d648306d52
Add the ability to specify the app-id in the login path.
...
This makes it easier to use prefix revocation for tokens.
Ping #424
2016-03-14 16:24:01 -04:00
9bfd24cd69
s/hash_accessor/hmac_accessor/g
2016-03-14 14:52:29 -04:00
ea108fba18
Use accessor being set as the condition to restore non-hashed values
2016-03-14 11:23:30 -04:00
e09819fedc
Added hash_accessor option to audit backends
2016-03-11 19:28:06 -05:00
343e6f1671
Merge pull request #998 from chrishoffman/mssql
...
Sql Server (mssql) secret backend
2016-03-10 22:30:24 -05:00
b1703fb18d
Cleaning up lease and lease duration vars and params
2016-03-10 21:15:18 -05:00
ba94451875
Removing root protected endpoints
2016-03-10 21:08:39 -05:00
dc7da4f4e8
Changing DROP USER query to a more compatible version
2016-03-10 21:06:50 -05:00
5af33afd90
Adding verify_connection to config, docs updates, misc cleanup
2016-03-09 23:08:05 -05:00
a6d8fc9d98
Merge pull request #1190 from grunzwei/master
...
fix github tests to use the provided GITHUB_ORG environment variable
2016-03-09 09:51:28 -05:00
ae469cc796
fix github tests to use the provided GITHUB_ORG environment variable
...
(tests fail for non hashicorp people)
2016-03-09 15:34:03 +02:00
7a9122bbd1
Sanitize serial number in revocation path.
...
Ping #1180
2016-03-08 10:51:59 -05:00
34a9cb1a70
Add serial_number back to path_issue_sign responses in PKI
2016-03-08 09:25:48 -05:00
5a17735dcb
Add subject/authority key id to cert metadata
2016-03-07 14:59:00 -05:00
11dc3f328f
Add revocation information to PKI fetch output (non-raw only).
...
Fixes #1180
2016-03-07 10:57:38 -05:00
67b85b8f7f
Error rather than skip Consul acceptance tests if Consul isn't found
2016-03-07 10:09:36 -05:00
4a3d3ef300
Use better error message on LDAP renew failure
2016-03-07 09:34:16 -05:00
0b4a8f5b94
Adding mssql secret backend
2016-03-03 09:19:17 -05:00
44208455f6
continue if non-CA policy is not found
2016-03-01 16:43:51 -05:00
9a3ddc9696
Added ExtKeyUsageAny, changed big.Int comparison and fixed code flow
2016-03-01 16:37:01 -05:00
cc1592e27a
corrections, policy matching changes and test cert changes
2016-03-01 16:37:01 -05:00
09eef70853
Added testcase for cert writes
2016-03-01 16:37:01 -05:00
f056e8a5a5
supporting non-ca certs for verification
2016-03-01 16:37:01 -05:00
aee006ba2d
moved the test cert keys to appropriate test-fixtures folder
2016-02-29 15:49:08 -05:00
64ab16d137
Don't spawn consul servers when testing unless it's an acceptance test
2016-02-29 14:58:06 -05:00
f6092f8311
Don't run transit fuzzing if not during acceptance tests
2016-02-29 14:44:04 -05:00
2205133ae4
Only run PKI backend setup functions when TF_ACC is set
2016-02-29 14:41:14 -05:00
cf672400d6
fixed the error log message
2016-02-29 10:41:10 -05:00
dca18aec2e
replaced old certs, with new certs generated from PKI backend, containing IP SANs
2016-02-28 22:15:54 -05:00
7ae573b35b
Apply hyphen/underscore replacement across the entire username.
...
Handles app-id generated display names.
Fixes #1140
2016-02-26 15:26:23 -05:00
e2c15eb693
Merge pull request #1129 from hashicorp/pki-tidy
...
Add "pki/tidy" which allows removing expired certificates.
2016-02-25 10:39:54 -05:00
6b6005ee2e
Remove root token requirement from GitHub configuration
2016-02-25 08:51:53 -05:00
8ca847c9b3
Be more explicit about buffer type
2016-02-24 22:05:39 -05:00
7d41607b6e
Add "tidy/" which allows removing expired certificates.
...
A buffer is used to ensure that we only remove certificates that are
both expired and for which the buffer has past. Options allow removal
from revoked/ and/or certs/.
2016-02-24 21:24:48 -05:00
69bcbb28aa
rename verify_cert as disable_binding and invert the logic
2016-02-24 21:01:21 -05:00
902c780f2b
make the verification of certs in renewal configurable
2016-02-24 16:42:20 -05:00
bc4710eb06
Cert: renewal enhancements
2016-02-24 14:31:38 -05:00
053bbd97ea
check CIDR block for renewal as well
2016-02-24 10:55:31 -05:00
978075a1b4
Added renewal capability to app-id backend
2016-02-24 10:40:15 -05:00
11187112bc
Improve error message returned when client attempts to generate STS credentials for a managed policy; addresses #1113
2016-02-23 08:58:28 -05:00
f56e4a604d
Merge pull request #1114 from hashicorp/dont-delete-certs
...
Do not delete certs (or revocation information)
2016-02-22 16:11:13 -05:00
4514192145
Address review feedback
2016-02-22 16:11:01 -05:00
f43ab6a25d
Remove extra debugging from PKI tests
2016-02-22 13:39:05 -05:00
f27eab1d28
Do not delete certs (or revocation information) to avoid potential
...
issues related to time synchronization. A function will be added to
allow operators to perform cleanup at chosen times.
2016-02-22 13:36:17 -05:00
51ced69bf8
Fix issue where leftover values after cn tests could trigger errors in ipsan tests
2016-02-22 13:35:57 -05:00
949f8a6b69
Merge pull request #1112 from hashicorp/1089-postgres-connection-url
...
postgres: connection_url fix
2016-02-22 11:36:04 -05:00
4c327ca4cc
More improvements to PKI tests; allow setting a specific seed, output
...
the seed to the console, and split generated steps to make it
understandable which seed is for which set of steps.
2016-02-22 11:22:52 -05:00
c9899a5300
postgres: connection_url fix
2016-02-22 11:22:49 -05:00
8d4c6f4c98
Use more fuzziness in PKI backend tests
2016-02-22 10:59:37 -05:00
392a26e9cd
Better handle errors from fetchCertBySerial
2016-02-22 10:36:26 -05:00
Jeff Mitchell