mirrors/vault
1
0
Fork 0
mirror of https://github.com/hashicorp/vault.git synced 2025-08-17 20:17:00 +02:00
Code Issues Projects Releases Wiki Activity
10,305 Commits 2,844 Branches 445 Tags 454 MiB
9be1128201
Commit Graph

1080 Commits

Author SHA1 Message Date
Jeff Mitchell
2fbd973001 Add logic to skip initialization in some cases and some invalidation logic 2017-05-05 15:01:52 -04:00
Brian Kassouf
fcd4f903c3 Merge remote-tracking branch 'oss/master' into database-refactor 2017-05-04 12:40:00 -07:00
Brian Kassouf
886f873ffc Update docs and return a better error message 2017-05-04 11:45:27 -07:00
mymercurialsky
461d658e88 Implemented TOTP Secret Backend (#2492) 
* Initialized basic outline of TOTP backend using Postgresql backend as template

* Updated TOTP backend.go's structure and help string

* Updated TOTP path_roles.go's structure and help strings

* Updated TOTP path_role_create.go's structure and help strings

* Fixed typo in path_roles.go

* Fixed errors in path_role_create.go and path_roles.go

* Added TOTP secret backend information to cli commands

* Fixed build errors in path_roles.go and path_role_create.go

* Changed field values of period and digits from uint to int, added uint conversion of period when generating passwords

* Initialized TOTP test file based on structure of postgresql test file

* Added enforcement of input values

* Added otp library to vendor folder

* Added test steps and cleaned up errors

* Modified read credential test step, not working yet

* Use of vendored package not allowed - Test error

* Removed vendor files for TOTP library

* Revert "Removed vendor files for TOTP library"

This reverts commit fcd030994b.

* Hopefully fixed vendor folder issue with TOTP Library

* Added additional tests for TOTP backend

* Cleaned up comments in TOTP backend_test.go

* Added default values of period, algorithm and digits to field schema

* Changed account_name and issuer fields to optional

* Removed MD5 as a hash algorithm option

* Implemented requested pull request changes

* Added ability to validate TOTP codes

* Added ability to have a key generated

* Added skew, qr size and key size parameters

* Reset vendor.json prior to merge

* Readded otp and barcode libraries to vendor.json

* Modified help strings for path_role_create.go

* Fixed test issue in testAccStepReadRole

* Cleaned up error formatting, variable names and path names. Also added some additional documentation

* Moveed barcode and url output to key creation function and did some additional cleanup based on requested changes

* Added ability to pass in TOTP urls

* Added additional tests for TOTP server functions

* Removed unused QRSize, URL and Generate members of keyEntry struct

* Removed unnecessary urlstring variable from pathKeyCreate

* Added website documentation for TOTP secret backend

* Added errors if generate is true and url or key is passed, removed logger from backend, and revised parameter documentation.

* Updated website documentation and added QR example

* Added exported variable and ability to disable QR generation, cleaned up error reporting, changed default skew value, updated documentation and added additional tests

* Updated API documentation to inlude to exported variable and qr size option

* Cleaned up return statements in path_code, added error handling while validating codes and clarified documentation for generate parameters in path_keys
 2017-05-04 10:49:42 -07:00
Brian Kassouf
55f1f5116a Merge remote-tracking branch 'oss/master' into database-refactor 2017-05-04 10:45:18 -07:00
Brian Kassouf
c825362304 PR comments 2017-05-04 10:41:59 -07:00
Brian Kassouf
2af2b855f5 Feedback from PR 2017-05-03 17:37:34 -07:00
Brian Kassouf
a3619c4521 Update databse backend tests to use the APIClientMeta for the plugin conns 2017-05-03 16:34:09 -07:00
Calvin Leung Huang
207983f526 Minor comment update on cert_util 2017-05-03 16:13:54 -04:00
Chris Hoffman
cf4ef59477 Merge pull request #2575 from hashicorp/pki-colons-to-hyphens 
Change storage of PKI entries from colons to hyphens
 2017-05-03 15:07:15 -04:00
Chris Hoffman
29e5ce66bb Minor readability enhancements for migration path from old to new 2017-05-03 14:58:22 -04:00
Calvin Leung Huang
96bcd50de0 Include and use normalizeSerial func 2017-05-03 10:12:58 -04:00
Brian Kassouf
60753dcf12 Only wrap in tracing middleware if the logger is set to trace level 2017-05-02 17:19:49 -07:00
Brian Kassouf
1df8ec9ef7 Update the api for serving plugins and provide a utility to pass TLS data for commuinicating with the vault process 2017-05-02 14:40:11 -07:00
Calvin Leung Huang
8c03765bb5 Use variables for string replacements on cert_util 2017-05-02 14:11:57 -04:00
Brian Kassouf
6ddfe9aa7f Rename NewPluginServer to just Serve 2017-05-02 02:00:39 -07:00
Brian Kassouf
6ca436cdf5 Don't store an error response as a package variable 2017-05-01 15:30:56 -07:00
Brian Kassouf
b87f8a13ed Update interface name from Wrapper to a more descriptive RunnerUtil 2017-05-01 14:59:55 -07:00
Justin Gerace
2e8e9ed02d Add globbing support to the PKI backend's allowed_domains list (#2517) 2017-05-01 10:40:18 -04:00
Calvin Leung Huang
74965a87af Add test for ca and crl case 2017-04-28 08:55:28 -04:00
Vishal Nayak
c947e31d1b Return error message for failure to parse CSR (#2657) 2017-04-28 08:30:24 -04:00
Calvin Leung Huang
38a01b8e1b Refactor cert_util_test 2017-04-27 17:09:59 -04:00
Calvin Leung Huang
7fdf4acc6f Verify update operation was performed on revokeCert 2017-04-27 12:30:44 -04:00
Calvin Leung Huang
a5ddaabdba Rename tests, use HandleRequest() for existing paths 2017-04-27 09:47:56 -04:00
Brian Kassouf
2e2d3827da Add check to ensure we don't overwrite existing connections 2017-04-26 16:43:42 -07:00
Brian Kassouf
f92d6868a0 Add an error check to reset a plugin if it is closed 2017-04-26 15:55:34 -07:00
Brian Kassouf
6b050470fd Update to a RWMutex 2017-04-26 15:23:14 -07:00
Calvin Leung Huang
ced4c88050 Add remaining tests 2017-04-26 16:05:58 -04:00
Brian Kassouf
d8dbfc6a0c Update the error messages for renew and revoke 2017-04-26 10:29:16 -07:00
Brian Kassouf
37aacba0da Change ttl types to TypeDurationSecond 2017-04-26 10:02:37 -07:00
Calvin Leung Huang
4bf51ca52c Fix crl_util test 2017-04-26 09:58:34 -04:00
Calvin Leung Huang
c269fe1ce0 Tests for cert and crl util 2017-04-26 02:46:01 -04:00
Brian Kassouf
6131bdd3b9 Default deny when allowed roles is empty 2017-04-25 11:48:24 -07:00
Brian Kassouf
e18757628c Update the connection details data and fix allowedRoles 2017-04-25 11:11:10 -07:00
Brian Kassouf
58b0bbd477 Rename path_role_create to path_creds_create 2017-04-25 10:39:17 -07:00
Brian Kassouf
22612adefc Use TypeCommaStringSlice for allowed_roles 2017-04-25 10:26:23 -07:00
Brian Kassouf
6741811407 Update logging to new structure 2017-04-25 10:24:19 -07:00
Brian Kassouf
194695f1fa Don't uppercase ErrorResponses 2017-04-24 14:03:48 -07:00
Brian Kassouf
f6b96ccfa2 s/DatabaseType/Database/ 2017-04-24 13:59:12 -07:00
Brian Kassouf
f1fa617e03 Calls to builtin plugins now go directly to the implementation instead of go-plugin 2017-04-20 18:46:41 -07:00
Brian Kassouf
afc5be1c67 Merge remote-tracking branch 'oss/master' into database-refactor 2017-04-19 15:16:00 -07:00
Chris Hoffman
d6edfc2a25 Rename ParseDedupAndSortStrings to ParseDedupLowercaseAndSortStrings (#2614) 2017-04-19 10:39:07 -04:00
Chris Hoffman
6b55ab5db0 Mssql driver update (#2610) 
* Switching driver from mssql to sqlserver
* Adding explicit database to sp_msloginmappings call
 2017-04-18 17:49:59 -04:00
Jeff Mitchell
85b92811ab Update sign-verbatim to correctly set generate_lease (#2593) 2017-04-18 15:54:31 -04:00
Jeff Mitchell
866b384494 Parse and dedup but do not lowercase principals in SSH certs. (#2591) 2017-04-18 12:21:02 -04:00
Jeff Mitchell
dba2de57de Change storage of entries from colons to hyphens and add a 
lookup/migration path

