luxolus/open-vault
2
0
Fork 0
Code Issues 1 Pull requests Releases Activity
7138 commits 1 branch 0 tags 214 MiB
Commit graph

535 commits

Author SHA1 Message Date
vishalnayak dbd364453e aws-ec2 config endpoints support type option to distinguish certs 2016-10-03 20:25:07 -04:00
vishalnayak b105f8ccf3 Authenticate aws-ec2 instances using identity document and its RSA signature 2016-10-03 18:57:41 -04:00
Vishal Nayak 4c74b646fe Merge pull request #1947 from hashicorp/secret-id-lookup-delete 
Introduce lookup and destroy endpoints for secret IDs and its accessors
 2016-09-29 10:19:54 -04:00
vishalnayak 34e76f8b41 Added website docs for lookup and destroy APIs 2016-09-28 22:11:48 -04:00
vishalnayak d20819949c Make secret-id reading and deleting, a POST op instead of GET 2016-09-28 20:22:37 -04:00
Michael S. Fischer 2dd1f584e6 Update documentation for required AWS API permissions 
In order for Vault to map IAM instance profiles to roles, Vault
must query the 'iam:GetInstanceProfile' API, so update the documentation
and help to include the additional permissions needed.
 2016-09-28 16:50:20 -07:00
Jeff Mitchell f0203741ff Change default TTL from 30 to 32 to accommodate monthly operations (#1942) 2016-09-28 18:32:49 -04:00
Vishal Nayak 5adfaa0d7d Merge pull request #1939 from hashicorp/secret-id-upgrade 
Respond secret_id_num_uses and deprecate SecretIDNumUses
 2016-09-28 18:16:07 -04:00
vishalnayak e9142f418a Added todo to remind removal of upgrade code 2016-09-28 18:17:13 -04:00
vishalnayak e01f99f042 Check for prefix match instead of exact match for IAM bound parameters 2016-09-28 18:08:28 -04:00
vishalnayak 21d9731286 Don't reset the deprecated value yet 2016-09-28 15:48:50 -04:00
Vishal Nayak 4a30a6b4f8 Merge pull request #1913 from hashicorp/bound-iam-instance-profile-arn 
Proper naming for bound_iam_instance_profile_arn
 2016-09-28 15:34:56 -04:00
vishalnayak 31e450a175 Add some validation checks 2016-09-28 15:36:02 -04:00
vishalnayak 9eabf75f5f Fix the misplaced response warning 2016-09-28 14:20:03 -04:00
vishalnayak a2338f5970 Added testcase to check secret_id_num_uses 2016-09-28 13:58:53 -04:00
vishalnayak ba1d238f9b Pull out reading and storing of secret ID into separate functions and handle upgrade properly 2016-09-28 12:42:26 -04:00
Mikhail Zholobov 5eff59c410
Fix "SecretIDNumUses" in AppRole auth backend 
There was a typo.
 2016-09-27 17:26:52 +03:00
Vishal Nayak b1ee56a15b Merge pull request #1910 from hashicorp/secret-id-cidr-list 
CIDR restrictions on Secret ID
 2016-09-26 10:22:48 -04:00
Vishal Nayak a4b119dc25 Merge pull request #1920 from legal90/fix-approle-delete 
Fix panic on deleting the AppRole which doesn't exist
 2016-09-26 10:05:33 -04:00
Mikhail Zholobov 3f77013004
Fix panic on deleting the AppRole which doesn't exist 
#pathRoleDelete should return silently if the specified  AppRole doesn't exist
Fixes GH-1919
 2016-09-26 16:55:08 +03:00
vishalnayak da5b5d3a8e Address review feedback from @jefferai 2016-09-26 09:53:24 -04:00
vishalnayak d080107a87 Update docs to contain bound_iam_role_arn 2016-09-26 09:37:38 -04:00
vishalnayak bf0b7f218e Implemented bound_iam_role_arn constraint 2016-09-23 21:35:36 -04:00
Jeff Mitchell 6bf871995b Don't use time.Time in responses. (#1912) 
This fixes #1911 but not directly; it doesn't address the cause of the
panic. However, it turns out that this is the correct fix anyways,
because it ensures that the value being logged is RFC3339 format, which
is what the time turns into in JSON but not the normal time string
value, so what we audit log (and HMAC) matches what we are returning.
