luxolus
/
open-vault
2
0
Fork 0
Code Issues 1 Pull Requests Releases Activity
5,873 Commits 1 Branch 0 Tags 214 MiB
Commit Graph

5873 Commits

Author SHA1 Message Date
Jeff Mitchell 5f18b1605a Two things: 
1) Ensure that if we fail to generate a lease for a secret we attempt to revoke it

2) Ensure that any lease that is registered should never have a blank token

In theory, number 2 will let us a) find places where this *is* the case, and b) if errors are encountered when revoking tokens due to a blank client token, it suggests that the client token values are being stripped somewhere along the way, which is also instructive.
 2017-05-03 12:17:09 -04:00
Jeff Mitchell 0553f7a8d1 change some logging output 2017-05-03 12:14:58 -04:00
Jeff Mitchell c9bd54ad65 Less scary debugging 2017-05-03 11:15:59 -04:00
vishalnayak dd898ed2e1 Added summary logs to help better understand the consequence 2017-05-03 10:54:07 -04:00
Calvin Leung Huang a00a7815f6 Include and use normalizeSerial func 2017-05-03 10:12:58 -04:00
Brian Kassouf dbb5b38e0d Add API docs 2017-05-03 02:13:07 -07:00
Brian Kassouf 63de72c10f Add custom plugins docs page 2017-05-03 00:01:28 -07:00
Brian Kassouf 50ac77be51 Update docs for the database backend and it's plugins 2017-05-02 22:24:31 -07:00
Brian Kassouf 7ae8f02f4b Only wrap in tracing middleware if the logger is set to trace level 2017-05-02 17:19:49 -07:00
Brian Kassouf b60ff2048d Update docs and add cassandra as a builtin plugin 2017-05-02 17:04:49 -07:00
Brian Kassouf 20994c1247 Fix wording in docs 2017-05-02 16:20:07 -07:00
Brian Kassouf fdf045b3bd Fix a few PR comments 2017-05-02 15:59:08 -07:00
vishalnayak 9f682eb9cd Test to check that leases with valid tokens are not being cleaned up 2017-05-02 18:12:03 -04:00
vishalnayak 850cda7861 Added test to check the atomicity of the lease tidy operation 2017-05-02 18:06:59 -04:00
vishalnayak 875658531b Do not duplicate log lines for invalid leases 2017-05-02 17:56:15 -04:00
Brian Kassouf f644c34c5b Remove unused TestCoreUnsealedWithListener function 2017-05-02 14:52:48 -07:00
Brian Kassouf 5e0c03415b Don't need to explictly set redirectAddrs 2017-05-02 14:44:14 -07:00
Brian Kassouf f37c2a8269 Merge remote-tracking branch 'oss/database-refactor' into database-refactor 2017-05-02 14:40:33 -07:00
Brian Kassouf 29d9b831d3 Update the api for serving plugins and provide a utility to pass TLS data for commuinicating with the vault process 2017-05-02 14:40:11 -07:00
vishalnayak 403fd62c61 Check if multiple leases with same invalid token is getting cleaned up 2017-05-02 17:15:26 -04:00
vishalnayak 5f70576715 Added steps to check if invalid token is properly cleaned up 2017-05-02 17:11:35 -04:00
vishalnayak 668595b902 Added a test for tidying of empty token 2017-05-02 16:54:03 -04:00
vishalnayak 68635e8a1c Skip checking the validity of an empty client token 2017-05-02 16:53:41 -04:00
Jeff Mitchell 712cacaf4d Add website skeleton 2017-05-02 16:26:32 -04:00
Calvin Leung Huang 2b7a66e23b Use variables for string replacements on cert_util 2017-05-02 14:11:57 -04:00
mhristof df325288ac fix format for secret/pki (#2668) 2017-05-02 07:52:55 -04:00
Brian Kassouf ca7ff89bcb Fix documentation 2017-05-02 02:22:06 -07:00
Brian Kassouf c8bbea9f37 Rename NewPluginServer to just Serve 2017-05-02 02:00:39 -07:00
Brian Kassouf f17c50108f Add plugins interal page to the sidebar: 2017-05-02 02:00:04 -07:00
Brian Kassouf a963097747 Add internals doc for plugins 2017-05-02 01:59:36 -07:00
Ben Gadbois 537342f038 Fixing printf (and similar) issues (#2666) 2017-05-01 23:34:10 -04:00
Brian Kassouf 98e111d4cd Prepend a 'v-' to the sql username strings 2017-05-01 15:45:17 -07:00
Brian Kassouf 0e70ba8dbc Add test for custiom mssql revoke statement 2017-05-01 15:43:21 -07:00
Brian Kassouf b3819c433b Don't store an error response as a package variable 2017-05-01 15:30:56 -07:00
Brian Kassouf 9a60ec9fda Update interface name from Wrapper to a more descriptive RunnerUtil 2017-05-01 14:59:55 -07:00
Seth Vargo 44e1c64cfd Add UI docs (#2664) 2017-05-01 17:36:37 -04:00
Marc Boudreau 5630b0ad4b Changing the ttl value in the Generate IAM with STS sample to a valid value (#2665) 2017-05-01 14:41:49 -04:00
Chris Hoffman e94c7ef3d1 changelog++ 2017-05-01 12:32:14 -04:00
Calvin Leung Huang 5076701bea Honor statements for RevokeUser on Cassandra backend, add method comments 2017-05-01 11:27:35 -04:00
Jeff Mitchell 0ed210c67f changelog++ 2017-05-01 10:42:41 -04:00
Justin Gerace 403efeb5ae Add globbing support to the PKI backend's allowed_domains list (#2517) 2017-05-01 10:40:18 -04:00
Jeff Mitchell 2b337083f3 changelog++ 2017-05-01 10:37:35 -04:00
vishalnayak 60add30b9d Merge branch 'oss' into sys-tidy-leases 2017-05-01 09:58:58 -04:00
vishalnayak 07e6d4336d changelog++ 2017-04-30 11:40:13 -04:00
Michael Ansel 30b71cbbac Add constraints on the Common Name for certificate-based authentication (#2595) 
* Refactor to consolidate constraints on the matching chain

* Add CN prefix/suffix constraint

* Maintain backwards compatibility (pick a random cert if multiple match)

* Vendor go-glob

* Replace cn_prefix/suffix with required_name/globbing

Move all the new tests to acceptance-capable tests instead of embedding in the CRL test

* Allow authenticating against a single cert

* Add new params to documentation

* Add CLI support for new param

* Refactor for style

* Support multiple (ORed) name patterns

* Rename required_names to allowed_names

* Update docs for parameter rename

* Use the new TypeCommaStringSlice
 2017-04-30 11:37:10 -04:00
Calvin Leung Huang 71d9de9083 Merge pull request #2660 from hashicorp/version-metadata 
Add version metadata
 2017-04-28 17:30:45 -04:00
Jeff Mitchell 9a72b3162f Flip back to sstarcher go-okta post-merge 2017-04-28 17:21:49 -04:00
Calvin Leung Huang b2ceaa3aa9 Add version metadata 2017-04-28 16:22:00 -04:00
Cameron Stokes 73867dab92 Add local flag to docs for API endpoints. (#2625) 2017-04-28 14:33:27 -04:00
Ryan Smith-Evans d0d448cfbe Added required header (#2656) 2017-04-28 08:56:14 -04:00