Still TODO: tests on migration path

Fixes #2552
 2017-04-18 11:14:23 -04:00
Jeff Mitchell
f698db479c Fix cassandra dep breakage 2017-04-17 11:51:42 -04:00
Jeff Mitchell
f92b173295 Verify that a CSR specifies IP SANs before checking whether it's allowed (#2574) 2017-04-13 13:40:31 -04:00
Brian Kassouf
b20c17745c Add allowed_roles parameter and checks 2017-04-13 10:33:34 -07:00
Brian Kassouf
4c75326aad Cleanup path files 2017-04-12 17:35:02 -07:00
Brian Kassouf
03e2bcbc79 Update Type() to return an error 2017-04-12 16:41:06 -07:00
Brian Kassouf
f2401c0128 Merge branch 'master' into database-refactor 2017-04-12 14:29:10 -07:00
Brian Kassouf
8f75c30311 Update help text and comments 2017-04-11 11:50:34 -07:00
Brian Kassouf
da4d9a8b4f Remove unnecessary abstraction 2017-04-10 18:38:34 -07:00
Brian Kassouf
de36d61e5a Mlock the plugin process 2017-04-10 17:12:52 -07:00
Brian Kassouf
f54c4de98a Add a flag to tell plugins to verify the connection was successful 2017-04-10 15:36:59 -07:00
Brian Kassouf
64efc505c8 Update plugin test 2017-04-10 14:12:28 -07:00
Brian Kassouf
73f66f89cd Update the interface for plugins removing functions for creating creds 2017-04-10 12:24:16 -07:00
Brian Kassouf
3c1c388589 Update backend tests 2017-04-10 10:35:16 -07:00
Brian Kassouf
9ae5a2aede Add backend test 2017-04-07 15:50:03 -07:00
Shivaram Lingamneni
7cbc5d6e05 implement a no_store option for pki roles (#2565) 2017-04-07 11:25:47 -07:00
Jeff Mitchell
14c0000169 Update SSH CA documentation 
Fixes #2551
Fixes #2569
 2017-04-07 11:59:25 -04:00
Brian Kassouf
8e77bd98d8 Move plugin code into sub directory 2017-04-06 12:20:10 -07:00
Brian Kassouf
8a2e29c607 Refactor to use builtin plugins from an external repo 2017-04-05 16:20:31 -07:00
Calvin Leung Huang
73a2cdf6a5 Do not mark conn as initialized until the end (#2567) 2017-04-04 14:26:59 -07:00
Brian Kassouf
df944f2d92 Don't return strings, always structs 2017-04-04 11:33:58 -07:00
Calvin Leung Huang
8e3cb50bfc Database refactor invalidate (#2566) 
* WIP on invalidate function

* cassandraConnectionProducer has Close()

* Delete database from connections map on successful db.Close()

* Move clear connection into its own func

* Use const for database config path
 2017-04-04 11:32:42 -07:00
Jeff Mitchell
cfd522e0f0 Use ParseStringSlice on PKI organization/organizational unit. (#2561) 
After, separately dedup and use new flag to not lowercase value.

Fixes #2555
 2017-04-04 08:54:18 -07:00
Brian Kassouf
1faa5fc020 On change of configuration rotate the database type 2017-04-03 18:30:38 -07:00
Brian Kassouf
b54e1cd295 Merge branch 'database-refactor' of github.com:hashicorp/vault into database-refactor 2017-04-03 17:52:41 -07:00
Brian Kassouf
ac519abecf Plugin catalog 2017-04-03 17:52:29 -07:00
Calvin Leung Huang
2b08521ab6 Database refactor mssql (#2562) 
* WIP on mssql secret backend refactor

* Add RevokeUser test, and use sqlserver driver internally

* Remove debug statements

* Fix code comment
 2017-04-03 09:59:30 -07:00
Brian Kassouf
1d3d3b7803 fix for plugin commands that have more than one paramater 2017-03-28 14:37:57 -07:00
Brian Kassouf
8ef78f0610 Add comments to connection and credential producers 2017-03-28 13:08:11 -07:00
Brian Kassouf
947fd66480 Cleanup the db factory code and add comments 2017-03-28 12:57:30 -07:00
Brian Kassouf
0c562fa3d7 Update tests 2017-03-28 12:20:17 -07:00
Brian Kassouf
6de5cfad5e Add functionaility to build db objects from disk so restarts work 2017-03-28 11:30:45 -07:00
Brian Kassouf
d93378bb29 Fix for checking types of database on update 2017-03-28 10:04:42 -07:00
Brian Kassouf
b2c4555c1f Wrap the database calls with tracing information 2017-03-27 15:17:28 -07:00
Brian Kassouf
ca026c6cfd Remove the unused sync.Once object 2017-03-27 11:46:20 -07:00
Brian Kassouf
e870e399a2 More work on getting tests to pass 2017-03-23 15:54:15 -07:00
Brian Kassouf
a1b72465dd Remove unsused code block 2017-03-22 17:09:39 -07:00
Brian Kassouf
cab491f7b7 s/postgres/mysql/ 2017-03-22 16:44:33 -07:00
Brian Kassouf
73e553af95 Add test files for postgres and mysql databases 2017-03-22 16:39:08 -07:00
Brian Kassouf
9aaec25a4e Add a error message for empty creation statement 2017-03-22 12:40:16 -07:00
Brian Kassouf
1be813605f Fix race with deleting the connection 2017-03-22 09:54:19 -07:00
Brian Kassouf
2d6f36df17 Add a delete method 2017-03-21 17:19:30 -07:00
Brian Kassouf
2fdb3422a9 Verify connections regardless of if this connections is already existing 2017-03-21 16:05:59 -07:00
Vishal Nayak
16d41a8b28 sshca: ensure atleast cert type is allowed (#2508) 2017-03-19 18:58:48 -04:00
Brian Kassouf
ff6749b198 Comment and fix plugin Type function 2017-03-16 18:24:56 -07:00
Brian Kassouf
404596e261 Change the handshake config from the default 2017-03-16 17:51:25 -07:00
Brian Kassouf
4043f533b8 Add a secure config to verify the checksum of the plugin 2017-03-16 16:20:18 -07:00
Brian Kassouf
2ef1cbf3a6 Comment and slight refactor of the TLS plugin helper 2017-03-16 14:14:49 -07:00
Brian Kassouf
3890f194a4 Break tls code into helper library 2017-03-16 11:55:21 -07:00
Jeff Mitchell
3f67ab489a Ensure CN check is made when exclude_cn_from_sans is used 
Fixes #2363
 2017-03-16 11:41:13 -04:00
Jeff Mitchell
a5d1808efe Always include a hash of the public key and "vault" (to know where it (#2498) 
came from) when generating a cert for SSH.

