3ed73d98c2
Added: Ssh CLI command and API, config lease impl, sshConnect path to backend, http handler for Ssh connect
2015-06-17 12:39:49 -04:00
08c921c75e
Vault SSH: POC Stage 1. Skeleton implementation.
2015-06-16 16:58:54 -04:00
03b0675350
A bunch of cleanup and moving around. logical/certutil is a package that now has helper functions
...
useful for other parts of Vault (including the API) to take advantage of.
Commit contents (C)2015 Akamai Technologies, Inc. <opensource@akamai.com>
2015-06-16 13:43:12 -04:00
ae1cbc1a7a
Erp, forgot this feedback...
...
Commit contents (C)2015 Akamai Technologies, Inc. <opensource@akamai.com>
2015-06-11 23:16:13 -04:00
7cf1f186ed
Add locking for revocation/CRL generation. I originally was going to use an RWMutex but punted, because it's not worth trying to save some milliseconds with the possibility of getting something wrong. So the entire operations are now wrapped, which is minimally slower but very safe.
...
Commit contents (C)2015 Akamai Technologies, Inc. <opensource@akamai.com>
2015-06-11 22:28:13 -04:00
018c0ec7f5
Address most of Armon's initial feedback.
...
Commit contents (C)2015 Akamai Technologies, Inc. <opensource@akamai.com>
2015-06-11 21:57:05 -04:00
1513e2baa4
Add acceptance tests
...
* CA bundle uploading
* Basic role creation
* Common Name restrictions
* IP SAN restrictions
* EC + RSA keys
* Various key usages
* Lease times
* CA fetching in various formats
* DNS SAN handling
Also, fix a bug when trying to get code signing certificates.
Not tested:
* Revocation (I believe this is impossible with the current testing framework)
Commit contents (C)2015 Akamai Technologies, Inc. <opensource@akamai.com>
2015-06-08 00:06:09 -04:00
0d832de65d
Initial PKI backend implementation.
...
Complete:
* Up-to-date API documents
* Backend configuration (root certificate and private key)
* Highly granular role configuration
* Certificate generation
* CN checking against role
* IP and DNS subject alternative names
* Server, client, and code signing usage types
* Later certificate (but not private key) retrieval
* CRL creation and update
* CRL/CA bare endpoints (for cert extensions)
* Revocation (both Vault-native and by serial number)
* CRL force-rotation endpoint
Missing:
* OCSP support (can't implement without changes in Vault)
* Unit tests
Commit contents (C)2015 Akamai Technologies, Inc. <opensource@akamai.com>
2015-06-08 00:06:09 -04:00
348924eaab
logical/consul: Combine policy and lease into single storage struct
2015-05-28 09:36:23 +10:00
6b0820d709
logical/consul: custom lease time for roles
2015-05-27 09:53:46 +10:00
434305a6c2
secret/aws: Using roles instead of policy
2015-04-27 14:20:28 -07:00
5edf8cf3a8
Do not root protect role configurations
2015-04-27 14:07:20 -07:00
12e8c0f8cf
secret/postgres: secret/mysql: roles endpoints root protected
2015-04-27 14:04:10 -07:00
816d981d1a
secret/consul: replace policy with roles, and prefix the token path
2015-04-27 13:59:56 -07:00
6a38090822
secret/transit: rename policy to keys
2015-04-27 13:52:47 -07:00
793e6efef4
secret/transit: Adding more help. Fixes #41
2015-04-27 12:47:09 -07:00
a753fadcb4
secret/postgresql: testing support for multiple statements
2015-04-27 12:00:07 -07:00
1c8288c3da
secret/postgresql: support multiple sql statements
2015-04-27 11:31:27 -07:00
50879eb2e5
mysql: cleanup
2015-04-27 11:31:11 -07:00
9cae5520a0
logical/consul: Added missing policy endpoints
2015-04-27 11:08:37 -07:00
1d95694a7c
secret/mysql: improve the example statement
2015-04-25 12:58:50 -07:00
503241eeee
secret/mysql: adding acceptance test
2015-04-25 12:56:23 -07:00
e378f5c4a2
secret/mysql: fixing mysql oddities
2015-04-25 12:56:11 -07:00
57e66f3b6c
secret/mysql: initial pass at mysql secret backend
2015-04-25 12:05:26 -07:00
17676af663
logical/postgresql: when renewing, alter the valid until
2015-04-18 22:55:33 -07:00
4e21f702a8
logical/consul: leasing
2015-04-18 22:29:46 -07:00
517236ea50
logical/consul: config/access is the new path for config
2015-04-18 22:28:53 -07:00
23a156b414
logical/aws: leasing/renewal support
2015-04-18 22:25:37 -07:00
2a8dfd85f4
logical/aws: fix build
2015-04-18 22:22:35 -07:00
208dd1e8be
logical/aws: move root creds config to config/root
2015-04-18 22:21:31 -07:00
f61626f7a6
logical/aws: support read/delete policies
2015-04-18 22:13:12 -07:00
79ccb2f412
logical/postgresql: support deleting roles and reading them
2015-04-18 21:59:59 -07:00
84bca3ef28
logical/postgresql: renew for secret
2015-04-18 21:47:19 -07:00
e1e5c47362
logical/postgresql: leasing
2015-04-18 21:45:05 -07:00
8edc4d1241
logical/postgres: no session limit
2015-04-18 18:42:57 -07:00
39b8ae1b31
logical/postgers: update docs properly
2015-04-18 18:42:26 -07:00
6e10c415ef
logical/postgresql: leases
2015-04-18 18:40:03 -07:00
2120235a2e
logical/postgresql: create DB credentials
2015-04-18 18:37:27 -07:00
d0eb1b9a74
logical/postgresql: creating roles
2015-04-18 18:09:33 -07:00
d96b64286a
logical/postgresql: connection
2015-04-18 17:34:36 -07:00
07bffafbbd
Adding transit logical backend
2015-04-15 17:08:12 -07:00
381aa0f7af
logical/aws: Use display name for IAM username
2015-04-15 15:05:00 -07:00
489e79ffd3
logical/consul: Use the DisplayName for the ACL token name
2015-04-15 15:03:05 -07:00
48205d166b
rename vault id to lease id all over
2015-04-10 20:35:14 -07:00
8dc9e0e0d5
logical/framework: better string values for types
2015-04-03 21:15:59 -07:00
ec9df0439b
logical/aws: help
2015-04-03 21:10:54 -07:00
0bbad03c70
logical/framework: support root help
2015-04-03 20:36:47 -07:00
486c3d7f30
logical/aws: policy doesn't need to be base64
2015-03-31 17:26:41 -07:00
b12feccf38
logical/*: fix compilation errors
2015-03-30 20:30:07 -07:00
db65fd7b95
command: unit tests pass
2015-03-29 16:20:34 -07:00
3270349456
logical/consul: actual test that the token works
2015-03-21 17:23:44 +01:00
55a3423c60
logical/consul
2015-03-21 17:19:37 +01:00
05246433bb
logical/aws: refactor access key create to the secret file
2015-03-21 11:49:56 +01:00
665cbaa3e4
logical/aws: remove debug I was using to test rollback :)
2015-03-21 11:20:22 +01:00
9e4b9d593b
logical/aws: WAL entry for users, rollback
2015-03-21 11:18:46 +01:00
86a6062ba2
main: enable AWS backend
2015-03-20 19:32:18 +01:00
62d9bec8be
logical/aws
2015-03-20 19:03:20 +01:00
Vishal Nayak