Commit graph

340 commits

Author SHA1 Message Date
Jeff Mitchell 6f4e42efed Add StaticSystemView to LDAP acceptance tests 2015-10-06 15:48:10 -04:00
Vishal Nayak bf464b9a4b Merge pull request #661 from hashicorp/maxopenconns
Parameterize max open connections in postgresql and mysql backends
2015-10-03 16:55:20 -04:00
vishalnayak a740c68eab Added a test case. Removed setting of defaultTTL in config. 2015-10-03 15:36:57 -04:00
vishalnayak 145aee229e Merge branch 'master' of https://github.com/hashicorp/vault 2015-10-03 00:07:34 -04:00
vishalnayak 8e7975edc8 Added ConnectionURL along with ConnectionString 2015-10-02 23:47:10 -04:00
vishalnayak e3f04dc444 Added testcases for config writes 2015-10-02 22:10:51 -04:00
Jeff Mitchell 645932a0df Remove use of os/user as it cannot be run with CGO disabled 2015-10-02 18:43:38 -07:00
vishalnayak ea0aba8e47 Use SanitizeTTL in credential request path instead of config 2015-10-02 15:41:35 -04:00
vishalnayak 69b478fff1 fix struct tags 2015-10-02 14:13:27 -04:00
vishalnayak 3dd84446ab Github backend: enable auth renewals 2015-10-02 13:33:19 -04:00
vishalnayak 1f12482995 Fix ConnectionString JSON value 2015-10-02 12:07:31 -04:00
vishalnayak 644a655920 mysql: made max_open_connections configurable 2015-10-01 21:15:56 -04:00
vishalnayak 2051101c43 postgresql: Configurable max open connections to the database 2015-10-01 20:11:24 -04:00
Jeff Mitchell c3bdde8abe Add a static system view to github credential backend to fix acceptance tests 2015-09-29 18:55:59 -07:00
Jeff Mitchell af27a99bb7 Remove JWT for the 0.3 release; it needs a lot of rework. 2015-09-24 16:23:44 -04:00
Jeff Mitchell f10343921b Start rejigging JWT 2015-09-24 16:20:22 -04:00
Jeff Mitchell 29c722dbb6 Enhance SSH backend documentation; remove getting of stored keys and have TTLs honor backends systemview values 2015-09-21 16:14:30 -04:00
Jeff Mitchell 3eb38d19ba Update transit backend documentation, and also return the min decryption
value in a read operation on the key.
2015-09-21 16:13:43 -04:00
Jeff Mitchell 5dde76fa1c Expand HMAC support in Salt; require an identifier be passed in to specify type but allow generation with and without. Add a StaticSalt ID for testing functions. Fix bugs; unit tests pass. 2015-09-18 17:38:30 -04:00
Jeff Mitchell b655f6b858 Add HMAC capability to salt. Pass a salt into audit backends. Require it for audit.Hash. 2015-09-18 17:38:22 -04:00
Jeff Mitchell 01ee6c4fe1 Move no_plaintext to two separate paths for datakey. 2015-09-18 14:41:05 -04:00
Jeff Mitchell 448249108c Add datakey generation to transit.
Can specify 128 bits (defaults to 256) and control whether or not
plaintext is returned (default true).

Unit tests for all of the new functionality.
2015-09-18 14:41:05 -04:00
Jeff Mitchell 61398f1b01 Remove enable/disable and make deletion_allowed a configurable property. On read, return the version and creation time of each key 2015-09-18 14:41:05 -04:00
Jeff Mitchell 801e531364 Enhance transit backend:
* Remove raw endpoint from transit
* Add multi-key structure
* Add enable, disable, rewrap, and rotate functionality
* Upgrade functionality, and record creation time of keys in metadata. Add flag in config function to control the minimum decryption version, and enforce that in the decrypt function
* Unit tests for everything
2015-09-18 14:41:05 -04:00
Jeff Mitchell 9c5dcac90c Make TLS backend honor SystemView default values. Expose lease TTLs on read. Make auth command show lease TTL if one exists. Addresses most of #527 2015-09-18 14:01:28 -04:00
vishalnayak 1f53376ae6 Userpass Bk: Added tests for TTL duration verifications 2015-09-17 16:33:26 -04:00
vishalnayak 4332eb9d05 Vault userpass: Enable renewals for login tokens 2015-09-17 14:35:50 -04:00
Jeff Mitchell 77e7379ab5 Implement the cubbyhole backend
In order to implement this efficiently, I have introduced the concept of
"singleton" backends -- currently, 'sys' and 'cubbyhole'. There isn't
much reason to allow sys to be mounted at multiple places, and there
isn't much reason you'd need multiple per-token storage areas. By
restricting it to just one, I can store that particular mount instead of
iterating through them in order to call the appropriate revoke function.