Follow on from #2494
 2017-03-16 11:14:17 -04:00
Mike Okner
6f84f7ffd0 Adding allow_user_key_ids field to SSH role config (#2494) 
Adding a boolean field that determines whether users will be allowed to
set the ID of the signed SSH key or whether it will always be the token
display name.  Preventing users from changing the ID and always using
the token name is useful for auditing who actually used a key to access
a remote host since sshd logs key IDs.
 2017-03-16 08:45:11 -04:00
Brian Kassouf
5b05f62fa3 Work on TLS communication over plugins 2017-03-15 17:14:48 -07:00
Jeff Mitchell
688104e69a Allow roles to specify whether CSR SANs should be used instead of (#2489) 
request values. Fix up some documentation.

Fixes #2451
Fixes #2488
 2017-03-15 14:38:18 -04:00
Jeff Mitchell
799000be20 Set CA chain when intermediate does not have an authority key ID. 
This is essentially an approved review of the code provided in #2465.

Fixes #2465
 2017-03-15 11:52:02 -04:00
Brian Kassouf
a6ae4bd356 wrap plugin database type with metrics middleware 2017-03-14 13:12:47 -07:00
Brian Kassouf
143166b1ba Add a metrics middleware 2017-03-14 13:11:28 -07:00
Stanislav Grozev
70b30b40d4 Reads on unconfigured SSH CA public key return 400 2017-03-14 10:21:48 -04:00
Stanislav Grozev
5f3397bff5 Reads on ssh/config/ca return the public keys 
If configured/generated.
 2017-03-14 10:21:48 -04:00
Stanislav Grozev
d22796c644 If generating an SSH CA signing key - return the public part 
So that the user can actually use the SSH CA, by adding the public key
to their respective sshd_config/authorized_keys, etc.
 2017-03-14 10:21:48 -04:00
Brian Kassouf
c111b02568 Add a way to initalize plugins and builtin databases the same way. 2017-03-13 14:39:55 -07:00
Brian Kassouf
a0d207e254 Add checksum attribute 2017-03-10 14:10:42 -08:00
Brian Kassouf
72a878b180 Rename reset to close 2017-03-09 22:35:45 -08:00
Brian Kassouf
b63147b7c2 Add special path to enforce root on plugin configuration 2017-03-09 21:31:29 -08:00
Brian Kassouf
3766ab14e5 Add plugin file 2017-03-09 17:43:58 -08:00
Brian Kassouf
d4ea6c1768 Add plugin features 2017-03-09 17:43:37 -08:00
Vishal Nayak
9af1ca3d2c doc: ssh allowed_users update (#2462) 
* doc: ssh allowed_users update

* added some more context in default_user field
 2017-03-09 10:34:55 -05:00
vishalnayak
3bd667a931 Fix typo 2017-03-08 17:49:39 -05:00
Brian Kassouf
00359cdea4 Update secrets fields 2017-03-08 14:46:53 -08:00
Vishal Nayak
a4e41f6568 SSH CA enhancements (#2442) 
* Use constants for storage paths

* Upgrade path for public key storage

* Fix calculateValidPrincipals, upgrade ca_private_key, and other changes

* Remove a print statement

* Added tests for upgrade case

* Make exporting consistent in creation bundle

* unexporting and constants

* Move keys into a struct instead of plain string

* minor changes
 2017-03-08 17:36:21 -05:00
Brian Kassouf
cd68899a4a Fix renew and revoke calls 2017-03-07 17:21:44 -08:00
Brian Kassouf
73200db1d9 Add defaults to the cassandra databse type 2017-03-07 17:00:52 -08:00
Brian Kassouf
78fdc2ad24 Pass statements object 2017-03-07 16:48:17 -08:00
Brian Kassouf
01300e026b Remove unused sql object 2017-03-07 15:34:23 -08:00
Brian Kassouf
1d23bbbe28 Remove double lock 2017-03-07 15:33:05 -08:00
Brian Kassouf
c823ad0597 Update locking functionaility 2017-03-07 13:48:29 -08:00
Jeff Mitchell
df575f0b3a Rename helper 'duration' to 'parseutil'. (#2449) 
Add a ParseBool function that accepts various kinds of ways of
specifying booleans.

Have config use ParseBool for UI and disabling mlock/cache.
 2017-03-07 11:21:22 -05:00
Brian Kassouf
354233f91d rename mysql variable 2017-03-03 15:07:41 -08:00
Brian Kassouf
4d335099de Make db instances immutable and add a reset path to tear down and create a new database instance with an updated config 2017-03-03 14:38:49 -08:00
Brian Kassouf
fa8da4cf91 Fix mysql connections 2017-03-03 14:38:49 -08:00
Brian Kassouf
e442917e26 Add mysql into the factory 2017-03-03 14:38:48 -08:00
Brian Kassouf
5e2cffcdd0 Add max connection lifetime param and set consistancy on cassandra session 2017-03-03 14:38:48 -08:00
Brian Kassouf
cee3dc9b9e s/Statement/Statements/ 2017-03-03 14:38:48 -08:00
Brian Kassouf
bfbb104e19 Add mysql database type 2017-03-03 14:38:48 -08:00
Brian Kassouf
ad17d113c7 More work on refactor and cassandra database 2017-03-03 14:38:48 -08:00
Brian Kassouf
3d77a9a6f4 Begin work on database refactor 2017-03-03 14:38:48 -08:00
Vishal Nayak
8491db3ce6 ssh: Added DeleteOperation to config/ca (#2434) 
* ssh: Added DeleteOperation to config/ca

