luxolus
/
open-vault
2
0
Fork 0
Code Issues 1 Pull Requests Releases Activity
open-vault/vault/logical_system.go

3218 lines
92 KiB
Go
Raw Normal View History

vault: convert system to logical.Backend
2015-03-15 21:42:05 +00:00
package vault
import (
copying general purpose tools from transit backend to /sys/tools (#3391)
2017-10-20 14:59:17 +00:00
"crypto/sha256"
"crypto/sha512"
Provide base64 keys in addition to hex encoded. (#1734) * Provide base64 keys in addition to hex encoded. Accept these at unseal/rekey time. Also fix a bug where backup would not be honored when doing a rekey with no operation currently ongoing.
2016-08-15 20:01:15 +00:00
"encoding/base64"
"encoding/hex"
Wrapping enhancements (#1927)
2016-09-29 04:01:28 +00:00
"encoding/json"
vault: prevent raw access to protected paths
2015-05-28 17:24:41 +00:00
"fmt"
copying general purpose tools from transit backend to /sys/tools (#3391)
2017-10-20 14:59:17 +00:00
"hash"
"strconv"
vault: convert system to logical.Backend
2015-03-15 21:42:05 +00:00
"strings"
Properly persist auth mount tuning
2016-05-03 18:24:04 +00:00
"sync"
vault: Testing sys/renew
2015-03-16 23:11:55 +00:00
"time"
vault: convert system to logical.Backend
2015-03-15 21:42:05 +00:00
Backend plugin system (#2874) * Add backend plugin changes * Fix totp backend plugin tests * Fix logical/plugin InvalidateKey test * Fix plugin catalog CRUD test, fix NoopBackend * Clean up commented code block * Fix system backend mount test * Set plugin_name to omitempty, fix handleMountTable config parsing * Clean up comments, keep shim connections alive until cleanup * Include pluginClient, disallow LookupPlugin call from within a plugin * Add wrapper around backendPluginClient for proper cleanup * Add logger shim tests * Add logger, storage, and system shim tests * Use pointer receivers for system view shim * Use plugin name if no path is provided on mount * Enable plugins for auth backends * Add backend type attribute, move builtin/plugin/package * Fix merge conflict * Fix missing plugin name in mount config * Add integration tests on enabling auth backend plugins * Remove dependency cycle on mock-plugin * Add passthrough backend plugin, use logical.BackendType to determine lease generation * Remove vault package dependency on passthrough package * Add basic impl test for passthrough plugin * Incorporate feedback; set b.backend after shims creation on backendPluginServer * Fix totp plugin test * Add plugin backends docs * Fix tests * Fix builtin/plugin tests * Remove flatten from PluginRunner fields * Move mock plugin to logical/plugin, remove totp and passthrough plugins * Move pluginMap into newPluginClient * Do not create storage RPC connection on HandleRequest and HandleExistenceCheck * Change shim logger's Fatal to no-op * Change BackendType to uint32, match UX backend types * Change framework.Backend Setup signature * Add Setup func to logical.Backend interface * Move OptionallyEnableMlock call into plugin.Serve, update docs and comments * Remove commented var in plugin package * RegisterLicense on logical.Backend interface (#3017) * Add RegisterLicense to logical.Backend interface * Update RegisterLicense to use callback func on framework.Backend * Refactor framework.Backend.RegisterLicense * plugin: Prevent plugin.SystemViewClient.ResponseWrapData from getting JWTs * plugin: Revert BackendType to remove TypePassthrough and related references * Fix typo in plugin backends docs
2017-07-20 17:28:40 +00:00
"github.com/fatih/structs"
copying general purpose tools from transit backend to /sys/tools (#3391)
2017-10-20 14:59:17 +00:00
uuid "github.com/hashicorp/go-uuid"
More porting from rep (#2388) * More porting from rep * Address review feedback
2017-02-16 21:29:30 +00:00
"github.com/hashicorp/vault/helper/consts"
Rename helper 'duration' to 'parseutil'. (#2449) Add a ParseBool function that accepts various kinds of ways of specifying booleans. Have config use ParseBool for UI and disabling mlock/cache.
2017-03-07 16:21:22 +00:00
"github.com/hashicorp/vault/helper/parseutil"
Update the ResponseWrapData function to return a wrapping.ResponseWrapInfo object
2017-04-24 19:15:01 +00:00
"github.com/hashicorp/vault/helper/wrapping"
vault: convert system to logical.Backend
2015-03-15 21:42:05 +00:00
"github.com/hashicorp/vault/logical"
vault: system using the framework
2015-03-16 00:35:59 +00:00
"github.com/hashicorp/vault/logical/framework"
Plumb per-mount config options through API
2015-08-31 18:27:49 +00:00
"github.com/mitchellh/mapstructure"
vault: convert system to logical.Backend
2015-03-15 21:42:05 +00:00
)
vault: prevent raw access to protected paths
2015-05-28 17:24:41 +00:00
var (
// protectedPaths cannot be accessed via the raw APIs.
// This is both for security and to prevent disrupting Vault.
protectedPaths = []string{
Disable the `sys/raw` endpoint by default (#3329) * disable raw endpoint by default * adding docs * config option raw -> raw_storage_endpoint * docs updates * adding listing on raw endpoint * reworking tests for enabled raw endpoints * root protecting base raw endpoint
2017-09-15 04:21:35 +00:00
keyringPath,
vault: prevent raw access to protected paths
2015-05-28 17:24:41 +00:00
}
More porting from rep (#2389) * More porting from rep * Address feedback
2017-02-17 01:13:19 +00:00
Fix rep path fetching method into a function
2017-02-17 04:23:21 +00:00
replicationPaths = func(b *SystemBackend) []*framework.Path {
return []*framework.Path{
&framework.Path{
Pattern: "replication/status",
Callbacks: map[logical.Operation]framework.OperationFunc{
logical.ReadOperation: func(req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
var state consts.ReplicationState
resp := &logical.Response{
Data: map[string]interface{}{
"mode": state.String(),
},
}
return resp, nil
},
More porting from rep (#2389) * More porting from rep * Address feedback
2017-02-17 01:13:19 +00:00
},
},
Fix rep path fetching method into a function
2017-02-17 04:23:21 +00:00
}
More porting from rep (#2389) * More porting from rep * Address feedback
2017-02-17 01:13:19 +00:00
}
vault: prevent raw access to protected paths
2015-05-28 17:24:41 +00:00
)
Fix up CORS. Ref #2021
2017-06-17 05:26:25 +00:00
func NewSystemBackend(core *Core) *SystemBackend {
Add some plumbing to allow specified system configuration information to be retrieved by logical backends. First implemented is default/max TTL.
