mirrors/vault
1
0
Fork 0
mirror of https://github.com/hashicorp/vault.git synced 2025-08-22 23:21:08 +02:00
Code Issues Projects Releases Wiki Activity
17,641 Commits 2,843 Branches 445 Tags
Commit Graph

1688 Commits

Author SHA1 Message Date
Brian Kassouf
2ef1cbf3a6 Comment and slight refactor of the TLS plugin helper 2017-03-16 14:14:49 -07:00
Brian Kassouf
3890f194a4 Break tls code into helper library 2017-03-16 11:55:21 -07:00
Jeff Mitchell
3f67ab489a Ensure CN check is made when exclude_cn_from_sans is used 
Fixes #2363
 2017-03-16 11:41:13 -04:00
Jeff Mitchell
a5d1808efe Always include a hash of the public key and "vault" (to know where it (#2498) 
came from) when generating a cert for SSH.

Follow on from #2494
 2017-03-16 11:14:17 -04:00
Mike Okner
6f84f7ffd0 Adding allow_user_key_ids field to SSH role config (#2494) 
Adding a boolean field that determines whether users will be allowed to
set the ID of the signed SSH key or whether it will always be the token
display name.  Preventing users from changing the ID and always using
the token name is useful for auditing who actually used a key to access
a remote host since sshd logs key IDs.
 2017-03-16 08:45:11 -04:00
Brian Kassouf
5b05f62fa3 Work on TLS communication over plugins 2017-03-15 17:14:48 -07:00
Jeff Mitchell
688104e69a Allow roles to specify whether CSR SANs should be used instead of (#2489) 
request values. Fix up some documentation.

Fixes #2451
Fixes #2488
 2017-03-15 14:38:18 -04:00
Jeff Mitchell
799000be20 Set CA chain when intermediate does not have an authority key ID. 
This is essentially an approved review of the code provided in #2465.

Fixes #2465
 2017-03-15 11:52:02 -04:00
Brian Kassouf
a6ae4bd356 wrap plugin database type with metrics middleware 2017-03-14 13:12:47 -07:00
Brian Kassouf
143166b1ba Add a metrics middleware 2017-03-14 13:11:28 -07:00
Stanislav Grozev
70b30b40d4 Reads on unconfigured SSH CA public key return 400 2017-03-14 10:21:48 -04:00
Stanislav Grozev
5f3397bff5 Reads on ssh/config/ca return the public keys 
If configured/generated.
 2017-03-14 10:21:48 -04:00
Stanislav Grozev
d22796c644 If generating an SSH CA signing key - return the public part 
So that the user can actually use the SSH CA, by adding the public key
to their respective sshd_config/authorized_keys, etc.
 2017-03-14 10:21:48 -04:00
Brian Kassouf
c111b02568 Add a way to initalize plugins and builtin databases the same way. 2017-03-13 14:39:55 -07:00
Brian Kassouf
a0d207e254 Add checksum attribute 2017-03-10 14:10:42 -08:00
Brian Kassouf
72a878b180 Rename reset to close 2017-03-09 22:35:45 -08:00
Brian Kassouf
b63147b7c2 Add special path to enforce root on plugin configuration 2017-03-09 21:31:29 -08:00
Brian Kassouf
3766ab14e5 Add plugin file 2017-03-09 17:43:58 -08:00
Brian Kassouf
d4ea6c1768 Add plugin features 2017-03-09 17:43:37 -08:00
Vishal Nayak
9af1ca3d2c doc: ssh allowed_users update (#2462) 
* doc: ssh allowed_users update

* added some more context in default_user field
 2017-03-09 10:34:55 -05:00
vishalnayak
3bd667a931 Fix typo 2017-03-08 17:49:39 -05:00
Brian Kassouf
00359cdea4 Update secrets fields 2017-03-08 14:46:53 -08:00
Vishal Nayak
a4e41f6568 SSH CA enhancements (#2442) 
* Use constants for storage paths

