Jeff Mitchell
62f66dc4d8
Do some internal renaming in PKI
2016-06-22 11:39:57 -04:00
vishalnayak
5f5a81d8da
Fix broken build
2016-06-21 18:25:36 -04:00
vishalnayak
e97f81ecaa
Print role name in the error message
2016-06-21 17:53:33 -04:00
Vishal Nayak
d47fc4c4ad
Merge pull request #1515 from hashicorp/sql-config-reading
...
Allow reading of config in sql backends
2016-06-21 10:07:34 -04:00
Vishal Nayak
78d4d5c8c3
Merge pull request #1523 from hashicorp/bind-account-id-aws-ec2
...
Added bound_account_id to aws-ec2 auth backend
2016-06-21 10:03:20 -04:00
vishalnayak
f7a44a2643
Correct casing of abbreviations
2016-06-21 10:02:22 -04:00
vishalnayak
389581f47b
Added warnings when configuring connection info in sql backends
2016-06-21 09:58:57 -04:00
Vishal Nayak
711c05a319
Merge pull request #1546 from hashicorp/secret-aws-roles
...
Added list functionality to logical aws backend's roles
2016-06-20 20:10:24 -04:00
vishalnayak
1976c9e75b
Added test case for listing aws secret backend roles
2016-06-20 20:09:31 -04:00
vishalnayak
8b490e44a1
Added list functionality to logical aws backend's roles
2016-06-20 19:51:04 -04:00
Vishal Nayak
69d562c5db
Merge pull request #1514 from hashicorp/backend-return-objects
...
Backend() functions should return 'backend' objects.
2016-06-20 19:30:00 -04:00
Jeff Mitchell
2e7704ea7e
Add convergent encryption option to transit.
...
Fixes #1537
2016-06-20 13:17:48 -04:00
vishalnayak
383be815b6
aws-ec2: added a nil check for storedIdentity in login renewal
2016-06-20 10:19:57 -04:00
vishalnayak
dccfc413d4
Replace an 'if' block with 'switch'
2016-06-17 12:35:44 -04:00
vishalnayak
cf15354e44
Address review feedback
2016-06-17 10:11:39 -04:00
vishalnayak
8e03c1448b
Merge branch 'master-oss' into bind-account-id-aws-ec2
...
Conflicts:
builtin/credential/aws-ec2/backend_test.go
builtin/credential/aws-ec2/path_login.go
builtin/credential/aws-ec2/path_role.go
2016-06-14 14:46:08 -04:00
Ivan Fuyivara
74e84113db
fixing the test for the wrong IAM Role ARN
2016-06-14 18:17:41 +00:00
Ivan Fuyivara
0ffbef0ccd
added tests, nil validations and doccumentation
2016-06-14 16:58:50 +00:00
vishalnayak
26f7fcf6a1
Added bound_account_id to aws-ec2 auth backend
2016-06-14 11:58:19 -04:00
Ivan Fuyivara
2c5a8fb39f
fixing spaces
2016-06-14 14:57:46 +00:00
root
52a47e1c4f
adding IAM Role as constrain
2016-06-14 14:49:36 +00:00
Jeff Mitchell
e925987cb6
Add token accessor to wrap information if one exists
2016-06-13 23:58:17 +00:00
vishalnayak
b7eb28bb3a
Added bound_ami_id check
2016-06-13 08:56:39 -04:00
vishalnayak
1776ff449f
Allow reading of config in sql backends
2016-06-11 11:48:40 -04:00
vishalnayak
0760a89eb4
Backend() functions should return 'backend' objects.
...
If they return pointers to 'framework.Backend' objects, the receiver functions can't be tested.
2016-06-10 15:53:02 -04:00
vishalnayak
c6a27f2fa8
s/VAULT_GITHUB_AUTH_TOKEN/VAULT_AUTH_GITHUB_TOKEN
2016-06-09 14:00:56 -04:00
Jeff Mitchell
b82033516e
Merge pull request #1510 from hashicorp/fix-gh-renew-panic
...
Fix panic when renewing a github token from a previous version of Vault
2016-06-09 13:54:20 -04:00
Jeff Mitchell
7c65dc9bf1
xInt->xRaw
2016-06-09 13:54:04 -04:00
vishalnayak
308294db46
Added VAULT_GITHUB_AUTH_TOKEN env var to receive GitHub auth token
2016-06-09 13:45:56 -04:00
Jeff Mitchell
1715b3dcb8
Fix panic when renewing a github token from a previous version of Vault
2016-06-09 13:37:09 -04:00
Laura Bennett
5ccb4fe907
Merge pull request #1498 from hashicorp/pki-list
...
