vishalnayak
2810196e0f
Use fullsailor/pkcs7 package instead of its fork. Fix tests
2016-04-26 10:22:29 -04:00
vishalnayak
5a2e1340df
Removed redundant AWS public certificate. Docs update.
2016-04-26 10:22:29 -04:00
vishalnayak
a456f2c3f6
Removed region
parameter from config/client
endpoint.
...
Region to create ec2 client objects is fetched from the identity document.
Maintaining a map of cached clients indexed by region.
2016-04-26 10:22:29 -04:00
vishalnayak
790b143c75
Instance ID can optionally be accepted as a the role tag parameter.
2016-04-26 10:22:29 -04:00
vishalnayak
58c485f519
Support providing multiple certificates.
...
Append all the certificates to the PKCS#7 parser during signature verification.
2016-04-26 10:22:29 -04:00
Jeff Mitchell
fd977bb478
Updating to docs
2016-04-26 10:22:29 -04:00
vishalnayak
9d4a7c5901
Docs update
2016-04-26 10:22:29 -04:00
vishalnayak
ba9c86c92d
Added acceptance test for login endpoint
2016-04-26 10:22:29 -04:00
vishalnayak
c2c1a5eedc
Added test case TestBackend_PathBlacklistRoleTag
2016-04-26 10:22:29 -04:00
vishalnayak
85c9176cb4
Return 4xx error at appropriate places
2016-04-26 10:22:29 -04:00
vishalnayak
1841ef0ebf
Tested pathImageTag
2016-04-26 10:22:29 -04:00
vishalnayak
80e3063334
Tested parseRoleTagValue
2016-04-26 10:22:29 -04:00
vishalnayak
dab1a00313
Make client nonce optional even during first login, when disallow_reauthentication is set
2016-04-26 10:22:29 -04:00
vishalnayak
e0cf8c5608
Rename 'name' to 'ami_id' for clarity
2016-04-26 10:22:29 -04:00
vishalnayak
092feca996
Moved HMAC parsing inside parseRoleTagValue
2016-04-26 10:22:29 -04:00
vishalnayak
ddfdf37d33
Properly handle empty client nonce case when disallow_reauthentication is set
2016-04-26 10:22:29 -04:00
vishalnayak
b8d9b18193
Added disallow_reauthentication feature
2016-04-26 10:22:29 -04:00
vishalnayak
a1d07cbff5
Remove todo and change clientNonce length limit to 128 chars
2016-04-26 10:22:28 -04:00
Jeff Mitchell
bb276d350a
Fix typo
2016-04-26 10:22:28 -04:00
Jeff Mitchell
a5aadc908d
Add environment and EC2 instance metadata role providers for AWS creds.
2016-04-26 10:22:28 -04:00
vishalnayak
012f9273f7
Remove certificate verification
2016-04-26 10:22:28 -04:00
vishalnayak
41cc7c4a15
Test path config/certificate
2016-04-26 10:22:28 -04:00
vishalnayak
5ff8d0cf96
Add existence check verification to config/client testcase
2016-04-26 10:22:28 -04:00
vishalnayak
3286194384
Testing pathImage
2016-04-26 10:22:28 -04:00
Jeff Mitchell
a8082a9a6e
allow_instance_reboot -> allow_instance_migration
2016-04-26 10:22:28 -04:00
Jeff Mitchell
075a81214e
Update image output to show allow_instance_reboot value and keep policies in a list
2016-04-26 10:22:28 -04:00
vishalnayak
91433fedf2
Changed the blacklist URL pattern to optionally accept base64 encoded role tags
2016-04-26 10:22:28 -04:00
vishalnayak
efcc07967e
Accept instance_id in the URL for whitelist endpoint
2016-04-26 10:22:28 -04:00
Jeff Mitchell
cf56895772
Switch around some logic to be more consistent/readable and respect max
...
TTL on initial token issuance.
2016-04-26 10:22:28 -04:00
vishalnayak
338054d49e
Return un-expired entries from blacklist and whitelist
2016-04-26 10:22:28 -04:00
vishalnayak
b6bd30b9fb
Test ConfigClient
2016-04-26 10:22:28 -04:00
vishalnayak
d3adc85886
AWS EC2 instances authentication backend
2016-04-26 10:22:28 -04:00
Sean Chittenden
51a97717db
Merge pull request #1351 from hashicorp/f-backend-logger
...
Logger objects for all the physical backends
2016-04-25 20:47:10 -07:00
Sean Chittenden
557d8b8a24
Make use of logger interface inside of the Consul BE
2016-04-25 20:10:55 -07:00
Sean Chittenden
aeea7628d6
Add a *log.Logger argument to physical.Factory
...
Logging in the backend is a good thing. This is a noisy interface change but should be a functional noop.
2016-04-25 20:10:32 -07:00
Sean Chittenden
ef62ecbb2d
changelog++
2016-04-25 18:19:38 -07:00
Sean Chittenden
98b4ab5798
Merge pull request #1349 from hashicorp/f-vault-service
...
Vault-driven Consul service registration and TTL checks.
2016-04-25 18:12:06 -07:00
Sean Chittenden
5fd5869bc5
Rewriting history before it gets away from me
2016-04-25 18:05:50 -07:00
Sean Chittenden
5a33edb57d
Change to the pre-0.6.4 Consul Check API
...
Consul is never going to pass in more than 1K of output. This mitigates the pre-0.6.4 concern.
2016-04-25 18:01:13 -07:00
Sean Chittenden
9b8095d7ea
Change to the pre-0.6.4 Consul Check API
...
Consul is never going to pass in more than 1K of output. This mitigates the pre-0.6.4 concern.
2016-04-25 18:01:13 -07:00
Sean Chittenden
f5183fa506
Collapse UpdateAdvertiseAddr() into RunServiceDiscovery()
2016-04-25 18:01:13 -07:00
Sean Chittenden
5104c58c54
Update tests to chase sealed -> unsealed transition
2016-04-25 18:01:13 -07:00
Sean Chittenden
7fe0b2c6a1
Persistently retry to update service registration
...
If the local Consul agent is not available while attempting to step down from active or up to active, retry once a second. Allow for concurrent changes to the state with a single registration updater. Fix standby initialization.
2016-04-25 18:01:13 -07:00
Sean Chittenden
3228d25c65
Add a small bit of wording re: disable_registration
...
Consul service registration for Vault requires Consul 0.6.4.
2016-04-25 18:01:13 -07:00
Sean Chittenden
3977057cc9
Disable service registration for consul HA tests
2016-04-25 18:01:13 -07:00
Sean Chittenden
dd3219ec56
Provide documentation and example output
2016-04-25 18:01:13 -07:00
Sean Chittenden
3449fa1bc3
Consistently skip Consul checks
...
Hide all Consul checks behind `CONSUL_HTTP_ADDR` env vs `CONSUL_ADDR` which is non-standard.
2016-04-25 18:01:13 -07:00
Sean Chittenden
1f8397f0a3
Use spaces in tests to be consistent
...
The rest of the tests here use spaces, not tabs
2016-04-25 18:01:13 -07:00
Sean Chittenden
60006f550f
Various refactoring to clean up code organization
...
Brought to you by: Dept of 2nd thoughts before pushing enter on `git push`
2016-04-25 18:01:13 -07:00
Sean Chittenden
53f9cea87c
Compare the correct values when validating check_timeout
2016-04-25 18:01:13 -07:00