Calvin Leung Huang
93ee14844f
cert/tests: fix tests due to cert expiry ( #6647 )
2019-04-26 16:49:30 -07:00
Becca Petrin
22a6e54957
Merge pull request #6380 from povils/aws_user_path
...
AWS add user_path option for role.
2019-04-23 09:05:35 -07:00
ncabatoff
06574da57a
Merge multiple functions for creating consul containers into one. ( #6612 )
...
Merge both functions for creating mongodb containers into one.
Add retries to docker container cleanups.
Require $VAULT_ACC be set to enable AWS tests.
2019-04-22 12:26:10 -04:00
Povilas Susinskas
67f5bbe88f
AWS backend: Add user_path option for role.
2019-04-22 18:07:21 +02:00
Jeff Mitchell
5dcfe7bf5f
Fix a dropped Okta error ( #6592 )
2019-04-16 13:05:50 -04:00
Jeff Mitchell
213b9fd1cf
Update to api 1.0.1 and sdk 0.1.8
2019-04-15 14:10:07 -04:00
Becca Petrin
d3b7c3ccaf
Add explanation to dbplugin.Database ( #6581 )
...
* add explanation to the database interface
* wordsmithing
* wrap comments, add comments for Type and Close methods
* will be stored, not with be stored
* update comment on the Type method
2019-04-15 08:39:44 -07:00
Jeff Mitchell
9ebc57581d
Switch to go modules ( #6585 )
...
* Switch to go modules
* Make fmt
2019-04-13 03:44:06 -04:00
Jeff Mitchell
1b5155080b
Update protobufs, sdk changes
2019-04-12 23:13:14 -04:00
Jeff Mitchell
33faef3840
Fix some test breakages
2019-04-12 22:05:01 -04:00
Jeff Mitchell
28e2ce8577
Fix build breakages
2019-04-12 22:01:13 -04:00
Becca Petrin
6ded269700
Merge pull request #6268 from hashicorp/6234-aws-region
...
Add region to CLI for generating AWS login data
2019-04-12 16:15:38 -07:00
Jeff Mitchell
80c303ac83
Move ldaputil and tlsutil over to sdk
2019-04-12 18:26:54 -04:00
Jeff Mitchell
a1796b3ece
Move password to sdk
2019-04-12 18:12:13 -04:00
Jeff Mitchell
8d6ce1ffb5
Move policyutil to sdk
2019-04-12 18:08:46 -04:00
Jeff Mitchell
7ca424e8d2
Move cidrutil to sdk
2019-04-12 18:03:59 -04:00
Jeff Mitchell
8bcb533a1b
Create sdk/ and api/ submodules ( #6583 )
2019-04-12 17:54:35 -04:00
Becca Petrin
4a4eab50a1
Merge branch 'opensource-master' into 6234-aws-region
2019-04-03 11:37:33 -07:00
Jeff Mitchell
0e93244b14
Clean up test artifacts
2019-04-02 15:09:31 -04:00
Jeff Mitchell
a6d6d55c03
Fix failing cert test due to cert expiration ( #6520 )
...
This introduces a way to just generate new certs for each test. It
doesn't port everything over but we can over time.
2019-04-02 14:49:42 -04:00
Brian Kassouf
f53b728d38
Update plugin.go
2019-04-01 16:45:59 -07:00
Calvin Leung Huang
000066aff7
Update builtin/credential/aws/cli.go
...
Co-Authored-By: tyrannosaurus-becks <beccapetrin@posteo.net>
2019-04-01 15:37:02 -07:00
Becca Petrin
339cfcaaf8
merge master
2019-04-01 13:52:44 -07:00
Matt Greenfield
080d4652f0
Fix uri_sans param being ignored when use_csr_values=false ( #6505 )
2019-04-01 16:08:22 -04:00
T.K
453f1ac109
changed misspelled english words ( #6432 )
2019-03-19 09:32:45 -04:00
Iskander (Alex) Sharipov
b4d30a1b6c
all: fix no-op append calls ( #6360 )
...
Append call in form of `append(s)` has no effect,
it just returns `s`. Sometimes such invocation is a sign
of a programming error, so it's better to remove these.
Signed-off-by: Iskander Sharipov <quasilyte@gmail.com>
2019-03-14 13:40:30 -07:00
Matthew Bamber
4283e6a408
Fix SSH zero address OTP delete ( #6390 )
...
* Fix SSH zero address OTP delete
Fixed bug where SSH OTP roles could not be deleted if a zero-address role
previously existed, and there currently exist no zero-address roles.
Fixes #6382
* Eliminate zeroAddressRoles remove function
2019-03-14 08:56:40 -07:00
Martin
1b9327fe3f
Fix inverted description for ldap/users$ and ldap/groups$ endpoints ( #6406 )
2019-03-13 11:02:45 -07:00
Jeff Mitchell
3b0d07a440
ToUpper base32 values for TOTP key ingress ( #6400 )
...
