luxolus/open-vault
2
0
Fork 0
Code Issues 1 Pull requests Releases Activity
7746 commits 1 branch 0 tags 214 MiB
Commit graph

947 commits

Author SHA1 Message Date
Jeff Mitchell be383217b6 If recovering from panic ensure the cert returned is nil 2017-06-16 18:18:15 -04:00
Jeff Mitchell 60d743a5b9 Go's SSH library can panic without warning; recover. 
Ping #2877 -- but don't close yet in case there are more places.
 2017-06-16 18:16:45 -04:00
Matthew Irish d26a8ebf5e add min_encryption_version to the transit key response (#2838) 2017-06-08 13:07:18 -05:00
Jeff Mitchell fdf92aeba5 Add listing to database connections. (#2827) 
Fixes #2823
 2017-06-07 10:03:17 -04:00
Jeff Mitchell a7fca34076 Add ability to specify encryption key version in transit (#2821) 2017-06-06 16:02:54 -04:00
Brian Kassouf 606fe393be Use the role name in the db username (#2812) 2017-06-06 09:49:49 -04:00
Jeff Mitchell 3eebd5cf5a ed25519 support in transit (#2778) 2017-06-05 15:00:39 -04:00
Jeff Mitchell f7df60b131 Allow accessing Warnings directly in Response. (#2806) 
A change in copystructure has caused some panics due to the custom copy
function. I'm more nervous about production panics than I am about
keeping some bad code wiping out some existing warnings, so remove the
custom copy function and just allow direct setting of Warnings.
 2017-06-05 10:52:43 -04:00
Jeff Mitchell 4693881fe9 Update some path-help in datakey 2017-05-23 10:04:32 -04:00
Vishal Nayak 2557693aa3 Added host key call back for ssh config (#2752) 2017-05-21 20:16:13 -04:00
emily aa40d2cff6 add gofmt checks to Vault and format existing code (#2745) 2017-05-19 08:34:17 -04:00
sprohaska 90be96989a logical/aws: Fix typo in warning message (#2747) 
Signed-off-by: Steffen Prohaska <prohaska@zib.de>
 2017-05-19 06:20:54 -04:00
Brian Kassouf 533dbe5d4c Update the error when no key can be found to a more clear error text (#2720) 2017-05-12 14:14:00 -04:00
Brian Kassouf 1460c2fcc7 Add plugin level docs for what statements are supported and how they should be formatted 2017-05-11 11:59:58 -07:00
Seth Rutner 3874b63af3 Fix typos in error message (#2692) 2017-05-10 10:28:35 -04:00
Jeff Mitchell d25aa9fc21 Don't write salts in initialization, look up on demand (#2702) 2017-05-09 17:51:09 -04:00
Jeff Mitchell 185ba8a1c3 Only run cassandra tests on Travis for right now 2017-05-09 08:36:20 -04:00
Jeff Mitchell 6f6f242061 Add logic to skip initialization in some cases and some invalidation logic 2017-05-05 15:01:52 -04:00
Brian Kassouf 7dcec6e68f Merge remote-tracking branch 'oss/master' into database-refactor 2017-05-04 12:40:00 -07:00
Brian Kassouf 82b58d5b9c Update docs and return a better error message 2017-05-04 11:45:27 -07:00
mymercurialsky 4c0e3c5d2f Implemented TOTP Secret Backend (#2492) 
* Initialized basic outline of TOTP backend using Postgresql backend as template

* Updated TOTP backend.go's structure and help string

* Updated TOTP path_roles.go's structure and help strings

* Updated TOTP path_role_create.go's structure and help strings

* Fixed typo in path_roles.go

* Fixed errors in path_role_create.go and path_roles.go

* Added TOTP secret backend information to cli commands

* Fixed build errors in path_roles.go and path_role_create.go

* Changed field values of period and digits from uint to int, added uint conversion of period when generating passwords

* Initialized TOTP test file based on structure of postgresql test file

* Added enforcement of input values

* Added otp library to vendor folder

* Added test steps and cleaned up errors

* Modified read credential test step, not working yet

* Use of vendored package not allowed - Test error

* Removed vendor files for TOTP library

* Revert "Removed vendor files for TOTP library"

This reverts commit fcd030994bc1741dbf490f3995944e091b11da61.

