mirrors/vault
1
0
Fork 0
mirror of https://github.com/hashicorp/vault.git synced 2025-09-01 20:11:09 +02:00
Code Issues Projects Releases Wiki Activity
9,692 Commits 2,840 Branches 446 Tags
Commit Graph

62 Commits

Author SHA1 Message Date
Jim Kalafut
a54603039d Run goimports across the repository (#6010) 
The result will still pass gofmtcheck and won't trigger additional
changes if someone isn't using goimports, but it will avoid the
piecemeal imports changes we've been seeing.
 2019-01-08 16:48:57 -08:00
Brian Kassouf
7ab4cc5bda
Update path_role.go (#5820) 2018-11-19 13:40:36 -08:00
Jeff Mitchell
a58d313d2b
Batch tokens (#755) 2018-10-15 12:56:24 -04:00
Jeff Mitchell
fe309723c9
Add the ability to specify token CIDR restrictions on secret IDs. (#5136) 
Fixes #5034
 2018-08-21 11:54:04 -04:00
Becca Petrin
b3a711d717 Add bound cidrs to tokens in AppRole (#4680) 2018-06-19 22:57:11 -04:00
Vishal Nayak
e0c65213a7
return 404 when role does exist on update operations (#4778) 2018-06-18 09:29:05 -04:00
Vishal Nayak
818218637c approle: Fix role name case sensitivity issue 2018-06-05 18:53:27 -04:00
vishalnayak
a030db2af8 s/enable_local_secret_ids/local_secret_ids 2018-04-24 17:52:42 -04:00
vishalnayak
3f92d9c8ca remove unneeded setting of secret ID prefix 2018-04-24 15:55:40 -04:00
vishalnayak
0962457bc8 Fix api path for reading the field 2018-04-24 14:28:03 -04:00
vishalnayak
f39f4052a1 Add immutability test 2018-04-24 10:05:17 -04:00
vishalnayak
83aabbba05 Add enable_local_secret_ids to role read response 2018-04-24 09:53:36 -04:00
vishalnayak
20c7f20265 error on enable_local_secret_ids update after role creation 2018-04-23 17:05:53 -04:00
vishalnayak
b929187362 naming changes 2018-04-23 16:52:09 -04:00
vishalnayak
184dac8cfc Upgrade secret ID prefix and fix tests 2018-04-23 16:31:51 -04:00
vishalnayak
3d7e704f3f segregate local and non-local accessor entries 2018-04-23 16:19:05 -04:00
vishalnayak
4ee66b5958 fix path regex and role storage 2018-04-23 14:08:30 -04:00
vishalnayak
953c7fbeca local secret IDs 2018-04-23 14:08:30 -04:00
Vishal Nayak
e2bb2ec3b9
Errwrap everywhere (#4252) 
* package api

* package builtin/credential

* package builtin/logical

* package command

* package helper

* package http and logical

* package physical

* package shamir

* package vault

* package vault

* address feedback

* more fixes
 2018-04-05 11:49:21 -04:00
Josh Soref
e43b76ef97 Spelling (#4119) 2018-03-20 14:54:10 -04:00
Vishal Nayak
1d8baa9b9c
approle: Use TypeCommaStringSlice for BoundCIDRList (#4078) 
* Use TypeCommaStringSlice for Approle bound_cidr_list

* update docs

* Add comments in the test
 2018-03-08 17:49:08 -05:00
Brian Kassouf
c0815bd2b0
Add context to the NewSalt function (#4102) 2018-03-08 11:21:11 -08:00
Brian Kassouf
8142b42d95 Add context to storage backends and wire it through a lot of places (#3817) 2018-01-19 01:44:44 -05:00
Brian Kassouf
78adac0a24
Pass context to backends (#3750) 
* Start work on passing context to backends

* More work on passing context

* Unindent logical system

* Unindent token store

* Unindent passthrough

* Unindent cubbyhole

* Fix tests

* use requestContext in rollback and expiration managers
 2018-01-08 10:31:38 -08:00
Brian Shumate
622b15939c Update some approle related help output (#3747) 2018-01-03 13:56:14 -05:00
Vishal Nayak
aef8a1893f Fix the casing problem in approle (#3665) 2017-12-11 16:41:17 -05:00
Vishal Nayak
017c0ec283
Avoid race conditions in AppRole (#3561) 
* avoid race conditions in approle