Fixes #6396
2019-03-12 11:07:03 -04:00
Becca Petrin
1909b20217
merge master
2019-03-05 09:39:53 -08:00
Jim Kalafut
a34099b9bb
Use HashTypeMap and remove structs in batch HMAC ( #6334 )
2019-03-04 14:49:29 -08:00
martinwaite
04c174214c
Batch hmac - ( #5850 ) ( #5875 )
2019-03-04 12:26:20 -08:00
Becca Petrin
5829774e91
Support env vars for STS region ( #6284 )
2019-02-28 09:31:06 -08:00
Joel Thompson
dbff485a1f
Coax AWS SDK to use right region for STS
2019-02-20 22:57:39 -05:00
Becca Petrin
65b8ad9187
allow aws region in cli login
2019-02-20 16:43:21 -08:00
Brian Kassouf
efe5671f36
make fmt
2019-02-20 12:12:21 -08:00
madalynrose
625f0c7546
Update OpenAPI responses to include information the UI can use ( #6204 )
2019-02-14 12:42:44 -05:00
Brian Kassouf
524b65cb9b
Remove netRPC based plugins ( #6173 )
...
* Remove netRPC backend plugins
* Remove netRPC database plugins
* Fix tests and comments
2019-02-12 09:31:03 -08:00
Clint
0db43e697b
Add signed key constraints to SSH CA [continued] ( #6030 )
...
* Adds the ability to enforce particular ssh key types and minimum key
lengths when using Signed SSH Certificates via the SSH Secret Engine.
2019-02-11 13:03:26 -05:00
Becca Petrin
ba3ed879f8
Use null strings in MSSQL to prevent errs ( #6099 )
2019-02-08 10:04:54 -08:00
Jeff Mitchell
82a85aa8c8
Make fmt
2019-02-08 09:12:55 -05:00
Naoki Ainoya
a967078d80
add missing key bound_cidrs
in pathCertRead Response ( #6080 )
2019-02-07 22:41:38 -05:00
Brian Nuszkowski
707c6d1813
Add SHA1 signing/verification support to transit engine ( #6037 )
...
* Add SHA1 signing/verification support to transit engine
* Update signing/verification endpoint documentation to include sha1 hash algorithm
2019-02-07 15:31:31 -08:00
Becca Petrin
3225a66d34
Return a more helpful error message for unknown db roles ( #6157 )
...
* return a more helpful err msg
* update test, print fmt
* fix other test failure
2019-02-07 11:16:23 -08:00
Becca Petrin
421a526e8f
dont automatically accept mssql eula ( #6169 )
2019-02-05 14:11:06 -08:00
Jeff Mitchell
5f249d4005
Add allowed_response_headers ( #6115 )
2019-02-05 16:02:15 -05:00
Jeff Mitchell
2f9a7c6203
Add more perf standby guards ( #6149 )
2019-02-01 16:56:57 -05:00
Jeff Mitchell
bbc1d53a5d
Revert "Refactor common token fields and operations into a helper ( #5953 )"
...
This reverts commit 66c226c593bb1cd48cfd8364ac8510cb42b7d67a.
2019-02-01 11:23:40 -05:00
Joel Thompson
33400e6e99
Fix typo in help text ( #6136 )
...
Small typo introduced in #6133
2019-01-31 08:53:54 -08:00
Jeff Mitchell
85a560abba
Refactor common token fields and operations into a helper ( #5953 )
2019-01-30 16:23:28 -05:00
Jeff Mitchell
d8b0015d71
Add role ID to token metadata and internal data
2019-01-30 16:17:31 -05:00
Jeff Mitchell
47accf8086
Add role_id as an alias name source for AWS and change the defaults
2019-01-30 15:51:45 -05:00
Jeff Mitchell
5e126f6de8
Implement JWS-compatible signature marshaling ( #6077 )
...
This currently only applies to ECDSA signatures, and is a toggleable
option.
2019-01-23 12:31:34 -05:00
Jeff Mitchell
159f0c1b0a
Fix typo in comment
2019-01-17 13:28:27 -05:00
Vishal Nayak
0c30f46587
Add option to configure ec2_alias values ( #5846 )
...
* Add option to configure ec2_alias values
* Doc updates
* Fix overwriting of previous config value
* s/configEntry/config
* Fix formatting
* Address review feedback
* Address review feedback
2019-01-09 18:28:29 -05:00
ncabatoff
3e3498073e
Fix #5973 on windows by disregarding errors when querying legacy cert path. ( #6013 )
2019-01-08 18:08:21 -08:00
Jim Kalafut
d0e2badbae
Run goimports across the repository ( #6010 )
...
