luxolus/open-vault
2
0
Fork 0
Code Issues 1 Pull requests Releases Activity
4931 commits 1 branch 0 tags 214 MiB
Commit graph

69 commits

Author SHA1 Message Date
Jeff Mitchell 7f9a88d8db Postgres revocation sql, beta mode (#1972) 2016-10-05 13:52:59 -04:00
vishalnayak de5dec6b15 Refactor mysql's revoke SQL 2016-10-04 19:30:25 -04:00
Jim Weber 87f206b536 removed an unused ok variable. Added warning and force use for default queries if role is nil 2016-10-04 17:15:29 -04:00
Jim Weber cc38f3253a fixed an incorrect assignment 2016-10-03 21:51:40 -04:00
Jim Weber ac78ddc178 More resilient around cases of missing role names and using the default when needed. 2016-10-03 20:20:00 -04:00
Jim Weber 0a7f1089ca Refactored logic some to make sure we can always fall back to default revoke statments 
Changed rolename to role
made default sql revoke statments a const
 2016-10-03 15:59:56 -04:00
Jim Weber 704fccaf2e fixed some more issues I had with the tests. 2016-10-03 15:58:09 -04:00
Jim Weber a2d6624a69 renamed rolname to role 2016-10-03 15:57:47 -04:00
Jim Weber bfb0c2d3ff Reduced duplicated code and fixed comments and simple variable name mistakes 2016-10-03 14:53:05 -04:00
Jim Weber bb70ecc5a7 Added test for revoking mysql user with wild card host and non-wildcard host 2016-10-02 22:28:54 -04:00
Jim Weber dbb00534d9 saving role name to the Secret Internal data. Default revoke query added 
The rolename is now saved to the secret internal data for fetching
later during the user revocation process. No longer deriving the role
name from request path

Added support for default revoke SQL statements that will provide the
same functionality as before. If not revoke SQL statements are provided
the default statements are used.

Cleaned up personal ignores from the .gitignore file
 2016-10-02 18:53:16 -04:00
Jim Weber e0ea497cfe Getting role name from the creds path used in revocation 2016-09-23 16:57:08 -04:00
Jim Weber 8709406eb3 secretCredsRevoke command no longer uses hardcoded query 
The removal of a user from the db is now handled similar to the
creation. The SQL is read out of a key from the role and then executed
with values substituted for username.
 2016-09-23 16:05:49 -04:00
Jim Weber 1bed6bfc2c Added support for a revokeSQL key value pair to the role 2016-09-23 16:00:23 -04:00
Jeff Mitchell 2860dcc60f gofmt 2016-08-19 16:48:32 -04:00
Jeff Mitchell 9e204bd88c Add arbitrary string slice parsing. 
Like the KV function, this supports either separated strings or JSON
strings, base64-encoded or not.

Fixes #1619 in theory.
 2016-08-03 14:24:16 -04:00
Laura Bennett 559b0a5006 Merge pull request #1635 from hashicorp/mysql-idle-conns 
Added maximum idle connections to mysql to close hashicorp/vault#1616
 2016-07-20 15:31:37 -04:00
Jeff Mitchell b558c35943 Set defaults to handle upgrade cases. 
Ping #1604
 2016-07-20 14:07:19 -04:00
Jeff Mitchell f2b6569b0b Merge pull request #1604 from memory/mysql-displayname-2 
concat role name and token displayname to form mysql username
 2016-07-20 14:02:17 -04:00
Nathan J. Mehl ea294f1d27 use both role name and token display name to form mysql username 2016-07-20 10:17:00 -07:00
Laura Bennett e6bf4fa489 whitespace error corrected 2016-07-20 12:00:05 -04:00
Nathan J. Mehl 0483457ad2 respond to feedback from @vishalnayak 
- split out usernameLength and displaynameLength truncation values,
  as they are different things

- fetch username and displayname lengths from the role, not from
  the request parameters

