Commit graph

2805 commits

Author SHA1 Message Date
Jeff Mitchell 0451adc28f Merge pull request #1107 from vanhalt/fixing_auth-enable_help
Fixing auth-enable help text
2016-02-21 16:14:29 -05:00
vanhalt d0489e16c1 Fixing auth-enable help text
auth-enable command help in the "Auth Enable Options" is suggesting
the usage of a non-existing command called 'auth-list' instead of
the correct one "auth -methods"
2016-02-21 14:54:50 -06:00
Jeff Mitchell fc3d828c9d changelog++ 2016-02-21 15:35:43 -05:00
Jeff Mitchell f30ea2dc0a Merge pull request #1106 from hashicorp/issue-468
Remove root requirement for certs/ and crls/ in TLS auth backend.
2016-02-21 15:34:26 -05:00
Jeff Mitchell fab2d8687a Remove root requirement for certs/ and crls/ in TLS auth backend.
Fixes #468
2016-02-21 15:33:33 -05:00
Jeff Mitchell 7165be0cf3 changelog++ 2016-02-19 21:43:37 -05:00
Jeff Mitchell 2bff5716bf changelog++ 2016-02-19 21:42:50 -05:00
Jeff Mitchell 5d5c6527dc Merge pull request #1104 from hashicorp/check-role-keybits
Check role key type and bits when signing CSR.
2016-02-19 21:41:27 -05:00
Jeff Mitchell 58432c5d57 Add tests for minimum key size checking. (This will also verify that the
key type matches that of the role, since type assertions are required to
check the bit size). Like the rest, these are fuzz tests; I have
verified that the random seed will eventually hit error conditions if
ErrorOk is not set correctly when we expect an error.
2016-02-19 21:39:40 -05:00
Jeff Mitchell c57b646848 Check role key type and bits when signing CSR.
Two exceptions: signing an intermediate CA CSR, and signing a CSR via
the 'sign-verbatim' path.
2016-02-19 20:50:49 -05:00
vishalnayak 6a14786660 changelog++ 2016-02-19 18:34:23 -05:00
vishalnayak c4abe72075 Cap the length midString in IAM user's username to 42 2016-02-19 18:31:10 -05:00
Vishal Nayak 773de69796 Merge pull request #1102 from hashicorp/shorten-aws-usernames
Set limits on generated IAM user and STS token names.
2016-02-19 18:25:29 -05:00
vishalnayak a43bd9131b changelog++ 2016-02-19 16:52:19 -05:00
Jeff Mitchell 574542b683 Some minor changes in mysql commenting and names 2016-02-19 16:44:52 -05:00
Jeff Mitchell 25b9f9b4a6 Set limits on generated IAM user and STS token names.
Fixes #1031
Fixes #1063
2016-02-19 16:35:06 -05:00
Vishal Nayak 4c9b4ee93b Merge pull request #1096 from hashicorp/iss1076-allow-verification
mysql: provide allow_verification option to disable connection_url check
2016-02-19 16:28:41 -05:00
vishalnayak a16055c809 mysql: fix error message 2016-02-19 16:07:06 -05:00
vishalnayak 38b55bd8b1 Don't deprecate value field yet 2016-02-19 16:07:06 -05:00
vishalnayak 99f4969b20 Removed connectionString.ConnectionString 2016-02-19 16:07:05 -05:00
vishalnayak 380b662c3d mysql: provide allow_verification option to disable connection_url check 2016-02-19 16:07:05 -05:00
Jeff Mitchell bebcd518a9 Purge fastly when we do a release, in case it's a re-package
Fixes #1057
2016-02-19 15:59:52 -05:00
Jeff Mitchell fef282f078 Some website config updates 2016-02-19 15:27:02 -05:00
Jeff Mitchell 50d3b68c8d Merge pull request #1078 from eyal-lupu/master
ZooKeeper Backend: Authnetication and Authorization support
2016-02-19 15:13:09 -05:00
Jeff Mitchell 5036882353 changelog++ 2016-02-19 15:12:05 -05:00
Jeff Mitchell 6df75231b8 Merge pull request #1100 from hashicorp/issue-1030
Properly escape filter values in LDAP filters
2016-02-19 14:56:40 -05:00
Jeff Mitchell be073f8499 Update upgrade website section with information about the 0.5.1 PKI changes 2016-02-19 14:42:59 -05:00
Jeff Mitchell 8bc34acd4e changelog++ 2016-02-19 14:37:42 -05:00
Jeff Mitchell 9ff59c3385 Merge pull request #1095 from hashicorp/pki-1024-bit-warnings
Disallow RSA keys < 2048 in PKI backend
2016-02-19 14:34:47 -05:00
Jeff Mitchell 7fc4ee1ed7 Disallow 1024-bit RSA keys.
Existing certificates are kept but roles with key bits < 2048 will need
to be updated as the signing/issuing functions now enforce this.
2016-02-19 14:33:02 -05:00
Jeff Mitchell 05b5ff69ed Address some feedback on ldap escaping help text 2016-02-19 13:47:26 -05:00
Jeff Mitchell d7b40b32db Properly escape filter values.
Fixes #1030
2016-02-19 13:16:52 -05:00
Jeff Mitchell c67871c36e Update LDAP documentation with a note on escaping 2016-02-19 13:16:18 -05:00
Vishal Nayak 597ba98895 Merge pull request #1099 from hashicorp/fix-ssh-cli
ssh: use resolved IP address while executing ssh command
2016-02-19 13:02:34 -05:00
Jeff Mitchell 28857cb419 Fix mixed whitespacing in ssh help text 2016-02-19 12:47:58 -05:00
vishalnayak bccbf2b87e ssh: use resolved IP address while executing ssh command 2016-02-19 12:19:10 -05:00
Jeff Mitchell d3f3122307 Add tests to ldap using the discover capability 2016-02-19 11:46:59 -05:00
Jeff Mitchell 154c326060 Add ldap tests that use a bind dn and bind password 2016-02-19 11:38:27 -05:00
Eyal Lupu e5fac90902 Merge branch 'master' of github.com:eyal-lupu/vault 2016-02-19 13:29:21 +00:00
Eyal Lupu a6e9820e8d typo in comment 2016-02-19 13:28:02 +00:00
Eyal Lupu 23303429c0 'Eagerly' parse ZK authentication and authorization to fast-fail bad configuration 2016-02-19 13:24:57 +00:00
Eyal Lupu c7fe99b1e9 1. gofmt
2. Change if expr syntax to be consist with the rest of Vault code
3. More details on error message
2016-02-19 12:19:01 +00:00
Jeff Mitchell 520d71668d Update .gitignore to remove overzealous application of 'pkg' shadowing
vendor dir.

