open-vault/builtin/logical/ssh
Alexander Scheel 45c028a2fb
Allow specifying multiple allowed SSH key lengths (#13991)
* Allow specifying multiple allowed SSH key lengths

In the ssh secrets engine, only a single allowed key length was allowed
for each algorithm type. However, many algorithms have multiple safe
values (such as RSA and ECDSA); allowing a single role to have multiple
values for a single algorithm is thus helpful.

On creation or update, roles can now specify multiple types using a list
or comma separated string of allowed values:

    allowed_user_key_lengths: map[string][]int{"rsa": []int{2048, 4096}}

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add changelog entry

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Break out ssh upgrade logic into separate function

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Update parseutil for optional lists of integers

    go get -u github.com/hashicorp/go-secure-stdlib/parseutil
    go mod tidy

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Simplify parse logic using new parseutil

The newly introduced parseutil.ParseIntSlice handles the more
complicated optional int-like slice logic for us.

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2022-02-17 15:36:56 -05:00
..
cmd/ssh Update to api 1.0.1 and sdk 0.1.8 2019-04-15 14:10:07 -04:00
backend.go Switch to go modules (#6585) 2019-04-13 03:44:06 -04:00
backend_test.go Allow specifying multiple allowed SSH key lengths (#13991) 2022-02-17 15:36:56 -05:00
communicator.go builtin: deprecate errwrap.Wrapf() throughout (#11430) 2021-04-22 11:20:59 -04:00
linux_install_script.go Use locking to avoid parallel script execution (#4358) 2018-04-23 18:04:22 -04:00
path_config_ca.go Revert "MFA (#14049)" (#14135) 2022-02-17 13:17:59 -07:00
path_config_ca_test.go Revert "MFA (#14049)" (#14135) 2022-02-17 13:17:59 -07:00
path_config_zeroaddress.go Migrate to sdk/internalshared libs in go-secure-stdlib (#12090) 2021-07-15 20:17:31 -04:00
path_creds_create.go builtin: deprecate errwrap.Wrapf() throughout (#11430) 2021-04-22 11:20:59 -04:00
path_fetch.go Switch to go modules (#6585) 2019-04-13 03:44:06 -04:00
path_keys.go Run a more strict formatter over the code (#11312) 2021-04-08 09:43:39 -07:00
path_lookup.go Run a more strict formatter over the code (#11312) 2021-04-08 09:43:39 -07:00
path_roles.go Allow specifying multiple allowed SSH key lengths (#13991) 2022-02-17 15:36:56 -05:00
path_sign.go Allow specifying multiple allowed SSH key lengths (#13991) 2022-02-17 15:36:56 -05:00
path_verify.go Run a more strict formatter over the code (#11312) 2021-04-08 09:43:39 -07:00
secret_dynamic_key.go builtin: deprecate errwrap.Wrapf() throughout (#11430) 2021-04-22 11:20:59 -04:00
secret_otp.go Run a more strict formatter over the code (#11312) 2021-04-08 09:43:39 -07:00
util.go Allow specifying multiple allowed SSH key lengths (#13991) 2022-02-17 15:36:56 -05:00