Commit Graph

171 Commits

Author SHA1 Message Date
Vishal Nayak b1ee56a15b Merge pull request #1910 from hashicorp/secret-id-cidr-list
CIDR restrictions on Secret ID
2016-09-26 10:22:48 -04:00
Jeff Mitchell 72b9c4c649 Fix parsing env var, needed to be in the helper too 2016-09-23 13:20:26 -04:00
vishalnayak a31f9bb0e9 Fix zeroAddr check 2016-09-23 12:50:26 -04:00
vishalnayak f560e20b28 Address review feedback 2016-09-22 18:07:35 -04:00
vishalnayak 07b1b244d6 Use net.IPv4zero to check for zero address 2016-09-21 20:29:33 -04:00
vishalnayak aaadd4ad97 Store the CIDR list in the secret ID storage entry.
Use the stored information to validate the source address and credential issue time.
Correct the logic used to verify BoundCIDRList on the role.
Reverify the subset requirements between secret ID and role during credential issue time.
2016-09-21 20:19:26 -04:00
vishalnayak 93604e1e2e Added cidrutil helper 2016-09-21 13:58:32 -04:00
Jeff Mitchell 0ff76e16d2 Transit and audit enhancements 2016-09-21 10:49:26 -04:00
Jeff Mitchell 897d3c6d2c Rename GetOctalFormatted and add serial number to ParsedCertBundle. Basically a noop. 2016-09-16 11:05:43 -04:00
Jeff Mitchell 1d6552c625 Update logging formatting 2016-09-01 16:14:21 -04:00
vishalnayak cdcfa4572f Address review feedback 2016-08-30 16:36:58 -04:00
Jeff Mitchell 7e41d5ab45 Pass headers back when request forwarding (#1795) 2016-08-26 17:53:47 -04:00
Jeff Mitchell 58b32e5432 Convert to logxi 2016-08-21 18:13:37 -04:00
Jeff Mitchell 2860dcc60f gofmt 2016-08-19 16:48:32 -04:00
Jeff Mitchell bdcfe05517 Clustering enhancements (#1747) 2016-08-19 11:03:53 -04:00
Jeff Mitchell 5c33356d14 Protobuf for forwarding (#1743) 2016-08-17 16:15:15 -04:00
Jeff Mitchell 8d6244f8e7 Don't serialize the full connection state, instead just the peer certificates, and parse them on the other side 2016-08-17 10:29:53 -04:00
Jeff Mitchell 37320f8798 Request forwarding (#1721)
Add request forwarding.
2016-08-15 09:42:42 -04:00
James Nugent 2c14ff7385 build: Add support for building on Illumos
This commit adds support for building for Illumos-derived operating
systems. Regrettably, the cyrpto/ssh/terminal package does not include
implementations of the functions IsTerminal, MakeRaw or Restore for the
solaris OS. Consequently this commit implements them in Vault.

makeRaw(fd int) is based on the Illumos implementation of the getpass
function [1] for the correct flags. isTerminal(fd int) is based on the
Illumos libc implementation [2] of isatty.

[1] http://src.illumos.org/source/xref/illumos-gate/usr/src/lib/libast/common/uwin/getpass.c
[2] http://src.illumos.org/source/xref/illumos-gate/usr/src/lib/libbc/libc/gen/common/isatty.c
2016-08-13 00:20:15 -04:00
Jeff Mitchell c1a46349fa Change to keybase openpgp fork as it has important fixes 2016-08-11 08:31:43 -04:00
vishalnayak 185363d6e0 Address review feedback 2016-08-09 11:13:48 -04:00
vishalnayak b43cc03f0e Address review feedback from @jefferai 2016-08-09 10:47:55 -04:00
vishalnayak 78d57520fb Refactoring and test fixes 2016-08-09 03:43:03 -04:00
vishalnayak c81460add6 Added compressutil tests 2016-08-09 02:26:38 -04:00
vishalnayak f994c7ccd3 Tests for (de)compression in jsonutil 2016-08-09 00:50:19 -04:00
vishalnayak 29989fa4c1 Make generic utility for compression and decompression 2016-08-09 00:50:19 -04:00
vishalnayak 55ecad83bc Pull out compression code into compressutil 2016-08-09 00:50:19 -04:00
vishalnayak 5866cee5b4 Added utilities to compress the data 2016-08-09 00:50:19 -04:00
Jeff Mitchell 6ffdce7f40 Fix bugs and add test case for arbitrary string slice 2016-08-03 14:57:36 -04:00
Jeff Mitchell 9e204bd88c Add arbitrary string slice parsing.
Like the KV function, this supports either separated strings or JSON
strings, base64-encoded or not.

Fixes #1619 in theory.
2016-08-03 14:24:16 -04:00
Jeff Mitchell c025b292b5 Cleanup 2016-08-03 13:09:12 -04:00
vishalnayak cff7aada7a Fix invalid input getting marked as internal error 2016-07-28 16:23:11 -04:00
vishalnayak a6907769b0 AppRole authentication backend 2016-07-26 09:32:41 -04:00
Jeff Mitchell f1cc16b77f Remove manual selection of nextprotos from tls config coming from certutil; it's really not up to us to dictate third party requirements 2016-07-22 11:12:46 -04:00
vishalnayak 8dc3a830dc Address review feedback 2016-07-22 10:21:45 -04:00
vishalnayak 58bd985551 Address review feedback from @jefferai 2016-07-22 08:44:16 -04:00
vishalnayak 765d131b47 Added service-tags config option to provide additional tags to registered service 2016-07-22 04:41:48 -04:00
Vishal Nayak 9bb89431dc Merge pull request #1632 from hashicorp/lib-locks-create
Added helper to create locks
2016-07-21 10:23:34 -04:00
Jeff Mitchell 3ec81debe7 Trim leading/trailing space around PEM bundles.
Fixes #1634
2016-07-20 13:57:49 -04:00
vishalnayak ba4dc638bf Added test for CreateLocks 2016-07-20 05:37:38 -04:00
vishalnayak 331f229858 Added a cap of 256 for CreateLocks utility 2016-07-20 04:48:35 -04:00
vishalnayak 50e8a189e9 Added helper to create locks 2016-07-19 21:37:28 -04:00
vishalnayak c14235b206 Merge branch 'master-oss' into json-use-number
Conflicts:
	http/handler.go
	logical/framework/field_data.go
	logical/framework/wal.go
	vault/logical_passthrough.go
2016-07-15 19:21:55 -04:00
vishalnayak de19314f18 Address review feedback 2016-07-13 11:52:26 -04:00
vishalnayak f78f303787 git add tlsutil 2016-07-13 11:29:17 -04:00
vishalnayak f34f0ef503 Make 'tls_min_version' configurable 2016-07-12 19:32:47 -04:00
vishalnayak 46d34130ac Set minimum TLS version in all tls.Config objects 2016-07-12 17:06:28 -04:00
Jeff Mitchell 5b210b2a1f Return a duration instead and port a few other places to use it 2016-07-11 18:19:35 +00:00
Jeff Mitchell ab6c2bc5e8 Factor out parsing duration second type and use it for parsing tune values too 2016-07-11 17:53:39 +00:00
vishalnayak 10b5f6648b Added jsonutil functional tests 2016-07-07 12:12:51 -04:00