7fb04a1bbd
Remove unused VerifyConnection from storage entries of SQL backends
2016-07-19 11:55:49 -04:00
316837857b
mongodb secret backend: Return lease ttl and max_ttl in lease read in seconds rather than as duration strings
2016-07-19 11:23:56 -04:00
f18d98272d
mongodb secret backend: Don't bother persisting verify_connection field in connection config
2016-07-19 11:20:45 -04:00
f8e6bcbb69
mongodb secret backend: Handle cases where stored username or db is not a string as expected when revoking credentials
2016-07-19 11:18:00 -04:00
75a5fbd8fe
Merge branch 'master' into mongodb-secret-backend
2016-07-19 10:38:45 -04:00
434ed2faf2
Merge pull request #1573 from mickhansen/logical-postgresql-revoke-sequences
...
handle revocations for roles that have privileges on sequences
2016-07-18 13:30:42 -04:00
c14235b206
Merge branch 'master-oss' into json-use-number
...
Conflicts:
http/handler.go
logical/framework/field_data.go
logical/framework/wal.go
vault/logical_passthrough.go
2016-07-15 19:21:55 -04:00
cdf58da43b
Merge pull request #1610 from hashicorp/min-tls-ver-12
...
Set minimum TLS version in all tls.Config objects
2016-07-13 10:53:14 -06:00
09a4142fd3
Handled upgrade path for TLSMinVersion
2016-07-13 12:42:51 -04:00
9f1e6c7b26
Merge pull request #1607 from hashicorp/standardize-time
...
Remove redundant invocations of UTC() call on `time.Time` objects
2016-07-13 10:19:23 -06:00
de19314f18
Address review feedback
2016-07-13 11:52:26 -04:00
407722a9b4
Added tls_min_version to consul storage backend
2016-07-12 20:10:54 -04:00
314a5ecec0
allow overriding the default truncation length for mysql usernames
...
see https://github.com/hashicorp/vault/issues/1605
2016-07-12 17:05:43 -07:00
f34f0ef503
Make 'tls_min_version' configurable
2016-07-12 19:32:47 -04:00
46d34130ac
Set minimum TLS version in all tls.Config objects
2016-07-12 17:06:28 -04:00
8269f323d3
Revert 'risky' changes
2016-07-12 16:38:07 -04:00
57cdb58374
Switch to pester from go-retryablehttp to avoid swallowing 500 error messages
2016-07-11 21:37:46 +00:00
9ee4542a7c
incorporate code style guidelines
2016-07-11 13:35:35 +02:00
c25788e1d4
handle revocations for roles that have privileges on sequences
2016-07-11 13:16:45 +02:00
2cf4490b37
use role name rather than token displayname in generated mysql usernames
...
If a single token generates multiple myself roles, the generated mysql
username was previously prepended with the displayname of the vault
user; this makes the output of `show processlist` in mysql potentially
difficult to correlate with the roles actually in use without cross-
checking against the vault audit log.
See https://github.com/hashicorp/vault/pull/1603 for further discussion.
2016-07-10 15:57:47 -07:00
6505e85dae
mongodb secret backend: Improve safety of MongoDB roles storage
2016-07-09 21:12:42 -04:00
e09b40e155
Remove Unix() invocations on 'time.Time' objects and removed conversion of time to UTC
2016-07-08 18:30:18 -04:00
bb8a45eb8b
Format code in mongodb secret backend
2016-07-07 23:16:11 -04:00
8d5a7992c1
mongodb secret backend: Improve and correct errors in documentation; improve "parameter is required" error response messages
2016-07-07 23:09:45 -04:00
eee6f04e40
mongodb secret backend: Refactor to eliminate unnecessary variable
2016-07-07 22:29:17 -04:00
ce845df43c
mongodb secret backend: Consider a "user not found" response a success when removing a user from Mongo
2016-07-07 22:27:47 -04:00
138d74f745
mongodb secret backend: Improve roles path help
2016-07-07 22:16:34 -04:00
7f9d91acb6
mongodb secret backend: Remove default value for Mongo authentication DB for roles; validate that role name and authentication db were specified when creating a role
2016-07-07 22:09:00 -04:00
de84cdabe6
mongodb secret backend: Leverage framework.TypeDurationSecond to simplify storage of lease ttl and max_ttl
2016-07-07 21:48:44 -04:00
6d7c9f5424
mongodb secret backend: Verify existing Session is still working before reusing it
2016-07-07 21:37:44 -04:00
db3670c353
Fix transit tests
2016-07-06 22:04:08 -04:00
ad7cb2c8f1
Added JSON Decode and Encode helpers.
