1513e2baa4
Add acceptance tests
...
* CA bundle uploading
* Basic role creation
* Common Name restrictions
* IP SAN restrictions
* EC + RSA keys
* Various key usages
* Lease times
* CA fetching in various formats
* DNS SAN handling
Also, fix a bug when trying to get code signing certificates.
Not tested:
* Revocation (I believe this is impossible with the current testing framework)
Commit contents (C)2015 Akamai Technologies, Inc. <opensource@akamai.com>
2015-06-08 00:06:09 -04:00
0d832de65d
Initial PKI backend implementation.
...
Complete:
* Up-to-date API documents
* Backend configuration (root certificate and private key)
* Highly granular role configuration
* Certificate generation
* CN checking against role
* IP and DNS subject alternative names
* Server, client, and code signing usage types
* Later certificate (but not private key) retrieval
* CRL creation and update
* CRL/CA bare endpoints (for cert extensions)
* Revocation (both Vault-native and by serial number)
* CRL force-rotation endpoint
Missing:
* OCSP support (can't implement without changes in Vault)
* Unit tests
Commit contents (C)2015 Akamai Technologies, Inc. <opensource@akamai.com>
2015-06-08 00:06:09 -04:00
348924eaab
logical/consul: Combine policy and lease into single storage struct
2015-05-28 09:36:23 +10:00
6b0820d709
logical/consul: custom lease time for roles
2015-05-27 09:53:46 +10:00
2e1bce27a9
Allow dot in LDAP login username
2015-05-20 11:54:15 -07:00
cc966d6b52
auth/cert: Guard against empty certs. Fixes #214
2015-05-18 16:11:09 -07:00
56659a2db2
cred/app-id: ensure consistent error message
2015-05-15 11:45:57 -07:00
8cff23f29b
cred/app-id: stricter validation and error messaging
2015-05-15 11:40:45 -07:00
6746a24c78
credential/app-id: Test DeleteOperation
2015-05-14 22:30:02 +10:00
a3fe4b889f
Fix Error message
2015-05-12 14:32:09 +09:00
1ca0b2340c
credential/app-id: add hash of user/app ID to metadata for logs
2015-05-11 10:46:11 -07:00
5406d3189e
Merge pull request #184 from hashicorp/b-github-casing
...
credential/github: case insensitive mappings
2015-05-11 10:27:45 -07:00
5c63b70eea
logical/framework: PathMap is case insensitive by default
2015-05-11 10:27:04 -07:00
4e861f29bc
credential/github: case insensitive mappings
2015-05-11 10:24:39 -07:00
8156b88353
auth/ldap: move password into InternalData
2015-05-09 22:06:34 +02:00
84388b2b20
auth/ldap: move username into the path (to allow per-user revokation on the path)
2015-05-09 22:06:28 +02:00
5e899e7de2
auth/ldap: fix pasto
2015-05-09 22:06:22 +02:00
1e1219dfcc
auth/ldap: implement login renew
2015-05-09 22:04:20 +02:00
a0f53f177c
auth/ldap: document LDAP server used in tests
2015-05-09 22:04:20 +02:00
b4093e2ddf
auth/ldap: add acceptance tests
2015-05-09 22:04:20 +02:00
02d3b1c74c
auth/ldap: add support for groups with unique members
2015-05-09 22:04:20 +02:00
c313ff2802
auth/ldap: implement authorization via LDAP groups
2015-05-09 22:04:20 +02:00
dc6b4ab9db
auth/ldap: add configuration path for groups
2015-05-09 22:04:20 +02:00
7e39da2e67
Attempt connection to LDAP server at login time.
...
Also switch to a LDAP library fork which fixes a panic when
shutting down a connection immediately.
2015-05-09 22:04:19 +02:00
7492c5712a
Initial implementation of the LDAP credential backend
2015-05-09 22:04:19 +02:00
f3c3f4717a
Remove references to -var
2015-05-08 11:45:29 -04:00
a6a4bee2ee
cred/app-id: Add help synopsis to login path
2015-05-07 15:45:43 -07:00
04015fdf55
Fix output from GitHub help
2015-05-07 14:13:12 -04:00
b07d0bc56f
audit/file: Create file if it does not exist. Fixes #148
2015-05-06 11:33:06 -07:00
deab183cbd
token/disk: write token with 0600
2015-05-02 13:34:01 -07:00
582677b134
Fix documentation typo.
