mirrors/vault
1
0
Fork 0
mirror of https://github.com/hashicorp/vault.git synced 2025-08-26 00:51:08 +02:00
Code Issues Projects Releases Wiki Activity
17,641 Commits 2,840 Branches 445 Tags
Commit Graph

1688 Commits

Author SHA1 Message Date
Jeff Mitchell
4e73187837 Add support for EC CA keys, output to base64-encoded DER instead of PEM, and tests for all of those. Also note that Go 1.5 is now required. 2015-11-19 09:51:17 -05:00
Jeff Mitchell
62e4b89ea7 Address some minor PR feedback 2015-11-19 09:51:17 -05:00
Jeff Mitchell
f46b5b90c7 Fix otto import of uuid 2015-11-19 09:51:17 -05:00
Jeff Mitchell
76f94fe49b Cleanup, and add ability to sign CA CSRs that aren't destined for Vault 2015-11-19 09:51:17 -05:00
Jeff Mitchell
c33c43620f Add tests for intermediate signing and CRL, and fix a couple things 
Completes extra functionality.
 2015-11-19 09:51:17 -05:00
Jeff Mitchell
e45af0a17b Add unit tests to test signing logic, fix up test logic for names 2015-11-19 09:51:17 -05:00
Jeff Mitchell
10c2b9f76b Handle email address alternative names, fix up tests, fix up logic around name verification 2015-11-19 09:51:17 -05:00
Jeff Mitchell
41799529f7 Add allow_base_domain to control whether or not the actual base domain is allowed as a cert common name and/or DNS SAN 2015-11-19 09:51:17 -05:00
Jeff Mitchell
4cf1508898 Add email protection flag plumbing and tests; don't call generate bundle when making an intermediate CSR since everything is now ignored 2015-11-19 09:51:17 -05:00
Jeff Mitchell
62049cd059 Add sign method (untested) 2015-11-19 09:51:17 -05:00
Jeff Mitchell
667d5cafd3 Don't show field names when not needed 2015-11-19 09:51:17 -05:00
Jeff Mitchell
55fc4ba898 Implement CA cert/CSR generation. CA certs can be self-signed or 
generate an intermediate CSR, which can be signed.
 2015-11-19 09:51:17 -05:00
Kevin Pike
af4768cefc rabbitmq secret backend 2015-11-18 21:21:52 -08:00
Jeff Mitchell
07c0146542 Allow creating Consul management tokens 
Fixes #714
 2015-11-03 15:29:58 -05:00
Seth Vargo
3e2c4ffb7b Fix breaking API changes 2015-10-30 18:22:48 -04:00
Jeff Mitchell
8a11c2d3c7 Update Postgres tests and changelogify 2015-10-30 12:41:45 -04:00
Jeff Mitchell
d066aea418 Revoke permissions before dropping user in postgresql. 
Currently permissions are not revoked, which can lead revocation to not
actually work properly. This attempts to revoke all permissions and only
then drop the role.

Fixes issue #699
 2015-10-30 11:58:52 -04:00
Jeff Mitchell
d3aebadc3c Fix wording 2015-10-29 12:58:29 -04:00
Jeff Mitchell
5c0a16b16a Use cleanhttp instead of bare http.Client 2015-10-22 14:37:12 -04:00
Jeff Mitchell
0dbbef1ac0 Don't use http.DefaultClient 
This strips out http.DefaultClient everywhere I could immediately find
it. Too many things use it and then modify it in incompatible ways.