 2016-09-23 12:32:07 -04:00
vishalnayak e0c41f02c8 Fix incorrect naming of bound_iam_instance_profile_arn 2016-09-23 11:22:23 -04:00
vishalnayak aaadd4ad97 Store the CIDR list in the secret ID storage entry. 
Use the stored information to validate the source address and credential issue time.
Correct the logic used to verify BoundCIDRList on the role.
Reverify the subset requirements between secret ID and role during credential issue time.
 2016-09-21 20:19:26 -04:00
vishalnayak 578b82acf5 Pass only valid inputs to validation methods 2016-09-21 15:44:54 -04:00
vishalnayak 93604e1e2e Added cidrutil helper 2016-09-21 13:58:32 -04:00
Vishal Nayak 97dc0e9f64 Merge pull request #1897 from hashicorp/secret-id-accessor-locks 
Safely manipulate secret id accessors
 2016-09-19 11:37:38 -04:00
vishalnayak fefd3a6c0b s/GetOctalFormatted/GetHexFormatted 2016-09-16 17:47:15 -04:00
vishalnayak ba72e7887a Safely manipulate secret id accessors 2016-09-15 18:13:50 -04:00
Vishal Nayak 61664bc653 Merge pull request #1886 from hashicorp/approle-upgrade-notes 
upgrade notes entry for approle constraint and warning on role read
 2016-09-15 12:14:01 -04:00
vishalnayak 5597156886 check for nil role 2016-09-15 12:10:40 -04:00
vishalnayak 92986bb2a0 Address review feedback 2016-09-15 11:41:52 -04:00
vishalnayak a1de742dce s/disableReauthenticationNonce/reauthentication-disabled-nonce 2016-09-15 11:29:02 -04:00
vishalnayak 9bca127631 Updated docs with nonce usage 2016-09-14 19:31:09 -04:00
vishalnayak 857f921d76 Added comment 2016-09-14 18:27:35 -04:00
vishalnayak 39796e8801 Disable reauthentication if nonce is explicitly set to empty 2016-09-14 17:58:00 -04:00
vishalnayak d0e4d77fce address review feedback 2016-09-14 14:28:02 -04:00
vishalnayak d7ce69c5eb Remove the client nonce being empty check 2016-09-14 14:28:02 -04:00
vishalnayak 53c919b1d0 Generate the nonce by default 2016-09-14 14:28:02 -04:00
vishalnayak 455a4ae055 address review feedback 2016-09-14 12:08:35 -04:00
vishalnayak b1392567d1 Use constant time comparisons for client nonce 2016-09-13 20:12:43 -04:00
vishalnayak d2e66014ba Address review feedback 2016-09-13 18:30:04 -04:00
Jeff Mitchell 29b67141eb Only use running state for checking if instance is alive. (#1885) 
Fixes #1884
 2016-09-13 18:08:05 -04:00
vishalnayak 99a2655d8e upgrade notes entry for approle constraint and warning on role read 2016-09-13 17:44:07 -04:00
vishalnayak bef9c2ee61 Ensure at least one constraint on the role 2016-09-13 16:03:15 -04:00
vishalnayak cdcfa4572f Address review feedback 2016-08-30 16:36:58 -04:00
vishalnayak 29b9295673 approle: fix racy updates problem for roles 2016-08-30 16:11:14 -04:00
Jeff Mitchell d1284944c3 Merge pull request #1755 from hashicorp/logxi 
Convert to logxi
 2016-08-21 19:28:18 -04:00
Jeff Mitchell 58b32e5432 Convert to logxi 2016-08-21 18:13:37 -04:00
vishalnayak 524ed6db37 Extract out common code 2016-08-21 15:46:11 -04:00
vishalnayak dfe73733d5 Seperate endpoints for read/delete using secret-id and accessor 2016-08-21 14:42:49 -04:00
Jeff Mitchell 2860dcc60f gofmt 2016-08-19 16:48:32 -04:00
vishalnayak 7ce631f1dc Pretty print the warning 2016-08-18 16:09:10 -04:00
vishalnayak 870ffd6fd8 Use shortestTTL value during renewals too 2016-08-18 15:43:58 -04:00
vishalnayak 4f1c47478e When TTL is not set, consider the system default TTL as well 2016-08-18 15:37:59 -04:00
vishalnayak 56b8c33c95 aws-ec2: se max_ttl when ttl is not set, during login 2016-08-18 15:16:32 -04:00
vishalnayak b150c14caa Address review feedback by @jefferai 2016-08-09 17:45:42 -04:00
vishalnayak 8d261b1a78 Added ttl field to aws-ec2 auth backend role 2016-08-09 17:29:45 -04:00
Jeff Mitchell 1f198e9256 Return warning about ACLing the LDAP configuration endpoint. 
