scottk/vault
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/vault.git synced 2025-11-22 21:05:03 +00:00
Code Issues Packages Projects Releases Wiki Activity
18,722 Commits 2,630 Branches 341 Tags
auto-plugin-update/hashicorp/vault-plugin-database-redis-elasticache/auto-dependency-upgrades
Commit Graph

2656 Commits

Author SHA1 Message Date
vishalnayak
fc08007106 check CIDR block for renewal as well 2016-02-24 10:55:31 -05:00
vishalnayak
72b0390c9e Added renewal capability to app-id backend 2016-02-24 10:40:15 -05:00
Matt Hurne
8bd0cc6391 Improve error message returned when client attempts to generate STS credentials for a managed policy; addresses #1113 2016-02-23 08:58:28 -05:00
Jeff Mitchell
50082a61d8 Merge pull request #1114 from hashicorp/dont-delete-certs 
Do not delete certs (or revocation information)
 2016-02-22 16:11:13 -05:00
Jeff Mitchell
db8b4287e3 Address review feedback 2016-02-22 16:11:01 -05:00
Jeff Mitchell
5176c75a0f Remove extra debugging from PKI tests 2016-02-22 13:39:05 -05:00
Jeff Mitchell
9685c94459 Do not delete certs (or revocation information) to avoid potential 
issues related to time synchronization. A function will be added to
allow operators to perform cleanup at chosen times.
 2016-02-22 13:36:17 -05:00
Jeff Mitchell
4c2c932816 Fix issue where leftover values after cn tests could trigger errors in ipsan tests 2016-02-22 13:35:57 -05:00
Vishal Nayak
7dac5efe27 Merge pull request #1112 from hashicorp/1089-postgres-connection-url 
postgres: connection_url fix
 2016-02-22 11:36:04 -05:00
Jeff Mitchell
7c60548b9a More improvements to PKI tests; allow setting a specific seed, output 
the seed to the console, and split generated steps to make it
understandable which seed is for which set of steps.
 2016-02-22 11:22:52 -05:00
vishalnayak
046d7f87b4 postgres: connection_url fix 2016-02-22 11:22:49 -05:00
Jeff Mitchell
ec97c6c8e2 Use more fuzziness in PKI backend tests 2016-02-22 10:59:37 -05:00
Jeff Mitchell
d993993f18 Better handle errors from fetchCertBySerial 2016-02-22 10:36:26 -05:00
Kevin Pike
6ac1a8c48b Update update operation and uuid references 2016-02-21 15:31:22 -08:00
Kevin Pike
79ed734a2f Merge branch 'master' into rabbitmq 2016-02-21 14:55:06 -08:00
Kevin Pike
d805f2ef57 Add RabbitMQ secret backend 2016-02-21 14:52:57 -08:00
Jeff Mitchell
e065a1cd22 Remove root requirement for certs/ and crls/ in TLS auth backend. 
Fixes #468
 2016-02-21 15:33:33 -05:00
Jeff Mitchell
d3af63193b Add tests for minimum key size checking. (This will also verify that the 
key type matches that of the role, since type assertions are required to
check the bit size). Like the rest, these are fuzz tests; I have
verified that the random seed will eventually hit error conditions if
ErrorOk is not set correctly when we expect an error.
 2016-02-19 21:39:40 -05:00
Jeff Mitchell
5da2949d45 Check role key type and bits when signing CSR. 
Two exceptions: signing an intermediate CA CSR, and signing a CSR via
the 'sign-verbatim' path.
 2016-02-19 20:50:49 -05:00
vishalnayak
992a32975c Cap the length midString in IAM user's username to 42 2016-02-19 18:31:10 -05:00
Vishal Nayak
d123d4c02e Merge pull request #1102 from hashicorp/shorten-aws-usernames 
Set limits on generated IAM user and STS token names.
 2016-02-19 18:25:29 -05:00
Jeff Mitchell
9b57078b26 Some minor changes in mysql commenting and names 2016-02-19 16:44:52 -05:00
Jeff Mitchell
63a8061e87 Set limits on generated IAM user and STS token names. 
Fixes #1031
Fixes #1063
 2016-02-19 16:35:06 -05:00
vishalnayak
b4cd7d019e mysql: fix error message 2016-02-19 16:07:06 -05:00
