luxolus/open-vault
2
0
Fork 0
Code Issues 1 Pull requests Releases Activity
7132 commits 1 branch 0 tags 214 MiB
Commit graph

1462 commits

Author SHA1 Message Date
Dominik Müller e18e4036c7 add allowed_names to cert-response (#3779) 2018-01-16 13:41:58 -05:00
Paweł Słomka b994e83c65 Cleanup of deprecated commands in tests, docs (#3788) 2018-01-15 15:19:28 -05:00
Brian Kassouf 30378d5ff6
remove the Initialize wrap and call close explicitly (#3769) 2018-01-10 13:07:55 -08:00
Jeff Mitchell d8009bced1 Merge branch 'master-oss' into sethvargo/cli-magic 2018-01-10 11:15:49 -05:00
Jeff Mitchell 9c70985c3a
Add json.Number parsing for iam_request_header values (#3770) 
Fixes #3763
 2018-01-10 09:56:38 -06:00
Brian Kassouf 01914feb18
secret/database: ensure plugins are closed if they cannot be initialized (#3768) 2018-01-09 13:14:50 -08:00
Brian Kassouf 64da50c27c
Update plugin deps to include context changes (#3765) 
* Update plugin deps to include context changes

* Fix tests
 2018-01-08 12:26:13 -08:00
Brian Kassouf 1c190d4bda
Pass context to backends (#3750) 
* Start work on passing context to backends

* More work on passing context

* Unindent logical system

* Unindent token store

* Unindent passthrough

* Unindent cubbyhole

* Fix tests

* use requestContext in rollback and expiration managers
 2018-01-08 10:31:38 -08:00
Will Glynn 282f648597 Document that AWS STS lease revocation is a no-op [fixes #3736] (#3760) 2018-01-08 10:28:07 -06:00
Jeff Mitchell d1803098ae Merge branch 'master-oss' into sethvargo/cli-magic 2018-01-03 14:02:31 -05:00
Brian Shumate 2481803ac5 Update some approle related help output (#3747) 2018-01-03 13:56:14 -05:00
Brian Nuszkowski aa4d5a942e Add the ability to pass in mfa parameters when authenticating via the… (#3729) 2017-12-26 13:40:44 -05:00
Brian Kassouf a97b8c6f30
secret/database: Fix upgrading database backend (#3714) 2017-12-18 19:38:47 -08:00
Calvin Leung Huang c4e951efb8 Add period and max_ttl to cert role creation (#3642) 2017-12-18 15:29:45 -05:00
Chris Hoffman b1aee36251
short circuit cert extensions check (#3712) 2017-12-18 13:19:05 -05:00
Travis Cosgrave cf3e284396 Use Custom Cert Extensions as Cert Auth Constraint (#3634) 2017-12-18 12:53:44 -05:00
Jeff Mitchell 08f73e4a50
Merge pull request #3695 from hashicorp/creds-period-logic 2017-12-18 12:40:03 -05:00
Jeff Mitchell 77a7c52392
Merge branch 'master' into f-nomad 2017-12-18 12:23:39 -05:00
immutability e7faad641c Add Duo MFA to the Github backend (#3696) 2017-12-18 09:59:17 -05:00
Chris Hoffman 400d738403 use defaultconfig as base, adding env var test 2017-12-17 10:51:39 -05:00
Chris Hoffman f6bed8b925 fixing up config to allow environment vars supported by api client 2017-12-17 09:10:56 -05:00
Chris Hoffman b08606b320 adding existence check for roles 2017-12-15 19:50:20 -05:00
Chris Hoffman b904d28d82 adding access config existence check and delete endpoint 2017-12-15 19:18:32 -05:00
Calvin Leung Huang 997a1453e7 Use shortMaxTTL on Ec2 paths 2017-12-15 17:29:40 -05:00
Chris Hoffman c71f596fbd address some feedback 2017-12-15 17:06:56 -05:00
Chris Hoffman db0006ef65 Merge remote-tracking branch 'oss/master' into f-nomad 
* oss/master:
  Defer reader.Close that is used to determine sha256
  changelog++
  Avoid unseal failure if plugin backends fail to setup during postUnseal (#3686)
  Add logic for using Auth.Period when handling auth login/renew requests (#3677)
  plugins/database: use context with plugins that use database/sql package (#3691)
  changelog++
  Fix plaintext backup in transit (#3692)
  Database gRPC plugins (#3666)
 2017-12-15 17:05:42 -05:00
Calvin Leung Huang fe7ce434e4 Update logic on renew paths 2017-12-15 16:26:42 -05:00
Calvin Leung Huang 643451d46a Update login logic for aws creds backend 2017-12-15 16:18:19 -05:00
Calvin Leung Huang ba19b99f55 Update login logic for aws creds backend 2017-12-15 16:01:40 -05:00
Calvin Leung Huang 79cb82e133
Add logic for using Auth.Period when handling auth login/renew requests (#3677) 
* Add logic for using Auth.Period when handling auth login/renew requests

