b3799697a2
Rename policy into policies
2017-11-29 16:31:17 +00:00
0d8f812dc8
Checking if client is not nil before deleting token
...
Signed-off-by: Nicolas Corrarello <nicolas@corrarello.com>
2017-11-29 16:23:03 +00:00
239a9a9985
%q quotes automatically
...
Signed-off-by: Nicolas Corrarello <nicolas@corrarello.com>
2017-11-29 16:19:31 +00:00
62fe10204a
Refactoring check for empty accessor as per Vishals suggestion
...
Signed-off-by: Nicolas Corrarello <nicolas@corrarello.com>
2017-11-29 15:58:39 +00:00
a6d3119e3e
Pull master into f-nomad
...
Signed-off-by: Nicolas Corrarello <nicolas@corrarello.com>
2017-11-29 15:56:37 +00:00
89466815ba
Return an error if accesor_id is nil
...
Signed-off-by: Nicolas Corrarello <nicolas@corrarello.com>
2017-11-29 15:18:03 +00:00
031f244922
Returning nil config if is actually nil, and catching the error before creating the client in backend.go
...
Signed-off-by: Nicolas Corrarello <nicolas@corrarello.com>
2017-11-29 11:15:54 +00:00
2a4f63e4a5
Moving LeaseConfig function to path_config_lease.go
...
Signed-off-by: Nicolas Corrarello <nicolas@corrarello.com>
2017-11-29 11:07:17 +00:00
4f91a71c29
Return error before creating a client if conf is nil
2017-11-29 11:01:31 +00:00
e2be4bfd74
Sanitizing error outputs
2017-11-29 10:58:02 +00:00
604ead3a37
Renaming tokenRaw to accessorIDRaw to avoid confusion, as the token is not being used for revoking itself
2017-11-29 10:48:55 +00:00
34b5919931
Updating descriptions, defaults for roles
2017-11-29 10:44:40 +00:00
fc81d8a07c
Validating that Address and Token are provided in path_config_access.go
2017-11-29 10:36:34 +00:00
aab72464d6
Removing legacy field scheme that belonged to the Consul API
2017-11-29 10:29:39 +00:00
6b72b90efa
Remove allow_base_domain from PKI role output.
...
It was never used in a release, in favor of allow_bare_domains.
Fixes #1452 (again)
2017-11-09 10:24:36 -05:00
3555a17d52
Don't read out an internal role member in PKI
2017-11-08 18:20:53 -05:00
210fe50b68
adding ttl to secret, refactoring for consistency
2017-11-07 09:58:19 -05:00
9ffe6421c5
Fix deprecated cassandra backend tests ( #3543 )
2017-11-06 17:15:45 -05:00
1b387f75e3
minor cleanup
2017-11-06 16:36:37 -05:00
de8c0dce99
minor cleanup
2017-11-06 16:34:20 -05:00
57c9afa357
added AWS enpoint handling ( #3416 )
2017-11-06 13:31:38 -05:00
17310654a1
Add PKCS8 marshaling to PKI ( #3518 )
2017-11-06 12:05:07 -05:00
c70bfff23a
Refactored Lease into the Backend configuration
2017-11-06 15:09:56 +00:00
6dc8edf09f
Attaching secretToken to backend
2017-11-06 14:28:30 +00:00
512b254820
Return role info for each role on pathRoleList ( #3532 )
...
* Return role info for each role on pathRoleList
* Change roles -> key_info, only return key_type
* Do not initialize result map in parseRole, refactor ListResponseWithInfo
* Add role list test
2017-11-03 17:12:03 -04:00
9952ddaf69
Add some more SealWrap declarations ( #3531 )
2017-11-03 11:43:31 -04:00
52df62d4ff
Encrypt/Decrypt/Sign/Verify using RSA in Transit backend ( #3489 )
...
* encrypt/decrypt/sign/verify RSA
* update path-help and doc
* Fix the bug which was breaking convergent encryption
* support both 2048 and 4096
* update doc to contain both 2048 and 4096
* Add test for encrypt, decrypt and rotate on RSA keys
* Support exporting RSA keys
* Add sign and verify test steps
* Remove 'RSA' from PEM header
* use the default salt length
* Add 'RSA' to PEM header since openssl is expecting that
* export rsa keys as signing-key as well
* Comment the reasoning behind the PEM headers
* remove comment
* update comment
* Parameterize hashing for RSA signing and verification
* Added test steps to check hash algo choice for RSA sign/verify
* fix test by using 'prehashed'
2017-11-03 10:45:53 -04:00
783b38c9c4
Not storing the Nomad token as we have the accesor for administrative operations
2017-11-03 07:25:47 +00:00
4b572c064c
Overhauling the client method and attaching it to the backend
2017-11-03 07:19:49 +00:00
3a2440a651
Check input size to avoid a panic ( #3521 )
2017-11-02 16:40:52 -05:00
eb7a0c0e83
Refactoring readAcessConfig to return a single type of error instead of two
2017-11-01 08:49:31 +00:00
55dd69437a
Refactored config error to just have a single error exit path
2017-11-01 08:41:58 +00:00
5f748a1217
Ignoring userErr as it will be nil anyway
2017-11-01 07:41:58 +00:00
3ce4da75ac
tokenType can never be nil/empty string as there are default values
2017-11-01 07:36:14 +00:00
afb5d123b9
Should return an error if trying create a management token with policies attached
2017-10-31 21:12:14 +00:00
d540985926
Unifying Storage and API path in role
2017-10-31 21:06:10 +00:00
0fc65cabc7
Minor/Cosmetic fixes
2017-10-31 19:11:24 +00:00
7fed43c035
Add the ability to glob allowed roles in the Database Backend ( #3387 )
...
* Add the ability to glob allowed roles in the Database Backend
* Make the error messages better
* Switch to the go-glob repo
2017-10-30 13:24:25 -07:00
7486df810c
Simplify TTL/MaxTTL logic in SSH CA paths and sane with the rest of how ( #3507 )
...
Vault parses/returns TTLs.
2017-10-30 15:05:47 -05:00
d8e2179a42
Rejig some error messages in pki
2017-10-27 12:02:18 -04:00
a25dae82dd
Final sync
2017-10-23 17:39:21 -04:00
2ede750c78
return the actual error for base64 decoding failure ( #3397 )
2017-10-20 11:21:45 -04:00
af24163abd
Implement signing of pre-hashed data ( #3448 )
...
Transit backend sign and verify endpoints now support algorithm=none
2017-10-11 11:48:51 -04:00
e3ce60eb1f
Allow entering PKI URLs as arrays. ( #3409 )
...
