Vishal Nayak
b1ee56a15b
Merge pull request #1910 from hashicorp/secret-id-cidr-list
...
CIDR restrictions on Secret ID
2016-09-26 10:22:48 -04:00
Jeff Mitchell
72b9c4c649
Fix parsing env var, needed to be in the helper too
2016-09-23 13:20:26 -04:00
vishalnayak
a31f9bb0e9
Fix zeroAddr check
2016-09-23 12:50:26 -04:00
vishalnayak
f560e20b28
Address review feedback
2016-09-22 18:07:35 -04:00
vishalnayak
07b1b244d6
Use net.IPv4zero to check for zero address
2016-09-21 20:29:33 -04:00
vishalnayak
aaadd4ad97
Store the CIDR list in the secret ID storage entry.
...
Use the stored information to validate the source address and credential issue time.
Correct the logic used to verify BoundCIDRList on the role.
Reverify the subset requirements between secret ID and role during credential issue time.
2016-09-21 20:19:26 -04:00
vishalnayak
93604e1e2e
Added cidrutil helper
2016-09-21 13:58:32 -04:00
Jeff Mitchell
0ff76e16d2
Transit and audit enhancements
2016-09-21 10:49:26 -04:00
Jeff Mitchell
897d3c6d2c
Rename GetOctalFormatted and add serial number to ParsedCertBundle. Basically a noop.
2016-09-16 11:05:43 -04:00
Jeff Mitchell
1d6552c625
Update logging formatting
2016-09-01 16:14:21 -04:00
vishalnayak
cdcfa4572f
Address review feedback
2016-08-30 16:36:58 -04:00
Jeff Mitchell
7e41d5ab45
Pass headers back when request forwarding ( #1795 )
2016-08-26 17:53:47 -04:00
Jeff Mitchell
58b32e5432
Convert to logxi
2016-08-21 18:13:37 -04:00
Jeff Mitchell
2860dcc60f
gofmt
2016-08-19 16:48:32 -04:00
Jeff Mitchell
bdcfe05517
Clustering enhancements ( #1747 )
2016-08-19 11:03:53 -04:00
Jeff Mitchell
5c33356d14
Protobuf for forwarding ( #1743 )
2016-08-17 16:15:15 -04:00
Jeff Mitchell
8d6244f8e7
Don't serialize the full connection state, instead just the peer certificates, and parse them on the other side
2016-08-17 10:29:53 -04:00
Jeff Mitchell
37320f8798
Request forwarding ( #1721 )
...
Add request forwarding.
2016-08-15 09:42:42 -04:00
James Nugent
2c14ff7385
build: Add support for building on Illumos
...
This commit adds support for building for Illumos-derived operating
systems. Regrettably, the cyrpto/ssh/terminal package does not include
implementations of the functions IsTerminal, MakeRaw or Restore for the
solaris OS. Consequently this commit implements them in Vault.
makeRaw(fd int) is based on the Illumos implementation of the getpass
function [1] for the correct flags. isTerminal(fd int) is based on the
Illumos libc implementation [2] of isatty.
[1] http://src.illumos.org/source/xref/illumos-gate/usr/src/lib/libast/common/uwin/getpass.c
[2] http://src.illumos.org/source/xref/illumos-gate/usr/src/lib/libbc/libc/gen/common/isatty.c
2016-08-13 00:20:15 -04:00
Jeff Mitchell
c1a46349fa
Change to keybase openpgp fork as it has important fixes
2016-08-11 08:31:43 -04:00
vishalnayak
185363d6e0
Address review feedback
2016-08-09 11:13:48 -04:00
vishalnayak
b43cc03f0e
Address review feedback from @jefferai
2016-08-09 10:47:55 -04:00
vishalnayak
78d57520fb
Refactoring and test fixes
2016-08-09 03:43:03 -04:00
vishalnayak
c81460add6
Added compressutil tests
2016-08-09 02:26:38 -04:00
vishalnayak
f994c7ccd3
Tests for (de)compression in jsonutil
2016-08-09 00:50:19 -04:00
vishalnayak
29989fa4c1
Make generic utility for compression and decompression
2016-08-09 00:50:19 -04:00
vishalnayak
55ecad83bc
Pull out compression code into compressutil
2016-08-09 00:50:19 -04:00
vishalnayak
5866cee5b4
Added utilities to compress the data
2016-08-09 00:50:19 -04:00
Jeff Mitchell
6ffdce7f40
Fix bugs and add test case for arbitrary string slice
2016-08-03 14:57:36 -04:00
Jeff Mitchell
9e204bd88c
Add arbitrary string slice parsing.
...
Like the KV function, this supports either separated strings or JSON
strings, base64-encoded or not.
Fixes #1619 in theory.
2016-08-03 14:24:16 -04:00
Jeff Mitchell
c025b292b5
Cleanup
2016-08-03 13:09:12 -04:00
vishalnayak
cff7aada7a
Fix invalid input getting marked as internal error
2016-07-28 16:23:11 -04:00
vishalnayak
a6907769b0
AppRole authentication backend
2016-07-26 09:32:41 -04:00
Jeff Mitchell
f1cc16b77f
Remove manual selection of nextprotos from tls config coming from certutil; it's really not up to us to dictate third party requirements
2016-07-22 11:12:46 -04:00
vishalnayak
8dc3a830dc
Address review feedback
2016-07-22 10:21:45 -04:00
vishalnayak
58bd985551
Address review feedback from @jefferai
2016-07-22 08:44:16 -04:00
vishalnayak
765d131b47
Added service-tags config option to provide additional tags to registered service
2016-07-22 04:41:48 -04:00
Vishal Nayak
9bb89431dc
Merge pull request #1632 from hashicorp/lib-locks-create
...
Added helper to create locks
2016-07-21 10:23:34 -04:00
Jeff Mitchell
3ec81debe7
Trim leading/trailing space around PEM bundles.
...
Fixes #1634
2016-07-20 13:57:49 -04:00
vishalnayak
ba4dc638bf
Added test for CreateLocks
2016-07-20 05:37:38 -04:00
vishalnayak
331f229858
Added a cap of 256 for CreateLocks utility
2016-07-20 04:48:35 -04:00
vishalnayak
50e8a189e9
Added helper to create locks
2016-07-19 21:37:28 -04:00
vishalnayak
c14235b206
Merge branch 'master-oss' into json-use-number
...
Conflicts:
http/handler.go
logical/framework/field_data.go
logical/framework/wal.go
vault/logical_passthrough.go
2016-07-15 19:21:55 -04:00
vishalnayak
de19314f18
Address review feedback
2016-07-13 11:52:26 -04:00
vishalnayak
f78f303787
git add tlsutil
2016-07-13 11:29:17 -04:00
vishalnayak
f34f0ef503
Make 'tls_min_version' configurable
2016-07-12 19:32:47 -04:00
vishalnayak
46d34130ac
Set minimum TLS version in all tls.Config objects
2016-07-12 17:06:28 -04:00
Jeff Mitchell
5b210b2a1f
Return a duration instead and port a few other places to use it
2016-07-11 18:19:35 +00:00
Jeff Mitchell
ab6c2bc5e8
Factor out parsing duration second type and use it for parsing tune values too
2016-07-11 17:53:39 +00:00
vishalnayak
10b5f6648b
Added jsonutil functional tests
2016-07-07 12:12:51 -04:00