scottk/vault
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/vault.git synced 2025-12-02 18:23:45 +00:00
Code Issues Packages Projects Releases Wiki Activity
10,305 Commits 2,630 Branches 341 Tags
9be11282019932f87c62cb15ae23f9db4c7f144f
Commit Graph

1080 Commits

Author SHA1 Message Date
Vishal Nayak
3797666436 Transit: Support batch encryption and decryption (#2143) 
* Transit: Support batch encryption

* Address review feedback

* Make the normal flow go through as a batch request

* Transit: Error out if encryption fails during batch processing

* Transit: Infer the 'derived' parameter based on 'context' being set

* Transit: Batch encryption doc updates

* Transit: Return a JSON string instead of []byte

* Transit: Add batch encryption tests

* Remove plaintext empty check

* Added tests for batch encryption, more coming..

* Added more batch encryption tests

* Check for base64 decoding of plaintext before encrypting

* Transit: Support batch decryption

* Transit: Added tests for batch decryption

* Transit: Doc update for batch decryption

* Transit: Sync the path-help and website docs for decrypt endpoint

* Add batch processing for rewrap

* transit: input validation for context

* transit: add rewrap batch option to docs

* Remove unnecessary variables from test

* transit: Added tests for rewrap use cases

* Address review feedback

* Address review feedback

* Address review feedback

* transit: move input checking out of critical path

* transit: allow empty plaintexts for batch encryption

* transit: use common structs for batch processing

* transit: avoid duplicate creation of structs; add omitempty to response structs

* transit: address review feedback

* transit: fix tests

* address review feedback

* transit: fix tests

* transit: rewrap encrypt user error should not error out

* transit: error out for internal errors
 2017-02-02 14:24:20 -05:00
Jeff Mitchell
3789e8c427 Add cleanup functions to multiple DB backends. (#2313) 
Ensure it's called on unmount, not just for seal.
 2017-02-01 14:05:25 -05:00
Jeff Mitchell
b44519e742 Make export errors a bit more meaningful 2017-01-30 09:25:50 -05:00
Jeff Mitchell
082aa90103 Have transit exporting return the same structure regardless of one key or many 2017-01-28 10:37:35 -05:00
Brian Kassouf
c642fbf18e Migrate cassandra test from acceptance to dockertest (#2295) 2017-01-25 15:37:55 -05:00
Jeff Mitchell
28978861de Revert "Disable PKI OU tests to fix the build" 
This reverts commit b1ab7c5603.
 2017-01-24 09:58:28 -05:00
vishalnayak
b1ab7c5603 Disable PKI OU tests to fix the build 2017-01-24 06:25:56 -05:00
joe miller
90e32515ea allow roles to set OU value in certificates issued by the pki backend (#2251) 2017-01-23 12:44:45 -05:00
Chris Hoffman
43bae79d01 Adding support for exportable transit keys (#2133) 2017-01-23 11:04:43 -05:00
Vishal Nayak
0645606f84 Merge pull request #2202 from fcantournet/fix_govet_fatalf 
all: test: Fix govet warnings
 2017-01-17 16:45:35 -05:00
Matthew Irish
231f00dff2 Transit key actions (#2254) 
* add supports_* for transit key reads