* Hopefully fixed vendor folder issue with TOTP Library

* Added additional tests for TOTP backend

* Cleaned up comments in TOTP backend_test.go

* Added default values of period, algorithm and digits to field schema

* Changed account_name and issuer fields to optional

* Removed MD5 as a hash algorithm option

* Implemented requested pull request changes

* Added ability to validate TOTP codes

* Added ability to have a key generated

* Added skew, qr size and key size parameters

* Reset vendor.json prior to merge

* Readded otp and barcode libraries to vendor.json

* Modified help strings for path_role_create.go

* Fixed test issue in testAccStepReadRole

* Cleaned up error formatting, variable names and path names. Also added some additional documentation

* Moveed barcode and url output to key creation function and did some additional cleanup based on requested changes

* Added ability to pass in TOTP urls

* Added additional tests for TOTP server functions

* Removed unused QRSize, URL and Generate members of keyEntry struct

* Removed unnecessary urlstring variable from pathKeyCreate

* Added website documentation for TOTP secret backend

* Added errors if generate is true and url or key is passed, removed logger from backend, and revised parameter documentation.

* Updated website documentation and added QR example

* Added exported variable and ability to disable QR generation, cleaned up error reporting, changed default skew value, updated documentation and added additional tests

* Updated API documentation to inlude to exported variable and qr size option

* Cleaned up return statements in path_code, added error handling while validating codes and clarified documentation for generate parameters in path_keys
 2017-05-04 10:49:42 -07:00
Brian Kassouf 5ee0d696d4 Merge remote-tracking branch 'oss/master' into database-refactor 2017-05-04 10:45:18 -07:00
Brian Kassouf 29bfc0a0d4 PR comments 2017-05-04 10:41:59 -07:00
Brian Kassouf 0875e78a13 Feedback from PR 2017-05-03 17:37:34 -07:00
Brian Kassouf cbcb8635a4 Update databse backend tests to use the APIClientMeta for the plugin conns 2017-05-03 16:34:09 -07:00
Calvin Leung Huang 26cf09ab15 Minor comment update on cert_util 2017-05-03 16:13:54 -04:00
Chris Hoffman 1c14d207b5 Merge pull request #2575 from hashicorp/pki-colons-to-hyphens 
Change storage of PKI entries from colons to hyphens
 2017-05-03 15:07:15 -04:00
Chris Hoffman e34a45fdcd Minor readability enhancements for migration path from old to new 2017-05-03 14:58:22 -04:00
Calvin Leung Huang a00a7815f6 Include and use normalizeSerial func 2017-05-03 10:12:58 -04:00
Brian Kassouf 7ae8f02f4b Only wrap in tracing middleware if the logger is set to trace level 2017-05-02 17:19:49 -07:00
Brian Kassouf 29d9b831d3 Update the api for serving plugins and provide a utility to pass TLS data for commuinicating with the vault process 2017-05-02 14:40:11 -07:00
Calvin Leung Huang 2b7a66e23b Use variables for string replacements on cert_util 2017-05-02 14:11:57 -04:00
Brian Kassouf c8bbea9f37 Rename NewPluginServer to just Serve 2017-05-02 02:00:39 -07:00
