Jeff Mitchell
86874def5c
Parameter change
...
Both revocation times are UTC so clarify via parameter name that it's just a formatting difference. Also leave as a time.Time here, as it automatically marshals into RFC3339.
2016-08-14 21:43:57 -04:00
Jeff Mitchell
39cfd116b6
Cleanup
2016-08-13 11:52:09 -04:00
Jeff Mitchell
1b8711e7b7
Ensure utc value is not zero before adding
2016-08-13 11:50:57 -04:00
Jeff Mitchell
d6d08250ff
Ensure values to be encoded in a CRL are in UTC. This aligns with the
...
RFC. You might expect Go to ensure this in the CRL generation call,
but...it doesn't.
Fixes #1727
2016-08-13 08:40:09 -04:00
vishalnayak
b150c14caa
Address review feedback by @jefferai
2016-08-09 17:45:42 -04:00
vishalnayak
8d261b1a78
Added ttl field to aws-ec2 auth backend role
2016-08-09 17:29:45 -04:00
Jeff Mitchell
b69ed7ea93
Fix build
2016-08-08 17:00:59 -04:00
Jeff Mitchell
7f6c58b807
Address review feedback
2016-08-08 16:30:48 -04:00
Jeff Mitchell
0a67bcb5bd
Merge pull request #1696 from hashicorp/transit-convergent-specify-nonce
...
Require nonce specification for more flexibility
2016-08-08 11:41:10 -04:00
Jeff Mitchell
1f198e9256
Return warning about ACLing the LDAP configuration endpoint.
...
Fixes #1263
2016-08-08 10:18:36 -04:00
Jeff Mitchell
606ba64e23
Remove context-as-nonce, add docs, and properly support datakey
2016-08-07 15:53:40 -04:00
Jeff Mitchell
1976bc0534
Add unit tests for convergence in non-context mode
2016-08-07 15:16:36 -04:00
Jeff Mitchell
8b1d47037e
Refactor convergent encryption to make specifying a nonce in addition to context possible
2016-08-05 17:52:44 -04:00
Vincent Batoufflet
0b73c2ff9a
Fix PKI logical backend email alt_names
2016-08-04 12:10:34 +02:00
Jeff Mitchell
58e9cbbfc6
Add postgres test for block statements
2016-08-03 15:34:50 -04:00
Jeff Mitchell
9e204bd88c
Add arbitrary string slice parsing.
...
Like the KV function, this supports either separated strings or JSON
strings, base64-encoded or not.
Fixes #1619 in theory.
2016-08-03 14:24:16 -04:00
Jeff Mitchell
c025b292b5
Cleanup
2016-08-03 13:09:12 -04:00
vishalnayak
cff7aada7a
Fix invalid input getting marked as internal error
2016-07-28 16:23:11 -04:00
Jeff Mitchell
e0c5f5f5fa
Add convergence tests to transit backend
2016-07-28 11:30:52 -04:00
vishalnayak
a6907769b0
AppRole authentication backend
2016-07-26 09:32:41 -04:00
Jeff Mitchell
0cfb112e87
Explicitly set invalid request status when a password isn't included
2016-07-25 11:14:15 -04:00
Jeff Mitchell
dc4b85b55e
Don't return 500 for user error in userpass when setting password
2016-07-25 11:09:46 -04:00
Jeff Mitchell
d4c3e27c4e
Fix re-specification of filter
2016-07-25 09:08:29 -04:00
Oren Shomron
cd6d114e42
LDAP Auth Backend Overhaul
...
--------------------------
Added new configuration option to ldap auth backend - groupfilter.
GroupFilter accepts a Go template which will be used in conjunction with
GroupDN for finding the groups a user is a member of. The template will
be provided with context consisting of UserDN and Username.
Simplified group membership lookup significantly to support multiple use-cases:
* Enumerating groups via memberOf attribute on user object
* Previous default behavior of querying groups based on member/memberUid/uniqueMember attributes
* Custom queries to support nested groups in AD via LDAP_MATCHING_RULE_IN_CHAIN matchind rule
There is now a new configuration option - groupattr - which specifies
how to resolve group membership from the objects returned by the primary groupfilter query.
Additional changes:
* Clarify documentation for LDAP auth backend.
* Reworked how default values are set, added tests
* Removed Dial from LDAP config read. Network should not affect configuration.
2016-07-22 21:20:05 -04:00
Jeff Mitchell
68dcf677fa
Fix panic if no certificates are supplied by client
...