* update transit docs with new supports_* fields
 2017-01-11 10:05:06 -06:00
joe miller
a76a49732d sign-verbatim should set use_csr_common_name to true (#2243) 2017-01-10 09:47:59 -05:00
Jeff Mitchell
454ddd4c48 Use dockertest.v2 (#2247) 
New dockertest has a totally different API and will require some serious
refactoring. This will tide over until then by pinning the API version.
 2017-01-09 13:46:54 -05:00
Félix Cantournet
0d6d4211b8 all: test: Fix govet warnings 
Fix calls to t.Fatal() with formatting.
Fixed some calls to Fatalf() with wrong formatting
 2016-12-21 19:44:07 +01:00
vishalnayak
cc92d166f3 Address review feedback 2016-12-20 11:19:47 -05:00
vishalnayak
c80b1dc2b9 pki: Avoiding a storage read 2016-12-20 11:07:20 -05:00
vishalnayak
faa975326d pki: Appended error to error message 2016-12-19 10:49:32 -05:00
vishalnayak
c8319e330d PKI: Added error to the error message 2016-12-19 10:47:29 -05:00
Jeff Mitchell
a498cec44f normalize some capitlization in error messages 2016-12-15 19:02:33 -05:00
Jeff Mitchell
b9be3da2bc Fix nil value panic when Consul returns a user error (#2145) 2016-12-01 10:22:32 -08:00
vascop
59c55e0aa6 Fix typo and remove trailing whitespace. (#2074) 2016-11-08 09:32:23 -05:00
Jeff Mitchell
5a6b1987c5 Add listing to Consul secret roles (#2065) 2016-11-04 12:35:16 -04:00
vishalnayak
e6daa3782a Return the revocation_sql from role read all the time 2016-10-27 12:24:31 -04:00
vishalnayak
8293b19a98 Added revocation_sql to the website docs 2016-10-27 12:15:08 -04:00
vishalnayak
2ac019a9c5 Move policy test to keysutil package 2016-10-26 19:57:28 -04:00
vishalnayak
b30d5f5c57 Pulled out transit's lock manager and policy structs into a helper 2016-10-26 19:52:31 -04:00
vishalnayak
b408c95e0d ssh: Use temporary file to store the identity file 2016-10-18 12:50:12 -04:00
Chris Hoffman
4406a39da2 Add ability to list keys in transit backend (#1987) 2016-10-18 10:13:01 -04:00
Laura Bennett
1cc7c811c7 address feedback 2016-10-10 12:16:55 -04:00
Laura Bennett
bc58e02fe8 initial commit to fix empty consistency option issue 2016-10-08 20:22:26 -04:00
Jeff Mitchell
d7615b0477 Don't use quoted identifier for the username 2016-10-05 14:31:19 -04:00
Jeff Mitchell
37df43d534 Postgres revocation sql, beta mode (#1972) 2016-10-05 13:52:59 -04:00
vishalnayak
e90acaeb6c Refactor mysql's revoke SQL 2016-10-04 19:30:25 -04:00
Vishal Nayak
b22b4edc71 Merge pull request #1914 from jpweber/mysql-revoke 
Mysql revoke with non-wildcard hosts
 2016-10-04 17:44:15 -04:00
Jim Weber
6b9b646e8a removed an unused ok variable. Added warning and force use for default queries if role is nil 2016-10-04 17:15:29 -04:00
Jim Weber
1ec0a2d403 fixed an incorrect assignment 2016-10-03 21:51:40 -04:00
Jim Weber
1b591fb6d5 More resilient around cases of missing role names and using the default when needed. 2016-10-03 20:20:00 -04:00
Jim Weber
67d991f4ab Refactored logic some to make sure we can always fall back to default revoke statments 
Changed rolename to role
made default sql revoke statments a const
 2016-10-03 15:59:56 -04:00
Jim Weber
179c07075a fixed some more issues I had with the tests. 2016-10-03 15:58:09 -04:00
Jim Weber
aa5bb3b354 renamed rolname to role 2016-10-03 15:57:47 -04:00
Jim Weber
003d0df191 Reduced duplicated code and fixed comments and simple variable name mistakes 2016-10-03 14:53:05 -04:00
Jim Weber
10855b070f Added test for revoking mysql user with wild card host and non-wildcard host 2016-10-02 22:28:54 -04:00
Jim Weber
47465e782c saving role name to the Secret Internal data. Default revoke query added 
The rolename is now saved to the secret internal data for fetching
later during the user revocation process. No longer deriving the role
name from request path

Added support for default revoke SQL statements that will provide the
same functionality as before. If not revoke SQL statements are provided
the default statements are used.

Cleaned up personal ignores from the .gitignore file
 2016-10-02 18:53:16 -04:00
Jeff Mitchell
c748ff322f Change default TTL from 30 to 32 to accommodate monthly operations (#1942) 2016-09-28 18:32:49 -04:00
Laura Bennett
4cfe098ce4 Merge pull request #1931 from hashicorp/cass-consistency 
Adding consistency into cassandra
 2016-09-27 21:12:02 -04:00
Chris Hoffman
10c8024fa3 Adding support for chained intermediate CAs in pki backend (#1694) 2016-09-27 17:50:17 -07:00
Laura Bennett
8b41676dbc minor updates 2016-09-27 20:35:11 -04:00
Laura Bennett
011d65f59c added parsing at role creation 2016-09-27 16:01:51 -04:00
Laura Bennett
dc4fdf37d7 initial commit for consistency added into cassandra 2016-09-27 13:25:18 -04:00
Vishal Nayak
92cb781be9 Merge pull request #1910 from hashicorp/secret-id-cidr-list 
CIDR restrictions on Secret ID
 2016-09-26 10:22:48 -04:00