8f592f3442
Don't use pointers to int64 in function calls when not necessary
2016-05-19 12:26:02 -04:00
a13807e759
Merge pull request #1318 from steve-jansen/aws-logical-assume-role
...
Add sts:AssumeRole support to the AWS secret backend
2016-05-19 12:17:27 -04:00
86e078ff98
Use Consul API client's DefaultNonPooledTransport.
...
What we should probably do is create a client with a mutex and
invalidate it when parameters change rather than creating a client over
and over...that can be a TODO for later but for now this fix suffices.
Fixes #1428
2016-05-18 00:47:42 +00:00
792950e16c
Merge pull request #1417 from hashicorp/b-pki-expire-ttl-unset
...
Set entry's TTL before writing out the storage entry's config
2016-05-15 10:02:03 -07:00
7a4b31ce51
Speling police
2016-05-15 09:58:36 -07:00
b0bba6d271
Store clamped TTLs back in the role's config
2016-05-15 08:13:56 -07:00
539475714d
Set entry's TTL before writing out the storage entry's config
2016-05-15 07:06:33 -07:00
ddcaf26396
Merge branch 'master-oss' into aws-auth-backend
2016-05-10 14:50:00 -04:00
d899f9d411
Don't revoke CA certificates with leases.
2016-05-09 19:53:28 -04:00
d77563994c
Merge pull request #1346 from hashicorp/disable-all-caches
...
Disable all caches
2016-05-07 16:33:45 -04:00
597d59962c
Adds sts:AssumeRole support to the AWS secret backend
...
Support use cases where you want to provision STS tokens
using Vault, but, you need to call AWS APIs that are blocked
for federated tokens. For example, STS federated tokens cannot
invoke IAM APIs, such as Terraform scripts containing
`aws_iam_*` resources.
2016-05-05 23:32:41 -04:00
4600ca8073
Merge branch 'master-oss' into aws-auth-backend
2016-05-05 10:36:06 -04:00
1b0df1d46f
Cleanups, add shared provider, ability to specify http client, and port S3 physical backend over
2016-05-03 17:01:02 -04:00
7fbe5d2eaa
Region is required so error in awsutil if not set and set if empty in client code in logical/aws
2016-05-03 15:25:11 -04:00
a244ef8a00
Refactor AWS credential code into a function that returns a static->env->instance chain
2016-05-03 15:10:35 -04:00
f21b88802f
Add some more tests around deletion and fix upsert status returning
2016-05-03 00:19:18 -04:00
7e1bdbe924
Massively simplify lock handling based on feedback
2016-05-02 23:47:18 -04:00
7f3613cc6e
Remove some deferring
2016-05-02 22:36:44 -04:00
fa0d389a95
Change use-hint of lockAll and lockPolicy
2016-05-02 22:36:44 -04:00
49c56f05e8
Address review feedback
2016-05-02 22:36:44 -04:00
3e5391aa9c
Switch to lockManager
2016-05-02 22:36:44 -04:00
08b91b776d
Address feedback
2016-05-02 22:36:44 -04:00
fedc8711a7
Fix up commenting and some minor tidbits
2016-05-02 22:36:44 -04:00
fe1f56de40
Make a non-caching but still locking variant of transit for when caches are disabled
2016-05-02 22:36:44 -04:00
9aa8fb6cc1
Support periodic tidy callback and config endpoints.
2016-04-26 10:22:29 -04:00
30ba5b7887
Merge pull request #1291 from mmickan/ssh-keyinstall-perms
...
Ensure authorized_keys file is readable when uninstalling an ssh key
2016-04-25 14:00:37 -04:00
fb07d07ad9
all: Cleanup from running go vet
2016-04-13 14:38:29 -05:00
06eeaecef6
Skip acceptance tests if VAULT_ACC is not set
2016-04-11 20:00:15 -04:00
fd8b023655
s/TF_ACC/VAULT_ACC
2016-04-05 15:24:59 -04:00
95abdebb06
Added AcceptanceTest boolean to logical.TestCase
2016-04-05 15:10:44 -04:00
a55124f0b6
Ensure authorized_keys file is readable when uninstalling an ssh key
...
Without this change, if the user running the ssh key install script doesn't
have read access to the authorized_keys file when uninstalling a key, all
keys will be deleted from the authorized_keys file.
Fixes GH #1285
2016-04-05 17:26:21 +09:30
dfc5a745ee
Remove check for using CSR values with non-CA certificate.
...
The endpoint enforces whether the certificate is a CA or not anyways, so
this ends up not actually providing benefit and causing a bug.
Fixes #1250
2016-03-23 10:05:38 -04:00
1951a01998
Add ability to exclude adding the CN to SANs.
...
Fixes #1220
2016-03-17 16:28:40 -04:00
343e6f1671
Merge pull request #998 from chrishoffman/mssql
...
Sql Server (mssql) secret backend
2016-03-10 22:30:24 -05:00
b1703fb18d
Cleaning up lease and lease duration vars and params
2016-03-10 21:15:18 -05:00
ba94451875
Removing root protected endpoints
2016-03-10 21:08:39 -05:00
dc7da4f4e8
Changing DROP USER query to a more compatible version
2016-03-10 21:06:50 -05:00
5af33afd90
Adding verify_connection to config, docs updates, misc cleanup
2016-03-09 23:08:05 -05:00
7a9122bbd1
Sanitize serial number in revocation path.
...
Ping #1180
2016-03-08 10:51:59 -05:00
34a9cb1a70
Add serial_number back to path_issue_sign responses in PKI
2016-03-08 09:25:48 -05:00
11dc3f328f
Add revocation information to PKI fetch output (non-raw only).
...
Fixes #1180
2016-03-07 10:57:38 -05:00
67b85b8f7f
Error rather than skip Consul acceptance tests if Consul isn't found
2016-03-07 10:09:36 -05:00
0b4a8f5b94
Adding mssql secret backend
2016-03-03 09:19:17 -05:00
64ab16d137
Don't spawn consul servers when testing unless it's an acceptance test
2016-02-29 14:58:06 -05:00
f6092f8311
Don't run transit fuzzing if not during acceptance tests
2016-02-29 14:44:04 -05:00
2205133ae4
Only run PKI backend setup functions when TF_ACC is set
2016-02-29 14:41:14 -05:00
7ae573b35b
Apply hyphen/underscore replacement across the entire username.
...
Handles app-id generated display names.
Fixes #1140
2016-02-26 15:26:23 -05:00
8ca847c9b3
Be more explicit about buffer type
2016-02-24 22:05:39 -05:00
7d41607b6e
Add "tidy/" which allows removing expired certificates.
...
A buffer is used to ensure that we only remove certificates that are
both expired and for which the buffer has past. Options allow removal
from revoked/ and/or certs/.
2016-02-24 21:24:48 -05:00
69bcbb28aa
rename verify_cert as disable_binding and invert the logic
2016-02-24 21:01:21 -05:00
Jeff Mitchell