mirrors/vault
1
0
Fork 0
mirror of https://github.com/hashicorp/vault.git synced 2026-01-06 09:11:10 +01:00
Code Issues Projects Releases Wiki Activity
2,495 Commits 2,849 Branches 460 Tags
Commit Graph

113 Commits

Author SHA1 Message Date
Jack DeLoach
d206599b80 Add STS path to AWS backend. 
The new STS path allows for obtaining the same credentials that you would get
from the AWS "creds" path, except it will also provide a security token, and
will not have an annoyingly long propagation time before returning to the user.
 2016-01-21 14:05:09 -05:00
Jeff Mitchell
45e32756ea WriteOperation -> UpdateOperation 2016-01-08 13:03:03 -05:00
Jeff Mitchell
5e0b16fe69 Use TypeDurationSecond instead of TypeString 2015-11-03 10:52:20 -05:00
Jeff Mitchell
af4af078fa Address first round of feedback from review 2015-11-03 10:52:20 -05:00
Jeff Mitchell
90a9f25d80 Add documentation for CRLs and some minor cleanup. 2015-11-03 10:52:20 -05:00
Jeff Mitchell
b54cb9966c Add tests for the crls path, and fix a couple bugs 2015-11-03 10:52:20 -05:00
Jeff Mitchell
d785ba6d7f Drastically simplify the method and logic; keep an in-memory cache and use that for most operations, only affecting the backend storage when needed. 2015-11-03 10:52:20 -05:00
Jeff Mitchell
2737066e09 Add delete method, and ability to delete only one serial as well as an entire set. 2015-11-03 10:52:20 -05:00
Jeff Mitchell
5eac0671ae Add CRLSets endpoints; write method is done. Add verification logic to 
login path. Change certs "ttl" field to be a string to match common
backend behavior.
 2015-11-03 10:52:19 -05:00
Jeff Mitchell
5c0a16b16a Use cleanhttp instead of bare http.Client 2015-10-22 14:37:12 -04:00
Jeff Mitchell
0dbbef1ac0 Don't use http.DefaultClient 
This strips out http.DefaultClient everywhere I could immediately find
it. Too many things use it and then modify it in incompatible ways.

Fixes #700, I believe.
 2015-10-15 17:54:00 -04:00
Jeff Mitchell
5c73e779c4 Add StaticSystemView to LDAP acceptance tests 2015-10-06 15:48:10 -04:00
vishalnayak
e47b2838a0 Added a test case. Removed setting of defaultTTL in config. 2015-10-03 15:36:57 -04:00
vishalnayak
d30beea4db Added testcases for config writes 2015-10-02 22:10:51 -04:00
vishalnayak
e89cf4d4bc Use SanitizeTTL in credential request path instead of config 2015-10-02 15:41:35 -04:00
vishalnayak
bf017d28d1 Github backend: enable auth renewals 2015-10-02 13:33:19 -04:00
Jeff Mitchell
59a3f6b5d2 Add a static system view to github credential backend to fix acceptance tests 2015-09-29 18:55:59 -07:00
Jeff Mitchell
a4ca14cfbc Add HMAC capability to salt. Pass a salt into audit backends. Require it for audit.Hash. 2015-09-18 17:38:22 -04:00
Jeff Mitchell
4836e7ca4d Make TLS backend honor SystemView default values. Expose lease TTLs on read. Make auth command show lease TTL if one exists. Addresses most of #527 2015-09-18 14:01:28 -04:00
vishalnayak
16f531da3d Userpass Bk: Added tests for TTL duration verifications 2015-09-17 16:33:26 -04:00
vishalnayak
714aff570b Vault userpass: Enable renewals for login tokens 2015-09-17 14:35:50 -04:00
Jeff Mitchell
51e948c8fc Implement the cubbyhole backend 
In order to implement this efficiently, I have introduced the concept of
"singleton" backends -- currently, 'sys' and 'cubbyhole'. There isn't
much reason to allow sys to be mounted at multiple places, and there
isn't much reason you'd need multiple per-token storage areas. By
restricting it to just one, I can store that particular mount instead of
iterating through them in order to call the appropriate revoke function.

