Commit graph

207 commits

Author SHA1 Message Date
Brian Kassouf 62d59e5f4e Move plugin code into sub directory 2017-04-06 12:20:10 -07:00
Brian Kassouf 2e23cf58b8 Add postgres builtin plugin 2017-04-05 17:19:29 -07:00
Brian Kassouf ca2c3d0c53 Refactor to use builtin plugins from an external repo 2017-04-05 16:20:31 -07:00
Brian Kassouf b071144c67 move builtin plugins list to the pluginutil 2017-04-05 11:00:13 -07:00
Brian Kassouf e8781b6a2b Plugin catalog 2017-04-03 17:52:29 -07:00
Brian Kassouf c50a6ebc39 Add functionaility to build db objects from disk so restarts work 2017-03-28 11:30:45 -07:00
Brian Kassouf 29ae4602dc More work on getting tests to pass 2017-03-23 15:54:15 -07:00
Brian Kassouf d453008dea Update the name of PluginUnwrapTokenEnv 2017-03-16 14:17:44 -07:00
Brian Kassouf f2df4ef0e7 Comment and slight refactor of the TLS plugin helper 2017-03-16 14:14:49 -07:00
Brian Kassouf 0a52ea5c69 Break tls code into helper library 2017-03-16 11:55:21 -07:00
Jeff Mitchell b1c2a930fe Clean up request forwarding logic 2017-03-01 18:17:06 -05:00
Jeff Mitchell eec66eaa3c Have duration.ParseDurationSecond handle json.Number 2017-03-01 08:32:05 -05:00
Jeff Mitchell 7f0a99e8eb Add max/min wrapping TTL ACL statements (#2411) 2017-02-27 14:42:00 -05:00
Saj Goonatilleke 01f3056b8b pki: Include private_key_type on DER-formatted responses from /pki/issue/ (#2405) 2017-02-24 11:17:59 -05:00
Jeff Mitchell c81582fea0 More porting from rep (#2388)
* More porting from rep

* Address review feedback
2017-02-16 16:29:30 -05:00
Jeff Mitchell 0c39b613c8 Port some replication bits to OSS (#2386) 2017-02-16 15:15:02 -05:00
Jeff Mitchell 0a9a6d3343 Move ReplicationState to consts 2017-02-16 13:37:21 -05:00
Brian Kassouf 13ec9c5dbf Load leases into the expiration manager in parallel (#2370)
* Add a benchmark for exiration.Restore

* Add benchmarks for consul Restore functions

* Add a parallel version of expiration.Restore

* remove debug code

* Up the MaxIdleConnsPerHost

* Add tests for etcd

* Return errors and ensure go routines are exited

* Refactor inmem benchmark

* Add s3 bench and refactor a bit

* Few tweaks

* Fix race with waitgroup.Add()

* Fix waitgroup race condition

* Move wait above the info log

* Add helper/consts package to store consts that are needed in cyclic packages

* Remove not used benchmarks
2017-02-16 10:16:06 -08:00
Vishal Nayak eb4ef0f6e0 cidrutil: added test data points (#2378) 2017-02-16 00:51:02 -05:00
Jeff Mitchell 6c02e9357a Update protos 2017-02-02 16:20:32 -05:00
Roman Vynar 85eceef188
Fix cipher preferred order 2017-01-24 09:29:57 +02:00
Jeff Mitchell 42894754a6 Remove comments destined to be outdated 2017-01-23 13:49:15 -05:00
Roman Vynar 1615280efa Added tls_cipher_suites, tls_prefer_server_ciphers config options to listener (#2293) 2017-01-23 13:48:35 -05:00
joe miller 98df700495 allow roles to set OU value in certificates issued by the pki backend (#2251) 2017-01-23 12:44:45 -05:00
Chris Hoffman 7568a212b1 Adding support for exportable transit keys (#2133) 2017-01-23 11:04:43 -05:00
vishalnayak c9bd2a37f8 Don't sanitize disallowed_policies on token role 2017-01-17 21:34:14 -05:00
Félix Cantournet 103b7ceab2 all: test: Fix govet warnings
Fix calls to t.Fatal() with formatting.
Fixed some calls to Fatalf() with wrong formatting
2016-12-21 19:44:07 +01:00
Brian Nuszkowski 98a6e0fea3 Add Duo pushinfo capabilities (#2118) 2016-12-19 15:37:44 -05:00
Vishal Nayak 8400b87473 Don't add default policy to child token if parent does not have it (#2164) 2016-12-16 00:36:39 -05:00
Jeff Mitchell fc81a301b8 Don't say mlock is supported on OSX when it isn't. (#2120)
Fixes #2119
2016-11-22 12:56:36 -05:00
Jeff Mitchell ee29b329fb Bump proto files after update 2016-11-17 10:06:26 -05:00
vishalnayak ac9304e660 Remove the methods introduced to make the tests work from its older package 2016-10-26 20:03:51 -04:00
vishalnayak c14a6c8666 Move policy test to keysutil package 2016-10-26 19:57:28 -04:00
vishalnayak 6d1e1a3ba5 Pulled out transit's lock manager and policy structs into a helper 2016-10-26 19:52:31 -04:00
vishalnayak 69df3fb95e Added a few checks to the CIDR Subset checking util 2016-09-28 14:04:02 -04:00
Chris Hoffman d235acf809 Adding support for chained intermediate CAs in pki backend (#1694) 2016-09-27 17:50:17 -07:00
Vishal Nayak b1ee56a15b Merge pull request #1910 from hashicorp/secret-id-cidr-list
CIDR restrictions on Secret ID
2016-09-26 10:22:48 -04:00
Jeff Mitchell 72b9c4c649 Fix parsing env var, needed to be in the helper too 2016-09-23 13:20:26 -04:00
vishalnayak a31f9bb0e9 Fix zeroAddr check 2016-09-23 12:50:26 -04:00
vishalnayak f560e20b28 Address review feedback 2016-09-22 18:07:35 -04:00
vishalnayak 07b1b244d6 Use net.IPv4zero to check for zero address 2016-09-21 20:29:33 -04:00
vishalnayak aaadd4ad97 Store the CIDR list in the secret ID storage entry.
Use the stored information to validate the source address and credential issue time.
Correct the logic used to verify BoundCIDRList on the role.
Reverify the subset requirements between secret ID and role during credential issue time.
2016-09-21 20:19:26 -04:00
vishalnayak 93604e1e2e Added cidrutil helper 2016-09-21 13:58:32 -04:00
Jeff Mitchell 0ff76e16d2 Transit and audit enhancements 2016-09-21 10:49:26 -04:00
Jeff Mitchell 897d3c6d2c Rename GetOctalFormatted and add serial number to ParsedCertBundle. Basically a noop. 2016-09-16 11:05:43 -04:00
Jeff Mitchell 1d6552c625 Update logging formatting 2016-09-01 16:14:21 -04:00
vishalnayak cdcfa4572f Address review feedback 2016-08-30 16:36:58 -04:00
Jeff Mitchell 7e41d5ab45 Pass headers back when request forwarding (#1795) 2016-08-26 17:53:47 -04:00
Jeff Mitchell 58b32e5432 Convert to logxi 2016-08-21 18:13:37 -04:00
Jeff Mitchell 2860dcc60f gofmt 2016-08-19 16:48:32 -04:00