* Address review feedback
 2017-03-03 10:19:45 -05:00
Jeff Mitchell
5fe459f91a Update SSH CA logic/tests 2017-03-02 16:39:22 -05:00
Vishal Nayak
93b74ebe71 Refactor the generate_signing_key processing (#2430) 2017-03-02 16:22:06 -05:00
Jeff Mitchell
1c821e448d Update error text to make it more obvious what the issue is when valid principals aren't found 2017-03-02 15:56:08 -05:00
Jeff Mitchell
db29bde264 Fix a bunch of errors from returning 5xx, and parse more duration types 2017-03-02 15:38:34 -05:00
Will May
ffb5ee7fda Changes from code review 2017-03-02 14:36:13 -05:00
Will May
f9d853f7f0 Allow internal generation of the signing SSH key pair 2017-03-02 14:36:13 -05:00
Vishal Nayak
d30a833db7 Rework ssh ca (#2419) 
* docs: input format for default_critical_options and default_extensions

* s/sshca/ssh

* Added default_critical_options and default_extensions to the read endpoint of role

* Change default time return value to 0
 2017-03-01 15:50:23 -05:00
Will May
7d9cb5bffe Changes from code review 
Major changes are:
* Remove duplicate code
* Check the public key used to configure the backend is a valid one
 2017-03-01 15:19:18 -05:00
Will May
59397250da Changes from code review 
Major changes are:
* Change `allow_{user,host}_certificates` to default to false
* Add separate `allowed_domains` role property
 2017-03-01 15:19:18 -05:00
Will May
1d59b965cb Add ability to create SSH certificates 2017-03-01 15:19:18 -05:00
vishalnayak
041817b300 Fix broken build caused due to resolve merge conflicts 2017-02-24 12:41:20 -05:00
Vishal Nayak
e3016053b3 PKI: Role switch to control lease generation (#2403) 
* pki: Make generation of leases optional

* pki: add tests for upgrading generate_lease

* pki: add tests for leased and non-leased certs

* docs++ pki generate_lease

* Generate lease is applicable for both issuing and signing

* pki: fix tests

* Address review feedback

* Address review feedback
 2017-02-24 12:12:40 -05:00
Saj Goonatilleke
9cd9fbbad3 pki: Include private_key_type on DER-formatted responses from /pki/issue/ (#2405) 2017-02-24 11:17:59 -05:00
Jeff Mitchell
8acbdefdf2 More porting from rep (#2388) 
* More porting from rep

* Address review feedback
 2017-02-16 16:29:30 -05:00
Jeff Mitchell
98c7bd6c03 Port some replication bits to OSS (#2386) 2017-02-16 15:15:02 -05:00
Jeff Mitchell
28883acc16 Fix copypasta, thanks tests 2017-02-16 01:32:39 -05:00
Jeff Mitchell
5e5d9baabe Add Organization support to PKI backend. (#2380) 
Fixes #2369
 2017-02-16 01:04:29 -05:00
Vishal Nayak
a9121ff733 transit: change batch input format (#2331) 
* transit: change batch input format

* transit: no json-in-json for batch response

* docs: transit: update batch input format

* transit: fix tests after changing response format
 2017-02-06 14:56:16 -05:00
Vishal Nayak
3797666436 Transit: Support batch encryption and decryption (#2143) 
* Transit: Support batch encryption

* Address review feedback

* Make the normal flow go through as a batch request

* Transit: Error out if encryption fails during batch processing

* Transit: Infer the 'derived' parameter based on 'context' being set

* Transit: Batch encryption doc updates

* Transit: Return a JSON string instead of []byte

* Transit: Add batch encryption tests

* Remove plaintext empty check

* Added tests for batch encryption, more coming..

* Added more batch encryption tests

* Check for base64 decoding of plaintext before encrypting

* Transit: Support batch decryption

* Transit: Added tests for batch decryption

* Transit: Doc update for batch decryption

* Transit: Sync the path-help and website docs for decrypt endpoint

* Add batch processing for rewrap

* transit: input validation for context

* transit: add rewrap batch option to docs

* Remove unnecessary variables from test

* transit: Added tests for rewrap use cases

* Address review feedback

* Address review feedback

* Address review feedback

* transit: move input checking out of critical path

* transit: allow empty plaintexts for batch encryption

* transit: use common structs for batch processing

* transit: avoid duplicate creation of structs; add omitempty to response structs

* transit: address review feedback

* transit: fix tests

* address review feedback

* transit: fix tests

* transit: rewrap encrypt user error should not error out

* transit: error out for internal errors
 2017-02-02 14:24:20 -05:00
Jeff Mitchell
3789e8c427 Add cleanup functions to multiple DB backends. (#2313) 
Ensure it's called on unmount, not just for seal.
 2017-02-01 14:05:25 -05:00
Jeff Mitchell
b44519e742 Make export errors a bit more meaningful 2017-01-30 09:25:50 -05:00
Jeff Mitchell
082aa90103 Have transit exporting return the same structure regardless of one key or many 2017-01-28 10:37:35 -05:00
Brian Kassouf
c642fbf18e Migrate cassandra test from acceptance to dockertest (#2295) 2017-01-25 15:37:55 -05:00
Jeff Mitchell
28978861de Revert "Disable PKI OU tests to fix the build" 
This reverts commit b1ab7c5603.
 2017-01-24 09:58:28 -05:00
vishalnayak
b1ab7c5603 Disable PKI OU tests to fix the build 2017-01-24 06:25:56 -05:00
joe miller
90e32515ea allow roles to set OU value in certificates issued by the pki backend (#2251) 2017-01-23 12:44:45 -05:00
Chris Hoffman
43bae79d01 Adding support for exportable transit keys (#2133) 2017-01-23 11:04:43 -05:00
Vishal Nayak
0645606f84 Merge pull request #2202 from fcantournet/fix_govet_fatalf 
all: test: Fix govet warnings
 2017-01-17 16:45:35 -05:00
Matthew Irish
231f00dff2 Transit key actions (#2254) 
* add supports_* for transit key reads