Fixes #3407
2017-10-03 16:13:57 -04:00
40839d2163
Removing ignore to cleanup function
2017-09-29 09:35:17 +01:00
6390021413
Working tests
2017-09-29 09:33:58 +01:00
ad5f1018dd
Various fixes (Null pointer, wait for Nomad go up, Auth before policy creation)
2017-09-28 23:58:41 +01:00
9a011781ec
Adding Global tokens to the data model
2017-09-28 23:57:48 +01:00
ec972939c2
Added tests
2017-09-28 21:44:30 +01:00
420b46fa08
Fixing data model
2017-09-20 17:14:35 -05:00
129328e842
MVP of working Nomad Secret Backend
2017-09-20 15:59:35 -05:00
1076cea5d1
Tests were not actually forcing the intermediate to have a longer TTL
...
because of mount max TTL constraint. This ups the mount max to force the
test to work as expected.
2017-09-14 22:49:04 -04:00
cb6ac1e926
Change behavior of TTL in sign-intermediate ( #3325 )
...
* Fix using wrong public key in sign-self-issued
* Change behavior of TTL in sign-intermediate
This allows signing CA certs with an expiration past the signer's
NotAfter.
It also change sign-self-issued to replace the Issuer, since it's
potentially RFC legal but stacks won't validate it.
Ref: https://groups.google.com/d/msg/vault-tool/giP69-n2o20/FfhRpW1vAQAJ
2017-09-13 11:42:45 -04:00
78b1dfd7bb
Handle errors from getRootConfig on aws logical backend ( #3294 )
2017-09-08 13:00:29 -04:00
7be6905eb0
Add a bit more delay to backend test in case Travis is loaded
2017-09-04 14:45:12 -04:00
abb2ab2918
Add pki/root/sign-self-issued. ( #3274 )
...
* Add pki/root/sign-self-issued.
This is useful for root CA rolling, and is also suitably dangerous.
Along the way I noticed we weren't setting the authority key IDs
anywhere, so I addressed that.
* Add tests
2017-08-31 23:07:15 -04:00
d62937aaf3
Use TypeDurationSecond for TTL values in PKI. ( #3270 )
2017-08-31 15:46:13 -04:00
13901b1346
fix swallowed errors in pki package tests ( #3215 )
2017-08-29 13:15:36 -04:00
340fe4e609
Add permitted dns domains to pki ( #3164 )
2017-08-15 16:10:36 -04:00
e4eb6e9020
Make PKI root generation idempotent-ish and add delete endpoint. ( #3165 )
2017-08-15 14:00:40 -04:00
b023d46cb8
Direct plugin logs through vault's logger ( #3142 )
...
* Direct plugin logs through vault's logger
* Pass in a logger in testConfig
2017-08-15 10:16:48 -04:00
2e80e6488f
Bump database plugin protocol version
2017-08-08 17:01:38 -07:00
71ffa3429f
Handle dropped checkok pattern in mysql package ( #3082 )
2017-08-02 19:34:58 -04:00
77336f4ca2
adding warning for conflicting role and request parameters ( #3083 )
2017-08-02 10:02:40 -04:00
4885b3e502
Use RemoteCredProvider instead of EC2RoleProvider ( #2983 )
2017-07-31 18:27:16 -04:00
474f008b2d
Clean up plugin tests with CA info
2017-07-31 15:09:19 -04:00
1bfc6d4fe7
Add a -dev-three-node option for devs. ( #3081 )
2017-07-31 11:28:06 -04:00
3e8aecc7d5
Add BackendType to existing backends ( #3078 )
2017-07-28 14:04:46 -04:00
45fd7dad60
Add note about ed25519 hashing to docs and path help.
...
Fixes #3074
Closes #3076
2017-07-28 09:30:27 -04:00
d404dfc494
fixing recovery from x/golang/crypto panics
2017-07-27 21:00:31 -04:00
0a2ac3160d
Recover during a request forward.
...
gRPC doesn't have a handler for recovering from a panic like a normal
HTTP request so a panic will actually kill Vault's listener. This
basically copies the net/http logic for managing this.
The SSH-specific logic is removed here as the underlying issue is caused
by the request forwarding mechanism.
2017-07-27 11:44:56 -04:00
72ee5e573c
Handle dropped checkok pattern in postgresql package ( #3046 )
2017-07-26 12:28:02 -04:00
bb54e9c131
Backend plugin system ( #2874 )
...
* Add backend plugin changes
* Fix totp backend plugin tests
* Fix logical/plugin InvalidateKey test
* Fix plugin catalog CRUD test, fix NoopBackend
* Clean up commented code block
* Fix system backend mount test
* Set plugin_name to omitempty, fix handleMountTable config parsing
* Clean up comments, keep shim connections alive until cleanup
* Include pluginClient, disallow LookupPlugin call from within a plugin
* Add wrapper around backendPluginClient for proper cleanup
* Add logger shim tests
* Add logger, storage, and system shim tests
* Use pointer receivers for system view shim
* Use plugin name if no path is provided on mount
* Enable plugins for auth backends
* Add backend type attribute, move builtin/plugin/package
* Fix merge conflict
* Fix missing plugin name in mount config
* Add integration tests on enabling auth backend plugins
* Remove dependency cycle on mock-plugin
* Add passthrough backend plugin, use logical.BackendType to determine lease generation
* Remove vault package dependency on passthrough package
* Add basic impl test for passthrough plugin
* Incorporate feedback; set b.backend after shims creation on backendPluginServer
* Fix totp plugin test
* Add plugin backends docs
* Fix tests
* Fix builtin/plugin tests
* Remove flatten from PluginRunner fields
* Move mock plugin to logical/plugin, remove totp and passthrough plugins
* Move pluginMap into newPluginClient
* Do not create storage RPC connection on HandleRequest and HandleExistenceCheck
* Change shim logger's Fatal to no-op
* Change BackendType to uint32, match UX backend types
* Change framework.Backend Setup signature
* Add Setup func to logical.Backend interface
* Move OptionallyEnableMlock call into plugin.Serve, update docs and comments
* Remove commented var in plugin package
* RegisterLicense on logical.Backend interface (#3017 )
* Add RegisterLicense to logical.Backend interface
* Update RegisterLicense to use callback func on framework.Backend
* Refactor framework.Backend.RegisterLicense
* plugin: Prevent plugin.SystemViewClient.ResponseWrapData from getting JWTs
* plugin: Revert BackendType to remove TypePassthrough and related references
* Fix typo in plugin backends docs
2017-07-20 13:28:40 -04:00
3f0b15826a
Fix swallowed errors in builtin ( #2977 )
2017-07-07 08:23:12 -04:00
873aacf23f
Don't panic in audit logs when reading transit keys. ( #2970 )
2017-07-05 11:25:10 -04:00
4d6ca4c884
DOCS: fix typo in ssh path help ( #2966 )
2017-07-04 13:59:34 -04:00
753b68fa1b
Port TestCluster changes from proxy branch
2017-07-03 14:54:01 -04:00
45c7bc718f
Add the option to specify a specific key id format that is generated … ( #2888 )
2017-06-29 04:05:06 +01:00
0957500abe
Ensure TOTP codes cannot be reused. ( #2908 )
2017-06-23 16:21:34 +01:00
be383217b6
If recovering from panic ensure the cert returned is nil
2017-06-16 18:18:15 -04:00
60d743a5b9
Go's SSH library can panic without warning; recover.
