9147f99c43
Remove unused param from checkForValidChain
2016-05-12 15:07:10 -04:00
85d9523f98
Perform CRL checking for non-CA registered certs
2016-05-12 14:37:07 -04:00
d899f9d411
Don't revoke CA certificates with leases.
2016-05-09 19:53:28 -04:00
d77563994c
Merge pull request #1346 from hashicorp/disable-all-caches
...
Disable all caches
2016-05-07 16:33:45 -04:00
b6b9cd6f1f
Merge remote-tracking branch 'origin/master' into aws-cred-chain
2016-05-05 10:31:12 -04:00
92fe94546c
Split SanitizeTTL method to support time.Duration parameters as well
2016-05-05 09:45:48 -04:00
4ede1d6f08
Add the steps to generate the CRL test's test-fixture files
2016-05-04 05:48:34 -04:00
1b0df1d46f
Cleanups, add shared provider, ability to specify http client, and port S3 physical backend over
2016-05-03 17:01:02 -04:00
7fbe5d2eaa
Region is required so error in awsutil if not set and set if empty in client code in logical/aws
2016-05-03 15:25:11 -04:00
a244ef8a00
Refactor AWS credential code into a function that returns a static->env->instance chain
2016-05-03 15:10:35 -04:00
45a120f491
Switch our tri-copy ca loading code to go-rootcerts
2016-05-03 12:23:25 -04:00
f21b88802f
Add some more tests around deletion and fix upsert status returning
2016-05-03 00:19:18 -04:00
7e1bdbe924
Massively simplify lock handling based on feedback
2016-05-02 23:47:18 -04:00
7f3613cc6e
Remove some deferring
2016-05-02 22:36:44 -04:00
fa0d389a95
Change use-hint of lockAll and lockPolicy
2016-05-02 22:36:44 -04:00
49c56f05e8
Address review feedback
2016-05-02 22:36:44 -04:00
3e5391aa9c
Switch to lockManager
2016-05-02 22:36:44 -04:00
08b91b776d
Address feedback
2016-05-02 22:36:44 -04:00
fedc8711a7
Fix up commenting and some minor tidbits
2016-05-02 22:36:44 -04:00
fe1f56de40
Make a non-caching but still locking variant of transit for when caches are disabled
2016-05-02 22:36:44 -04:00
57e8fcd8c2
Extend the expiry of test-fixture certs of Cert backend
2016-05-02 12:34:46 -04:00
3d1c88f315
Make GitHub org comparison case insensitive.
...
Fixes #1359
2016-05-02 00:18:31 -04:00
fde768125c
Cert backend, CRL tests
2016-04-29 02:32:48 -04:00
30ba5b7887
Merge pull request #1291 from mmickan/ssh-keyinstall-perms
...
Ensure authorized_keys file is readable when uninstalling an ssh key
2016-04-25 14:00:37 -04:00
fb07d07ad9
all: Cleanup from running go vet
2016-04-13 14:38:29 -05:00
06eeaecef6
Skip acceptance tests if VAULT_ACC is not set
2016-04-11 20:00:15 -04:00
d92b960f7a
Add list support to userpass users. Remove some unneeded existence
...
checks. Remove paths from requiring root.
Fixes #911
2016-04-09 18:28:55 -04:00
e3a1ee92b5
Utility Enhancements
2016-04-05 20:32:59 -04:00
fd8b023655
s/TF_ACC/VAULT_ACC
2016-04-05 15:24:59 -04:00
95abdebb06
Added AcceptanceTest boolean to logical.TestCase
2016-04-05 15:10:44 -04:00
a55124f0b6
Ensure authorized_keys file is readable when uninstalling an ssh key
...
Without this change, if the user running the ssh key install script doesn't
have read access to the authorized_keys file when uninstalling a key, all
keys will be deleted from the authorized_keys file.
Fixes GH #1285
2016-04-05 17:26:21 +09:30
7df3ec46b0
Some fixups around error/warning in LDAP
2016-04-02 13:33:00 -04:00
40325b8042
If no group DN is configured, still look for policies on local users and
...
return a warning, rather than just trying to do an LDAP search on an
empty string.
2016-04-02 13:11:36 -04:00
7fd5a679ca
Fix potential error scoping issue.
...
Ping #1262
2016-03-30 19:48:23 -04:00
3cfcd4ddf1
Check for nil connection back from go-ldap, which apparently can happen even with no error
...
Ping #1262
2016-03-29 10:00:04 -04:00
17613f5fcf
Removing debugging comment
2016-03-24 09:48:13 -04:00
4c4a65ebd0
Properly check for policy equivalency during renewal.
...
This introduces a function that compares two string policy sets while
ignoring the presence of "default" (since it's added by core, not the
backend), and ensuring that ordering and/or duplication are not failure
conditions.
Fixes #1256
2016-03-24 09:41:51 -04:00
dfc5a745ee
Remove check for using CSR values with non-CA certificate.
...
The endpoint enforces whether the certificate is a CA or not anyways, so
this ends up not actually providing benefit and causing a bug.
Fixes #1250
2016-03-23 10:05:38 -04:00
3e3621841d
Merge pull request #1227 from hashicorp/issue-477
...
Don't renew cert-based tokens if the policies have changed.
2016-03-17 18:25:39 -04:00
1951a01998
Add ability to exclude adding the CN to SANs.
...
Fixes #1220
2016-03-17 16:28:40 -04:00
a8dd6aa4f1
Don't renew cert-based tokens if the policies have changed.
...
Also, add cert renewal testing.
Fixes #477
2016-03-17 14:22:24 -04:00
77e4ee76bb
Normalize userpass errors around bad user/pass
2016-03-16 15:19:55 -04:00
8a3f1ad13e
Use 400 instead of 500 for failing to provide a userpass password.
2016-03-16 15:14:28 -04:00
2c0c901eac
Merge pull request #1216 from hashicorp/userpass-update
...
Userpass: Update the password and policies associated to user
2016-03-16 14:58:28 -04:00
f9b1fc3aa0
Add comments to existence functions
2016-03-16 14:53:53 -04:00
1951159b25
Addessing review comments
2016-03-16 14:21:14 -04:00
239ad4ad7e
Refactor updating user values
2016-03-16 13:42:02 -04:00
533b136fe7
Reduce the visibility of setUser
2016-03-16 11:39:52 -04:00
2914ff7502
Use helper for existence check. Avoid panic by fetching default values for field data
2016-03-16 11:26:33 -04:00
7db7b47fdd
Merge pull request #1210 from hashicorp/audit-id-path
...
Rename id to path and path to file_path, print audit backend paths
2016-03-15 20:13:21 -04:00
vishalnayak