Brian Kassouf b3819c433b Don't store an error response as a package variable 2017-05-01 15:30:56 -07:00
Brian Kassouf 9a60ec9fda Update interface name from Wrapper to a more descriptive RunnerUtil 2017-05-01 14:59:55 -07:00
Justin Gerace 403efeb5ae Add globbing support to the PKI backend's allowed_domains list (#2517) 2017-05-01 10:40:18 -04:00
Calvin Leung Huang ff4cf41ebb Add test for ca and crl case 2017-04-28 08:55:28 -04:00
Vishal Nayak 8bb6c8caef Return error message for failure to parse CSR (#2657) 2017-04-28 08:30:24 -04:00
Calvin Leung Huang 802d030506 Refactor cert_util_test 2017-04-27 17:09:59 -04:00
Calvin Leung Huang b5990321bf Verify update operation was performed on revokeCert 2017-04-27 12:30:44 -04:00
Calvin Leung Huang 3b27a9c12c Rename tests, use HandleRequest() for existing paths 2017-04-27 09:47:56 -04:00
Brian Kassouf 53752c3002 Add check to ensure we don't overwrite existing connections 2017-04-26 16:43:42 -07:00
Brian Kassouf 081101c7cf Add an error check to reset a plugin if it is closed 2017-04-26 15:55:34 -07:00
Brian Kassouf d0cad5345a Update to a RWMutex 2017-04-26 15:23:14 -07:00
Calvin Leung Huang 628e5d594b Add remaining tests 2017-04-26 16:05:58 -04:00
Brian Kassouf 4782d9d2af Update the error messages for renew and revoke 2017-04-26 10:29:16 -07:00
Brian Kassouf 892812d67d Change ttl types to TypeDurationSecond 2017-04-26 10:02:37 -07:00
Calvin Leung Huang d24757f2e0 Fix crl_util test 2017-04-26 09:58:34 -04:00
Calvin Leung Huang 18ed2d6097 Tests for cert and crl util 2017-04-26 02:46:01 -04:00
Brian Kassouf e3e5f12f9e Default deny when allowed roles is empty 2017-04-25 11:48:24 -07:00
Brian Kassouf 207d01fd39 Update the connection details data and fix allowedRoles 2017-04-25 11:11:10 -07:00
Brian Kassouf eb0f831d6a Rename path_role_create to path_creds_create 2017-04-25 10:39:17 -07:00
Brian Kassouf 3d3e4eb5a4 Use TypeCommaStringSlice for allowed_roles 2017-04-25 10:26:23 -07:00
Brian Kassouf bed1c17b1e Update logging to new structure 2017-04-25 10:24:19 -07:00
Brian Kassouf f25b367732 Don't uppercase ErrorResponses 2017-04-24 14:03:48 -07:00
Brian Kassouf 378ae98809 s/DatabaseType/Database/ 2017-04-24 13:59:12 -07:00
Brian Kassouf 6f9d178370 Calls to builtin plugins now go directly to the implementation instead of go-plugin 2017-04-20 18:46:41 -07:00
Brian Kassouf af9ff63e9a Merge remote-tracking branch 'oss/master' into database-refactor 2017-04-19 15:16:00 -07:00
Chris Hoffman 847c86f788 Rename ParseDedupAndSortStrings to ParseDedupLowercaseAndSortStrings (#2614) 2017-04-19 10:39:07 -04:00
Chris Hoffman 2ee593c6ea Mssql driver update (#2610) 
* Switching driver from mssql to sqlserver
* Adding explicit database to sp_msloginmappings call
 2017-04-18 17:49:59 -04:00
Jeff Mitchell 4995c69763 Update sign-verbatim to correctly set generate_lease (#2593) 2017-04-18 15:54:31 -04:00
Jeff Mitchell 0897da93f0 Parse and dedup but do not lowercase principals in SSH certs. (#2591) 2017-04-18 12:21:02 -04:00
Jeff Mitchell 822d86ad90 Change storage of entries from colons to hyphens and add a 
lookup/migration path