Fixes #700, I believe.
 2015-10-15 17:54:00 -04:00
Jeff Mitchell
0ea4271ddb Use split-out hashicorp/uuid 2015-10-12 14:07:12 -04:00
Vishal Nayak
e217795abd Merge pull request #661 from hashicorp/maxopenconns 
Parameterize max open connections in postgresql and mysql backends
 2015-10-03 16:55:20 -04:00
vishalnayak
8dc5bdf0e3 Added ConnectionURL along with ConnectionString 2015-10-02 23:47:10 -04:00
Jeff Mitchell
5088eb322c Remove use of os/user as it cannot be run with CGO disabled 2015-10-02 18:43:38 -07:00
vishalnayak
af61803256 fix struct tags 2015-10-02 14:13:27 -04:00
vishalnayak
fd72fbd342 Fix ConnectionString JSON value 2015-10-02 12:07:31 -04:00
vishalnayak
93c4cccc6e mysql: made max_open_connections configurable 2015-10-01 21:15:56 -04:00
vishalnayak
bc5ad114e4 postgresql: Configurable max open connections to the database 2015-10-01 20:11:24 -04:00
Jeff Mitchell
6c21b3b693 Remove JWT for the 0.3 release; it needs a lot of rework. 2015-09-24 16:23:44 -04:00
Jeff Mitchell
3dee178392 Start rejigging JWT 2015-09-24 16:20:22 -04:00
Jeff Mitchell
fa53293b7b Enhance SSH backend documentation; remove getting of stored keys and have TTLs honor backends systemview values 2015-09-21 16:14:30 -04:00
Jeff Mitchell
08a81a3364 Update transit backend documentation, and also return the min decryption 
value in a read operation on the key.
 2015-09-21 16:13:43 -04:00
Jeff Mitchell
a4ca14cfbc Add HMAC capability to salt. Pass a salt into audit backends. Require it for audit.Hash. 2015-09-18 17:38:22 -04:00
Jeff Mitchell
fa6cbba286 Move no_plaintext to two separate paths for datakey. 2015-09-18 14:41:05 -04:00
Jeff Mitchell
b8fe460170 Add datakey generation to transit. 
Can specify 128 bits (defaults to 256) and control whether or not
plaintext is returned (default true).

Unit tests for all of the new functionality.
 2015-09-18 14:41:05 -04:00
Jeff Mitchell
82d1f28fb6 Remove enable/disable and make deletion_allowed a configurable property. On read, return the version and creation time of each key 2015-09-18 14:41:05 -04:00
Jeff Mitchell
46073e4470 Enhance transit backend: 
* Remove raw endpoint from transit
* Add multi-key structure
* Add enable, disable, rewrap, and rotate functionality
* Upgrade functionality, and record creation time of keys in metadata. Add flag in config function to control the minimum decryption version, and enforce that in the decrypt function
* Unit tests for everything
 2015-09-18 14:41:05 -04:00
Jeff Mitchell
11cea42ec7 Rename View to StorageView to make it more distinct from SystemView 2015-09-15 13:50:37 -04:00
Lassi Pölönen
1a6f778623 Define time zone explicitly in postgresql connection string. 2015-09-14 13:43:06 +03:00
Lassi Pölönen
ea2a6361eb Explicitly set timezone with PostgreSQL timestamps. 2015-09-14 13:43:06 +03:00
Lassi Pölönen
a769c1231b Call ResetDB as Cleanup routine to close existing database connections 
on backend unmount.
 2015-09-11 11:45:58 +03:00
Vishal Nayak
73416e1a0d Merge pull request #580 from hashicorp/zeroaddress-path 
Add root authenticated path to allow default CIDR to select roles
 2015-09-10 15:28:49 -04:00
Jeff Mitchell
4eb9cd4c28 Remove error returns from sysview TTL calls 2015-09-10 15:09:54 -04:00
Jeff Mitchell
dd8ac00daa Rejig how dynamic values are represented in system view and location of some functions in various packages; create mount-tune command and API analogues; update documentation 2015-09-10 15:09:54 -04:00
Jeff Mitchell
aadf039368 Add DynamicSystemView. This uses a pointer to a pointer to always have 
up-to-date information. This allows remount to be implemented with the
same source and dest, allowing mount options to be changed on the fly.
If/when Vault gains the ability to HUP its configuration, this should
just work for the global values as well.

Need specific unit tests for this functionality.
 2015-09-10 15:09:54 -04:00
Jeff Mitchell
6e0cee3ef4 Switch StaticSystemView values to pointers, to support updating 2015-09-10 15:09:54 -04:00
vishalnayak
484d854de0 Vault SSH: Testing credential creation on zero address roles 2015-09-10 11:55:07 -04:00
vishalnayak
32fc41cbac Vault SSH: Expected data for testRoleRead 2015-09-10 10:44:26 -04:00
vishalnayak
005e996784 Vault SSH: Refactoring tests 2015-09-03 18:56:45 -04:00
vishalnayak
b978db0aba Vault SSH: Refactor lookup test case 2015-09-03 18:43:53 -04:00