Commit graph

5364 commits

Author SHA1 Message Date
Harrison Harnisch b09077c2d8 add socket audit backend 2017-02-02 14:21:48 -08:00
Jeff Mitchell 6c02e9357a Update protos 2017-02-02 16:20:32 -05:00
Jeff Mitchell 339a502fa1 Update deps 2017-02-02 16:19:55 -05:00
Jeff Mitchell fe1c21ee85 changelog++ 2017-02-02 15:49:27 -05:00
Brian Kassouf 6701ba8a10 Configure the request headers that are output to the audit log (#2321)
* Add /sys/config/audited-headers endpoint for configuring the headers that will be audited

* Remove some debug lines

* Add a persistant layer and refactor a bit

* update the api endpoints to be more restful

* Add comments and clean up a few functions

* Remove unneeded hash structure functionaility

* Fix existing tests

* Add tests

* Add test for Applying the header config

* Add Benchmark for the ApplyConfig method

* ResetTimer on the benchmark:

* Update the headers comment

* Add test for audit broker

* Use hyphens instead of camel case

* Add size paramater to the allocation of the result map

* Fix the tests for the audit broker

* PR feedback

* update the path and permissions on config/* paths

* Add docs file

* Fix TestSystemBackend_RootPaths test
2017-02-02 11:49:20 -08:00
vishalnayak 587a30a884 changelog++ 2017-02-02 14:34:08 -05:00
Vishal Nayak 5fb28f53cb Transit: Support batch encryption and decryption (#2143)
* Transit: Support batch encryption

* Address review feedback

* Make the normal flow go through as a batch request

* Transit: Error out if encryption fails during batch processing

* Transit: Infer the 'derived' parameter based on 'context' being set

* Transit: Batch encryption doc updates

* Transit: Return a JSON string instead of []byte

* Transit: Add batch encryption tests

* Remove plaintext empty check

* Added tests for batch encryption, more coming..

* Added more batch encryption tests

* Check for base64 decoding of plaintext before encrypting

* Transit: Support batch decryption

* Transit: Added tests for batch decryption

* Transit: Doc update for batch decryption

* Transit: Sync the path-help and website docs for decrypt endpoint

* Add batch processing for rewrap

* transit: input validation for context

* transit: add rewrap batch option to docs

* Remove unnecessary variables from test

* transit: Added tests for rewrap use cases

* Address review feedback

* Address review feedback

* Address review feedback

* transit: move input checking out of critical path

* transit: allow empty plaintexts for batch encryption

* transit: use common structs for batch processing

* transit: avoid duplicate creation of structs; add omitempty to response structs

* transit: address review feedback

* transit: fix tests

* address review feedback

* transit: fix tests

* transit: rewrap encrypt user error should not error out

* transit: error out for internal errors
2017-02-02 14:24:20 -05:00
vishalnayak ba7285ee1c changelog++ 2017-02-02 13:30:04 -05:00
Vishal Nayak 3457a11afd awsec2: support periodic tokens (#2324)
* awsec2: support periodic tokens

* awsec2: add api docs for 'period'
2017-02-02 13:28:01 -05:00
Vishal Nayak 14fcc4b6eb approle: secret-id listing lock sanity check (#2315)
* approle: secret-id listing lock sanity

