luxolus/open-vault
2
0
Fork 0
Code Issues 1 Pull requests Releases Activity
4596 commits 1 branch 0 tags 214 MiB
Commit graph

4596 commits

This branch
This branch
All branches
Author SHA1 Message Date
vishalnayak aaadd4ad97 Store the CIDR list in the secret ID storage entry. 
Use the stored information to validate the source address and credential issue time.
Correct the logic used to verify BoundCIDRList on the role.
Reverify the subset requirements between secret ID and role during credential issue time.
 2016-09-21 20:19:26 -04:00
vishalnayak 578b82acf5 Pass only valid inputs to validation methods 2016-09-21 15:44:54 -04:00
vishalnayak 93604e1e2e Added cidrutil helper 2016-09-21 13:58:32 -04:00
Jeff Mitchell 27782238a1 changelog++ 2016-09-19 13:03:03 -04:00
Jeff Mitchell 69c4452344 Merge branch 'master' of https://github.com/hashicorp/vault into master-oss 2016-09-19 13:02:30 -04:00
Jeff Mitchell f3ab4971a6 Follow Vault convention on DELETE being idempotent (#1903) 
* Follow Vault convention on `DELETE` being idempotent with
audit/auth/mounts deletes (a.k.a. disabling/unmounting).
 2016-09-19 13:02:25 -04:00
Jeff Mitchell 7f3041d6a5 Fix formatting 2016-09-19 13:00:50 -04:00
Jeff Mitchell 6e40d606d4 Bump to newer middleman-hashicorp 2016-09-19 12:42:35 -04:00
Jeff Mitchell 85c51fd861 Update website docs to indicate sudo being required for auth/audit 
endpoints.
 2016-09-19 12:10:08 -04:00
Vishal Nayak 97dc0e9f64 Merge pull request #1897 from hashicorp/secret-id-accessor-locks 
Safely manipulate secret id accessors
 2016-09-19 11:37:38 -04:00
Jeff Mitchell 86c83c3a98 changelog++ 2016-09-19 09:41:01 -04:00
vishalnayak fefd3a6c0b s/GetOctalFormatted/GetHexFormatted 2016-09-16 17:47:15 -04:00
Jeff Mitchell f7b3937c77 Fix website display of tune paths 2016-09-16 12:03:50 -04:00
Jeff Mitchell 897d3c6d2c Rename GetOctalFormatted and add serial number to ParsedCertBundle. Basically a noop. 2016-09-16 11:05:43 -04:00
vishalnayak 271ab5a4bd changelog++ 2016-09-16 10:59:59 -04:00
Vishal Nayak 47a9c45189 Merge pull request #1899 from hashicorp/format-yml 
Add yml alias for yaml
 2016-09-16 10:56:01 -04:00
vishalnayak e123f33a91 Add yml alias for yaml 2016-09-16 10:43:23 -04:00
vishalnayak ba72e7887a Safely manipulate secret id accessors 2016-09-15 18:13:50 -04:00
Vishal Nayak 61664bc653 Merge pull request #1886 from hashicorp/approle-upgrade-notes 
upgrade notes entry for approle constraint and warning on role read
 2016-09-15 12:14:01 -04:00
vishalnayak 5597156886 check for nil role 2016-09-15 12:10:40 -04:00
Vishal Nayak 4f33e8d713 Merge pull request #1892 from hashicorp/role-tag-defaults 
Specify that role tags are not tied to an instance by default
 2016-09-15 12:04:41 -04:00
vishalnayak 6a0f788dee changelog++ 2016-09-15 12:03:48 -04:00
Vishal Nayak 464f479ff0 Merge pull request #1889 from hashicorp/configurable-nonce 
aws-ec2: generate the client nonce by default during first login attempt
 2016-09-15 11:49:38 -04:00
vishalnayak 92986bb2a0 Address review feedback 2016-09-15 11:41:52 -04:00
vishalnayak a1de742dce s/disableReauthenticationNonce/reauthentication-disabled-nonce 2016-09-15 11:29:02 -04:00
vishalnayak 9bca127631 Updated docs with nonce usage 2016-09-14 19:31:09 -04:00
vishalnayak 857f921d76 Added comment 2016-09-14 18:27:35 -04:00
vishalnayak 39796e8801 Disable reauthentication if nonce is explicitly set to empty 2016-09-14 17:58:00 -04:00
vishalnayak 2639ca4d4f Address review feedback 2016-09-14 16:06:38 -04:00
James Pearson Hughes f598c78d98 DynamoDB: fix log typo (#1891) 2016-09-14 15:16:24 -04:00
vishalnayak dcddaa8094 Address review feedback 2016-09-14 15:13:54 -04:00
Jeff Mitchell bd4584c346 Make bootstrap use -u to ensure up-to-date versions of tools, as that's 
what we build with.

Fixes #1890
 2016-09-14 15:10:02 -04:00
vishalnayak d5cc763b8d Clarify that tags can be used on all instances that satisfies constraints 2016-09-14 14:55:09 -04:00
vishalnayak 03fc7b517f Specify that role tags are not tied to an instance by default 2016-09-14 14:49:18 -04:00
vishalnayak d0e4d77fce address review feedback 2016-09-14 14:28:02 -04:00
vishalnayak d7ce69c5eb Remove the client nonce being empty check 2016-09-14 14:28:02 -04:00
vishalnayak 53c919b1d0 Generate the nonce by default 2016-09-14 14:28:02 -04:00
Vishal Nayak eece4e047b Merge pull request #1887 from hashicorp/ec2-nonce-constant-compare 
Use constant time comparisons for client nonce
 2016-09-14 12:40:17 -04:00
vishalnayak 455a4ae055 address review feedback 2016-09-14 12:08:35 -04:00
vishalnayak b1392567d1 Use constant time comparisons for client nonce 2016-09-13 20:12:43 -04:00
Jeff Mitchell 74a0bfadb8 changelog++ 2016-09-13 18:42:56 -04:00
Jeff Mitchell 722e26f27a Add support for PGP encrypting the initial root token. (#1883) 2016-09-13 18:42:24 -04:00
vishalnayak d2e66014ba Address review feedback 2016-09-13 18:30:04 -04:00
Jeff Mitchell 08f1541a82 changelog++ 2016-09-13 18:09:24 -04:00
Jeff Mitchell 29b67141eb Only use running state for checking if instance is alive. (#1885) 
Fixes #1884
 2016-09-13 18:08:05 -04:00
vishalnayak 99a2655d8e upgrade notes entry for approle constraint and warning on role read 2016-09-13 17:44:07 -04:00
vishalnayak c364ac823b changelog++ 2016-09-13 16:55:20 -04:00
Jeff Mitchell bc3cce7d2d Add 0.6.2 page to sidebar 2016-09-13 16:49:54 -04:00
Vishal Nayak e320dea60a Merge pull request #1882 from hashicorp/approle-constraints 
Ensure at least one constraint on the role
 2016-09-13 16:46:27 -04:00
vishalnayak bef9c2ee61 Ensure at least one constraint on the role 2016-09-13 16:03:15 -04:00