* update transit docs with new supports_* fields
 2017-01-11 10:05:06 -06:00
joe miller
a76a49732d sign-verbatim should set use_csr_common_name to true (#2243) 2017-01-10 09:47:59 -05:00
Jeff Mitchell
454ddd4c48 Use dockertest.v2 (#2247) 
New dockertest has a totally different API and will require some serious
refactoring. This will tide over until then by pinning the API version.
 2017-01-09 13:46:54 -05:00
Félix Cantournet
0d6d4211b8 all: test: Fix govet warnings 
Fix calls to t.Fatal() with formatting.
Fixed some calls to Fatalf() with wrong formatting
 2016-12-21 19:44:07 +01:00
vishalnayak
cc92d166f3 Address review feedback 2016-12-20 11:19:47 -05:00
vishalnayak
c80b1dc2b9 pki: Avoiding a storage read 2016-12-20 11:07:20 -05:00
vishalnayak
faa975326d pki: Appended error to error message 2016-12-19 10:49:32 -05:00
vishalnayak
c8319e330d PKI: Added error to the error message 2016-12-19 10:47:29 -05:00
Jeff Mitchell
a498cec44f normalize some capitlization in error messages 2016-12-15 19:02:33 -05:00
Jeff Mitchell
b9be3da2bc Fix nil value panic when Consul returns a user error (#2145) 2016-12-01 10:22:32 -08:00
vascop
59c55e0aa6 Fix typo and remove trailing whitespace. (#2074) 2016-11-08 09:32:23 -05:00
Jeff Mitchell
5a6b1987c5 Add listing to Consul secret roles (#2065) 2016-11-04 12:35:16 -04:00
vishalnayak
e6daa3782a Return the revocation_sql from role read all the time 2016-10-27 12:24:31 -04:00
vishalnayak
8293b19a98 Added revocation_sql to the website docs 2016-10-27 12:15:08 -04:00
vishalnayak
2ac019a9c5 Move policy test to keysutil package 2016-10-26 19:57:28 -04:00
vishalnayak
b30d5f5c57 Pulled out transit's lock manager and policy structs into a helper 2016-10-26 19:52:31 -04:00
vishalnayak
b408c95e0d ssh: Use temporary file to store the identity file 2016-10-18 12:50:12 -04:00
Chris Hoffman
4406a39da2 Add ability to list keys in transit backend (#1987) 2016-10-18 10:13:01 -04:00
Laura Bennett
1cc7c811c7 address feedback 2016-10-10 12:16:55 -04:00
Laura Bennett
bc58e02fe8 initial commit to fix empty consistency option issue 2016-10-08 20:22:26 -04:00
Jeff Mitchell
d7615b0477 Don't use quoted identifier for the username 2016-10-05 14:31:19 -04:00
Jeff Mitchell
37df43d534 Postgres revocation sql, beta mode (#1972) 2016-10-05 13:52:59 -04:00
vishalnayak
e90acaeb6c Refactor mysql's revoke SQL 2016-10-04 19:30:25 -04:00
Vishal Nayak
b22b4edc71 Merge pull request #1914 from jpweber/mysql-revoke 
Mysql revoke with non-wildcard hosts
 2016-10-04 17:44:15 -04:00
Jim Weber
6b9b646e8a removed an unused ok variable. Added warning and force use for default queries if role is nil 2016-10-04 17:15:29 -04:00
Jim Weber
1ec0a2d403 fixed an incorrect assignment 2016-10-03 21:51:40 -04:00
Jim Weber
1b591fb6d5 More resilient around cases of missing role names and using the default when needed. 2016-10-03 20:20:00 -04:00
Jim Weber
67d991f4ab Refactored logic some to make sure we can always fall back to default revoke statments 
Changed rolename to role
made default sql revoke statments a const
 2016-10-03 15:59:56 -04:00
Jim Weber
179c07075a fixed some more issues I had with the tests. 2016-10-03 15:58:09 -04:00
Jim Weber
aa5bb3b354 renamed rolname to role 2016-10-03 15:57:47 -04:00
Jim Weber
003d0df191 Reduced duplicated code and fixed comments and simple variable name mistakes 2016-10-03 14:53:05 -04:00
Jim Weber
10855b070f Added test for revoking mysql user with wild card host and non-wildcard host 2016-10-02 22:28:54 -04:00
Jim Weber
47465e782c saving role name to the Secret Internal data. Default revoke query added 
The rolename is now saved to the secret internal data for fetching
later during the user revocation process. No longer deriving the role
name from request path

Added support for default revoke SQL statements that will provide the
same functionality as before. If not revoke SQL statements are provided
the default statements are used.

Cleaned up personal ignores from the .gitignore file
 2016-10-02 18:53:16 -04:00
Jeff Mitchell
c748ff322f Change default TTL from 30 to 32 to accommodate monthly operations (#1942) 2016-09-28 18:32:49 -04:00
Laura Bennett
4cfe098ce4 Merge pull request #1931 from hashicorp/cass-consistency 
Adding consistency into cassandra
 2016-09-27 21:12:02 -04:00
Chris Hoffman
10c8024fa3 Adding support for chained intermediate CAs in pki backend (#1694) 2016-09-27 17:50:17 -07:00
Laura Bennett
8b41676dbc minor updates 2016-09-27 20:35:11 -04:00
Laura Bennett
011d65f59c added parsing at role creation 2016-09-27 16:01:51 -04:00
Laura Bennett
dc4fdf37d7 initial commit for consistency added into cassandra 2016-09-27 13:25:18 -04:00
Vishal Nayak
92cb781be9 Merge pull request #1910 from hashicorp/secret-id-cidr-list 
CIDR restrictions on Secret ID
 2016-09-26 10:22:48 -04:00
Jim Weber
eebd592f78 Getting role name from the creds path used in revocation 2016-09-23 16:57:08 -04:00
Jim Weber
f56f0b174c secretCredsRevoke command no longer uses hardcoded query 
The removal of a user from the db is now handled similar to the
creation. The SQL is read out of a key from the role and then executed
with values substituted for username.
 2016-09-23 16:05:49 -04:00
Jim Weber
235d67e451 Added support for a revokeSQL key value pair to the role 2016-09-23 16:00:23 -04:00
Jeff Mitchell
bba2ea63f1 Don't use time.Time in responses. (#1912) 
This fixes #1911 but not directly; it doesn't address the cause of the
panic. However, it turns out that this is the correct fix anyways,
because it ensures that the value being logged is RFC3339 format, which
is what the time turns into in JSON but not the normal time string
value, so what we audit log (and HMAC) matches what we are returning.
 2016-09-23 12:32:07 -04:00
vishalnayak
fb2f7f27ba Fix ssh tests 2016-09-22 11:37:55 -04:00
vishalnayak
c93bded97b Added cidrutil helper 2016-09-21 13:58:32 -04:00
Jeff Mitchell
902067d620 Ensure upgrades have a valid HMAC key 2016-09-21 11:10:57 -04:00
Jeff Mitchell
8482118ac6 Transit and audit enhancements 2016-09-21 10:49:26 -04:00
Chris Hoffman
cd567eb480 Renaming ttl_max -> max_ttl in mssql backend (#1905) 2016-09-20 12:39:02 -04:00
Jeff Mitchell
6f6d1f7237 Rename GetOctalFormatted and add serial number to ParsedCertBundle. Basically a noop. 2016-09-16 11:05:43 -04:00
Jeff Mitchell
cf05edaf18 Allow encrypting empty ciphertext values. (#1881) 
Replaces #1874
 2016-09-13 12:00:04 -04:00
vishalnayak
f563f38748 Use uuid.GenerateRandomBytes 2016-09-09 14:17:09 -04:00
vishalnayak
70246395d6 Not exposing structs from the backend's package 2016-09-01 11:57:28 -04:00
Jeff Mitchell
201cd2e1f7 Use unexported kdf const names 2016-08-31 07:19:58 -04:00
Jeff Mitchell
9a97f436ef Use hkdf for transit key derivation for new keys (#1812) 
Use hkdf for transit key derivation for new keys
 2016-08-30 16:29:09 -04:00
vishalnayak
8cc5cdb746 STS path field description update 2016-08-30 10:53:21 -04:00
vishalnayak
39b75c6ae9 Added UpdateOperation to logical AWS STS path 2016-08-30 10:30:13 -04:00
Vishal Nayak
fb775993f3 Merge pull request #1804 from hashicorp/issue-1800 
Mark STS secrets as non-renwable
 2016-08-29 11:46:19 -04:00
navinanandaraj
7fbdf927c1 Fixes #1801 Reuse Cassandra session object for create creds (#1802) 2016-08-28 17:32:41 -04:00
Jeff Mitchell
9cd4243362 Mark STS secrets as non-renwable 
Ping #1800
 2016-08-28 14:27:56 -04:00
Jeff Mitchell
a542df0173 Derive nonce fully in convergent mode (#1796) 
Ping #1794
 2016-08-26 17:01:56 -04:00
Jeff Mitchell
c9aa308804 Use key derivation for convergent nonce. (#1794) 
Use key derivation for convergent nonce.

