Commit graph

1778 commits

Author SHA1 Message Date
Armon Dadgar 93ee9f6b76 website: update the transit documentation 2015-06-17 18:45:29 -07:00
Armon Dadgar f53d31a580 secret/transit: Use special endpoint to get underlying keys. Fixes #219 2015-06-17 18:42:23 -07:00
Armon Dadgar 3a2adcb3b8 cmomand/read: strip path prefix if necessary. Fixes #343 2015-06-17 18:33:15 -07:00
Armon Dadgar 6bc2b06de4 server: graceful shutdown for fast failover. Fixes #308 2015-06-17 18:24:56 -07:00
Armon Dadgar dbf6cf6e6d vault: support core shutdown 2015-06-17 18:23:59 -07:00
Vishal Nayak cfef144dc2 Merge branch 'master' of https://github.com/hashicorp/vault into vishalvault 2015-06-17 20:34:56 -04:00
Vishal Nayak 303a7cef9a Received OTK in SSH client. Forked SSH process from CLI. Added utility file for SSH. 2015-06-17 20:33:03 -04:00
Armon Dadgar 1f963ec1bb command/token-create: provide more useful output. Fixes #337 2015-06-17 16:59:50 -07:00
Armon Dadgar ffeb6ea76c vault: allow increment to be duration string. Fixes #340 2015-06-17 15:58:20 -07:00
Armon Dadgar 6b23b14773 logical/framework: adding a new duration type to convert to seconds 2015-06-17 15:56:26 -07:00
Armon Dadgar 5c75a6c5c7 vault: ensure token renew does not double register 2015-06-17 15:22:50 -07:00
Armon Dadgar 272089887f Merge pull request #354 from hashicorp/f-lease
Fixing various issues around leasing
2015-06-17 15:04:16 -07:00
Armon Dadgar 45d3c512fb builtin: fixing API change in logical framework 2015-06-17 14:34:11 -07:00
Armon Dadgar ae421f75b7 vault: fixing issues with token renewal 2015-06-17 14:28:13 -07:00
Armon Dadgar f39b522681 logical/framework: allow the lease max to come from existing lease 2015-06-17 14:24:12 -07:00
Armon Dadgar cfab07b19f logical/framework: simplify calculation of lease renew 2015-06-17 14:16:44 -07:00
Armon Dadgar ae02203624 logical: remove IncrementedLease, simplify ExpirationTime calculation 2015-06-17 13:59:09 -07:00
Armon Dadgar 30de4ea80d secret/postgres: Ensure sane username length. Fixes #326 2015-06-17 13:31:56 -07:00
Jeff Mitchell 29e7ec3e21 A lot of refactoring: move PEM bundle parsing into helper/certutil, so that it is usable by other backends that want to use it to get the necessary data for TLS auth.
Also, enhance the raw cert bundle => parsed cert bundle to make it more useful and perform more validation checks.

More refactoring could be done within the PKI backend itself, but that can wait.

Commit contents (C)2015 Akamai Technologies, Inc. <opensource@akamai.com>
2015-06-17 16:07:20 -04:00
Vishal Nayak 3ed73d98c2 Added: Ssh CLI command and API, config lease impl, sshConnect path to backend, http handler for Ssh connect 2015-06-17 12:39:49 -04:00
Vishal Nayak 08c921c75e Vault SSH: POC Stage 1. Skeleton implementation. 2015-06-16 16:58:54 -04:00
Jeff Mitchell 49f1fdbdcc Merge branch 'master' into f-pki 2015-06-16 13:43:25 -04:00
Jeff Mitchell 03b0675350 A bunch of cleanup and moving around. logical/certutil is a package that now has helper functions
useful for other parts of Vault (including the API) to take advantage of.

Commit contents (C)2015 Akamai Technologies, Inc. <opensource@akamai.com>
2015-06-16 13:43:12 -04:00
Seth Vargo 3331950d7e Merge pull request #349 from hashicorp/sethvargo/put_on_dat_post_yo
Accept PUT as well as post to sys/mounts
2015-06-16 13:32:15 -04:00
Mitchell Hashimoto 4bf84392ec credential/github: get rid of stray tab 2015-06-16 10:05:51 -07:00
Mitchell Hashimoto 0ecf05c043 command/auth, github: improve cli docs
/cc @sethvargo
2015-06-16 10:05:11 -07:00
Seth Vargo 79388d2446 Accept PUT as well as post to sys/mounts 2015-06-16 13:02:21 -04:00
Mitchell Hashimoto c249bc46e4 update CHANGELOG 2015-06-16 10:00:38 -07:00
Mitchell Hashimoto 8d39d21ac2 helper/kv-builder: blank values should not panic 2015-06-16 10:00:02 -07:00
Armon Dadgar 07df5c251d Merge pull request #341 from ryancurrah/ryancurrah-doc-transit-echofix
Do not output the trailing newline in encoding.
2015-06-15 17:36:01 -07:00
Armon Dadgar 9606027736 Merge pull request #342 from bluecmd/patch-1
Record the common name in TLS metadata
2015-06-15 17:35:53 -07:00
Seth Vargo f3abf5bcc8 Merge pull request #344 from hashicorp/sethvargo/doc_policy
Document longest-prefix match
2015-06-15 14:31:42 -04:00
Seth Vargo db178571eb Document longest-prefix match
Fixes https://github.com/hashicorp/vault/issues/331
2015-06-15 14:29:20 -04:00
Seth Vargo 90dfbe2883 Update gems 2015-06-15 13:54:36 -04:00
Christian Svensson e3d3012795 Record the common name in TLS metadata
It is useful to be able to save the client cert's Common Name for auditing purposes when using a central CA.

