mirrors/vault
1
0
Fork 0
mirror of https://github.com/hashicorp/vault.git synced 2025-08-17 20:17:00 +02:00
Code Issues Projects Releases Wiki Activity
17,641 Commits 2,844 Branches 445 Tags 454 MiB
a2de4c75cd
Commit Graph

165 Commits

Author SHA1 Message Date
Vishal Nayak
513346a297 Merge pull request #1546 from hashicorp/secret-aws-roles 
Added list functionality to logical aws backend's roles
 2016-06-20 20:10:24 -04:00
vishalnayak
677028e161 Added test case for listing aws secret backend roles 2016-06-20 20:09:31 -04:00
vishalnayak
c37ef12834 Added list functionality to logical aws backend's roles 2016-06-20 19:51:04 -04:00
vishalnayak
cfe0aa860e Backend() functions should return 'backend' objects. 
If they return pointers to 'framework.Backend' objects, the receiver functions can't be tested.
 2016-06-10 15:53:02 -04:00
Jeff Mitchell
74a1e3bd61 Remove most Root paths 2016-05-31 23:42:54 +00:00
Jeff Mitchell
8efe203a8e Don't use pointers to int64 in function calls when not necessary 2016-05-19 12:26:02 -04:00
Jeff Mitchell
8c3e9c4753 Merge pull request #1318 from steve-jansen/aws-logical-assume-role 
Add sts:AssumeRole support to the AWS secret backend
 2016-05-19 12:17:27 -04:00
Steve Jansen
69740e57e0 Adds sts:AssumeRole support to the AWS secret backend 
Support use cases where you want to provision STS tokens
using Vault, but, you need to call AWS APIs that are blocked
for federated tokens.  For example, STS federated tokens cannot
invoke IAM APIs, such as  Terraform scripts containing
`aws_iam_*` resources.
 2016-05-05 23:32:41 -04:00
Jeff Mitchell
42d9df95c1 Merge branch 'master-oss' into aws-auth-backend 2016-05-05 10:36:06 -04:00
Jeff Mitchell
88811a4776 Cleanups, add shared provider, ability to specify http client, and port S3 physical backend over 2016-05-03 17:01:02 -04:00
Jeff Mitchell
56cc74887f Region is required so error in awsutil if not set and set if empty in client code in logical/aws 2016-05-03 15:25:11 -04:00
Jeff Mitchell
56011c9443 Refactor AWS credential code into a function that returns a static->env->instance chain 2016-05-03 15:10:35 -04:00
vishalnayak
81e4235fc0 Support periodic tidy callback and config endpoints. 2016-04-26 10:22:29 -04:00
vishalnayak
ac5ceae0bd Added AcceptanceTest boolean to logical.TestCase 2016-04-05 15:10:44 -04:00
Matt Hurne
8bd0cc6391 Improve error message returned when client attempts to generate STS credentials for a managed policy; addresses #1113 2016-02-23 08:58:28 -05:00
vishalnayak
992a32975c Cap the length midString in IAM user's username to 42 2016-02-19 18:31:10 -05:00
Jeff Mitchell
63a8061e87 Set limits on generated IAM user and STS token names. 
Fixes #1031
Fixes #1063
 2016-02-19 16:35:06 -05:00
Jeff Mitchell
2eb08d3bde Make backends much more consistent: 
1) Use the new LeaseExtend
2) Use default values controlled by mount tuning/system defaults instead
of a random hard coded value
3) Remove grace periods
 2016-01-29 20:03:37 -05:00
Dmitriy Gromov
df65547eca STS now uses root vault user for keys 
The secretAccessKeysRevoke revoke function now asserts that it is
not dealing with STS keys by checking a new internal data flag. Defaults
to IAM when the flag is not found.

Factored out genUsername into its own function to share between STS and
IAM secret creation functions.

Fixed bad call to "WriteOperation" instead of "UpdateOperation" in
aws/backend_test
 2016-01-21 15:04:16 -05:00
Dmitriy Gromov
ea1e29fa33 Renamed sts duration to ttl and added STS permissions note. 2016-01-21 14:28:34 -05:00
Dmitriy Gromov
b37a963841 Removing debug print statement from sts code 2016-01-21 14:05:10 -05:00
Dmitriy Gromov
6f50cd9439 Fixed duration type and added acceptance test for sts 2016-01-21 14:05:10 -05:00
Dmitriy Gromov
522e8a3450 Configurable sts duration 2016-01-21 14:05:09 -05:00
Jack DeLoach
d206599b80 Add STS path to AWS backend. 
The new STS path allows for obtaining the same credentials that you would get
from the AWS "creds" path, except it will also provide a security token, and
will not have an annoyingly long propagation time before returning to the user.
 2016-01-21 14:05:09 -05:00
Jeff Mitchell
4fc58e8b41 Merge pull request #895 from nickithewatt/aws-prexisting-policies 
Allow use of pre-existing policies for AWS users
 2016-01-21 13:23:37 -05:00
Jeff Mitchell
45e32756ea WriteOperation -> UpdateOperation 2016-01-08 13:03:03 -05:00
Nicki Watt
79fb12c977 Updated AWS policy help messages 2015-12-30 19:41:07 +00:00
Nicki Watt
375a57b975 Allow use of pre-existing policies for AWS users 2015-12-30 18:05:54 +00:00
Jeff Mitchell
5a5d4212af Fix AWS tests 2015-12-01 00:05:04 -05:00
Seth Vargo
3e2c4ffb7b Fix breaking API changes 2015-10-30 18:22:48 -04:00
Jeff Mitchell
5c0a16b16a Use cleanhttp instead of bare http.Client 2015-10-22 14:37:12 -04:00
Jeff Mitchell
0dbbef1ac0 Don't use http.DefaultClient 
This strips out http.DefaultClient everywhere I could immediately find
it. Too many things use it and then modify it in incompatible ways.