PKI List Functionality
2016-06-08 15:42:50 -04:00
vishalnayak
f9c3afcc21
Fix broken test
2016-06-08 13:00:19 -04:00
vishalnayak
6c4234eae6
Minor changes to the RabbitMQ acceptance tests
2016-06-08 12:50:43 -04:00
LLBennett
3795b65d19
Updates to the test based on feedback.
2016-06-08 16:49:10 +00:00
Laura Bennett
2f2a80e2be
Add PKI listing
2016-06-08 11:50:59 -04:00
Jeff Mitchell
94cd00f32a
Add an explicit default for TTLs for rabbit creds
2016-06-08 11:35:09 -04:00
Jeff Mitchell
86d697884b
Fix some typos in rmq text and structure
2016-06-08 11:31:57 -04:00
vishalnayak
1b7da070ae
Added pooled transport for rmq client. Added tests
2016-06-08 10:46:46 -04:00
Jeff Mitchell
95f3726f1c
Migrate to go-uuid
2016-06-08 10:36:16 -04:00
vishalnayak
5a3dd98d06
Polish the code
2016-06-08 10:25:03 -04:00
Vishal Nayak
ab543414f6
Merge pull request #788 from doubledutch/master
...
RabbitMQ Secret Backend
2016-06-08 10:02:24 -04:00
Jeff Mitchell
8f437d6142
Make logical.InmemStorage a wrapper around physical.InmemBackend.
...
This:
* Allows removing LockingInmemStorage since the physical backend already
locks properly
* Makes listing work properly by adhering to expected semantics of only
listing up to the next prefix separator
* Reduces duplicated code
2016-06-06 12:03:08 -04:00
Jeff Mitchell
50c011e79f
Use backend function instead of separate backend creation in consul
2016-06-03 10:08:58 -04:00
Jeff Mitchell
ca47478aed
Merge pull request #1479 from hashicorp/reuse-be-creation-tests
...
Change AWS/SSH to reuse backend creation code for test functions
2016-06-03 09:59:37 -04:00
vishalnayak
e9fbb9fabe
Remove failOnError method from cert tests
2016-06-01 16:01:28 -04:00
Jeff Mitchell
86d2c796b0
Change AWS/SSH to reuse backend creation code for test functions
2016-06-01 12:17:47 -04:00
Vishal Nayak
3c5fb471a4
Merge pull request #1445 from hashicorp/consul-fixups
...
Reading consul access configuration in the consul secret backend.
2016-06-01 12:11:12 -04:00
Vishal Nayak
3a460b9c4b
Merge pull request #1471 from hashicorp/rename-aws-auth
...
auth backend: rename `aws` as `aws-ec2`
2016-06-01 10:41:13 -04:00
vishalnayak
dbee3cd81b
Address review feedback
2016-06-01 10:36:58 -04:00
vishalnayak
4fea41f7e5
Use entry.Type as a criteria for upgrade
2016-06-01 10:30:11 -04:00
Jeff Mitchell
99c1e071f3
Remove most Root paths
2016-05-31 23:42:54 +00:00
vishalnayak
eefd9acbf0
Set config access test case as an acceptance test and make travis happy
2016-05-31 13:27:34 -04:00
vishalnayak
f64987a6cf
Add tests around writing and reading consul access configuration
2016-05-31 13:27:34 -04:00
Jeff Mitchell
036e7fa63e
Add reading to consul config, and some better error handling.
2016-05-31 13:27:34 -04:00
vishalnayak
a072f2807d
Rename aws as aws-ec2
2016-05-30 14:11:15 -04:00
vishalnayak
950c76c020
rename credential/aws as credential/aws-ec2
2016-05-30 14:11:15 -04:00
vishalnayak
30fa7f304b
Allow * to be set for allowed_users
2016-05-30 03:12:43 -04:00
vishalnayak
971b2cb7b7
Do not allow any username to login if allowed_users is not set
2016-05-30 03:01:47 -04:00
Jeff Mitchell
e01bce371d
Merge pull request #1462 from hashicorp/enable-auth-rollbacks
...