Still TODO: tests on migration path

Fixes #2552
 2017-04-18 11:14:23 -04:00
Jeff Mitchell e8adc13826 Fix cassandra dep breakage 2017-04-17 11:51:42 -04:00
Jeff Mitchell 79fb8bdf69 Verify that a CSR specifies IP SANs before checking whether it's allowed (#2574) 2017-04-13 13:40:31 -04:00
Brian Kassouf 883c80540a Add allowed_roles parameter and checks 2017-04-13 10:33:34 -07:00
Brian Kassouf 0cfe1ea81c Cleanup path files 2017-04-12 17:35:02 -07:00
Brian Kassouf a9a05f5bba Update Type() to return an error 2017-04-12 16:41:06 -07:00
Brian Kassouf 8ccf10641b Merge branch 'master' into database-refactor 2017-04-12 14:29:10 -07:00
Brian Kassouf 128f25c13d Update help text and comments 2017-04-11 11:50:34 -07:00
Brian Kassouf c85b7be22f Remove unnecessary abstraction 2017-04-10 18:38:34 -07:00
Brian Kassouf 8071aed758 Mlock the plugin process 2017-04-10 17:12:52 -07:00
Brian Kassouf f6ff3b1146 Add a flag to tell plugins to verify the connection was successful 2017-04-10 15:36:59 -07:00
Brian Kassouf db91a80540 Update plugin test 2017-04-10 14:12:28 -07:00
Brian Kassouf bbbd81220c Update the interface for plugins removing functions for creating creds 2017-04-10 12:24:16 -07:00
Brian Kassouf 459e3eda4e Update backend tests 2017-04-10 10:35:16 -07:00
Brian Kassouf 93136ea51e Add backend test 2017-04-07 15:50:03 -07:00
Shivaram Lingamneni 2117dfd717 implement a no_store option for pki roles (#2565) 2017-04-07 11:25:47 -07:00
Jeff Mitchell f805618a2c Update SSH CA documentation 
Fixes #2551
Fixes #2569
 2017-04-07 11:59:25 -04:00
Brian Kassouf 62d59e5f4e Move plugin code into sub directory 2017-04-06 12:20:10 -07:00
Brian Kassouf ca2c3d0c53 Refactor to use builtin plugins from an external repo 2017-04-05 16:20:31 -07:00
Calvin Leung Huang 2255884a4c Do not mark conn as initialized until the end (#2567) 2017-04-04 14:26:59 -07:00
Brian Kassouf 305ccd54f7 Don't return strings, always structs 2017-04-04 11:33:58 -07:00
Calvin Leung Huang 9dd666c7e6 Database refactor invalidate (#2566) 
* WIP on invalidate function

* cassandraConnectionProducer has Close()

* Delete database from connections map on successful db.Close()

* Move clear connection into its own func

* Use const for database config path
 2017-04-04 11:32:42 -07:00
Jeff Mitchell 709389dd36 Use ParseStringSlice on PKI organization/organizational unit. (#2561) 
After, separately dedup and use new flag to not lowercase value.

Fixes #2555
 2017-04-04 08:54:18 -07:00
Brian Kassouf b506bd7790 On change of configuration rotate the database type 2017-04-03 18:30:38 -07:00
Brian Kassouf d7dd0ab35c Merge branch 'database-refactor' of github.com:hashicorp/vault into database-refactor 2017-04-03 17:52:41 -07:00
Brian Kassouf e8781b6a2b Plugin catalog 2017-04-03 17:52:29 -07:00
Calvin Leung Huang aa15a1d3a9 Database refactor mssql (#2562) 
* WIP on mssql secret backend refactor