vishalnayak
20342d9049 Don't deprecate value field yet 2016-02-19 16:07:06 -05:00
vishalnayak
d8f72887fc Removed connectionString.ConnectionString 2016-02-19 16:07:05 -05:00
vishalnayak
5f19c77897 mysql: provide allow_verification option to disable connection_url check 2016-02-19 16:07:05 -05:00
Jeff Mitchell
65494f8268 Merge pull request #1100 from hashicorp/issue-1030 
Properly escape filter values in LDAP filters
 2016-02-19 14:56:40 -05:00
Jeff Mitchell
ac3191ad02 Disallow 1024-bit RSA keys. 
Existing certificates are kept but roles with key bits < 2048 will need
to be updated as the signing/issuing functions now enforce this.
 2016-02-19 14:33:02 -05:00
Jeff Mitchell
73e84b8c38 Address some feedback on ldap escaping help text 2016-02-19 13:47:26 -05:00
Jeff Mitchell
a2aad0bbd6 Properly escape filter values. 
Fixes #1030
 2016-02-19 13:16:52 -05:00
Jeff Mitchell
331f57c082 Update LDAP documentation with a note on escaping 2016-02-19 13:16:18 -05:00
Jeff Mitchell
6ef35dcbb7 Add tests to ldap using the discover capability 2016-02-19 11:46:59 -05:00
Jeff Mitchell
7458084e09 Add ldap tests that use a bind dn and bind password 2016-02-19 11:38:27 -05:00
Vishal Nayak
81f849ad6a Merge pull request #1047 from hashicorp/vault-iss999-github-renewal 
GitHub renewal enhancements
 2016-02-18 16:47:15 -05:00
Vishal Nayak
ba9c0dced1 Merge pull request #1086 from hashicorp/iss962-verify-otp-response-code 
SSH: Fix response code for ssh/verify
 2016-02-18 13:32:28 -05:00
vishalnayak
f5f9a9a056 ssh: Fix response code for ssh/verify 2016-02-16 19:46:29 -05:00
vishalnayak
3bad2a3af0 Pki: Respond user error when cert is not found instead of internal error 2016-02-16 17:58:57 -05:00
vishalnayak
3b6ea0c3cb Github renewal enhancement 2016-02-11 20:42:42 -05:00
Jeff Mitchell
4923624593 Merge pull request #1061 from tomrittervg/tomrittervg-typos-1 
Fix some typos
 2016-02-11 15:12:09 -05:00
Jeff Mitchell
4ff2b119eb Merge pull request #1062 from tomrittervg/tomrittervg-AllowedBaseDomain-migration 
AllowedBaseDomain will stay non-empty in certain error conditions. None of these conditions should be hit anyways, but this provides an extra safety check.
 2016-02-11 15:07:54 -05:00
Jeff Mitchell
a1a7c11154 Merge pull request #1053 from mwielgoszewski/postgresql-revocation 
Fix PostgreSQL secret backend issues revoking users
 2016-02-11 12:52:37 -05:00
Tom Ritter
b6ef18cad0 Fix AllowedBaseDomain Migration 
AllowedBaseDomain is only zero-ed out if the domain is not found in the (new) AllowedDomains configuration setting. If the domain is found, AllowedBaseDomain is not emptied and this code will be run every single time.

//untested
 2016-02-09 15:42:15 -06:00
Tom Ritter
88ae7ae9fe Typo in error message in path_intermediate.go 2016-02-09 15:08:30 -06:00
Tom Ritter
ccdbb5d910 Typo in policy.go 2016-02-08 12:00:06 -06:00
Jeff Mitchell
122773ba71 Add slack on NotBefore value for generated certs. 
This fixes an issue where, due to clock skew, one system can get a cert
and try to use it before it thinks it's actually valid. The tolerance of
30 seconds should be high enough for pretty much any set of systems
using NTP.

Fixes #1035
 2016-02-07 14:00:03 -05:00
Jeff Mitchell
f75e121d8c Introduce a locking inmem storage for unit tests that are doing concurrent things 2016-02-04 09:40:35 -05:00
Jeff Mitchell
f4df0d828e Add transit fuzz test 2016-02-03 17:36:15 -05:00
Vishal Nayak
eb482c4066 Merge pull request #1013 from hashicorp/fix-ssh-tests 
Fix SSH tests
 2016-02-02 14:22:09 -05:00
vishalnayak
6b5b96d795 Fix SSH test cases. 2016-02-02 12:32:50 -05:00