luxolus/open-vault
2
0
Fork 0
Code Issues 1 Pull requests Releases Activity
3875 commits 1 branch 0 tags 214 MiB
Commit graph

783 commits

Author SHA1 Message Date
vishalnayak f64987a6cf Add tests around writing and reading consul access configuration 2016-05-31 13:27:34 -04:00
Jeff Mitchell 036e7fa63e Add reading to consul config, and some better error handling. 2016-05-31 13:27:34 -04:00
vishalnayak a072f2807d Rename aws as aws-ec2 2016-05-30 14:11:15 -04:00
vishalnayak 950c76c020 rename credential/aws as credential/aws-ec2 2016-05-30 14:11:15 -04:00
vishalnayak 30fa7f304b Allow * to be set for allowed_users 2016-05-30 03:12:43 -04:00
vishalnayak 971b2cb7b7 Do not allow any username to login if allowed_users is not set 2016-05-30 03:01:47 -04:00
Jeff Mitchell e01bce371d Merge pull request #1462 from hashicorp/enable-auth-rollbacks 
Re-enable rollback triggers for auth backends
 2016-05-27 15:01:35 -04:00
Jeff Mitchell 39fe3200e3 Return nil for pre-0.5.3 Consul tokens to avoid pathological behavior 2016-05-27 13:09:52 -04:00
Jeff Mitchell f035a320d0 Add test for renew/revoke to Consul secret backend 2016-05-27 11:27:53 -04:00
vishalnayak 1d94828e45 Re-enable rollback triggers for auth backends 2016-05-26 14:29:41 -04:00
Vishal Nayak 644ac5f5e8 Merge pull request #1456 from hashicorp/consul-lease-renewal 
Fix the consul secret backends renewal revocation problem
 2016-05-26 13:59:45 -04:00
vishalnayak cfd337d06a Fix broken cert backend test 2016-05-26 11:06:46 -04:00
Jeff Mitchell 05d1da0656 Add comment about the deletions 2016-05-26 10:33:35 -04:00
Jeff Mitchell ccfa8d0567 Remove deprecated entries from PKI role output. 
Fixes #1452
 2016-05-26 10:32:04 -04:00
vishalnayak c0e745dbfa s/logical.ErrorResponse/fmt.Errorf in renewal functions of credential backends 2016-05-26 10:21:03 -04:00
vishalnayak 2ca846b401 s/logical.ErrorResponse/fmt.Errorf in revocation functions of secrets 2016-05-26 10:04:11 -04:00
vishalnayak 70b8530962 Fix the consul secret backends renewal revocation problem 2016-05-25 23:24:16 -04:00
Kevin Pike cdfc6b46fd Update and document rabbitmq test envvars 2016-05-20 23:28:02 -07:00
Kevin Pike 4eb20e4aa8 Merge remote-tracking branch 'origin/master' into rabbitmq 2016-05-20 23:27:22 -07:00
Kevin Pike 5783b02e36 Address feedback 2016-05-20 22:57:24 -07:00
Jeff Mitchell 8f592f3442 Don't use pointers to int64 in function calls when not necessary 2016-05-19 12:26:02 -04:00
Jeff Mitchell a13807e759 Merge pull request #1318 from steve-jansen/aws-logical-assume-role 
Add sts:AssumeRole support to the AWS secret backend
 2016-05-19 12:17:27 -04:00
Jeff Mitchell 1bef0c3584 Merge pull request #1245 from LeonDaniel/master 
Improved groups search for LDAP login
 2016-05-19 12:13:29 -04:00
Jeff Mitchell 91b65a893e Merge pull request #1430 from hashicorp/issue-1428 
Use Consul API client's DefaultNonPooledTransport.
 2016-05-17 20:59:50 -04:00
Jeff Mitchell 86e078ff98 Use Consul API client's DefaultNonPooledTransport. 
What we should probably do is create a client with a mutex and
invalidate it when parameters change rather than creating a client over
and over...that can be a TODO for later but for now this fix suffices.

