Alex Ionescu
7c31dacea2
Custom extended key usage for PKI. ( #4667 )
...
Custom extended key usage for PKI
2018-06-01 09:13:54 -04:00
Jeff Mitchell
c4b53bc805
Block travis from running ldap tests as the test server is often failing
2018-05-30 08:46:25 -04:00
Brian Kassouf
893d874291
Update proto files ( #4651 )
2018-05-29 18:23:51 -04:00
Jeff Mitchell
244cb0bf9a
Ensure safety_buffer in PKI is greater than zero ( #4643 )
...
Fixes #4641
2018-05-28 12:08:22 -04:00
Jeff Mitchell
3e95305efa
Fix mistaken extra Period value
2018-05-25 11:54:36 -04:00
Nicholas Jackson
17460461a0
Breakout parameters for x.509 certificate login ( #4463 )
2018-05-25 10:34:46 -04:00
Becca Petrin
4c1d8013f3
move fields and field parsing to helper ( #4603 )
2018-05-21 17:04:26 -07:00
Becca Petrin
fb04064967
Restrict userpass logins & tokens by CIDR ( #4557 )
2018-05-21 11:47:28 -07:00
Jeff Mitchell
72200603c6
Fix role writing not allowing key_type of any ( #4596 )
...
Fixes #4595
2018-05-19 10:24:43 -07:00
Becca Petrin
910925457f
Move LDAP client and config code to helper ( #4532 )
2018-05-10 14:12:42 -07:00
Becca Petrin
e4656c1264
Shorten code by using ParseAddrs ( #4546 )
2018-05-10 13:21:55 -07:00
Becca Petrin
76c717b081
Restrict cert auth by CIDR ( #4478 )
2018-05-09 15:39:55 -07:00
Jeff Mitchell
072cd783b5
Fix another PKI test
2018-05-09 12:51:34 -04:00
Jeff Mitchell
573b403b5e
Fix PKI test
2018-05-09 12:47:00 -04:00
Jeff Mitchell
e5f4ca83a0
Update PKI to natively use time.Duration ( #4493 )
...
* Update PKI to natively use time.Duration
Among other things this now means PKI will output durations in seconds
like other backends, instead of as Go strings.
* Add a warning when refusing to blow away an existing root instead of just returning success
* Fix another issue found while debugging this...
The reason it wasn't caught on tests in the first place is that the ttl
and max ttl were only being compared if in addition to a provided csr, a
role was also provided. This was because the check was in the role !=
nil block instead of outside of it. This has been fixed, which made the
problem occur in all sign-verbatim cases and the changes in this PR have
now verified the fix.
2018-05-09 10:29:54 -04:00
Vishal Nayak
df8484f7af
approle: Make invalid role_id a 400 error instead of 500 ( #4470 )
...
* make invalid role_id a 400 error
* remove single-use validateCredentials function
* remove single-use validateBindSecretID function
* adjust the error message for CIDR check failure
* locking updates as review feedback
2018-05-04 10:15:16 -04:00
Jeff Mitchell
b1d44a7dee
Fix alias data being used for cert auth (serial number -> common name) ( #4495 )
...
Fixes #4475
2018-05-04 10:08:23 -04:00
Jeff Mitchell
c0ed57feae
Revert "proto changes ( #4503 )" ( #4504 )
...
This reverts commit 14594bd76e04ff09c442738800be5fdebc45512f.
2018-05-03 15:38:53 -04:00
Vishal Nayak
7549ea0d12
proto changes ( #4503 )
2018-05-03 15:23:14 -04:00
Becca Petrin
d51acbde68
New proto version ( #4501 )
2018-05-03 10:19:39 -07:00
Robison Jacka
b78b9c7ebf
Iterating over CSR extensions, and skipping BasicConstraints, since those should be defined by the endpoint that's performing the signing. ( #4469 )
2018-05-01 11:22:49 -04:00
Calvin Leung Huang
44b44f7f54
Early skip mssql test if not on acceptance, defer Teardown() early in testing.Test ( #4457 )
2018-04-26 12:17:44 -04:00
Calvin Leung Huang
7d214d2a3a
Purge opened connections on retries during tests ( #4452 )
2018-04-26 11:28:58 -04:00
vishalnayak
9ef3a36007
s/enable_local_secret_ids/local_secret_ids
2018-04-24 17:52:42 -04:00
vishalnayak
965a16f888
remove unneeded comments
2018-04-24 16:28:25 -04:00
vishalnayak
b91d53fd76
refactor to be able to defer lock.Unlock()
2018-04-24 16:17:24 -04:00
vishalnayak
f3dd8b3d17
fix typo
2018-04-24 16:03:18 -04:00
vishalnayak
b16ee7b32d
remove unneeded setting of secret ID prefix
2018-04-24 15:55:40 -04:00
vishalnayak
7832e06fdc
Add field read test
2018-04-24 15:48:07 -04:00
vishalnayak
10579f5d8d
Fix api path for reading the field
2018-04-24 14:28:03 -04:00
vishalnayak
7039f6dccd
Merge branch 'master-oss' into approle-local-secretid
2018-04-24 11:03:39 -04:00
vishalnayak
c46e021543
Add tests
2018-04-24 11:02:11 -04:00
vishalnayak
aade040e50
Add immutability test
2018-04-24 10:05:17 -04:00
vishalnayak
97c03c5a65
Add enable_local_secret_ids to role read response
2018-04-24 09:53:36 -04:00
Alex Samorukov
cb52f3eb80
Use locking to avoid parallel script execution ( #4358 )
2018-04-23 18:04:22 -04:00
vishalnayak
6b7a042003
error on enable_local_secret_ids update after role creation
2018-04-23 17:05:53 -04:00
vishalnayak
644892c53c
naming changes
2018-04-23 16:52:09 -04:00
vishalnayak
a369a4edb6
Upgrade secret ID prefix and fix tests
2018-04-23 16:31:51 -04:00
vishalnayak
d14cd4a51e
segregate local and non-local accessor entries
2018-04-23 16:19:05 -04:00
vishalnayak
7efbee2a12
Fix the tidy operation to consider both local and non-local secretID cleanups
2018-04-23 16:02:55 -04:00
vishalnayak
743e3ace13
fix path regex and role storage
2018-04-23 14:08:30 -04:00
vishalnayak
1680b56d43
add prefix to LocalStorage
2018-04-23 14:08:30 -04:00
vishalnayak
97b821b231
local secret IDs
2018-04-23 14:08:30 -04:00
Calvin Leung Huang
31633654ee
Explicitly use 5.7 and below to test mysql backends ( #4429 )
2018-04-23 13:03:02 -04:00
Becca Petrin
b3b7fba67e
Release database resources on each iteration of a loop ( #4305 )
2018-04-17 16:31:09 -07:00
Calvin Leung Huang
c7dddaf537
Skip CI acceptance tests on missing required values ( #4346 )
...
* Skip dynamic key acceptance test if vaultssh user not present
* Skip aws acceptance test if required environment variables are missing
2018-04-13 10:18:06 -04:00
Becca Petrin
da1cfb86e9
run make fmt
2018-04-11 14:25:09 -07:00
Becca Petrin
8569c8c235
Merge branch 'opensource-master' into struct-tags
2018-04-11 13:04:08 -07:00
Becca Petrin
dab933ccaf
deviate from snake case
2018-04-11 13:03:33 -07:00
Calvin Leung Huang
2dc4aa05f0
Dockerize radius auth backend acceptance tests ( #4276 )
2018-04-11 14:26:35 -04:00