Will Glynn
282f648597
Document that AWS STS lease revocation is a no-op [ fixes #3736 ] ( #3760 )
2018-01-08 10:28:07 -06:00
Brian Shumate
2481803ac5
Update some approle related help output ( #3747 )
2018-01-03 13:56:14 -05:00
Brian Nuszkowski
aa4d5a942e
Add the ability to pass in mfa parameters when authenticating via the… ( #3729 )
2017-12-26 13:40:44 -05:00
Brian Kassouf
a97b8c6f30
secret/database: Fix upgrading database backend ( #3714 )
2017-12-18 19:38:47 -08:00
Calvin Leung Huang
c4e951efb8
Add period and max_ttl to cert role creation ( #3642 )
2017-12-18 15:29:45 -05:00
Chris Hoffman
b1aee36251
short circuit cert extensions check ( #3712 )
2017-12-18 13:19:05 -05:00
Travis Cosgrave
cf3e284396
Use Custom Cert Extensions as Cert Auth Constraint ( #3634 )
2017-12-18 12:53:44 -05:00
Jeff Mitchell
08f73e4a50
Merge pull request #3695 from hashicorp/creds-period-logic
2017-12-18 12:40:03 -05:00
Jeff Mitchell
77a7c52392
Merge branch 'master' into f-nomad
2017-12-18 12:23:39 -05:00
immutability
e7faad641c
Add Duo MFA to the Github backend ( #3696 )
2017-12-18 09:59:17 -05:00
Chris Hoffman
400d738403
use defaultconfig as base, adding env var test
2017-12-17 10:51:39 -05:00
Chris Hoffman
f6bed8b925
fixing up config to allow environment vars supported by api client
2017-12-17 09:10:56 -05:00
Chris Hoffman
b08606b320
adding existence check for roles
2017-12-15 19:50:20 -05:00
Chris Hoffman
b904d28d82
adding access config existence check and delete endpoint
2017-12-15 19:18:32 -05:00
Calvin Leung Huang
997a1453e7
Use shortMaxTTL on Ec2 paths
2017-12-15 17:29:40 -05:00
Chris Hoffman
c71f596fbd
address some feedback
2017-12-15 17:06:56 -05:00
Chris Hoffman
db0006ef65
Merge remote-tracking branch 'oss/master' into f-nomad
...
* oss/master:
Defer reader.Close that is used to determine sha256
changelog++
Avoid unseal failure if plugin backends fail to setup during postUnseal (#3686 )
Add logic for using Auth.Period when handling auth login/renew requests (#3677 )
plugins/database: use context with plugins that use database/sql package (#3691 )
changelog++
Fix plaintext backup in transit (#3692 )
Database gRPC plugins (#3666 )
2017-12-15 17:05:42 -05:00
Calvin Leung Huang
fe7ce434e4
Update logic on renew paths
2017-12-15 16:26:42 -05:00
Calvin Leung Huang
643451d46a
Update login logic for aws creds backend
2017-12-15 16:18:19 -05:00
Calvin Leung Huang
ba19b99f55
Update login logic for aws creds backend
2017-12-15 16:01:40 -05:00
Calvin Leung Huang
79cb82e133
Add logic for using Auth.Period when handling auth login/renew requests ( #3677 )
...
* Add logic for using Auth.Period when handling auth login/renew requests
* Set auth.TTL if not set in handleLoginRequest
* Always set auth.TTL = te.TTL on handleLoginRequest, check TTL and period against sys values on RenewToken
* Get sysView from le.Path, revert tests
* Add back auth.Policies
* Fix TokenStore tests, add resp warning when capping values
* Use switch for ttl/period check on RenewToken
* Move comments around
2017-12-15 13:30:05 -05:00
Brian Kassouf
afe53eb862
Database gRPC plugins ( #3666 )
...
