Commit graph

1076 commits

Author SHA1 Message Date
Becca Petrin 22a6e54957
Merge pull request #6380 from povils/aws_user_path
AWS add user_path option for role.
2019-04-23 09:05:35 -07:00
ncabatoff 06574da57a
Merge multiple functions for creating consul containers into one. (#6612)
Merge both functions for creating mongodb containers into one.
Add retries to docker container cleanups.
Require $VAULT_ACC be set to enable AWS tests.
2019-04-22 12:26:10 -04:00
Povilas Susinskas 67f5bbe88f AWS backend: Add user_path option for role. 2019-04-22 18:07:21 +02:00
Jeff Mitchell 213b9fd1cf Update to api 1.0.1 and sdk 0.1.8 2019-04-15 14:10:07 -04:00
Becca Petrin d3b7c3ccaf Add explanation to dbplugin.Database (#6581)
* add explanation to the database interface

* wordsmithing

* wrap comments, add comments for Type and Close methods

* will be stored, not with be stored

* update comment on the Type method
2019-04-15 08:39:44 -07:00
Jeff Mitchell 9ebc57581d
Switch to go modules (#6585)
* Switch to go modules

* Make fmt
2019-04-13 03:44:06 -04:00
Jeff Mitchell 1b5155080b Update protobufs, sdk changes 2019-04-12 23:13:14 -04:00
Jeff Mitchell 33faef3840 Fix some test breakages 2019-04-12 22:05:01 -04:00
Jeff Mitchell 28e2ce8577 Fix build breakages 2019-04-12 22:01:13 -04:00
Jeff Mitchell 80c303ac83 Move ldaputil and tlsutil over to sdk 2019-04-12 18:26:54 -04:00
Jeff Mitchell 7ca424e8d2 Move cidrutil to sdk 2019-04-12 18:03:59 -04:00
Jeff Mitchell 8bcb533a1b
Create sdk/ and api/ submodules (#6583) 2019-04-12 17:54:35 -04:00
Brian Kassouf f53b728d38
Update plugin.go 2019-04-01 16:45:59 -07:00
Matt Greenfield 080d4652f0 Fix uri_sans param being ignored when use_csr_values=false (#6505) 2019-04-01 16:08:22 -04:00
T.K 453f1ac109 changed misspelled english words (#6432) 2019-03-19 09:32:45 -04:00
Matthew Bamber 4283e6a408 Fix SSH zero address OTP delete (#6390)
* Fix SSH zero address OTP delete

Fixed bug where SSH OTP roles could not be deleted if a zero-address role
previously existed, and there currently exist no zero-address roles.

Fixes #6382

* Eliminate zeroAddressRoles remove function
2019-03-14 08:56:40 -07:00
Jeff Mitchell 3b0d07a440
ToUpper base32 values for TOTP key ingress (#6400)
Fixes #6396
2019-03-12 11:07:03 -04:00
Jim Kalafut a34099b9bb
Use HashTypeMap and remove structs in batch HMAC (#6334) 2019-03-04 14:49:29 -08:00
martinwaite 04c174214c Batch hmac - (#5850) (#5875) 2019-03-04 12:26:20 -08:00
Brian Kassouf efe5671f36 make fmt 2019-02-20 12:12:21 -08:00
madalynrose 625f0c7546
Update OpenAPI responses to include information the UI can use (#6204) 2019-02-14 12:42:44 -05:00
Brian Kassouf 524b65cb9b
Remove netRPC based plugins (#6173)
* Remove netRPC backend plugins

* Remove netRPC database plugins

* Fix tests and comments
2019-02-12 09:31:03 -08:00
Clint 0db43e697b Add signed key constraints to SSH CA [continued] (#6030)
* Adds the ability to enforce particular ssh key types and minimum key
lengths when using Signed SSH Certificates via the SSH Secret Engine.
2019-02-11 13:03:26 -05:00
Becca Petrin ba3ed879f8
Use null strings in MSSQL to prevent errs (#6099) 2019-02-08 10:04:54 -08:00
Brian Nuszkowski 707c6d1813 Add SHA1 signing/verification support to transit engine (#6037)
* Add SHA1 signing/verification support to transit engine

* Update signing/verification endpoint documentation to include sha1 hash algorithm
2019-02-07 15:31:31 -08:00
Becca Petrin 3225a66d34 Return a more helpful error message for unknown db roles (#6157)
* return a more helpful err msg