...
Changed all the occurances of Unmarshal to use the helpers.
Fixed http/ package tests.
2016-07-06 12:25:40 -04:00
5367a7223d
Add allowed_roles to ssh-helper-config and return role name from verify call
2016-07-05 11:14:29 -04:00
769d20c770
Merge branch 'master' into mongodb-secret-backend
2016-07-05 09:33:12 -04:00
ba9c97b915
mongodb secret backend: Add support for reading connection configuration; Dockerize tests
2016-07-05 09:32:38 -04:00
2e828383e0
Move the parameter down to where the statement is executed.
2016-07-03 16:20:27 -07:00
08fb1a30d4
Use `lib/pq`'s `QuoteIdentifier()` on all identifiers and Prepare
...
for all literals.
2016-07-03 16:01:39 -07:00
292c2fad69
Merge branch 'master' into mongodb-secret-backend
2016-07-01 20:39:13 -04:00
4a8d9eb942
Shave off a lot of PKI testing time by not requiring key generation when testing CSRs. Also enable all tests all the time.
2016-07-01 17:28:48 -04:00
369dcff5f9
Merge pull request #1581 from mp911de/cassandra_connect_timeout
...
Support connect_timeout for Cassandra and align timeout.
2016-07-01 22:33:24 +02:00
ab63c938c4
Address review feedback.
...
Switch ConnectTimeout to framework.TypeDurationSecond with a default of 5. Remove own parsing code.
2016-07-01 22:26:08 +02:00
3859f7938a
Support connect_timeout for Cassandra and align timeout.
...
The cassandra backend now supports a configurable connect timeout. The timeout is configured using the connect_timeout parameter in the session configuration. Also align the timeout to 5 seconds which is the default for the Python and Java drivers.
Fixes #1538
2016-07-01 21:22:37 +02:00
51cd67115c
Run appid/cert auth tests always
2016-07-01 14:06:33 -04:00
db211a4b61
Migrate Consul acceptance tests to Docker
2016-07-01 13:59:56 -04:00
cdde4071d7
mongodb secret backend: Parse ssl URI option as a boolean rather than relying on string comparison
2016-07-01 13:55:06 -04:00
a2e95614d6
Have SQL backends Ping() before access.
...
If unsuccessful, reestablish connections as needed.
2016-07-01 12:02:17 -04:00
e50e331ffc
Always run transit acceptance tests
2016-07-01 11:45:56 -04:00
5313ae8a1b
Merge pull request #1578 from hashicorp/dockerize-mysql-acc-tests
...
Convert MySQL tests to Dockerized versions
2016-07-01 17:38:52 +02:00
5d707c41ff
Always run userpass acceptance tests
2016-07-01 11:37:38 -04:00
8d984c111d
Convert MySQL tests to Dockerized versions
2016-07-01 11:36:28 -04:00
46bf080409
mongodb secret backend: Refactor URI parsing logic to leverage url.Parse
2016-07-01 09:12:26 -04:00
6f05d6f21f
mongodb secret backend: Prefix all generated usernames with "vault-", and cleanly handle empty display names when generating usernames
2016-06-30 21:11:45 -04:00
acf4b0b637
Merge branch 'master' into mongodb-secret-backend
2016-06-30 16:43:53 -04:00
2488d520a4
Merge branch 'master-oss' into dockerize-pg-secret-tests
2016-06-30 14:31:52 -04:00
3e515c5885
Fix up breakage from bumping deps
2016-06-30 14:31:41 -04:00
8da8881825
Add comment around bind to localhost
2016-06-30 13:49:11 -04:00
22e83ae7f5
Dockerize Postgres secret backend acceptance tests
...