- add appropriate defaults for username and displayname lengths
 2016-07-20 06:36:51 -07:00
Laura Bennett 7cdb8a28bc max_idle_connections added 2016-07-20 09:26:26 -04:00
Laura Bennett 03c7eb7d18 initial commit before rebase to stay current with master 2016-07-19 14:18:37 -04:00
vishalnayak 7fb04a1bbd Remove unused VerifyConnection from storage entries of SQL backends 2016-07-19 11:55:49 -04:00
Nathan J. Mehl 314a5ecec0 allow overriding the default truncation length for mysql usernames 
see https://github.com/hashicorp/vault/issues/1605
 2016-07-12 17:05:43 -07:00
Nathan J. Mehl 2cf4490b37 use role name rather than token displayname in generated mysql usernames 
If a single token generates multiple myself roles, the generated mysql
username was previously prepended with the displayname of the vault
user; this makes the output of `show processlist` in mysql potentially
difficult to correlate with the roles actually in use without cross-
checking against the vault audit log.

See https://github.com/hashicorp/vault/pull/1603 for further discussion.
 2016-07-10 15:57:47 -07:00
Jeff Mitchell a2e95614d6 Have SQL backends Ping() before access. 
If unsuccessful, reestablish connections as needed.
 2016-07-01 12:02:17 -04:00
Jeff Mitchell 8d984c111d Convert MySQL tests to Dockerized versions 2016-07-01 11:36:28 -04:00
Jeff Mitchell 934e60c3c9 Add stmt close calls 2016-06-29 17:39:47 -04:00
Jeff Mitchell a56f79adcb Run prepare on the transaction, not the db 2016-06-29 17:20:41 -04:00
Vishal Nayak d47fc4c4ad Merge pull request #1515 from hashicorp/sql-config-reading 
Allow reading of config in sql backends
 2016-06-21 10:07:34 -04:00
vishalnayak 389581f47b Added warnings when configuring connection info in sql backends 2016-06-21 09:58:57 -04:00
vishalnayak cf15354e44 Address review feedback 2016-06-17 10:11:39 -04:00
vishalnayak 1776ff449f Allow reading of config in sql backends 2016-06-11 11:48:40 -04:00
vishalnayak 0760a89eb4 Backend() functions should return 'backend' objects. 
If they return pointers to 'framework.Backend' objects, the receiver functions can't be tested.
 2016-06-10 15:53:02 -04:00
Jeff Mitchell 99c1e071f3 Remove most Root paths 2016-05-31 23:42:54 +00:00
vishalnayak 95abdebb06 Added AcceptanceTest boolean to logical.TestCase 2016-04-05 15:10:44 -04:00
vishalnayak c9899a5300 postgres: connection_url fix 2016-02-22 11:22:49 -05:00
Jeff Mitchell 574542b683 Some minor changes in mysql commenting and names 2016-02-19 16:44:52 -05:00
vishalnayak a16055c809 mysql: fix error message 2016-02-19 16:07:06 -05:00
vishalnayak 38b55bd8b1 Don't deprecate value field yet 2016-02-19 16:07:06 -05:00
vishalnayak 99f4969b20 Removed connectionString.ConnectionString 2016-02-19 16:07:05 -05:00
vishalnayak 380b662c3d mysql: provide allow_verification option to disable connection_url check 2016-02-19 16:07:05 -05:00
Jeff Mitchell d3a705f17b Make backends much more consistent: 
1) Use the new LeaseExtend
2) Use default values controlled by mount tuning/system defaults instead
of a random hard coded value
3) Remove grace periods
 2016-01-29 20:03:37 -05:00
Jeff Mitchell f8a375777b Add list support for mysql roles 2016-01-28 15:04:25 -05:00
Jeff Mitchell 9c5ad28632 Update deps, and adjust usage of go-uuid to match new return values 2016-01-13 13:40:08 -05:00
Jeff Mitchell f3ce90164f WriteOperation -> UpdateOperation 2016-01-08 13:03:03 -05:00
Jeff Mitchell f2da5b639f Migrate 'uuid' to 'go-uuid' to better fit HC naming convention 2015-12-16 12:56:20 -05:00
Jeff Mitchell a9155ef85e Use split-out hashicorp/uuid 2015-10-12 14:07:12 -04:00