Additionally, because revocation on the backend needs to be triggered by
the token store, the token store's salt is kept in the router and
client tokens going to the cubbyhole backend are double-salted by the
router. This allows the token store to drive when revocation happens
using its salted tokens.
2015-09-15 13:50:37 -04:00
Jeff Mitchell 104b29ab04 Rename View to StorageView to make it more distinct from SystemView 2015-09-15 13:50:37 -04:00
Lassi Pölönen 83d0ab73f5 Define time zone explicitly in postgresql connection string. 2015-09-14 13:43:06 +03:00
Lassi Pölönen a9aaee6f5a Explicitly set timezone with PostgreSQL timestamps. 2015-09-14 13:43:06 +03:00
Lassi Pölönen 79f68c934a Call ResetDB as Cleanup routine to close existing database connections
on backend unmount.
2015-09-11 11:45:58 +03:00
Vishal Nayak 08f7fb9c8d Merge pull request #580 from hashicorp/zeroaddress-path
Add root authenticated path to allow default CIDR to select roles
2015-09-10 15:28:49 -04:00
Jeff Mitchell 39cfcccdac Remove error returns from sysview TTL calls 2015-09-10 15:09:54 -04:00
Jeff Mitchell 488d33c70a Rejig how dynamic values are represented in system view and location of some functions in various packages; create mount-tune command and API analogues; update documentation 2015-09-10 15:09:54 -04:00
Jeff Mitchell 4239f9d243 Add DynamicSystemView. This uses a pointer to a pointer to always have
up-to-date information. This allows remount to be implemented with the
same source and dest, allowing mount options to be changed on the fly.
If/when Vault gains the ability to HUP its configuration, this should
just work for the global values as well.

Need specific unit tests for this functionality.
2015-09-10 15:09:54 -04:00
Jeff Mitchell d435048d9e Switch StaticSystemView values to pointers, to support updating 2015-09-10 15:09:54 -04:00
vishalnayak 473c1d759d Vault SSH: Testing credential creation on zero address roles 2015-09-10 11:55:07 -04:00
vishalnayak d26497267c Vault SSH: Expected data for testRoleRead 2015-09-10 10:44:26 -04:00
vishalnayak 475df43c59 Merge branch 'master' of https://github.com/hashicorp/vault 2015-09-10 10:03:17 -04:00
vishalnayak d6b40c576d Vault SSH: Refactoring tests 2015-09-03 18:56:45 -04:00
vishalnayak 17c266bfd3 Vault SSH: Refactor lookup test case 2015-09-03 18:43:53 -04:00
vishalnayak c8c472e461 Vault SSH: Testcase restructuring 2015-09-03 18:11:04 -04:00
Jeff Mitchell 959a727acd Don't re-use tls configuration, to fix a possible race issue during test 2015-09-03 13:04:32 -04:00
vishalnayak 3e7aa75d70 Vault SSH: make Zeroaddress entry Remove method private 2015-08-31 17:10:55 -04:00
vishalnayak 9918105404 Vault SSH: Store roles as slice of strings 2015-08-31 17:03:46 -04:00
vishalnayak f21ad7da4c Vault SSH: refactoring 2015-08-31 16:03:28 -04:00
vishalnayak 59bf9e6f9f Vault SSH: Refactoring backend_test 2015-08-30 14:30:59 -04:00
vishalnayak 5e3f8d53f3 Vault SSH: ZeroAddress CRUD test 2015-08-30 14:20:16 -04:00
vishalnayak 6427a7e41e Vault SSH: Add read method for zeroaddress endpoint 2015-08-29 20:22:34 -04:00