2015-08-27 15:51:35 +00:00
b := &SystemBackend{
Core: core,
}
Push a lot of logic into Router to make a bunch of it nicer and enable a lot of cleanup. Plumb config and calls to framework.Backend.Setup() into logical_system and elsewhere, including tests.
2015-09-04 20:58:12 +00:00
vault: Adding more logging
2015-05-16 00:19:32 +00:00
b.Backend = &framework.Backend{
logical/framework: make help look nicer
2015-04-04 04:00:23 +00:00
Help: strings.TrimSpace(sysHelpRoot),
logical: move cred stuff over here
2015-03-31 00:46:18 +00:00
PathsSpecial: &logical.Paths{
Root: []string{
"auth/*",
"remount",
vault: Adding sys/ paths to enable/disable audit backends
2015-03-31 23:45:00 +00:00
"audit",
"audit/*",
Disable the `sys/raw` endpoint by default (#3329) * disable raw endpoint by default * adding docs * config option raw -> raw_storage_endpoint * docs updates * adding listing on raw endpoint * reworking tests for enabled raw endpoints * root protecting base raw endpoint
2017-09-15 04:21:35 +00:00
"raw",
vault: Adding the raw/ endpoints to sys
2015-04-02 00:44:43 +00:00
"raw/*",
More porting from rep (#2388) * More porting from rep * Address review feedback
2017-02-16 21:29:30 +00:00
"replication/primary/secondary-token",
Make reindex a root path as well
2017-02-17 04:36:06 +00:00
"replication/reindex",
vault: adding sys/key-status and sys/rotate
2015-05-28 00:53:42 +00:00
"rotate",
Fix up CORS. Ref #2021
2017-06-17 05:26:25 +00:00
"config/cors",
Configure the request headers that are output to the audit log (#2321) * Add /sys/config/audited-headers endpoint for configuring the headers that will be audited * Remove some debug lines * Add a persistant layer and refactor a bit * update the api endpoints to be more restful * Add comments and clean up a few functions * Remove unneeded hash structure functionaility * Fix existing tests * Add tests * Add test for Applying the header config * Add Benchmark for the ApplyConfig method * ResetTimer on the benchmark: * Update the headers comment * Add test for audit broker * Use hyphens instead of camel case * Add size paramater to the allocation of the result map * Fix the tests for the audit broker * PR feedback * update the path and permissions on config/* paths * Add docs file * Fix TestSystemBackend_RootPaths test
2017-02-02 19:49:20 +00:00
"config/auditing/*",
Update path for the plugin catalog in logical system
2017-04-24 18:35:32 +00:00
"plugins/catalog/*",
Add the ability to view and list of leases metadata (#2650)
2017-05-04 02:03:42 +00:00
"revoke-prefix/*",
root protect /sys/revoke-force/* (#2876)
2017-07-25 15:59:43 +00:00
"revoke-force/*",
Add the ability to view and list of leases metadata (#2650)
2017-05-04 02:03:42 +00:00
"leases/revoke-prefix/*",
"leases/revoke-force/*",
"leases/lookup/*",
logical: move cred stuff over here
2015-03-31 00:46:18 +00:00
},
JWT wrapping tokens (#2172)
2017-01-04 21:44:03 +00:00
Unauthenticated: []string{
Make sys/wrapping/lookup unauthenticated. (#3084) We still perform validation on the token, so if the call makes it through to this endpoint it's got a valid token (either explicitly specified in data or as the request token). But this allows introspection for sanity/safety checking without revoking the token in the process.
2017-07-31 20:16:16 +00:00
"wrapping/lookup",
JWT wrapping tokens (#2172)
2017-01-04 21:44:03 +00:00
"wrapping/pubkey",
More porting from rep (#2388) * More porting from rep * Address review feedback
2017-02-16 21:29:30 +00:00
"replication/status",
JWT wrapping tokens (#2172)
2017-01-04 21:44:03 +00:00
},
vault: system using the framework
2015-03-16 00:35:59 +00:00
},
Paths: []*framework.Path{
Move capabilities accessor logic to logical_system
2016-03-17 16:55:38 +00:00
&framework.Path{
Pattern: "capabilities-accessor$",
Fields: map[string]*framework.FieldSchema{
"accessor": &framework.FieldSchema{
Type: framework.TypeString,
Fix help descriptions
2016-03-17 19:23:36 +00:00
Description: "Accessor of the token for which capabilities are being queried.",
Move capabilities accessor logic to logical_system
2016-03-17 16:55:38 +00:00
},
"path": &framework.FieldSchema{
Type: framework.TypeString,
Fix help descriptions
2016-03-17 19:23:36 +00:00
Description: "Path on which capabilities are being queried.",
Move capabilities accessor logic to logical_system
2016-03-17 16:55:38 +00:00
},
},
Callbacks: map[logical.Operation]framework.OperationFunc{
Move sys/capabilities to logical_system along with business logic from core
2016-03-17 17:33:49 +00:00
logical.UpdateOperation: b.handleCapabilitiesAccessor,
Move capabilities accessor logic to logical_system
2016-03-17 16:55:38 +00:00
},
Fix help descriptions
2016-03-17 19:23:36 +00:00
HelpSynopsis: strings.TrimSpace(sysHelp["capabilities_accessor"][0]),
Removed http/sys_capabilties_test.go
2016-03-18 03:01:28 +00:00
HelpDescription: strings.TrimSpace(sysHelp["capabilities_accessor"][1]),
Move capabilities accessor logic to logical_system
2016-03-17 16:55:38 +00:00
},
Removed http/sys_capabilties_test.go