Fixes #1263
 2016-08-08 10:18:36 -04:00
Jeff Mitchell 9e204bd88c Add arbitrary string slice parsing. 
Like the KV function, this supports either separated strings or JSON
strings, base64-encoded or not.

Fixes #1619 in theory.
 2016-08-03 14:24:16 -04:00
Jeff Mitchell c025b292b5 Cleanup 2016-08-03 13:09:12 -04:00
vishalnayak a6907769b0 AppRole authentication backend 2016-07-26 09:32:41 -04:00
Jeff Mitchell 0cfb112e87 Explicitly set invalid request status when a password isn't included 2016-07-25 11:14:15 -04:00
Jeff Mitchell dc4b85b55e Don't return 500 for user error in userpass when setting password 2016-07-25 11:09:46 -04:00
Jeff Mitchell d4c3e27c4e Fix re-specification of filter 2016-07-25 09:08:29 -04:00
Oren Shomron cd6d114e42 LDAP Auth Backend Overhaul 
--------------------------

Added new configuration option to ldap auth backend - groupfilter.
GroupFilter accepts a Go template which will be used in conjunction with
GroupDN for finding the groups a user is a member of. The template will
be provided with context consisting of UserDN and Username.

Simplified group membership lookup significantly to support multiple use-cases:
  * Enumerating groups via memberOf attribute on user object
  * Previous default behavior of querying groups based on member/memberUid/uniqueMember attributes
  * Custom queries to support nested groups in AD via LDAP_MATCHING_RULE_IN_CHAIN matchind rule

There is now a new configuration option - groupattr - which specifies
how to resolve group membership from the objects returned by the primary groupfilter query.

Additional changes:
  * Clarify documentation for LDAP auth backend.
  * Reworked how default values are set, added tests
  * Removed Dial from LDAP config read. Network should not affect configuration.
 2016-07-22 21:20:05 -04:00
Jeff Mitchell 68dcf677fa Fix panic if no certificates are supplied by client 
Fixes #1637
 2016-07-21 10:20:41 -04:00
Jeff Mitchell b353e44209 Fix build 2016-07-21 09:53:41 -04:00
Jeff Mitchell d335038b40 Ensure we never return a nil set of trusted CA certs 
Fixes #1637
 2016-07-21 09:50:31 -04:00
vishalnayak c14235b206 Merge branch 'master-oss' into json-use-number 
Conflicts:
	http/handler.go
	logical/framework/field_data.go
	logical/framework/wal.go
	vault/logical_passthrough.go
 2016-07-15 19:21:55 -04:00
Vishal Nayak cdf58da43b Merge pull request #1610 from hashicorp/min-tls-ver-12 
Set minimum TLS version in all tls.Config objects
 2016-07-13 10:53:14 -06:00
vishalnayak 09a4142fd3 Handled upgrade path for TLSMinVersion 2016-07-13 12:42:51 -04:00
vishalnayak de19314f18 Address review feedback 2016-07-13 11:52:26 -04:00
vishalnayak 407722a9b4 Added tls_min_version to consul storage backend 2016-07-12 20:10:54 -04:00
vishalnayak f34f0ef503 Make 'tls_min_version' configurable 2016-07-12 19:32:47 -04:00
vishalnayak 46d34130ac Set minimum TLS version in all tls.Config objects 2016-07-12 17:06:28 -04:00
vishalnayak e09b40e155 Remove Unix() invocations on 'time.Time' objects and removed conversion of time to UTC 2016-07-08 18:30:18 -04:00
vishalnayak ad7cb2c8f1 Added JSON Decode and Encode helpers. 
