Commit graph

117 commits

Author SHA1 Message Date
Vishal Nayak cfef144dc2 Merge branch 'master' of https://github.com/hashicorp/vault into vishalvault 2015-06-17 20:34:56 -04:00
Vishal Nayak 303a7cef9a Received OTK in SSH client. Forked SSH process from CLI. Added utility file for SSH. 2015-06-17 20:33:03 -04:00
Armon Dadgar 45d3c512fb builtin: fixing API change in logical framework 2015-06-17 14:34:11 -07:00
Armon Dadgar 30de4ea80d secret/postgres: Ensure sane username length. Fixes #326 2015-06-17 13:31:56 -07:00
Vishal Nayak 3ed73d98c2 Added: Ssh CLI command and API, config lease impl, sshConnect path to backend, http handler for Ssh connect 2015-06-17 12:39:49 -04:00
Vishal Nayak 08c921c75e Vault SSH: POC Stage 1. Skeleton implementation. 2015-06-16 16:58:54 -04:00
Mitchell Hashimoto 4bf84392ec credential/github: get rid of stray tab 2015-06-16 10:05:51 -07:00
Mitchell Hashimoto 0ecf05c043 command/auth, github: improve cli docs
/cc @sethvargo
2015-06-16 10:05:11 -07:00
Christian Svensson e3d3012795 Record the common name in TLS metadata
It is useful to be able to save the client cert's Common Name for auditing purposes when using a central CA.

This adds a "common_name" value to the Metadata structure passed from login.
2015-06-14 23:18:21 +01:00
Jonathan Sokolowski 348924eaab logical/consul: Combine policy and lease into single storage struct 2015-05-28 09:36:23 +10:00
Jonathan Sokolowski 6b0820d709 logical/consul: custom lease time for roles 2015-05-27 09:53:46 +10:00
Ian Unruh 2e1bce27a9 Allow dot in LDAP login username 2015-05-20 11:54:15 -07:00
Armon Dadgar cc966d6b52 auth/cert: Guard against empty certs. Fixes #214 2015-05-18 16:11:09 -07:00
Armon Dadgar 56659a2db2 cred/app-id: ensure consistent error message 2015-05-15 11:45:57 -07:00
Armon Dadgar 8cff23f29b cred/app-id: stricter validation and error messaging 2015-05-15 11:40:45 -07:00
Jonathan Sokolowski 6746a24c78 credential/app-id: Test DeleteOperation 2015-05-14 22:30:02 +10:00
Etourneau Gwenn a3fe4b889f Fix Error message 2015-05-12 14:32:09 +09:00
Mitchell Hashimoto 1ca0b2340c credential/app-id: add hash of user/app ID to metadata for logs 2015-05-11 10:46:11 -07:00
Mitchell Hashimoto 5406d3189e Merge pull request #184 from hashicorp/b-github-casing
credential/github: case insensitive mappings
2015-05-11 10:27:45 -07:00
Mitchell Hashimoto 5c63b70eea logical/framework: PathMap is case insensitive by default 2015-05-11 10:27:04 -07:00
Mitchell Hashimoto 4e861f29bc credential/github: case insensitive mappings 2015-05-11 10:24:39 -07:00
Giovanni Bajo 8156b88353 auth/ldap: move password into InternalData 2015-05-09 22:06:34 +02:00
Giovanni Bajo 84388b2b20 auth/ldap: move username into the path (to allow per-user revokation on the path) 2015-05-09 22:06:28 +02:00
Giovanni Bajo 5e899e7de2 auth/ldap: fix pasto 2015-05-09 22:06:22 +02:00
Giovanni Bajo 1e1219dfcc auth/ldap: implement login renew 2015-05-09 22:04:20 +02:00
Giovanni Bajo a0f53f177c auth/ldap: document LDAP server used in tests 2015-05-09 22:04:20 +02:00
Giovanni Bajo b4093e2ddf auth/ldap: add acceptance tests 2015-05-09 22:04:20 +02:00
Giovanni Bajo 02d3b1c74c auth/ldap: add support for groups with unique members 2015-05-09 22:04:20 +02:00
Giovanni Bajo c313ff2802 auth/ldap: implement authorization via LDAP groups 2015-05-09 22:04:20 +02:00
Giovanni Bajo dc6b4ab9db auth/ldap: add configuration path for groups 2015-05-09 22:04:20 +02:00
Giovanni Bajo 7e39da2e67 Attempt connection to LDAP server at login time.
Also switch to a LDAP library fork which fixes a panic when
shutting down a connection immediately.
2015-05-09 22:04:19 +02:00
Giovanni Bajo 7492c5712a Initial implementation of the LDAP credential backend 2015-05-09 22:04:19 +02:00
Seth Vargo f3c3f4717a Remove references to -var 2015-05-08 11:45:29 -04:00
Armon Dadgar a6a4bee2ee cred/app-id: Add help synopsis to login path 2015-05-07 15:45:43 -07:00
Seth Vargo 04015fdf55 Fix output from GitHub help 2015-05-07 14:13:12 -04:00
Armon Dadgar b07d0bc56f audit/file: Create file if it does not exist. Fixes #148 2015-05-06 11:33:06 -07:00
Mitchell Hashimoto deab183cbd token/disk: write token with 0600 2015-05-02 13:34:01 -07:00
Trevor Pounds 582677b134 Fix documentation typo. 2015-04-28 22:15:56 -07:00
Armon Dadgar 848433a355 audit/file: add log_raw parameter and default to hashing 2015-04-27 15:56:41 -07:00
Armon Dadgar f01e14351a audit/syslog: switch defaults 2015-04-27 15:56:41 -07:00
Armon Dadgar de7a81a8fb audit/syslog: Copy structure before hashing to avoid breaking result 2015-04-27 15:56:40 -07:00
Armon Dadgar 1b659d41ff audit/syslog: Hash everything by default, optionally disable 2015-04-27 15:56:40 -07:00
Armon Dadgar bb1dd509d7 audit/syslog: first pass 2015-04-27 15:56:40 -07:00
Armon Dadgar 434305a6c2 secret/aws: Using roles instead of policy 2015-04-27 14:20:28 -07:00
Armon Dadgar 5edf8cf3a8 Do not root protect role configurations 2015-04-27 14:07:20 -07:00
Armon Dadgar 12e8c0f8cf secret/postgres: secret/mysql: roles endpoints root protected 2015-04-27 14:04:10 -07:00
Armon Dadgar 816d981d1a secret/consul: replace policy with roles, and prefix the token path 2015-04-27 13:59:56 -07:00
Armon Dadgar 6a38090822 secret/transit: rename policy to keys 2015-04-27 13:52:47 -07:00
Armon Dadgar 793e6efef4 secret/transit: Adding more help. Fixes #41 2015-04-27 12:47:09 -07:00
Armon Dadgar 27c73da308 audit/file: Attempt to create directory path. Fixes #38 2015-04-27 12:40:32 -07:00