Additionally enable them on all unit test runs.
2016-06-30 13:46:39 -04:00
619ddc38b7
Use TRACE not WARN here
2016-06-30 12:41:56 -04:00
7879812f76
Persist verify_connection field in mongodb secret backend's connection config
2016-06-30 11:39:02 -04:00
350b69670c
Rename mongodb secret backend's 'ttl_max' lease configuration field to 'max_ttl'
2016-06-30 09:57:43 -04:00
05cc4f2761
Merge branch 'master' into mongodb-secret-backend
2016-06-30 09:02:30 -04:00
16d4f79c71
Fix test
2016-06-30 08:21:00 -04:00
5df2dd30c5
Change warn to trace for these messages
2016-06-29 21:04:02 -04:00
cf178d3c9e
Merge remote-tracking branch 'oss/master' into postgres-pl-lock
2016-06-29 17:40:34 -04:00
934e60c3c9
Add stmt close calls
2016-06-29 17:39:47 -04:00
a56f79adcb
Run prepare on the transaction, not the db
2016-06-29 17:20:41 -04:00
5e8c912048
Add mongodb secret backend
2016-06-29 08:33:06 -04:00
11c205e19b
removed option to create 1024 keybitlength certs
2016-06-28 16:56:14 -04:00
43df682365
Add more debug output
2016-06-28 11:03:56 -04:00
0802497c8a
Add some logging to enter/exit of some functions
2016-06-24 16:11:22 -04:00
9dc0599a30
Address review feedback
2016-06-23 10:18:03 -04:00
d7029fc49a
Add some more testing
2016-06-23 09:49:03 -04:00
45a442e593
Set some basic key usages by default.
...
Some programs (such as OpenVPN) don't like it if you don't include key
usages. This adds a default set that should suffice for most extended
usages. However, since things get twitchy when these are set in ways
various crypto stacks don't like, it's fully controllable by the user.
Fixes #1476
2016-06-22 16:08:24 -04:00
407373df5d
Revert "Use x509 package ext key usage instead of custom type"
...
This reverts commit 0b2d8ff475a26ff98c37337a64859d150d62cfc1.
2016-06-22 13:07:31 -04:00
c0dee06aab
Use x509 package ext key usage instead of custom type
2016-06-22 11:51:32 -04:00
62f66dc4d8
Do some internal renaming in PKI
2016-06-22 11:39:57 -04:00
5f5a81d8da
Fix broken build
2016-06-21 18:25:36 -04:00
e97f81ecaa
Print role name in the error message
2016-06-21 17:53:33 -04:00
d47fc4c4ad
Merge pull request #1515 from hashicorp/sql-config-reading
...
Allow reading of config in sql backends
2016-06-21 10:07:34 -04:00
78d4d5c8c3
Merge pull request #1523 from hashicorp/bind-account-id-aws-ec2
...
Added bound_account_id to aws-ec2 auth backend
2016-06-21 10:03:20 -04:00
f7a44a2643
Correct casing of abbreviations
2016-06-21 10:02:22 -04:00
389581f47b
Added warnings when configuring connection info in sql backends
2016-06-21 09:58:57 -04:00
711c05a319
Merge pull request #1546 from hashicorp/secret-aws-roles
...
Added list functionality to logical aws backend's roles
2016-06-20 20:10:24 -04:00
1976c9e75b
Added test case for listing aws secret backend roles
2016-06-20 20:09:31 -04:00
8b490e44a1
Added list functionality to logical aws backend's roles
2016-06-20 19:51:04 -04:00
69d562c5db
Merge pull request #1514 from hashicorp/backend-return-objects
...
Backend() functions should return 'backend' objects.
2016-06-20 19:30:00 -04:00
2e7704ea7e
Add convergent encryption option to transit.
...