Changed all the occurances of Unmarshal to use the helpers.
Fixed http/ package tests.
 2016-07-06 12:25:40 -04:00
Jeff Mitchell 51cd67115c Run appid/cert auth tests always 2016-07-01 14:06:33 -04:00
Jeff Mitchell 5d707c41ff Always run userpass acceptance tests 2016-07-01 11:37:38 -04:00
Jeff Mitchell 3e515c5885 Fix up breakage from bumping deps 2016-06-30 14:31:41 -04:00
vishalnayak 5f5a81d8da Fix broken build 2016-06-21 18:25:36 -04:00
vishalnayak e97f81ecaa Print role name in the error message 2016-06-21 17:53:33 -04:00
Vishal Nayak 78d4d5c8c3 Merge pull request #1523 from hashicorp/bind-account-id-aws-ec2 
Added bound_account_id to aws-ec2 auth backend
 2016-06-21 10:03:20 -04:00
vishalnayak f7a44a2643 Correct casing of abbreviations 2016-06-21 10:02:22 -04:00
Vishal Nayak 69d562c5db Merge pull request #1514 from hashicorp/backend-return-objects 
Backend() functions should return 'backend' objects.
 2016-06-20 19:30:00 -04:00
vishalnayak 383be815b6 aws-ec2: added a nil check for storedIdentity in login renewal 2016-06-20 10:19:57 -04:00
vishalnayak dccfc413d4 Replace an 'if' block with 'switch' 2016-06-17 12:35:44 -04:00
vishalnayak 8e03c1448b Merge branch 'master-oss' into bind-account-id-aws-ec2 
Conflicts:
	builtin/credential/aws-ec2/backend_test.go
	builtin/credential/aws-ec2/path_login.go
	builtin/credential/aws-ec2/path_role.go
 2016-06-14 14:46:08 -04:00
Ivan Fuyivara 74e84113db fixing the test for the wrong IAM Role ARN 2016-06-14 18:17:41 +00:00
Ivan Fuyivara 0ffbef0ccd added tests, nil validations and doccumentation 2016-06-14 16:58:50 +00:00
vishalnayak 26f7fcf6a1 Added bound_account_id to aws-ec2 auth backend 2016-06-14 11:58:19 -04:00
Ivan Fuyivara 2c5a8fb39f fixing spaces 2016-06-14 14:57:46 +00:00
root 52a47e1c4f adding IAM Role as constrain 2016-06-14 14:49:36 +00:00
vishalnayak b7eb28bb3a Added bound_ami_id check 2016-06-13 08:56:39 -04:00
vishalnayak 0760a89eb4 Backend() functions should return 'backend' objects. 
If they return pointers to 'framework.Backend' objects, the receiver functions can't be tested.
