scottk/vault
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/vault.git synced 2025-11-01 02:57:59 +00:00
Code Issues Packages Projects Releases Wiki Activity
13,350 Commits 2,630 Branches 341 Tags
7ca2caf3d0b9aebe6ecc4ef13de9f9fc895b4bcd
Commit Graph

31 Commits

Author SHA1 Message Date
Lars Lehtonen
7ca2caf3d0 builtin: deprecate errwrap.Wrapf() throughout (#11430) 
* audit: deprecate errwrap.Wrapf()

* builtin/audit/file: deprecate errwrap.Wrapf()

* builtin/crediential/app-id: deprecate errwrap.Wrapf()

* builtin/credential/approle: deprecate errwrap.Wrapf()

* builtin/credential/aws: deprecate errwrap.Wrapf()

* builtin/credentials/token: deprecate errwrap.Wrapf()

* builtin/credential/github: deprecate errwrap.Wrapf()

* builtin/credential/cert: deprecate errwrap.Wrapf()

* builtin/logical/transit: deprecate errwrap.Wrapf()

* builtin/logical/totp: deprecate errwrap.Wrapf()

* builtin/logical/ssh: deprecate errwrap.Wrapf()

* builtin/logical/rabbitmq: deprecate errwrap.Wrapf()

* builtin/logical/postgresql: deprecate errwrap.Wrapf()

* builtin/logical/pki: deprecate errwrap.Wrapf()

* builtin/logical/nomad: deprecate errwrap.Wrapf()

* builtin/logical/mssql: deprecate errwrap.Wrapf()

* builtin/logical/database: deprecate errwrap.Wrapf()

* builtin/logical/consul: deprecate errwrap.Wrapf()

* builtin/logical/cassandra: deprecate errwrap.Wrapf()

* builtin/logical/aws: deprecate errwrap.Wrapf()
 2021-04-22 11:20:59 -04:00
Brian Kassouf
a24653cc5c Run a more strict formatter over the code (#11312) 
* Update tooling

* Run gofumpt

* go mod vendor
 2021-04-08 09:43:39 -07:00
Evgeniy Kosov
6960b76b99 Wrap sign error from an external lib (#10301) 2021-03-15 16:26:06 -06:00
Calvin Leung Huang
c990068679 secrets/ssh: allow algorithm_signer to use the key's default algo (#9824) 
* secrets/ssh: allow algorithm_signer to use the key's default algo

* add test for ed25519 key signing

* test: add role upgrade test case

* test: rename and add more test cases

* test: clean up tests cases, fix broken test case on expected error

* test: fix broken test case on expected error
 2020-08-26 12:31:56 -07:00
James Hodgkinson
b7ccd547bb fixing a spelling error (#9693) 
Co-authored-by: Jim Kalafut <jkalafut@hashicorp.com>
 2020-08-09 06:17:02 -07:00
ncabatoff
de62507bd7 Add ssh signing algorithm as a role option. (#9096) 2020-06-11 08:10:13 -04:00
Fredrik Hoem Grelland
d27374e5ca identity propagation in ssh secrets engine #7547 (#7548) 
* identity propagation in ssh secrets engine #7547

* flag to enable templating allowed_users ssh (ca) secrets backend.
 2020-02-15 11:04:33 -08:00
Anthony Dong
9950383f6a ssh backend: support at character in role name (#8038) 2020-01-21 11:46:29 +01:00
Jeff Mitchell
278bdd1f4e Switch to go modules (#6585) 
* Switch to go modules

* Make fmt
 2019-04-13 03:44:06 -04:00
Jeff Mitchell
170521481d Create sdk/ and api/ submodules (#6583) 2019-04-12 17:54:35 -04:00
Clint
7c78575660 Add signed key constraints to SSH CA [continued] (#6030) 
* Adds the ability to enforce particular ssh key types and minimum key
lengths when using Signed SSH Certificates via the SSH Secret Engine.
 2019-02-11 13:03:26 -05:00
Vishal Nayak
e2bb2ec3b9 Errwrap everywhere (#4252) 
* package api

* package builtin/credential

* package builtin/logical

* package command

* package helper

* package http and logical

* package physical

* package shamir

* package vault

* package vault

* address feedback

* more fixes
 2018-04-05 11:49:21 -04:00
Brian Kassouf
8142b42d95 Add context to storage backends and wire it through a lot of places (#3817) 2018-01-19 01:44:44 -05:00
Brian Kassouf
78adac0a24 Pass context to backends (#3750) 
* Start work on passing context to backends

