Jeff Mitchell
709389dd36
Use ParseStringSlice on PKI organization/organizational unit. ( #2561 )
...
After, separately dedup and use new flag to not lowercase value.
Fixes #2555
2017-04-04 08:54:18 -07:00
Jeff Mitchell
3d162b63cc
Use locks in a slice rather than a map, which is faster and makes things cleaner ( #2446 )
2017-03-07 11:21:32 -05:00
Jeff Mitchell
5119b173c4
Rename helper 'duration' to 'parseutil'. ( #2449 )
...
Add a ParseBool function that accepts various kinds of ways of
specifying booleans.
Have config use ParseBool for UI and disabling mlock/cache.
2017-03-07 11:21:22 -05:00
Brian Kassouf
e62f5dbc31
Allowed/Denied parameters support for globs ( #2438 )
...
* Add check for globbed strings
* Add tests for the acl globbing
* Fix bad test case
2017-03-03 14:50:55 -08:00
Jeff Mitchell
b1c2a930fe
Clean up request forwarding logic
2017-03-01 18:17:06 -05:00
Jeff Mitchell
eec66eaa3c
Have duration.ParseDurationSecond handle json.Number
2017-03-01 08:32:05 -05:00
Jeff Mitchell
7f0a99e8eb
Add max/min wrapping TTL ACL statements ( #2411 )
2017-02-27 14:42:00 -05:00
Saj Goonatilleke
01f3056b8b
pki: Include private_key_type on DER-formatted responses from /pki/issue/ ( #2405 )
2017-02-24 11:17:59 -05:00
Jeff Mitchell
c81582fea0
More porting from rep ( #2388 )
...
* More porting from rep
* Address review feedback
2017-02-16 16:29:30 -05:00
Jeff Mitchell
0c39b613c8
Port some replication bits to OSS ( #2386 )
2017-02-16 15:15:02 -05:00
Jeff Mitchell
0a9a6d3343
Move ReplicationState to consts
2017-02-16 13:37:21 -05:00
Brian Kassouf
13ec9c5dbf
Load leases into the expiration manager in parallel ( #2370 )
...
* Add a benchmark for exiration.Restore
* Add benchmarks for consul Restore functions
* Add a parallel version of expiration.Restore
* remove debug code
* Up the MaxIdleConnsPerHost
* Add tests for etcd
* Return errors and ensure go routines are exited
* Refactor inmem benchmark
* Add s3 bench and refactor a bit
* Few tweaks
* Fix race with waitgroup.Add()
* Fix waitgroup race condition
* Move wait above the info log
* Add helper/consts package to store consts that are needed in cyclic packages
* Remove not used benchmarks
2017-02-16 10:16:06 -08:00
Vishal Nayak
eb4ef0f6e0
cidrutil: added test data points ( #2378 )
2017-02-16 00:51:02 -05:00
Jeff Mitchell
6c02e9357a
Update protos
2017-02-02 16:20:32 -05:00
Roman Vynar
85eceef188
Fix cipher preferred order
2017-01-24 09:29:57 +02:00
Jeff Mitchell
42894754a6
Remove comments destined to be outdated
2017-01-23 13:49:15 -05:00
Roman Vynar
1615280efa
Added tls_cipher_suites, tls_prefer_server_ciphers config options to listener ( #2293 )
2017-01-23 13:48:35 -05:00
joe miller
98df700495
allow roles to set OU value in certificates issued by the pki backend ( #2251 )
2017-01-23 12:44:45 -05:00
Chris Hoffman
7568a212b1
Adding support for exportable transit keys ( #2133 )
2017-01-23 11:04:43 -05:00
vishalnayak
c9bd2a37f8
Don't sanitize disallowed_policies on token role
2017-01-17 21:34:14 -05:00
Félix Cantournet
103b7ceab2
all: test: Fix govet warnings
...
Fix calls to t.Fatal() with formatting.
Fixed some calls to Fatalf() with wrong formatting
2016-12-21 19:44:07 +01:00
Brian Nuszkowski
98a6e0fea3
Add Duo pushinfo capabilities ( #2118 )
2016-12-19 15:37:44 -05:00
Vishal Nayak
8400b87473
Don't add default policy to child token if parent does not have it ( #2164 )
2016-12-16 00:36:39 -05:00
Jeff Mitchell
fc81a301b8
Don't say mlock is supported on OSX when it isn't. ( #2120 )
...
