luxolus/open-vault
2
0
Fork 0
Code Issues 1 Pull requests Releases Activity
4679 commits 1 branch 0 tags 214 MiB
Commit graph

984 commits

Author SHA1 Message Date
Jeff Mitchell 6d00f0c483 Adds HUP support for audit log files to close and reopen. (#1953) 
Adds HUP support for audit log files to close and reopen. This makes it
much easier to deal with normal log rotation methods.

As part of testing this I noticed that HUP and other items that come out
of command/server.go are going to stderr, which is where our normal log
lines go. This isn't so much problematic with our normal output but as
we officially move to supporting other formats this can cause
interleaving issues, so I moved those to stdout instead.
 2016-09-30 12:04:50 -07:00
Vishal Nayak 4c74b646fe Merge pull request #1947 from hashicorp/secret-id-lookup-delete 
Introduce lookup and destroy endpoints for secret IDs and its accessors
 2016-09-29 10:19:54 -04:00
vishalnayak 34e76f8b41 Added website docs for lookup and destroy APIs 2016-09-28 22:11:48 -04:00
vishalnayak d20819949c Make secret-id reading and deleting, a POST op instead of GET 2016-09-28 20:22:37 -04:00
Michael S. Fischer 2dd1f584e6 Update documentation for required AWS API permissions 
In order for Vault to map IAM instance profiles to roles, Vault
must query the 'iam:GetInstanceProfile' API, so update the documentation
and help to include the additional permissions needed.
 2016-09-28 16:50:20 -07:00
Jeff Mitchell f0203741ff Change default TTL from 30 to 32 to accommodate monthly operations (#1942) 2016-09-28 18:32:49 -04:00
Vishal Nayak 5adfaa0d7d Merge pull request #1939 from hashicorp/secret-id-upgrade 
Respond secret_id_num_uses and deprecate SecretIDNumUses
 2016-09-28 18:16:07 -04:00
vishalnayak e9142f418a Added todo to remind removal of upgrade code 2016-09-28 18:17:13 -04:00
vishalnayak e01f99f042 Check for prefix match instead of exact match for IAM bound parameters 2016-09-28 18:08:28 -04:00
vishalnayak 21d9731286 Don't reset the deprecated value yet 2016-09-28 15:48:50 -04:00
Vishal Nayak 4a30a6b4f8 Merge pull request #1913 from hashicorp/bound-iam-instance-profile-arn 
Proper naming for bound_iam_instance_profile_arn
 2016-09-28 15:34:56 -04:00
vishalnayak 31e450a175 Add some validation checks 2016-09-28 15:36:02 -04:00
vishalnayak 9eabf75f5f Fix the misplaced response warning 2016-09-28 14:20:03 -04:00
vishalnayak a2338f5970 Added testcase to check secret_id_num_uses 2016-09-28 13:58:53 -04:00
vishalnayak ba1d238f9b Pull out reading and storing of secret ID into separate functions and handle upgrade properly 2016-09-28 12:42:26 -04:00
Laura Bennett 010293ccc3 Merge pull request #1931 from hashicorp/cass-consistency 
Adding consistency into cassandra
 2016-09-27 21:12:02 -04:00
Chris Hoffman d235acf809 Adding support for chained intermediate CAs in pki backend (#1694) 2016-09-27 17:50:17 -07:00
Laura Bennett 5ac43873c4 minor updates 2016-09-27 20:35:11 -04:00
Laura Bennett e14fe05c13 added parsing at role creation 2016-09-27 16:01:51 -04:00
Laura Bennett 4938aa56bf initial commit for consistency added into cassandra 2016-09-27 13:25:18 -04:00
Mikhail Zholobov 5eff59c410
Fix "SecretIDNumUses" in AppRole auth backend 
There was a typo.
 2016-09-27 17:26:52 +03:00
Vishal Nayak b1ee56a15b Merge pull request #1910 from hashicorp/secret-id-cidr-list 
CIDR restrictions on Secret ID
 2016-09-26 10:22:48 -04:00