...
Ping #2877 -- but don't close yet in case there are more places.
2017-06-16 18:16:45 -04:00
d26a8ebf5e
add min_encryption_version to the transit key response ( #2838 )
2017-06-08 13:07:18 -05:00
fdf92aeba5
Add listing to database connections. ( #2827 )
...
Fixes #2823
2017-06-07 10:03:17 -04:00
a7fca34076
Add ability to specify encryption key version in `transit` ( #2821 )
2017-06-06 16:02:54 -04:00
606fe393be
Use the role name in the db username ( #2812 )
2017-06-06 09:49:49 -04:00
3eebd5cf5a
ed25519 support in transit ( #2778 )
2017-06-05 15:00:39 -04:00
f7df60b131
Allow accessing Warnings directly in Response. ( #2806 )
...
A change in copystructure has caused some panics due to the custom copy
function. I'm more nervous about production panics than I am about
keeping some bad code wiping out some existing warnings, so remove the
custom copy function and just allow direct setting of Warnings.
2017-06-05 10:52:43 -04:00
4693881fe9
Update some path-help in datakey
2017-05-23 10:04:32 -04:00
2557693aa3
Added host key call back for ssh config ( #2752 )
2017-05-21 20:16:13 -04:00
aa40d2cff6
add gofmt checks to Vault and format existing code ( #2745 )
2017-05-19 08:34:17 -04:00
90be96989a
logical/aws: Fix typo in warning message ( #2747 )
...
Signed-off-by: Steffen Prohaska <prohaska@zib.de>
2017-05-19 06:20:54 -04:00
533dbe5d4c
Update the error when no key can be found to a more clear error text ( #2720 )
2017-05-12 14:14:00 -04:00
1460c2fcc7
Add plugin level docs for what statements are supported and how they should be formatted
2017-05-11 11:59:58 -07:00
3874b63af3
Fix typos in error message ( #2692 )
2017-05-10 10:28:35 -04:00
d25aa9fc21
Don't write salts in initialization, look up on demand ( #2702 )
2017-05-09 17:51:09 -04:00
185ba8a1c3
Only run cassandra tests on Travis for right now
2017-05-09 08:36:20 -04:00
6f6f242061
Add logic to skip initialization in some cases and some invalidation logic
2017-05-05 15:01:52 -04:00
7dcec6e68f
Merge remote-tracking branch 'oss/master' into database-refactor
2017-05-04 12:40:00 -07:00
82b58d5b9c
Update docs and return a better error message
2017-05-04 11:45:27 -07:00
4c0e3c5d2f
Implemented TOTP Secret Backend ( #2492 )
...
* Initialized basic outline of TOTP backend using Postgresql backend as template
* Updated TOTP backend.go's structure and help string
* Updated TOTP path_roles.go's structure and help strings
* Updated TOTP path_role_create.go's structure and help strings
* Fixed typo in path_roles.go
* Fixed errors in path_role_create.go and path_roles.go
* Added TOTP secret backend information to cli commands
* Fixed build errors in path_roles.go and path_role_create.go
* Changed field values of period and digits from uint to int, added uint conversion of period when generating passwords
* Initialized TOTP test file based on structure of postgresql test file
* Added enforcement of input values
* Added otp library to vendor folder
* Added test steps and cleaned up errors
* Modified read credential test step, not working yet
* Use of vendored package not allowed - Test error
* Removed vendor files for TOTP library
* Revert "Removed vendor files for TOTP library"
This reverts commit fcd030994bc1741dbf490f3995944e091b11da61.
* Hopefully fixed vendor folder issue with TOTP Library
* Added additional tests for TOTP backend
* Cleaned up comments in TOTP backend_test.go
* Added default values of period, algorithm and digits to field schema
* Changed account_name and issuer fields to optional
* Removed MD5 as a hash algorithm option
* Implemented requested pull request changes
* Added ability to validate TOTP codes
* Added ability to have a key generated
* Added skew, qr size and key size parameters
* Reset vendor.json prior to merge
* Readded otp and barcode libraries to vendor.json
* Modified help strings for path_role_create.go
* Fixed test issue in testAccStepReadRole
* Cleaned up error formatting, variable names and path names. Also added some additional documentation
* Moveed barcode and url output to key creation function and did some additional cleanup based on requested changes
* Added ability to pass in TOTP urls
* Added additional tests for TOTP server functions
* Removed unused QRSize, URL and Generate members of keyEntry struct
* Removed unnecessary urlstring variable from pathKeyCreate
* Added website documentation for TOTP secret backend
* Added errors if generate is true and url or key is passed, removed logger from backend, and revised parameter documentation.
* Updated website documentation and added QR example
* Added exported variable and ability to disable QR generation, cleaned up error reporting, changed default skew value, updated documentation and added additional tests
* Updated API documentation to inlude to exported variable and qr size option
* Cleaned up return statements in path_code, added error handling while validating codes and clarified documentation for generate parameters in path_keys
2017-05-04 10:49:42 -07:00
5ee0d696d4
Merge remote-tracking branch 'oss/master' into database-refactor
2017-05-04 10:45:18 -07:00
29bfc0a0d4
PR comments
2017-05-04 10:41:59 -07:00
0875e78a13
Feedback from PR
2017-05-03 17:37:34 -07:00
cbcb8635a4
Update databse backend tests to use the APIClientMeta for the plugin conns
2017-05-03 16:34:09 -07:00
26cf09ab15
Minor comment update on cert_util
2017-05-03 16:13:54 -04:00
1c14d207b5
Merge pull request #2575 from hashicorp/pki-colons-to-hyphens
...