Re-enable rollback triggers for auth backends
2016-05-27 15:01:35 -04:00
Jeff Mitchell
39fe3200e3
Return nil for pre-0.5.3 Consul tokens to avoid pathological behavior
2016-05-27 13:09:52 -04:00
Jeff Mitchell
f035a320d0
Add test for renew/revoke to Consul secret backend
2016-05-27 11:27:53 -04:00
vishalnayak
1d94828e45
Re-enable rollback triggers for auth backends
2016-05-26 14:29:41 -04:00
Vishal Nayak
644ac5f5e8
Merge pull request #1456 from hashicorp/consul-lease-renewal
...
Fix the consul secret backends renewal revocation problem
2016-05-26 13:59:45 -04:00
vishalnayak
cfd337d06a
Fix broken cert backend test
2016-05-26 11:06:46 -04:00
Jeff Mitchell
05d1da0656
Add comment about the deletions
2016-05-26 10:33:35 -04:00
Jeff Mitchell
ccfa8d0567
Remove deprecated entries from PKI role output.
...
Fixes #1452
2016-05-26 10:32:04 -04:00
vishalnayak
c0e745dbfa
s/logical.ErrorResponse/fmt.Errorf in renewal functions of credential backends
2016-05-26 10:21:03 -04:00
vishalnayak
2ca846b401
s/logical.ErrorResponse/fmt.Errorf in revocation functions of secrets
2016-05-26 10:04:11 -04:00
vishalnayak
70b8530962
Fix the consul secret backends renewal revocation problem
2016-05-25 23:24:16 -04:00
Kevin Pike
cdfc6b46fd
Update and document rabbitmq test envvars
2016-05-20 23:28:02 -07:00
Kevin Pike
4eb20e4aa8
Merge remote-tracking branch 'origin/master' into rabbitmq
2016-05-20 23:27:22 -07:00
Kevin Pike
5783b02e36
Address feedback
2016-05-20 22:57:24 -07:00
Jeff Mitchell
8f592f3442
Don't use pointers to int64 in function calls when not necessary
2016-05-19 12:26:02 -04:00
Jeff Mitchell
a13807e759
Merge pull request #1318 from steve-jansen/aws-logical-assume-role
...
Add sts:AssumeRole support to the AWS secret backend
2016-05-19 12:17:27 -04:00
Jeff Mitchell
1bef0c3584
Merge pull request #1245 from LeonDaniel/master
...
Improved groups search for LDAP login
2016-05-19 12:13:29 -04:00
Jeff Mitchell
91b65a893e
Merge pull request #1430 from hashicorp/issue-1428
...
Use Consul API client's DefaultNonPooledTransport.
2016-05-17 20:59:50 -04:00
Jeff Mitchell
86e078ff98
Use Consul API client's DefaultNonPooledTransport.
...
What we should probably do is create a client with a mutex and
invalidate it when parameters change rather than creating a client over
and over...that can be a TODO for later but for now this fix suffices.
Fixes #1428
2016-05-18 00:47:42 +00:00
vishalnayak
65801942cb
Naming of the locked and nonLocked methods
2016-05-17 20:39:24 -04:00
Jeff Mitchell
ed574d63fe
Merge pull request #1416 from shomron/list_ldap_group_mappings
...
Support listing ldap group to policy mappings
2016-05-16 16:22:13 -04:00
Sean Chittenden
792950e16c
Merge pull request #1417 from hashicorp/b-pki-expire-ttl-unset
...
Set entry's TTL before writing out the storage entry's config
2016-05-15 10:02:03 -07:00
Sean Chittenden
7a4b31ce51
Speling police
2016-05-15 09:58:36 -07:00
Sean Chittenden
b0bba6d271
Store clamped TTLs back in the role's config
2016-05-15 08:13:56 -07:00
Sean Chittenden
539475714d
Set entry's TTL before writing out the storage entry's config
2016-05-15 07:06:33 -07:00
Oren Shomron
b8840ab9eb
Support listing ldap group to policy mappings ( Fixes #1270 )
2016-05-14 20:00:40 -04:00
Vishal Nayak
53fc941761
Merge pull request #1300 from hashicorp/aws-auth-backend
...
