mirrors/vault
1
0
Fork 0
mirror of https://github.com/hashicorp/vault.git synced 2025-08-20 22:21:09 +02:00
Code Issues Projects Releases Wiki Activity
4,870 Commits 2,844 Branches 445 Tags
Commit Graph

70 Commits

Author SHA1 Message Date
vishalnayak
8cc5cdb746 STS path field description update 2016-08-30 10:53:21 -04:00
vishalnayak
39b75c6ae9 Added UpdateOperation to logical AWS STS path 2016-08-30 10:30:13 -04:00
Jeff Mitchell
9cd4243362 Mark STS secrets as non-renwable 
Ping #1800
 2016-08-28 14:27:56 -04:00
Jeff Mitchell
357ecb4dfe gofmt 2016-08-19 16:48:32 -04:00
vishalnayak
f59a69bc52 Remove Unix() invocations on 'time.Time' objects and removed conversion of time to UTC 2016-07-08 18:30:18 -04:00
Vishal Nayak
513346a297 Merge pull request #1546 from hashicorp/secret-aws-roles 
Added list functionality to logical aws backend's roles
 2016-06-20 20:10:24 -04:00
vishalnayak
677028e161 Added test case for listing aws secret backend roles 2016-06-20 20:09:31 -04:00
vishalnayak
c37ef12834 Added list functionality to logical aws backend's roles 2016-06-20 19:51:04 -04:00
vishalnayak
cfe0aa860e Backend() functions should return 'backend' objects. 
If they return pointers to 'framework.Backend' objects, the receiver functions can't be tested.
 2016-06-10 15:53:02 -04:00
Jeff Mitchell
74a1e3bd61 Remove most Root paths 2016-05-31 23:42:54 +00:00
Jeff Mitchell
8efe203a8e Don't use pointers to int64 in function calls when not necessary 2016-05-19 12:26:02 -04:00
Jeff Mitchell
8c3e9c4753 Merge pull request #1318 from steve-jansen/aws-logical-assume-role 
Add sts:AssumeRole support to the AWS secret backend
 2016-05-19 12:17:27 -04:00
Steve Jansen
69740e57e0 Adds sts:AssumeRole support to the AWS secret backend 
Support use cases where you want to provision STS tokens
using Vault, but, you need to call AWS APIs that are blocked
for federated tokens.  For example, STS federated tokens cannot
invoke IAM APIs, such as  Terraform scripts containing
`aws_iam_*` resources.
 2016-05-05 23:32:41 -04:00
Jeff Mitchell
42d9df95c1 Merge branch 'master-oss' into aws-auth-backend 2016-05-05 10:36:06 -04:00
Jeff Mitchell
88811a4776 Cleanups, add shared provider, ability to specify http client, and port S3 physical backend over 2016-05-03 17:01:02 -04:00
Jeff Mitchell
56cc74887f Region is required so error in awsutil if not set and set if empty in client code in logical/aws 2016-05-03 15:25:11 -04:00
Jeff Mitchell
56011c9443 Refactor AWS credential code into a function that returns a static->env->instance chain 2016-05-03 15:10:35 -04:00
vishalnayak
81e4235fc0 Support periodic tidy callback and config endpoints. 2016-04-26 10:22:29 -04:00
vishalnayak
ac5ceae0bd Added AcceptanceTest boolean to logical.TestCase 2016-04-05 15:10:44 -04:00
Matt Hurne
8bd0cc6391 Improve error message returned when client attempts to generate STS credentials for a managed policy; addresses #1113 2016-02-23 08:58:28 -05:00
vishalnayak
992a32975c Cap the length midString in IAM user's username to 42 2016-02-19 18:31:10 -05:00
Jeff Mitchell
63a8061e87 Set limits on generated IAM user and STS token names. 
Fixes #1031
Fixes #1063
 2016-02-19 16:35:06 -05:00
Jeff Mitchell
2eb08d3bde Make backends much more consistent: 
1) Use the new LeaseExtend
2) Use default values controlled by mount tuning/system defaults instead
of a random hard coded value
3) Remove grace periods
 2016-01-29 20:03:37 -05:00
Dmitriy Gromov
df65547eca STS now uses root vault user for keys 
The secretAccessKeysRevoke revoke function now asserts that it is
not dealing with STS keys by checking a new internal data flag. Defaults
to IAM when the flag is not found.