Fixes #1428
 2016-05-18 00:47:42 +00:00
vishalnayak 65801942cb Naming of the locked and nonLocked methods 2016-05-17 20:39:24 -04:00
Jeff Mitchell ed574d63fe Merge pull request #1416 from shomron/list_ldap_group_mappings 
Support listing ldap group to policy mappings
 2016-05-16 16:22:13 -04:00
Sean Chittenden 792950e16c Merge pull request #1417 from hashicorp/b-pki-expire-ttl-unset 
Set entry's TTL before writing out the storage entry's config
 2016-05-15 10:02:03 -07:00
Sean Chittenden 7a4b31ce51
Speling police 2016-05-15 09:58:36 -07:00
Sean Chittenden b0bba6d271
Store clamped TTLs back in the role's config 2016-05-15 08:13:56 -07:00
Sean Chittenden 539475714d
Set entry's TTL before writing out the storage entry's config 2016-05-15 07:06:33 -07:00
Oren Shomron b8840ab9eb Support listing ldap group to policy mappings (Fixes #1270) 2016-05-14 20:00:40 -04:00
Vishal Nayak 53fc941761 Merge pull request #1300 from hashicorp/aws-auth-backend 
AWS EC2 instances authentication backend
 2016-05-14 19:42:03 -04:00
vishalnayak 4122ed860b Rename 'role_name' to 'role' 2016-05-13 14:31:13 -04:00
vishalnayak 9147f99c43 Remove unused param from checkForValidChain 2016-05-12 15:07:10 -04:00
vishalnayak 85d9523f98 Perform CRL checking for non-CA registered certs 2016-05-12 14:37:07 -04:00
vishalnayak be88306f92 Name the files based on changed path patterns 2016-05-12 11:52:07 -04:00
vishalnayak 7e8a2d55d0 Update docs and path names to the new patterns 2016-05-12 11:45:10 -04:00
vishalnayak ddcaf26396 Merge branch 'master-oss' into aws-auth-backend 2016-05-10 14:50:00 -04:00
vishalnayak d09748a135 Fix the acceptance tests 2016-05-09 22:07:51 -04:00
vishalnayak 95f3f08d29 Call client config internal from the locking method 2016-05-09 21:01:57 -04:00
Jeff Mitchell d899f9d411 Don't revoke CA certificates with leases. 2016-05-09 19:53:28 -04:00
Jeff Mitchell 4549625367 Update client code to use internal entry fetching 2016-05-09 23:26:00 +00:00
Jeff Mitchell d77563994c Merge pull request #1346 from hashicorp/disable-all-caches 
Disable all caches
 2016-05-07 16:33:45 -04:00
Steve Jansen 597d59962c Adds sts:AssumeRole support to the AWS secret backend 
Support use cases where you want to provision STS tokens
using Vault, but, you need to call AWS APIs that are blocked
for federated tokens.  For example, STS federated tokens cannot
invoke IAM APIs, such as  Terraform scripts containing
`aws_iam_*` resources.
 2016-05-05 23:32:41 -04:00
Jeff Mitchell c16b0a4f41 Switch whitelist to use longest max TTL 2016-05-05 20:44:48 -04:00
Jeff Mitchell 7a6c76289a Role tag updates 2016-05-05 15:32:14 -04:00
Jeff Mitchell b58ad615f2 Fix HMAC being overwritten. Also some documentation, and add a lock to role operations 2016-05-05 14:51:09 -04:00
Jeff Mitchell 0eddeb5c94 Guard tidy functions 2016-05-05 14:28:46 -04:00
Jeff Mitchell 2d4c390f87 More updates to mutexes and adjust blacklisted roletag default safety buffer 2016-05-05 14:12:22 -04:00
Jeff Mitchell 8fef6e3ac0 Rename identity whitelist and roletag blacklist api endpoints 2016-05-05 13:34:50 -04:00
Jeff Mitchell c69ba40d05 Move some mutexes around 2016-05-05 12:53:27 -04:00
Jeff Mitchell f689e4712d Update some mutexes in client config 2016-05-05 12:44:40 -04:00
Jeff Mitchell c15c227774 Fall back to non-base64 cert if it can't be decoded (it's checked later anyways) 2016-05-05 11:36:28 -04:00
Jeff Mitchell 25913fb18c Update commenting 2016-05-05 11:22:36 -04:00
Jeff Mitchell 15cbcedf1f Make the roletag blacklist the longest duration, not least 2016-05-05 11:00:41 -04:00
Jeff Mitchell e45d6c1120 Switch client code to shared awsutil code 2016-05-05 10:40:49 -04:00
Jeff Mitchell 4600ca8073 Merge branch 'master-oss' into aws-auth-backend 2016-05-05 10:36:06 -04:00
Jeff Mitchell b6b9cd6f1f Merge remote-tracking branch 'origin/master' into aws-cred-chain 2016-05-05 10:31:12 -04:00
Jeff Mitchell 3e71221839 Merge remote-tracking branch 'origin/master' into aws-auth-backend 2016-05-05 10:04:52 -04:00
