luxolus/open-vault
2
0
Fork 0
Code Issues 1 Pull requests Releases Activity
2764 commits 1 branch 0 tags 214 MiB
Commit graph

123 commits

Author SHA1 Message Date
Jeff Mitchell c67871c36e Update LDAP documentation with a note on escaping 2016-02-19 13:16:18 -05:00
Jeff Mitchell d3f3122307 Add tests to ldap using the discover capability 2016-02-19 11:46:59 -05:00
Jeff Mitchell 154c326060 Add ldap tests that use a bind dn and bind password 2016-02-19 11:38:27 -05:00
vishalnayak 0b44d81a16 Github renewal enhancement 2016-02-11 20:42:42 -05:00
Jeff Mitchell 61eec74b4e Remove app-id renewal for the moment until verification logic is added 2016-01-31 19:12:20 -05:00
Jeff Mitchell bf13d68372 Fix userpass acceptance tests by giving it a system view 2016-01-29 20:14:14 -05:00
Jeff Mitchell d3a705f17b Make backends much more consistent: 
1) Use the new LeaseExtend
2) Use default values controlled by mount tuning/system defaults instead
of a random hard coded value
3) Remove grace periods
 2016-01-29 20:03:37 -05:00
Hanno Hecker 0db33274b7 discover bind dn with anonymous binds 2016-01-27 17:06:27 +01:00
Hanno Hecker 4606cd1492 fix stupid c&p error 2016-01-26 16:15:25 +01:00
Hanno Hecker 6a570345a0 add binddn/bindpath to search for the users bind DN 2016-01-26 15:56:41 +01:00
Jack DeLoach 8fecccde21 Add STS path to AWS backend. 
The new STS path allows for obtaining the same credentials that you would get
from the AWS "creds" path, except it will also provide a security token, and
will not have an annoyingly long propagation time before returning to the user.
 2016-01-21 14:05:09 -05:00
Jeff Mitchell f3ce90164f WriteOperation -> UpdateOperation 2016-01-08 13:03:03 -05:00
Jeff Mitchell 5e72453b49 Use TypeDurationSecond instead of TypeString 2015-11-03 10:52:20 -05:00
Jeff Mitchell 154fc24777 Address first round of feedback from review 2015-11-03 10:52:20 -05:00
Jeff Mitchell 59cc61cc79 Add documentation for CRLs and some minor cleanup. 2015-11-03 10:52:20 -05:00
Jeff Mitchell 5d562693bd Add tests for the crls path, and fix a couple bugs 2015-11-03 10:52:20 -05:00
Jeff Mitchell b6b62f7dc1 Drastically simplify the method and logic; keep an in-memory cache and use that for most operations, only affecting the backend storage when needed. 2015-11-03 10:52:20 -05:00
Jeff Mitchell c66f0918be Add delete method, and ability to delete only one serial as well as an entire set. 2015-11-03 10:52:20 -05:00
Jeff Mitchell be1a2266cc Add CRLSets endpoints; write method is done. Add verification logic to 
login path. Change certs "ttl" field to be a string to match common
backend behavior.
 2015-11-03 10:52:19 -05:00
Jeff Mitchell 22c65c0c07 Use cleanhttp instead of bare http.Client 2015-10-22 14:37:12 -04:00
Jeff Mitchell cba4e82682 Don't use http.DefaultClient 
This strips out http.DefaultClient everywhere I could immediately find
it. Too many things use it and then modify it in incompatible ways.