 2016-06-10 15:53:02 -04:00
vishalnayak c6a27f2fa8 s/VAULT_GITHUB_AUTH_TOKEN/VAULT_AUTH_GITHUB_TOKEN 2016-06-09 14:00:56 -04:00
Jeff Mitchell b82033516e Merge pull request #1510 from hashicorp/fix-gh-renew-panic 
Fix panic when renewing a github token from a previous version of Vault
 2016-06-09 13:54:20 -04:00
Jeff Mitchell 7c65dc9bf1 xInt->xRaw 2016-06-09 13:54:04 -04:00
vishalnayak 308294db46 Added VAULT_GITHUB_AUTH_TOKEN env var to receive GitHub auth token 2016-06-09 13:45:56 -04:00
Jeff Mitchell 1715b3dcb8 Fix panic when renewing a github token from a previous version of Vault 2016-06-09 13:37:09 -04:00
Jeff Mitchell ca47478aed Merge pull request #1479 from hashicorp/reuse-be-creation-tests 
Change AWS/SSH to reuse backend creation code for test functions
 2016-06-03 09:59:37 -04:00
vishalnayak e9fbb9fabe Remove failOnError method from cert tests 2016-06-01 16:01:28 -04:00
Jeff Mitchell 86d2c796b0 Change AWS/SSH to reuse backend creation code for test functions 2016-06-01 12:17:47 -04:00
Vishal Nayak 3a460b9c4b Merge pull request #1471 from hashicorp/rename-aws-auth 
auth backend: rename `aws` as `aws-ec2`
 2016-06-01 10:41:13 -04:00
vishalnayak dbee3cd81b Address review feedback 2016-06-01 10:36:58 -04:00
vishalnayak 4fea41f7e5 Use entry.Type as a criteria for upgrade 2016-06-01 10:30:11 -04:00
Jeff Mitchell 99c1e071f3 Remove most Root paths 2016-05-31 23:42:54 +00:00
vishalnayak a072f2807d Rename aws as aws-ec2 2016-05-30 14:11:15 -04:00
vishalnayak 950c76c020 rename credential/aws as credential/aws-ec2 2016-05-30 14:11:15 -04:00
vishalnayak 1d94828e45 Re-enable rollback triggers for auth backends 2016-05-26 14:29:41 -04:00
vishalnayak cfd337d06a Fix broken cert backend test 2016-05-26 11:06:46 -04:00
vishalnayak c0e745dbfa s/logical.ErrorResponse/fmt.Errorf in renewal functions of credential backends 2016-05-26 10:21:03 -04:00
Jeff Mitchell 1bef0c3584 Merge pull request #1245 from LeonDaniel/master 
Improved groups search for LDAP login
 2016-05-19 12:13:29 -04:00
vishalnayak 65801942cb Naming of the locked and nonLocked methods 2016-05-17 20:39:24 -04:00
Jeff Mitchell ed574d63fe Merge pull request #1416 from shomron/list_ldap_group_mappings 
Support listing ldap group to policy mappings
 2016-05-16 16:22:13 -04:00
Sean Chittenden 7a4b31ce51
Speling police 2016-05-15 09:58:36 -07:00
Oren Shomron b8840ab9eb Support listing ldap group to policy mappings (Fixes #1270) 2016-05-14 20:00:40 -04:00
Vishal Nayak 53fc941761 Merge pull request #1300 from hashicorp/aws-auth-backend 
AWS EC2 instances authentication backend
 2016-05-14 19:42:03 -04:00
vishalnayak 4122ed860b Rename 'role_name' to 'role' 2016-05-13 14:31:13 -04:00
vishalnayak 9147f99c43 Remove unused param from checkForValidChain 2016-05-12 15:07:10 -04:00
vishalnayak 85d9523f98 Perform CRL checking for non-CA registered certs 2016-05-12 14:37:07 -04:00
vishalnayak be88306f92 Name the files based on changed path patterns 2016-05-12 11:52:07 -04:00
vishalnayak 7e8a2d55d0 Update docs and path names to the new patterns 2016-05-12 11:45:10 -04:00
vishalnayak d09748a135 Fix the acceptance tests 2016-05-09 22:07:51 -04:00
vishalnayak 95f3f08d29 Call client config internal from the locking method 2016-05-09 21:01:57 -04:00
Jeff Mitchell 4549625367 Update client code to use internal entry fetching 2016-05-09 23:26:00 +00:00
Jeff Mitchell c16b0a4f41 Switch whitelist to use longest max TTL 2016-05-05 20:44:48 -04:00
