Commit graph

3074 commits

Author SHA1 Message Date
Jeff Mitchell 291352fd99 changelog++ 2016-02-22 19:52:48 -05:00
Jeff Mitchell 84d87b171b Merge pull request #1117 from hashicorp/add-time-to-responses
Add the server's time in UTC to the health response.
2016-02-22 19:52:03 -05:00
Jeff Mitchell 76923aa28a Add the server's time in UTC to the health response. 2016-02-22 19:51:18 -05:00
Jeff Mitchell f56e4a604d Merge pull request #1114 from hashicorp/dont-delete-certs
Do not delete certs (or revocation information)
2016-02-22 16:11:13 -05:00
Jeff Mitchell 4514192145 Address review feedback 2016-02-22 16:11:01 -05:00
Jeff Mitchell 9a1ddf6d5f changelog++ 2016-02-22 13:40:27 -05:00
Jeff Mitchell f43ab6a25d Remove extra debugging from PKI tests 2016-02-22 13:39:05 -05:00
Jeff Mitchell f27eab1d28 Do not delete certs (or revocation information) to avoid potential
issues related to time synchronization. A function will be added to
allow operators to perform cleanup at chosen times.
2016-02-22 13:36:17 -05:00
Jeff Mitchell 51ced69bf8 Fix issue where leftover values after cn tests could trigger errors in ipsan tests 2016-02-22 13:35:57 -05:00
vishalnayak e2e15376dd changelog++ 2016-02-22 11:41:13 -05:00
Vishal Nayak 949f8a6b69 Merge pull request #1112 from hashicorp/1089-postgres-connection-url
postgres: connection_url fix
2016-02-22 11:36:04 -05:00
Jeff Mitchell 4c327ca4cc More improvements to PKI tests; allow setting a specific seed, output
the seed to the console, and split generated steps to make it
understandable which seed is for which set of steps.
2016-02-22 11:22:52 -05:00
vishalnayak c9899a5300 postgres: connection_url fix 2016-02-22 11:22:49 -05:00
Vishal Nayak 879db1766a Merge pull request #1108 from vanhalt/fixing_write_help
When writing from a file it must be a JSON file
2016-02-22 11:01:21 -05:00
Jeff Mitchell 8d4c6f4c98 Use more fuzziness in PKI backend tests 2016-02-22 10:59:37 -05:00
vanhalt a387725e96 help sentence improved 2016-02-22 09:38:30 -06:00
Jeff Mitchell 392a26e9cd Better handle errors from fetchCertBySerial 2016-02-22 10:36:26 -05:00
vanhalt 31862dc5c2 When writing from a file it must be a JSON file
Making clear from write help text that when writing secrets
using @file, the file must be a JSON file.
2016-02-21 19:02:09 -06:00
Jeff Mitchell 0451adc28f Merge pull request #1107 from vanhalt/fixing_auth-enable_help
Fixing auth-enable help text
2016-02-21 16:14:29 -05:00
vanhalt d0489e16c1 Fixing auth-enable help text
auth-enable command help in the "Auth Enable Options" is suggesting
the usage of a non-existing command called 'auth-list' instead of
the correct one "auth -methods"
2016-02-21 14:54:50 -06:00
Jeff Mitchell fc3d828c9d changelog++ 2016-02-21 15:35:43 -05:00
Jeff Mitchell f30ea2dc0a Merge pull request #1106 from hashicorp/issue-468
Remove root requirement for certs/ and crls/ in TLS auth backend.
2016-02-21 15:34:26 -05:00
Jeff Mitchell fab2d8687a Remove root requirement for certs/ and crls/ in TLS auth backend.
Fixes #468
2016-02-21 15:33:33 -05:00
Jeff Mitchell 7165be0cf3 changelog++ 2016-02-19 21:43:37 -05:00
Jeff Mitchell 2bff5716bf changelog++ 2016-02-19 21:42:50 -05:00
Jeff Mitchell 5d5c6527dc Merge pull request #1104 from hashicorp/check-role-keybits
Check role key type and bits when signing CSR.
