mirrors/vault
1
0
Fork 0
mirror of https://github.com/hashicorp/vault.git synced 2025-08-25 00:21:07 +02:00
Code Issues Projects Releases Wiki Activity
17,641 Commits 2,840 Branches 445 Tags
Commit Graph

1688 Commits

Author SHA1 Message Date
vishalnayak
992a32975c Cap the length midString in IAM user's username to 42 2016-02-19 18:31:10 -05:00
Vishal Nayak
d123d4c02e Merge pull request #1102 from hashicorp/shorten-aws-usernames 
Set limits on generated IAM user and STS token names.
 2016-02-19 18:25:29 -05:00
Jeff Mitchell
9b57078b26 Some minor changes in mysql commenting and names 2016-02-19 16:44:52 -05:00
Jeff Mitchell
63a8061e87 Set limits on generated IAM user and STS token names. 
Fixes #1031
Fixes #1063
 2016-02-19 16:35:06 -05:00
vishalnayak
b4cd7d019e mysql: fix error message 2016-02-19 16:07:06 -05:00
vishalnayak
20342d9049 Don't deprecate value field yet 2016-02-19 16:07:06 -05:00
vishalnayak
d8f72887fc Removed connectionString.ConnectionString 2016-02-19 16:07:05 -05:00
vishalnayak
5f19c77897 mysql: provide allow_verification option to disable connection_url check 2016-02-19 16:07:05 -05:00
Jeff Mitchell
ac3191ad02 Disallow 1024-bit RSA keys. 
Existing certificates are kept but roles with key bits < 2048 will need
to be updated as the signing/issuing functions now enforce this.
 2016-02-19 14:33:02 -05:00
Vishal Nayak
ba9c0dced1 Merge pull request #1086 from hashicorp/iss962-verify-otp-response-code 
SSH: Fix response code for ssh/verify
 2016-02-18 13:32:28 -05:00
vishalnayak
f5f9a9a056 ssh: Fix response code for ssh/verify 2016-02-16 19:46:29 -05:00
vishalnayak
3bad2a3af0 Pki: Respond user error when cert is not found instead of internal error 2016-02-16 17:58:57 -05:00
Jeff Mitchell
4923624593 Merge pull request #1061 from tomrittervg/tomrittervg-typos-1 
Fix some typos
 2016-02-11 15:12:09 -05:00
Jeff Mitchell
4ff2b119eb Merge pull request #1062 from tomrittervg/tomrittervg-AllowedBaseDomain-migration 
AllowedBaseDomain will stay non-empty in certain error conditions. None of these conditions should be hit anyways, but this provides an extra safety check.
 2016-02-11 15:07:54 -05:00
Jeff Mitchell
a1a7c11154 Merge pull request #1053 from mwielgoszewski/postgresql-revocation 
Fix PostgreSQL secret backend issues revoking users
 2016-02-11 12:52:37 -05:00
Tom Ritter
b6ef18cad0 Fix AllowedBaseDomain Migration 
AllowedBaseDomain is only zero-ed out if the domain is not found in the (new) AllowedDomains configuration setting. If the domain is found, AllowedBaseDomain is not emptied and this code will be run every single time.

//untested
 2016-02-09 15:42:15 -06:00
Tom Ritter
88ae7ae9fe Typo in error message in path_intermediate.go 2016-02-09 15:08:30 -06:00
Tom Ritter
ccdbb5d910 Typo in policy.go 2016-02-08 12:00:06 -06:00
Jeff Mitchell
122773ba71 Add slack on NotBefore value for generated certs. 
This fixes an issue where, due to clock skew, one system can get a cert
and try to use it before it thinks it's actually valid. The tolerance of
30 seconds should be high enough for pretty much any set of systems
using NTP.