Change storage of PKI entries from colons to hyphens
2017-05-03 15:07:15 -04:00
e34a45fdcd
Minor readability enhancements for migration path from old to new
2017-05-03 14:58:22 -04:00
a00a7815f6
Include and use normalizeSerial func
2017-05-03 10:12:58 -04:00
7ae8f02f4b
Only wrap in tracing middleware if the logger is set to trace level
2017-05-02 17:19:49 -07:00
29d9b831d3
Update the api for serving plugins and provide a utility to pass TLS data for commuinicating with the vault process
2017-05-02 14:40:11 -07:00
2b7a66e23b
Use variables for string replacements on cert_util
2017-05-02 14:11:57 -04:00
c8bbea9f37
Rename NewPluginServer to just Serve
2017-05-02 02:00:39 -07:00
b3819c433b
Don't store an error response as a package variable
2017-05-01 15:30:56 -07:00
9a60ec9fda
Update interface name from Wrapper to a more descriptive RunnerUtil
2017-05-01 14:59:55 -07:00
403efeb5ae
Add globbing support to the PKI backend's allowed_domains list ( #2517 )
2017-05-01 10:40:18 -04:00
ff4cf41ebb
Add test for ca and crl case
2017-04-28 08:55:28 -04:00
8bb6c8caef
Return error message for failure to parse CSR ( #2657 )
2017-04-28 08:30:24 -04:00
802d030506
Refactor cert_util_test
2017-04-27 17:09:59 -04:00
b5990321bf
Verify update operation was performed on revokeCert
2017-04-27 12:30:44 -04:00
3b27a9c12c
Rename tests, use HandleRequest() for existing paths
2017-04-27 09:47:56 -04:00
53752c3002
Add check to ensure we don't overwrite existing connections
2017-04-26 16:43:42 -07:00
081101c7cf
Add an error check to reset a plugin if it is closed
2017-04-26 15:55:34 -07:00
d0cad5345a
Update to a RWMutex
2017-04-26 15:23:14 -07:00
628e5d594b
Add remaining tests
2017-04-26 16:05:58 -04:00
4782d9d2af
Update the error messages for renew and revoke
2017-04-26 10:29:16 -07:00
892812d67d
Change ttl types to TypeDurationSecond
2017-04-26 10:02:37 -07:00
d24757f2e0
Fix crl_util test
2017-04-26 09:58:34 -04:00
18ed2d6097
Tests for cert and crl util
2017-04-26 02:46:01 -04:00
e3e5f12f9e
Default deny when allowed roles is empty
2017-04-25 11:48:24 -07:00
207d01fd39
Update the connection details data and fix allowedRoles
2017-04-25 11:11:10 -07:00
eb0f831d6a
Rename path_role_create to path_creds_create
2017-04-25 10:39:17 -07:00
3d3e4eb5a4
Use TypeCommaStringSlice for allowed_roles
2017-04-25 10:26:23 -07:00
bed1c17b1e
Update logging to new structure
2017-04-25 10:24:19 -07:00
f25b367732
Don't uppercase ErrorResponses
2017-04-24 14:03:48 -07:00
378ae98809
s/DatabaseType/Database/
2017-04-24 13:59:12 -07:00
6f9d178370
Calls to builtin plugins now go directly to the implementation instead of go-plugin
2017-04-20 18:46:41 -07:00
af9ff63e9a
Merge remote-tracking branch 'oss/master' into database-refactor
2017-04-19 15:16:00 -07:00
847c86f788
Rename ParseDedupAndSortStrings to ParseDedupLowercaseAndSortStrings ( #2614 )
2017-04-19 10:39:07 -04:00
2ee593c6ea
Mssql driver update ( #2610 )
...
* Switching driver from mssql to sqlserver
* Adding explicit database to sp_msloginmappings call
2017-04-18 17:49:59 -04:00
4995c69763
Update sign-verbatim to correctly set generate_lease ( #2593 )
2017-04-18 15:54:31 -04:00
0897da93f0
Parse and dedup but do not lowercase principals in SSH certs. ( #2591 )
2017-04-18 12:21:02 -04:00
822d86ad90
Change storage of entries from colons to hyphens and add a
...
lookup/migration path
Still TODO: tests on migration path
Fixes #2552
2017-04-18 11:14:23 -04:00
e8adc13826
Fix cassandra dep breakage
2017-04-17 11:51:42 -04:00
79fb8bdf69
Verify that a CSR specifies IP SANs before checking whether it's allowed ( #2574 )
2017-04-13 13:40:31 -04:00
883c80540a
Add allowed_roles parameter and checks
2017-04-13 10:33:34 -07:00
0cfe1ea81c
Cleanup path files
2017-04-12 17:35:02 -07:00
a9a05f5bba
Update Type() to return an error
2017-04-12 16:41:06 -07:00
8ccf10641b
Merge branch 'master' into database-refactor
2017-04-12 14:29:10 -07:00
128f25c13d
Update help text and comments
2017-04-11 11:50:34 -07:00
c85b7be22f
Remove unnecessary abstraction
2017-04-10 18:38:34 -07:00
8071aed758
Mlock the plugin process
2017-04-10 17:12:52 -07:00
f6ff3b1146
Add a flag to tell plugins to verify the connection was successful
2017-04-10 15:36:59 -07:00
db91a80540
Update plugin test
2017-04-10 14:12:28 -07:00
bbbd81220c
Update the interface for plugins removing functions for creating creds
2017-04-10 12:24:16 -07:00
459e3eda4e
Update backend tests
2017-04-10 10:35:16 -07:00
93136ea51e
Add backend test
2017-04-07 15:50:03 -07:00
2117dfd717
implement a no_store option for pki roles ( #2565 )
2017-04-07 11:25:47 -07:00
f805618a2c
Update SSH CA documentation
...
Fixes #2551
Fixes #2569
2017-04-07 11:59:25 -04:00
62d59e5f4e
Move plugin code into sub directory
2017-04-06 12:20:10 -07:00
ca2c3d0c53
Refactor to use builtin plugins from an external repo
2017-04-05 16:20:31 -07:00
2255884a4c
Do not mark conn as initialized until the end ( #2567 )
2017-04-04 14:26:59 -07:00
305ccd54f7
Don't return strings, always structs
2017-04-04 11:33:58 -07:00
9dd666c7e6
Database refactor invalidate ( #2566 )
...
