Commit graph

73 commits

Author SHA1 Message Date
sprohaska 90be96989a logical/aws: Fix typo in warning message (#2747)
Signed-off-by: Steffen Prohaska <prohaska@zib.de>
2017-05-19 06:20:54 -04:00
Jeff Mitchell c81582fea0 More porting from rep (#2388)
* More porting from rep

* Address review feedback
2017-02-16 16:29:30 -05:00
Félix Cantournet 103b7ceab2 all: test: Fix govet warnings
Fix calls to t.Fatal() with formatting.
Fixed some calls to Fatalf() with wrong formatting
2016-12-21 19:44:07 +01:00
vishalnayak 9dbc97028b STS path field description update 2016-08-30 10:53:21 -04:00
vishalnayak 0b07ec7303 Added UpdateOperation to logical AWS STS path 2016-08-30 10:30:13 -04:00
Jeff Mitchell f0537572a8 Mark STS secrets as non-renwable
Ping #1800
2016-08-28 14:27:56 -04:00
Jeff Mitchell 2860dcc60f gofmt 2016-08-19 16:48:32 -04:00
vishalnayak e09b40e155 Remove Unix() invocations on 'time.Time' objects and removed conversion of time to UTC 2016-07-08 18:30:18 -04:00
Vishal Nayak 711c05a319 Merge pull request #1546 from hashicorp/secret-aws-roles
Added list functionality to logical aws backend's roles
2016-06-20 20:10:24 -04:00
vishalnayak 1976c9e75b Added test case for listing aws secret backend roles 2016-06-20 20:09:31 -04:00
vishalnayak 8b490e44a1 Added list functionality to logical aws backend's roles 2016-06-20 19:51:04 -04:00
vishalnayak 0760a89eb4 Backend() functions should return 'backend' objects.
If they return pointers to 'framework.Backend' objects, the receiver functions can't be tested.
2016-06-10 15:53:02 -04:00
Jeff Mitchell 99c1e071f3 Remove most Root paths 2016-05-31 23:42:54 +00:00
Jeff Mitchell 8f592f3442 Don't use pointers to int64 in function calls when not necessary 2016-05-19 12:26:02 -04:00
Jeff Mitchell a13807e759 Merge pull request #1318 from steve-jansen/aws-logical-assume-role
Add sts:AssumeRole support to the AWS secret backend
2016-05-19 12:17:27 -04:00
Steve Jansen 597d59962c Adds sts:AssumeRole support to the AWS secret backend
Support use cases where you want to provision STS tokens
using Vault, but, you need to call AWS APIs that are blocked
for federated tokens.  For example, STS federated tokens cannot
invoke IAM APIs, such as  Terraform scripts containing
`aws_iam_*` resources.
2016-05-05 23:32:41 -04:00
Jeff Mitchell 4600ca8073 Merge branch 'master-oss' into aws-auth-backend 2016-05-05 10:36:06 -04:00
Jeff Mitchell 1b0df1d46f Cleanups, add shared provider, ability to specify http client, and port S3 physical backend over 2016-05-03 17:01:02 -04:00
Jeff Mitchell 7fbe5d2eaa Region is required so error in awsutil if not set and set if empty in client code in logical/aws 2016-05-03 15:25:11 -04:00
Jeff Mitchell a244ef8a00 Refactor AWS credential code into a function that returns a static->env->instance chain 2016-05-03 15:10:35 -04:00
vishalnayak 9aa8fb6cc1 Support periodic tidy callback and config endpoints. 2016-04-26 10:22:29 -04:00
vishalnayak 95abdebb06 Added AcceptanceTest boolean to logical.TestCase 2016-04-05 15:10:44 -04:00
Matt Hurne 11187112bc Improve error message returned when client attempts to generate STS credentials for a managed policy; addresses #1113 2016-02-23 08:58:28 -05:00
vishalnayak c4abe72075 Cap the length midString in IAM user's username to 42 2016-02-19 18:31:10 -05:00
Jeff Mitchell 25b9f9b4a6 Set limits on generated IAM user and STS token names.
Fixes #1031
Fixes #1063
2016-02-19 16:35:06 -05:00
Jeff Mitchell d3a705f17b Make backends much more consistent:
1) Use the new LeaseExtend
2) Use default values controlled by mount tuning/system defaults instead
of a random hard coded value
3) Remove grace periods
2016-01-29 20:03:37 -05:00
Dmitriy Gromov 70ef2e3398 STS now uses root vault user for keys
The secretAccessKeysRevoke revoke function now asserts that it is
not dealing with STS keys by checking a new internal data flag. Defaults
to IAM when the flag is not found.