Fixes #700, I believe.
 2015-10-15 17:54:00 -04:00
Jeff Mitchell 6f4e42efed Add StaticSystemView to LDAP acceptance tests 2015-10-06 15:48:10 -04:00
vishalnayak a740c68eab Added a test case. Removed setting of defaultTTL in config. 2015-10-03 15:36:57 -04:00
vishalnayak e3f04dc444 Added testcases for config writes 2015-10-02 22:10:51 -04:00
vishalnayak ea0aba8e47 Use SanitizeTTL in credential request path instead of config 2015-10-02 15:41:35 -04:00
vishalnayak 3dd84446ab Github backend: enable auth renewals 2015-10-02 13:33:19 -04:00
Jeff Mitchell c3bdde8abe Add a static system view to github credential backend to fix acceptance tests 2015-09-29 18:55:59 -07:00
Jeff Mitchell b655f6b858 Add HMAC capability to salt. Pass a salt into audit backends. Require it for audit.Hash. 2015-09-18 17:38:22 -04:00
Jeff Mitchell 9c5dcac90c Make TLS backend honor SystemView default values. Expose lease TTLs on read. Make auth command show lease TTL if one exists. Addresses most of #527 2015-09-18 14:01:28 -04:00
vishalnayak 1f53376ae6 Userpass Bk: Added tests for TTL duration verifications 2015-09-17 16:33:26 -04:00
vishalnayak 4332eb9d05 Vault userpass: Enable renewals for login tokens 2015-09-17 14:35:50 -04:00
Jeff Mitchell 77e7379ab5 Implement the cubbyhole backend 
In order to implement this efficiently, I have introduced the concept of
"singleton" backends -- currently, 'sys' and 'cubbyhole'. There isn't
much reason to allow sys to be mounted at multiple places, and there
isn't much reason you'd need multiple per-token storage areas. By
restricting it to just one, I can store that particular mount instead of
iterating through them in order to call the appropriate revoke function.

Additionally, because revocation on the backend needs to be triggered by
the token store, the token store's salt is kept in the router and
client tokens going to the cubbyhole backend are double-salted by the
router. This allows the token store to drive when revocation happens
using its salted tokens.
 2015-09-15 13:50:37 -04:00
Jeff Mitchell 104b29ab04 Rename View to StorageView to make it more distinct from SystemView 2015-09-15 13:50:37 -04:00
Jeff Mitchell 959a727acd Don't re-use tls configuration, to fix a possible race issue during test 2015-09-03 13:04:32 -04:00
Jeff Mitchell 5fa76b5640 Add base_url option to GitHub auth provider to allow selecting a custom endpoint. Fixes #572. 2015-08-28 06:28:43 -07:00
Jeff Mitchell 5695d57ba0 Merge pull request #561 from hashicorp/fix-wild-cards 
Allow hyphens in endpoint patterns of most backends
 2015-08-21 11:40:42 -07:00
vishalnayak 6c2927ede0 Vault: Fix wild card paths for all backends 2015-08-21 00:56:13 -07:00
Jeff Mitchell 93ef9a54bd Internally refactor Lease/LeaseGracePeriod into TTL/GracePeriod 2015-08-20 18:00:51 -07:00
Jeff Mitchell 133380915a Disallow non-client X509 key usages for client TLS cert authentication. 2015-08-20 15:50:47 -07:00
Armon Dadgar d1a09e295a Merge pull request #509 from ekristen/github-fix 
Reimplements #459
 2015-08-11 10:06:10 -07:00
Erik Kristensen 611965844b reimplements #459 2015-08-09 11:25:45 -06:00
Michael S. Fischer 21ab4d526c Provide working example of TLS certificate authentication 
Fixes #474
 2015-08-07 15:15:53 -07:00
Erik Kristensen 26387f6535 remove newline 2015-08-03 16:34:24 -06:00
Erik Kristensen f9c49f4a57 fix bug #488 2015-08-03 15:47:30 -06:00
Rusty Ross 719ac6e714 update doc for app-id 
make clearer in doc that user-id can accept multiple app-id mappngs as comma-separated values
 2015-08-03 09:44:26 -07:00
Armon Dadgar 03728af495 Merge pull request #464 from bgirardeau/master 
Add Multi-factor authentication with Duo
 2015-07-30 17:51:31 -07:00
Bradley Girardeau aa55d36f03 Clean up naming and add documentation 2015-07-30 17:36:40 -07:00
Bradley Girardeau d26b77b4f4 mfa: code cleanup 2015-07-28 11:55:46 -07:00
Bradley Girardeau 6697012dd3 mfa: improve edge cases and documentation 2015-07-27 21:14:00 -07:00
Bradley Girardeau 06863d08f0 mfa: add to userpass backend 2015-07-27 21:14:00 -07:00