AWS EC2 instances authentication backend
2016-05-14 19:42:03 -04:00
vishalnayak
4122ed860b
Rename 'role_name' to 'role'
2016-05-13 14:31:13 -04:00
vishalnayak
9147f99c43
Remove unused param from checkForValidChain
2016-05-12 15:07:10 -04:00
vishalnayak
85d9523f98
Perform CRL checking for non-CA registered certs
2016-05-12 14:37:07 -04:00
vishalnayak
be88306f92
Name the files based on changed path patterns
2016-05-12 11:52:07 -04:00
vishalnayak
7e8a2d55d0
Update docs and path names to the new patterns
2016-05-12 11:45:10 -04:00
vishalnayak
ddcaf26396
Merge branch 'master-oss' into aws-auth-backend
2016-05-10 14:50:00 -04:00
vishalnayak
d09748a135
Fix the acceptance tests
2016-05-09 22:07:51 -04:00
vishalnayak
95f3f08d29
Call client config internal from the locking method
2016-05-09 21:01:57 -04:00
Jeff Mitchell
d899f9d411
Don't revoke CA certificates with leases.
2016-05-09 19:53:28 -04:00
Jeff Mitchell
4549625367
Update client code to use internal entry fetching
2016-05-09 23:26:00 +00:00
Jeff Mitchell
d77563994c
Merge pull request #1346 from hashicorp/disable-all-caches
...
Disable all caches
2016-05-07 16:33:45 -04:00
Steve Jansen
597d59962c
Adds sts:AssumeRole support to the AWS secret backend
...
Support use cases where you want to provision STS tokens
using Vault, but, you need to call AWS APIs that are blocked
for federated tokens. For example, STS federated tokens cannot
invoke IAM APIs, such as Terraform scripts containing
`aws_iam_*` resources.
2016-05-05 23:32:41 -04:00
Jeff Mitchell
c16b0a4f41
Switch whitelist to use longest max TTL
2016-05-05 20:44:48 -04:00
Jeff Mitchell
7a6c76289a
Role tag updates
2016-05-05 15:32:14 -04:00
Jeff Mitchell
b58ad615f2
Fix HMAC being overwritten. Also some documentation, and add a lock to role operations
2016-05-05 14:51:09 -04:00
Jeff Mitchell
0eddeb5c94
Guard tidy functions
2016-05-05 14:28:46 -04:00
Jeff Mitchell
2d4c390f87
More updates to mutexes and adjust blacklisted roletag default safety buffer
2016-05-05 14:12:22 -04:00
Jeff Mitchell
8fef6e3ac0
Rename identity whitelist and roletag blacklist api endpoints
2016-05-05 13:34:50 -04:00
Jeff Mitchell
c69ba40d05
Move some mutexes around
2016-05-05 12:53:27 -04:00
Jeff Mitchell
f689e4712d
Update some mutexes in client config
2016-05-05 12:44:40 -04:00
Jeff Mitchell
c15c227774
Fall back to non-base64 cert if it can't be decoded (it's checked later anyways)
2016-05-05 11:36:28 -04:00
Jeff Mitchell
25913fb18c
Update commenting
2016-05-05 11:22:36 -04:00
Jeff Mitchell
15cbcedf1f
Make the roletag blacklist the longest duration, not least
2016-05-05 11:00:41 -04:00
Jeff Mitchell
e45d6c1120
Switch client code to shared awsutil code
2016-05-05 10:40:49 -04:00
Jeff Mitchell
4600ca8073
Merge branch 'master-oss' into aws-auth-backend
2016-05-05 10:36:06 -04:00
Jeff Mitchell
b6b9cd6f1f
Merge remote-tracking branch 'origin/master' into aws-cred-chain
2016-05-05 10:31:12 -04:00
Jeff Mitchell
3e71221839
Merge remote-tracking branch 'origin/master' into aws-auth-backend
2016-05-05 10:04:52 -04:00
vishalnayak
92fe94546c
Split SanitizeTTL method to support time.Duration parameters as well
2016-05-05 09:45:48 -04:00
vishalnayak
4ede1d6f08
Add the steps to generate the CRL test's test-fixture files
2016-05-04 05:48:34 -04:00
vishalnayak
b7c48ba109
Change image/ to a more flexible /role endpoint
2016-05-03 23:36:59 -04:00
Jeff Mitchell
1b0df1d46f