Fixes #1792
 2016-08-26 14:11:03 -04:00
Jeff Mitchell
c2f3c465d3 Decode secret internal data into struct and fix type assertion. (#1781) 2016-08-24 15:04:04 -04:00
Jeff Mitchell
68345eb770 Convert to logxi 2016-08-21 18:13:37 -04:00
Jeff Mitchell
357ecb4dfe gofmt 2016-08-19 16:48:32 -04:00
Jeff Mitchell
6eca449261 Parameter change 
Both revocation times are UTC so clarify via parameter name that it's just a formatting difference. Also leave as a time.Time here, as it automatically marshals into RFC3339.
 2016-08-14 21:43:57 -04:00
Jeff Mitchell
5a12143f16 Cleanup 2016-08-13 11:52:09 -04:00
Jeff Mitchell
f0e0f960ca Ensure utc value is not zero before adding 2016-08-13 11:50:57 -04:00
Jeff Mitchell
8fd8ae7330 Ensure values to be encoded in a CRL are in UTC. This aligns with the 
RFC. You might expect Go to ensure this in the CRL generation call,
but...it doesn't.

Fixes #1727
 2016-08-13 08:40:09 -04:00
Jeff Mitchell
031437a98f Fix build 2016-08-08 17:00:59 -04:00
Jeff Mitchell
24bf6fc68e Address review feedback 2016-08-08 16:30:48 -04:00
Jeff Mitchell
84cd3c20b3 Remove context-as-nonce, add docs, and properly support datakey 2016-08-07 15:53:40 -04:00
Jeff Mitchell
b5858e2237 Add unit tests for convergence in non-context mode 2016-08-07 15:16:36 -04:00
Jeff Mitchell
c7bf73f924 Refactor convergent encryption to make specifying a nonce in addition to context possible 2016-08-05 17:52:44 -04:00
Vincent Batoufflet
38a30a92e3 Fix PKI logical backend email alt_names 2016-08-04 12:10:34 +02:00
Jeff Mitchell
9732c10d03 Add postgres test for block statements 2016-08-03 15:34:50 -04:00
Jeff Mitchell
7d1f0facb8 Add arbitrary string slice parsing. 
Like the KV function, this supports either separated strings or JSON
strings, base64-encoded or not.

Fixes #1619 in theory.
 2016-08-03 14:24:16 -04:00
vishalnayak
ddb6ae18a0 Fix invalid input getting marked as internal error 2016-07-28 16:23:11 -04:00
Jeff Mitchell
4fd83816bf Add convergence tests to transit backend 2016-07-28 11:30:52 -04:00
Laura Bennett
c6cc73b3bd Merge pull request #1635 from hashicorp/mysql-idle-conns 
Added maximum idle connections to mysql to close hashicorp/vault#1616
 2016-07-20 15:31:37 -04:00
Jeff Mitchell
6708b5d75f Set defaults to handle upgrade cases. 
Ping #1604
 2016-07-20 14:07:19 -04:00
Jeff Mitchell
a8a2886538 Merge pull request #1604 from memory/mysql-displayname-2 
concat role name and token displayname to form mysql username
 2016-07-20 14:02:17 -04:00
Nathan J. Mehl
e824f6040b use both role name and token display name to form mysql username 2016-07-20 10:17:00 -07:00
Laura Bennett
f5ed650966 whitespace error corrected 2016-07-20 12:00:05 -04:00
Nathan J. Mehl
83635c16b6 respond to feedback from @vishalnayak 
- split out usernameLength and displaynameLength truncation values,
  as they are different things

- fetch username and displayname lengths from the role, not from
  the request parameters

- add appropriate defaults for username and displayname lengths
 2016-07-20 06:36:51 -07:00
Laura Bennett
badaabc17d max_idle_connections added 2016-07-20 09:26:26 -04:00
Laura Bennett
b99c692f0d initial commit before rebase to stay current with master 2016-07-19 14:18:37 -04:00
Jeff Mitchell
8cbd94e13e Merge pull request #1414 from mhurne/mongodb-secret-backend 
Add mongodb secret backend
 2016-07-19 13:56:15 -04:00
Jeff Mitchell
33624201c2 Some minor linting 2016-07-19 13:54:18 -04:00
Matt Hurne
2f8a1daa7d Merge branch 'master' into mongodb-secret-backend 2016-07-19 12:47:58 -04:00
Matt Hurne
35472ba9f9 mongodb secret backend: Remove redundant type declarations 2016-07-19 12:35:14 -04:00
Matt Hurne
3c68002cc2 mongodb secret backend: Fix broken tests, clean up unused parameters 2016-07-19 12:26:23 -04:00
Vishal Nayak
3f0a1e4b88 Merge pull request #1629 from hashicorp/remove-verify-connection 
Remove unused VerifyConnection from storage entries of SQL backends
 2016-07-19 12:21:23 -04:00
Vishal Nayak
4e5c3631f4 Merge pull request #1583 from hashicorp/ssh-allowed-roles 
Add allowed_roles to ssh-helper-config and return role name from verify call
 2016-07-19 12:04:12 -04:00
vishalnayak
ca22b6cfdb Remove unused VerifyConnection from storage entries of SQL backends 2016-07-19 11:55:49 -04:00
Matt Hurne
a130c13c34 mongodb secret backend: Return lease ttl and max_ttl in lease read in seconds rather than as duration strings 2016-07-19 11:23:56 -04:00
Matt Hurne
8be8714e86 mongodb secret backend: Don't bother persisting verify_connection field in connection config 2016-07-19 11:20:45 -04:00
Matt Hurne
047db0ffef mongodb secret backend: Handle cases where stored username or db is not a string as expected when revoking credentials 2016-07-19 11:18:00 -04:00
Matt Hurne
d23ba11a0c Merge branch 'master' into mongodb-secret-backend 2016-07-19 10:38:45 -04:00
Jeff Mitchell
aa9c05002e Merge pull request #1573 from mickhansen/logical-postgresql-revoke-sequences 
handle revocations for roles that have privileges on sequences
 2016-07-18 13:30:42 -04:00
vishalnayak
5b458db104 Merge branch 'master-oss' into json-use-number 
Conflicts:
	http/handler.go
	logical/framework/field_data.go
	logical/framework/wal.go
	vault/logical_passthrough.go
 2016-07-15 19:21:55 -04:00
Vishal Nayak
1970ad74d7 Merge pull request #1610 from hashicorp/min-tls-ver-12 
Set minimum TLS version in all tls.Config objects
 2016-07-13 10:53:14 -06:00
vishalnayak
6977bdd490 Handled upgrade path for TLSMinVersion 2016-07-13 12:42:51 -04:00
Vishal Nayak
64bdeec926 Merge pull request #1607 from hashicorp/standardize-time 
Remove redundant invocations of UTC() call on `time.Time` objects
 2016-07-13 10:19:23 -06:00
vishalnayak
98d5684699 Address review feedback 2016-07-13 11:52:26 -04:00
vishalnayak
150cba24a7 Added tls_min_version to consul storage backend 2016-07-12 20:10:54 -04:00
Nathan J. Mehl
417cf49bb7 allow overriding the default truncation length for mysql usernames 
see https://github.com/hashicorp/vault/issues/1605
 2016-07-12 17:05:43 -07:00
vishalnayak
ee6ba1e85e Make 'tls_min_version' configurable 2016-07-12 19:32:47 -04:00
vishalnayak
f200a8568b Set minimum TLS version in all tls.Config objects 2016-07-12 17:06:28 -04:00
vishalnayak
9f208ae8f2 Revert 'risky' changes 2016-07-12 16:38:07 -04:00
Jeff Mitchell
7129fd5785 Switch to pester from go-retryablehttp to avoid swallowing 500 error messages 2016-07-11 21:37:46 +00:00
Mick Hansen
cc742a6fc5 incorporate code style guidelines 2016-07-11 13:35:35 +02:00
Mick Hansen
463294f4c6 handle revocations for roles that have privileges on sequences 2016-07-11 13:16:45 +02:00
Nathan J. Mehl
0648160276 use role name rather than token displayname in generated mysql usernames 
If a single token generates multiple myself roles, the generated mysql
username was previously prepended with the displayname of the vault
user; this makes the output of `show processlist` in mysql potentially
difficult to correlate with the roles actually in use without cross-
checking against the vault audit log.