* WIP on invalidate function
* cassandraConnectionProducer has Close()
* Delete database from connections map on successful db.Close()
* Move clear connection into its own func
* Use const for database config path
2017-04-04 11:32:42 -07:00
709389dd36
Use ParseStringSlice on PKI organization/organizational unit. ( #2561 )
...
After, separately dedup and use new flag to not lowercase value.
Fixes #2555
2017-04-04 08:54:18 -07:00
b506bd7790
On change of configuration rotate the database type
2017-04-03 18:30:38 -07:00
d7dd0ab35c
Merge branch 'database-refactor' of github.com:hashicorp/vault into database-refactor
2017-04-03 17:52:41 -07:00
e8781b6a2b
Plugin catalog
2017-04-03 17:52:29 -07:00
aa15a1d3a9
Database refactor mssql ( #2562 )
...
* WIP on mssql secret backend refactor
* Add RevokeUser test, and use sqlserver driver internally
* Remove debug statements
* Fix code comment
2017-04-03 09:59:30 -07:00
210fa77e3c
fix for plugin commands that have more than one paramater
2017-03-28 14:37:57 -07:00
50729a4528
Add comments to connection and credential producers
2017-03-28 13:08:11 -07:00
b09526e1c9
Cleanup the db factory code and add comments
2017-03-28 12:57:30 -07:00
6b877039e7
Update tests
2017-03-28 12:20:17 -07:00
c50a6ebc39
Add functionaility to build db objects from disk so restarts work
2017-03-28 11:30:45 -07:00
02b0230f19
Fix for checking types of database on update
2017-03-28 10:04:42 -07:00
494f963581
Wrap the database calls with tracing information
2017-03-27 15:17:28 -07:00
2799586f45
Remove the unused sync.Once object
2017-03-27 11:46:20 -07:00
29ae4602dc
More work on getting tests to pass
2017-03-23 15:54:15 -07:00
c0223d888e
Remove unsused code block
2017-03-22 17:09:39 -07:00
1068076703
s/postgres/mysql/
2017-03-22 16:44:33 -07:00
dac1bb210b
Add test files for postgres and mysql databases
2017-03-22 16:39:08 -07:00
ae9961b811
Add a error message for empty creation statement
2017-03-22 12:40:16 -07:00
c55bef85d3
Fix race with deleting the connection
2017-03-22 09:54:19 -07:00
85ef468d46
Add a delete method
2017-03-21 17:19:30 -07:00
83ff132705
Verify connections regardless of if this connections is already existing
2017-03-21 16:05:59 -07:00
003ef004c6
sshca: ensure atleast cert type is allowed ( #2508 )
2017-03-19 18:58:48 -04:00
a4e5e0f8c9
Comment and fix plugin Type function
2017-03-16 18:24:56 -07:00
417770a58f
Change the handshake config from the default
2017-03-16 17:51:25 -07:00
2873825848
Add a secure config to verify the checksum of the plugin
2017-03-16 16:20:18 -07:00
f2df4ef0e7
Comment and slight refactor of the TLS plugin helper
2017-03-16 14:14:49 -07:00
0a52ea5c69
Break tls code into helper library
2017-03-16 11:55:21 -07:00
24886c1006
Ensure CN check is made when exclude_cn_from_sans is used
...
Fixes #2363
2017-03-16 11:41:13 -04:00
ae8967d635
Always include a hash of the public key and "vault" (to know where it ( #2498 )
...
came from) when generating a cert for SSH.
Follow on from #2494
2017-03-16 11:14:17 -04:00
95df7beed9
Adding allow_user_key_ids field to SSH role config ( #2494 )
...
Adding a boolean field that determines whether users will be allowed to
set the ID of the signed SSH key or whether it will always be the token
display name. Preventing users from changing the ID and always using
the token name is useful for auditing who actually used a key to access
a remote host since sshd logs key IDs.
2017-03-16 08:45:11 -04:00
eb6117cbb2
Work on TLS communication over plugins
2017-03-15 17:14:48 -07:00
12e5132779
Allow roles to specify whether CSR SANs should be used instead of ( #2489 )
...
request values. Fix up some documentation.
Fixes #2451
Fixes #2488
2017-03-15 14:38:18 -04:00
7ab6844eb4
Set CA chain when intermediate does not have an authority key ID.
...
This is essentially an approved review of the code provided in #2465 .
Fixes #2465
2017-03-15 11:52:02 -04:00
3ecb344878
wrap plugin database type with metrics middleware
2017-03-14 13:12:47 -07:00
822a3eb20a
Add a metrics middleware
2017-03-14 13:11:28 -07:00
662b372364
Reads on unconfigured SSH CA public key return 400
2017-03-14 10:21:48 -04:00
7d59d7d3ac
Reads on ssh/config/ca return the public keys
...
If configured/generated.
2017-03-14 10:21:48 -04:00
830de2dbbd
If generating an SSH CA signing key - return the public part
...
So that the user can actually use the SSH CA, by adding the public key
to their respective sshd_config/authorized_keys, etc.
2017-03-14 10:21:48 -04:00
2054fff890
Add a way to initalize plugins and builtin databases the same way.
2017-03-13 14:39:55 -07:00
71b81aad23
Add checksum attribute
2017-03-10 14:10:42 -08:00
a11911d4d4
Rename reset to close
2017-03-09 22:35:45 -08:00
fda45f531d
Add special path to enforce root on plugin configuration
2017-03-09 21:31:29 -08:00
748c70cfb4
Add plugin file
2017-03-09 17:43:58 -08:00
9099231229
Add plugin features
2017-03-09 17:43:37 -08:00
220beb2cde
doc: ssh allowed_users update ( #2462 )
...
* doc: ssh allowed_users update
* added some more context in default_user field
2017-03-09 10:34:55 -05:00
f085cd71ab
Fix typo
2017-03-08 17:49:39 -05:00
b7128f8370
Update secrets fields
2017-03-08 14:46:53 -08:00
766c2e6ee0
SSH CA enhancements ( #2442 )
...
* Use constants for storage paths
* Upgrade path for public key storage
* Fix calculateValidPrincipals, upgrade ca_private_key, and other changes
* Remove a print statement
* Added tests for upgrade case
* Make exporting consistent in creation bundle
* unexporting and constants
* Move keys into a struct instead of plain string
* minor changes
2017-03-08 17:36:21 -05:00
2fb6bf9882
Fix renew and revoke calls
2017-03-07 17:21:44 -08:00
b7c3b4b0d7
Add defaults to the cassandra databse type
2017-03-07 17:00:52 -08:00
3976a2a0a6
Pass statements object
2017-03-07 16:48:17 -08:00
843d584254
Remove unused sql object
2017-03-07 15:34:23 -08:00
919155ab12
Remove double lock
2017-03-07 15:33:05 -08:00
c959882b93
Update locking functionaility
2017-03-07 13:48:29 -08:00
5119b173c4
Rename helper 'duration' to 'parseutil'. ( #2449 )
...