The result will still pass gofmtcheck and won't trigger additional
changes if someone isn't using goimports, but it will avoid the
piecemeal imports changes we've been seeing.
2019-01-08 16:48:57 -08:00
Jeff Mitchell
e11c7966fa
Change credential_types output to credential_type ( #5975 )
...
Fixes #5972
2019-01-04 14:49:53 -05:00
Jeff Mitchell
cb1a686e3b
Strip empty strings from database revocation stmts ( #5955 )
...
* Strip empty strings from database revocation stmts
It's technically valid to give empty strings as statements to run on
most databases. However, in the case of revocation statements, it's not
only generally inadvisable but can lead to lack of revocations when you
expect them. This strips empty strings from the array of revocation
statements.
It also makes two other changes:
* Return statements on read as empty but valid arrays rather than nulls,
so that typing information is inferred (this is more in line with the
rest of Vault these days)
* Changes field data for TypeStringSlice and TypeCommaStringSlice such
that a client-supplied value of `""` doesn't turn into `[]string{""}`
but rather `[]string{}`.
The latter and the explicit revocation statement changes are related,
and defense in depth.
2018-12-14 09:12:26 -05:00
Lukasz Jagiello
76008b2e1e
Remove an empty line for /pki/ca_chain ( #5779 )
...
This PR fix #5778 .
Easy test case to reproduce the problem:
https://play.golang.org/p/CAMdrOHT7C1
Since `certStr` is empty string during first iteration `strings.Join()`
will merge empty line with first CA cert.
Extra `strings.TrimSpace` call will remove that empty line, before
certificate will be return.
2018-12-12 15:38:35 -05:00
Jeff Mitchell
e3c538e9cb
Fix tests
2018-12-11 15:04:02 -05:00
Jeff Mitchell
c178d05e07
Properly continue if cert entry is nil when tidying ( #5933 )
...
Fixes #5931
2018-12-11 11:28:14 -05:00
Jeff Mitchell
13b5c3be51
Fix SSH CA giving 500 if keys need to be deleted ( #5897 )
2018-12-04 13:29:11 -05:00
Brian Kassouf
0c6793d774
Update path_role.go ( #5820 )
2018-11-19 13:40:36 -08:00
Calvin Leung Huang
e6ec67fb8f
Use inclusive range on cert role diff comparison ( #5737 )
2018-11-08 12:15:12 -08:00
Jeff Mitchell
fa26beeaed
fmt
2018-11-07 16:52:01 -05:00
Becca Petrin
7bd22e6779
Run all builtins as plugins ( #5536 )
2018-11-06 17:21:24 -08:00
Calvin Leung Huang
b4503d02c6
Call wg.Add(1) outside of goroutine ( #5716 )
2018-11-06 16:36:13 -08:00
Calvin Leung Huang
20faa90ee3
Use Truncate instead of Round on duration diff ( #5691 )
2018-11-05 17:32:33 -05:00
Calvin Leung Huang
1a4e8fe53d
Round time diff to nearest second to reduce flakiness ( #5688 )
2018-11-05 16:49:25 -05:00
Vishal Nayak
332e32294a
Remove namespace.TestContext and namespace.TestNamespace ( #5682 )
2018-11-05 11:11:32 -05:00
Nicolas Corrarello
0b44a55d22
Adding support for Consul 1.4 ACL system ( #5586 )
...
* Adding support for Consul 1.4 ACL system
* Working tests
* Fixed logic gate
* Fixed logical gate that evaluate empty policy or empty list of policy names
* Ensure tests are run against appropiate Consul versions
* Running tests against official container with a 1.4.0-rc1 tag
* policies can never be nil (as even if it is empty will be an empty array)
* addressing feedback, refactoring tests
* removing cast
* converting old lease field to ttl, adding max ttl
* cleanup
* adding missing test
* testing wrong version
* adding support for local tokens
* addressing feedback
2018-11-02 10:44:12 -04:00
Vishal Nayak
142a944bfd
Allow @ to be part of key name in TOTP secret engine ( #5652 )
...
* Allow @ to be part of key name in TOTP secret engine
* Allow @ for key name while generating the code
2018-10-31 12:57:18 -04:00
Jeff Mitchell
6c488921ff
Fix website/path-help docs around pki/tidy
2018-10-30 21:33:30 -04:00
Balazs Nagy
ca5c60642e
Use tidy_revoked_certs instead of tidy_revocation_list ( #5608 )
2018-10-29 19:29:35 -04:00
Jeff Mitchell
8eca41ee2d
Fix build
2018-10-27 14:06:20 -04:00
Jeff Mitchell
a21a7e9eb4
Change ordering of user lookup vs. password hashing ( #5614 )
...