2016-03-18 03:01:28 +00:00
Cors headers (#2021)
2017-06-17 04:04:55 +00:00
&framework.Path{
Pattern: "config/cors$",
Fields: map[string]*framework.FieldSchema{
"enable": &framework.FieldSchema{
Type: framework.TypeBool,
Description: "Enables or disables CORS headers on requests.",
},
"allowed_origins": &framework.FieldSchema{
Type: framework.TypeCommaStringSlice,
Fix up CORS. Ref #2021
2017-06-17 05:26:25 +00:00
Description: "A comma-separated string or array of strings indicating origins that may make cross-origin requests.",
Cors headers (#2021)
2017-06-17 04:04:55 +00:00
},
Set allowed headers via API instead of defaulting to wildcard. (#3023)
2017-08-07 14:03:30 +00:00
"allowed_headers": &framework.FieldSchema{
Type: framework.TypeCommaStringSlice,
Description: "A comma-separated string or array of strings indicating headers that are allowed on cross-origin requests.",
},
Cors headers (#2021)
2017-06-17 04:04:55 +00:00
},
Callbacks: map[logical.Operation]framework.OperationFunc{
logical.ReadOperation: b.handleCORSRead,
logical.UpdateOperation: b.handleCORSUpdate,
logical.DeleteOperation: b.handleCORSDelete,
},
HelpDescription: strings.TrimSpace(sysHelp["config/cors"][0]),
HelpSynopsis: strings.TrimSpace(sysHelp["config/cors"][1]),
},
Move sys/capabilities to logical_system along with business logic from core
2016-03-17 17:33:49 +00:00
&framework.Path{
Pattern: "capabilities$",
Add separate path for capabilities-self to enable ACL
2016-03-18 02:52:03 +00:00
Fields: map[string]*framework.FieldSchema{
"token": &framework.FieldSchema{
Type: framework.TypeString,
Description: "Token for which capabilities are being queried.",
},
"path": &framework.FieldSchema{
Type: framework.TypeString,
Description: "Path on which capabilities are being queried.",
},
},
Callbacks: map[logical.Operation]framework.OperationFunc{
logical.UpdateOperation: b.handleCapabilities,
},
HelpSynopsis: strings.TrimSpace(sysHelp["capabilities"][0]),
Removed http/sys_capabilties_test.go
2016-03-18 03:01:28 +00:00
HelpDescription: strings.TrimSpace(sysHelp["capabilities"][1]),
Add separate path for capabilities-self to enable ACL
2016-03-18 02:52:03 +00:00
},
Add missing path-helps and clarify subpaths in tables
2016-04-13 21:15:54 +00:00
Add separate path for capabilities-self to enable ACL
2016-03-18 02:52:03 +00:00
&framework.Path{
Pattern: "capabilities-self$",
Move sys/capabilities to logical_system along with business logic from core
2016-03-17 17:33:49 +00:00
Fields: map[string]*framework.FieldSchema{
"token": &framework.FieldSchema{
Type: framework.TypeString,
Fix help descriptions
2016-03-17 19:23:36 +00:00
Description: "Token for which capabilities are being queried.",
Move sys/capabilities to logical_system along with business logic from core
2016-03-17 17:33:49 +00:00
},
"path": &framework.FieldSchema{
Type: framework.TypeString,
Fix help descriptions
2016-03-17 19:23:36 +00:00
Description: "Path on which capabilities are being queried.",
Move sys/capabilities to logical_system along with business logic from core
2016-03-17 17:33:49 +00:00
},
},
Callbacks: map[logical.Operation]framework.OperationFunc{
logical.UpdateOperation: b.handleCapabilities,
},
Removed http/sys_capabilties_test.go
2016-03-18 03:01:28 +00:00
HelpSynopsis: strings.TrimSpace(sysHelp["capabilities_self"][0]),
HelpDescription: strings.TrimSpace(sysHelp["capabilities_self"][1]),
Move sys/capabilities to logical_system along with business logic from core
2016-03-17 17:33:49 +00:00
},
Move capabilities accessor logic to logical_system
2016-03-17 16:55:38 +00:00
Add missing path-helps and clarify subpaths in tables
2016-04-13 21:15:54 +00:00
&framework.Path{
Pattern: "generate-root(/attempt)?$",
HelpSynopsis: strings.TrimSpace(sysHelp["generate-root"][0]),
HelpDescription: strings.TrimSpace(sysHelp["generate-root"][1]),
},
&framework.Path{
Pattern: "init$",
HelpSynopsis: strings.TrimSpace(sysHelp["init"][0]),
HelpDescription: strings.TrimSpace(sysHelp["init"][1]),
},
Add rekey nonce/backup.
2015-12-16 21:56:15 +00:00
&framework.Path{
Pattern: "rekey/backup$",
Fields: map[string]*framework.FieldSchema{},
Callbacks: map[logical.Operation]framework.OperationFunc{
SealInterface
2016-04-04 14:44:22 +00:00
logical.ReadOperation: b.handleRekeyRetrieveBarrier,
logical.DeleteOperation: b.handleRekeyDeleteBarrier,
},
HelpSynopsis: strings.TrimSpace(sysHelp["rekey_backup"][0]),
HelpDescription: strings.TrimSpace(sysHelp["rekey_backup"][0]),
},
&framework.Path{
Pattern: "rekey/recovery-key-backup$",
Fields: map[string]*framework.FieldSchema{},
Callbacks: map[logical.Operation]framework.OperationFunc{
logical.ReadOperation: b.handleRekeyRetrieveRecovery,
logical.DeleteOperation: b.handleRekeyDeleteRecovery,
Add rekey nonce/backup.
2015-12-16 21:56:15 +00:00
},
Fix path help description for rekey_backup
2016-03-10 02:04:54 +00:00
HelpSynopsis: strings.TrimSpace(sysHelp["rekey_backup"][0]),
HelpDescription: strings.TrimSpace(sysHelp["rekey_backup"][0]),
Add rekey nonce/backup.