* return a warning from role read if secondary index is missing

* Create a role ID index if a role is missing one

* Fix locking in approle read and add test

* address review feedback
 2017-11-10 11:32:04 -05:00
Jeff Mitchell
2f6c2b88bb Sanitize policy behavior across backends (#3324) 
Fixes #3323
Fixes #3318

* Fix tests

* Fix tests
 2017-09-13 11:36:52 -04:00
Jeff Mitchell
64cb31ad9c Switch policies in AppRole to TypeCommaStringSlice (#3163) 2017-08-14 20:15:51 -04:00
Jeff Mitchell
eb0e7cd0d2 Don't write salts in initialization, look up on demand (#2702) 2017-05-09 17:51:09 -04:00
Jeff Mitchell
2fbd973001 Add logic to skip initialization in some cases and some invalidation logic 2017-05-05 15:01:52 -04:00
Chris Hoffman
d6edfc2a25 Rename ParseDedupAndSortStrings to ParseDedupLowercaseAndSortStrings (#2614) 2017-04-19 10:39:07 -04:00
vishalnayak
824a263b83 Fix typo. Closes GH-2528 2017-04-04 12:29:18 -04:00
Jeff Mitchell
99a74e323d Use locks in a slice rather than a map, which is faster and makes things cleaner (#2446) 2017-03-07 11:21:32 -05:00
Vishal Nayak
f4d74fe4cc AppRole: Support restricted use tokens (#2435) 
* approle: added token_num_uses to the role

* approle: added RUD tests for token_num_uses on role

* approle: doc: added token_num_uses
 2017-03-03 09:31:20 -05:00
Vishal Nayak
be9153cfcf approle: secret-id listing lock sanity check (#2315) 
* approle: secret-id listing lock sanity

* Skip processing an empty secretIDHMAC item during the iteration

* approle: use dedicated lock for listing of secret-id-accessors
 2017-02-01 18:13:49 -05:00
Jeff Mitchell
be2d33e4b6 Update path help for approle secret id TTL 2016-11-15 11:50:51 -05:00
vishalnayak
4caa09f6e6 Fix regression caused by not creating a role_id secondary index 2016-10-14 12:56:29 -04:00
vishalnayak
d672d3c5dc Added website docs for lookup and destroy APIs 2016-09-28 22:11:48 -04:00
vishalnayak
11614805e0 Make secret-id reading and deleting, a POST op instead of GET 2016-09-28 20:22:37 -04:00
vishalnayak
5c5871ee5a Don't reset the deprecated value yet 2016-09-28 15:48:50 -04:00
vishalnayak
2964c925d3 Fix the misplaced response warning 2016-09-28 14:20:03 -04:00
vishalnayak
a716e20261 Added testcase to check secret_id_num_uses 2016-09-28 13:58:53 -04:00
vishalnayak
020237779e Pull out reading and storing of secret ID into separate functions and handle upgrade properly 2016-09-28 12:42:26 -04:00
Vishal Nayak
92cb781be9 Merge pull request #1910 from hashicorp/secret-id-cidr-list 
CIDR restrictions on Secret ID
 2016-09-26 10:22:48 -04:00
Vishal Nayak
a31ab07615 Merge pull request #1920 from legal90/fix-approle-delete 
Fix panic on deleting the AppRole which doesn't exist
 2016-09-26 10:05:33 -04:00
Mikhail Zholobov
9667cd9377
Fix panic on deleting the AppRole which doesn't exist 
#pathRoleDelete should return silently if the specified  AppRole doesn't exist
Fixes GH-1919
 2016-09-26 16:55:08 +03:00
Jeff Mitchell
bba2ea63f1 Don't use time.Time in responses. (#1912) 
This fixes #1911 but not directly; it doesn't address the cause of the
panic. However, it turns out that this is the correct fix anyways,
because it ensures that the value being logged is RFC3339 format, which
is what the time turns into in JSON but not the normal time string
value, so what we audit log (and HMAC) matches what we are returning.
 2016-09-23 12:32:07 -04:00
vishalnayak
8ce3fa75ba Store the CIDR list in the secret ID storage entry. 
Use the stored information to validate the source address and credential issue time.
Correct the logic used to verify BoundCIDRList on the role.
Reverify the subset requirements between secret ID and role during credential issue time.
 2016-09-21 20:19:26 -04:00
vishalnayak
7f89bb5f68 Pass only valid inputs to validation methods 2016-09-21 15:44:54 -04:00