2015-04-28 22:15:56 -07:00
848433a355
audit/file: add log_raw parameter and default to hashing
2015-04-27 15:56:41 -07:00
f01e14351a
audit/syslog: switch defaults
2015-04-27 15:56:41 -07:00
de7a81a8fb
audit/syslog: Copy structure before hashing to avoid breaking result
2015-04-27 15:56:40 -07:00
1b659d41ff
audit/syslog: Hash everything by default, optionally disable
2015-04-27 15:56:40 -07:00
bb1dd509d7
audit/syslog: first pass
2015-04-27 15:56:40 -07:00
434305a6c2
secret/aws: Using roles instead of policy
2015-04-27 14:20:28 -07:00
5edf8cf3a8
Do not root protect role configurations
2015-04-27 14:07:20 -07:00
12e8c0f8cf
secret/postgres: secret/mysql: roles endpoints root protected
2015-04-27 14:04:10 -07:00
816d981d1a
secret/consul: replace policy with roles, and prefix the token path
2015-04-27 13:59:56 -07:00
6a38090822
secret/transit: rename policy to keys
2015-04-27 13:52:47 -07:00
793e6efef4
secret/transit: Adding more help. Fixes #41
2015-04-27 12:47:09 -07:00
27c73da308
audit/file: Attempt to create directory path. Fixes #38
2015-04-27 12:40:32 -07:00
a753fadcb4
secret/postgresql: testing support for multiple statements
2015-04-27 12:00:07 -07:00
1c8288c3da
secret/postgresql: support multiple sql statements
2015-04-27 11:31:27 -07:00
50879eb2e5
mysql: cleanup
2015-04-27 11:31:11 -07:00
9cae5520a0
logical/consul: Added missing policy endpoints
2015-04-27 11:08:37 -07:00
1d95694a7c
secret/mysql: improve the example statement
2015-04-25 12:58:50 -07:00
503241eeee
secret/mysql: adding acceptance test
2015-04-25 12:56:23 -07:00
e378f5c4a2
secret/mysql: fixing mysql oddities
2015-04-25 12:56:11 -07:00
57e66f3b6c
secret/mysql: initial pass at mysql secret backend
2015-04-25 12:05:26 -07:00
9087471bad
credential/cert: support leasing and renewal
2015-04-24 12:58:39 -07:00
3a9e20748b
credential/cert: default display name
2015-04-24 10:52:17 -07:00
7b4ceeb7e6
credential/cert: more validation on cert setup
2015-04-24 10:39:44 -07:00
d57c8ea0f0
credential/cert: return logical error if invalid
2015-04-24 10:36:25 -07:00
ae272b83ce
credential/cert: major refactor
2015-04-24 10:31:57 -07:00
28b18422b7
credential/cert: First pass at public key credential backend
2015-04-23 21:46:21 -07:00
ee2b113831
audit/file: append
2015-04-19 22:43:39 -07:00
0b7e7190b5
credentials/userpass: integrate into auth cli
2015-04-19 15:17:24 -07:00
c5cadc026d
credential/userpass: renewal
2015-04-19 15:12:50 -07:00
0ae9eadfd3
credential/userpass: help
2015-04-19 15:07:11 -07:00
0aec679bb4
credential/userpass: login
2015-04-19 15:06:29 -07:00
fedda20c41
credential/userpass: configuring users
2015-04-19 14:59:30 -07:00
17676af663
logical/postgresql: when renewing, alter the valid until
2015-04-18 22:55:33 -07:00
4e21f702a8
logical/consul: leasing
2015-04-18 22:29:46 -07:00
517236ea50
logical/consul: config/access is the new path for config
2015-04-18 22:28:53 -07:00
23a156b414
logical/aws: leasing/renewal support
2015-04-18 22:25:37 -07:00
2a8dfd85f4
logical/aws: fix build
2015-04-18 22:22:35 -07:00
208dd1e8be
logical/aws: move root creds config to config/root
2015-04-18 22:21:31 -07:00
f61626f7a6