2015-12-16 21:56:15 +00:00
},
Added 'sys/auth/<path>/tune' endpoints. Displaying 'Default TTL' and 'Max TTL' in the output of 'vault auth -methods'
2016-06-15 16:35:30 +00:00
&framework.Path{
Pattern: "auth/(?P<path>.+?)/tune$",
Fields: map[string]*framework.FieldSchema{
"path": &framework.FieldSchema{
Type: framework.TypeString,
Description: strings.TrimSpace(sysHelp["auth_tune"][0]),
},
"default_lease_ttl": &framework.FieldSchema{
Type: framework.TypeString,
Description: strings.TrimSpace(sysHelp["tune_default_lease_ttl"][0]),
},
"max_lease_ttl": &framework.FieldSchema{
Type: framework.TypeString,
Description: strings.TrimSpace(sysHelp["tune_max_lease_ttl"][0]),
},
Simplify a lot of the mount tuning code (#3285)
2017-09-05 14:57:25 +00:00
"description": &framework.FieldSchema{
Type: framework.TypeString,
Description: strings.TrimSpace(sysHelp["auth_desc"][0]),
},
Added 'sys/auth/<path>/tune' endpoints. Displaying 'Default TTL' and 'Max TTL' in the output of 'vault auth -methods'
2016-06-15 16:35:30 +00:00
},
Callbacks: map[logical.Operation]framework.OperationFunc{
logical.ReadOperation: b.handleAuthTuneRead,
logical.UpdateOperation: b.handleAuthTuneWrite,
},
HelpSynopsis: strings.TrimSpace(sysHelp["auth_tune"][0]),
HelpDescription: strings.TrimSpace(sysHelp["auth_tune"][1]),
},
vault: system using the framework
2015-03-16 00:35:59 +00:00
&framework.Path{
Rejig how dynamic values are represented in system view and location of some functions in various packages; create mount-tune command and API analogues; update documentation
2015-09-02 19:56:58 +00:00
Pattern: "mounts/(?P<path>.+?)/tune$",
vault: system using the framework
2015-03-16 00:35:59 +00:00
Fields: map[string]*framework.FieldSchema{
"path": &framework.FieldSchema{
Type: framework.TypeString,
Description: strings.TrimSpace(sysHelp["mount_path"][0]),
},
Address items from feedback. Make MountConfig use values rather than pointers and change how config is read to compensate.
2015-09-09 19:24:45 +00:00
"default_lease_ttl": &framework.FieldSchema{
Switch per-mount values to strings going in and seconds coming out, like other commands. Indicate deprecation of 'lease' in the token backend.
2015-09-25 13:46:20 +00:00
Type: framework.TypeString,
Address items from feedback. Make MountConfig use values rather than pointers and change how config is read to compensate.
2015-09-09 19:24:45 +00:00
Description: strings.TrimSpace(sysHelp["tune_default_lease_ttl"][0]),
},
"max_lease_ttl": &framework.FieldSchema{
Switch per-mount values to strings going in and seconds coming out, like other commands. Indicate deprecation of 'lease' in the token backend.
2015-09-25 13:46:20 +00:00
Type: framework.TypeString,
Address items from feedback. Make MountConfig use values rather than pointers and change how config is read to compensate.
2015-09-09 19:24:45 +00:00
Description: strings.TrimSpace(sysHelp["tune_max_lease_ttl"][0]),
Rejig how dynamic values are represented in system view and location of some functions in various packages; create mount-tune command and API analogues; update documentation
2015-09-02 19:56:58 +00:00
},
Simplify a lot of the mount tuning code (#3285)
2017-09-05 14:57:25 +00:00
"description": &framework.FieldSchema{
Type: framework.TypeString,
Description: strings.TrimSpace(sysHelp["auth_desc"][0]),
},
Rejig how dynamic values are represented in system view and location of some functions in various packages; create mount-tune command and API analogues; update documentation
2015-09-02 19:56:58 +00:00
},
Callbacks: map[logical.Operation]framework.OperationFunc{
Create more granular ACL capabilities. This commit splits ACL policies into more fine-grained capabilities. This both drastically simplifies the checking code and makes it possible to support needed workflows that are not possible with the previous method. It is backwards compatible; policies containing a "policy" string are simply converted to a set of capabilities matching previous behavior. Fixes #724 (and others).
2016-01-07 20:10:05 +00:00
logical.ReadOperation: b.handleMountTuneRead,
WriteOperation -> UpdateOperation
2016-01-07 15:30:47 +00:00
logical.UpdateOperation: b.handleMountTuneWrite,
Rejig how dynamic values are represented in system view and location of some functions in various packages; create mount-tune command and API analogues; update documentation
2015-09-02 19:56:58 +00:00
},
HelpSynopsis: strings.TrimSpace(sysHelp["mount_tune"][0]),
HelpDescription: strings.TrimSpace(sysHelp["mount_tune"][1]),
},
&framework.Path{
Pattern: "mounts/(?P<path>.+?)",
vault: system using the framework
2015-03-16 00:35:59 +00:00
Rejig how dynamic values are represented in system view and location of some functions in various packages; create mount-tune command and API analogues; update documentation
2015-09-02 19:56:58 +00:00
Fields: map[string]*framework.FieldSchema{
"path": &framework.FieldSchema{
Type: framework.TypeString,
Description: strings.TrimSpace(sysHelp["mount_path"][0]),
},
vault: system using the framework
2015-03-16 00:35:59 +00:00
"type": &framework.FieldSchema{
Type: framework.TypeString,
Description: strings.TrimSpace(sysHelp["mount_type"][0]),
},
"description": &framework.FieldSchema{
Type: framework.TypeString,
Description: strings.TrimSpace(sysHelp["mount_desc"][0]),
},
Plumb per-mount config options through API
2015-08-31 18:27:49 +00:00
"config": &framework.FieldSchema{
Type: framework.TypeMap,
Description: strings.TrimSpace(sysHelp["mount_config"][0]),
},
More porting from rep (#2388) * More porting from rep * Address review feedback
2017-02-16 21:29:30 +00:00
"local": &framework.FieldSchema{
Type: framework.TypeBool,
Default: false,
Description: strings.TrimSpace(sysHelp["mount_local"][0]),
},
Normalize plugin_name option for mount and enable-auth (#3202)
2017-08-31 16:16:59 +00:00
"plugin_name": &framework.FieldSchema{
Type: framework.TypeString,
Description: strings.TrimSpace(sysHelp["mount_plugin_name"][0]),
},
vault: system using the framework
2015-03-16 00:35:59 +00:00
},
Callbacks: map[logical.Operation]framework.OperationFunc{
Create more granular ACL capabilities. This commit splits ACL policies into more fine-grained capabilities. This both drastically simplifies the checking code and makes it possible to support needed workflows that are not possible with the previous method. It is backwards compatible; policies containing a "policy" string are simply converted to a set of capabilities matching previous behavior. Fixes #724 (and others).