Vishal Nayak a4b119dc25 Merge pull request #1920 from legal90/fix-approle-delete 
Fix panic on deleting the AppRole which doesn't exist
 2016-09-26 10:05:33 -04:00
Mikhail Zholobov 3f77013004
Fix panic on deleting the AppRole which doesn't exist 
#pathRoleDelete should return silently if the specified  AppRole doesn't exist
Fixes GH-1919
 2016-09-26 16:55:08 +03:00
vishalnayak da5b5d3a8e Address review feedback from @jefferai 2016-09-26 09:53:24 -04:00
vishalnayak d080107a87 Update docs to contain bound_iam_role_arn 2016-09-26 09:37:38 -04:00
vishalnayak bf0b7f218e Implemented bound_iam_role_arn constraint 2016-09-23 21:35:36 -04:00
Jeff Mitchell 6bf871995b Don't use time.Time in responses. (#1912) 
This fixes #1911 but not directly; it doesn't address the cause of the
panic. However, it turns out that this is the correct fix anyways,
because it ensures that the value being logged is RFC3339 format, which
is what the time turns into in JSON but not the normal time string
value, so what we audit log (and HMAC) matches what we are returning.
 2016-09-23 12:32:07 -04:00
vishalnayak e0c41f02c8 Fix incorrect naming of bound_iam_instance_profile_arn 2016-09-23 11:22:23 -04:00
vishalnayak c26754000b Fix ssh tests 2016-09-22 11:37:55 -04:00
vishalnayak aaadd4ad97 Store the CIDR list in the secret ID storage entry. 
Use the stored information to validate the source address and credential issue time.
Correct the logic used to verify BoundCIDRList on the role.
Reverify the subset requirements between secret ID and role during credential issue time.
 2016-09-21 20:19:26 -04:00
vishalnayak 578b82acf5 Pass only valid inputs to validation methods 2016-09-21 15:44:54 -04:00
vishalnayak 93604e1e2e Added cidrutil helper 2016-09-21 13:58:32 -04:00
Jeff Mitchell 676e7e0f07 Ensure upgrades have a valid HMAC key 2016-09-21 11:10:57 -04:00
Jeff Mitchell 0ff76e16d2 Transit and audit enhancements 2016-09-21 10:49:26 -04:00
Chris Hoffman 5c241d31e7 Renaming ttl_max -> max_ttl in mssql backend (#1905) 2016-09-20 12:39:02 -04:00
Vishal Nayak 97dc0e9f64 Merge pull request #1897 from hashicorp/secret-id-accessor-locks 
Safely manipulate secret id accessors
 2016-09-19 11:37:38 -04:00
vishalnayak fefd3a6c0b s/GetOctalFormatted/GetHexFormatted 2016-09-16 17:47:15 -04:00
Jeff Mitchell 897d3c6d2c Rename GetOctalFormatted and add serial number to ParsedCertBundle. Basically a noop. 2016-09-16 11:05:43 -04:00
vishalnayak ba72e7887a Safely manipulate secret id accessors 2016-09-15 18:13:50 -04:00
Vishal Nayak 61664bc653 Merge pull request #1886 from hashicorp/approle-upgrade-notes 
upgrade notes entry for approle constraint and warning on role read
 2016-09-15 12:14:01 -04:00
vishalnayak 5597156886 check for nil role 2016-09-15 12:10:40 -04:00
vishalnayak 92986bb2a0 Address review feedback 2016-09-15 11:41:52 -04:00
vishalnayak a1de742dce s/disableReauthenticationNonce/reauthentication-disabled-nonce 2016-09-15 11:29:02 -04:00
vishalnayak 9bca127631 Updated docs with nonce usage 2016-09-14 19:31:09 -04:00
vishalnayak 857f921d76 Added comment 2016-09-14 18:27:35 -04:00
vishalnayak 39796e8801 Disable reauthentication if nonce is explicitly set to empty 2016-09-14 17:58:00 -04:00
vishalnayak d0e4d77fce address review feedback 2016-09-14 14:28:02 -04:00
vishalnayak d7ce69c5eb Remove the client nonce being empty check 2016-09-14 14:28:02 -04:00
vishalnayak 53c919b1d0 Generate the nonce by default 2016-09-14 14:28:02 -04:00