f7147025dd
Migrate to sdk/internalshared libs in go-secure-stdlib ( #12090 )
...
* Swap sdk/helper libs to go-secure-stdlib
* Migrate to go-secure-stdlib reloadutil
* Migrate to go-secure-stdlib kv-builder
* Migrate to go-secure-stdlib gatedwriter
2021-07-15 20:17:31 -04:00
3c35a25d36
Fix for Issue 11863 - Panic when creating/updating approle role with token_type ( #11864 )
...
* initializing resp variable with aa *logical.Response before using it to add warning for default-service or default-batch token type. Also adding guard around code that sets resp to a new logical.Response further on in the function.
* adding changelog entry
* renaming changelog file to match PR number
2021-06-24 13:03:41 -04:00
d8f7dd364a
builtin: deprecate errwrap.Wrapf() throughout ( #11430 )
...
* audit: deprecate errwrap.Wrapf()
* builtin/audit/file: deprecate errwrap.Wrapf()
* builtin/crediential/app-id: deprecate errwrap.Wrapf()
* builtin/credential/approle: deprecate errwrap.Wrapf()
* builtin/credential/aws: deprecate errwrap.Wrapf()
* builtin/credentials/token: deprecate errwrap.Wrapf()
* builtin/credential/github: deprecate errwrap.Wrapf()
* builtin/credential/cert: deprecate errwrap.Wrapf()
* builtin/logical/transit: deprecate errwrap.Wrapf()
* builtin/logical/totp: deprecate errwrap.Wrapf()
* builtin/logical/ssh: deprecate errwrap.Wrapf()
* builtin/logical/rabbitmq: deprecate errwrap.Wrapf()
* builtin/logical/postgresql: deprecate errwrap.Wrapf()
* builtin/logical/pki: deprecate errwrap.Wrapf()
* builtin/logical/nomad: deprecate errwrap.Wrapf()
* builtin/logical/mssql: deprecate errwrap.Wrapf()
* builtin/logical/database: deprecate errwrap.Wrapf()
* builtin/logical/consul: deprecate errwrap.Wrapf()
* builtin/logical/cassandra: deprecate errwrap.Wrapf()
* builtin/logical/aws: deprecate errwrap.Wrapf()
2021-04-22 11:20:59 -04:00
303c2aee7c
Run a more strict formatter over the code ( #11312 )
...
* Update tooling
* Run gofumpt
* go mod vendor
2021-04-08 09:43:39 -07:00
b1c4b86d7f
approle: add ttl to the secret ID generation response ( #10826 )
...
* approle: add ttl to the secret ID generation response
* approle: move TTL derivation into helper func
* changelog: add changelog entry
* docs: update approle docs and api-docs pages
2021-02-03 16:32:16 -08:00
3ef01d49ab
approle: remove unneeded lock on list ( #8223 )
2020-01-22 16:03:26 -08:00
fd856bdd24
Fix some compatibility ( #7048 )
2019-07-02 23:29:42 -04:00
126bdf2d02
Add UpgradeValue path to tokenutil ( #7041 )
...
This drastically reduces boilerplate for upgrading existing values
2019-07-02 09:52:05 -04:00
2bca5f439f
AppRole TokenUtil conversion ( #7020 )
2019-07-01 16:30:08 -04:00
9ebc57581d
Switch to go modules ( #6585 )
...
* Switch to go modules
* Make fmt
2019-04-13 03:44:06 -04:00
8d6ce1ffb5
Move policyutil to sdk
2019-04-12 18:08:46 -04:00
7ca424e8d2
Move cidrutil to sdk
2019-04-12 18:03:59 -04:00
8bcb533a1b
Create sdk/ and api/ submodules ( #6583 )
2019-04-12 17:54:35 -04:00
2f9a7c6203
Add more perf standby guards ( #6149 )
2019-02-01 16:56:57 -05:00
d0e2badbae
Run goimports across the repository ( #6010 )
...
The result will still pass gofmtcheck and won't trigger additional
changes if someone isn't using goimports, but it will avoid the
piecemeal imports changes we've been seeing.
2019-01-08 16:48:57 -08:00
0c6793d774
Update path_role.go ( #5820 )
2018-11-19 13:40:36 -08:00
a64fc7d7cb
Batch tokens ( #755 )
2018-10-15 12:56:24 -04:00
e58a8a63a7
Add the ability to specify token CIDR restrictions on secret IDs. ( #5136 )
...
