luxolus
/
open-vault
2
0
Fork 0
Code Issues 1 Pull Requests Releases Activity
3,368 Commits 1 Branch 0 Tags 214 MiB
Commit Graph

178 Commits

Author SHA1 Message Date
Jeff Mitchell cf56895772 Switch around some logic to be more consistent/readable and respect max 
TTL on initial token issuance.
 2016-04-26 10:22:28 -04:00
vishalnayak 338054d49e Return un-expired entries from blacklist and whitelist 2016-04-26 10:22:28 -04:00
vishalnayak b6bd30b9fb Test ConfigClient 2016-04-26 10:22:28 -04:00
vishalnayak d3adc85886 AWS EC2 instances authentication backend 2016-04-26 10:22:28 -04:00
Adam Shannon fb07d07ad9 all: Cleanup from running go vet 2016-04-13 14:38:29 -05:00
Jeff Mitchell d92b960f7a Add list support to userpass users. Remove some unneeded existence 
checks. Remove paths from requiring root.

Fixes #911
 2016-04-09 18:28:55 -04:00
vishalnayak e3a1ee92b5 Utility Enhancements 2016-04-05 20:32:59 -04:00
vishalnayak 95abdebb06 Added AcceptanceTest boolean to logical.TestCase 2016-04-05 15:10:44 -04:00
Jeff Mitchell 7df3ec46b0 Some fixups around error/warning in LDAP 2016-04-02 13:33:00 -04:00
Jeff Mitchell 40325b8042 If no group DN is configured, still look for policies on local users and 
return a warning, rather than just trying to do an LDAP search on an
empty string.
 2016-04-02 13:11:36 -04:00
Jeff Mitchell 7fd5a679ca Fix potential error scoping issue. 
Ping #1262
 2016-03-30 19:48:23 -04:00
Jeff Mitchell 3cfcd4ddf1 Check for nil connection back from go-ldap, which apparently can happen even with no error 
Ping #1262
 2016-03-29 10:00:04 -04:00
Jeff Mitchell 17613f5fcf Removing debugging comment 2016-03-24 09:48:13 -04:00
Jeff Mitchell 4c4a65ebd0 Properly check for policy equivalency during renewal. 
This introduces a function that compares two string policy sets while
ignoring the presence of "default" (since it's added by core, not the
backend), and ensuring that ordering and/or duplication are not failure
conditions.

Fixes #1256
 2016-03-24 09:41:51 -04:00
Jeff Mitchell a8dd6aa4f1 Don't renew cert-based tokens if the policies have changed. 
Also, add cert renewal testing.

Fixes #477
 2016-03-17 14:22:24 -04:00
Jeff Mitchell 77e4ee76bb Normalize userpass errors around bad user/pass 2016-03-16 15:19:55 -04:00
Jeff Mitchell 8a3f1ad13e Use 400 instead of 500 for failing to provide a userpass password. 2016-03-16 15:14:28 -04:00
vishalnayak f9b1fc3aa0 Add comments to existence functions 2016-03-16 14:53:53 -04:00
vishalnayak 1951159b25 Addessing review comments 2016-03-16 14:21:14 -04:00
vishalnayak 239ad4ad7e Refactor updating user values 2016-03-16 13:42:02 -04:00
vishalnayak 533b136fe7 Reduce the visibility of setUser 2016-03-16 11:39:52 -04:00
vishalnayak 2914ff7502 Use helper for existence check. Avoid panic by fetching default values for field data 2016-03-16 11:26:33 -04:00
vishalnayak 1e889bc08c Input validations and field renaming 2016-03-15 17:47:13 -04:00
vishalnayak a0958c9359 Refactor updating and creating userEntry into a helper function 2016-03-15 17:32:39 -04:00
vishalnayak acd545f1ed Fetch and store UserEntry to properly handle both create and update 2016-03-15 17:05:23 -04:00
vishalnayak 9609fe151b Change path structure of password and policies endpoints in userpass 2016-03-15 16:46:12 -04:00
vishalnayak 8be36b6925 Reuse the variable instead of fetching 'name' again 2016-03-15 16:21:47 -04:00
vishalnayak 61b4cac458 Added paths to update policies and password 2016-03-15 16:12:55 -04:00
vishalnayak 731bb97db5 Tests for updating password and policies in userpass backend 2016-03-15 16:09:23 -04:00
vishalnayak b7eb0a97e5 Userpass: Support updating policies and password 2016-03-15 15:18:21 -04:00
Jeff Mitchell 8aaf29b78d Add forgotten test 2016-03-15 14:18:35 -04:00
Jeff Mitchell 8bf935bc2b Add list support to certs in cert auth backend. 
Fixes #1212
 2016-03-15 14:07:40 -04:00
Jeff Mitchell d648306d52 Add the ability to specify the app-id in the login path. 
This makes it easier to use prefix revocation for tokens.

Ping #424
 2016-03-14 16:24:01 -04:00
Vishal Nayak a6d8fc9d98 Merge pull request #1190 from grunzwei/master 
fix github tests to use the provided GITHUB_ORG environment variable
 2016-03-09 09:51:28 -05:00
Nathan Grunzweig ae469cc796 fix github tests to use the provided GITHUB_ORG environment variable 
(tests fail for non hashicorp people)
 2016-03-09 15:34:03 +02:00
Jeff Mitchell 5a17735dcb Add subject/authority key id to cert metadata 2016-03-07 14:59:00 -05:00
Jeff Mitchell 4a3d3ef300 Use better error message on LDAP renew failure 2016-03-07 09:34:16 -05:00
vishalnayak 44208455f6 continue if non-CA policy is not found 2016-03-01 16:43:51 -05:00
vishalnayak 9a3ddc9696 Added ExtKeyUsageAny, changed big.Int comparison and fixed code flow 2016-03-01 16:37:01 -05:00
vishalnayak cc1592e27a corrections, policy matching changes and test cert changes 2016-03-01 16:37:01 -05:00
vishalnayak 09eef70853 Added testcase for cert writes 2016-03-01 16:37:01 -05:00
vishalnayak f056e8a5a5 supporting non-ca certs for verification 2016-03-01 16:37:01 -05:00
vishalnayak aee006ba2d moved the test cert keys to appropriate test-fixtures folder 2016-02-29 15:49:08 -05:00
vishalnayak cf672400d6 fixed the error log message 2016-02-29 10:41:10 -05:00
vishalnayak dca18aec2e replaced old certs, with new certs generated from PKI backend, containing IP SANs 2016-02-28 22:15:54 -05:00
Jeff Mitchell 6b6005ee2e Remove root token requirement from GitHub configuration 2016-02-25 08:51:53 -05:00
vishalnayak 69bcbb28aa rename verify_cert as disable_binding and invert the logic 2016-02-24 21:01:21 -05:00
vishalnayak 902c780f2b make the verification of certs in renewal configurable 2016-02-24 16:42:20 -05:00
vishalnayak bc4710eb06 Cert: renewal enhancements 2016-02-24 14:31:38 -05:00
vishalnayak 053bbd97ea check CIDR block for renewal as well 2016-02-24 10:55:31 -05:00