* Set auth.TTL if not set in handleLoginRequest

* Always set auth.TTL = te.TTL on handleLoginRequest, check TTL and period against sys values on RenewToken

* Get sysView from le.Path, revert tests

* Add back auth.Policies

* Fix TokenStore tests, add resp warning when capping values

* Use switch for ttl/period check on RenewToken

* Move comments around
 2017-12-15 13:30:05 -05:00
Brian Kassouf afe53eb862
Database gRPC plugins (#3666) 
* Start work on context aware backends

* Start work on moving the database plugins to gRPC in order to pass context

* Add context to builtin database plugins

* use byte slice instead of string

* Context all the things

* Move proto messages to the dbplugin package

* Add a grpc mechanism for running backend plugins

* Serve the GRPC plugin

* Add backwards compatibility to the database plugins

* Remove backend plugin changes

* Remove backend plugin changes

* Cleanup the transport implementations

* If grpc connection is in an unexpected state restart the plugin

* Fix tests

* Fix tests

* Remove context from the request object, replace it with context.TODO

* Add a test to verify netRPC plugins still work

* Remove unused mapstructure call

* Code review fixes

* Code review fixes

* Code review fixes
 2017-12-14 14:03:11 -08:00
Jeff Mitchell b478ba8bac
Merge branch 'master' into f-nomad 2017-12-14 16:44:28 -05:00
Jeff Mitchell d752da3648
Update Consul to use the role's configured lease on renew. (#3684) 2017-12-14 13:28:19 -05:00
Vishal Nayak 15b3d8738e Transit: backup/restore (#3637) 2017-12-14 12:51:50 -05:00
Vishal Nayak 513d12ab7c Fix the casing problem in approle (#3665) 2017-12-11 16:41:17 -05:00
Florent H. CARRÉ 539d86ab2d Hardening RSA keys for PKI and SSH (#3593) 2017-12-11 13:43:56 -05:00
Chris Hoffman 3b0ba609b2
Converting key_usage and allowed_domains in PKI to CommaStringSlice (#3621) 2017-12-11 13:13:35 -05:00
Brad Sickles 295e11d40d Adding mfa support to okta auth backend. (#3653) 2017-12-07 14:17:42 -05:00
Brian Shumate a0d1092420 Conditionally set file audit log mode (#3649) 2017-12-07 11:44:15 -05:00
Mohsen 2aa576149c Small typo relating to no_store in pki secret backend (#3662) 
* Removed typo :)

* Corrected typo in the website related to no_store
 2017-12-07 10:40:21 -05:00
Vishal Nayak 48ac5caaa9
Transit: Refactor internal representation of key entry map (#3652) 
* convert internal map to index by string

* Add upgrade test for internal key entry map

* address review feedback
 2017-12-06 18:24:00 -05:00
Dominik Müller bc523fc294 add allowed_names to cert-response (#3654) 2017-12-06 16:50:02 -05:00
Jeff Mitchell bfc37f0847
Re-add some functionality lost during last dep update (#3636) 2017-12-01 10:18:26 -05:00
Nicolas Corrarello b5fd1ce953
Adding SealWrap configuration, protecting the config/access path 
Signed-off-by: Nicolas Corrarello <nicolas@corrarello.com>
 2017-11-29 21:53:21 +00:00
Nicolas Corrarello b3799697a2
Rename policy into policies 2017-11-29 16:31:17 +00:00
Nicolas Corrarello 0d8f812dc8
Checking if client is not nil before deleting token 
Signed-off-by: Nicolas Corrarello <nicolas@corrarello.com>
 2017-11-29 16:23:03 +00:00
Nicolas Corrarello 239a9a9985
%q quotes automatically 
Signed-off-by: Nicolas Corrarello <nicolas@corrarello.com>
 2017-11-29 16:19:31 +00:00
Nicolas Corrarello 62fe10204a
Refactoring check for empty accessor as per Vishals suggestion 
Signed-off-by: Nicolas Corrarello <nicolas@corrarello.com>
 2017-11-29 15:58:39 +00:00
Nicolas Corrarello a6d3119e3e
Pull master into f-nomad 
Signed-off-by: Nicolas Corrarello <nicolas@corrarello.com>
 2017-11-29 15:56:37 +00:00
Nicolas Corrarello 89466815ba
Return an error if accesor_id is nil 
Signed-off-by: Nicolas Corrarello <nicolas@corrarello.com>
 2017-11-29 15:18:03 +00:00