2016-01-07 20:10:05 +00:00
logical.UpdateOperation: b.handleMount,
vault: system using the framework
2015-03-16 00:35:59 +00:00
logical.DeleteOperation: b.handleUnmount,
},
HelpSynopsis: strings.TrimSpace(sysHelp["mount"][0]),
HelpDescription: strings.TrimSpace(sysHelp["mount"][1]),
},
Fix mount config test by proxying mounts/ in addition to mounts
2015-09-03 12:54:59 +00:00
&framework.Path{
Pattern: "mounts$",
Callbacks: map[logical.Operation]framework.OperationFunc{
logical.ReadOperation: b.handleMountTable,
},
HelpSynopsis: strings.TrimSpace(sysHelp["mounts"][0]),
HelpDescription: strings.TrimSpace(sysHelp["mounts"][1]),
},
vault: system using the framework
2015-03-16 00:35:59 +00:00
&framework.Path{
Pattern: "remount",
vault: convert to new callback style
2015-03-19 14:05:22 +00:00
Fields: map[string]*framework.FieldSchema{
"from": &framework.FieldSchema{
Type: framework.TypeString,
Add missing path-helps and clarify subpaths in tables
2016-04-13 21:15:54 +00:00
Description: "The previous mount point.",
vault: convert to new callback style
2015-03-19 14:05:22 +00:00
},
"to": &framework.FieldSchema{
Type: framework.TypeString,
Add missing path-helps and clarify subpaths in tables
2016-04-13 21:15:54 +00:00
Description: "The new mount point.",
vault: convert to new callback style
2015-03-19 14:05:22 +00:00
},
},
vault: system using the framework
2015-03-16 00:35:59 +00:00
Callbacks: map[logical.Operation]framework.OperationFunc{
WriteOperation -> UpdateOperation
2016-01-07 15:30:47 +00:00
logical.UpdateOperation: b.handleRemount,
vault: system using the framework
2015-03-16 00:35:59 +00:00
},
HelpSynopsis: strings.TrimSpace(sysHelp["remount"][0]),
HelpDescription: strings.TrimSpace(sysHelp["remount"][1]),
},
vault: Testing sys/renew
2015-03-16 23:11:55 +00:00
&framework.Path{
Add the ability to view and list of leases metadata (#2650)
2017-05-04 02:03:42 +00:00
Pattern: "leases/lookup/(?P<prefix>.+?)?",
Fields: map[string]*framework.FieldSchema{
"prefix": &framework.FieldSchema{
Type: framework.TypeString,
Description: strings.TrimSpace(sysHelp["leases-list-prefix"][0]),
},
},
Callbacks: map[logical.Operation]framework.OperationFunc{
logical.ListOperation: b.handleLeaseLookupList,
},
HelpSynopsis: strings.TrimSpace(sysHelp["leases"][0]),
HelpDescription: strings.TrimSpace(sysHelp["leases"][1]),
},
&framework.Path{
Pattern: "leases/lookup",
Fields: map[string]*framework.FieldSchema{
"lease_id": &framework.FieldSchema{
Type: framework.TypeString,
Description: strings.TrimSpace(sysHelp["lease_id"][0]),
},
},
Callbacks: map[logical.Operation]framework.OperationFunc{
logical.UpdateOperation: b.handleLeaseLookup,
},
HelpSynopsis: strings.TrimSpace(sysHelp["leases"][0]),
HelpDescription: strings.TrimSpace(sysHelp["leases"][1]),
},
&framework.Path{
Pattern: "(leases/)?renew" + framework.OptionalParamRegex("url_lease_id"),
vault: Testing sys/renew
2015-03-16 23:11:55 +00:00
Fields: map[string]*framework.FieldSchema{
urllease_id -> url_lease_id
2016-08-08 22:34:00 +00:00
"url_lease_id": &framework.FieldSchema{
Add ability to specify renew lease ID in POST body.
2016-08-08 22:00:44 +00:00
Type: framework.TypeString,
Description: strings.TrimSpace(sysHelp["lease_id"][0]),
},
Replace VaultID with LeaseID for terminology simplification
2015-04-08 20:35:32 +00:00
"lease_id": &framework.FieldSchema{
vault: Testing sys/renew
2015-03-16 23:11:55 +00:00
Type: framework.TypeString,
Replace VaultID with LeaseID for terminology simplification
2015-04-08 20:35:32 +00:00
Description: strings.TrimSpace(sysHelp["lease_id"][0]),
vault: Testing sys/renew
2015-03-16 23:11:55 +00:00
},
"increment": &framework.FieldSchema{
vault: allow increment to be duration string. Fixes #340
2015-06-17 22:58:20 +00:00
Type: framework.TypeDurationSecond,
vault: Testing sys/renew
2015-03-16 23:11:55 +00:00
Description: strings.TrimSpace(sysHelp["increment"][0]),
},
},
Callbacks: map[logical.Operation]framework.OperationFunc{
WriteOperation -> UpdateOperation
2016-01-07 15:30:47 +00:00
logical.UpdateOperation: b.handleRenew,
vault: Testing sys/renew
2015-03-16 23:11:55 +00:00
},
HelpSynopsis: strings.TrimSpace(sysHelp["renew"][0]),
HelpDescription: strings.TrimSpace(sysHelp["renew"][1]),
},
vault: Adding sys/revoke
2015-03-16 23:26:34 +00:00
&framework.Path{
Add the ability to view and list of leases metadata (#2650)
2017-05-04 02:03:42 +00:00
Pattern: "(leases/)?revoke" + framework.OptionalParamRegex("url_lease_id"),
vault: Adding sys/revoke
2015-03-16 23:26:34 +00:00
Fields: map[string]*framework.FieldSchema{
Updating revoke/renew to prefer PUT method (#2646)
2017-04-27 14:47:43 +00:00
"url_lease_id": &framework.FieldSchema{
Type: framework.TypeString,
Description: strings.TrimSpace(sysHelp["lease_id"][0]),
},
Replace VaultID with LeaseID for terminology simplification
2015-04-08 20:35:32 +00:00
"lease_id": &framework.FieldSchema{
vault: Adding sys/revoke
2015-03-16 23:26:34 +00:00
Type: framework.TypeString,
Replace VaultID with LeaseID for terminology simplification
2015-04-08 20:35:32 +00:00
Description: strings.TrimSpace(sysHelp["lease_id"][0]),
vault: Adding sys/revoke
