1841ef0ebf
Tested pathImageTag
2016-04-26 10:22:29 -04:00
80e3063334
Tested parseRoleTagValue
2016-04-26 10:22:29 -04:00
dab1a00313
Make client nonce optional even during first login, when disallow_reauthentication is set
2016-04-26 10:22:29 -04:00
e0cf8c5608
Rename 'name' to 'ami_id' for clarity
2016-04-26 10:22:29 -04:00
092feca996
Moved HMAC parsing inside parseRoleTagValue
2016-04-26 10:22:29 -04:00
ddfdf37d33
Properly handle empty client nonce case when disallow_reauthentication is set
2016-04-26 10:22:29 -04:00
b8d9b18193
Added disallow_reauthentication feature
2016-04-26 10:22:29 -04:00
a1d07cbff5
Remove todo and change clientNonce length limit to 128 chars
2016-04-26 10:22:28 -04:00
bb276d350a
Fix typo
2016-04-26 10:22:28 -04:00
a5aadc908d
Add environment and EC2 instance metadata role providers for AWS creds.
2016-04-26 10:22:28 -04:00
012f9273f7
Remove certificate verification
2016-04-26 10:22:28 -04:00
41cc7c4a15
Test path config/certificate
2016-04-26 10:22:28 -04:00
5ff8d0cf96
Add existence check verification to config/client testcase
2016-04-26 10:22:28 -04:00
3286194384
Testing pathImage
2016-04-26 10:22:28 -04:00
a8082a9a6e
allow_instance_reboot -> allow_instance_migration
2016-04-26 10:22:28 -04:00
075a81214e
Update image output to show allow_instance_reboot value and keep policies in a list
2016-04-26 10:22:28 -04:00
91433fedf2
Changed the blacklist URL pattern to optionally accept base64 encoded role tags
2016-04-26 10:22:28 -04:00
efcc07967e
Accept instance_id in the URL for whitelist endpoint
2016-04-26 10:22:28 -04:00
cf56895772
Switch around some logic to be more consistent/readable and respect max
...
TTL on initial token issuance.
2016-04-26 10:22:28 -04:00
338054d49e
Return un-expired entries from blacklist and whitelist
2016-04-26 10:22:28 -04:00
b6bd30b9fb
Test ConfigClient
2016-04-26 10:22:28 -04:00
d3adc85886
AWS EC2 instances authentication backend
2016-04-26 10:22:28 -04:00
fb07d07ad9
all: Cleanup from running go vet
2016-04-13 14:38:29 -05:00
d92b960f7a
Add list support to userpass users. Remove some unneeded existence
...
checks. Remove paths from requiring root.
Fixes #911
2016-04-09 18:28:55 -04:00
e3a1ee92b5
Utility Enhancements
2016-04-05 20:32:59 -04:00
95abdebb06
Added AcceptanceTest boolean to logical.TestCase
2016-04-05 15:10:44 -04:00
7df3ec46b0
Some fixups around error/warning in LDAP
2016-04-02 13:33:00 -04:00
40325b8042
If no group DN is configured, still look for policies on local users and
...
return a warning, rather than just trying to do an LDAP search on an
empty string.
2016-04-02 13:11:36 -04:00
7fd5a679ca
Fix potential error scoping issue.
...
Ping #1262
2016-03-30 19:48:23 -04:00
3cfcd4ddf1
Check for nil connection back from go-ldap, which apparently can happen even with no error
...
Ping #1262
2016-03-29 10:00:04 -04:00
17613f5fcf
Removing debugging comment
2016-03-24 09:48:13 -04:00
4c4a65ebd0
Properly check for policy equivalency during renewal.
...
This introduces a function that compares two string policy sets while
ignoring the presence of "default" (since it's added by core, not the
backend), and ensuring that ordering and/or duplication are not failure
conditions.
Fixes #1256
2016-03-24 09:41:51 -04:00
a8dd6aa4f1
Don't renew cert-based tokens if the policies have changed.
...
Also, add cert renewal testing.