Fixes #1537
2016-06-20 13:17:48 -04:00
383be815b6
aws-ec2: added a nil check for storedIdentity in login renewal
2016-06-20 10:19:57 -04:00
dccfc413d4
Replace an 'if' block with 'switch'
2016-06-17 12:35:44 -04:00
cf15354e44
Address review feedback
2016-06-17 10:11:39 -04:00
8e03c1448b
Merge branch 'master-oss' into bind-account-id-aws-ec2
...
Conflicts:
builtin/credential/aws-ec2/backend_test.go
builtin/credential/aws-ec2/path_login.go
builtin/credential/aws-ec2/path_role.go
2016-06-14 14:46:08 -04:00
74e84113db
fixing the test for the wrong IAM Role ARN
2016-06-14 18:17:41 +00:00
0ffbef0ccd
added tests, nil validations and doccumentation
2016-06-14 16:58:50 +00:00
26f7fcf6a1
Added bound_account_id to aws-ec2 auth backend
2016-06-14 11:58:19 -04:00
2c5a8fb39f
fixing spaces
2016-06-14 14:57:46 +00:00
52a47e1c4f
adding IAM Role as constrain
2016-06-14 14:49:36 +00:00
e925987cb6
Add token accessor to wrap information if one exists
2016-06-13 23:58:17 +00:00
b7eb28bb3a
Added bound_ami_id check
2016-06-13 08:56:39 -04:00
1776ff449f
Allow reading of config in sql backends
2016-06-11 11:48:40 -04:00
0760a89eb4
Backend() functions should return 'backend' objects.
...
If they return pointers to 'framework.Backend' objects, the receiver functions can't be tested.
2016-06-10 15:53:02 -04:00
c6a27f2fa8
s/VAULT_GITHUB_AUTH_TOKEN/VAULT_AUTH_GITHUB_TOKEN
2016-06-09 14:00:56 -04:00
b82033516e
Merge pull request #1510 from hashicorp/fix-gh-renew-panic
...
Fix panic when renewing a github token from a previous version of Vault
2016-06-09 13:54:20 -04:00
7c65dc9bf1
xInt->xRaw
2016-06-09 13:54:04 -04:00
308294db46
Added VAULT_GITHUB_AUTH_TOKEN env var to receive GitHub auth token
2016-06-09 13:45:56 -04:00
1715b3dcb8
Fix panic when renewing a github token from a previous version of Vault
2016-06-09 13:37:09 -04:00
5ccb4fe907
Merge pull request #1498 from hashicorp/pki-list
...
PKI List Functionality
2016-06-08 15:42:50 -04:00
f9c3afcc21
Fix broken test
2016-06-08 13:00:19 -04:00
6c4234eae6
Minor changes to the RabbitMQ acceptance tests
2016-06-08 12:50:43 -04:00
3795b65d19
Updates to the test based on feedback.
2016-06-08 16:49:10 +00:00
2f2a80e2be
Add PKI listing
2016-06-08 11:50:59 -04:00
94cd00f32a
Add an explicit default for TTLs for rabbit creds
2016-06-08 11:35:09 -04:00
86d697884b
Fix some typos in rmq text and structure
2016-06-08 11:31:57 -04:00
1b7da070ae
Added pooled transport for rmq client. Added tests
2016-06-08 10:46:46 -04:00
95f3726f1c
Migrate to go-uuid
2016-06-08 10:36:16 -04:00
5a3dd98d06
Polish the code
2016-06-08 10:25:03 -04:00
ab543414f6
Merge pull request #788 from doubledutch/master
...
RabbitMQ Secret Backend
2016-06-08 10:02:24 -04:00
8f437d6142
Make logical.InmemStorage a wrapper around physical.InmemBackend.
...
This:
* Allows removing LockingInmemStorage since the physical backend already
locks properly
* Makes listing work properly by adhering to expected semantics of only
listing up to the next prefix separator
* Reduces duplicated code
2016-06-06 12:03:08 -04:00
50c011e79f
Use backend function instead of separate backend creation in consul
2016-06-03 10:08:58 -04:00
ca47478aed
Merge pull request #1479 from hashicorp/reuse-be-creation-tests
...
