* Initialized basic outline of TOTP backend using Postgresql backend as template
* Updated TOTP backend.go's structure and help string
* Updated TOTP path_roles.go's structure and help strings
* Updated TOTP path_role_create.go's structure and help strings
* Fixed typo in path_roles.go
* Fixed errors in path_role_create.go and path_roles.go
* Added TOTP secret backend information to cli commands
* Fixed build errors in path_roles.go and path_role_create.go
* Changed field values of period and digits from uint to int, added uint conversion of period when generating passwords
* Initialized TOTP test file based on structure of postgresql test file
* Added enforcement of input values
* Added otp library to vendor folder
* Added test steps and cleaned up errors
* Modified read credential test step, not working yet
* Use of vendored package not allowed - Test error
* Removed vendor files for TOTP library
* Revert "Removed vendor files for TOTP library"
This reverts commit fcd030994bc1741dbf490f3995944e091b11da61.
* Hopefully fixed vendor folder issue with TOTP Library
* Added additional tests for TOTP backend
* Cleaned up comments in TOTP backend_test.go
* Added default values of period, algorithm and digits to field schema
* Changed account_name and issuer fields to optional
* Removed MD5 as a hash algorithm option
* Implemented requested pull request changes
* Added ability to validate TOTP codes
* Added ability to have a key generated
* Added skew, qr size and key size parameters
* Reset vendor.json prior to merge
* Readded otp and barcode libraries to vendor.json
* Modified help strings for path_role_create.go
* Fixed test issue in testAccStepReadRole
* Cleaned up error formatting, variable names and path names. Also added some additional documentation
* Moveed barcode and url output to key creation function and did some additional cleanup based on requested changes
* Added ability to pass in TOTP urls
* Added additional tests for TOTP server functions
* Removed unused QRSize, URL and Generate members of keyEntry struct
* Removed unnecessary urlstring variable from pathKeyCreate
* Added website documentation for TOTP secret backend
* Added errors if generate is true and url or key is passed, removed logger from backend, and revised parameter documentation.
* Updated website documentation and added QR example
* Added exported variable and ability to disable QR generation, cleaned up error reporting, changed default skew value, updated documentation and added additional tests
* Updated API documentation to inlude to exported variable and qr size option
* Cleaned up return statements in path_code, added error handling while validating codes and clarified documentation for generate parameters in path_keys
* Refactor to consolidate constraints on the matching chain
* Add CN prefix/suffix constraint
* Maintain backwards compatibility (pick a random cert if multiple match)
* Vendor go-glob
* Replace cn_prefix/suffix with required_name/globbing
Move all the new tests to acceptance-capable tests instead of embedding in the CRL test
* Allow authenticating against a single cert
* Add new params to documentation
* Add CLI support for new param
* Refactor for style
* Support multiple (ORed) name patterns
* Rename required_names to allowed_names
* Update docs for parameter rename
* Use the new TypeCommaStringSlice
* Rename builtin/credential/aws-ec2 to aws
The aws-ec2 authentication backend is being expanded and will become the
generic aws backend. This is a small rename commit to keep the commit
history clean.
* Expand aws-ec2 backend to more generic aws
This adds the ability to authenticate arbitrary AWS IAM principals using
AWS's sts:GetCallerIdentity method. The AWS-EC2 auth backend is being to
just AWS with the expansion.
* Add missing aws auth handler to CLI
This was omitted from the previous commit
* aws auth backend general variable name cleanup
Also fixed a bug where allowed auth types weren't being checked upon
login, and added tests for it.
* Update docs for the aws auth backend
* Refactor aws bind validation
* Fix env var override in aws backend test
Intent is to override the AWS environment variables with the TEST_*
versions if they are set, but the reverse was happening.
* Update docs on use of IAM authentication profile
AWS now allows you to change the instance profile of a running instance,
so the use case of "a long-lived instance that's not in an instance
profile" no longer means you have to use the the EC2 auth method. You
can now just change the instance profile on the fly.
* Fix typo in aws auth cli help
* Respond to PR feedback
* More PR feedback
* Respond to additional PR feedback
* Address more feedback on aws auth PR
* Make aws auth_type immutable per role
* Address more aws auth PR feedback
* Address more iam auth PR feedback
* Rename aws-ec2.html.md to aws.html.md
Per PR feedback, to go along with new backend name.
* Add MountType to logical.Request
* Make default aws auth_type dependent upon MountType
When MountType is aws-ec2, default to ec2 auth_type for backwards
compatibility with legacy roles. Otherwise, default to iam.
* Pass MountPoint and MountType back up to the core
Previously the request router reset the MountPoint and MountType back to
the empty string before returning to the core. This ensures they get set
back to the correct values.
* WIP on invalidate function
* cassandraConnectionProducer has Close()
* Delete database from connections map on successful db.Close()
* Move clear connection into its own func
* Use const for database config path
Adding a boolean field that determines whether users will be allowed to
set the ID of the signed SSH key or whether it will always be the token
display name. Preventing users from changing the ID and always using
the token name is useful for auditing who actually used a key to access
a remote host since sshd logs key IDs.
* Use constants for storage paths
* Upgrade path for public key storage
* Fix calculateValidPrincipals, upgrade ca_private_key, and other changes
* Remove a print statement
* Added tests for upgrade case
* Make exporting consistent in creation bundle
* unexporting and constants
* Move keys into a struct instead of plain string
* minor changes
* docs: input format for default_critical_options and default_extensions
* s/sshca/ssh
* Added default_critical_options and default_extensions to the read endpoint of role
* Change default time return value to 0