2015-03-16 23:26:34 +00:00
},
},
Callbacks: map[logical.Operation]framework.OperationFunc{
WriteOperation -> UpdateOperation
2016-01-07 15:30:47 +00:00
logical.UpdateOperation: b.handleRevoke,
vault: Adding sys/revoke
2015-03-16 23:26:34 +00:00
},
HelpSynopsis: strings.TrimSpace(sysHelp["revoke"][0]),
HelpDescription: strings.TrimSpace(sysHelp["revoke"][1]),
},
vault: Support sys/revoke-prefix/
2015-03-16 23:33:48 +00:00
Add forced revocation. In some situations, it can be impossible to revoke leases (for instance, if someone has gone and manually removed users created by Vault). This can not only cause Vault to cycle trying to revoke them, but it also prevents mounts from being unmounted, leaving them in a tainted state where the only operations allowed are to revoke (or rollback), which will never successfully complete. This adds a new endpoint that works similarly to `revoke-prefix` but ignores errors coming from a backend upon revocation (it does not ignore errors coming from within the expiration manager, such as errors accessing the data store). This can be used to force Vault to abandon leases. Like `revoke-prefix`, this is a very sensitive operation and requires `sudo`. It is implemented as a separate endpoint, rather than an argument to `revoke-prefix`, to ensure that control can be delegated appropriately, as even most administrators should not normally have this privilege. Fixes #1135
2016-03-03 01:26:38 +00:00
&framework.Path{
Add the ability to view and list of leases metadata (#2650)
2017-05-04 02:03:42 +00:00
Pattern: "(leases/)?revoke-force/(?P<prefix>.+)",
Add forced revocation. In some situations, it can be impossible to revoke leases (for instance, if someone has gone and manually removed users created by Vault). This can not only cause Vault to cycle trying to revoke them, but it also prevents mounts from being unmounted, leaving them in a tainted state where the only operations allowed are to revoke (or rollback), which will never successfully complete. This adds a new endpoint that works similarly to `revoke-prefix` but ignores errors coming from a backend upon revocation (it does not ignore errors coming from within the expiration manager, such as errors accessing the data store). This can be used to force Vault to abandon leases. Like `revoke-prefix`, this is a very sensitive operation and requires `sudo`. It is implemented as a separate endpoint, rather than an argument to `revoke-prefix`, to ensure that control can be delegated appropriately, as even most administrators should not normally have this privilege. Fixes #1135
2016-03-03 01:26:38 +00:00
Fields: map[string]*framework.FieldSchema{
"prefix": &framework.FieldSchema{
Type: framework.TypeString,
Description: strings.TrimSpace(sysHelp["revoke-force-path"][0]),
},
},
Callbacks: map[logical.Operation]framework.OperationFunc{
logical.UpdateOperation: b.handleRevokeForce,
},
HelpSynopsis: strings.TrimSpace(sysHelp["revoke-force"][0]),
HelpDescription: strings.TrimSpace(sysHelp["revoke-force"][1]),
},
vault: Support sys/revoke-prefix/
2015-03-16 23:33:48 +00:00
&framework.Path{
Add the ability to view and list of leases metadata (#2650)
2017-05-04 02:03:42 +00:00
Pattern: "(leases/)?revoke-prefix/(?P<prefix>.+)",
vault: Support sys/revoke-prefix/
2015-03-16 23:33:48 +00:00
Fields: map[string]*framework.FieldSchema{
"prefix": &framework.FieldSchema{
Type: framework.TypeString,
Description: strings.TrimSpace(sysHelp["revoke-prefix-path"][0]),
},
},
Callbacks: map[logical.Operation]framework.OperationFunc{
WriteOperation -> UpdateOperation
2016-01-07 15:30:47 +00:00
logical.UpdateOperation: b.handleRevokePrefix,
vault: Support sys/revoke-prefix/
2015-03-16 23:33:48 +00:00
},
HelpSynopsis: strings.TrimSpace(sysHelp["revoke-prefix"][0]),
HelpDescription: strings.TrimSpace(sysHelp["revoke-prefix"][1]),
},
vault: implement the sys/auth* endpoints
2015-03-20 19:48:19 +00:00
&framework.Path{
Move tidy-leases to leases/tidy
2017-05-04 13:40:11 +00:00
Pattern: "leases/tidy$",
Callbacks: map[logical.Operation]framework.OperationFunc{
logical.UpdateOperation: b.handleTidyLeases,
},
HelpSynopsis: strings.TrimSpace(sysHelp["tidy_leases"][0]),
HelpDescription: strings.TrimSpace(sysHelp["tidy_leases"][1]),
},
&framework.Path{
vault: implement the sys/auth* endpoints
2015-03-20 19:48:19 +00:00
Pattern: "auth$",
Callbacks: map[logical.Operation]framework.OperationFunc{
logical.ReadOperation: b.handleAuthTable,
},
HelpSynopsis: strings.TrimSpace(sysHelp["auth-table"][0]),
HelpDescription: strings.TrimSpace(sysHelp["auth-table"][1]),
},
&framework.Path{
Pattern: "auth/(?P<path>.+)",
Fields: map[string]*framework.FieldSchema{
"path": &framework.FieldSchema{
Type: framework.TypeString,
Description: strings.TrimSpace(sysHelp["auth_path"][0]),
},
"type": &framework.FieldSchema{
Type: framework.TypeString,
Description: strings.TrimSpace(sysHelp["auth_type"][0]),
},
"description": &framework.FieldSchema{
Type: framework.TypeString,
Description: strings.TrimSpace(sysHelp["auth_desc"][0]),
},
Normalize plugin_name option for mount and enable-auth (#3202)
2017-08-31 16:16:59 +00:00