logical/aws: support read/delete policies
2015-04-18 22:13:12 -07:00
79ccb2f412
logical/postgresql: support deleting roles and reading them
2015-04-18 21:59:59 -07:00
84bca3ef28
logical/postgresql: renew for secret
2015-04-18 21:47:19 -07:00
e1e5c47362
logical/postgresql: leasing
2015-04-18 21:45:05 -07:00
8edc4d1241
logical/postgres: no session limit
2015-04-18 18:42:57 -07:00
39b8ae1b31
logical/postgers: update docs properly
2015-04-18 18:42:26 -07:00
6e10c415ef
logical/postgresql: leases
2015-04-18 18:40:03 -07:00
2120235a2e
logical/postgresql: create DB credentials
2015-04-18 18:37:27 -07:00
d0eb1b9a74
logical/postgresql: creating roles
2015-04-18 18:09:33 -07:00
d96b64286a
logical/postgresql: connection
2015-04-18 17:34:36 -07:00
20324a0c9c
website: more auth
2015-04-18 13:45:50 -07:00
f7a1b2ced9
credential/app-id: allow restriction by CIDR block [GH-10]
2015-04-17 10:14:39 -07:00
e643b48235
credential/app-id: support associating a name with app ID [GH-9]
2015-04-17 10:01:03 -07:00
37af1683c6
credential/*: adhere to new API
2015-04-17 09:40:28 -07:00
07bffafbbd
Adding transit logical backend
2015-04-15 17:08:12 -07:00
381aa0f7af
logical/aws: Use display name for IAM username
2015-04-15 15:05:00 -07:00
489e79ffd3
logical/consul: Use the DisplayName for the ACL token name
2015-04-15 15:03:05 -07:00
cf2faa06ae
credential/github: Set the github username as the display name
2015-04-15 14:30:46 -07:00
ef95d9a10e
audit/file: use JSON formatter to write output
2015-04-13 14:12:14 -07:00
48205d166b
rename vault id to lease id all over
2015-04-10 20:35:14 -07:00
62f4d1dd0e
credential/github: CLI handler
2015-04-06 09:53:43 -07:00
569991fcc5
credential/app-id
2015-04-04 18:41:49 -07:00
8bfa12297d
builtin/audit: add file audit
2015-04-04 18:10:25 -07:00
606b3dbff9
credential/github: improve help
2015-04-04 12:18:33 -07:00
8dc9e0e0d5
logical/framework: better string values for types
2015-04-03 21:15:59 -07:00
ec9df0439b
logical/aws: help
2015-04-03 21:10:54 -07:00
0bbad03c70
logical/framework: support root help
2015-04-03 20:36:47 -07:00
12a75dd304
credential/github: auth with github
2015-04-01 15:46:37 -07:00
486c3d7f30
logical/aws: policy doesn't need to be base64
2015-03-31 17:26:41 -07:00
712d144ec7
token/disk: fix args parsing
2015-03-30 23:21:17 -07:00
b12feccf38
logical/*: fix compilation errors
2015-03-30 20:30:07 -07:00
e40d0874e1
command/auth: tests work wihtout vault installed
2015-03-30 11:07:31 -07:00
27bc188758
token/disk: implement unencrypted disk store
2015-03-30 09:21:59 -07:00
db65fd7b95
command: unit tests pass
2015-03-29 16:20:34 -07:00
3270349456
logical/consul: actual test that the token works
2015-03-21 17:23:44 +01:00
55a3423c60
logical/consul
2015-03-21 17:19:37 +01:00
05246433bb
logical/aws: refactor access key create to the secret file
2015-03-21 11:49:56 +01:00
665cbaa3e4
logical/aws: remove debug I was using to test rollback :)
2015-03-21 11:20:22 +01:00
9e4b9d593b
logical/aws: WAL entry for users, rollback
2015-03-21 11:18:46 +01:00
86a6062ba2
main: enable AWS backend
2015-03-20 19:32:18 +01:00
62d9bec8be
logical/aws
2015-03-20 19:03:20 +01:00
Jeff Mitchell