Also update Travis to stop doing bad things.
2016-02-18 21:51:04 -05:00
Jeff Mitchell 0cf0d4d265 Makefile whitespacing 2016-02-18 21:26:28 -05:00
Jeff Mitchell df3527c0eb Add travis building of travis-testing branch and make dev to install 2016-02-18 21:23:40 -05:00
Jeff Mitchell d6df4fa43e Remove godep from Travis; we're using Go 1.6 vendoring now 2016-02-18 18:25:21 -05:00
Jeff Mitchell af22880425 Update travis to use Go 1.6 2016-02-18 18:09:21 -05:00
vishalnayak 84d9b6c6b2 changelog++ 2016-02-18 17:11:50 -05:00
Jeff Mitchell 88d486c9c1 Merge pull request #1094 from hashicorp/sanitize-ttl-emptystring
Make SanitizeTTL treat an empty string the same as a "0" string.
2016-02-18 16:59:23 -05:00
Jeff Mitchell f9fb20bbe4 Make SanitizeTTL treat an empty string the same as a "0" string.
This causes a 0 TTL to be returned for the value, which is a clue to
other parts of Vault to use appropriate defaults. However, this makes
the defaults be used at lease allocation or extension time instead of
when parsing parameters.
2016-02-18 16:51:36 -05:00