Armon Dadgar
ae02203624
logical: remove IncrementedLease, simplify ExpirationTime calculation
2015-06-17 13:59:09 -07:00
Armon Dadgar
30de4ea80d
secret/postgres: Ensure sane username length. Fixes #326
2015-06-17 13:31:56 -07:00
Jeff Mitchell
29e7ec3e21
A lot of refactoring: move PEM bundle parsing into helper/certutil, so that it is usable by other backends that want to use it to get the necessary data for TLS auth.
...
Also, enhance the raw cert bundle => parsed cert bundle to make it more useful and perform more validation checks.
More refactoring could be done within the PKI backend itself, but that can wait.
Commit contents (C)2015 Akamai Technologies, Inc. <opensource@akamai.com>
2015-06-17 16:07:20 -04:00
Vishal Nayak
3ed73d98c2
Added: Ssh CLI command and API, config lease impl, sshConnect path to backend, http handler for Ssh connect
2015-06-17 12:39:49 -04:00
Vishal Nayak
08c921c75e
Vault SSH: POC Stage 1. Skeleton implementation.
2015-06-16 16:58:54 -04:00
Jeff Mitchell
49f1fdbdcc
Merge branch 'master' into f-pki
2015-06-16 13:43:25 -04:00
Jeff Mitchell
03b0675350
A bunch of cleanup and moving around. logical/certutil is a package that now has helper functions
...
useful for other parts of Vault (including the API) to take advantage of.
Commit contents (C)2015 Akamai Technologies, Inc. <opensource@akamai.com>
2015-06-16 13:43:12 -04:00
Seth Vargo
3331950d7e
Merge pull request #349 from hashicorp/sethvargo/put_on_dat_post_yo
...
Accept PUT as well as post to sys/mounts
2015-06-16 13:32:15 -04:00
Mitchell Hashimoto
4bf84392ec
credential/github: get rid of stray tab
2015-06-16 10:05:51 -07:00
Mitchell Hashimoto
0ecf05c043
command/auth, github: improve cli docs
...
/cc @sethvargo
2015-06-16 10:05:11 -07:00
Seth Vargo
79388d2446
Accept PUT as well as post to sys/mounts
2015-06-16 13:02:21 -04:00
Mitchell Hashimoto
c249bc46e4
update CHANGELOG
2015-06-16 10:00:38 -07:00
Mitchell Hashimoto
8d39d21ac2
helper/kv-builder: blank values should not panic
2015-06-16 10:00:02 -07:00
Armon Dadgar
07df5c251d
Merge pull request #341 from ryancurrah/ryancurrah-doc-transit-echofix
...
Do not output the trailing newline in encoding.
2015-06-15 17:36:01 -07:00
Armon Dadgar
9606027736
Merge pull request #342 from bluecmd/patch-1
...
Record the common name in TLS metadata
2015-06-15 17:35:53 -07:00
Seth Vargo
f3abf5bcc8
Merge pull request #344 from hashicorp/sethvargo/doc_policy
...
Document longest-prefix match
2015-06-15 14:31:42 -04:00
Seth Vargo
db178571eb
Document longest-prefix match
...
Fixes https://github.com/hashicorp/vault/issues/331
2015-06-15 14:29:20 -04:00
Seth Vargo
90dfbe2883
Update gems
2015-06-15 13:54:36 -04:00
Christian Svensson
e3d3012795
Record the common name in TLS metadata
...
It is useful to be able to save the client cert's Common Name for auditing purposes when using a central CA.
This adds a "common_name" value to the Metadata structure passed from login.
2015-06-14 23:18:21 +01:00
Ryan Currah
c232fee6b3
Do not output the trailing newline in encoding.
...
Added -n to echo command to prevent newlines from showing up in encoding.
2015-06-13 12:03:57 -04:00
Pradeep Chhetri
53748c8c63
Fixed a failing test and drop table after running tests
2015-06-13 08:24:27 +05:45
Jeff Mitchell
e17ced0d51
Fix a docs-out-of-date bug.
...
Commit contents (C)2015 Akamai Technologies, Inc. <opensource@akamai.com>
2015-06-12 16:33:00 -04:00
Pradeep Chhetri
5fe59f4b8d
Fixing List command behaviour
2015-06-12 23:16:46 +05:45
Pradeep Chhetri
0bf52546af
Added the test as per suggestion
2015-06-12 15:32:45 +05:45
Pradeep Chhetri
30cef9fe77
Changes done as per feedback
2015-06-12 13:24:41 +05:45
Jeff Mitchell
ae1cbc1a7a
Erp, forgot this feedback...
...
Commit contents (C)2015 Akamai Technologies, Inc. <opensource@akamai.com>
2015-06-11 23:16:13 -04:00
Jeff Mitchell
7cf1f186ed
Add locking for revocation/CRL generation. I originally was going to use an RWMutex but punted, because it's not worth trying to save some milliseconds with the possibility of getting something wrong. So the entire operations are now wrapped, which is minimally slower but very safe.
