Vishal Nayak
a4b119dc25
Merge pull request #1920 from legal90/fix-approle-delete
...
Fix panic on deleting the AppRole which doesn't exist
2016-09-26 10:05:33 -04:00
Mikhail Zholobov
3f77013004
Fix panic on deleting the AppRole which doesn't exist
...
#pathRoleDelete should return silently if the specified AppRole doesn't exist
Fixes GH-1919
2016-09-26 16:55:08 +03:00
Jeff Mitchell
6bf871995b
Don't use time.Time in responses. ( #1912 )
...
This fixes #1911 but not directly; it doesn't address the cause of the
panic. However, it turns out that this is the correct fix anyways,
because it ensures that the value being logged is RFC3339 format, which
is what the time turns into in JSON but not the normal time string
value, so what we audit log (and HMAC) matches what we are returning.
2016-09-23 12:32:07 -04:00
Jeff Mitchell
676e7e0f07
Ensure upgrades have a valid HMAC key
2016-09-21 11:10:57 -04:00
Jeff Mitchell
0ff76e16d2
Transit and audit enhancements
2016-09-21 10:49:26 -04:00
Chris Hoffman
5c241d31e7
Renaming ttl_max -> max_ttl in mssql backend ( #1905 )
2016-09-20 12:39:02 -04:00
Vishal Nayak
97dc0e9f64
Merge pull request #1897 from hashicorp/secret-id-accessor-locks
...
Safely manipulate secret id accessors
2016-09-19 11:37:38 -04:00
vishalnayak
fefd3a6c0b
s/GetOctalFormatted/GetHexFormatted
2016-09-16 17:47:15 -04:00
Jeff Mitchell
897d3c6d2c
Rename GetOctalFormatted and add serial number to ParsedCertBundle. Basically a noop.
2016-09-16 11:05:43 -04:00
vishalnayak
ba72e7887a
Safely manipulate secret id accessors
2016-09-15 18:13:50 -04:00
Vishal Nayak
61664bc653
Merge pull request #1886 from hashicorp/approle-upgrade-notes
...
upgrade notes entry for approle constraint and warning on role read
2016-09-15 12:14:01 -04:00
vishalnayak
5597156886
check for nil role
2016-09-15 12:10:40 -04:00
vishalnayak
92986bb2a0
Address review feedback
2016-09-15 11:41:52 -04:00
vishalnayak
a1de742dce
s/disableReauthenticationNonce/reauthentication-disabled-nonce
2016-09-15 11:29:02 -04:00
vishalnayak
9bca127631
Updated docs with nonce usage
2016-09-14 19:31:09 -04:00
vishalnayak
857f921d76
Added comment
2016-09-14 18:27:35 -04:00
vishalnayak
39796e8801
Disable reauthentication if nonce is explicitly set to empty
2016-09-14 17:58:00 -04:00
vishalnayak
d0e4d77fce
address review feedback
2016-09-14 14:28:02 -04:00
vishalnayak
d7ce69c5eb
Remove the client nonce being empty check
2016-09-14 14:28:02 -04:00
vishalnayak
53c919b1d0
Generate the nonce by default
2016-09-14 14:28:02 -04:00
vishalnayak
455a4ae055
address review feedback
2016-09-14 12:08:35 -04:00
vishalnayak
b1392567d1
Use constant time comparisons for client nonce
2016-09-13 20:12:43 -04:00
vishalnayak
d2e66014ba
Address review feedback
2016-09-13 18:30:04 -04:00
Jeff Mitchell
29b67141eb
Only use running state for checking if instance is alive. ( #1885 )
...
Fixes #1884
2016-09-13 18:08:05 -04:00
vishalnayak
99a2655d8e
upgrade notes entry for approle constraint and warning on role read
2016-09-13 17:44:07 -04:00
vishalnayak
bef9c2ee61
Ensure at least one constraint on the role
2016-09-13 16:03:15 -04:00
Jeff Mitchell
197c7eae5f
Allow encrypting empty ciphertext values. ( #1881 )
...
Replaces #1874
2016-09-13 12:00:04 -04:00
vishalnayak
b599948e1c
Use uuid.GenerateRandomBytes
2016-09-09 14:17:09 -04:00
vishalnayak
127f61473b
Not exposing structs from the backend's package
2016-09-01 11:57:28 -04:00
Jeff Mitchell
1db0544b7a
Use unexported kdf const names
2016-08-31 07:19:58 -04:00
Vishal Nayak
c46a7391c0
Merge pull request #1799 from hashicorp/fix-role-locking
...
approle: fix racy updates problem for roles
2016-08-30 16:46:40 -04:00
vishalnayak
cdcfa4572f
Address review feedback
2016-08-30 16:36:58 -04:00
Jeff Mitchell
d2239d22d9
Use hkdf for transit key derivation for new keys ( #1812 )
...
Use hkdf for transit key derivation for new keys
2016-08-30 16:29:09 -04:00
vishalnayak
29b9295673
approle: fix racy updates problem for roles
2016-08-30 16:11:14 -04:00
vishalnayak
9dbc97028b
STS path field description update
2016-08-30 10:53:21 -04:00
vishalnayak
0b07ec7303
Added UpdateOperation to logical AWS STS path
2016-08-30 10:30:13 -04:00
Vishal Nayak
cdd1d96a64
Merge pull request #1804 from hashicorp/issue-1800
...
Mark STS secrets as non-renwable
2016-08-29 11:46:19 -04:00
navinanandaraj
8612b6139e
Fixes #1801 Reuse Cassandra session object for create creds ( #1802 )
2016-08-28 17:32:41 -04:00
Jeff Mitchell
f0537572a8
Mark STS secrets as non-renwable
...
Ping #1800
2016-08-28 14:27:56 -04:00
Jeff Mitchell
0b113f7916
Derive nonce fully in convergent mode ( #1796 )
...
Ping #1794
2016-08-26 17:01:56 -04:00
Jeff Mitchell
2f5876dfe9
Use key derivation for convergent nonce. ( #1794 )
...
Use key derivation for convergent nonce.
Fixes #1792
2016-08-26 14:11:03 -04:00
Jeff Mitchell
28739f3528
Decode secret internal data into struct and fix type assertion. ( #1781 )
2016-08-24 15:04:04 -04:00
Jeff Mitchell
d1284944c3
Merge pull request #1755 from hashicorp/logxi
...
Convert to logxi
2016-08-21 19:28:18 -04:00
Jeff Mitchell
58b32e5432
Convert to logxi
2016-08-21 18:13:37 -04:00
vishalnayak
524ed6db37
Extract out common code
2016-08-21 15:46:11 -04:00
vishalnayak
dfe73733d5
Seperate endpoints for read/delete using secret-id and accessor
2016-08-21 14:42:49 -04:00
Jeff Mitchell
2860dcc60f
gofmt
2016-08-19 16:48:32 -04:00
vishalnayak
7ce631f1dc
Pretty print the warning
2016-08-18 16:09:10 -04:00
vishalnayak
870ffd6fd8
Use shortestTTL value during renewals too
2016-08-18 15:43:58 -04:00
vishalnayak
4f1c47478e
When TTL is not set, consider the system default TTL as well
2016-08-18 15:37:59 -04:00