Add a ParseBool function that accepts various kinds of ways of
specifying booleans.
Have config use ParseBool for UI and disabling mlock/cache.
2017-03-07 11:21:22 -05:00
bc53e119ca
rename mysql variable
2017-03-03 15:07:41 -08:00
bba832e6bf
Make db instances immutable and add a reset path to tear down and create a new database instance with an updated config
2017-03-03 14:38:49 -08:00
29e07ac9e8
Fix mysql connections
2017-03-03 14:38:49 -08:00
24ddea9954
Add mysql into the factory
2017-03-03 14:38:48 -08:00
8e8f260d96
Add max connection lifetime param and set consistancy on cassandra session
2017-03-03 14:38:48 -08:00
1f009518cd
s/Statement/Statements/
2017-03-03 14:38:48 -08:00
46aa7142c1
Add mysql database type
2017-03-03 14:38:48 -08:00
2ec5ab5616
More work on refactor and cassandra database
2017-03-03 14:38:48 -08:00
acdcd79af3
Begin work on database refactor
2017-03-03 14:38:48 -08:00
4b81bcb379
ssh: Added DeleteOperation to config/ca ( #2434 )
...
* ssh: Added DeleteOperation to config/ca
* Address review feedback
2017-03-03 10:19:45 -05:00
55e69277ce
Update SSH CA logic/tests
2017-03-02 16:39:22 -05:00
a1331278ff
Refactor the generate_signing_key processing ( #2430 )
2017-03-02 16:22:06 -05:00
fa474924aa
Update error text to make it more obvious what the issue is when valid principals aren't found
2017-03-02 15:56:08 -05:00
eca68d5913
Fix a bunch of errors from returning 5xx, and parse more duration types
2017-03-02 15:38:34 -05:00
70bfdb5ae9
Changes from code review
2017-03-02 14:36:13 -05:00
36b3d89604
Allow internal generation of the signing SSH key pair
2017-03-02 14:36:13 -05:00
3795d2ea64
Rework ssh ca ( #2419 )
...
* docs: input format for default_critical_options and default_extensions
* s/sshca/ssh
* Added default_critical_options and default_extensions to the read endpoint of role
* Change default time return value to 0
2017-03-01 15:50:23 -05:00
9f75f84175
Changes from code review
...
Major changes are:
* Remove duplicate code
* Check the public key used to configure the backend is a valid one
2017-03-01 15:19:18 -05:00
ff1ff02bd7
Changes from code review
...
Major changes are:
* Change `allow_{user,host}_certificates` to default to false
* Add separate `allowed_domains` role property
2017-03-01 15:19:18 -05:00
099d561b20
Add ability to create SSH certificates
2017-03-01 15:19:18 -05:00
2e911fc650
Fix broken build caused due to resolve merge conflicts
2017-02-24 12:41:20 -05:00
c6f138bb9a
PKI: Role switch to control lease generation ( #2403 )
...
* pki: Make generation of leases optional
* pki: add tests for upgrading generate_lease
* pki: add tests for leased and non-leased certs
* docs++ pki generate_lease
* Generate lease is applicable for both issuing and signing
* pki: fix tests
* Address review feedback
* Address review feedback
2017-02-24 12:12:40 -05:00
01f3056b8b
pki: Include private_key_type on DER-formatted responses from /pki/issue/ ( #2405 )
2017-02-24 11:17:59 -05:00
c81582fea0
More porting from rep ( #2388 )
...
* More porting from rep
* Address review feedback
2017-02-16 16:29:30 -05:00
0c39b613c8
Port some replication bits to OSS ( #2386 )
2017-02-16 15:15:02 -05:00
c96fe56d44
Fix copypasta, thanks tests
2017-02-16 01:32:39 -05:00
817bec0955
Add Organization support to PKI backend. ( #2380 )
...
Fixes #2369
2017-02-16 01:04:29 -05:00
7f2717b74a
transit: change batch input format ( #2331 )
...
* transit: change batch input format
* transit: no json-in-json for batch response
* docs: transit: update batch input format
* transit: fix tests after changing response format
2017-02-06 14:56:16 -05:00
5fb28f53cb
Transit: Support batch encryption and decryption ( #2143 )
...
* Transit: Support batch encryption
* Address review feedback
* Make the normal flow go through as a batch request
* Transit: Error out if encryption fails during batch processing
* Transit: Infer the 'derived' parameter based on 'context' being set
* Transit: Batch encryption doc updates
* Transit: Return a JSON string instead of []byte
* Transit: Add batch encryption tests
* Remove plaintext empty check
* Added tests for batch encryption, more coming..
* Added more batch encryption tests
* Check for base64 decoding of plaintext before encrypting
* Transit: Support batch decryption
* Transit: Added tests for batch decryption
* Transit: Doc update for batch decryption
* Transit: Sync the path-help and website docs for decrypt endpoint
* Add batch processing for rewrap
* transit: input validation for context
* transit: add rewrap batch option to docs
* Remove unnecessary variables from test
* transit: Added tests for rewrap use cases
* Address review feedback
* Address review feedback
* Address review feedback
* transit: move input checking out of critical path
* transit: allow empty plaintexts for batch encryption
* transit: use common structs for batch processing
* transit: avoid duplicate creation of structs; add omitempty to response structs
* transit: address review feedback
* transit: fix tests
* address review feedback
* transit: fix tests
* transit: rewrap encrypt user error should not error out
* transit: error out for internal errors
2017-02-02 14:24:20 -05:00
47274eca88
Add cleanup functions to multiple DB backends. ( #2313 )
...
Ensure it's called on unmount, not just for seal.
2017-02-01 14:05:25 -05:00
f1a5a858d3
Make export errors a bit more meaningful
2017-01-30 09:25:50 -05:00
2e15dc93df
Have transit exporting return the same structure regardless of one key or many
2017-01-28 10:37:35 -05:00
e788780709
Migrate cassandra test from acceptance to dockertest ( #2295 )
2017-01-25 15:37:55 -05:00
f43a041bf2
Revert "Disable PKI OU tests to fix the build"
...
This reverts commit b1ab7c5603180af9073caab1b3022ca438dc12be.
