Commit graph

601 commits

Author SHA1 Message Date
vishalnayak 9147f99c43 Remove unused param from checkForValidChain 2016-05-12 15:07:10 -04:00
vishalnayak 85d9523f98 Perform CRL checking for non-CA registered certs 2016-05-12 14:37:07 -04:00
Jeff Mitchell d899f9d411 Don't revoke CA certificates with leases. 2016-05-09 19:53:28 -04:00
Jeff Mitchell d77563994c Merge pull request #1346 from hashicorp/disable-all-caches
Disable all caches
2016-05-07 16:33:45 -04:00
Jeff Mitchell b6b9cd6f1f Merge remote-tracking branch 'origin/master' into aws-cred-chain 2016-05-05 10:31:12 -04:00
vishalnayak 92fe94546c Split SanitizeTTL method to support time.Duration parameters as well 2016-05-05 09:45:48 -04:00
vishalnayak 4ede1d6f08 Add the steps to generate the CRL test's test-fixture files 2016-05-04 05:48:34 -04:00
Jeff Mitchell 1b0df1d46f Cleanups, add shared provider, ability to specify http client, and port S3 physical backend over 2016-05-03 17:01:02 -04:00
Jeff Mitchell 7fbe5d2eaa Region is required so error in awsutil if not set and set if empty in client code in logical/aws 2016-05-03 15:25:11 -04:00
Jeff Mitchell a244ef8a00 Refactor AWS credential code into a function that returns a static->env->instance chain 2016-05-03 15:10:35 -04:00
Jeff Mitchell 45a120f491 Switch our tri-copy ca loading code to go-rootcerts 2016-05-03 12:23:25 -04:00
Jeff Mitchell f21b88802f Add some more tests around deletion and fix upsert status returning 2016-05-03 00:19:18 -04:00
Jeff Mitchell 7e1bdbe924 Massively simplify lock handling based on feedback 2016-05-02 23:47:18 -04:00
Jeff Mitchell 7f3613cc6e Remove some deferring 2016-05-02 22:36:44 -04:00
Jeff Mitchell fa0d389a95 Change use-hint of lockAll and lockPolicy 2016-05-02 22:36:44 -04:00
Jeff Mitchell 49c56f05e8 Address review feedback 2016-05-02 22:36:44 -04:00
Jeff Mitchell 3e5391aa9c Switch to lockManager 2016-05-02 22:36:44 -04:00
Jeff Mitchell 08b91b776d Address feedback 2016-05-02 22:36:44 -04:00
Jeff Mitchell fedc8711a7 Fix up commenting and some minor tidbits 2016-05-02 22:36:44 -04:00
Jeff Mitchell fe1f56de40 Make a non-caching but still locking variant of transit for when caches are disabled 2016-05-02 22:36:44 -04:00
vishalnayak 57e8fcd8c2 Extend the expiry of test-fixture certs of Cert backend 2016-05-02 12:34:46 -04:00
Jeff Mitchell 3d1c88f315 Make GitHub org comparison case insensitive.
Fixes #1359
2016-05-02 00:18:31 -04:00
vishalnayak fde768125c Cert backend, CRL tests 2016-04-29 02:32:48 -04:00
Jeff Mitchell 30ba5b7887 Merge pull request #1291 from mmickan/ssh-keyinstall-perms
Ensure authorized_keys file is readable when uninstalling an ssh key
2016-04-25 14:00:37 -04:00
Adam Shannon fb07d07ad9 all: Cleanup from running go vet 2016-04-13 14:38:29 -05:00
vishalnayak 06eeaecef6 Skip acceptance tests if VAULT_ACC is not set 2016-04-11 20:00:15 -04:00
Jeff Mitchell d92b960f7a Add list support to userpass users. Remove some unneeded existence
checks. Remove paths from requiring root.

Fixes #911
2016-04-09 18:28:55 -04:00
vishalnayak e3a1ee92b5 Utility Enhancements 2016-04-05 20:32:59 -04:00
vishalnayak fd8b023655 s/TF_ACC/VAULT_ACC 2016-04-05 15:24:59 -04:00
vishalnayak 95abdebb06 Added AcceptanceTest boolean to logical.TestCase 2016-04-05 15:10:44 -04:00
Mark Mickan a55124f0b6 Ensure authorized_keys file is readable when uninstalling an ssh key
Without this change, if the user running the ssh key install script doesn't
have read access to the authorized_keys file when uninstalling a key, all
keys will be deleted from the authorized_keys file.

Fixes GH #1285
2016-04-05 17:26:21 +09:30
Jeff Mitchell 7df3ec46b0 Some fixups around error/warning in LDAP 2016-04-02 13:33:00 -04:00
Jeff Mitchell 40325b8042 If no group DN is configured, still look for policies on local users and
return a warning, rather than just trying to do an LDAP search on an
empty string.
2016-04-02 13:11:36 -04:00
Jeff Mitchell 7fd5a679ca Fix potential error scoping issue.
Ping #1262
2016-03-30 19:48:23 -04:00
Jeff Mitchell 3cfcd4ddf1 Check for nil connection back from go-ldap, which apparently can happen even with no error
Ping #1262
2016-03-29 10:00:04 -04:00
Jeff Mitchell 17613f5fcf Removing debugging comment 2016-03-24 09:48:13 -04:00
Jeff Mitchell 4c4a65ebd0 Properly check for policy equivalency during renewal.
This introduces a function that compares two string policy sets while
ignoring the presence of "default" (since it's added by core, not the
backend), and ensuring that ordering and/or duplication are not failure
conditions.

Fixes #1256
2016-03-24 09:41:51 -04:00
Jeff Mitchell dfc5a745ee Remove check for using CSR values with non-CA certificate.
The endpoint enforces whether the certificate is a CA or not anyways, so
this ends up not actually providing benefit and causing a bug.

Fixes #1250
2016-03-23 10:05:38 -04:00
Jeff Mitchell 3e3621841d Merge pull request #1227 from hashicorp/issue-477
Don't renew cert-based tokens if the policies have changed.
2016-03-17 18:25:39 -04:00
Jeff Mitchell 1951a01998 Add ability to exclude adding the CN to SANs.
Fixes #1220
2016-03-17 16:28:40 -04:00
Jeff Mitchell a8dd6aa4f1 Don't renew cert-based tokens if the policies have changed.
Also, add cert renewal testing.

Fixes #477
2016-03-17 14:22:24 -04:00
Jeff Mitchell 77e4ee76bb Normalize userpass errors around bad user/pass 2016-03-16 15:19:55 -04:00
Jeff Mitchell 8a3f1ad13e Use 400 instead of 500 for failing to provide a userpass password. 2016-03-16 15:14:28 -04:00
Vishal Nayak 2c0c901eac Merge pull request #1216 from hashicorp/userpass-update
Userpass: Update the password and policies associated to user
2016-03-16 14:58:28 -04:00
vishalnayak f9b1fc3aa0 Add comments to existence functions 2016-03-16 14:53:53 -04:00
vishalnayak 1951159b25 Addessing review comments 2016-03-16 14:21:14 -04:00
vishalnayak 239ad4ad7e Refactor updating user values 2016-03-16 13:42:02 -04:00
vishalnayak 533b136fe7 Reduce the visibility of setUser 2016-03-16 11:39:52 -04:00
vishalnayak 2914ff7502 Use helper for existence check. Avoid panic by fetching default values for field data 2016-03-16 11:26:33 -04:00
Vishal Nayak 7db7b47fdd Merge pull request #1210 from hashicorp/audit-id-path
Rename id to path and path to file_path, print audit backend paths
2016-03-15 20:13:21 -04:00