cf3414352 Fix deprecated cassandra backend tests (#3543) 2017-11-06 17:15:45 -05:00
Chris Hoffman
26daf9d432 minor cleanup 2017-11-06 16:36:37 -05:00
Chris Hoffman
cbe172fb65 minor cleanup 2017-11-06 16:34:20 -05:00
Gregory Reshetniak
81e18aeccd added AWS enpoint handling (#3416) 2017-11-06 13:31:38 -05:00
Jeff Mitchell
33cf98026e
Add PKCS8 marshaling to PKI (#3518) 2017-11-06 12:05:07 -05:00
Nicolas Corrarello
d1e3eff618
Refactored Lease into the Backend configuration 2017-11-06 15:09:56 +00:00
Nicolas Corrarello
6560e3c24a
Attaching secretToken to backend 2017-11-06 14:28:30 +00:00
Calvin Leung Huang
ca76bc4f44
Return role info for each role on pathRoleList (#3532) 
* Return role info for each role on pathRoleList

* Change roles -> key_info, only return key_type

* Do not initialize result map in parseRole, refactor ListResponseWithInfo

* Add role list test
 2017-11-03 17:12:03 -04:00
Jeff Mitchell
8004f052da
Add some more SealWrap declarations (#3531) 2017-11-03 11:43:31 -04:00