open-vault

Author	SHA1	Message	Date
Vishal Nayak	81c95b36eb	aws-ec2 auth: Return the role period in seconds (#2374 ) * aws-ec2 auth: Return the role period in seconds * cast return values to int64 for comparison with expected values	2017-02-15 10:57:57 -05:00
Vishal Nayak	3457a11afd	awsec2: support periodic tokens (#2324 ) * awsec2: support periodic tokens * awsec2: add api docs for 'period'	2017-02-02 13:28:01 -05:00
louism517	0548555219	Support for Cross-Account AWS Auth (#2148 )	2017-02-01 14:16:03 -05:00
Félix Cantournet	103b7ceab2	all: test: Fix govet warnings Fix calls to t.Fatal() with formatting. Fixed some calls to Fatalf() with wrong formatting	2016-12-21 19:44:07 +01:00
vishalnayak	65f0ce8ca3	Remove the sanity check which is not proving to be useful	2016-10-27 19:11:26 -04:00
Michael S. Fischer	c45ab41b39	Update aws-ec2 configuration help Updated to reflect enhanced functionality and clarify necessary permissions.	2016-10-05 12:40:58 -07:00
vishalnayak	0f8c132ede	Minor doc updates	2016-10-04 15:46:09 -04:00
vishalnayak	2e1aa80f31	Address review feedback 2	2016-10-04 15:30:42 -04:00
vishalnayak	59475d7f14	Address review feedback	2016-10-04 15:05:44 -04:00
vishalnayak	348a09e05f	Add only relevant certificates	2016-10-03 20:34:28 -04:00
vishalnayak	dbd364453e	aws-ec2 config endpoints support type option to distinguish certs	2016-10-03 20:25:07 -04:00
vishalnayak	b105f8ccf3	Authenticate aws-ec2 instances using identity document and its RSA signature	2016-10-03 18:57:41 -04:00
Michael S. Fischer	2dd1f584e6	Update documentation for required AWS API permissions In order for Vault to map IAM instance profiles to roles, Vault must query the 'iam:GetInstanceProfile' API, so update the documentation and help to include the additional permissions needed.	2016-09-28 16:50:20 -07:00
vishalnayak	e01f99f042	Check for prefix match instead of exact match for IAM bound parameters	2016-09-28 18:08:28 -04:00
Vishal Nayak	4a30a6b4f8	Merge pull request #1913 from hashicorp/bound-iam-instance-profile-arn Proper naming for bound_iam_instance_profile_arn	2016-09-28 15:34:56 -04:00
vishalnayak	31e450a175	Add some validation checks	2016-09-28 15:36:02 -04:00
vishalnayak	d080107a87	Update docs to contain bound_iam_role_arn	2016-09-26 09:37:38 -04:00
vishalnayak	bf0b7f218e	Implemented bound_iam_role_arn constraint	2016-09-23 21:35:36 -04:00
Jeff Mitchell	6bf871995b	Don't use time.Time in responses. (#1912 ) This fixes #1911 but not directly; it doesn't address the cause of the panic. However, it turns out that this is the correct fix anyways, because it ensures that the value being logged is RFC3339 format, which is what the time turns into in JSON but not the normal time string value, so what we audit log (and HMAC) matches what we are returning.	2016-09-23 12:32:07 -04:00
vishalnayak	e0c41f02c8	Fix incorrect naming of bound_iam_instance_profile_arn	2016-09-23 11:22:23 -04:00
vishalnayak	92986bb2a0	Address review feedback	2016-09-15 11:41:52 -04:00
vishalnayak	a1de742dce	s/disableReauthenticationNonce/reauthentication-disabled-nonce	2016-09-15 11:29:02 -04:00
vishalnayak	9bca127631	Updated docs with nonce usage	2016-09-14 19:31:09 -04:00
vishalnayak	857f921d76	Added comment	2016-09-14 18:27:35 -04:00
vishalnayak	39796e8801	Disable reauthentication if nonce is explicitly set to empty	2016-09-14 17:58:00 -04:00
vishalnayak	d0e4d77fce	address review feedback	2016-09-14 14:28:02 -04:00
vishalnayak	d7ce69c5eb	Remove the client nonce being empty check	2016-09-14 14:28:02 -04:00
vishalnayak	53c919b1d0	Generate the nonce by default	2016-09-14 14:28:02 -04:00
vishalnayak	455a4ae055	address review feedback	2016-09-14 12:08:35 -04:00
vishalnayak	b1392567d1	Use constant time comparisons for client nonce	2016-09-13 20:12:43 -04:00
Jeff Mitchell	29b67141eb	Only use running state for checking if instance is alive. (#1885 ) Fixes #1884	2016-09-13 18:08:05 -04:00
vishalnayak	7ce631f1dc	Pretty print the warning	2016-08-18 16:09:10 -04:00
vishalnayak	870ffd6fd8	Use shortestTTL value during renewals too	2016-08-18 15:43:58 -04:00
vishalnayak	4f1c47478e	When TTL is not set, consider the system default TTL as well	2016-08-18 15:37:59 -04:00
vishalnayak	56b8c33c95	aws-ec2: se max_ttl when ttl is not set, during login	2016-08-18 15:16:32 -04:00
vishalnayak	b150c14caa	Address review feedback by @jefferai	2016-08-09 17:45:42 -04:00
vishalnayak	8d261b1a78	Added ttl field to aws-ec2 auth backend role	2016-08-09 17:29:45 -04:00
vishalnayak	c14235b206	Merge branch 'master-oss' into json-use-number Conflicts: http/handler.go logical/framework/field_data.go logical/framework/wal.go vault/logical_passthrough.go	2016-07-15 19:21:55 -04:00
vishalnayak	e09b40e155	Remove Unix() invocations on 'time.Time' objects and removed conversion of time to UTC	2016-07-08 18:30:18 -04:00
vishalnayak	ad7cb2c8f1	Added JSON Decode and Encode helpers. Changed all the occurances of Unmarshal to use the helpers. Fixed http/ package tests.	2016-07-06 12:25:40 -04:00
vishalnayak	5f5a81d8da	Fix broken build	2016-06-21 18:25:36 -04:00
vishalnayak	e97f81ecaa	Print role name in the error message	2016-06-21 17:53:33 -04:00
Vishal Nayak	78d4d5c8c3	Merge pull request #1523 from hashicorp/bind-account-id-aws-ec2 Added bound_account_id to aws-ec2 auth backend	2016-06-21 10:03:20 -04:00
vishalnayak	f7a44a2643	Correct casing of abbreviations	2016-06-21 10:02:22 -04:00
vishalnayak	383be815b6	aws-ec2: added a nil check for storedIdentity in login renewal	2016-06-20 10:19:57 -04:00
vishalnayak	dccfc413d4	Replace an 'if' block with 'switch'	2016-06-17 12:35:44 -04:00
vishalnayak	8e03c1448b	Merge branch 'master-oss' into bind-account-id-aws-ec2 Conflicts: builtin/credential/aws-ec2/backend_test.go builtin/credential/aws-ec2/path_login.go builtin/credential/aws-ec2/path_role.go	2016-06-14 14:46:08 -04:00
Ivan Fuyivara	74e84113db	fixing the test for the wrong IAM Role ARN	2016-06-14 18:17:41 +00:00
Ivan Fuyivara	0ffbef0ccd	added tests, nil validations and doccumentation	2016-06-14 16:58:50 +00:00
vishalnayak	26f7fcf6a1	Added bound_account_id to aws-ec2 auth backend	2016-06-14 11:58:19 -04:00

1 2

58 commits