Factored out genUsername into its own function to share between STS and
IAM secret creation functions.

Fixed bad call to "WriteOperation" instead of "UpdateOperation" in
aws/backend_test
 2016-01-21 15:04:16 -05:00
Dmitriy Gromov
ea1e29fa33 Renamed sts duration to ttl and added STS permissions note. 2016-01-21 14:28:34 -05:00
Dmitriy Gromov
b37a963841 Removing debug print statement from sts code 2016-01-21 14:05:10 -05:00
Dmitriy Gromov
6f50cd9439 Fixed duration type and added acceptance test for sts 2016-01-21 14:05:10 -05:00
Dmitriy Gromov
522e8a3450 Configurable sts duration 2016-01-21 14:05:09 -05:00
Jack DeLoach
d206599b80 Add STS path to AWS backend. 
The new STS path allows for obtaining the same credentials that you would get
from the AWS "creds" path, except it will also provide a security token, and
will not have an annoyingly long propagation time before returning to the user.
 2016-01-21 14:05:09 -05:00
Jeff Mitchell
4fc58e8b41 Merge pull request #895 from nickithewatt/aws-prexisting-policies 
Allow use of pre-existing policies for AWS users
 2016-01-21 13:23:37 -05:00
Jeff Mitchell
45e32756ea WriteOperation -> UpdateOperation 2016-01-08 13:03:03 -05:00
Nicki Watt
79fb12c977 Updated AWS policy help messages 2015-12-30 19:41:07 +00:00
Nicki Watt
375a57b975 Allow use of pre-existing policies for AWS users 2015-12-30 18:05:54 +00:00
Jeff Mitchell
5a5d4212af Fix AWS tests 2015-12-01 00:05:04 -05:00
Seth Vargo
3e2c4ffb7b Fix breaking API changes 2015-10-30 18:22:48 -04:00
Jeff Mitchell
5c0a16b16a Use cleanhttp instead of bare http.Client 2015-10-22 14:37:12 -04:00
Jeff Mitchell
0dbbef1ac0 Don't use http.DefaultClient 
This strips out http.DefaultClient everywhere I could immediately find
it. Too many things use it and then modify it in incompatible ways.

Fixes #700, I believe.
 2015-10-15 17:54:00 -04:00
Jeff Mitchell
0d885535e6 Merge pull request #567 from hobbeswalsh/master 
Spaces in displayName break AWS IAM
 2015-08-26 12:37:52 -04:00
Robin Walsh
52eeb8551e Adding one more test (for no-op case) 2015-08-26 09:26:20 -07:00
Robin Walsh
e67b8d42ca Adding unit test for normalizeDisplayName() 2015-08-26 09:23:33 -07:00
Jeff Mitchell
8a0915b8ef Explicitly check for blank leases in AWS, and give a better error message if lease_max cannot be parsed. Fixes #569. 2015-08-26 09:04:47 -07:00
Robin Walsh
2cf6af79d6 s/string replacement/regexp replacement 2015-08-24 17:00:54 -07:00
Robin Walsh
e0cfb891af spaces in displayName break AWS IAM 2015-08-24 16:12:45 -07:00
vishalnayak
41678f18ae Vault: Fix wild card paths for all backends 2015-08-21 00:56:13 -07:00
Armon Dadgar
e4bb074fc2 Merge pull request #534 from ctennis/lease_reader 
Fix #533, add a reader for lease values (#529) and an acceptance test for mysql to prove it works
 2015-08-18 19:00:18 -07:00
Jeff Mitchell
5ffb403857 Fix AWS, again, and update Godeps. 2015-08-18 18:12:51 -07:00
Caleb Tennis
d009d79696 Fix #533, add a reader for lease values (#529) and an acceptance test for mysql to prove it works 2015-08-13 15:33:06 -04:00
Paul Hinze
0d4aa51855 Update vault code to match latest aws-sdk-go APIs 2015-08-06 11:37:08 -05:00
Seth Vargo
070d45456a Update to latest aws and move off of hashicorp/aws-sdk-go 2015-08-06 12:26:41 -04:00
Armon Dadgar
6a9dc00e57 Remove SetLogger, and unify on framework.Setup 2015-06-30 17:45:20 -07:00