Preetha Appan
9d3980b253
update comment
2018-03-09 08:56:54 -06:00
Preetha Appan
c6b975428b
Always retry on token validation instead of special casing vault sealing
2018-03-08 20:27:49 -06:00
Preetha Appan
4421025372
Retry when vault is sealed
2018-03-08 16:53:54 -06:00
Alex Dadgar
4173834231
Enable more linters
2017-09-26 15:26:33 -07:00
Luke Farnell
f0ced87b95
fixed all spelling mistakes for goreport
2017-08-07 17:13:05 -04:00
Alex Dadgar
d3012f1447
Fix Vault Client panic when given nonexistant role
...
The Vault API returns a nil secret and nil error when reading an object
that doesn't exist. The old code assumed an error would be returned and
thus will panic when trying to validate a non-existant role.
2017-05-16 12:59:58 -04:00
Alex Dadgar
e21792091a
remove leading slash on vault path
2017-02-28 14:03:18 -08:00
Alex Dadgar
8bfc4255eb
Add server metrics
2017-02-14 16:02:18 -08:00
Alex Dadgar
15ffdff497
Vault Client on Server handles SIGHUP
...
This PR allows the Vault client on the server to handle a SIGHUP. This
allows updating the Vault token and any other configuration without
downtime.
2017-02-01 14:24:10 -08:00
Alex Dadgar
94ed50aa59
Prefer looking up using self path and remove checking for default policy
2017-01-23 11:46:27 -08:00
Alex Dadgar
442d775fb2
Test new functionality
2017-01-21 17:33:35 -08:00
Alex Dadgar
76dbc4aee1
verify we can renew ourselves
2017-01-20 14:23:50 -08:00
Alex Dadgar
faa50b851e
Cleanup errors/comments
2017-01-20 10:26:25 -08:00
Alex Dadgar
7d1ec25d09
Test pass
2017-01-20 10:06:47 -08:00
Alex Dadgar
ace50cfa19
closer on the tests
2017-01-19 17:21:46 -08:00
Alex Dadgar
fb86904902
Check capabilities, allow creation against role
...
Check the capabilities of the Vault token to ensure it is valid and also
allow targetting of a role that the token is not from.
2017-01-19 13:40:32 -08:00
Alex Dadgar
822e32de6d
Fix error checking
2016-11-08 11:04:11 -08:00
Alex Dadgar
fde7a24865
Consul-template fixes + PreviousAlloc in api
2016-10-28 15:50:35 -07:00
Alex Dadgar
d3649f5d98
check period
2016-10-25 14:37:54 -07:00
Alex Dadgar
3d04efb21f
Validate the Vault role being used
2016-10-24 16:53:47 -07:00
Alex Dadgar
ede3a814ba
Small fixes
2016-10-22 18:20:50 -07:00
Alex Dadgar
0070178741
Thread through whether DeriveToken error is recoverable or not
2016-10-22 18:08:30 -07:00
Alex Dadgar
751aa114bf
Fix Vault parsing of booleans
2016-10-10 18:04:39 -07:00
Alex Dadgar
d64ef28c39
Handle the various valid root cases
2016-09-21 17:30:57 -07:00
Alex Dadgar
f99d84d2c3
Renew root tokens where applicable
2016-09-21 16:49:15 -07:00
Alex Dadgar
6702a29071
Vault token threaded
2016-09-14 13:30:01 -07:00
Alex Dadgar
6047414fb9
address comments
2016-08-31 14:10:33 -07:00
Alex Dadgar
48696ba0cc
Use tomb to shutdown
...
Token revocation
Remove from the statestore
Revoke tokens
Don't error when Vault is disabled as this could cause issue if the operator ever goes from enabled to disabled
update server interface to allow enable/disable and config loading
test the new functions
Leader revoke
Use active
2016-08-28 14:06:25 -07:00
Alex Dadgar
19be6b57b2
fixes
2016-08-19 20:02:32 -07:00
Alex Dadgar
123a26ffea
Rate limiting
2016-08-19 16:40:37 -07:00
Alex Dadgar
94b870a58b
Start
2016-08-19 16:40:37 -07:00
Alex Dadgar
f9f019fa62
LookupToken
2016-08-17 16:25:38 -07:00
Alex Dadgar
a8efce874f
Token renewal and beginning of tests
2016-08-17 16:25:38 -07:00
Alex Dadgar
713e310670
Renew loop
2016-08-17 16:25:38 -07:00
Alex Dadgar
750a44b2c0
Create a Vault interface for the server
2016-08-17 16:25:38 -07:00