luxolus
/
open-vault
2
0
Fork 0
Code Issues 1 Pull Requests Releases Activity
4,624 Commits 1 Branch 0 Tags 214 MiB
Commit Graph

960 Commits

Author SHA1 Message Date
Vishal Nayak b1ee56a15b Merge pull request #1910 from hashicorp/secret-id-cidr-list 
CIDR restrictions on Secret ID
 2016-09-26 10:22:48 -04:00
Vishal Nayak a4b119dc25 Merge pull request #1920 from legal90/fix-approle-delete 
Fix panic on deleting the AppRole which doesn't exist
 2016-09-26 10:05:33 -04:00
Mikhail Zholobov 3f77013004
Fix panic on deleting the AppRole which doesn't exist 
#pathRoleDelete should return silently if the specified  AppRole doesn't exist
Fixes GH-1919
 2016-09-26 16:55:08 +03:00
vishalnayak da5b5d3a8e Address review feedback from @jefferai 2016-09-26 09:53:24 -04:00
Jeff Mitchell 6bf871995b Don't use time.Time in responses. (#1912) 
This fixes #1911 but not directly; it doesn't address the cause of the
panic. However, it turns out that this is the correct fix anyways,
because it ensures that the value being logged is RFC3339 format, which
is what the time turns into in JSON but not the normal time string
value, so what we audit log (and HMAC) matches what we are returning.
 2016-09-23 12:32:07 -04:00
vishalnayak c26754000b Fix ssh tests 2016-09-22 11:37:55 -04:00
vishalnayak aaadd4ad97 Store the CIDR list in the secret ID storage entry. 
Use the stored information to validate the source address and credential issue time.
Correct the logic used to verify BoundCIDRList on the role.
Reverify the subset requirements between secret ID and role during credential issue time.
 2016-09-21 20:19:26 -04:00
vishalnayak 578b82acf5 Pass only valid inputs to validation methods 2016-09-21 15:44:54 -04:00
vishalnayak 93604e1e2e Added cidrutil helper 2016-09-21 13:58:32 -04:00
Jeff Mitchell 676e7e0f07 Ensure upgrades have a valid HMAC key 2016-09-21 11:10:57 -04:00
Jeff Mitchell 0ff76e16d2 Transit and audit enhancements 2016-09-21 10:49:26 -04:00
Chris Hoffman 5c241d31e7 Renaming ttl_max -> max_ttl in mssql backend (#1905) 2016-09-20 12:39:02 -04:00
Vishal Nayak 97dc0e9f64 Merge pull request #1897 from hashicorp/secret-id-accessor-locks 
Safely manipulate secret id accessors
 2016-09-19 11:37:38 -04:00
vishalnayak fefd3a6c0b s/GetOctalFormatted/GetHexFormatted 2016-09-16 17:47:15 -04:00
Jeff Mitchell 897d3c6d2c Rename GetOctalFormatted and add serial number to ParsedCertBundle. Basically a noop. 2016-09-16 11:05:43 -04:00
vishalnayak ba72e7887a Safely manipulate secret id accessors 2016-09-15 18:13:50 -04:00
Vishal Nayak 61664bc653 Merge pull request #1886 from hashicorp/approle-upgrade-notes 
upgrade notes entry for approle constraint and warning on role read
 2016-09-15 12:14:01 -04:00
vishalnayak 5597156886 check for nil role 2016-09-15 12:10:40 -04:00
vishalnayak 92986bb2a0 Address review feedback 2016-09-15 11:41:52 -04:00
vishalnayak a1de742dce s/disableReauthenticationNonce/reauthentication-disabled-nonce 2016-09-15 11:29:02 -04:00
vishalnayak 9bca127631 Updated docs with nonce usage 2016-09-14 19:31:09 -04:00
vishalnayak 857f921d76 Added comment 2016-09-14 18:27:35 -04:00
vishalnayak 39796e8801 Disable reauthentication if nonce is explicitly set to empty 2016-09-14 17:58:00 -04:00
vishalnayak d0e4d77fce address review feedback 2016-09-14 14:28:02 -04:00
vishalnayak d7ce69c5eb Remove the client nonce being empty check 2016-09-14 14:28:02 -04:00
vishalnayak 53c919b1d0 Generate the nonce by default 2016-09-14 14:28:02 -04:00
vishalnayak 455a4ae055 address review feedback 2016-09-14 12:08:35 -04:00
vishalnayak b1392567d1 Use constant time comparisons for client nonce 2016-09-13 20:12:43 -04:00
vishalnayak d2e66014ba Address review feedback 2016-09-13 18:30:04 -04:00
Jeff Mitchell 29b67141eb Only use running state for checking if instance is alive. (#1885) 
Fixes #1884
 2016-09-13 18:08:05 -04:00
vishalnayak 99a2655d8e upgrade notes entry for approle constraint and warning on role read 2016-09-13 17:44:07 -04:00
vishalnayak bef9c2ee61 Ensure at least one constraint on the role 2016-09-13 16:03:15 -04:00
Jeff Mitchell 197c7eae5f Allow encrypting empty ciphertext values. (#1881) 
Replaces #1874
 2016-09-13 12:00:04 -04:00
vishalnayak b599948e1c Use uuid.GenerateRandomBytes 2016-09-09 14:17:09 -04:00
vishalnayak 127f61473b Not exposing structs from the backend's package 2016-09-01 11:57:28 -04:00
Jeff Mitchell 1db0544b7a Use unexported kdf const names 2016-08-31 07:19:58 -04:00
Vishal Nayak c46a7391c0 Merge pull request #1799 from hashicorp/fix-role-locking 
approle: fix racy updates problem for roles
 2016-08-30 16:46:40 -04:00
vishalnayak cdcfa4572f Address review feedback 2016-08-30 16:36:58 -04:00
Jeff Mitchell d2239d22d9 Use hkdf for transit key derivation for new keys (#1812) 
Use hkdf for transit key derivation for new keys
 2016-08-30 16:29:09 -04:00
vishalnayak 29b9295673 approle: fix racy updates problem for roles 2016-08-30 16:11:14 -04:00
vishalnayak 9dbc97028b STS path field description update 2016-08-30 10:53:21 -04:00
vishalnayak 0b07ec7303 Added UpdateOperation to logical AWS STS path 2016-08-30 10:30:13 -04:00
Vishal Nayak cdd1d96a64 Merge pull request #1804 from hashicorp/issue-1800 
Mark STS secrets as non-renwable
 2016-08-29 11:46:19 -04:00
navinanandaraj 8612b6139e Fixes #1801 Reuse Cassandra session object for create creds (#1802) 2016-08-28 17:32:41 -04:00
Jeff Mitchell f0537572a8 Mark STS secrets as non-renwable 
Ping #1800
 2016-08-28 14:27:56 -04:00
Jeff Mitchell 0b113f7916 Derive nonce fully in convergent mode (#1796) 
Ping #1794
 2016-08-26 17:01:56 -04:00
Jeff Mitchell 2f5876dfe9 Use key derivation for convergent nonce. (#1794) 
Use key derivation for convergent nonce.

Fixes #1792
 2016-08-26 14:11:03 -04:00
Jeff Mitchell 28739f3528 Decode secret internal data into struct and fix type assertion. (#1781) 2016-08-24 15:04:04 -04:00
Jeff Mitchell d1284944c3 Merge pull request #1755 from hashicorp/logxi 
Convert to logxi
 2016-08-21 19:28:18 -04:00
Jeff Mitchell 58b32e5432 Convert to logxi 2016-08-21 18:13:37 -04:00