Fixes #477
2016-03-17 14:22:24 -04:00
77e4ee76bb
Normalize userpass errors around bad user/pass
2016-03-16 15:19:55 -04:00
8a3f1ad13e
Use 400 instead of 500 for failing to provide a userpass password.
2016-03-16 15:14:28 -04:00
f9b1fc3aa0
Add comments to existence functions
2016-03-16 14:53:53 -04:00
1951159b25
Addessing review comments
2016-03-16 14:21:14 -04:00
239ad4ad7e
Refactor updating user values
2016-03-16 13:42:02 -04:00
533b136fe7
Reduce the visibility of setUser
2016-03-16 11:39:52 -04:00
2914ff7502
Use helper for existence check. Avoid panic by fetching default values for field data
2016-03-16 11:26:33 -04:00
1e889bc08c
Input validations and field renaming
2016-03-15 17:47:13 -04:00
a0958c9359
Refactor updating and creating userEntry into a helper function
2016-03-15 17:32:39 -04:00
acd545f1ed
Fetch and store UserEntry to properly handle both create and update
2016-03-15 17:05:23 -04:00
9609fe151b
Change path structure of password and policies endpoints in userpass
2016-03-15 16:46:12 -04:00
8be36b6925
Reuse the variable instead of fetching 'name' again
2016-03-15 16:21:47 -04:00
61b4cac458
Added paths to update policies and password
2016-03-15 16:12:55 -04:00
731bb97db5
Tests for updating password and policies in userpass backend
2016-03-15 16:09:23 -04:00
b7eb0a97e5
Userpass: Support updating policies and password
2016-03-15 15:18:21 -04:00
8aaf29b78d
Add forgotten test
2016-03-15 14:18:35 -04:00
8bf935bc2b
Add list support to certs in cert auth backend.
...
Fixes #1212
2016-03-15 14:07:40 -04:00
d648306d52
Add the ability to specify the app-id in the login path.
...
This makes it easier to use prefix revocation for tokens.
Ping #424
2016-03-14 16:24:01 -04:00
a6d8fc9d98
Merge pull request #1190 from grunzwei/master
...
fix github tests to use the provided GITHUB_ORG environment variable
2016-03-09 09:51:28 -05:00
ae469cc796
fix github tests to use the provided GITHUB_ORG environment variable
...
(tests fail for non hashicorp people)
2016-03-09 15:34:03 +02:00
5a17735dcb
Add subject/authority key id to cert metadata
2016-03-07 14:59:00 -05:00
4a3d3ef300
Use better error message on LDAP renew failure
2016-03-07 09:34:16 -05:00
44208455f6
continue if non-CA policy is not found
2016-03-01 16:43:51 -05:00
9a3ddc9696
Added ExtKeyUsageAny, changed big.Int comparison and fixed code flow
2016-03-01 16:37:01 -05:00
cc1592e27a
corrections, policy matching changes and test cert changes
2016-03-01 16:37:01 -05:00
09eef70853
Added testcase for cert writes
2016-03-01 16:37:01 -05:00
f056e8a5a5
supporting non-ca certs for verification
2016-03-01 16:37:01 -05:00
aee006ba2d
moved the test cert keys to appropriate test-fixtures folder
2016-02-29 15:49:08 -05:00
cf672400d6
fixed the error log message
2016-02-29 10:41:10 -05:00
dca18aec2e
replaced old certs, with new certs generated from PKI backend, containing IP SANs
2016-02-28 22:15:54 -05:00
6b6005ee2e
Remove root token requirement from GitHub configuration
2016-02-25 08:51:53 -05:00
69bcbb28aa
rename verify_cert as disable_binding and invert the logic
2016-02-24 21:01:21 -05:00
902c780f2b
make the verification of certs in renewal configurable
2016-02-24 16:42:20 -05:00
bc4710eb06
Cert: renewal enhancements
2016-02-24 14:31:38 -05:00
053bbd97ea
check CIDR block for renewal as well
2016-02-24 10:55:31 -05:00
978075a1b4
Added renewal capability to app-id backend
2016-02-24 10:40:15 -05:00
fab2d8687a
Remove root requirement for certs/ and crls/ in TLS auth backend.