Fixes #700, I believe.
 2015-10-15 17:54:00 -04:00
Jeff Mitchell
0d885535e6 Merge pull request #567 from hobbeswalsh/master 
Spaces in displayName break AWS IAM
 2015-08-26 12:37:52 -04:00
Robin Walsh
52eeb8551e Adding one more test (for no-op case) 2015-08-26 09:26:20 -07:00
Robin Walsh
e67b8d42ca Adding unit test for normalizeDisplayName() 2015-08-26 09:23:33 -07:00
Jeff Mitchell
8a0915b8ef Explicitly check for blank leases in AWS, and give a better error message if lease_max cannot be parsed. Fixes #569. 2015-08-26 09:04:47 -07:00
Robin Walsh
2cf6af79d6 s/string replacement/regexp replacement 2015-08-24 17:00:54 -07:00
Robin Walsh
e0cfb891af spaces in displayName break AWS IAM 2015-08-24 16:12:45 -07:00
vishalnayak
41678f18ae Vault: Fix wild card paths for all backends 2015-08-21 00:56:13 -07:00
Armon Dadgar
e4bb074fc2 Merge pull request #534 from ctennis/lease_reader 
Fix #533, add a reader for lease values (#529) and an acceptance test for mysql to prove it works
 2015-08-18 19:00:18 -07:00
Jeff Mitchell
5ffb403857 Fix AWS, again, and update Godeps. 2015-08-18 18:12:51 -07:00
Caleb Tennis
d009d79696 Fix #533, add a reader for lease values (#529) and an acceptance test for mysql to prove it works 2015-08-13 15:33:06 -04:00
Paul Hinze
0d4aa51855 Update vault code to match latest aws-sdk-go APIs 2015-08-06 11:37:08 -05:00
Seth Vargo
070d45456a Update to latest aws and move off of hashicorp/aws-sdk-go 2015-08-06 12:26:41 -04:00
Armon Dadgar
6a9dc00e57 Remove SetLogger, and unify on framework.Setup 2015-06-30 17:45:20 -07:00
Armon Dadgar
22f543f837 Updating for backend API change 2015-06-30 17:36:12 -07:00
Armon Dadgar
28dd283c93 builtin: fixing API change in logical framework 2015-06-17 14:34:11 -07:00
Armon Dadgar
478a5965ee secret/aws: Using roles instead of policy 2015-04-27 14:20:28 -07:00
Armon Dadgar
aaf10cd624 Do not root protect role configurations 2015-04-27 14:07:20 -07:00
Mitchell Hashimoto
ec452d8b9a logical/aws: leasing/renewal support 2015-04-18 22:25:37 -07:00
Mitchell Hashimoto
a9ef546459 logical/aws: fix build 2015-04-18 22:22:35 -07:00
Mitchell Hashimoto
06c4e52377 logical/aws: move root creds config to config/root 2015-04-18 22:21:31 -07:00
Mitchell Hashimoto
710a5b1464 logical/aws: support read/delete policies 2015-04-18 22:13:12 -07:00
Armon Dadgar
59073cf775 logical/aws: Use display name for IAM username 2015-04-15 15:05:00 -07:00
Mitchell Hashimoto
c30d877fa4 rename vault id to lease id all over 2015-04-10 20:35:14 -07:00
Mitchell Hashimoto
d9e38470a8 logical/framework: better string values for types 2015-04-03 21:15:59 -07:00
Mitchell Hashimoto
105e68387a logical/aws: help 2015-04-03 21:10:54 -07:00
Mitchell Hashimoto
e56b16b6d7 logical/framework: support root help 2015-04-03 20:36:47 -07:00
Mitchell Hashimoto
630da54522 logical/aws: policy doesn't need to be base64 2015-03-31 17:26:41 -07:00
Mitchell Hashimoto
7fa65ef5b0 logical/*: fix compilation errors 2015-03-30 20:30:07 -07:00
Mitchell Hashimoto
c3342cd344 logical/aws: refactor access key create to the secret file 2015-03-21 11:49:56 +01:00
Mitchell Hashimoto
f08879971e logical/aws: remove debug I was using to test rollback :) 2015-03-21 11:20:22 +01:00
Mitchell Hashimoto
f99f6c910e logical/aws: WAL entry for users, rollback 2015-03-21 11:18:46 +01:00
Mitchell Hashimoto
ac8570c809 main: enable AWS backend 2015-03-20 19:32:18 +01:00
Mitchell Hashimoto
3456d9276c logical/aws 2015-03-20 19:03:20 +01:00