Cleanups, add shared provider, ability to specify http client, and port S3 physical backend over
2016-05-03 17:01:02 -04:00
Jeff Mitchell
7fbe5d2eaa
Region is required so error in awsutil if not set and set if empty in client code in logical/aws
2016-05-03 15:25:11 -04:00
Jeff Mitchell
a244ef8a00
Refactor AWS credential code into a function that returns a static->env->instance chain
2016-05-03 15:10:35 -04:00
Jeff Mitchell
45a120f491
Switch our tri-copy ca loading code to go-rootcerts
2016-05-03 12:23:25 -04:00
Jeff Mitchell
f21b88802f
Add some more tests around deletion and fix upsert status returning
2016-05-03 00:19:18 -04:00
Jeff Mitchell
7e1bdbe924
Massively simplify lock handling based on feedback
2016-05-02 23:47:18 -04:00
Jeff Mitchell
7f3613cc6e
Remove some deferring
2016-05-02 22:36:44 -04:00
Jeff Mitchell
fa0d389a95
Change use-hint of lockAll and lockPolicy
2016-05-02 22:36:44 -04:00
Jeff Mitchell
49c56f05e8
Address review feedback
2016-05-02 22:36:44 -04:00
Jeff Mitchell
3e5391aa9c
Switch to lockManager
2016-05-02 22:36:44 -04:00
Jeff Mitchell
08b91b776d
Address feedback
2016-05-02 22:36:44 -04:00
Jeff Mitchell
fedc8711a7
Fix up commenting and some minor tidbits
2016-05-02 22:36:44 -04:00
Jeff Mitchell
fe1f56de40
Make a non-caching but still locking variant of transit for when caches are disabled
2016-05-02 22:36:44 -04:00
vishalnayak
9f2a111e85
Allow custom endpoint URLs to be supplied to make EC2 API calls
2016-05-02 17:21:52 -04:00
vishalnayak
57e8fcd8c2
Extend the expiry of test-fixture certs of Cert backend
2016-05-02 12:34:46 -04:00
Jeff Mitchell
3d1c88f315
Make GitHub org comparison case insensitive.
...
Fixes #1359
2016-05-02 00:18:31 -04:00
vishalnayak
1c91f652d4
Remove unnecessary append call
2016-04-30 03:20:21 -04:00
vishalnayak
fde768125c
Cert backend, CRL tests
2016-04-29 02:32:48 -04:00
vishalnayak
23d8ce62a3
Ensure that the instance is running during renewal
2016-04-28 16:34:35 -04:00
vishalnayak
2a2dc0befb
Added allow_instance_migration to the role tag
2016-04-28 11:43:48 -04:00
vishalnayak
4161d3ef4f
Change all time references to UTC
2016-04-28 10:19:29 -04:00
vishalnayak
e591632630
Fix the deadlock issue
2016-04-28 01:01:33 -04:00
vishalnayak
4712533f1d
minor updates
2016-04-28 00:35:49 -04:00
vishalnayak
e6a9a5957d
Refactor locks around config tidy endpoints
2016-04-27 22:32:43 -04:00
vishalnayak
b75a6e2f0f
Fix locking around config/client
2016-04-27 22:25:15 -04:00
vishalnayak
0e97b57beb
Fix the list response of role tags
2016-04-27 22:03:11 -04:00
vishalnayak
779d73ce2b
Removed existence check on blacklist/roletags, docs fixes
2016-04-27 21:29:32 -04:00
vishalnayak
d44326ded6
Remove unnecessary lock switching around flushCachedEC2Clients
2016-04-27 20:13:56 -04:00
vishalnayak
e1080f86ed
Remove recreate parameter from clientEC2
2016-04-27 20:01:39 -04:00
vishalnayak
441477f342
Added ami_id to token metadata
2016-04-27 11:32:05 -04:00
leon
b9c96bf7ce
- updated refactored functions in ldap backend to return error instead of ldap response and fixed interrupted search in ldap groups search func
2016-04-27 18:17:54 +03:00
leon
08be31e9ab
- refactored functionality in separate functions in ldap backend and used a separate ldap query to get ldap groups from userDN
2016-04-27 15:00:26 +03:00
vishalnayak
7144fd54f9
Added tests
2016-04-26 23:40:11 -04:00
vishalnayak
88942b0503
Added tests
2016-04-26 10:22:29 -04:00
vishalnayak
5a676a129e
Added tests
2016-04-26 10:22:29 -04:00