...
Commit contents (C)2015 Akamai Technologies, Inc. <opensource@akamai.com>
2015-06-11 22:28:13 -04:00
Jeff Mitchell
018c0ec7f5
Address most of Armon's initial feedback.
...
Commit contents (C)2015 Akamai Technologies, Inc. <opensource@akamai.com>
2015-06-11 21:57:05 -04:00
Jeff Mitchell
db5354823f
Fix some out-of-date examples.
...
Commit contents (C)2015 Akamai Technologies, Inc. <opensource@akamai.com>
2015-06-11 21:17:05 -04:00
Pradeep Chhetri
ace36da4ce
Physical MySQL backend implementation - First Cut
2015-06-09 01:37:25 +05:45
Jeff Mitchell
1513e2baa4
Add acceptance tests
...
* CA bundle uploading
* Basic role creation
* Common Name restrictions
* IP SAN restrictions
* EC + RSA keys
* Various key usages
* Lease times
* CA fetching in various formats
* DNS SAN handling
Also, fix a bug when trying to get code signing certificates.
Not tested:
* Revocation (I believe this is impossible with the current testing framework)
Commit contents (C)2015 Akamai Technologies, Inc. <opensource@akamai.com>
2015-06-08 00:06:09 -04:00
Jeff Mitchell
0d832de65d
Initial PKI backend implementation.
...
Complete:
* Up-to-date API documents
* Backend configuration (root certificate and private key)
* Highly granular role configuration
* Certificate generation
* CN checking against role
* IP and DNS subject alternative names
* Server, client, and code signing usage types
* Later certificate (but not private key) retrieval
* CRL creation and update
* CRL/CA bare endpoints (for cert extensions)
* Revocation (both Vault-native and by serial number)
* CRL force-rotation endpoint
Missing:
* OCSP support (can't implement without changes in Vault)
* Unit tests
Commit contents (C)2015 Akamai Technologies, Inc. <opensource@akamai.com>
2015-06-08 00:06:09 -04:00
Armon Dadgar
f355049ef1
Merge pull request #318 from jefferai/f-fix-client-default
...
Fix nil dereference in API client
2015-06-06 13:35:48 -07:00
Jeff Mitchell
2de991ac7a
The docs say that if HttpClient is nil, http.DefaultClient will be used. However, the code doesn't do this, resulting in a nil dereference.
2015-06-04 14:01:10 -04:00
Seth Vargo
5ba39a6a99
Merge pull request #315 from justincampbell/docs-json-auth
...
docs: Fix examples of auth via JSON
2015-06-04 11:08:01 -04:00
Justin Campbell
2a1eac837c
docs: Fix examples of auth via JSON
...
For both userpass and LDAP
2015-06-04 10:38:11 -04:00
Justin Campbell
d634a92d2a
Remove .DS_Store
...
Already gitignored
2015-06-04 10:17:00 -04:00
Armon Dadgar
5c074685f3
Merge pull request #313 from hashicorp/sethvargo/update_aws
...
Update to the new location for the aws sdk
2015-06-03 21:41:44 +02:00
Seth Vargo
dcc8a40b32
Save new aws library
2015-06-03 15:07:39 -04:00
Seth Vargo
a02f62ee77
AWS moved from labs to official
2015-06-03 15:02:49 -04:00
Armon Dadgar
7916630479
Merge pull request #297 from buth/etcd-ha
...
etcd HA + tests
2015-06-03 00:44:46 +02:00
Eric Buth
e2957ef463
etcd HA physical backend: added documention + style updates
2015-06-02 18:00:06 -04:00
Armon Dadgar
a0cf8f1793
vault: attempt to resolve #303
2015-06-02 22:55:18 +02:00
Eric Buth
8c78cdddb1
etcd HA physical backend: stopchannel style, held state remote-only, lock value stored in semaphore key
2015-06-02 13:18:55 -04:00
Armon Dadgar
0f933df76e
vault: fixing a typo
2015-06-02 16:04:05 +02:00
Armon Dadgar
cddab080da
Merge pull request #299 from boncheff/patch-1
...
Update SPEC.md
2015-06-02 15:56:31 +02:00
boncheff
5f15d1e5cc
Update SPEC.md
2015-06-02 14:51:43 +01:00
Eric Buth
baaa9bd10c
etcd HA + tests
2015-06-01 18:29:54 -04:00
Seth Vargo
3a0e19cb4e
Merge pull request #270 from sheldonh/no_export_vault_token
...
Don't recommend exporting VAULT_TOKEN
2015-06-01 11:52:40 -04:00
Armon Dadgar
024d128b5e
Merge pull request #293 from karel1980/typo1
...
Typo fix
2015-06-01 17:26:16 +02:00