"config": &framework.FieldSchema{
Type: framework.TypeMap,
Description: strings.TrimSpace(sysHelp["auth_config"][0]),
Backend plugin system (#2874) * Add backend plugin changes * Fix totp backend plugin tests * Fix logical/plugin InvalidateKey test * Fix plugin catalog CRUD test, fix NoopBackend * Clean up commented code block * Fix system backend mount test * Set plugin_name to omitempty, fix handleMountTable config parsing * Clean up comments, keep shim connections alive until cleanup * Include pluginClient, disallow LookupPlugin call from within a plugin * Add wrapper around backendPluginClient for proper cleanup * Add logger shim tests * Add logger, storage, and system shim tests * Use pointer receivers for system view shim * Use plugin name if no path is provided on mount * Enable plugins for auth backends * Add backend type attribute, move builtin/plugin/package * Fix merge conflict * Fix missing plugin name in mount config * Add integration tests on enabling auth backend plugins * Remove dependency cycle on mock-plugin * Add passthrough backend plugin, use logical.BackendType to determine lease generation * Remove vault package dependency on passthrough package * Add basic impl test for passthrough plugin * Incorporate feedback; set b.backend after shims creation on backendPluginServer * Fix totp plugin test * Add plugin backends docs * Fix tests * Fix builtin/plugin tests * Remove flatten from PluginRunner fields * Move mock plugin to logical/plugin, remove totp and passthrough plugins * Move pluginMap into newPluginClient * Do not create storage RPC connection on HandleRequest and HandleExistenceCheck * Change shim logger's Fatal to no-op * Change BackendType to uint32, match UX backend types * Change framework.Backend Setup signature * Add Setup func to logical.Backend interface * Move OptionallyEnableMlock call into plugin.Serve, update docs and comments * Remove commented var in plugin package * RegisterLicense on logical.Backend interface (#3017) * Add RegisterLicense to logical.Backend interface * Update RegisterLicense to use callback func on framework.Backend * Refactor framework.Backend.RegisterLicense * plugin: Prevent plugin.SystemViewClient.ResponseWrapData from getting JWTs * plugin: Revert BackendType to remove TypePassthrough and related references * Fix typo in plugin backends docs
2017-07-20 17:28:40 +00:00
},
More porting from rep (#2388) * More porting from rep * Address review feedback
2017-02-16 21:29:30 +00:00
"local": &framework.FieldSchema{
Type: framework.TypeBool,
Default: false,
Description: strings.TrimSpace(sysHelp["mount_local"][0]),
},
Normalize plugin_name option for mount and enable-auth (#3202)
2017-08-31 16:16:59 +00:00
"plugin_name": &framework.FieldSchema{
Type: framework.TypeString,
Description: strings.TrimSpace(sysHelp["auth_plugin"][0]),
},
vault: implement the sys/auth* endpoints
2015-03-20 19:48:19 +00:00
},
Callbacks: map[logical.Operation]framework.OperationFunc{
Create more granular ACL capabilities. This commit splits ACL policies into more fine-grained capabilities. This both drastically simplifies the checking code and makes it possible to support needed workflows that are not possible with the previous method. It is backwards compatible; policies containing a "policy" string are simply converted to a set of capabilities matching previous behavior. Fixes #724 (and others).
2016-01-07 20:10:05 +00:00
logical.UpdateOperation: b.handleEnableAuth,
vault: implement the sys/auth* endpoints
2015-03-20 19:48:19 +00:00
logical.DeleteOperation: b.handleDisableAuth,
},
HelpSynopsis: strings.TrimSpace(sysHelp["auth"][0]),
HelpDescription: strings.TrimSpace(sysHelp["auth"][1]),
},
vault: Support policy CRUD
2015-03-23 21:43:31 +00:00
&framework.Path{
Pattern: "policy$",
Callbacks: map[logical.Operation]framework.OperationFunc{
logical.ReadOperation: b.handlePolicyList,
Remove sys_policy from special handling as it's implemented in logical_system too. Clean up the mux handlers.
2016-03-02 19:16:54 +00:00
logical.ListOperation: b.handlePolicyList,
vault: Support policy CRUD
2015-03-23 21:43:31 +00:00
},
HelpSynopsis: strings.TrimSpace(sysHelp["policy-list"][0]),
HelpDescription: strings.TrimSpace(sysHelp["policy-list"][1]),
},
&framework.Path{
Pattern: "policy/(?P<name>.+)",
Fields: map[string]*framework.FieldSchema{
"name": &framework.FieldSchema{
Type: framework.TypeString,
Description: strings.TrimSpace(sysHelp["policy-name"][0]),
},
"rules": &framework.FieldSchema{
Type: framework.TypeString,
Description: strings.TrimSpace(sysHelp["policy-rules"][0]),
},
},
Callbacks: map[logical.Operation]framework.OperationFunc{
logical.ReadOperation: b.handlePolicyRead,
Create more granular ACL capabilities. This commit splits ACL policies into more fine-grained capabilities. This both drastically simplifies the checking code and makes it possible to support needed workflows that are not possible with the previous method. It is backwards compatible; policies containing a "policy" string are simply converted to a set of capabilities matching previous behavior. Fixes #724 (and others).
