Commit graph

710 commits

Author SHA1 Message Date
Jeff Mitchell e01bce371d Merge pull request #1462 from hashicorp/enable-auth-rollbacks
Re-enable rollback triggers for auth backends
2016-05-27 15:01:35 -04:00
Jeff Mitchell 39fe3200e3 Return nil for pre-0.5.3 Consul tokens to avoid pathological behavior 2016-05-27 13:09:52 -04:00
Jeff Mitchell f035a320d0 Add test for renew/revoke to Consul secret backend 2016-05-27 11:27:53 -04:00
vishalnayak 1d94828e45 Re-enable rollback triggers for auth backends 2016-05-26 14:29:41 -04:00
Vishal Nayak 644ac5f5e8 Merge pull request #1456 from hashicorp/consul-lease-renewal
Fix the consul secret backends renewal revocation problem
2016-05-26 13:59:45 -04:00
vishalnayak cfd337d06a Fix broken cert backend test 2016-05-26 11:06:46 -04:00
Jeff Mitchell 05d1da0656 Add comment about the deletions 2016-05-26 10:33:35 -04:00
Jeff Mitchell ccfa8d0567 Remove deprecated entries from PKI role output.
Fixes #1452
2016-05-26 10:32:04 -04:00
vishalnayak c0e745dbfa s/logical.ErrorResponse/fmt.Errorf in renewal functions of credential backends 2016-05-26 10:21:03 -04:00
vishalnayak 2ca846b401 s/logical.ErrorResponse/fmt.Errorf in revocation functions of secrets 2016-05-26 10:04:11 -04:00
vishalnayak 70b8530962 Fix the consul secret backends renewal revocation problem 2016-05-25 23:24:16 -04:00
Jeff Mitchell 8f592f3442 Don't use pointers to int64 in function calls when not necessary 2016-05-19 12:26:02 -04:00
Jeff Mitchell a13807e759 Merge pull request #1318 from steve-jansen/aws-logical-assume-role
Add sts:AssumeRole support to the AWS secret backend
2016-05-19 12:17:27 -04:00
Jeff Mitchell 1bef0c3584 Merge pull request #1245 from LeonDaniel/master
Improved groups search for LDAP login
2016-05-19 12:13:29 -04:00
Jeff Mitchell 91b65a893e Merge pull request #1430 from hashicorp/issue-1428
Use Consul API client's DefaultNonPooledTransport.
2016-05-17 20:59:50 -04:00
Jeff Mitchell 86e078ff98 Use Consul API client's DefaultNonPooledTransport.
What we should probably do is create a client with a mutex and
invalidate it when parameters change rather than creating a client over
and over...that can be a TODO for later but for now this fix suffices.

Fixes #1428
2016-05-18 00:47:42 +00:00
vishalnayak 65801942cb Naming of the locked and nonLocked methods 2016-05-17 20:39:24 -04:00
Jeff Mitchell ed574d63fe Merge pull request #1416 from shomron/list_ldap_group_mappings
Support listing ldap group to policy mappings
2016-05-16 16:22:13 -04:00
Sean Chittenden 792950e16c Merge pull request #1417 from hashicorp/b-pki-expire-ttl-unset
Set entry's TTL before writing out the storage entry's config
2016-05-15 10:02:03 -07:00
Sean Chittenden 7a4b31ce51
Speling police 2016-05-15 09:58:36 -07:00
Sean Chittenden b0bba6d271
Store clamped TTLs back in the role's config 2016-05-15 08:13:56 -07:00
Sean Chittenden 539475714d
Set entry's TTL before writing out the storage entry's config 2016-05-15 07:06:33 -07:00
Oren Shomron b8840ab9eb Support listing ldap group to policy mappings (Fixes #1270) 2016-05-14 20:00:40 -04:00
Vishal Nayak 53fc941761 Merge pull request #1300 from hashicorp/aws-auth-backend
AWS EC2 instances authentication backend
2016-05-14 19:42:03 -04:00
vishalnayak 4122ed860b Rename 'role_name' to 'role' 2016-05-13 14:31:13 -04:00
vishalnayak 9147f99c43 Remove unused param from checkForValidChain 2016-05-12 15:07:10 -04:00
vishalnayak 85d9523f98 Perform CRL checking for non-CA registered certs 2016-05-12 14:37:07 -04:00
vishalnayak be88306f92 Name the files based on changed path patterns 2016-05-12 11:52:07 -04:00
vishalnayak 7e8a2d55d0 Update docs and path names to the new patterns 2016-05-12 11:45:10 -04:00
vishalnayak ddcaf26396 Merge branch 'master-oss' into aws-auth-backend 2016-05-10 14:50:00 -04:00
vishalnayak d09748a135 Fix the acceptance tests 2016-05-09 22:07:51 -04:00
vishalnayak 95f3f08d29 Call client config internal from the locking method 2016-05-09 21:01:57 -04:00
Jeff Mitchell d899f9d411 Don't revoke CA certificates with leases. 2016-05-09 19:53:28 -04:00
Jeff Mitchell 4549625367 Update client code to use internal entry fetching 2016-05-09 23:26:00 +00:00
Jeff Mitchell d77563994c Merge pull request #1346 from hashicorp/disable-all-caches
Disable all caches
2016-05-07 16:33:45 -04:00
Steve Jansen 597d59962c Adds sts:AssumeRole support to the AWS secret backend
Support use cases where you want to provision STS tokens
using Vault, but, you need to call AWS APIs that are blocked
for federated tokens.  For example, STS federated tokens cannot
invoke IAM APIs, such as  Terraform scripts containing
`aws_iam_*` resources.
2016-05-05 23:32:41 -04:00
Jeff Mitchell c16b0a4f41 Switch whitelist to use longest max TTL 2016-05-05 20:44:48 -04:00
Jeff Mitchell 7a6c76289a Role tag updates 2016-05-05 15:32:14 -04:00
Jeff Mitchell b58ad615f2 Fix HMAC being overwritten. Also some documentation, and add a lock to role operations 2016-05-05 14:51:09 -04:00
Jeff Mitchell 0eddeb5c94 Guard tidy functions 2016-05-05 14:28:46 -04:00
Jeff Mitchell 2d4c390f87 More updates to mutexes and adjust blacklisted roletag default safety buffer 2016-05-05 14:12:22 -04:00
Jeff Mitchell 8fef6e3ac0 Rename identity whitelist and roletag blacklist api endpoints 2016-05-05 13:34:50 -04:00
Jeff Mitchell c69ba40d05 Move some mutexes around 2016-05-05 12:53:27 -04:00
Jeff Mitchell f689e4712d Update some mutexes in client config 2016-05-05 12:44:40 -04:00
Jeff Mitchell c15c227774 Fall back to non-base64 cert if it can't be decoded (it's checked later anyways) 2016-05-05 11:36:28 -04:00
Jeff Mitchell 25913fb18c Update commenting 2016-05-05 11:22:36 -04:00
Jeff Mitchell 15cbcedf1f Make the roletag blacklist the longest duration, not least 2016-05-05 11:00:41 -04:00
Jeff Mitchell e45d6c1120 Switch client code to shared awsutil code 2016-05-05 10:40:49 -04:00
Jeff Mitchell 4600ca8073 Merge branch 'master-oss' into aws-auth-backend 2016-05-05 10:36:06 -04:00
Jeff Mitchell b6b9cd6f1f Merge remote-tracking branch 'origin/master' into aws-cred-chain 2016-05-05 10:31:12 -04:00