scottk/vault
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/vault.git synced 2025-11-26 14:55:01 +00:00
Code Issues Packages Projects Releases Wiki Activity
10,543 Commits 2,630 Branches 341 Tags
68b40b814cc23ad02ef70a43a192040a901b749f
Commit Graph

1798 Commits

Author SHA1 Message Date
Becca Petrin
6c4266e553 move fields and field parsing to helper (#4603) 2018-05-21 17:04:26 -07:00
Becca Petrin
ca2bdbb8c0 Restrict userpass logins & tokens by CIDR (#4557) 2018-05-21 11:47:28 -07:00
Jeff Mitchell
157a14e7f9 Fix role writing not allowing key_type of any (#4596) 
Fixes #4595
 2018-05-19 10:24:43 -07:00
Becca Petrin
8ea9efd297 Move LDAP client and config code to helper (#4532) 2018-05-10 14:12:42 -07:00
Becca Petrin
5f342b4aa0 Shorten code by using ParseAddrs (#4546) 2018-05-10 13:21:55 -07:00
Becca Petrin
df4b650e61 Restrict cert auth by CIDR (#4478) 2018-05-09 15:39:55 -07:00
Jeff Mitchell
1fd005d98c Fix another PKI test 2018-05-09 12:51:34 -04:00
Jeff Mitchell
92438aa039 Fix PKI test 2018-05-09 12:47:00 -04:00
Jeff Mitchell
187c051ef3 Update PKI to natively use time.Duration (#4493) 
* Update PKI to natively use time.Duration

Among other things this now means PKI will output durations in seconds
like other backends, instead of as Go strings.

* Add a warning when refusing to blow away an existing root instead of just returning success

* Fix another issue found while debugging this...

The reason it wasn't caught on tests in the first place is that the ttl
and max ttl were only being compared if in addition to a provided csr, a
role was also provided. This was because the check was in the role !=
nil block instead of outside of it. This has been fixed, which made the
problem occur in all sign-verbatim cases and the changes in this PR have
now verified the fix.
 2018-05-09 10:29:54 -04:00
Vishal Nayak
977171dbbe approle: Make invalid role_id a 400 error instead of 500 (#4470) 
* make invalid role_id a 400 error