...
Fixes #468
2016-02-21 15:33:33 -05:00
6df75231b8
Merge pull request #1100 from hashicorp/issue-1030
...
Properly escape filter values in LDAP filters
2016-02-19 14:56:40 -05:00
05b5ff69ed
Address some feedback on ldap escaping help text
2016-02-19 13:47:26 -05:00
d7b40b32db
Properly escape filter values.
...
Fixes #1030
2016-02-19 13:16:52 -05:00
c67871c36e
Update LDAP documentation with a note on escaping
2016-02-19 13:16:18 -05:00
d3f3122307
Add tests to ldap using the discover capability
2016-02-19 11:46:59 -05:00
154c326060
Add ldap tests that use a bind dn and bind password
2016-02-19 11:38:27 -05:00
0b44d81a16
Github renewal enhancement
2016-02-11 20:42:42 -05:00
61eec74b4e
Remove app-id renewal for the moment until verification logic is added
2016-01-31 19:12:20 -05:00
bf13d68372
Fix userpass acceptance tests by giving it a system view
2016-01-29 20:14:14 -05:00
d3a705f17b
Make backends much more consistent:
...
1) Use the new LeaseExtend
2) Use default values controlled by mount tuning/system defaults instead
of a random hard coded value
3) Remove grace periods
2016-01-29 20:03:37 -05:00
0db33274b7
discover bind dn with anonymous binds
2016-01-27 17:06:27 +01:00
4606cd1492
fix stupid c&p error
2016-01-26 16:15:25 +01:00
6a570345a0
add binddn/bindpath to search for the users bind DN
2016-01-26 15:56:41 +01:00
8fecccde21
Add STS path to AWS backend.
...
The new STS path allows for obtaining the same credentials that you would get
from the AWS "creds" path, except it will also provide a security token, and
will not have an annoyingly long propagation time before returning to the user.
2016-01-21 14:05:09 -05:00
f3ce90164f
WriteOperation -> UpdateOperation
2016-01-08 13:03:03 -05:00
5e72453b49
Use TypeDurationSecond instead of TypeString
2015-11-03 10:52:20 -05:00
154fc24777
Address first round of feedback from review
2015-11-03 10:52:20 -05:00
59cc61cc79
Add documentation for CRLs and some minor cleanup.
2015-11-03 10:52:20 -05:00
5d562693bd
Add tests for the crls path, and fix a couple bugs
2015-11-03 10:52:20 -05:00
b6b62f7dc1
Drastically simplify the method and logic; keep an in-memory cache and use that for most operations, only affecting the backend storage when needed.
2015-11-03 10:52:20 -05:00
c66f0918be
Add delete method, and ability to delete only one serial as well as an entire set.
2015-11-03 10:52:20 -05:00
be1a2266cc
Add CRLSets endpoints; write method is done. Add verification logic to
...
login path. Change certs "ttl" field to be a string to match common
backend behavior.
2015-11-03 10:52:19 -05:00
22c65c0c07
Use cleanhttp instead of bare http.Client
2015-10-22 14:37:12 -04:00
cba4e82682
Don't use http.DefaultClient
...
This strips out http.DefaultClient everywhere I could immediately find
it. Too many things use it and then modify it in incompatible ways.
Fixes #700 , I believe.
2015-10-15 17:54:00 -04:00
6f4e42efed
Add StaticSystemView to LDAP acceptance tests
2015-10-06 15:48:10 -04:00
a740c68eab
Added a test case. Removed setting of defaultTTL in config.
2015-10-03 15:36:57 -04:00
e3f04dc444
Added testcases for config writes
2015-10-02 22:10:51 -04:00
ea0aba8e47
Use SanitizeTTL in credential request path instead of config
2015-10-02 15:41:35 -04:00
3dd84446ab
Github backend: enable auth renewals
2015-10-02 13:33:19 -04:00
c3bdde8abe
Add a static system view to github credential backend to fix acceptance tests
2015-09-29 18:55:59 -07:00
vishalnayak