* Add RevokeUser test, and use sqlserver driver internally

* Remove debug statements

* Fix code comment
 2017-04-03 09:59:30 -07:00
Brian Kassouf 210fa77e3c fix for plugin commands that have more than one paramater 2017-03-28 14:37:57 -07:00
Brian Kassouf 50729a4528 Add comments to connection and credential producers 2017-03-28 13:08:11 -07:00
Brian Kassouf b09526e1c9 Cleanup the db factory code and add comments 2017-03-28 12:57:30 -07:00
Brian Kassouf 6b877039e7 Update tests 2017-03-28 12:20:17 -07:00
Brian Kassouf c50a6ebc39 Add functionaility to build db objects from disk so restarts work 2017-03-28 11:30:45 -07:00
Brian Kassouf 02b0230f19 Fix for checking types of database on update 2017-03-28 10:04:42 -07:00
Brian Kassouf 494f963581 Wrap the database calls with tracing information 2017-03-27 15:17:28 -07:00
Brian Kassouf 2799586f45 Remove the unused sync.Once object 2017-03-27 11:46:20 -07:00
Brian Kassouf 29ae4602dc More work on getting tests to pass 2017-03-23 15:54:15 -07:00
Brian Kassouf c0223d888e Remove unsused code block 2017-03-22 17:09:39 -07:00
Brian Kassouf 1068076703 s/postgres/mysql/ 2017-03-22 16:44:33 -07:00
Brian Kassouf dac1bb210b Add test files for postgres and mysql databases 2017-03-22 16:39:08 -07:00
Brian Kassouf ae9961b811 Add a error message for empty creation statement 2017-03-22 12:40:16 -07:00
Brian Kassouf c55bef85d3 Fix race with deleting the connection 2017-03-22 09:54:19 -07:00
Brian Kassouf 85ef468d46 Add a delete method 2017-03-21 17:19:30 -07:00
Brian Kassouf 83ff132705 Verify connections regardless of if this connections is already existing 2017-03-21 16:05:59 -07:00
Vishal Nayak 003ef004c6 sshca: ensure atleast cert type is allowed (#2508) 2017-03-19 18:58:48 -04:00
Brian Kassouf a4e5e0f8c9 Comment and fix plugin Type function 2017-03-16 18:24:56 -07:00
Brian Kassouf 417770a58f Change the handshake config from the default 2017-03-16 17:51:25 -07:00
Brian Kassouf 2873825848 Add a secure config to verify the checksum of the plugin 2017-03-16 16:20:18 -07:00
Brian Kassouf f2df4ef0e7 Comment and slight refactor of the TLS plugin helper 2017-03-16 14:14:49 -07:00
Brian Kassouf 0a52ea5c69 Break tls code into helper library 2017-03-16 11:55:21 -07:00
Jeff Mitchell 24886c1006 Ensure CN check is made when exclude_cn_from_sans is used 
Fixes #2363
 2017-03-16 11:41:13 -04:00
Jeff Mitchell ae8967d635 Always include a hash of the public key and "vault" (to know where it (#2498) 
came from) when generating a cert for SSH.

Follow on from #2494
 2017-03-16 11:14:17 -04:00
Mike Okner 95df7beed9 Adding allow_user_key_ids field to SSH role config (#2494) 
Adding a boolean field that determines whether users will be allowed to
set the ID of the signed SSH key or whether it will always be the token
display name.  Preventing users from changing the ID and always using
the token name is useful for auditing who actually used a key to access
a remote host since sshd logs key IDs.
 2017-03-16 08:45:11 -04:00
Brian Kassouf eb6117cbb2 Work on TLS communication over plugins 2017-03-15 17:14:48 -07:00
Jeff Mitchell 12e5132779 Allow roles to specify whether CSR SANs should be used instead of (#2489) 
request values. Fix up some documentation.

Fixes #2451
Fixes #2488
 2017-03-15 14:38:18 -04:00
Jeff Mitchell 7ab6844eb4 Set CA chain when intermediate does not have an authority key ID. 
This is essentially an approved review of the code provided in #2465.

Fixes #2465
 2017-03-15 11:52:02 -04:00
Brian Kassouf 3ecb344878 wrap plugin database type with metrics middleware 2017-03-14 13:12:47 -07:00
Brian Kassouf 822a3eb20a Add a metrics middleware 2017-03-14 13:11:28 -07:00
Stanislav Grozev 662b372364 Reads on unconfigured SSH CA public key return 400 2017-03-14 10:21:48 -04:00
Stanislav Grozev 7d59d7d3ac Reads on ssh/config/ca return the public keys 
If configured/generated.
 2017-03-14 10:21:48 -04:00
Stanislav Grozev 830de2dbbd If generating an SSH CA signing key - return the public part 
So that the user can actually use the SSH CA, by adding the public key
to their respective sshd_config/authorized_keys, etc.
 2017-03-14 10:21:48 -04:00
Brian Kassouf 2054fff890 Add a way to initalize plugins and builtin databases the same way. 2017-03-13 14:39:55 -07:00
Brian Kassouf 71b81aad23 Add checksum attribute 2017-03-10 14:10:42 -08:00
Brian Kassouf a11911d4d4 Rename reset to close 2017-03-09 22:35:45 -08:00
Brian Kassouf fda45f531d Add special path to enforce root on plugin configuration 2017-03-09 21:31:29 -08:00
Brian Kassouf 748c70cfb4 Add plugin file 2017-03-09 17:43:58 -08:00
Brian Kassouf 9099231229 Add plugin features 2017-03-09 17:43:37 -08:00
Vishal Nayak 220beb2cde doc: ssh allowed_users update (#2462) 
* doc: ssh allowed_users update