* Skip processing an empty secretIDHMAC item during the iteration

* approle: use dedicated lock for listing of secret-id-accessors
2017-02-01 18:13:49 -05:00
Jeff Mitchell 6f88e667ec changelog++ 2017-02-01 14:16:35 -05:00
louism517 0548555219 Support for Cross-Account AWS Auth (#2148) 2017-02-01 14:16:03 -05:00
Jeff Mitchell c5d0c20197 changelog++ 2017-02-01 14:06:26 -05:00
Jeff Mitchell 47274eca88 Add cleanup functions to multiple DB backends. (#2313)
Ensure it's called on unmount, not just for seal.
2017-02-01 14:05:25 -05:00
Jeff Mitchell 67410ab230 Make TLS 1.2 *explicitly* required for cluster communications 2017-01-31 13:30:25 -05:00
Jeff Mitchell 7304311648 That's what you get for not building first. 2017-01-30 11:46:45 -05:00
Jeff Mitchell 46fed7a089 Fix relying on old copystructure behavior 2017-01-30 11:31:20 -05:00
Jeff Mitchell a466d98646 changelog++ 2017-01-30 09:27:39 -05:00
Jeff Mitchell f1a5a858d3 Make export errors a bit more meaningful 2017-01-30 09:25:50 -05:00
Jeff Mitchell 2e15dc93df Have transit exporting return the same structure regardless of one key or many 2017-01-28 10:37:35 -05:00
Jeff Mitchell bb229ac94e Update deps 2017-01-26 20:16:19 -05:00
Jeff Mitchell f8d5be9acc changelog++ 2017-01-26 20:13:01 -05:00
Shane Starcher 6033ea884c Okta implementation (#1966) 2017-01-26 19:08:52 -05:00
Xiang Li 220930f539 etcdbackend: support version auto discovery (#2299) 2017-01-26 17:19:13 -05:00
Brian Kassouf e788780709 Migrate cassandra test from acceptance to dockertest (#2295) 2017-01-25 15:37:55 -05:00
Jeff Mitchell 89b0ee09d3 Merge pull request #2296 from hashicorp/rfay-20161230_add_cookbook_with_root_token_generation
Add 'Guides' section
2017-01-25 15:33:43 -05:00
Jeff Mitchell 715732502d Update docs.erb 2017-01-25 15:33:20 -05:00
Jeff Mitchell f856963706 Revert file backend base64ing, as we need to fix a pathological case for some keys 2017-01-25 12:27:18 -05:00
Brian Kassouf 3c0de664a4 Fix keyring test 2017-01-24 12:58:14 -08:00
Jeff Mitchell 061bd6012d Fix keyring copypasta test failure 2017-01-24 14:00:13 -05:00
Jeff Mitchell 31ce37188b Fix keyring tests, working around Go nil timezone bug in DeepEqual
See https://github.com/golang/go/issues/10089
2017-01-24 12:33:28 -05:00
Vishal Nayak 57fd902d93 Merge pull request #2298 from chrishoffman/docs-updates
Adding LDAP API reference to documentation
2017-01-24 12:29:18 -05:00
Cameron Stokes a898996c43 Update title and other minor changes. 2017-01-24 08:47:53 -08:00
Jeff Mitchell 2c8d18ad8d Attempt to fix expiration test again 2017-01-24 11:17:48 -05:00
Chris Hoffman c5f690b891 Fixing a few incorrect entries 2017-01-24 11:08:58 -05:00
Jeff Mitchell b0f741d4a1 Add some extra lease debugging to try to figure out Travis timezone issue 2017-01-24 10:48:11 -05:00
Jeff Mitchell d75b5f01ec Use the same time object in the serialization test 2017-01-24 10:32:40 -05:00
Jeff Mitchell 77bc6fa481 Use time.Now rather than using time as a struct 2017-01-24 10:21:41 -05:00
Jeff Mitchell f43a041bf2 Revert "Disable PKI OU tests to fix the build"
This reverts commit b1ab7c5603180af9073caab1b3022ca438dc12be.
2017-01-24 09:58:28 -05:00
vishalnayak c8b6ab7223 Disable PKI OU tests to fix the build 2017-01-24 06:25:56 -05:00
Vishal Nayak 0a4e20a505 Merge pull request #2297 from Centricient/order-fix
Fix cipher preferred order
2017-01-24 04:22:00 -05:00
Roman Vynar 85eceef188
Fix cipher preferred order 2017-01-24 09:29:57 +02:00
Chris Hoffman 03d05b448a Minor transit docs fixes 2017-01-23 22:26:38 -05:00
Chris Hoffman b3fc3db6ec Adding LDAP API reference and misc docs formatting issues 2017-01-23 22:08:08 -05:00
Cameron Stokes c19e7ce793 undo inadvertant tabs to spaces on docs.erb 2017-01-23 17:02:06 -08:00
Cameron Stokes a307328f04 Additional changes to @rfay's PR from https://github.com/hashicorp/vault/pull/2217.
- Renamed Cookbook to Guides
- Made Guides index page
- Moved Guides link on sidebar
- Minor formatting changes to generate-root guide
2017-01-23 16:41:25 -08:00
Cameron Stokes 82af6a17c8 Merge branch '20161230_add_cookbook_with_root_token_generation' of https://github.com/rfay/vault into rfay-20161230_add_cookbook_with_root_token_generation 2017-01-23 16:13:58 -08:00
Jeff Mitchell 43acbea6a9 Add some newlines to a failing test to make it easier to spot differences 2017-01-23 14:08:29 -05:00
Jeff Mitchell 526b1d2941 changelog++ 2017-01-23 13:51:21 -05:00
Jeff Mitchell 42894754a6 Remove comments destined to be outdated 2017-01-23 13:49:15 -05:00