Commit graph

30 commits

Author SHA1 Message Date
Alex Dadgar d3012f1447 Fix Vault Client panic when given nonexistant role
The Vault API returns a nil secret and nil error when reading an object
that doesn't exist. The old code assumed an error would be returned and
thus will panic when trying to validate a non-existant role.
2017-05-16 12:59:58 -04:00
Alex Dadgar e21792091a remove leading slash on vault path 2017-02-28 14:03:18 -08:00
Alex Dadgar 8bfc4255eb Add server metrics 2017-02-14 16:02:18 -08:00
Alex Dadgar 15ffdff497 Vault Client on Server handles SIGHUP
This PR allows the Vault client on the server to handle a SIGHUP. This
allows updating the Vault token and any other configuration without
downtime.
2017-02-01 14:24:10 -08:00
Alex Dadgar 94ed50aa59 Prefer looking up using self path and remove checking for default policy 2017-01-23 11:46:27 -08:00
Alex Dadgar 442d775fb2 Test new functionality 2017-01-21 17:33:35 -08:00
Alex Dadgar 76dbc4aee1 verify we can renew ourselves 2017-01-20 14:23:50 -08:00
Alex Dadgar faa50b851e Cleanup errors/comments 2017-01-20 10:26:25 -08:00
Alex Dadgar 7d1ec25d09 Test pass 2017-01-20 10:06:47 -08:00
Alex Dadgar ace50cfa19 closer on the tests 2017-01-19 17:21:46 -08:00
Alex Dadgar fb86904902 Check capabilities, allow creation against role
Check the capabilities of the Vault token to ensure it is valid and also
allow targetting of a role that the token is not from.
2017-01-19 13:40:32 -08:00
Alex Dadgar 822e32de6d Fix error checking 2016-11-08 11:04:11 -08:00
Alex Dadgar fde7a24865 Consul-template fixes + PreviousAlloc in api 2016-10-28 15:50:35 -07:00
Alex Dadgar d3649f5d98 check period 2016-10-25 14:37:54 -07:00
Alex Dadgar 3d04efb21f Validate the Vault role being used 2016-10-24 16:53:47 -07:00
Alex Dadgar ede3a814ba Small fixes 2016-10-22 18:20:50 -07:00
Alex Dadgar 0070178741 Thread through whether DeriveToken error is recoverable or not 2016-10-22 18:08:30 -07:00
Alex Dadgar 751aa114bf Fix Vault parsing of booleans 2016-10-10 18:04:39 -07:00
Alex Dadgar d64ef28c39 Handle the various valid root cases 2016-09-21 17:30:57 -07:00
Alex Dadgar f99d84d2c3 Renew root tokens where applicable 2016-09-21 16:49:15 -07:00
Alex Dadgar 6702a29071 Vault token threaded 2016-09-14 13:30:01 -07:00
Alex Dadgar 6047414fb9 address comments 2016-08-31 14:10:33 -07:00
Alex Dadgar 48696ba0cc Use tomb to shutdown
Token revocation

Remove from the statestore

Revoke tokens

Don't error when Vault is disabled as this could cause issue if the operator ever goes from enabled to disabled

update server interface to allow enable/disable and config loading

test the new functions

Leader revoke

Use active
2016-08-28 14:06:25 -07:00
Alex Dadgar 19be6b57b2 fixes 2016-08-19 20:02:32 -07:00
Alex Dadgar 123a26ffea Rate limiting 2016-08-19 16:40:37 -07:00
Alex Dadgar 94b870a58b Start 2016-08-19 16:40:37 -07:00
Alex Dadgar f9f019fa62 LookupToken 2016-08-17 16:25:38 -07:00
Alex Dadgar a8efce874f Token renewal and beginning of tests 2016-08-17 16:25:38 -07:00
Alex Dadgar 713e310670 Renew loop 2016-08-17 16:25:38 -07:00
Alex Dadgar 750a44b2c0 Create a Vault interface for the server 2016-08-17 16:25:38 -07:00