vishalnayak 92fe94546c Split SanitizeTTL method to support time.Duration parameters as well 2016-05-05 09:45:48 -04:00
vishalnayak 4ede1d6f08 Add the steps to generate the CRL test's test-fixture files 2016-05-04 05:48:34 -04:00
vishalnayak b7c48ba109 Change image/ to a more flexible /role endpoint 2016-05-03 23:36:59 -04:00
Jeff Mitchell 1b0df1d46f Cleanups, add shared provider, ability to specify http client, and port S3 physical backend over 2016-05-03 17:01:02 -04:00
Jeff Mitchell 7fbe5d2eaa Region is required so error in awsutil if not set and set if empty in client code in logical/aws 2016-05-03 15:25:11 -04:00
Jeff Mitchell a244ef8a00 Refactor AWS credential code into a function that returns a static->env->instance chain 2016-05-03 15:10:35 -04:00
Jeff Mitchell 45a120f491 Switch our tri-copy ca loading code to go-rootcerts 2016-05-03 12:23:25 -04:00
Jeff Mitchell f21b88802f Add some more tests around deletion and fix upsert status returning 2016-05-03 00:19:18 -04:00
Jeff Mitchell 7e1bdbe924 Massively simplify lock handling based on feedback 2016-05-02 23:47:18 -04:00
Jeff Mitchell 7f3613cc6e Remove some deferring 2016-05-02 22:36:44 -04:00
Jeff Mitchell fa0d389a95 Change use-hint of lockAll and lockPolicy 2016-05-02 22:36:44 -04:00
Jeff Mitchell 49c56f05e8 Address review feedback 2016-05-02 22:36:44 -04:00
Jeff Mitchell 3e5391aa9c Switch to lockManager 2016-05-02 22:36:44 -04:00
Jeff Mitchell 08b91b776d Address feedback 2016-05-02 22:36:44 -04:00
Jeff Mitchell fedc8711a7 Fix up commenting and some minor tidbits 2016-05-02 22:36:44 -04:00
Jeff Mitchell fe1f56de40 Make a non-caching but still locking variant of transit for when caches are disabled 2016-05-02 22:36:44 -04:00
vishalnayak 9f2a111e85 Allow custom endpoint URLs to be supplied to make EC2 API calls 2016-05-02 17:21:52 -04:00
vishalnayak 57e8fcd8c2 Extend the expiry of test-fixture certs of Cert backend 2016-05-02 12:34:46 -04:00
Jeff Mitchell 3d1c88f315 Make GitHub org comparison case insensitive. 
Fixes #1359
 2016-05-02 00:18:31 -04:00
vishalnayak 1c91f652d4 Remove unnecessary append call 2016-04-30 03:20:21 -04:00
vishalnayak fde768125c Cert backend, CRL tests 2016-04-29 02:32:48 -04:00
vishalnayak 23d8ce62a3 Ensure that the instance is running during renewal 2016-04-28 16:34:35 -04:00
vishalnayak 2a2dc0befb Added allow_instance_migration to the role tag 2016-04-28 11:43:48 -04:00
vishalnayak 4161d3ef4f Change all time references to UTC 2016-04-28 10:19:29 -04:00
vishalnayak e591632630 Fix the deadlock issue 2016-04-28 01:01:33 -04:00
vishalnayak 4712533f1d minor updates 2016-04-28 00:35:49 -04:00
vishalnayak e6a9a5957d Refactor locks around config tidy endpoints 2016-04-27 22:32:43 -04:00
vishalnayak b75a6e2f0f Fix locking around config/client 2016-04-27 22:25:15 -04:00
vishalnayak 0e97b57beb Fix the list response of role tags 2016-04-27 22:03:11 -04:00
vishalnayak 779d73ce2b Removed existence check on blacklist/roletags, docs fixes 2016-04-27 21:29:32 -04:00
vishalnayak d44326ded6 Remove unnecessary lock switching around flushCachedEC2Clients 2016-04-27 20:13:56 -04:00
vishalnayak e1080f86ed Remove recreate parameter from clientEC2 2016-04-27 20:01:39 -04:00
vishalnayak 441477f342 Added ami_id to token metadata 2016-04-27 11:32:05 -04:00
leon b9c96bf7ce - updated refactored functions in ldap backend to return error instead of ldap response and fixed interrupted search in ldap groups search func 2016-04-27 18:17:54 +03:00
leon 08be31e9ab - refactored functionality in separate functions in ldap backend and used a separate ldap query to get ldap groups from userDN 2016-04-27 15:00:26 +03:00
vishalnayak 7144fd54f9 Added tests 2016-04-26 23:40:11 -04:00
vishalnayak 88942b0503 Added tests 2016-04-26 10:22:29 -04:00
vishalnayak 5a676a129e Added tests 2016-04-26 10:22:29 -04:00
vishalnayak e16f256b14 Added tests 2016-04-26 10:22:29 -04:00
vishalnayak 3a4021d6c4 Added tests 2016-04-26 10:22:29 -04:00