* Upgrade path for public key storage

* Fix calculateValidPrincipals, upgrade ca_private_key, and other changes

* Remove a print statement

* Added tests for upgrade case

* Make exporting consistent in creation bundle

* unexporting and constants

* Move keys into a struct instead of plain string

* minor changes
 2017-03-08 17:36:21 -05:00
Brian Kassouf
cd68899a4a Fix renew and revoke calls 2017-03-07 17:21:44 -08:00
Brian Kassouf
73200db1d9 Add defaults to the cassandra databse type 2017-03-07 17:00:52 -08:00
Brian Kassouf
78fdc2ad24 Pass statements object 2017-03-07 16:48:17 -08:00
Brian Kassouf
01300e026b Remove unused sql object 2017-03-07 15:34:23 -08:00
Brian Kassouf
1d23bbbe28 Remove double lock 2017-03-07 15:33:05 -08:00
Brian Kassouf
c823ad0597 Update locking functionaility 2017-03-07 13:48:29 -08:00
Jeff Mitchell
df575f0b3a Rename helper 'duration' to 'parseutil'. (#2449) 
Add a ParseBool function that accepts various kinds of ways of
specifying booleans.

Have config use ParseBool for UI and disabling mlock/cache.
 2017-03-07 11:21:22 -05:00
Brian Kassouf
354233f91d rename mysql variable 2017-03-03 15:07:41 -08:00
Brian Kassouf
4d335099de Make db instances immutable and add a reset path to tear down and create a new database instance with an updated config 2017-03-03 14:38:49 -08:00
Brian Kassouf
fa8da4cf91 Fix mysql connections 2017-03-03 14:38:49 -08:00
Brian Kassouf
e442917e26 Add mysql into the factory 2017-03-03 14:38:48 -08:00
Brian Kassouf
5e2cffcdd0 Add max connection lifetime param and set consistancy on cassandra session 2017-03-03 14:38:48 -08:00
Brian Kassouf
cee3dc9b9e s/Statement/Statements/ 2017-03-03 14:38:48 -08:00
Brian Kassouf
bfbb104e19 Add mysql database type 2017-03-03 14:38:48 -08:00
Brian Kassouf
ad17d113c7 More work on refactor and cassandra database 2017-03-03 14:38:48 -08:00
Brian Kassouf
3d77a9a6f4 Begin work on database refactor 2017-03-03 14:38:48 -08:00
Vishal Nayak
8491db3ce6 ssh: Added DeleteOperation to config/ca (#2434) 
* ssh: Added DeleteOperation to config/ca

* Address review feedback
 2017-03-03 10:19:45 -05:00
Jeff Mitchell
5fe459f91a Update SSH CA logic/tests 2017-03-02 16:39:22 -05:00
Vishal Nayak
93b74ebe71 Refactor the generate_signing_key processing (#2430) 2017-03-02 16:22:06 -05:00
Jeff Mitchell
1c821e448d Update error text to make it more obvious what the issue is when valid principals aren't found 2017-03-02 15:56:08 -05:00
Jeff Mitchell
db29bde264 Fix a bunch of errors from returning 5xx, and parse more duration types 2017-03-02 15:38:34 -05:00
Will May
ffb5ee7fda Changes from code review 2017-03-02 14:36:13 -05:00
Will May
f9d853f7f0 Allow internal generation of the signing SSH key pair 2017-03-02 14:36:13 -05:00
Vishal Nayak
d30a833db7 Rework ssh ca (#2419) 
* docs: input format for default_critical_options and default_extensions

* s/sshca/ssh

* Added default_critical_options and default_extensions to the read endpoint of role

* Change default time return value to 0
 2017-03-01 15:50:23 -05:00
Will May
7d9cb5bffe Changes from code review 
Major changes are:
* Remove duplicate code
* Check the public key used to configure the backend is a valid one
 2017-03-01 15:19:18 -05:00
Will May
59397250da Changes from code review 
Major changes are:
* Change `allow_{user,host}_certificates` to default to false
* Add separate `allowed_domains` role property
 2017-03-01 15:19:18 -05:00
Will May
1d59b965cb Add ability to create SSH certificates 2017-03-01 15:19:18 -05:00