Jeff Mitchell 7a6c76289a Role tag updates 2016-05-05 15:32:14 -04:00
Jeff Mitchell b58ad615f2 Fix HMAC being overwritten. Also some documentation, and add a lock to role operations 2016-05-05 14:51:09 -04:00
Jeff Mitchell 0eddeb5c94 Guard tidy functions 2016-05-05 14:28:46 -04:00
Jeff Mitchell 2d4c390f87 More updates to mutexes and adjust blacklisted roletag default safety buffer 2016-05-05 14:12:22 -04:00
Jeff Mitchell 8fef6e3ac0 Rename identity whitelist and roletag blacklist api endpoints 2016-05-05 13:34:50 -04:00
Jeff Mitchell c69ba40d05 Move some mutexes around 2016-05-05 12:53:27 -04:00
Jeff Mitchell f689e4712d Update some mutexes in client config 2016-05-05 12:44:40 -04:00
Jeff Mitchell c15c227774 Fall back to non-base64 cert if it can't be decoded (it's checked later anyways) 2016-05-05 11:36:28 -04:00
Jeff Mitchell 25913fb18c Update commenting 2016-05-05 11:22:36 -04:00
Jeff Mitchell 15cbcedf1f Make the roletag blacklist the longest duration, not least 2016-05-05 11:00:41 -04:00
Jeff Mitchell e45d6c1120 Switch client code to shared awsutil code 2016-05-05 10:40:49 -04:00
Jeff Mitchell 3e71221839 Merge remote-tracking branch 'origin/master' into aws-auth-backend 2016-05-05 10:04:52 -04:00
vishalnayak 92fe94546c Split SanitizeTTL method to support time.Duration parameters as well 2016-05-05 09:45:48 -04:00
vishalnayak 4ede1d6f08 Add the steps to generate the CRL test's test-fixture files 2016-05-04 05:48:34 -04:00
vishalnayak b7c48ba109 Change image/ to a more flexible /role endpoint 2016-05-03 23:36:59 -04:00
Jeff Mitchell 45a120f491 Switch our tri-copy ca loading code to go-rootcerts 2016-05-03 12:23:25 -04:00
vishalnayak 9f2a111e85 Allow custom endpoint URLs to be supplied to make EC2 API calls 2016-05-02 17:21:52 -04:00
vishalnayak 57e8fcd8c2 Extend the expiry of test-fixture certs of Cert backend 2016-05-02 12:34:46 -04:00
Jeff Mitchell 3d1c88f315 Make GitHub org comparison case insensitive. 
Fixes #1359
 2016-05-02 00:18:31 -04:00
vishalnayak 1c91f652d4 Remove unnecessary append call 2016-04-30 03:20:21 -04:00
vishalnayak fde768125c Cert backend, CRL tests 2016-04-29 02:32:48 -04:00
vishalnayak 23d8ce62a3 Ensure that the instance is running during renewal 2016-04-28 16:34:35 -04:00
vishalnayak 2a2dc0befb Added allow_instance_migration to the role tag 2016-04-28 11:43:48 -04:00
vishalnayak 4161d3ef4f Change all time references to UTC 2016-04-28 10:19:29 -04:00
vishalnayak e591632630 Fix the deadlock issue 2016-04-28 01:01:33 -04:00
vishalnayak 4712533f1d minor updates 2016-04-28 00:35:49 -04:00
vishalnayak e6a9a5957d Refactor locks around config tidy endpoints 2016-04-27 22:32:43 -04:00
vishalnayak b75a6e2f0f Fix locking around config/client 2016-04-27 22:25:15 -04:00
vishalnayak 0e97b57beb Fix the list response of role tags 2016-04-27 22:03:11 -04:00
vishalnayak 779d73ce2b Removed existence check on blacklist/roletags, docs fixes 2016-04-27 21:29:32 -04:00
vishalnayak d44326ded6 Remove unnecessary lock switching around flushCachedEC2Clients 2016-04-27 20:13:56 -04:00
vishalnayak e1080f86ed Remove recreate parameter from clientEC2 2016-04-27 20:01:39 -04:00
vishalnayak 441477f342 Added ami_id to token metadata 2016-04-27 11:32:05 -04:00
leon b9c96bf7ce - updated refactored functions in ldap backend to return error instead of ldap response and fixed interrupted search in ldap groups search func 2016-04-27 18:17:54 +03:00
leon 08be31e9ab - refactored functionality in separate functions in ldap backend and used a separate ldap query to get ldap groups from userDN 2016-04-27 15:00:26 +03:00