* added some more context in default_user field
 2017-03-09 10:34:55 -05:00
vishalnayak f085cd71ab Fix typo 2017-03-08 17:49:39 -05:00
Brian Kassouf b7128f8370 Update secrets fields 2017-03-08 14:46:53 -08:00
Vishal Nayak 766c2e6ee0 SSH CA enhancements (#2442) 
* Use constants for storage paths

* Upgrade path for public key storage

* Fix calculateValidPrincipals, upgrade ca_private_key, and other changes

* Remove a print statement

* Added tests for upgrade case

* Make exporting consistent in creation bundle

* unexporting and constants

* Move keys into a struct instead of plain string

* minor changes
 2017-03-08 17:36:21 -05:00
Brian Kassouf 2fb6bf9882 Fix renew and revoke calls 2017-03-07 17:21:44 -08:00
Brian Kassouf b7c3b4b0d7 Add defaults to the cassandra databse type 2017-03-07 17:00:52 -08:00
Brian Kassouf 3976a2a0a6 Pass statements object 2017-03-07 16:48:17 -08:00
Brian Kassouf 843d584254 Remove unused sql object 2017-03-07 15:34:23 -08:00
Brian Kassouf 919155ab12 Remove double lock 2017-03-07 15:33:05 -08:00
Brian Kassouf c959882b93 Update locking functionaility 2017-03-07 13:48:29 -08:00
Jeff Mitchell 5119b173c4 Rename helper 'duration' to 'parseutil'. (#2449) 
Add a ParseBool function that accepts various kinds of ways of
specifying booleans.

Have config use ParseBool for UI and disabling mlock/cache.
 2017-03-07 11:21:22 -05:00
Brian Kassouf bc53e119ca rename mysql variable 2017-03-03 15:07:41 -08:00
Brian Kassouf bba832e6bf Make db instances immutable and add a reset path to tear down and create a new database instance with an updated config 2017-03-03 14:38:49 -08:00
Brian Kassouf 29e07ac9e8 Fix mysql connections 2017-03-03 14:38:49 -08:00
Brian Kassouf 24ddea9954 Add mysql into the factory 2017-03-03 14:38:48 -08:00
Brian Kassouf 8e8f260d96 Add max connection lifetime param and set consistancy on cassandra session 2017-03-03 14:38:48 -08:00
Brian Kassouf 1f009518cd s/Statement/Statements/ 2017-03-03 14:38:48 -08:00
Brian Kassouf 46aa7142c1 Add mysql database type 2017-03-03 14:38:48 -08:00
Brian Kassouf 2ec5ab5616 More work on refactor and cassandra database 2017-03-03 14:38:48 -08:00
Brian Kassouf acdcd79af3 Begin work on database refactor 2017-03-03 14:38:48 -08:00
Vishal Nayak 4b81bcb379 ssh: Added DeleteOperation to config/ca (#2434) 
* ssh: Added DeleteOperation to config/ca

* Address review feedback
 2017-03-03 10:19:45 -05:00
Jeff Mitchell 55e69277ce Update SSH CA logic/tests 2017-03-02 16:39:22 -05:00
Vishal Nayak a1331278ff Refactor the generate_signing_key processing (#2430) 2017-03-02 16:22:06 -05:00
Jeff Mitchell fa474924aa Update error text to make it more obvious what the issue is when valid principals aren't found 2017-03-02 15:56:08 -05:00
Jeff Mitchell eca68d5913 Fix a bunch of errors from returning 5xx, and parse more duration types 2017-03-02 15:38:34 -05:00
Will May 70bfdb5ae9 Changes from code review 2017-03-02 14:36:13 -05:00
Will May 36b3d89604 Allow internal generation of the signing SSH key pair 2017-03-02 14:36:13 -05:00
Vishal Nayak 3795d2ea64 Rework ssh ca (#2419) 
* docs: input format for default_critical_options and default_extensions