* Change ordering of user lookup vs. password hashing
This fixes a very minor information leak where someone could brute force
the existence of a username. It's not perfect as the underlying storage
plays a part but bcrypt's slowness puts that much more in the noise.
2018-10-27 10:43:08 -07:00
Jeff Mitchell
12f32ad22c
Merge branch 'master-oss' into 1.0-beta-oss
2018-10-22 12:32:44 -04:00
Jeff Mitchell
89f0efb6a1
fmt
2018-10-20 21:09:51 -04:00
andrejvanderzee
585911c79e
Added role-option max_sts_ttl to cap TTL for AWS STS credentials. ( #5500 )
...
* Added role-option max_sts_ttl to cap TTL for AWS STS credentials.
* Allow for setting max_sts_ttl to 0 after it has been set already.
* Fixed message in error response for default_sts_ttl > max_sts_ttl.
2018-10-20 10:36:47 -04:00
Matthew Irish
8073ebcd1e
Merge branch 'oss-master' into 1.0-beta-oss
2018-10-19 20:40:36 -05:00
Brian Kassouf
e943a60041
Plugin version negotiation ( #5434 )
...
* Plugin version updates
* Update datatbase plugins
* Revert netRPC deletions
* Revert netRPC deletions
* Update plugins to serve both versions
* Update database plugins
* Add Initialize back in
* revert pointer changes
* Add deprecation warning
* Update tests
* Update go-plugin
* Review Feedback
2018-10-19 15:56:17 -07:00
Jeff Mitchell
9f6dd376e2
Merge branch 'master-oss' into 1.0-beta-oss
2018-10-19 17:47:58 -04:00
Jeff Mitchell
5e2cc31cb6
Remove now-spurious ttl check and logic from sign-verbatim. ( #5552 )
...
This endpoint eventually goes through generateCreationBundle where we
already have the right checks.
Also add expiration to returned value to match output when using root
generation.
Fixes #5549
2018-10-19 11:13:59 -04:00
Chris Hoffman
6a462ea4d3
Only run cassandra test with VAULT_ACC set
2018-10-19 11:09:28 -04:00
Chris Hoffman
a7b4d97e4a
trying to fix cassandra running on travis
2018-10-19 10:45:37 -04:00
Jeff Mitchell
841c4fcdd1
Merge branch 'master-oss' into 1.0-beta-oss
2018-10-19 09:25:17 -04:00
Evgeniy Zakharochkin
46948aef80
ability to add NAS Identifier header to radius request ( #5465 )
2018-10-18 13:41:14 -04:00
Jeff Mitchell
d843e0b52c
Merge branch 'master-oss' into 1.0-beta-oss
2018-10-18 10:28:14 -04:00
Vishal Nayak
4c8aa842ad
Return absolute paths while listing in LDAP backend ( #5537 )
2018-10-17 14:56:51 -07:00
Vishal Nayak
ec7343b1c6
Transit: Key Trim ( #5388 )
...
* Support key trimming
* Add doc
* Move trimming to its own endpoint
* Remove trimmed_min_version field from config endpoint
* Fix description
* Doc updates
* Fix response json in docs
* Address review feedback
* s/min_version/min_available_version
* Commenting and error statement updates
2018-10-17 09:05:05 -07:00
Jeff Mitchell
8442fa272a
Use TypeCommaStringSlice for SSH zeroaddress roles ( #5528 )
...
Fixes #5527
2018-10-16 23:33:12 -07:00
Jeff Mitchell
a64fc7d7cb
Batch tokens ( #755 )
2018-10-15 12:56:24 -04:00
Jeff Mitchell
4217ced72d
Re-add default NotBefore duration in PKI ( #5482 )
...
Fixes #5481
2018-10-10 09:42:37 -04:00
Jeff Mitchell
c8dbab9c3d
Only return 200 if there are actually warnings in AWS roles create/update ( #5487 )
2018-10-09 16:52:47 -04:00
Calvin Leung Huang
b47e648ddf
Logger cleanup ( #5480 )
2018-10-09 09:43:17 -07:00
Calvin Leung Huang
1b8b9a49d4
Remove unnecessary test ( #5483 )
2018-10-09 09:40:47 -07:00
Becca Petrin
937cfff21a
Make builtin auth and secret plugins buildable ( #5456 )
2018-10-09 09:29:20 -07:00
Jeff Mitchell
ff57c14bc2
Set allowed OIDs to any value when generaing a CA. ( #5462 )
...
* Set allowed OIDs to any value when generaing a CA.
Also, allow utf-8 in addition to utf8 as the OID type specifier, and
allow `*` to specify any OID of a supported type.
* Update PKI docs
2018-10-08 09:51:43 -04:00
Brian Kassouf
2995c06a53
Fix build ( #5457 )
2018-10-03 14:53:08 -07:00