scottk/vault
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/vault.git synced 2025-11-27 07:13:42 +00:00
Code Issues Packages Projects Releases Wiki Activity
10,305 Commits 2,630 Branches 341 Tags
9be11282019932f87c62cb15ae23f9db4c7f144f
Commit Graph

1080 Commits

Author SHA1 Message Date
Chris Hoffman
628153979a Converting key_usage and allowed_domains in PKI to CommaStringSlice (#3621) 2017-12-11 13:13:35 -05:00
Mohsen
77fc89088d Small typo relating to no_store in pki secret backend (#3662) 
* Removed typo :)

* Corrected typo in the website related to no_store
 2017-12-07 10:40:21 -05:00
Vishal Nayak
18311d253d Transit: Refactor internal representation of key entry map (#3652) 
* convert internal map to index by string

* Add upgrade test for internal key entry map

* address review feedback
 2017-12-06 18:24:00 -05:00
Nicolas Corrarello
884e25035f Adding SealWrap configuration, protecting the config/access path 
Signed-off-by: Nicolas Corrarello <nicolas@corrarello.com>
 2017-11-29 21:53:21 +00:00
Nicolas Corrarello
12e77fac51 Rename policy into policies 2017-11-29 16:31:17 +00:00
Nicolas Corrarello
0780c6250b Checking if client is not nil before deleting token 
Signed-off-by: Nicolas Corrarello <nicolas@corrarello.com>
 2017-11-29 16:23:03 +00:00
Nicolas Corrarello
66840ac4db %q quotes automatically 
Signed-off-by: Nicolas Corrarello <nicolas@corrarello.com>
 2017-11-29 16:19:31 +00:00
Nicolas Corrarello
9d78bfa721 Refactoring check for empty accessor as per Vishals suggestion 
Signed-off-by: Nicolas Corrarello <nicolas@corrarello.com>
 2017-11-29 15:58:39 +00:00
Nicolas Corrarello
a3df394134 Pull master into f-nomad 
Signed-off-by: Nicolas Corrarello <nicolas@corrarello.com>
 2017-11-29 15:56:37 +00:00
Nicolas Corrarello
e6b3438d92 Return an error if accesor_id is nil 
Signed-off-by: Nicolas Corrarello <nicolas@corrarello.com>
 2017-11-29 15:18:03 +00:00
Nicolas Corrarello
cfa0715d1e Returning nil config if is actually nil, and catching the error before creating the client in backend.go 
Signed-off-by: Nicolas Corrarello <nicolas@corrarello.com>
 2017-11-29 11:15:54 +00:00
Nicolas Corrarello
f8babf19ad Moving LeaseConfig function to path_config_lease.go 
Signed-off-by: Nicolas Corrarello <nicolas@corrarello.com>
 2017-11-29 11:07:17 +00:00
Nicolas Corrarello
1db26e73f4 Return error before creating a client if conf is nil 2017-11-29 11:01:31 +00:00
Nicolas Corrarello
a5f01d49e2 Sanitizing error outputs 2017-11-29 10:58:02 +00:00
Nicolas Corrarello
e3a73ead35 Renaming tokenRaw to accessorIDRaw to avoid confusion, as the token is not being used for revoking itself 2017-11-29 10:48:55 +00:00
Nicolas Corrarello
3134c7262d Updating descriptions, defaults for roles 2017-11-29 10:44:40 +00:00
Nicolas Corrarello
a280884433 Validating that Address and Token are provided in path_config_access.go 2017-11-29 10:36:34 +00:00
Nicolas Corrarello
e1e63f8883 Removing legacy field scheme that belonged to the Consul API 2017-11-29 10:29:39 +00:00
Jeff Mitchell
0c3db8eaca Remove allow_base_domain from PKI role output. 
It was never used in a release, in favor of allow_bare_domains.

Fixes #1452 (again)
 2017-11-09 10:24:36 -05:00
Jeff Mitchell
4535c8c38d Don't read out an internal role member in PKI 2017-11-08 18:20:53 -05:00
Chris Hoffman
b2549f3922 adding ttl to secret, refactoring for consistency 2017-11-07 09:58:19 -05:00
Calvin Leung Huang
1cf3414352 Fix deprecated cassandra backend tests (#3543) 2017-11-06 17:15:45 -05:00
Chris Hoffman
26daf9d432 minor cleanup 2017-11-06 16:36:37 -05:00
Chris Hoffman
cbe172fb65 minor cleanup 2017-11-06 16:34:20 -05:00
Gregory Reshetniak
81e18aeccd added AWS enpoint handling (#3416) 2017-11-06 13:31:38 -05:00
Jeff Mitchell
33cf98026e Add PKCS8 marshaling to PKI (#3518) 2017-11-06 12:05:07 -05:00
Nicolas Corrarello
d1e3eff618 Refactored Lease into the Backend configuration 2017-11-06 15:09:56 +00:00
Nicolas Corrarello
6560e3c24a Attaching secretToken to backend 2017-11-06 14:28:30 +00:00
Calvin Leung Huang
ca76bc4f44 Return role info for each role on pathRoleList (#3532) 
* Return role info for each role on pathRoleList

