mirrors/vault
1
0
Fork 0
mirror of https://github.com/hashicorp/vault.git synced 2025-08-15 11:07:00 +02:00
Code Issues Projects Releases Wiki Activity
6,740 Commits 2,843 Branches 445 Tags 454 MiB
d3a2844a75
Commit Graph

34 Commits

Author SHA1 Message Date
Lars Lehtonen
70d16fb072 Fix goroutine logging in cert test (#3224) 2017-09-01 16:55:16 -04:00
Vishal Nayak
6a73552a88 Cert verification for non-CA certs (#2761) 
* Cert verification for non-CA certs

* Added test case to ensure login fails with expired non-CA cert

* Address review feedback
 2017-05-25 10:49:09 -04:00
Michael Ansel
8da4405c99 Add constraints on the Common Name for certificate-based authentication (#2595) 
* Refactor to consolidate constraints on the matching chain

* Add CN prefix/suffix constraint

* Maintain backwards compatibility (pick a random cert if multiple match)

* Vendor go-glob

* Replace cn_prefix/suffix with required_name/globbing

Move all the new tests to acceptance-capable tests instead of embedding in the CRL test

* Allow authenticating against a single cert

* Add new params to documentation

* Add CLI support for new param

* Refactor for style

* Support multiple (ORed) name patterns

* Rename required_names to allowed_names

* Update docs for parameter rename

* Use the new TypeCommaStringSlice
 2017-04-30 11:37:10 -04:00
Félix Cantournet
0d6d4211b8 all: test: Fix govet warnings 
Fix calls to t.Fatal() with formatting.
Fixed some calls to Fatalf() with wrong formatting
 2016-12-21 19:44:07 +01:00
Jeff Mitchell
b45da486dc Run appid/cert auth tests always 2016-07-01 14:06:33 -04:00
vishalnayak
65de9cb01a Remove failOnError method from cert tests 2016-06-01 16:01:28 -04:00
vishalnayak
25e90e7577 Fix broken cert backend test 2016-05-26 11:06:46 -04:00
vishalnayak
28e6f885ca Perform CRL checking for non-CA registered certs 2016-05-12 14:37:07 -04:00
vishalnayak
a74332bb7e Add the steps to generate the CRL test's test-fixture files 2016-05-04 05:48:34 -04:00
Jeff Mitchell
d3f1176e03 Switch our tri-copy ca loading code to go-rootcerts 2016-05-03 12:23:25 -04:00
vishalnayak
e032f9144c Extend the expiry of test-fixture certs of Cert backend 2016-05-02 12:34:46 -04:00
vishalnayak
bbb3efdc67 Cert backend, CRL tests 2016-04-29 02:32:48 -04:00
Adam Shannon
e0df8e9e88 all: Cleanup from running go vet 2016-04-13 14:38:29 -05:00
vishalnayak
ac5ceae0bd Added AcceptanceTest boolean to logical.TestCase 2016-04-05 15:10:44 -04:00
Jeff Mitchell
7ce9701800 Properly check for policy equivalency during renewal. 
This introduces a function that compares two string policy sets while
ignoring the presence of "default" (since it's added by core, not the
backend), and ensuring that ordering and/or duplication are not failure
conditions.

Fixes #1256
 2016-03-24 09:41:51 -04:00
Jeff Mitchell
6d249ec59b Don't renew cert-based tokens if the policies have changed. 
Also, add cert renewal testing.

Fixes #477
 2016-03-17 14:22:24 -04:00
Jeff Mitchell
52c438062e Add forgotten test 2016-03-15 14:18:35 -04:00
Jeff Mitchell
f52004e12a Add list support to certs in cert auth backend. 
Fixes #1212
 2016-03-15 14:07:40 -04:00
vishalnayak
d8213e8094 corrections, policy matching changes and test cert changes 2016-03-01 16:37:01 -05:00
vishalnayak
9e610f6417 Added testcase for cert writes 2016-03-01 16:37:01 -05:00
vishalnayak
9fbfd1aff2 moved the test cert keys to appropriate test-fixtures folder 2016-02-29 15:49:08 -05:00
vishalnayak
b3d639a29f fixed the error log message 2016-02-29 10:41:10 -05:00
vishalnayak
48f3f4b5d0 replaced old certs, with new certs generated from PKI backend, containing IP SANs 2016-02-28 22:15:54 -05:00
Jeff Mitchell
45e32756ea WriteOperation -> UpdateOperation 2016-01-08 13:03:03 -05:00
Jeff Mitchell
af4af078fa Address first round of feedback from review 2015-11-03 10:52:20 -05:00
Jeff Mitchell
b54cb9966c Add tests for the crls path, and fix a couple bugs 2015-11-03 10:52:20 -05:00
Jeff Mitchell
5eac0671ae Add CRLSets endpoints; write method is done. Add verification logic to 
login path. Change certs "ttl" field to be a string to match common
backend behavior.
 2015-11-03 10:52:19 -05:00
Jeff Mitchell
4836e7ca4d Make TLS backend honor SystemView default values. Expose lease TTLs on read. Make auth command show lease TTL if one exists. Addresses most of #527 2015-09-18 14:01:28 -04:00
Jeff Mitchell
382b521521 Don't re-use tls configuration, to fix a possible race issue during test 2015-09-03 13:04:32 -04:00
Jeff Mitchell
97112665e8 Internally refactor Lease/LeaseGracePeriod into TTL/GracePeriod 2015-08-20 18:00:51 -07:00
Armon Dadgar
8ae7b1288a credential/cert: support leasing and renewal 2015-04-24 12:58:39 -07:00
Armon Dadgar
e17c11149f credential/cert: more validation on cert setup 2015-04-24 10:39:44 -07:00
Armon Dadgar
0ef9947b1d credential/cert: major refactor 2015-04-24 10:31:57 -07:00
Armon Dadgar
658b03e93d credential/cert: First pass at public key credential backend 2015-04-23 21:46:21 -07:00