4c1d8013f3
move fields and field parsing to helper ( #4603 )
2018-05-21 17:04:26 -07:00
fb04064967
Restrict userpass logins & tokens by CIDR ( #4557 )
2018-05-21 11:47:28 -07:00
72200603c6
Fix role writing not allowing key_type of any ( #4596 )
...
Fixes #4595
2018-05-19 10:24:43 -07:00
910925457f
Move LDAP client and config code to helper ( #4532 )
2018-05-10 14:12:42 -07:00
e4656c1264
Shorten code by using ParseAddrs ( #4546 )
2018-05-10 13:21:55 -07:00
76c717b081
Restrict cert auth by CIDR ( #4478 )
2018-05-09 15:39:55 -07:00
072cd783b5
Fix another PKI test
2018-05-09 12:51:34 -04:00
573b403b5e
Fix PKI test
2018-05-09 12:47:00 -04:00
e5f4ca83a0
Update PKI to natively use time.Duration ( #4493 )
...
* Update PKI to natively use time.Duration
Among other things this now means PKI will output durations in seconds
like other backends, instead of as Go strings.
* Add a warning when refusing to blow away an existing root instead of just returning success
* Fix another issue found while debugging this...
The reason it wasn't caught on tests in the first place is that the ttl
and max ttl were only being compared if in addition to a provided csr, a
role was also provided. This was because the check was in the role !=
nil block instead of outside of it. This has been fixed, which made the
problem occur in all sign-verbatim cases and the changes in this PR have
now verified the fix.
2018-05-09 10:29:54 -04:00
df8484f7af
approle: Make invalid role_id a 400 error instead of 500 ( #4470 )
...
* make invalid role_id a 400 error
* remove single-use validateCredentials function
* remove single-use validateBindSecretID function
* adjust the error message for CIDR check failure
* locking updates as review feedback
2018-05-04 10:15:16 -04:00
b1d44a7dee
Fix alias data being used for cert auth (serial number -> common name) ( #4495 )
...
Fixes #4475
2018-05-04 10:08:23 -04:00
c0ed57feae
Revert "proto changes ( #4503 )" ( #4504 )
...
This reverts commit 14594bd76e04ff09c442738800be5fdebc45512f.
2018-05-03 15:38:53 -04:00
7549ea0d12
proto changes ( #4503 )
2018-05-03 15:23:14 -04:00
d51acbde68
New proto version ( #4501 )
2018-05-03 10:19:39 -07:00
b78b9c7ebf
Iterating over CSR extensions, and skipping BasicConstraints, since those should be defined by the endpoint that's performing the signing. ( #4469 )
2018-05-01 11:22:49 -04:00
44b44f7f54
Early skip mssql test if not on acceptance, defer Teardown() early in testing.Test ( #4457 )
2018-04-26 12:17:44 -04:00
7d214d2a3a
Purge opened connections on retries during tests ( #4452 )
2018-04-26 11:28:58 -04:00
9ef3a36007
s/enable_local_secret_ids/local_secret_ids
2018-04-24 17:52:42 -04:00
965a16f888
remove unneeded comments
2018-04-24 16:28:25 -04:00
b91d53fd76
refactor to be able to defer lock.Unlock()
2018-04-24 16:17:24 -04:00
f3dd8b3d17
fix typo
2018-04-24 16:03:18 -04:00
b16ee7b32d
remove unneeded setting of secret ID prefix
2018-04-24 15:55:40 -04:00
7832e06fdc
Add field read test
2018-04-24 15:48:07 -04:00
10579f5d8d
Fix api path for reading the field
2018-04-24 14:28:03 -04:00
7039f6dccd
Merge branch 'master-oss' into approle-local-secretid
2018-04-24 11:03:39 -04:00
c46e021543
Add tests
2018-04-24 11:02:11 -04:00
aade040e50
Add immutability test
2018-04-24 10:05:17 -04:00
97c03c5a65
Add enable_local_secret_ids to role read response
2018-04-24 09:53:36 -04:00
cb52f3eb80
Use locking to avoid parallel script execution ( #4358 )
2018-04-23 18:04:22 -04:00
6b7a042003
error on enable_local_secret_ids update after role creation
2018-04-23 17:05:53 -04:00
644892c53c
naming changes
2018-04-23 16:52:09 -04:00
a369a4edb6
Upgrade secret ID prefix and fix tests
2018-04-23 16:31:51 -04:00
d14cd4a51e
segregate local and non-local accessor entries
2018-04-23 16:19:05 -04:00
7efbee2a12
Fix the tidy operation to consider both local and non-local secretID cleanups
2018-04-23 16:02:55 -04:00
743e3ace13
fix path regex and role storage
2018-04-23 14:08:30 -04:00
1680b56d43
add prefix to LocalStorage
2018-04-23 14:08:30 -04:00
97b821b231
local secret IDs
2018-04-23 14:08:30 -04:00
31633654ee
Explicitly use 5.7 and below to test mysql backends ( #4429 )
2018-04-23 13:03:02 -04:00
b3b7fba67e
Release database resources on each iteration of a loop ( #4305 )
2018-04-17 16:31:09 -07:00
c7dddaf537
Skip CI acceptance tests on missing required values ( #4346 )
...
* Skip dynamic key acceptance test if vaultssh user not present
* Skip aws acceptance test if required environment variables are missing
2018-04-13 10:18:06 -04:00
da1cfb86e9
run make fmt
2018-04-11 14:25:09 -07:00
8569c8c235
Merge branch 'opensource-master' into struct-tags
2018-04-11 13:04:08 -07:00
dab933ccaf
deviate from snake case
2018-04-11 13:03:33 -07:00
2dc4aa05f0
Dockerize radius auth backend acceptance tests ( #4276 )
2018-04-11 14:26:35 -04:00
fcfe036e60
fix 2 minor struct tag issues
2018-04-10 16:11:44 -07:00
bacf136785
Fix pki tests ( #4318 )
2018-04-09 15:19:05 -04:00
abb621752f
Clean up error string formatting ( #4304 )
2018-04-09 14:35:21 -04:00
19f9f6ee89
Root Credential Rotation Docs ( #4312 )
...
* updating root credential docs
* more docs updates
* more docs updates
2018-04-09 12:20:29 -04:00
656a762e0a
Dockerize mssql secret backend tests ( #4290 )
...
* Dockerize mssql secret backend tests
* Extend total mysql container timeout to 1 minute
2018-04-09 10:46:52 -04:00
cff34e983f
UI - pki updates ( #4291 )
...
* add require_cn to pki roles
* add policy_identifiers and basic_constraints_valid_for_non_ca to pki role form
* add new fields to the PKI docs
* add add_basic_constraints field
2018-04-08 21:09:29 -05:00
Becca Petrin