Jeff Mitchell
6adee19987
Add approle role name to metadata ( #2985 )
2017-07-13 19:07:15 -04:00
Lars Lehtonen
3f0b15826a
Fix swallowed errors in builtin ( #2977 )
2017-07-07 08:23:12 -04:00
Jeff Mitchell
d25aa9fc21
Don't write salts in initialization, look up on demand ( #2702 )
2017-05-09 17:51:09 -04:00
Jeff Mitchell
6f6f242061
Add logic to skip initialization in some cases and some invalidation logic
2017-05-05 15:01:52 -04:00
Ben Gadbois
537342f038
Fixing printf (and similar) issues ( #2666 )
2017-05-01 23:34:10 -04:00
Chris Hoffman
847c86f788
Rename ParseDedupAndSortStrings to ParseDedupLowercaseAndSortStrings ( #2614 )
2017-04-19 10:39:07 -04:00
vishalnayak
049e086b07
Fix typo. Closes GH-2528
2017-04-04 12:29:18 -04:00
Jeff Mitchell
3d162b63cc
Use locks in a slice rather than a map, which is faster and makes things cleaner ( #2446 )
2017-03-07 11:21:32 -05:00
Vishal Nayak
491a56fe9f
AppRole: Support restricted use tokens ( #2435 )
...
* approle: added token_num_uses to the role
* approle: added RUD tests for token_num_uses on role
* approle: doc: added token_num_uses
2017-03-03 09:31:20 -05:00
Jeff Mitchell
c81582fea0
More porting from rep ( #2388 )
...
* More porting from rep
* Address review feedback
2017-02-16 16:29:30 -05:00
Vishal Nayak
eb4ef0f6e0
cidrutil: added test data points ( #2378 )
2017-02-16 00:51:02 -05:00
Vishal Nayak
14fcc4b6eb
approle: secret-id listing lock sanity check ( #2315 )
...
* approle: secret-id listing lock sanity
* Skip processing an empty secretIDHMAC item during the iteration
* approle: use dedicated lock for listing of secret-id-accessors
2017-02-01 18:13:49 -05:00
Félix Cantournet
103b7ceab2
all: test: Fix govet warnings
...
Fix calls to t.Fatal() with formatting.
Fixed some calls to Fatalf() with wrong formatting
2016-12-21 19:44:07 +01:00
Jeff Mitchell
890c19312f
Update path help for approle secret id TTL
2016-11-15 11:50:51 -05:00
vishalnayak
1487dce475
Fix regression caused by not creating a role_id secondary index
2016-10-14 12:56:29 -04:00
vishalnayak
34e76f8b41
Added website docs for lookup and destroy APIs
2016-09-28 22:11:48 -04:00
vishalnayak
d20819949c
Make secret-id reading and deleting, a POST op instead of GET
2016-09-28 20:22:37 -04:00
vishalnayak
e9142f418a
Added todo to remind removal of upgrade code
2016-09-28 18:17:13 -04:00
vishalnayak
21d9731286
Don't reset the deprecated value yet
2016-09-28 15:48:50 -04:00
vishalnayak
9eabf75f5f
Fix the misplaced response warning
2016-09-28 14:20:03 -04:00
vishalnayak
a2338f5970
Added testcase to check secret_id_num_uses
2016-09-28 13:58:53 -04:00
vishalnayak
ba1d238f9b
Pull out reading and storing of secret ID into separate functions and handle upgrade properly
2016-09-28 12:42:26 -04:00
Mikhail Zholobov
5eff59c410
Fix "SecretIDNumUses" in AppRole auth backend
...
There was a typo.
2016-09-27 17:26:52 +03:00
Vishal Nayak
b1ee56a15b
Merge pull request #1910 from hashicorp/secret-id-cidr-list
...
CIDR restrictions on Secret ID
2016-09-26 10:22:48 -04:00
Vishal Nayak
a4b119dc25
Merge pull request #1920 from legal90/fix-approle-delete
...
Fix panic on deleting the AppRole which doesn't exist
2016-09-26 10:05:33 -04:00
Mikhail Zholobov
3f77013004
Fix panic on deleting the AppRole which doesn't exist
...
#pathRoleDelete should return silently if the specified AppRole doesn't exist
Fixes GH-1919
2016-09-26 16:55:08 +03:00
vishalnayak
da5b5d3a8e
Address review feedback from @jefferai
2016-09-26 09:53:24 -04:00
Jeff Mitchell
6bf871995b
Don't use time.Time in responses. ( #1912 )
...
This fixes #1911 but not directly; it doesn't address the cause of the
panic. However, it turns out that this is the correct fix anyways,
because it ensures that the value being logged is RFC3339 format, which
is what the time turns into in JSON but not the normal time string
value, so what we audit log (and HMAC) matches what we are returning.
2016-09-23 12:32:07 -04:00
vishalnayak
aaadd4ad97
Store the CIDR list in the secret ID storage entry.
...
Use the stored information to validate the source address and credential issue time.
Correct the logic used to verify BoundCIDRList on the role.
Reverify the subset requirements between secret ID and role during credential issue time.
2016-09-21 20:19:26 -04:00
vishalnayak
578b82acf5
Pass only valid inputs to validation methods
2016-09-21 15:44:54 -04:00
vishalnayak
93604e1e2e
Added cidrutil helper
2016-09-21 13:58:32 -04:00
vishalnayak
ba72e7887a
Safely manipulate secret id accessors
2016-09-15 18:13:50 -04:00
vishalnayak
5597156886
check for nil role
2016-09-15 12:10:40 -04:00
vishalnayak
d2e66014ba
Address review feedback
2016-09-13 18:30:04 -04:00
vishalnayak
99a2655d8e
upgrade notes entry for approle constraint and warning on role read
2016-09-13 17:44:07 -04:00
vishalnayak
bef9c2ee61
Ensure at least one constraint on the role
2016-09-13 16:03:15 -04:00
vishalnayak
cdcfa4572f
Address review feedback
2016-08-30 16:36:58 -04:00
vishalnayak
29b9295673
approle: fix racy updates problem for roles
2016-08-30 16:11:14 -04:00
Jeff Mitchell
d1284944c3
Merge pull request #1755 from hashicorp/logxi
...
Convert to logxi
2016-08-21 19:28:18 -04:00
Jeff Mitchell
58b32e5432
Convert to logxi
2016-08-21 18:13:37 -04:00
vishalnayak
524ed6db37
Extract out common code
2016-08-21 15:46:11 -04:00
vishalnayak
dfe73733d5
Seperate endpoints for read/delete using secret-id and accessor
2016-08-21 14:42:49 -04:00
Jeff Mitchell
9e204bd88c
Add arbitrary string slice parsing.
...
Like the KV function, this supports either separated strings or JSON
strings, base64-encoded or not.
Fixes #1619 in theory.
2016-08-03 14:24:16 -04:00
Jeff Mitchell
c025b292b5
Cleanup
2016-08-03 13:09:12 -04:00
vishalnayak
a6907769b0
AppRole authentication backend
2016-07-26 09:32:41 -04:00