Anton Averchenkov
c61052ef29
openapi: Add display attributes for SSH plugin ( #19543 )
2023-04-10 14:18:00 -04:00
Hamid Ghaf
27bb03bbc0
adding copyright header ( #19555 )
...
* adding copyright header
* fix fmt and a test
2023-03-15 09:00:52 -07:00
Alexander Scheel
881ae5a303
Remove dynamic keys from SSH Secrets Engine ( #18874 )
...
* Remove dynamic keys from SSH Secrets Engine
This removes the functionality of Vault creating keys and adding them to
the authorized keys file on hosts.
This functionality has been deprecated since Vault version 0.7.2.
The preferred alternative is to use the SSH CA method, which also allows
key generation but places limits on TTL and doesn't require Vault reach
out to provision each key on the specified host, making it much more
secure.
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
* Remove dynamic ssh references from documentation
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
* Add changelog entry
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
* Remove dynamic key secret type entirely
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
* Clarify changelog language
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
* Add removal notice to the website
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
---------
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2023-01-31 16:02:22 -05:00
Lars Lehtonen
d8f7dd364a
builtin: deprecate errwrap.Wrapf() throughout ( #11430 )
...
* audit: deprecate errwrap.Wrapf()
* builtin/audit/file: deprecate errwrap.Wrapf()
* builtin/crediential/app-id: deprecate errwrap.Wrapf()
* builtin/credential/approle: deprecate errwrap.Wrapf()
* builtin/credential/aws: deprecate errwrap.Wrapf()
* builtin/credentials/token: deprecate errwrap.Wrapf()
* builtin/credential/github: deprecate errwrap.Wrapf()
* builtin/credential/cert: deprecate errwrap.Wrapf()
* builtin/logical/transit: deprecate errwrap.Wrapf()
* builtin/logical/totp: deprecate errwrap.Wrapf()
* builtin/logical/ssh: deprecate errwrap.Wrapf()
* builtin/logical/rabbitmq: deprecate errwrap.Wrapf()
* builtin/logical/postgresql: deprecate errwrap.Wrapf()
* builtin/logical/pki: deprecate errwrap.Wrapf()
* builtin/logical/nomad: deprecate errwrap.Wrapf()
* builtin/logical/mssql: deprecate errwrap.Wrapf()
* builtin/logical/database: deprecate errwrap.Wrapf()
* builtin/logical/consul: deprecate errwrap.Wrapf()
* builtin/logical/cassandra: deprecate errwrap.Wrapf()
* builtin/logical/aws: deprecate errwrap.Wrapf()
2021-04-22 11:20:59 -04:00
Brian Kassouf
303c2aee7c
Run a more strict formatter over the code ( #11312 )
...
* Update tooling
* Run gofumpt
* go mod vendor
2021-04-08 09:43:39 -07:00
Anthony Dong
d4267b4250
ssh backend: support at character in role name ( #8038 )
2020-01-21 11:46:29 +01:00
Jeff Mitchell
9ebc57581d
Switch to go modules ( #6585 )
...
* Switch to go modules
* Make fmt
2019-04-13 03:44:06 -04:00
Jeff Mitchell
8bcb533a1b
Create sdk/ and api/ submodules ( #6583 )
2019-04-12 17:54:35 -04:00
Jim Kalafut
d0e2badbae
Run goimports across the repository ( #6010 )
...
The result will still pass gofmtcheck and won't trigger additional
changes if someone isn't using goimports, but it will avoid the
piecemeal imports changes we've been seeing.
2019-01-08 16:48:57 -08:00
Vishal Nayak
28e3eb9e2c
Errwrap everywhere ( #4252 )
...
* package api
* package builtin/credential
* package builtin/logical
* package command
* package helper
* package http and logical
* package physical
* package shamir
* package vault
* package vault
* address feedback
* more fixes
2018-04-05 11:49:21 -04:00
Brian Kassouf
9dba3590ac
Add context to the NewSalt function ( #4102 )
2018-03-08 11:21:11 -08:00
Brian Kassouf
2f19de0305
Add context to storage backends and wire it through a lot of places ( #3817 )
2018-01-19 01:44:44 -05:00
Brian Kassouf
1c190d4bda
Pass context to backends ( #3750 )
...
* Start work on passing context to backends
* More work on passing context
* Unindent logical system
* Unindent token store
* Unindent passthrough
* Unindent cubbyhole
* Fix tests
* use requestContext in rollback and expiration managers
2018-01-08 10:31:38 -08:00
Jeff Mitchell
d25aa9fc21
Don't write salts in initialization, look up on demand ( #2702 )
2017-05-09 17:51:09 -04:00
Jeff Mitchell
6f6f242061
Add logic to skip initialization in some cases and some invalidation logic
2017-05-05 15:01:52 -04:00
vishalnayak
931c96d1ba
ssh: Use temporary file to store the identity file
2016-10-18 12:50:12 -04:00
vishalnayak
5367a7223d
Add allowed_roles to ssh-helper-config and return role name from verify call
2016-07-05 11:14:29 -04:00
vishalnayak
30fa7f304b
Allow * to be set for allowed_users
2016-05-30 03:12:43 -04:00
vishalnayak
971b2cb7b7
Do not allow any username to login if allowed_users is not set
2016-05-30 03:01:47 -04:00
Jeff Mitchell
d3a705f17b
Make backends much more consistent:
...