* update test, print fmt

* fix other test failure
2019-02-07 11:16:23 -08:00
Becca Petrin 421a526e8f dont automatically accept mssql eula (#6169) 2019-02-05 14:11:06 -08:00
Jeff Mitchell 5f249d4005
Add allowed_response_headers (#6115) 2019-02-05 16:02:15 -05:00
Jeff Mitchell 2f9a7c6203
Add more perf standby guards (#6149) 2019-02-01 16:56:57 -05:00
Jeff Mitchell bbc1d53a5d Revert "Refactor common token fields and operations into a helper (#5953)"
This reverts commit 66c226c593bb1cd48cfd8364ac8510cb42b7d67a.
2019-02-01 11:23:40 -05:00
Jeff Mitchell 85a560abba
Refactor common token fields and operations into a helper (#5953) 2019-01-30 16:23:28 -05:00
Jeff Mitchell 5e126f6de8
Implement JWS-compatible signature marshaling (#6077)
This currently only applies to ECDSA signatures, and is a toggleable
option.
2019-01-23 12:31:34 -05:00
ncabatoff 3e3498073e Fix #5973 on windows by disregarding errors when querying legacy cert path. (#6013) 2019-01-08 18:08:21 -08:00
Jim Kalafut d0e2badbae Run goimports across the repository (#6010)
The result will still pass gofmtcheck and won't trigger additional
changes if someone isn't using goimports, but it will avoid the
piecemeal imports changes we've been seeing.
2019-01-08 16:48:57 -08:00
Jeff Mitchell e11c7966fa
Change credential_types output to credential_type (#5975)
Fixes #5972
2019-01-04 14:49:53 -05:00
Jeff Mitchell cb1a686e3b
Strip empty strings from database revocation stmts (#5955)
* Strip empty strings from database revocation stmts

It's technically valid to give empty strings as statements to run on
most databases. However, in the case of revocation statements, it's not
only generally inadvisable but can lead to lack of revocations when you
expect them. This strips empty strings from the array of revocation
statements.

It also makes two other changes:

* Return statements on read as empty but valid arrays rather than nulls,
so that typing information is inferred (this is more in line with the
rest of Vault these days)

* Changes field data for TypeStringSlice and TypeCommaStringSlice such
that a client-supplied value of `""` doesn't turn into `[]string{""}`
but rather `[]string{}`.

The latter and the explicit revocation statement changes are related,
and defense in depth.
2018-12-14 09:12:26 -05:00
Lukasz Jagiello 76008b2e1e Remove an empty line for /pki/ca_chain (#5779)
This PR fix #5778.

Easy test case to reproduce the problem:
https://play.golang.org/p/CAMdrOHT7C1

Since `certStr` is empty string during first iteration `strings.Join()`
will merge empty line with first CA cert.

Extra `strings.TrimSpace` call will remove that empty line, before
certificate will be return.
2018-12-12 15:38:35 -05:00
Jeff Mitchell e3c538e9cb Fix tests 2018-12-11 15:04:02 -05:00
Jeff Mitchell c178d05e07
Properly continue if cert entry is nil when tidying (#5933)
Fixes #5931
2018-12-11 11:28:14 -05:00
Jeff Mitchell 13b5c3be51
Fix SSH CA giving 500 if keys need to be deleted (#5897) 2018-12-04 13:29:11 -05:00
Calvin Leung Huang e6ec67fb8f
Use inclusive range on cert role diff comparison (#5737) 2018-11-08 12:15:12 -08:00
Jeff Mitchell fa26beeaed fmt 2018-11-07 16:52:01 -05:00
Becca Petrin 7bd22e6779
Run all builtins as plugins (#5536) 2018-11-06 17:21:24 -08:00
Calvin Leung Huang 20faa90ee3 Use Truncate instead of Round on duration diff (#5691) 2018-11-05 17:32:33 -05:00
Calvin Leung Huang 1a4e8fe53d Round time diff to nearest second to reduce flakiness (#5688) 2018-11-05 16:49:25 -05:00
Vishal Nayak 332e32294a
Remove namespace.TestContext and namespace.TestNamespace (#5682) 2018-11-05 11:11:32 -05:00
Nicolas Corrarello 0b44a55d22 Adding support for Consul 1.4 ACL system (#5586)
* Adding support for Consul 1.4 ACL system

* Working tests

* Fixed logic gate

* Fixed logical gate that evaluate empty policy or empty list of policy names

* Ensure tests are run against appropiate Consul versions

* Running tests against official container with a 1.4.0-rc1 tag

* policies can never be nil (as even if it is empty will be an empty array)

* addressing feedback, refactoring tests

* removing cast

* converting old lease field to ttl, adding max ttl

* cleanup

* adding missing test

* testing wrong version

* adding support for local tokens

* addressing feedback
2018-11-02 10:44:12 -04:00
Vishal Nayak 142a944bfd
Allow @ to be part of key name in TOTP secret engine (#5652)
* Allow @ to be part of key name in TOTP secret engine

* Allow @ for key name while generating the code
2018-10-31 12:57:18 -04:00
Jeff Mitchell 6c488921ff Fix website/path-help docs around pki/tidy 2018-10-30 21:33:30 -04:00
Balazs Nagy ca5c60642e Use tidy_revoked_certs instead of tidy_revocation_list (#5608) 2018-10-29 19:29:35 -04:00