* s/sshca/ssh

* Added default_critical_options and default_extensions to the read endpoint of role

* Change default time return value to 0
 2017-03-01 15:50:23 -05:00
Will May 9f75f84175 Changes from code review 
Major changes are:
* Remove duplicate code
* Check the public key used to configure the backend is a valid one
 2017-03-01 15:19:18 -05:00
Will May ff1ff02bd7 Changes from code review 
Major changes are:
* Change `allow_{user,host}_certificates` to default to false
* Add separate `allowed_domains` role property
 2017-03-01 15:19:18 -05:00
Will May 099d561b20 Add ability to create SSH certificates 2017-03-01 15:19:18 -05:00
vishalnayak 2e911fc650 Fix broken build caused due to resolve merge conflicts 2017-02-24 12:41:20 -05:00
Vishal Nayak c6f138bb9a PKI: Role switch to control lease generation (#2403) 
* pki: Make generation of leases optional

* pki: add tests for upgrading generate_lease

* pki: add tests for leased and non-leased certs

* docs++ pki generate_lease

* Generate lease is applicable for both issuing and signing

* pki: fix tests

* Address review feedback

* Address review feedback
 2017-02-24 12:12:40 -05:00
Saj Goonatilleke 01f3056b8b pki: Include private_key_type on DER-formatted responses from /pki/issue/ (#2405) 2017-02-24 11:17:59 -05:00
Jeff Mitchell c81582fea0 More porting from rep (#2388) 
* More porting from rep

* Address review feedback
 2017-02-16 16:29:30 -05:00
Jeff Mitchell 0c39b613c8 Port some replication bits to OSS (#2386) 2017-02-16 15:15:02 -05:00
Jeff Mitchell c96fe56d44 Fix copypasta, thanks tests 2017-02-16 01:32:39 -05:00
Jeff Mitchell 817bec0955 Add Organization support to PKI backend. (#2380) 
Fixes #2369
 2017-02-16 01:04:29 -05:00
Vishal Nayak 7f2717b74a transit: change batch input format (#2331) 
* transit: change batch input format

* transit: no json-in-json for batch response

* docs: transit: update batch input format

* transit: fix tests after changing response format
 2017-02-06 14:56:16 -05:00
Vishal Nayak 5fb28f53cb Transit: Support batch encryption and decryption (#2143) 
* Transit: Support batch encryption

* Address review feedback

* Make the normal flow go through as a batch request

* Transit: Error out if encryption fails during batch processing

* Transit: Infer the 'derived' parameter based on 'context' being set

* Transit: Batch encryption doc updates

* Transit: Return a JSON string instead of []byte

* Transit: Add batch encryption tests

* Remove plaintext empty check

* Added tests for batch encryption, more coming..

* Added more batch encryption tests

* Check for base64 decoding of plaintext before encrypting

* Transit: Support batch decryption

* Transit: Added tests for batch decryption

* Transit: Doc update for batch decryption

* Transit: Sync the path-help and website docs for decrypt endpoint

* Add batch processing for rewrap

* transit: input validation for context

* transit: add rewrap batch option to docs

* Remove unnecessary variables from test

* transit: Added tests for rewrap use cases

* Address review feedback

* Address review feedback

* Address review feedback

* transit: move input checking out of critical path

* transit: allow empty plaintexts for batch encryption

* transit: use common structs for batch processing

* transit: avoid duplicate creation of structs; add omitempty to response structs