1) Use the new LeaseExtend
2) Use default values controlled by mount tuning/system defaults instead
of a random hard coded value
3) Remove grace periods
2016-01-29 20:03:37 -05:00
Jeff Mitchell
9c5ad28632
Update deps, and adjust usage of go-uuid to match new return values
2016-01-13 13:40:08 -05:00
Jeff Mitchell
f3ce90164f
WriteOperation -> UpdateOperation
2016-01-08 13:03:03 -05:00
Jeff Mitchell
f2da5b639f
Migrate 'uuid' to 'go-uuid' to better fit HC naming convention
2015-12-16 12:56:20 -05:00
Jeff Mitchell
a9155ef85e
Use split-out hashicorp/uuid
2015-10-12 14:07:12 -04:00
Jeff Mitchell
29c722dbb6
Enhance SSH backend documentation; remove getting of stored keys and have TTLs honor backends systemview values
2015-09-21 16:14:30 -04:00
vishalnayak
9918105404
Vault SSH: Store roles as slice of strings
2015-08-31 17:03:46 -04:00
vishalnayak
5e3f8d53f3
Vault SSH: ZeroAddress CRUD test
2015-08-30 14:20:16 -04:00
vishalnayak
dc4f97b61b
Vault SSH: Zeroaddress roles and CIDR overlap check
2015-08-29 15:24:15 -04:00
vishalnayak
b12a2f0013
Vault SSH: Added exclude_cidr_list option to role
2015-08-27 23:19:55 -04:00
vishalnayak
702a869010
Vault SSH: Provide key option specifications for dynamic keys
2015-08-27 11:41:29 -04:00
Jeff Mitchell
5695d57ba0
Merge pull request #561 from hashicorp/fix-wild-cards
...
Allow hyphens in endpoint patterns of most backends
2015-08-21 11:40:42 -07:00
vishalnayak
6c2927ede0
Vault: Fix wild card paths for all backends
2015-08-21 00:56:13 -07:00
Jeff Mitchell
93ef9a54bd
Internally refactor Lease/LeaseGracePeriod into TTL/GracePeriod
2015-08-20 18:00:51 -07:00
vishalnayak
b91ebbc6e2
Vault SSH: Documentation update and minor refactoring changes.
2015-08-17 18:22:03 -07:00
vishalnayak
9db318fc55
Vault SSH: Website page for SSH backend
2015-08-14 12:41:26 -07:00
vishalnayak
7f9babed2a
Vault SSH: CLI embellishments
2015-08-13 16:55:47 -07:00
vishalnayak
d670b50e78
Vault SSH: Introduced allowed_users option. Added helpers getKey and getOTP
2015-08-13 14:18:30 -07:00
vishalnayak
2320bfb1e4
Vault SSH: Helper for OTP creation and role read
2015-08-13 11:12:30 -07:00
vishalnayak
c11bcecbbb
Vault SSH: Mandate default_user. Other refactoring
2015-08-13 10:36:31 -07:00
vishalnayak
8e946f27cc
Vault SSH: cidr to cidr_list
2015-08-13 08:46:55 -07:00
vishalnayak
7d3025fd6e
Vault SSH: Default lease duration, policy/ to role/
2015-08-12 17:36:27 -07:00
vishalnayak
330ef396ca
Vault SSH: Default lease of 5 min for SSH secrets
2015-08-12 17:10:35 -07:00
vishalnayak
0af97b8291
Vault SSH: uninstall dynamic keys using script
2015-08-06 15:50:12 -04:00
vishalnayak
3dd8fe750d
Vault SSH: Script to install dynamic keys in target
2015-08-06 14:48:19 -04:00
vishalnayak
c7ef0b95c2
Vault SSH: CRUD test case for OTP Role
2015-07-31 13:24:23 -04:00
vishalnayak
61c9f884a4
Vault SSH: Review Rework
2015-07-29 14:21:36 -04:00
Vishal Nayak
2e7612a149
Vault SSH: admin_user/default_user fix
2015-07-27 15:03:10 -04:00
Vishal Nayak
e9f507caf0
Vault SSH: Refactoring
2015-07-27 13:02:31 -04:00
Vishal Nayak
b532ee0bf4
Vault SSH: Dynamic Key test case fix
2015-07-24 12:13:26 -04:00
Vishal Nayak
e8daf2d0a5
Vault SSH: keys/ designated special path
2015-07-23 18:12:13 -04:00