* Change roles -> key_info, only return key_type

* Do not initialize result map in parseRole, refactor ListResponseWithInfo

* Add role list test
 2017-11-03 17:12:03 -04:00
Jeff Mitchell
8004f052da Add some more SealWrap declarations (#3531) 2017-11-03 11:43:31 -04:00
Vishal Nayak
ced60dbc0c Encrypt/Decrypt/Sign/Verify using RSA in Transit backend (#3489) 
* encrypt/decrypt/sign/verify RSA

* update path-help and doc

* Fix the bug which was breaking convergent encryption

* support both 2048 and 4096

* update doc to contain both 2048 and 4096

* Add test for encrypt, decrypt and rotate on RSA keys

* Support exporting RSA keys

* Add sign and verify test steps

* Remove 'RSA' from PEM header

* use the default salt length

* Add 'RSA' to PEM header since openssl is expecting that

* export rsa keys as signing-key as well

* Comment the reasoning behind the PEM headers

* remove comment

* update comment

* Parameterize hashing for RSA signing and verification

* Added test steps to check hash algo choice for RSA sign/verify

* fix test by using 'prehashed'
 2017-11-03 10:45:53 -04:00
Nicolas Corrarello
7015139ece Not storing the Nomad token as we have the accesor for administrative operations 2017-11-03 07:25:47 +00:00
Nicolas Corrarello
f3aaacc3fc Overhauling the client method and attaching it to the backend 2017-11-03 07:19:49 +00:00
Jeff Mitchell
87e98dce23 Check input size to avoid a panic (#3521) 2017-11-02 16:40:52 -05:00
Nicolas Corrarello
ca92922a91 Refactoring readAcessConfig to return a single type of error instead of two 2017-11-01 08:49:31 +00:00
Nicolas Corrarello
dcaec0a880 Refactored config error to just have a single error exit path 2017-11-01 08:41:58 +00:00
Nicolas Corrarello
c4bf80c84f Ignoring userErr as it will be nil anyway 2017-11-01 07:41:58 +00:00
Nicolas Corrarello
5d3513b568 tokenType can never be nil/empty string as there are default values 2017-11-01 07:36:14 +00:00
Nicolas Corrarello
ffb9343f5f Should return an error if trying create a management token with policies attached 2017-10-31 21:12:14 +00:00
Nicolas Corrarello
3a0d7ac9a6 Unifying Storage and API path in role 2017-10-31 21:06:10 +00:00
Nicolas Corrarello
482d73aebe Minor/Cosmetic fixes 2017-10-31 19:11:24 +00:00
Brian Kassouf
4121791cb9 Add the ability to glob allowed roles in the Database Backend (#3387) 
* Add the ability to glob allowed roles in the Database Backend

* Make the error messages better

* Switch to the go-glob repo
 2017-10-30 13:24:25 -07:00
Jeff Mitchell
3e81fe4c62 Simplify TTL/MaxTTL logic in SSH CA paths and sane with the rest of how (#3507) 
Vault parses/returns TTLs.
 2017-10-30 15:05:47 -05:00
Jeff Mitchell
6cfdd7b40c Rejig some error messages in pki 2017-10-27 12:02:18 -04:00
Jeff Mitchell
cd6d67d84b Final sync 2017-10-23 17:39:21 -04:00
Vishal Nayak
a5e0e42b6a return the actual error for base64 decoding failure (#3397) 2017-10-20 11:21:45 -04:00
Jeremy Voorhis
333bd83a3f Implement signing of pre-hashed data (#3448) 
Transit backend sign and verify endpoints now support algorithm=none
 2017-10-11 11:48:51 -04:00
Jeff Mitchell
04e8d163ba Allow entering PKI URLs as arrays. (#3409) 
Fixes #3407
 2017-10-03 16:13:57 -04:00
Nicolas Corrarello
222b9d1c52 Removing ignore to cleanup function 2017-09-29 09:35:17 +01:00
Nicolas Corrarello
7e5c465ecb Working tests 2017-09-29 09:33:58 +01:00