2017-01-24 09:58:28 -05:00
c8b6ab7223
Disable PKI OU tests to fix the build
2017-01-24 06:25:56 -05:00
98df700495
allow roles to set OU value in certificates issued by the pki backend ( #2251 )
2017-01-23 12:44:45 -05:00
7568a212b1
Adding support for exportable transit keys ( #2133 )
2017-01-23 11:04:43 -05:00
fa7d61baa3
Merge pull request #2202 from fcantournet/fix_govet_fatalf
...
all: test: Fix govet warnings
2017-01-17 16:45:35 -05:00
cb8bbc4fbd
Transit key actions ( #2254 )
...
* add supports_* for transit key reads
* update transit docs with new supports_* fields
2017-01-11 10:05:06 -06:00
78dacc154a
sign-verbatim should set use_csr_common_name to true ( #2243 )
2017-01-10 09:47:59 -05:00
80dc5819d3
Use dockertest.v2 ( #2247 )
...
New dockertest has a totally different API and will require some serious
refactoring. This will tide over until then by pinning the API version.
2017-01-09 13:46:54 -05:00
103b7ceab2
all: test: Fix govet warnings
...
Fix calls to t.Fatal() with formatting.
Fixed some calls to Fatalf() with wrong formatting
2016-12-21 19:44:07 +01:00
1816446f46
Address review feedback
2016-12-20 11:19:47 -05:00
b3e323bbcc
pki: Avoiding a storage read
2016-12-20 11:07:20 -05:00
2e23f1a992
pki: Appended error to error message
2016-12-19 10:49:32 -05:00
ba1cc709bd
PKI: Added error to the error message
2016-12-19 10:47:29 -05:00
bb54bd40f6
normalize some capitlization in error messages
2016-12-15 19:02:33 -05:00
6ee61af87f
Fix nil value panic when Consul returns a user error ( #2145 )
2016-12-01 10:22:32 -08:00
ba3dc07bb3
Fix typo and remove trailing whitespace. ( #2074 )
2016-11-08 09:32:23 -05:00
26fa2655b1
Add listing to Consul secret roles ( #2065 )
2016-11-04 12:35:16 -04:00
dc93e57cf1
Return the revocation_sql from role read all the time
2016-10-27 12:24:31 -04:00
e0fb8c17ce
Added revocation_sql to the website docs
2016-10-27 12:15:08 -04:00
c14a6c8666
Move policy test to keysutil package
2016-10-26 19:57:28 -04:00
6d1e1a3ba5
Pulled out transit's lock manager and policy structs into a helper
2016-10-26 19:52:31 -04:00
931c96d1ba
ssh: Use temporary file to store the identity file
2016-10-18 12:50:12 -04:00
4b6e82afcb
Add ability to list keys in transit backend ( #1987 )
2016-10-18 10:13:01 -04:00
5ce9737eb4
address feedback
2016-10-10 12:16:55 -04:00
e5a7e3d6cb
initial commit to fix empty consistency option issue
2016-10-08 20:22:26 -04:00
70a9fc47b4
Don't use quoted identifier for the username
2016-10-05 14:31:19 -04:00
7f9a88d8db
Postgres revocation sql, beta mode ( #1972 )
2016-10-05 13:52:59 -04:00
de5dec6b15
Refactor mysql's revoke SQL
2016-10-04 19:30:25 -04:00
1ab7023483
Merge pull request #1914 from jpweber/mysql-revoke
...
Mysql revoke with non-wildcard hosts
2016-10-04 17:44:15 -04:00
87f206b536
removed an unused ok variable. Added warning and force use for default queries if role is nil
2016-10-04 17:15:29 -04:00
cc38f3253a
fixed an incorrect assignment
2016-10-03 21:51:40 -04:00
ac78ddc178
More resilient around cases of missing role names and using the default when needed.
2016-10-03 20:20:00 -04:00
0a7f1089ca
Refactored logic some to make sure we can always fall back to default revoke statments
...
Changed rolename to role
made default sql revoke statments a const
2016-10-03 15:59:56 -04:00
704fccaf2e
fixed some more issues I had with the tests.
2016-10-03 15:58:09 -04:00
a2d6624a69
renamed rolname to role
2016-10-03 15:57:47 -04:00
bfb0c2d3ff
Reduced duplicated code and fixed comments and simple variable name mistakes
2016-10-03 14:53:05 -04:00
bb70ecc5a7
Added test for revoking mysql user with wild card host and non-wildcard host
2016-10-02 22:28:54 -04:00
dbb00534d9
saving role name to the Secret Internal data. Default revoke query added
...
The rolename is now saved to the secret internal data for fetching
later during the user revocation process. No longer deriving the role
name from request path
Added support for default revoke SQL statements that will provide the
same functionality as before. If not revoke SQL statements are provided
the default statements are used.
Cleaned up personal ignores from the .gitignore file
2016-10-02 18:53:16 -04:00
f0203741ff
Change default TTL from 30 to 32 to accommodate monthly operations ( #1942 )
2016-09-28 18:32:49 -04:00
010293ccc3
Merge pull request #1931 from hashicorp/cass-consistency
...
Adding consistency into cassandra
2016-09-27 21:12:02 -04:00
d235acf809
Adding support for chained intermediate CAs in pki backend ( #1694 )
2016-09-27 17:50:17 -07:00
5ac43873c4
minor updates
2016-09-27 20:35:11 -04:00
e14fe05c13
added parsing at role creation
2016-09-27 16:01:51 -04:00
4938aa56bf
initial commit for consistency added into cassandra
2016-09-27 13:25:18 -04:00
b1ee56a15b
Merge pull request #1910 from hashicorp/secret-id-cidr-list
...
CIDR restrictions on Secret ID
2016-09-26 10:22:48 -04:00
e0ea497cfe
Getting role name from the creds path used in revocation
2016-09-23 16:57:08 -04:00
8709406eb3
secretCredsRevoke command no longer uses hardcoded query
...
The removal of a user from the db is now handled similar to the
creation. The SQL is read out of a key from the role and then executed
with values substituted for username.
2016-09-23 16:05:49 -04:00
1bed6bfc2c
Added support for a revokeSQL key value pair to the role
2016-09-23 16:00:23 -04:00
6bf871995b
Don't use time.Time in responses. ( #1912 )
...
This fixes #1911 but not directly; it doesn't address the cause of the
panic. However, it turns out that this is the correct fix anyways,
because it ensures that the value being logged is RFC3339 format, which
is what the time turns into in JSON but not the normal time string
value, so what we audit log (and HMAC) matches what we are returning.