Factored out genUsername into its own function to share between STS and
IAM secret creation functions.

Fixed bad call to "WriteOperation" instead of "UpdateOperation" in
aws/backend_test
2016-01-21 15:04:16 -05:00
Dmitriy Gromov 4abca91d66 Renamed sts duration to ttl and added STS permissions note. 2016-01-21 14:28:34 -05:00
Dmitriy Gromov f251b13aaa Removing debug print statement from sts code 2016-01-21 14:05:10 -05:00
Dmitriy Gromov 1cf8153dfd Fixed duration type and added acceptance test for sts 2016-01-21 14:05:10 -05:00
Dmitriy Gromov 71afb7cff0 Configurable sts duration 2016-01-21 14:05:09 -05:00
Jack DeLoach 8fecccde21 Add STS path to AWS backend.
The new STS path allows for obtaining the same credentials that you would get
from the AWS "creds" path, except it will also provide a security token, and
will not have an annoyingly long propagation time before returning to the user.
2016-01-21 14:05:09 -05:00
Jeff Mitchell 0f0949ab06 Merge pull request #895 from nickithewatt/aws-prexisting-policies
Allow use of pre-existing policies for AWS users
2016-01-21 13:23:37 -05:00
Jeff Mitchell f3ce90164f WriteOperation -> UpdateOperation 2016-01-08 13:03:03 -05:00
Nicki Watt 62c22a5f73 Updated AWS policy help messages 2015-12-30 19:41:07 +00:00
Nicki Watt cd4ca21b58 Allow use of pre-existing policies for AWS users 2015-12-30 18:05:54 +00:00
Jeff Mitchell 64cd58463b Fix AWS tests 2015-12-01 00:05:04 -05:00
Seth Vargo 658bc0634a Fix breaking API changes 2015-10-30 18:22:48 -04:00
Jeff Mitchell 22c65c0c07 Use cleanhttp instead of bare http.Client 2015-10-22 14:37:12 -04:00
Jeff Mitchell cba4e82682 Don't use http.DefaultClient
This strips out http.DefaultClient everywhere I could immediately find
it. Too many things use it and then modify it in incompatible ways.

Fixes #700, I believe.
2015-10-15 17:54:00 -04:00
Jeff Mitchell 9db8a5c744 Merge pull request #567 from hobbeswalsh/master
Spaces in displayName break AWS IAM
2015-08-26 12:37:52 -04:00
Robin Walsh 34b84367b5 Adding one more test (for no-op case) 2015-08-26 09:26:20 -07:00
Robin Walsh 4b7c2cc114 Adding unit test for normalizeDisplayName() 2015-08-26 09:23:33 -07:00
Jeff Mitchell 2d8bfff02b Explicitly check for blank leases in AWS, and give a better error message if lease_max cannot be parsed. Fixes #569. 2015-08-26 09:04:47 -07:00
Robin Walsh 8530f14fee s/string replacement/regexp replacement 2015-08-24 17:00:54 -07:00
Robin Walsh 69f5abdc91 spaces in displayName break AWS IAM 2015-08-24 16:12:45 -07:00
vishalnayak 6c2927ede0 Vault: Fix wild card paths for all backends 2015-08-21 00:56:13 -07:00
Armon Dadgar aefb92b74c Merge pull request #534 from ctennis/lease_reader
Fix #533, add a reader for lease values (#529) and an acceptance test for mysql to prove it works
2015-08-18 19:00:18 -07:00
Jeff Mitchell 3cc4bd0b96 Fix AWS, again, and update Godeps. 2015-08-18 18:12:51 -07:00
Caleb Tennis a36910799e Fix #533, add a reader for lease values (#529) and an acceptance test for mysql to prove it works 2015-08-13 15:33:06 -04:00