* More work on passing context

* Unindent logical system

* Unindent token store

* Unindent passthrough

* Unindent cubbyhole

* Fix tests

* use requestContext in rollback and expiration managers
 2018-01-08 10:31:38 -08:00
Jeff Mitchell
3e81fe4c62 Simplify TTL/MaxTTL logic in SSH CA paths and sane with the rest of how (#3507) 
Vault parses/returns TTLs.
 2017-10-30 15:05:47 -05:00
Chris Hoffman
0ac923d38b fixing recovery from x/golang/crypto panics 2017-07-27 21:00:31 -04:00
Jeff Mitchell
4a951fdeac Recover during a request forward. 
gRPC doesn't have a handler for recovering from a panic like a normal
HTTP request so a panic will actually kill Vault's listener. This
basically copies the net/http logic for managing this.

The SSH-specific logic is removed here as the underlying issue is caused
by the request forwarding mechanism.
 2017-07-27 11:44:56 -04:00
Brian Nuszkowski
5bc4dc7540 Add the option to specify a specific key id format that is generated … (#2888) 2017-06-29 04:05:06 +01:00
Jeff Mitchell
f6155ea8c5 If recovering from panic ensure the cert returned is nil 2017-06-16 18:18:15 -04:00
Jeff Mitchell
0ee100e0ec Go's SSH library can panic without warning; recover. 
Ping #2877 -- but don't close yet in case there are more places.
 2017-06-16 18:16:45 -04:00
Jeff Mitchell
866b384494 Parse and dedup but do not lowercase principals in SSH certs. (#2591) 2017-04-18 12:21:02 -04:00
Jeff Mitchell
a5d1808efe Always include a hash of the public key and "vault" (to know where it (#2498) 
came from) when generating a cert for SSH.

Follow on from #2494
 2017-03-16 11:14:17 -04:00
Mike Okner
6f84f7ffd0 Adding allow_user_key_ids field to SSH role config (#2494) 
Adding a boolean field that determines whether users will be allowed to
set the ID of the signed SSH key or whether it will always be the token
display name.  Preventing users from changing the ID and always using
the token name is useful for auditing who actually used a key to access
a remote host since sshd logs key IDs.
 2017-03-16 08:45:11 -04:00
Vishal Nayak
a4e41f6568 SSH CA enhancements (#2442) 
* Use constants for storage paths

* Upgrade path for public key storage

* Fix calculateValidPrincipals, upgrade ca_private_key, and other changes

* Remove a print statement

* Added tests for upgrade case

* Make exporting consistent in creation bundle

* unexporting and constants

* Move keys into a struct instead of plain string

* minor changes
 2017-03-08 17:36:21 -05:00
Jeff Mitchell
df575f0b3a Rename helper 'duration' to 'parseutil'. (#2449) 
Add a ParseBool function that accepts various kinds of ways of
specifying booleans.

Have config use ParseBool for UI and disabling mlock/cache.
 2017-03-07 11:21:22 -05:00
Jeff Mitchell
1c821e448d Update error text to make it more obvious what the issue is when valid principals aren't found 2017-03-02 15:56:08 -05:00
Jeff Mitchell
db29bde264 Fix a bunch of errors from returning 5xx, and parse more duration types 2017-03-02 15:38:34 -05:00
Vishal Nayak
d30a833db7 Rework ssh ca (#2419) 
* docs: input format for default_critical_options and default_extensions

* s/sshca/ssh

* Added default_critical_options and default_extensions to the read endpoint of role

* Change default time return value to 0
 2017-03-01 15:50:23 -05:00
Will May
7d9cb5bffe Changes from code review 
Major changes are:
* Remove duplicate code
* Check the public key used to configure the backend is a valid one
 2017-03-01 15:19:18 -05:00
Will May
59397250da Changes from code review 
Major changes are:
* Change `allow_{user,host}_certificates` to default to false
* Add separate `allowed_domains` role property
 2017-03-01 15:19:18 -05:00
Will May
1d59b965cb Add ability to create SSH certificates 2017-03-01 15:19:18 -05:00