2016-09-23 12:32:07 -04:00
c26754000b
Fix ssh tests
2016-09-22 11:37:55 -04:00
93604e1e2e
Added cidrutil helper
2016-09-21 13:58:32 -04:00
676e7e0f07
Ensure upgrades have a valid HMAC key
2016-09-21 11:10:57 -04:00
0ff76e16d2
Transit and audit enhancements
2016-09-21 10:49:26 -04:00
5c241d31e7
Renaming ttl_max -> max_ttl in mssql backend ( #1905 )
2016-09-20 12:39:02 -04:00
897d3c6d2c
Rename GetOctalFormatted and add serial number to ParsedCertBundle. Basically a noop.
2016-09-16 11:05:43 -04:00
197c7eae5f
Allow encrypting empty ciphertext values. ( #1881 )
...
Replaces #1874
2016-09-13 12:00:04 -04:00
b599948e1c
Use uuid.GenerateRandomBytes
2016-09-09 14:17:09 -04:00
127f61473b
Not exposing structs from the backend's package
2016-09-01 11:57:28 -04:00
1db0544b7a
Use unexported kdf const names
2016-08-31 07:19:58 -04:00
d2239d22d9
Use hkdf for transit key derivation for new keys ( #1812 )
...
Use hkdf for transit key derivation for new keys
2016-08-30 16:29:09 -04:00
9dbc97028b
STS path field description update
2016-08-30 10:53:21 -04:00
0b07ec7303
Added UpdateOperation to logical AWS STS path
2016-08-30 10:30:13 -04:00
cdd1d96a64
Merge pull request #1804 from hashicorp/issue-1800
...
Mark STS secrets as non-renwable
2016-08-29 11:46:19 -04:00
8612b6139e
Fixes #1801 Reuse Cassandra session object for create creds ( #1802 )
2016-08-28 17:32:41 -04:00
f0537572a8
Mark STS secrets as non-renwable
...
Ping #1800
2016-08-28 14:27:56 -04:00
0b113f7916
Derive nonce fully in convergent mode ( #1796 )
...
Ping #1794
2016-08-26 17:01:56 -04:00
2f5876dfe9
Use key derivation for convergent nonce. ( #1794 )
...
Use key derivation for convergent nonce.
Fixes #1792
2016-08-26 14:11:03 -04:00
28739f3528
Decode secret internal data into struct and fix type assertion. ( #1781 )
2016-08-24 15:04:04 -04:00
58b32e5432
Convert to logxi
2016-08-21 18:13:37 -04:00
2860dcc60f
gofmt
2016-08-19 16:48:32 -04:00
86874def5c
Parameter change
...
Both revocation times are UTC so clarify via parameter name that it's just a formatting difference. Also leave as a time.Time here, as it automatically marshals into RFC3339.
2016-08-14 21:43:57 -04:00
39cfd116b6
Cleanup
2016-08-13 11:52:09 -04:00
1b8711e7b7
Ensure utc value is not zero before adding
2016-08-13 11:50:57 -04:00
d6d08250ff
Ensure values to be encoded in a CRL are in UTC. This aligns with the
...
RFC. You might expect Go to ensure this in the CRL generation call,
but...it doesn't.
Fixes #1727
2016-08-13 08:40:09 -04:00
b69ed7ea93
Fix build
2016-08-08 17:00:59 -04:00
7f6c58b807
Address review feedback
2016-08-08 16:30:48 -04:00
606ba64e23
Remove context-as-nonce, add docs, and properly support datakey
2016-08-07 15:53:40 -04:00
1976bc0534
Add unit tests for convergence in non-context mode
2016-08-07 15:16:36 -04:00
8b1d47037e
Refactor convergent encryption to make specifying a nonce in addition to context possible
2016-08-05 17:52:44 -04:00
0b73c2ff9a
Fix PKI logical backend email alt_names
2016-08-04 12:10:34 +02:00
58e9cbbfc6
Add postgres test for block statements
2016-08-03 15:34:50 -04:00
9e204bd88c
Add arbitrary string slice parsing.
...
Like the KV function, this supports either separated strings or JSON
strings, base64-encoded or not.
Fixes #1619 in theory.
2016-08-03 14:24:16 -04:00
cff7aada7a
Fix invalid input getting marked as internal error
2016-07-28 16:23:11 -04:00
e0c5f5f5fa
Add convergence tests to transit backend
2016-07-28 11:30:52 -04:00
559b0a5006
Merge pull request #1635 from hashicorp/mysql-idle-conns
...
Added maximum idle connections to mysql to close hashicorp/vault#1616
2016-07-20 15:31:37 -04:00
b558c35943
Set defaults to handle upgrade cases.
...
Ping #1604
2016-07-20 14:07:19 -04:00
f2b6569b0b
Merge pull request #1604 from memory/mysql-displayname-2
...
concat role name and token displayname to form mysql username
2016-07-20 14:02:17 -04:00
ea294f1d27
use both role name and token display name to form mysql username
2016-07-20 10:17:00 -07:00
e6bf4fa489
whitespace error corrected
2016-07-20 12:00:05 -04:00
0483457ad2
respond to feedback from @vishalnayak
...
- split out usernameLength and displaynameLength truncation values,
as they are different things
- fetch username and displayname lengths from the role, not from
the request parameters
- add appropriate defaults for username and displayname lengths
2016-07-20 06:36:51 -07:00
7cdb8a28bc
max_idle_connections added
2016-07-20 09:26:26 -04:00
03c7eb7d18
initial commit before rebase to stay current with master
2016-07-19 14:18:37 -04:00
30ca541f99
Merge pull request #1414 from mhurne/mongodb-secret-backend
...
Add mongodb secret backend
2016-07-19 13:56:15 -04:00
3334b22993
Some minor linting
2016-07-19 13:54:18 -04:00
0f9ee8fbed
Merge branch 'master' into mongodb-secret-backend
2016-07-19 12:47:58 -04:00
072c5bc915
mongodb secret backend: Remove redundant type declarations
2016-07-19 12:35:14 -04:00
c7d42cb112
mongodb secret backend: Fix broken tests, clean up unused parameters
2016-07-19 12:26:23 -04:00
fbb04349b5
Merge pull request #1629 from hashicorp/remove-verify-connection
...
Remove unused VerifyConnection from storage entries of SQL backends
2016-07-19 12:21:23 -04:00
8a1bb1626a
Merge pull request #1583 from hashicorp/ssh-allowed-roles
...
Add allowed_roles to ssh-helper-config and return role name from verify call
2016-07-19 12:04:12 -04:00
Nicolas Corrarello