Fixes #2119
2016-11-22 12:56:36 -05:00
Jeff Mitchell
ee29b329fb
Bump proto files after update
2016-11-17 10:06:26 -05:00
vishalnayak
ac9304e660
Remove the methods introduced to make the tests work from its older package
2016-10-26 20:03:51 -04:00
vishalnayak
c14a6c8666
Move policy test to keysutil package
2016-10-26 19:57:28 -04:00
vishalnayak
6d1e1a3ba5
Pulled out transit's lock manager and policy structs into a helper
2016-10-26 19:52:31 -04:00
vishalnayak
69df3fb95e
Added a few checks to the CIDR Subset checking util
2016-09-28 14:04:02 -04:00
Chris Hoffman
d235acf809
Adding support for chained intermediate CAs in pki backend ( #1694 )
2016-09-27 17:50:17 -07:00
Vishal Nayak
b1ee56a15b
Merge pull request #1910 from hashicorp/secret-id-cidr-list
...
CIDR restrictions on Secret ID
2016-09-26 10:22:48 -04:00
Jeff Mitchell
72b9c4c649
Fix parsing env var, needed to be in the helper too
2016-09-23 13:20:26 -04:00
vishalnayak
a31f9bb0e9
Fix zeroAddr check
2016-09-23 12:50:26 -04:00
vishalnayak
f560e20b28
Address review feedback
2016-09-22 18:07:35 -04:00
vishalnayak
07b1b244d6
Use net.IPv4zero to check for zero address
2016-09-21 20:29:33 -04:00
vishalnayak
aaadd4ad97
Store the CIDR list in the secret ID storage entry.
...
Use the stored information to validate the source address and credential issue time.
Correct the logic used to verify BoundCIDRList on the role.
Reverify the subset requirements between secret ID and role during credential issue time.
2016-09-21 20:19:26 -04:00
vishalnayak
93604e1e2e
Added cidrutil helper
2016-09-21 13:58:32 -04:00
Jeff Mitchell
0ff76e16d2
Transit and audit enhancements
2016-09-21 10:49:26 -04:00
Jeff Mitchell
897d3c6d2c
Rename GetOctalFormatted and add serial number to ParsedCertBundle. Basically a noop.
2016-09-16 11:05:43 -04:00
Jeff Mitchell
1d6552c625
Update logging formatting
2016-09-01 16:14:21 -04:00
vishalnayak
cdcfa4572f
Address review feedback
2016-08-30 16:36:58 -04:00
Jeff Mitchell
7e41d5ab45
Pass headers back when request forwarding ( #1795 )
2016-08-26 17:53:47 -04:00
Jeff Mitchell
58b32e5432
Convert to logxi
2016-08-21 18:13:37 -04:00
Jeff Mitchell
2860dcc60f
gofmt
2016-08-19 16:48:32 -04:00
Jeff Mitchell
bdcfe05517
Clustering enhancements ( #1747 )
2016-08-19 11:03:53 -04:00
Jeff Mitchell
5c33356d14
Protobuf for forwarding ( #1743 )
2016-08-17 16:15:15 -04:00
Jeff Mitchell
8d6244f8e7
Don't serialize the full connection state, instead just the peer certificates, and parse them on the other side
2016-08-17 10:29:53 -04:00
Jeff Mitchell
37320f8798
Request forwarding ( #1721 )
...
Add request forwarding.
2016-08-15 09:42:42 -04:00
James Nugent
2c14ff7385
build: Add support for building on Illumos
...
This commit adds support for building for Illumos-derived operating
systems. Regrettably, the cyrpto/ssh/terminal package does not include
implementations of the functions IsTerminal, MakeRaw or Restore for the
solaris OS. Consequently this commit implements them in Vault.
makeRaw(fd int) is based on the Illumos implementation of the getpass
function [1] for the correct flags. isTerminal(fd int) is based on the
Illumos libc implementation [2] of isatty.
[1] http://src.illumos.org/source/xref/illumos-gate/usr/src/lib/libast/common/uwin/getpass.c
[2] http://src.illumos.org/source/xref/illumos-gate/usr/src/lib/libbc/libc/gen/common/isatty.c
2016-08-13 00:20:15 -04:00
Jeff Mitchell
c1a46349fa
Change to keybase openpgp fork as it has important fixes
2016-08-11 08:31:43 -04:00