See https://github.com/hashicorp/vault/pull/1603 for further discussion.
 2016-07-10 15:57:47 -07:00
Matt Hurne
0a5a815c68 mongodb secret backend: Improve safety of MongoDB roles storage 2016-07-09 21:12:42 -04:00
vishalnayak
f59a69bc52 Remove Unix() invocations on 'time.Time' objects and removed conversion of time to UTC 2016-07-08 18:30:18 -04:00
Matt Hurne
0a4638080a Format code in mongodb secret backend 2016-07-07 23:16:11 -04:00
Matt Hurne
2c3b5513df mongodb secret backend: Improve and correct errors in documentation; improve "parameter is required" error response messages 2016-07-07 23:09:45 -04:00
Matt Hurne
611b08a5b9 mongodb secret backend: Refactor to eliminate unnecessary variable 2016-07-07 22:29:17 -04:00
Matt Hurne
afcff23362 mongodb secret backend: Consider a "user not found" response a success when removing a user from Mongo 2016-07-07 22:27:47 -04:00
Matt Hurne
67c2c0a1dd mongodb secret backend: Improve roles path help 2016-07-07 22:16:34 -04:00
Matt Hurne
8a6959211e mongodb secret backend: Remove default value for Mongo authentication DB for roles; validate that role name and authentication db were specified when creating a role 2016-07-07 22:09:00 -04:00
Matt Hurne
1fa764275b mongodb secret backend: Leverage framework.TypeDurationSecond to simplify storage of lease ttl and max_ttl 2016-07-07 21:48:44 -04:00
Matt Hurne
350ffcf79f mongodb secret backend: Verify existing Session is still working before reusing it 2016-07-07 21:37:44 -04:00
vishalnayak
c99cc155ff Fix transit tests 2016-07-06 22:04:08 -04:00
vishalnayak
ef97199360 Added JSON Decode and Encode helpers. 
Changed all the occurances of Unmarshal to use the helpers.
Fixed http/ package tests.
 2016-07-06 12:25:40 -04:00
vishalnayak
b632ef58e4 Add allowed_roles to ssh-helper-config and return role name from verify call 2016-07-05 11:14:29 -04:00
Matt Hurne
8dbefb68b0 Merge branch 'master' into mongodb-secret-backend 2016-07-05 09:33:12 -04:00
Matt Hurne
2aba34d41d mongodb secret backend: Add support for reading connection configuration; Dockerize tests 2016-07-05 09:32:38 -04:00
Sean Chittenden
f66cd75583
Move the parameter down to where the statement is executed. 2016-07-03 16:20:27 -07:00
Sean Chittenden
00ab56060a
Use lib/pq's QuoteIdentifier() on all identifiers and Prepare 
for all literals.
 2016-07-03 16:01:39 -07:00
Matt Hurne
7571487c7f Merge branch 'master' into mongodb-secret-backend 2016-07-01 20:39:13 -04:00
Jeff Mitchell
cec644f327 Shave off a lot of PKI testing time by not requiring key generation when testing CSRs. Also enable all tests all the time. 2016-07-01 17:28:48 -04:00
Jeff Mitchell
5762446724 Merge pull request #1581 from mp911de/cassandra_connect_timeout 
Support connect_timeout for Cassandra and align timeout.
 2016-07-01 22:33:24 +02:00
Mark Paluch
895eac0405 Address review feedback. 
Switch ConnectTimeout to framework.TypeDurationSecond  with a default of 5. Remove own parsing code.
 2016-07-01 22:26:08 +02:00
Mark Paluch
f85b2b11d3 Support connect_timeout for Cassandra and align timeout. 
The cassandra backend now supports a configurable connect timeout. The timeout is configured using the connect_timeout parameter in the session configuration.  Also align the timeout to 5 seconds which is the default for the Python and Java drivers.

