77e7379ab5
Implement the cubbyhole backend
...
In order to implement this efficiently, I have introduced the concept of
"singleton" backends -- currently, 'sys' and 'cubbyhole'. There isn't
much reason to allow sys to be mounted at multiple places, and there
isn't much reason you'd need multiple per-token storage areas. By
restricting it to just one, I can store that particular mount instead of
iterating through them in order to call the appropriate revoke function.
Additionally, because revocation on the backend needs to be triggered by
the token store, the token store's salt is kept in the router and
client tokens going to the cubbyhole backend are double-salted by the
router. This allows the token store to drive when revocation happens
using its salted tokens.
2015-09-15 13:50:37 -04:00
104b29ab04
Rename View to StorageView to make it more distinct from SystemView
2015-09-15 13:50:37 -04:00
83d0ab73f5
Define time zone explicitly in postgresql connection string.
2015-09-14 13:43:06 +03:00
a9aaee6f5a
Explicitly set timezone with PostgreSQL timestamps.
2015-09-14 13:43:06 +03:00
79f68c934a
Call ResetDB as Cleanup routine to close existing database connections
...
on backend unmount.
2015-09-11 11:45:58 +03:00
08f7fb9c8d
Merge pull request #580 from hashicorp/zeroaddress-path
...
Add root authenticated path to allow default CIDR to select roles
2015-09-10 15:28:49 -04:00
39cfcccdac
Remove error returns from sysview TTL calls
2015-09-10 15:09:54 -04:00
488d33c70a
Rejig how dynamic values are represented in system view and location of some functions in various packages; create mount-tune command and API analogues; update documentation
2015-09-10 15:09:54 -04:00
4239f9d243
Add DynamicSystemView. This uses a pointer to a pointer to always have
...
up-to-date information. This allows remount to be implemented with the
same source and dest, allowing mount options to be changed on the fly.
If/when Vault gains the ability to HUP its configuration, this should
just work for the global values as well.
Need specific unit tests for this functionality.
2015-09-10 15:09:54 -04:00
d435048d9e
Switch StaticSystemView values to pointers, to support updating
2015-09-10 15:09:54 -04:00
473c1d759d
Vault SSH: Testing credential creation on zero address roles
2015-09-10 11:55:07 -04:00
d26497267c
Vault SSH: Expected data for testRoleRead
2015-09-10 10:44:26 -04:00
475df43c59
Merge branch 'master' of https://github.com/hashicorp/vault
2015-09-10 10:03:17 -04:00
d6b40c576d
Vault SSH: Refactoring tests
2015-09-03 18:56:45 -04:00
17c266bfd3
Vault SSH: Refactor lookup test case
2015-09-03 18:43:53 -04:00
c8c472e461
Vault SSH: Testcase restructuring
2015-09-03 18:11:04 -04:00
959a727acd
Don't re-use tls configuration, to fix a possible race issue during test
2015-09-03 13:04:32 -04:00
3e7aa75d70
Vault SSH: make Zeroaddress entry Remove method private
2015-08-31 17:10:55 -04:00
9918105404
Vault SSH: Store roles as slice of strings
2015-08-31 17:03:46 -04:00
f21ad7da4c
Vault SSH: refactoring
2015-08-31 16:03:28 -04:00
59bf9e6f9f
Vault SSH: Refactoring backend_test
2015-08-30 14:30:59 -04:00
5e3f8d53f3
Vault SSH: ZeroAddress CRUD test
2015-08-30 14:20:16 -04:00
6427a7e41e
Vault SSH: Add read method for zeroaddress endpoint
2015-08-29 20:22:34 -04:00
dc4f97b61b
Vault SSH: Zeroaddress roles and CIDR overlap check
2015-08-29 15:24:15 -04:00
5fa76b5640
Add base_url option to GitHub auth provider to allow selecting a custom endpoint. Fixes #572 .
2015-08-28 06:28:43 -07:00
d4609dea28
Merge pull request #578 from hashicorp/exclude-cidr-list
...
Vault SSH: Added exclude_cidr_list option to role
2015-08-28 07:59:46 -04:00
b12a2f0013
Vault SSH: Added exclude_cidr_list option to role
2015-08-27 23:19:55 -04:00
a4fc4a8e90
Deprecate lease -> ttl in PKI backend, and default to system TTL values if not given. This prevents issuing certificates with a longer duration than the maximum lease TTL configured in Vault. Fixes #470 .
2015-08-27 12:24:37 -07:00
fbff20d9ab
Vault SSH: Docs for default CIDR value
2015-08-27 13:10:15 -04:00
5063a0608b
Vault SSH: Default CIDR for roles
2015-08-27 13:04:15 -04:00
702a869010
Vault SSH: Provide key option specifications for dynamic keys
2015-08-27 11:41:29 -04:00
5b08e01bb1
Vault SSH: Create .ssh directory if not present. Closes #573
2015-08-27 08:45:34 -04:00
9db8a5c744
Merge pull request #567 from hobbeswalsh/master
...
Spaces in displayName break AWS IAM
2015-08-26 12:37:52 -04:00
34b84367b5
Adding one more test (for no-op case)
2015-08-26 09:26:20 -07:00
4b7c2cc114
Adding unit test for normalizeDisplayName()
2015-08-26 09:23:33 -07:00
2098446d47
Ensure that the 'file' audit backend can successfully open its given path before returning success. Fixes #550 .
2015-08-26 09:13:10 -07:00
2d8bfff02b
Explicitly check for blank leases in AWS, and give a better error message if lease_max cannot be parsed. Fixes #569 .
2015-08-26 09:04:47 -07:00
8530f14fee
s/string replacement/regexp replacement
2015-08-24 17:00:54 -07:00
69f5abdc91
spaces in displayName break AWS IAM
2015-08-24 16:12:45 -07:00
c35d78b3cb
Vault SSH: Documentation update
2015-08-24 14:18:37 -04:00
e6987beb61
Vault SSH: Replace args with named vars
2015-08-24 14:07:07 -04:00
eb91a3451b
Merging with master
2015-08-24 13:55:20 -04:00
44c07cff5b
Vault SSH: Cleanup of aux files in install script
2015-08-24 13:50:46 -04:00
f7845234b4
Merge pull request #555 from hashicorp/toggleable-hostname-enforcement
...
Allow enforcement of hostnames to be toggleable for certificates.
2015-08-21 19:23:09 -07:00
5695d57ba0
Merge pull request #561 from hashicorp/fix-wild-cards
...
Allow hyphens in endpoint patterns of most backends
2015-08-21 11:40:42 -07:00
6822af68e1
Vault SSH: Undo changes which does not belong to wild card changes
2015-08-21 09:58:15 -07:00
6c2927ede0
Vault: Fix wild card paths for all backends
2015-08-21 00:56:13 -07:00
93ef9a54bd
Internally refactor Lease/LeaseGracePeriod into TTL/GracePeriod
2015-08-20 18:00:51 -07:00
0ffad79548
Vault SSH: Make the script readable
2015-08-20 16:12:17 -07:00
133380915a
Disallow non-client X509 key usages for client TLS cert authentication.
2015-08-20 15:50:47 -07:00
Jeff Mitchell