Fixes #5034
2018-08-21 11:54:04 -04:00
73cbbe2a9f
Add bound cidrs to tokens in AppRole ( #4680 )
2018-06-19 22:57:11 -04:00
69eff9c354
return 404 when role does exist on update operations ( #4778 )
2018-06-18 09:29:05 -04:00
11e2fd2fce
approle: Fix role name case sensitivity issue
2018-06-05 18:53:27 -04:00
9ef3a36007
s/enable_local_secret_ids/local_secret_ids
2018-04-24 17:52:42 -04:00
b16ee7b32d
remove unneeded setting of secret ID prefix
2018-04-24 15:55:40 -04:00
10579f5d8d
Fix api path for reading the field
2018-04-24 14:28:03 -04:00
aade040e50
Add immutability test
2018-04-24 10:05:17 -04:00
97c03c5a65
Add enable_local_secret_ids to role read response
2018-04-24 09:53:36 -04:00
6b7a042003
error on enable_local_secret_ids update after role creation
2018-04-23 17:05:53 -04:00
644892c53c
naming changes
2018-04-23 16:52:09 -04:00
a369a4edb6
Upgrade secret ID prefix and fix tests
2018-04-23 16:31:51 -04:00
d14cd4a51e
segregate local and non-local accessor entries
2018-04-23 16:19:05 -04:00
743e3ace13
fix path regex and role storage
2018-04-23 14:08:30 -04:00
97b821b231
local secret IDs
2018-04-23 14:08:30 -04:00
28e3eb9e2c
Errwrap everywhere ( #4252 )
...
* package api
* package builtin/credential
* package builtin/logical
* package command
* package helper
* package http and logical
* package physical
* package shamir
* package vault
* package vault
* address feedback
* more fixes
2018-04-05 11:49:21 -04:00
73b1fde82f
Spelling ( #4119 )
2018-03-20 14:54:10 -04:00
527eb418fe
approle: Use TypeCommaStringSlice for BoundCIDRList ( #4078 )
...
* Use TypeCommaStringSlice for Approle bound_cidr_list
* update docs
* Add comments in the test
2018-03-08 17:49:08 -05:00
9dba3590ac
Add context to the NewSalt function ( #4102 )
2018-03-08 11:21:11 -08:00
2f19de0305
Add context to storage backends and wire it through a lot of places ( #3817 )
2018-01-19 01:44:44 -05:00
1c190d4bda
Pass context to backends ( #3750 )
...
* Start work on passing context to backends
* More work on passing context
* Unindent logical system
* Unindent token store
* Unindent passthrough
* Unindent cubbyhole
* Fix tests
* use requestContext in rollback and expiration managers
2018-01-08 10:31:38 -08:00
2481803ac5
Update some approle related help output ( #3747 )
2018-01-03 13:56:14 -05:00
513d12ab7c
Fix the casing problem in approle ( #3665 )
2017-12-11 16:41:17 -05:00
61d617df81
Avoid race conditions in AppRole ( #3561 )
...
* avoid race conditions in approle
* return a warning from role read if secondary index is missing
* Create a role ID index if a role is missing one
* Fix locking in approle read and add test
* address review feedback
2017-11-10 11:32:04 -05:00
9077adb377
Sanitize policy behavior across backends ( #3324 )
...
Fixes #3323
Fixes #3318
* Fix tests
* Fix tests
2017-09-13 11:36:52 -04:00
a133286609
Switch policies in AppRole to TypeCommaStringSlice ( #3163 )
2017-08-14 20:15:51 -04:00
d25aa9fc21
Don't write salts in initialization, look up on demand ( #2702 )
2017-05-09 17:51:09 -04:00
6f6f242061
Add logic to skip initialization in some cases and some invalidation logic
2017-05-05 15:01:52 -04:00
847c86f788
Rename ParseDedupAndSortStrings to ParseDedupLowercaseAndSortStrings ( #2614 )
2017-04-19 10:39:07 -04:00
049e086b07
Fix typo. Closes GH-2528
2017-04-04 12:29:18 -04:00
3d162b63cc
Use locks in a slice rather than a map, which is faster and makes things cleaner ( #2446 )
2017-03-07 11:21:32 -05:00
491a56fe9f
AppRole: Support restricted use tokens ( #2435 )
...
* approle: added token_num_uses to the role
* approle: added RUD tests for token_num_uses on role
* approle: doc: added token_num_uses
2017-03-03 09:31:20 -05:00
14fcc4b6eb
approle: secret-id listing lock sanity check ( #2315 )
...
* approle: secret-id listing lock sanity
* Skip processing an empty secretIDHMAC item during the iteration
* approle: use dedicated lock for listing of secret-id-accessors
2017-02-01 18:13:49 -05:00
Jeff Mitchell