2016-02-19 21:41:27 -05:00
Jeff Mitchell 58432c5d57 Add tests for minimum key size checking. (This will also verify that the
key type matches that of the role, since type assertions are required to
check the bit size). Like the rest, these are fuzz tests; I have
verified that the random seed will eventually hit error conditions if
ErrorOk is not set correctly when we expect an error.
2016-02-19 21:39:40 -05:00
Jeff Mitchell c57b646848 Check role key type and bits when signing CSR.
Two exceptions: signing an intermediate CA CSR, and signing a CSR via
the 'sign-verbatim' path.
2016-02-19 20:50:49 -05:00
vishalnayak 6a14786660 changelog++ 2016-02-19 18:34:23 -05:00
vishalnayak c4abe72075 Cap the length midString in IAM user's username to 42 2016-02-19 18:31:10 -05:00
Vishal Nayak 773de69796 Merge pull request #1102 from hashicorp/shorten-aws-usernames
Set limits on generated IAM user and STS token names.
2016-02-19 18:25:29 -05:00
vishalnayak a43bd9131b changelog++ 2016-02-19 16:52:19 -05:00
Jeff Mitchell 574542b683 Some minor changes in mysql commenting and names 2016-02-19 16:44:52 -05:00
Jeff Mitchell 25b9f9b4a6 Set limits on generated IAM user and STS token names.
Fixes #1031
Fixes #1063
2016-02-19 16:35:06 -05:00
Vishal Nayak 4c9b4ee93b Merge pull request #1096 from hashicorp/iss1076-allow-verification
mysql: provide allow_verification option to disable connection_url check
2016-02-19 16:28:41 -05:00
vishalnayak a16055c809 mysql: fix error message 2016-02-19 16:07:06 -05:00
vishalnayak 38b55bd8b1 Don't deprecate value field yet 2016-02-19 16:07:06 -05:00
vishalnayak 99f4969b20 Removed connectionString.ConnectionString 2016-02-19 16:07:05 -05:00
vishalnayak 380b662c3d mysql: provide allow_verification option to disable connection_url check 2016-02-19 16:07:05 -05:00
Jeff Mitchell bebcd518a9 Purge fastly when we do a release, in case it's a re-package
Fixes #1057
2016-02-19 15:59:52 -05:00
Jeff Mitchell fef282f078 Some website config updates 2016-02-19 15:27:02 -05:00
Jeff Mitchell 50d3b68c8d Merge pull request #1078 from eyal-lupu/master
ZooKeeper Backend: Authnetication and Authorization support
2016-02-19 15:13:09 -05:00
Jeff Mitchell 5036882353 changelog++ 2016-02-19 15:12:05 -05:00
Jeff Mitchell 6df75231b8 Merge pull request #1100 from hashicorp/issue-1030
Properly escape filter values in LDAP filters
2016-02-19 14:56:40 -05:00
Jeff Mitchell be073f8499 Update upgrade website section with information about the 0.5.1 PKI changes 2016-02-19 14:42:59 -05:00
Jeff Mitchell 8bc34acd4e changelog++ 2016-02-19 14:37:42 -05:00
Jeff Mitchell 9ff59c3385 Merge pull request #1095 from hashicorp/pki-1024-bit-warnings
Disallow RSA keys < 2048 in PKI backend
2016-02-19 14:34:47 -05:00
Jeff Mitchell 7fc4ee1ed7 Disallow 1024-bit RSA keys.
Existing certificates are kept but roles with key bits < 2048 will need
to be updated as the signing/issuing functions now enforce this.
2016-02-19 14:33:02 -05:00
Jeff Mitchell 05b5ff69ed Address some feedback on ldap escaping help text 2016-02-19 13:47:26 -05:00
Jeff Mitchell d7b40b32db Properly escape filter values.
Fixes #1030
2016-02-19 13:16:52 -05:00