* remove single-use validateCredentials function

* remove single-use validateBindSecretID function

* adjust the error message for CIDR check failure

* locking updates as review feedback
 2018-05-04 10:15:16 -04:00
Jeff Mitchell
d98da14c27 Fix alias data being used for cert auth (serial number -> common name) (#4495) 
Fixes #4475
 2018-05-04 10:08:23 -04:00
Jeff Mitchell
b61b541581 Revert "proto changes (#4503)" (#4504) 
This reverts commit 14594bd76e.
 2018-05-03 15:38:53 -04:00
Vishal Nayak
14594bd76e proto changes (#4503) 2018-05-03 15:23:14 -04:00
Becca Petrin
ab9b638dbb New proto version (#4501) 2018-05-03 10:19:39 -07:00
Robison Jacka
c642eb5856 Iterating over CSR extensions, and skipping BasicConstraints, since those should be defined by the endpoint that's performing the signing. (#4469) 2018-05-01 11:22:49 -04:00
Calvin Leung Huang
1bbdc2ce84 Early skip mssql test if not on acceptance, defer Teardown() early in testing.Test (#4457) 2018-04-26 12:17:44 -04:00
Calvin Leung Huang
6fc57a91d8 Purge opened connections on retries during tests (#4452) 2018-04-26 11:28:58 -04:00
vishalnayak
a030db2af8 s/enable_local_secret_ids/local_secret_ids 2018-04-24 17:52:42 -04:00
vishalnayak
3c49d7b480 remove unneeded comments 2018-04-24 16:28:25 -04:00
vishalnayak
419e70c1e2 refactor to be able to defer lock.Unlock() 2018-04-24 16:17:24 -04:00
vishalnayak
417b004697 fix typo 2018-04-24 16:03:18 -04:00
vishalnayak
3f92d9c8ca remove unneeded setting of secret ID prefix 2018-04-24 15:55:40 -04:00
vishalnayak
33256ab446 Add field read test 2018-04-24 15:48:07 -04:00
vishalnayak
0962457bc8 Fix api path for reading the field 2018-04-24 14:28:03 -04:00
vishalnayak
a7814f38cc Merge branch 'master-oss' into approle-local-secretid 2018-04-24 11:03:39 -04:00
vishalnayak
42e95d4630 Add tests 2018-04-24 11:02:11 -04:00
vishalnayak
f39f4052a1 Add immutability test 2018-04-24 10:05:17 -04:00
vishalnayak
83aabbba05 Add enable_local_secret_ids to role read response 2018-04-24 09:53:36 -04:00
Alex Samorukov
3dc675c879 Use locking to avoid parallel script execution (#4358) 2018-04-23 18:04:22 -04:00
vishalnayak
20c7f20265 error on enable_local_secret_ids update after role creation 2018-04-23 17:05:53 -04:00
vishalnayak
b929187362 naming changes 2018-04-23 16:52:09 -04:00
vishalnayak
184dac8cfc Upgrade secret ID prefix and fix tests 2018-04-23 16:31:51 -04:00
vishalnayak
3d7e704f3f segregate local and non-local accessor entries 2018-04-23 16:19:05 -04:00
vishalnayak
52efa5e608 Fix the tidy operation to consider both local and non-local secretID cleanups 2018-04-23 16:02:55 -04:00
vishalnayak
4ee66b5958 fix path regex and role storage 2018-04-23 14:08:30 -04:00
vishalnayak
f8055c8e06 add prefix to LocalStorage 2018-04-23 14:08:30 -04:00
vishalnayak
953c7fbeca local secret IDs 2018-04-23 14:08:30 -04:00
Calvin Leung Huang
964645d45e Explicitly use 5.7 and below to test mysql backends (#4429) 2018-04-23 13:03:02 -04:00
Becca Petrin
f23b14a8c2 Release database resources on each iteration of a loop (#4305) 2018-04-17 16:31:09 -07:00
Calvin Leung Huang
57d678d144 Skip CI acceptance tests on missing required values (#4346) 
* Skip dynamic key acceptance test if vaultssh user not present

* Skip aws acceptance test if required environment variables are missing
 2018-04-13 10:18:06 -04:00
Becca Petrin
41de71f04b run make fmt 2018-04-11 14:25:09 -07:00
Becca Petrin
c588d02282 Merge branch 'opensource-master' into struct-tags 2018-04-11 13:04:08 -07:00
Becca Petrin
d1f2420a3c deviate from snake case 2018-04-11 13:03:33 -07:00
Calvin Leung Huang
898f710d90 Dockerize radius auth backend acceptance tests (#4276) 2018-04-11 14:26:35 -04:00
Becca Petrin
b79458ce7e fix 2 minor struct tag issues 2018-04-10 16:11:44 -07:00
Calvin Leung Huang
64a58aa1f7 Fix pki tests (#4318) 2018-04-09 15:19:05 -04:00
Becca Petrin
eb7c0ab84e Clean up error string formatting (#4304) 2018-04-09 14:35:21 -04:00
Chris Hoffman
295db4718f Root Credential Rotation Docs (#4312) 
* updating root credential docs

* more docs updates

* more docs updates
 2018-04-09 12:20:29 -04:00
Calvin Leung Huang
617b7b7a7c Dockerize mssql secret backend tests (#4290) 
* Dockerize mssql secret backend tests

* Extend total mysql container timeout to 1 minute
 2018-04-09 10:46:52 -04:00
Matthew Irish
fec8f13955 UI - pki updates (#4291) 
* add require_cn to pki roles
* add policy_identifiers and basic_constraints_valid_for_non_ca to pki role form
* add new fields to the PKI docs
* add add_basic_constraints field
 2018-04-08 21:09:29 -05:00