Fixes #1637
2016-07-21 10:20:41 -04:00
Jeff Mitchell
b353e44209
Fix build
2016-07-21 09:53:41 -04:00
Jeff Mitchell
d335038b40
Ensure we never return a nil set of trusted CA certs
...
Fixes #1637
2016-07-21 09:50:31 -04:00
Laura Bennett
559b0a5006
Merge pull request #1635 from hashicorp/mysql-idle-conns
...
Added maximum idle connections to mysql to close hashicorp/vault#1616
2016-07-20 15:31:37 -04:00
Jeff Mitchell
b558c35943
Set defaults to handle upgrade cases.
...
Ping #1604
2016-07-20 14:07:19 -04:00
Jeff Mitchell
f2b6569b0b
Merge pull request #1604 from memory/mysql-displayname-2
...
concat role name and token displayname to form mysql username
2016-07-20 14:02:17 -04:00
Nathan J. Mehl
ea294f1d27
use both role name and token display name to form mysql username
2016-07-20 10:17:00 -07:00
Laura Bennett
e6bf4fa489
whitespace error corrected
2016-07-20 12:00:05 -04:00
Nathan J. Mehl
0483457ad2
respond to feedback from @vishalnayak
...
- split out usernameLength and displaynameLength truncation values,
as they are different things
- fetch username and displayname lengths from the role, not from
the request parameters
- add appropriate defaults for username and displayname lengths
2016-07-20 06:36:51 -07:00
Laura Bennett
7cdb8a28bc
max_idle_connections added
2016-07-20 09:26:26 -04:00
Laura Bennett
03c7eb7d18
initial commit before rebase to stay current with master
2016-07-19 14:18:37 -04:00
Jeff Mitchell
30ca541f99
Merge pull request #1414 from mhurne/mongodb-secret-backend
...
Add mongodb secret backend
2016-07-19 13:56:15 -04:00
Jeff Mitchell
3334b22993
Some minor linting
2016-07-19 13:54:18 -04:00
Matt Hurne
0f9ee8fbed
Merge branch 'master' into mongodb-secret-backend
2016-07-19 12:47:58 -04:00
Matt Hurne
072c5bc915
mongodb secret backend: Remove redundant type declarations
2016-07-19 12:35:14 -04:00
Matt Hurne
c7d42cb112
mongodb secret backend: Fix broken tests, clean up unused parameters
2016-07-19 12:26:23 -04:00
Vishal Nayak
fbb04349b5
Merge pull request #1629 from hashicorp/remove-verify-connection
...
Remove unused VerifyConnection from storage entries of SQL backends
2016-07-19 12:21:23 -04:00
Vishal Nayak
8a1bb1626a
Merge pull request #1583 from hashicorp/ssh-allowed-roles
...
Add allowed_roles to ssh-helper-config and return role name from verify call
2016-07-19 12:04:12 -04:00
vishalnayak
7fb04a1bbd
Remove unused VerifyConnection from storage entries of SQL backends
2016-07-19 11:55:49 -04:00
Matt Hurne
316837857b
mongodb secret backend: Return lease ttl and max_ttl in lease read in seconds rather than as duration strings
2016-07-19 11:23:56 -04:00
Matt Hurne
f18d98272d
mongodb secret backend: Don't bother persisting verify_connection field in connection config
2016-07-19 11:20:45 -04:00
Matt Hurne
f8e6bcbb69
mongodb secret backend: Handle cases where stored username or db is not a string as expected when revoking credentials
2016-07-19 11:18:00 -04:00
Matt Hurne
75a5fbd8fe
Merge branch 'master' into mongodb-secret-backend
2016-07-19 10:38:45 -04:00
Jeff Mitchell
434ed2faf2
Merge pull request #1573 from mickhansen/logical-postgresql-revoke-sequences
...
handle revocations for roles that have privileges on sequences
2016-07-18 13:30:42 -04:00
vishalnayak
c14235b206
Merge branch 'master-oss' into json-use-number
...
Conflicts:
http/handler.go
logical/framework/field_data.go
logical/framework/wal.go
vault/logical_passthrough.go
2016-07-15 19:21:55 -04:00
Vishal Nayak
cdf58da43b
Merge pull request #1610 from hashicorp/min-tls-ver-12
...
Set minimum TLS version in all tls.Config objects
2016-07-13 10:53:14 -06:00