Additionally, because revocation on the backend needs to be triggered by
the token store, the token store's salt is kept in the router and
client tokens going to the cubbyhole backend are double-salted by the
router. This allows the token store to drive when revocation happens
using its salted tokens.
 2015-09-15 13:50:37 -04:00
Jeff Mitchell
11cea42ec7 Rename View to StorageView to make it more distinct from SystemView 2015-09-15 13:50:37 -04:00
Jeff Mitchell
382b521521 Don't re-use tls configuration, to fix a possible race issue during test 2015-09-03 13:04:32 -04:00
Jeff Mitchell
06f7fb5dc3 Add base_url option to GitHub auth provider to allow selecting a custom endpoint. Fixes #572. 2015-08-28 06:28:43 -07:00
Jeff Mitchell
99041b5b6d Merge pull request #561 from hashicorp/fix-wild-cards 
Allow hyphens in endpoint patterns of most backends
 2015-08-21 11:40:42 -07:00
vishalnayak
41678f18ae Vault: Fix wild card paths for all backends 2015-08-21 00:56:13 -07:00
Jeff Mitchell
97112665e8 Internally refactor Lease/LeaseGracePeriod into TTL/GracePeriod 2015-08-20 18:00:51 -07:00
Jeff Mitchell
d3ea59e415 Disallow non-client X509 key usages for client TLS cert authentication. 2015-08-20 15:50:47 -07:00
Armon Dadgar
f4c7846438 Merge pull request #509 from ekristen/github-fix 
Reimplements #459
 2015-08-11 10:06:10 -07:00
Erik Kristensen
ce17751f4c reimplements #459 2015-08-09 11:25:45 -06:00
Michael S. Fischer
7e835f8892 Provide working example of TLS certificate authentication 
Fixes #474
 2015-08-07 15:15:53 -07:00
Erik Kristensen
5ca2816084 remove newline 2015-08-03 16:34:24 -06:00
Erik Kristensen
2c9f2d5673 fix bug #488 2015-08-03 15:47:30 -06:00
Rusty Ross
9f9b8a81e2 update doc for app-id 
make clearer in doc that user-id can accept multiple app-id mappngs as comma-separated values
 2015-08-03 09:44:26 -07:00
Armon Dadgar
b2d37df7f4 Merge pull request #464 from bgirardeau/master 
Add Multi-factor authentication with Duo
 2015-07-30 17:51:31 -07:00
Bradley Girardeau
7b6547abf7 Clean up naming and add documentation 2015-07-30 17:36:40 -07:00
Bradley Girardeau
c7b806ebf6 mfa: code cleanup 2015-07-28 11:55:46 -07:00
Bradley Girardeau
083226f317 mfa: improve edge cases and documentation 2015-07-27 21:14:00 -07:00
Bradley Girardeau
d47a12f024 mfa: add to userpass backend 2015-07-27 21:14:00 -07:00
Bradley Girardeau
85a4d740b5 ldap: add mfa support to CLI 2015-07-27 21:14:00 -07:00
Bradley Girardeau
5afc6115c7 ldap: add mfa to LDAP login 2015-07-27 21:14:00 -07:00
Raymond Pete
5b1db50733 name slug check 2015-07-26 22:21:16 -04:00
Bradley Girardeau
709b91fbd1 ldap: change setting user policies to setting user groups 2015-07-20 11:33:39 -07:00
Bradley Girardeau
7ee2419323 ldap: add ability to set policies based on username as well as groups 2015-07-14 15:46:15 -07:00
Bradley Girardeau
cbb6b64ce6 ldap: add ability to login with a userPrincipalName (user@upndomain) 2015-07-14 15:37:46 -07:00
Armon Dadgar
e7993c5bbd auth/userpass: store password as hash instead of direct. Credit @kenbreeman 2015-07-13 15:09:24 +10:00
Armon Dadgar
e907cad8be auth/userpass: protect against timing attack. Credit @kenbreeman 2015-07-13 15:01:18 +10:00
Armon Dadgar
d54ff83113 auth/app-id: protect against timing attack. Credit @kenbreeman 2015-07-13 14:58:18 +10:00
Bradley Girardeau
0ef2eca24f ldap: add starttls support and option to specificy ca certificate 2015-07-02 15:49:51 -07:00