This adds a "common_name" value to the Metadata structure passed from login.
2015-06-14 23:18:21 +01:00
Ryan Currah c232fee6b3 Do not output the trailing newline in encoding.
Added -n to echo command to prevent newlines from showing up in encoding.
2015-06-13 12:03:57 -04:00
Pradeep Chhetri 53748c8c63 Fixed a failing test and drop table after running tests 2015-06-13 08:24:27 +05:45
Jeff Mitchell e17ced0d51 Fix a docs-out-of-date bug.
Commit contents (C)2015 Akamai Technologies, Inc. <opensource@akamai.com>
2015-06-12 16:33:00 -04:00
Pradeep Chhetri 5fe59f4b8d Fixing List command behaviour 2015-06-12 23:16:46 +05:45
Pradeep Chhetri 0bf52546af Added the test as per suggestion 2015-06-12 15:32:45 +05:45
Pradeep Chhetri 30cef9fe77 Changes done as per feedback 2015-06-12 13:24:41 +05:45
Jeff Mitchell ae1cbc1a7a Erp, forgot this feedback...
Commit contents (C)2015 Akamai Technologies, Inc. <opensource@akamai.com>
2015-06-11 23:16:13 -04:00
Jeff Mitchell 7cf1f186ed Add locking for revocation/CRL generation. I originally was going to use an RWMutex but punted, because it's not worth trying to save some milliseconds with the possibility of getting something wrong. So the entire operations are now wrapped, which is minimally slower but very safe.
Commit contents (C)2015 Akamai Technologies, Inc. <opensource@akamai.com>
2015-06-11 22:28:13 -04:00
Jeff Mitchell 018c0ec7f5 Address most of Armon's initial feedback.
Commit contents (C)2015 Akamai Technologies, Inc. <opensource@akamai.com>
2015-06-11 21:57:05 -04:00
Jeff Mitchell db5354823f Fix some out-of-date examples.
Commit contents (C)2015 Akamai Technologies, Inc. <opensource@akamai.com>
2015-06-11 21:17:05 -04:00
Pradeep Chhetri ace36da4ce Physical MySQL backend implementation - First Cut 2015-06-09 01:37:25 +05:45
Jeff Mitchell 1513e2baa4 Add acceptance tests
* CA bundle uploading
* Basic role creation
* Common Name restrictions
* IP SAN restrictions
* EC + RSA keys
* Various key usages
* Lease times
* CA fetching in various formats
* DNS SAN handling

Also, fix a bug when trying to get code signing certificates.

Not tested:
* Revocation (I believe this is impossible with the current testing framework)

Commit contents (C)2015 Akamai Technologies, Inc. <opensource@akamai.com>
2015-06-08 00:06:09 -04:00
Jeff Mitchell 0d832de65d Initial PKI backend implementation.
Complete:
* Up-to-date API documents
* Backend configuration (root certificate and private key)
* Highly granular role configuration
* Certificate generation
* CN checking against role
* IP and DNS subject alternative names
* Server, client, and code signing usage types
* Later certificate (but not private key) retrieval
* CRL creation and update
* CRL/CA bare endpoints (for cert extensions)
* Revocation (both Vault-native and by serial number)
* CRL force-rotation endpoint

Missing:
* OCSP support (can't implement without changes in Vault)
* Unit tests

Commit contents (C)2015 Akamai Technologies, Inc. <opensource@akamai.com>
2015-06-08 00:06:09 -04:00
Armon Dadgar f355049ef1 Merge pull request #318 from jefferai/f-fix-client-default
Fix nil dereference in API client
2015-06-06 13:35:48 -07:00
Jeff Mitchell 2de991ac7a The docs say that if HttpClient is nil, http.DefaultClient will be used. However, the code doesn't do this, resulting in a nil dereference. 2015-06-04 14:01:10 -04:00