vishalnayak 7144fd54f9 Added tests 2016-04-26 23:40:11 -04:00
vishalnayak 88942b0503 Added tests 2016-04-26 10:22:29 -04:00
vishalnayak 5a676a129e Added tests 2016-04-26 10:22:29 -04:00
vishalnayak e16f256b14 Added tests 2016-04-26 10:22:29 -04:00
vishalnayak 3a4021d6c4 Added tests 2016-04-26 10:22:29 -04:00
vishalnayak de1a1be564 tidy endpoint fixes 2016-04-26 10:22:29 -04:00
vishalnayak 044d01fd69 HMAC Key per AMI ID and avoided secondary call to AWS to fetch the tags 2016-04-26 10:22:29 -04:00
vishalnayak 5996c3e9d8 Rework and refactoring 2016-04-26 10:22:29 -04:00
vishalnayak 3aeae62c00 Added mutex locking for config/certificate endpoint 2016-04-26 10:22:29 -04:00
vishalnayak 21854776af Added cooldown period for periodic tidying operation 2016-04-26 10:22:29 -04:00
vishalnayak 9aa8fb6cc1 Support periodic tidy callback and config endpoints. 2016-04-26 10:22:29 -04:00
vishalnayak 2810196e0f Use fullsailor/pkcs7 package instead of its fork. Fix tests 2016-04-26 10:22:29 -04:00
vishalnayak 5a2e1340df Removed redundant AWS public certificate. Docs update. 2016-04-26 10:22:29 -04:00
vishalnayak a456f2c3f6 Removed region parameter from config/client endpoint. 
Region to create ec2 client objects is fetched from the identity document.
Maintaining a map of cached clients indexed by region.
 2016-04-26 10:22:29 -04:00
vishalnayak 790b143c75 Instance ID can optionally be accepted as a the role tag parameter. 2016-04-26 10:22:29 -04:00
vishalnayak 58c485f519 Support providing multiple certificates. 
Append all the certificates to the PKCS#7 parser during signature verification.
 2016-04-26 10:22:29 -04:00
vishalnayak 9d4a7c5901 Docs update 2016-04-26 10:22:29 -04:00
vishalnayak ba9c86c92d Added acceptance test for login endpoint 2016-04-26 10:22:29 -04:00
vishalnayak c2c1a5eedc Added test case TestBackend_PathBlacklistRoleTag 2016-04-26 10:22:29 -04:00
vishalnayak 85c9176cb4 Return 4xx error at appropriate places 2016-04-26 10:22:29 -04:00
vishalnayak 1841ef0ebf Tested pathImageTag 2016-04-26 10:22:29 -04:00
vishalnayak 80e3063334 Tested parseRoleTagValue 2016-04-26 10:22:29 -04:00
vishalnayak dab1a00313 Make client nonce optional even during first login, when disallow_reauthentication is set 2016-04-26 10:22:29 -04:00
vishalnayak e0cf8c5608 Rename 'name' to 'ami_id' for clarity 2016-04-26 10:22:29 -04:00
vishalnayak 092feca996 Moved HMAC parsing inside parseRoleTagValue 2016-04-26 10:22:29 -04:00
vishalnayak ddfdf37d33 Properly handle empty client nonce case when disallow_reauthentication is set 2016-04-26 10:22:29 -04:00
vishalnayak b8d9b18193 Added disallow_reauthentication feature 2016-04-26 10:22:29 -04:00
vishalnayak a1d07cbff5 Remove todo and change clientNonce length limit to 128 chars 2016-04-26 10:22:28 -04:00
Jeff Mitchell bb276d350a Fix typo 2016-04-26 10:22:28 -04:00
Jeff Mitchell a5aadc908d Add environment and EC2 instance metadata role providers for AWS creds. 2016-04-26 10:22:28 -04:00
vishalnayak 012f9273f7 Remove certificate verification 2016-04-26 10:22:28 -04:00
vishalnayak 41cc7c4a15 Test path config/certificate 2016-04-26 10:22:28 -04:00
vishalnayak 5ff8d0cf96 Add existence check verification to config/client testcase 2016-04-26 10:22:28 -04:00
vishalnayak 3286194384 Testing pathImage 2016-04-26 10:22:28 -04:00
Jeff Mitchell a8082a9a6e allow_instance_reboot -> allow_instance_migration 2016-04-26 10:22:28 -04:00