* transit: address review feedback

* transit: fix tests

* address review feedback

* transit: fix tests

* transit: rewrap encrypt user error should not error out

* transit: error out for internal errors
 2017-02-02 14:24:20 -05:00
Jeff Mitchell 47274eca88 Add cleanup functions to multiple DB backends. (#2313) 
Ensure it's called on unmount, not just for seal.
 2017-02-01 14:05:25 -05:00
Jeff Mitchell f1a5a858d3 Make export errors a bit more meaningful 2017-01-30 09:25:50 -05:00
Jeff Mitchell 2e15dc93df Have transit exporting return the same structure regardless of one key or many 2017-01-28 10:37:35 -05:00
Brian Kassouf e788780709 Migrate cassandra test from acceptance to dockertest (#2295) 2017-01-25 15:37:55 -05:00
Jeff Mitchell f43a041bf2 Revert "Disable PKI OU tests to fix the build" 
This reverts commit b1ab7c5603180af9073caab1b3022ca438dc12be.
 2017-01-24 09:58:28 -05:00
vishalnayak c8b6ab7223 Disable PKI OU tests to fix the build 2017-01-24 06:25:56 -05:00
joe miller 98df700495 allow roles to set OU value in certificates issued by the pki backend (#2251) 2017-01-23 12:44:45 -05:00
Chris Hoffman 7568a212b1 Adding support for exportable transit keys (#2133) 2017-01-23 11:04:43 -05:00
Vishal Nayak fa7d61baa3 Merge pull request #2202 from fcantournet/fix_govet_fatalf 
all: test: Fix govet warnings
 2017-01-17 16:45:35 -05:00
Matthew Irish cb8bbc4fbd Transit key actions (#2254) 
* add supports_* for transit key reads

* update transit docs with new supports_* fields
 2017-01-11 10:05:06 -06:00
joe miller 78dacc154a sign-verbatim should set use_csr_common_name to true (#2243) 2017-01-10 09:47:59 -05:00
Jeff Mitchell 80dc5819d3 Use dockertest.v2 (#2247) 
New dockertest has a totally different API and will require some serious
refactoring. This will tide over until then by pinning the API version.
 2017-01-09 13:46:54 -05:00
Félix Cantournet 103b7ceab2 all: test: Fix govet warnings 
Fix calls to t.Fatal() with formatting.
Fixed some calls to Fatalf() with wrong formatting
 2016-12-21 19:44:07 +01:00
vishalnayak 1816446f46 Address review feedback 2016-12-20 11:19:47 -05:00
vishalnayak b3e323bbcc pki: Avoiding a storage read 2016-12-20 11:07:20 -05:00
vishalnayak 2e23f1a992 pki: Appended error to error message 2016-12-19 10:49:32 -05:00
vishalnayak ba1cc709bd PKI: Added error to the error message 2016-12-19 10:47:29 -05:00
Jeff Mitchell bb54bd40f6 normalize some capitlization in error messages 2016-12-15 19:02:33 -05:00
Jeff Mitchell 6ee61af87f Fix nil value panic when Consul returns a user error (#2145) 2016-12-01 10:22:32 -08:00
vascop ba3dc07bb3 Fix typo and remove trailing whitespace. (#2074) 2016-11-08 09:32:23 -05:00
Jeff Mitchell 26fa2655b1 Add listing to Consul secret roles (#2065) 2016-11-04 12:35:16 -04:00
vishalnayak dc93e57cf1 Return the revocation_sql from role read all the time 2016-10-27 12:24:31 -04:00
vishalnayak e0fb8c17ce Added revocation_sql to the website docs 2016-10-27 12:15:08 -04:00
vishalnayak c14a6c8666 Move policy test to keysutil package 2016-10-26 19:57:28 -04:00
vishalnayak 6d1e1a3ba5 Pulled out transit's lock manager and policy structs into a helper 2016-10-26 19:52:31 -04:00
vishalnayak 931c96d1ba ssh: Use temporary file to store the identity file 2016-10-18 12:50:12 -04:00
Chris Hoffman 4b6e82afcb Add ability to list keys in transit backend (#1987) 2016-10-18 10:13:01 -04:00
Laura Bennett 5ce9737eb4 address feedback 2016-10-10 12:16:55 -04:00
Laura Bennett e5a7e3d6cb initial commit to fix empty consistency option issue 2016-10-08 20:22:26 -04:00
Jeff Mitchell 70a9fc47b4 Don't use quoted identifier for the username 2016-10-05 14:31:19 -04:00
Jeff Mitchell 7f9a88d8db Postgres revocation sql, beta mode (#1972) 2016-10-05 13:52:59 -04:00
vishalnayak de5dec6b15 Refactor mysql's revoke SQL 2016-10-04 19:30:25 -04:00