Commit graph

3396 commits

Author SHA1 Message Date
vishalnayak 2810196e0f Use fullsailor/pkcs7 package instead of its fork. Fix tests 2016-04-26 10:22:29 -04:00
vishalnayak 5a2e1340df Removed redundant AWS public certificate. Docs update. 2016-04-26 10:22:29 -04:00
vishalnayak a456f2c3f6 Removed region parameter from config/client endpoint.
Region to create ec2 client objects is fetched from the identity document.
Maintaining a map of cached clients indexed by region.
2016-04-26 10:22:29 -04:00
vishalnayak 790b143c75 Instance ID can optionally be accepted as a the role tag parameter. 2016-04-26 10:22:29 -04:00
vishalnayak 58c485f519 Support providing multiple certificates.
Append all the certificates to the PKCS#7 parser during signature verification.
2016-04-26 10:22:29 -04:00
Jeff Mitchell fd977bb478 Updating to docs 2016-04-26 10:22:29 -04:00
vishalnayak 9d4a7c5901 Docs update 2016-04-26 10:22:29 -04:00
vishalnayak ba9c86c92d Added acceptance test for login endpoint 2016-04-26 10:22:29 -04:00
vishalnayak c2c1a5eedc Added test case TestBackend_PathBlacklistRoleTag 2016-04-26 10:22:29 -04:00
vishalnayak 85c9176cb4 Return 4xx error at appropriate places 2016-04-26 10:22:29 -04:00
vishalnayak 1841ef0ebf Tested pathImageTag 2016-04-26 10:22:29 -04:00
vishalnayak 80e3063334 Tested parseRoleTagValue 2016-04-26 10:22:29 -04:00
vishalnayak dab1a00313 Make client nonce optional even during first login, when disallow_reauthentication is set 2016-04-26 10:22:29 -04:00
vishalnayak e0cf8c5608 Rename 'name' to 'ami_id' for clarity 2016-04-26 10:22:29 -04:00
vishalnayak 092feca996 Moved HMAC parsing inside parseRoleTagValue 2016-04-26 10:22:29 -04:00
vishalnayak ddfdf37d33 Properly handle empty client nonce case when disallow_reauthentication is set 2016-04-26 10:22:29 -04:00
vishalnayak b8d9b18193 Added disallow_reauthentication feature 2016-04-26 10:22:29 -04:00
vishalnayak a1d07cbff5 Remove todo and change clientNonce length limit to 128 chars 2016-04-26 10:22:28 -04:00
Jeff Mitchell bb276d350a Fix typo 2016-04-26 10:22:28 -04:00
Jeff Mitchell a5aadc908d Add environment and EC2 instance metadata role providers for AWS creds. 2016-04-26 10:22:28 -04:00
vishalnayak 012f9273f7 Remove certificate verification 2016-04-26 10:22:28 -04:00
vishalnayak 41cc7c4a15 Test path config/certificate 2016-04-26 10:22:28 -04:00
vishalnayak 5ff8d0cf96 Add existence check verification to config/client testcase 2016-04-26 10:22:28 -04:00
vishalnayak 3286194384 Testing pathImage 2016-04-26 10:22:28 -04:00
Jeff Mitchell a8082a9a6e allow_instance_reboot -> allow_instance_migration 2016-04-26 10:22:28 -04:00
Jeff Mitchell 075a81214e Update image output to show allow_instance_reboot value and keep policies in a list 2016-04-26 10:22:28 -04:00
vishalnayak 91433fedf2 Changed the blacklist URL pattern to optionally accept base64 encoded role tags 2016-04-26 10:22:28 -04:00
vishalnayak efcc07967e Accept instance_id in the URL for whitelist endpoint 2016-04-26 10:22:28 -04:00
Jeff Mitchell cf56895772 Switch around some logic to be more consistent/readable and respect max
TTL on initial token issuance.
2016-04-26 10:22:28 -04:00
vishalnayak 338054d49e Return un-expired entries from blacklist and whitelist 2016-04-26 10:22:28 -04:00
vishalnayak b6bd30b9fb Test ConfigClient 2016-04-26 10:22:28 -04:00
vishalnayak d3adc85886 AWS EC2 instances authentication backend 2016-04-26 10:22:28 -04:00
Sean Chittenden 51a97717db Merge pull request #1351 from hashicorp/f-backend-logger
Logger objects for all the physical backends
2016-04-25 20:47:10 -07:00
Sean Chittenden 557d8b8a24 Make use of logger interface inside of the Consul BE 2016-04-25 20:10:55 -07:00
Sean Chittenden aeea7628d6 Add a *log.Logger argument to physical.Factory
Logging in the backend is a good thing.  This is a noisy interface change but should be a functional noop.
2016-04-25 20:10:32 -07:00
Sean Chittenden ef62ecbb2d changelog++ 2016-04-25 18:19:38 -07:00
Sean Chittenden 98b4ab5798 Merge pull request #1349 from hashicorp/f-vault-service
Vault-driven Consul service registration and TTL checks.
2016-04-25 18:12:06 -07:00
Sean Chittenden 5fd5869bc5 Rewriting history before it gets away from me 2016-04-25 18:05:50 -07:00
Sean Chittenden 5a33edb57d Change to the pre-0.6.4 Consul Check API
Consul is never going to pass in more than 1K of output.  This mitigates the pre-0.6.4 concern.
2016-04-25 18:01:13 -07:00
Sean Chittenden 9b8095d7ea Change to the pre-0.6.4 Consul Check API
Consul is never going to pass in more than 1K of output.  This mitigates the pre-0.6.4 concern.
2016-04-25 18:01:13 -07:00
Sean Chittenden f5183fa506 Collapse UpdateAdvertiseAddr() into RunServiceDiscovery() 2016-04-25 18:01:13 -07:00
Sean Chittenden 5104c58c54 Update tests to chase sealed -> unsealed transition 2016-04-25 18:01:13 -07:00
Sean Chittenden 7fe0b2c6a1 Persistently retry to update service registration
If the local Consul agent is not available while attempting to step down from active or up to active, retry once a second.  Allow for concurrent changes to the state with a single registration updater.  Fix standby initialization.
2016-04-25 18:01:13 -07:00
Sean Chittenden 3228d25c65 Add a small bit of wording re: disable_registration
Consul service registration for Vault requires Consul 0.6.4.
2016-04-25 18:01:13 -07:00
Sean Chittenden 3977057cc9 Disable service registration for consul HA tests 2016-04-25 18:01:13 -07:00
Sean Chittenden dd3219ec56 Provide documentation and example output 2016-04-25 18:01:13 -07:00
Sean Chittenden 3449fa1bc3 Consistently skip Consul checks
Hide all Consul checks behind `CONSUL_HTTP_ADDR` env vs `CONSUL_ADDR` which is non-standard.
2016-04-25 18:01:13 -07:00
Sean Chittenden 1f8397f0a3 Use spaces in tests to be consistent
The rest of the tests here use spaces, not tabs
2016-04-25 18:01:13 -07:00
Sean Chittenden 60006f550f Various refactoring to clean up code organization
Brought to you by: Dept of 2nd thoughts before pushing enter on `git push`
2016-04-25 18:01:13 -07:00
Sean Chittenden 53f9cea87c Compare the correct values when validating check_timeout 2016-04-25 18:01:13 -07:00