Fixes #1538
 2016-07-01 21:22:37 +02:00
Jeff Mitchell
7fc4ae959a Migrate Consul acceptance tests to Docker 2016-07-01 13:59:56 -04:00
Matt Hurne
c8cbd33f74 mongodb secret backend: Parse ssl URI option as a boolean rather than relying on string comparison 2016-07-01 13:55:06 -04:00
Jeff Mitchell
ef98d56fba Have SQL backends Ping() before access. 
If unsuccessful, reestablish connections as needed.
 2016-07-01 12:02:17 -04:00
Jeff Mitchell
b0844f9aea Always run transit acceptance tests 2016-07-01 11:45:56 -04:00
Jeff Mitchell
1ba78db242 Convert MySQL tests to Dockerized versions 2016-07-01 11:36:28 -04:00
Matt Hurne
339aec9751 mongodb secret backend: Refactor URI parsing logic to leverage url.Parse 2016-07-01 09:12:26 -04:00
Matt Hurne
3c666532c8 mongodb secret backend: Prefix all generated usernames with "vault-", and cleanly handle empty display names when generating usernames 2016-06-30 21:11:45 -04:00
Matt Hurne
2eb0e16e1c Merge branch 'master' into mongodb-secret-backend 2016-06-30 16:43:53 -04:00
Jeff Mitchell
dfd8a530db Add comment around bind to localhost 2016-06-30 13:49:11 -04:00
Jeff Mitchell
f9d40aa63b Dockerize Postgres secret backend acceptance tests 
Additionally enable them on all unit test runs.
 2016-06-30 13:46:39 -04:00
Jeff Mitchell
c4c948ff64 Use TRACE not WARN here 2016-06-30 12:41:56 -04:00
Matt Hurne
bbf0e27717 Persist verify_connection field in mongodb secret backend's connection config 2016-06-30 11:39:02 -04:00
Matt Hurne
f55955c2d8 Rename mongodb secret backend's 'ttl_max' lease configuration field to 'max_ttl' 2016-06-30 09:57:43 -04:00
Matt Hurne
7e3e246f55 Merge branch 'master' into mongodb-secret-backend 2016-06-30 09:02:30 -04:00
Jeff Mitchell
444c4d0a8c Fix test 2016-06-30 08:21:00 -04:00
Jeff Mitchell
f3ef5cd52d Change warn to trace for these messages 2016-06-29 21:04:02 -04:00
Jeff Mitchell
709f0e4093 Merge remote-tracking branch 'oss/master' into postgres-pl-lock 2016-06-29 17:40:34 -04:00
Jeff Mitchell
d9fa64a07c Add stmt close calls 2016-06-29 17:39:47 -04:00
Jeff Mitchell
fb9a4a15c5 Run prepare on the transaction, not the db 2016-06-29 17:20:41 -04:00
Matt Hurne
4c97b1982a Add mongodb secret backend 2016-06-29 08:33:06 -04:00
cara marie
8b11798807 removed option to create 1024 keybitlength certs 2016-06-28 16:56:14 -04:00
Jeff Mitchell
f24a17f343 Add more debug output 2016-06-28 11:03:56 -04:00
Jeff Mitchell
ccf36b81f1 Add some logging to enter/exit of some functions 2016-06-24 16:11:22 -04:00
Jeff Mitchell
307b30d6be Address review feedback 2016-06-23 10:18:03 -04:00
Jeff Mitchell
cd41344685 Add some more testing 2016-06-23 09:49:03 -04:00
Jeff Mitchell
48bd5db7af Set some basic key usages by default. 
Some programs (such as OpenVPN) don't like it if you don't include key
usages. This adds a default set that should suffice for most extended
usages. However, since things get twitchy when these are set in ways
various crypto stacks don't like, it's fully controllable by the user.

Fixes #1476
 2016-06-22 16:08:24 -04:00
Jeff Mitchell
13a778ab92 Revert "Use x509 package ext key usage instead of custom type" 
This reverts commit 0b2d8ff475.
 2016-06-22 13:07:31 -04:00
Jeff Mitchell
0b2d8ff475 Use x509 package ext key usage instead of custom type 2016-06-22 11:51:32 -04:00
Jeff Mitchell
7ffa7deb92 Do some internal renaming in PKI 2016-06-22 11:39:57 -04:00
Vishal Nayak
3291ce6551 Merge pull request #1515 from hashicorp/sql-config-reading 
Allow reading of config in sql backends
 2016-06-21 10:07:34 -04:00
vishalnayak
ff90768684 Added warnings when configuring connection info in sql backends 2016-06-21 09:58:57 -04:00
Vishal Nayak
513346a297 Merge pull request #1546 from hashicorp/secret-aws-roles 
Added list functionality to logical aws backend's roles
 2016-06-20 20:10:24 -04:00
vishalnayak
677028e161 Added test case for listing aws secret backend roles 2016-06-20 20:09:31 -04:00
vishalnayak
c37ef12834 Added list functionality to logical aws backend's roles 2016-06-20 19:51:04 -04:00
Vishal Nayak
55757decec Merge pull request #1514 from hashicorp/backend-return-objects 
Backend() functions should return 'backend' objects.
 2016-06-20 19:30:00 -04:00
Jeff Mitchell
1c15a56726 Add convergent encryption option to transit. 
Fixes #1537
 2016-06-20 13:17:48 -04:00
vishalnayak
799bb9c286 Address review feedback 2016-06-17 10:11:39 -04:00
vishalnayak
adbfef8561 Allow reading of config in sql backends 2016-06-11 11:48:40 -04:00
vishalnayak
cfe0aa860e Backend() functions should return 'backend' objects. 
If they return pointers to 'framework.Backend' objects, the receiver functions can't be tested.
 2016-06-10 15:53:02 -04:00
Laura Bennett
c21ef90dba Merge pull request #1498 from hashicorp/pki-list 
PKI List Functionality
 2016-06-08 15:42:50 -04:00
vishalnayak
07824acfae Fix broken test 2016-06-08 13:00:19 -04:00
vishalnayak
6d730e33bf Minor changes to the RabbitMQ acceptance tests 2016-06-08 12:50:43 -04:00
LLBennett
44b1f5fc25 Updates to the test based on feedback. 2016-06-08 16:49:10 +00:00
Laura Bennett
5d945067de Add PKI listing 2016-06-08 11:50:59 -04:00
Jeff Mitchell
9ceeb685e9 Add an explicit default for TTLs for rabbit creds 2016-06-08 11:35:09 -04:00
Jeff Mitchell
e16a46bca2 Fix some typos in rmq text and structure 2016-06-08 11:31:57 -04:00
vishalnayak
618a82567e Added pooled transport for rmq client. Added tests 2016-06-08 10:46:46 -04:00
Jeff Mitchell
d5fb9ee98d Migrate to go-uuid 2016-06-08 10:36:16 -04:00
vishalnayak
f216292e68 Polish the code 2016-06-08 10:25:03 -04:00
Vishal Nayak
8b15722fb4 Merge pull request #788 from doubledutch/master 
RabbitMQ Secret Backend
 2016-06-08 10:02:24 -04:00
Jeff Mitchell
196776b9b8 Make logical.InmemStorage a wrapper around physical.InmemBackend. 
This:

* Allows removing LockingInmemStorage since the physical backend already
  locks properly
* Makes listing work properly by adhering to expected semantics of only
  listing up to the next prefix separator
* Reduces duplicated code
 2016-06-06 12:03:08 -04:00
Jeff Mitchell
c2a8b09e7b Use backend function instead of separate backend creation in consul 2016-06-03 10:08:58 -04:00
Jeff Mitchell
551f4a8606 Change AWS/SSH to reuse backend creation code for test functions 2016-06-01 12:17:47 -04:00
Vishal Nayak
577a993223 Merge pull request #1445 from hashicorp/consul-fixups 
Reading consul access configuration in the consul secret backend.
 2016-06-01 12:11:12 -04:00