* Start work on context aware backends
* Start work on moving the database plugins to gRPC in order to pass context
* Add context to builtin database plugins
* use byte slice instead of string
* Context all the things
* Move proto messages to the dbplugin package
* Add a grpc mechanism for running backend plugins
* Serve the GRPC plugin
* Add backwards compatibility to the database plugins
* Remove backend plugin changes
* Remove backend plugin changes
* Cleanup the transport implementations
* If grpc connection is in an unexpected state restart the plugin
* Fix tests
* Fix tests
* Remove context from the request object, replace it with context.TODO
* Add a test to verify netRPC plugins still work
* Remove unused mapstructure call
* Code review fixes
* Code review fixes
* Code review fixes
2017-12-14 14:03:11 -08:00
Jeff Mitchell
b478ba8bac
Merge branch 'master' into f-nomad
2017-12-14 16:44:28 -05:00
Jeff Mitchell
d752da3648
Update Consul to use the role's configured lease on renew. ( #3684 )
2017-12-14 13:28:19 -05:00
Vishal Nayak
15b3d8738e
Transit: backup/restore ( #3637 )
2017-12-14 12:51:50 -05:00
Vishal Nayak
513d12ab7c
Fix the casing problem in approle ( #3665 )
2017-12-11 16:41:17 -05:00
Florent H. CARRÉ
539d86ab2d
Hardening RSA keys for PKI and SSH ( #3593 )
2017-12-11 13:43:56 -05:00
Chris Hoffman
3b0ba609b2
Converting key_usage and allowed_domains in PKI to CommaStringSlice ( #3621 )
2017-12-11 13:13:35 -05:00
Brad Sickles
295e11d40d
Adding mfa support to okta auth backend. ( #3653 )
2017-12-07 14:17:42 -05:00
Brian Shumate
a0d1092420
Conditionally set file audit log mode ( #3649 )
2017-12-07 11:44:15 -05:00
Mohsen
2aa576149c
Small typo relating to no_store in pki secret backend ( #3662 )
...
* Removed typo :)
* Corrected typo in the website related to no_store
2017-12-07 10:40:21 -05:00
Vishal Nayak
48ac5caaa9
Transit: Refactor internal representation of key entry map ( #3652 )
...
* convert internal map to index by string
* Add upgrade test for internal key entry map
* address review feedback
2017-12-06 18:24:00 -05:00
Dominik Müller
bc523fc294
add allowed_names to cert-response ( #3654 )
2017-12-06 16:50:02 -05:00
Jeff Mitchell
bfc37f0847
Re-add some functionality lost during last dep update ( #3636 )
2017-12-01 10:18:26 -05:00
Nicolas Corrarello
b5fd1ce953
Adding SealWrap configuration, protecting the config/access path
...
Signed-off-by: Nicolas Corrarello <nicolas@corrarello.com>
2017-11-29 21:53:21 +00:00
Nicolas Corrarello
b3799697a2
Rename policy into policies
2017-11-29 16:31:17 +00:00
Nicolas Corrarello
0d8f812dc8
Checking if client is not nil before deleting token
...
Signed-off-by: Nicolas Corrarello <nicolas@corrarello.com>
2017-11-29 16:23:03 +00:00
Nicolas Corrarello
239a9a9985
%q quotes automatically
...
Signed-off-by: Nicolas Corrarello <nicolas@corrarello.com>
2017-11-29 16:19:31 +00:00
Nicolas Corrarello
62fe10204a
Refactoring check for empty accessor as per Vishals suggestion
...
Signed-off-by: Nicolas Corrarello <nicolas@corrarello.com>
2017-11-29 15:58:39 +00:00
Nicolas Corrarello
a6d3119e3e
Pull master into f-nomad
...
Signed-off-by: Nicolas Corrarello <nicolas@corrarello.com>
2017-11-29 15:56:37 +00:00
Nicolas Corrarello
89466815ba
Return an error if accesor_id is nil
...
Signed-off-by: Nicolas Corrarello <nicolas@corrarello.com>
2017-11-29 15:18:03 +00:00
Nicolas Corrarello
031f244922
Returning nil config if is actually nil, and catching the error before creating the client in backend.go
...
Signed-off-by: Nicolas Corrarello <nicolas@corrarello.com>
2017-11-29 11:15:54 +00:00
Nicolas Corrarello
2a4f63e4a5
Moving LeaseConfig function to path_config_lease.go
...
Signed-off-by: Nicolas Corrarello <nicolas@corrarello.com>
2017-11-29 11:07:17 +00:00
Nicolas Corrarello
4f91a71c29
Return error before creating a client if conf is nil
2017-11-29 11:01:31 +00:00
Nicolas Corrarello
e2be4bfd74
Sanitizing error outputs
2017-11-29 10:58:02 +00:00
Nicolas Corrarello
604ead3a37
Renaming tokenRaw to accessorIDRaw to avoid confusion, as the token is not being used for revoking itself
2017-11-29 10:48:55 +00:00
Nicolas Corrarello
34b5919931
Updating descriptions, defaults for roles
2017-11-29 10:44:40 +00:00
Nicolas Corrarello
fc81d8a07c
Validating that Address and Token are provided in path_config_access.go
2017-11-29 10:36:34 +00:00
Nicolas Corrarello
aab72464d6
Removing legacy field scheme that belonged to the Consul API
2017-11-29 10:29:39 +00:00
Joel Thompson
6f5aeeeae2
auth/aws: Check credential availability before auth ( #3465 )
...
Checks to ensure we can get a valid credential from the credential chain
when using the vault CLI to do AWS auth.
Fixes #3383
2017-11-13 15:43:24 -05:00