Change AWS/SSH to reuse backend creation code for test functions
2016-06-03 09:59:37 -04:00
e9fbb9fabe
Remove failOnError method from cert tests
2016-06-01 16:01:28 -04:00
86d2c796b0
Change AWS/SSH to reuse backend creation code for test functions
2016-06-01 12:17:47 -04:00
3c5fb471a4
Merge pull request #1445 from hashicorp/consul-fixups
...
Reading consul access configuration in the consul secret backend.
2016-06-01 12:11:12 -04:00
3a460b9c4b
Merge pull request #1471 from hashicorp/rename-aws-auth
...
auth backend: rename `aws` as `aws-ec2`
2016-06-01 10:41:13 -04:00
dbee3cd81b
Address review feedback
2016-06-01 10:36:58 -04:00
4fea41f7e5
Use entry.Type as a criteria for upgrade
2016-06-01 10:30:11 -04:00
99c1e071f3
Remove most Root paths
2016-05-31 23:42:54 +00:00
eefd9acbf0
Set config access test case as an acceptance test and make travis happy
2016-05-31 13:27:34 -04:00
f64987a6cf
Add tests around writing and reading consul access configuration
2016-05-31 13:27:34 -04:00
036e7fa63e
Add reading to consul config, and some better error handling.
2016-05-31 13:27:34 -04:00
a072f2807d
Rename aws as aws-ec2
2016-05-30 14:11:15 -04:00
950c76c020
rename credential/aws as credential/aws-ec2
2016-05-30 14:11:15 -04:00
30fa7f304b
Allow * to be set for allowed_users
2016-05-30 03:12:43 -04:00
971b2cb7b7
Do not allow any username to login if allowed_users is not set
2016-05-30 03:01:47 -04:00
e01bce371d
Merge pull request #1462 from hashicorp/enable-auth-rollbacks
...
Re-enable rollback triggers for auth backends
2016-05-27 15:01:35 -04:00
39fe3200e3
Return nil for pre-0.5.3 Consul tokens to avoid pathological behavior
2016-05-27 13:09:52 -04:00
f035a320d0
Add test for renew/revoke to Consul secret backend
2016-05-27 11:27:53 -04:00
1d94828e45
Re-enable rollback triggers for auth backends
2016-05-26 14:29:41 -04:00
644ac5f5e8
Merge pull request #1456 from hashicorp/consul-lease-renewal
...
Fix the consul secret backends renewal revocation problem
2016-05-26 13:59:45 -04:00
cfd337d06a
Fix broken cert backend test
2016-05-26 11:06:46 -04:00
05d1da0656
Add comment about the deletions
2016-05-26 10:33:35 -04:00
ccfa8d0567
Remove deprecated entries from PKI role output.
...
Fixes #1452
2016-05-26 10:32:04 -04:00
c0e745dbfa
s/logical.ErrorResponse/fmt.Errorf in renewal functions of credential backends
2016-05-26 10:21:03 -04:00
2ca846b401
s/logical.ErrorResponse/fmt.Errorf in revocation functions of secrets
2016-05-26 10:04:11 -04:00
70b8530962
Fix the consul secret backends renewal revocation problem
2016-05-25 23:24:16 -04:00
cdfc6b46fd
Update and document rabbitmq test envvars
2016-05-20 23:28:02 -07:00
4eb20e4aa8
Merge remote-tracking branch 'origin/master' into rabbitmq
2016-05-20 23:27:22 -07:00
5783b02e36
Address feedback
2016-05-20 22:57:24 -07:00
8f592f3442
Don't use pointers to int64 in function calls when not necessary
2016-05-19 12:26:02 -04:00
a13807e759
Merge pull request #1318 from steve-jansen/aws-logical-assume-role
...
Add sts:AssumeRole support to the AWS secret backend
2016-05-19 12:17:27 -04:00
1bef0c3584
Merge pull request #1245 from LeonDaniel/master
...
Improved groups search for LDAP login
2016-05-19 12:13:29 -04:00
vishalnayak