Fixes #1035
 2016-02-07 14:00:03 -05:00
Jeff Mitchell
f75e121d8c Introduce a locking inmem storage for unit tests that are doing concurrent things 2016-02-04 09:40:35 -05:00
Jeff Mitchell
f4df0d828e Add transit fuzz test 2016-02-03 17:36:15 -05:00
Vishal Nayak
eb482c4066 Merge pull request #1013 from hashicorp/fix-ssh-tests 
Fix SSH tests
 2016-02-02 14:22:09 -05:00
vishalnayak
6b5b96d795 Fix SSH test cases. 2016-02-02 12:32:50 -05:00
Jeff Mitchell
3ac40a7ae5 Use capabilities to determine upsert-ability in transit. 2016-02-02 10:03:14 -05:00
Jeff Mitchell
216fe1b9da Revert "Re-add upsert into transit. Defaults to off and a new endpoint /config" 
This reverts commit dc27d012c0357f93bfd5bd8d480f3e229166307a.
 2016-02-02 09:26:25 -05:00
Jeff Mitchell
dc27d012c0 Re-add upsert into transit. Defaults to off and a new endpoint /config 
can be used to turn it on for a given mount.
 2016-02-01 20:13:57 -05:00
Jeff Mitchell
d402292f85 Fix comment text 2016-02-01 17:20:16 -05:00
Jeff Mitchell
7fb8db2e6c Allow the format to be specified as pem_bundle, which creates a 
concatenated PEM file.

Fixes #992
 2016-02-01 13:19:41 -05:00
Jeff Mitchell
3b77905c75 Cassandra: 
* Add ability to change protocol version
* Remove config as a root path, use normal ACLs
* Update docs
 2016-02-01 10:27:26 -05:00
Jeff Mitchell
c60a9cd130 Remove grace periods 2016-01-31 19:33:16 -05:00
Jeff Mitchell
229973444d Match leases in the test 2016-01-29 20:45:38 -05:00
Jeff Mitchell
33f3e2727c Fix building of consul backend test 2016-01-29 20:03:38 -05:00
Jeff Mitchell
2eb08d3bde Make backends much more consistent: 
1) Use the new LeaseExtend
2) Use default values controlled by mount tuning/system defaults instead
of a random hard coded value
3) Remove grace periods
 2016-01-29 20:03:37 -05:00
Jeff Mitchell
fec6c51197 Merge pull request #979 from hashicorp/transit-locking 
Implement locking in the transit backend.
 2016-01-29 14:40:32 -05:00
Jeff Mitchell
42905b6a73 Update error return strings 2016-01-29 14:40:13 -05:00
Jeff Mitchell
ce44ccf68e Address final review feedback 2016-01-29 14:33:51 -05:00
Jeff Mitchell
99f193811a Only specify cert sign / CRL sign for CAs and only specify extended key 
usages for clients.

This will hopefully fully get rid of the various incompatible ways that
various browsers/libraries deal with key usages.

Fixes #987
 2016-01-29 10:26:35 -05:00
Jeff Mitchell
3b22ab02c6 Add listing of roles to PKI 2016-01-28 15:18:07 -05:00
Jeff Mitchell
abd71ce80e Add list support for mysql roles 2016-01-28 15:04:25 -05:00
Jeff Mitchell
9cf06240e0 Add list support for postgres roles 2016-01-28 14:41:50 -05:00
Jeff Mitchell
298892ef38 Fix postgres backend test SQL for user priv checking 2016-01-28 14:41:13 -05:00
Jeff Mitchell
5bfba62a77 Ensure generatePolicy checks disk, not just the cache, now that we aren't eager loading 2016-01-28 13:10:59 -05:00
Jeff Mitchell
886f641e5d Add listing of roles to ssh backend 2016-01-28 12:48:00 -05:00
Jeff Mitchell
65c3bc631b Remove eager loading 2016-01-28 08:59:05 -05:00
Jeff Mitchell
32aed5fa74 Embed the cache directly 2016-01-27 21:59:20 -05:00
Jeff Mitchell
4808c811ed Merge pull request #942 from wikiwi/fix-ssh-open-con 
Cleanly close SSH connections
 2016-01-27 17:18:54 -05:00
Jeff Mitchell
46514e01fa Implement locking in the transit backend. 
This ensures that we can safely rotate and modify configuration
parameters with multiple requests in flight.

As a side effect we also get a cache, which should provide a nice
speedup since we don't need to decrypt/deserialize constantly, which
would happen even with the physical LRU.
 2016-01-27 17:03:21 -05:00
Jeff Mitchell
e6b2d45c03 Move archive location; also detect first load of a policy after archive 
is added and cause the keys to be copied to the archive.
 2016-01-27 13:41:37 -05:00
Jeff Mitchell
625e8091a5 Address review feedback 2016-01-27 13:41:37 -05:00
Jeff Mitchell
463cdd3d32 Store all keys in archive always 2016-01-27 13:41:37 -05:00