2016-01-07 20:10:05 +00:00
logical.UpdateOperation: b.handlePolicySet,
vault: Support policy CRUD
2015-03-23 21:43:31 +00:00
logical.DeleteOperation: b.handlePolicyDelete,
},
HelpSynopsis: strings.TrimSpace(sysHelp["policy"][0]),
HelpDescription: strings.TrimSpace(sysHelp["policy"][1]),
},
vault: Adding sys/ paths to enable/disable audit backends
2015-03-31 23:45:00 +00:00
Add missing path-helps and clarify subpaths in tables
2016-04-13 21:15:54 +00:00
&framework.Path{
Pattern: "seal-status$",
HelpSynopsis: strings.TrimSpace(sysHelp["seal-status"][0]),
HelpDescription: strings.TrimSpace(sysHelp["seal-status"][1]),
},
&framework.Path{
Pattern: "seal$",
HelpSynopsis: strings.TrimSpace(sysHelp["seal"][0]),
HelpDescription: strings.TrimSpace(sysHelp["seal"][1]),
},
&framework.Path{
Pattern: "unseal$",
HelpSynopsis: strings.TrimSpace(sysHelp["unseal"][0]),
HelpDescription: strings.TrimSpace(sysHelp["unseal"][1]),
},
Reintroduce the ability to look up obfuscated values in the audit log with a new endpoint '/sys/audit-hash', which returns the given input string hashed with the given audit backend's hash function and salt (currently, always HMAC-SHA256 and a backend-specific salt). In the process of adding the HTTP handler, this also removes the custom HTTP handlers for the other audit endpoints, which were simply forwarding to the logical system backend. This means that the various audit functions will now redirect correctly from a standby to master. (Tests all pass.) Fixes #784
2015-11-19 01:26:03 +00:00
&framework.Path{
Pattern: "audit-hash/(?P<path>.+)",
Fields: map[string]*framework.FieldSchema{
"path": &framework.FieldSchema{
Type: framework.TypeString,
Description: strings.TrimSpace(sysHelp["audit_path"][0]),
},
"input": &framework.FieldSchema{
Type: framework.TypeString,
},
},
Callbacks: map[logical.Operation]framework.OperationFunc{
WriteOperation -> UpdateOperation
2016-01-07 15:30:47 +00:00
logical.UpdateOperation: b.handleAuditHash,
Reintroduce the ability to look up obfuscated values in the audit log with a new endpoint '/sys/audit-hash', which returns the given input string hashed with the given audit backend's hash function and salt (currently, always HMAC-SHA256 and a backend-specific salt). In the process of adding the HTTP handler, this also removes the custom HTTP handlers for the other audit endpoints, which were simply forwarding to the logical system backend. This means that the various audit functions will now redirect correctly from a standby to master. (Tests all pass.) Fixes #784
2015-11-19 01:26:03 +00:00
},
HelpSynopsis: strings.TrimSpace(sysHelp["audit-hash"][0]),
HelpDescription: strings.TrimSpace(sysHelp["audit-hash"][1]),
},
vault: Adding sys/ paths to enable/disable audit backends
2015-03-31 23:45:00 +00:00
&framework.Path{
Pattern: "audit$",
Callbacks: map[logical.Operation]framework.OperationFunc{
logical.ReadOperation: b.handleAuditTable,
},
HelpSynopsis: strings.TrimSpace(sysHelp["audit-table"][0]),
HelpDescription: strings.TrimSpace(sysHelp["audit-table"][1]),
},
&framework.Path{
Pattern: "audit/(?P<path>.+)",
Fields: map[string]*framework.FieldSchema{
"path": &framework.FieldSchema{
Type: framework.TypeString,
Description: strings.TrimSpace(sysHelp["audit_path"][0]),
},
"type": &framework.FieldSchema{
Type: framework.TypeString,
Description: strings.TrimSpace(sysHelp["audit_type"][0]),
},
"description": &framework.FieldSchema{
Type: framework.TypeString,
Description: strings.TrimSpace(sysHelp["audit_desc"][0]),
},
"options": &framework.FieldSchema{
Type: framework.TypeMap,
Description: strings.TrimSpace(sysHelp["audit_opts"][0]),
},
More porting from rep (#2388) * More porting from rep * Address review feedback
2017-02-16 21:29:30 +00:00
"local": &framework.FieldSchema{
Type: framework.TypeBool,
Default: false,
Description: strings.TrimSpace(sysHelp["mount_local"][0]),
},
vault: Adding sys/ paths to enable/disable audit backends
2015-03-31 23:45:00 +00:00
},
Callbacks: map[logical.Operation]framework.OperationFunc{
Create more granular ACL capabilities. This commit splits ACL policies into more fine-grained capabilities. This both drastically simplifies the checking code and makes it possible to support needed workflows that are not possible with the previous method. It is backwards compatible; policies containing a "policy" string are simply converted to a set of capabilities matching previous behavior. Fixes #724 (and others).
2016-01-07 20:10:05 +00:00
logical.UpdateOperation: b.handleEnableAudit,
vault: Adding sys/ paths to enable/disable audit backends
2015-03-31 23:45:00 +00:00
logical.DeleteOperation: b.handleDisableAudit,
},
HelpSynopsis: strings.TrimSpace(sysHelp["audit"][0]),
HelpDescription: strings.TrimSpace(sysHelp["audit"][1]),
},
vault: Adding the raw/ endpoints to sys
2015-04-02 00:44:43 +00:00
vault: adding sys/key-status and sys/rotate
2015-05-28 00:53:42 +00:00
&framework.Path{
Pattern: "key-status$",
Callbacks: map[logical.Operation]framework.OperationFunc{
logical.ReadOperation: b.handleKeyStatus,
},
HelpSynopsis: strings.TrimSpace(sysHelp["key-status"][0]),
HelpDescription: strings.TrimSpace(sysHelp["key-status"][1]),
},
&framework.Path{
Pattern: "rotate$",
Callbacks: map[logical.Operation]framework.OperationFunc{
WriteOperation -> UpdateOperation
2016-01-07 15:30:47 +00:00
logical.UpdateOperation: b.handleRotate,
vault: adding sys/key-status and sys/rotate
2015-05-28 00:53:42 +00:00
},
HelpSynopsis: strings.TrimSpace(sysHelp["rotate"][0]),
HelpDescription: strings.TrimSpace(sysHelp["rotate"][1]),
},
Wrapping enhancements (#1927)
2016-09-29 04:01:28 +00:00
JWT wrapping tokens (#2172)
2017-01-04 21:44:03 +00:00
/*
// Disabled for the moment as we don't support this externally
&framework.Path{
Pattern: "wrapping/pubkey$",
Callbacks: map[logical.Operation]framework.OperationFunc{
logical.ReadOperation: b.handleWrappingPubkey,
},
HelpSynopsis: strings.TrimSpace(sysHelp["wrappubkey"][0]),
HelpDescription: strings.TrimSpace(sysHelp["wrappubkey"][1]),
},
*/
Wrapping enhancements (#1927)
2016-09-29 04:01:28 +00:00
&framework.Path{
Pattern: "wrapping/wrap$",
Callbacks: map[logical.Operation]framework.OperationFunc{
logical.UpdateOperation: b.handleWrappingWrap,
},
HelpSynopsis: strings.TrimSpace(sysHelp["wrap"][0]),
HelpDescription: strings.TrimSpace(sysHelp["wrap"][1]),
},
&framework.Path{
Pattern: "wrapping/unwrap$",
Fields: map[string]*framework.FieldSchema{
"token": &framework.FieldSchema{
Type: framework.TypeString,
},
},
Callbacks: map[logical.Operation]framework.OperationFunc{
logical.UpdateOperation: b.handleWrappingUnwrap,
},
HelpSynopsis: strings.TrimSpace(sysHelp["unwrap"][0]),
HelpDescription: strings.TrimSpace(sysHelp["unwrap"][1]),
},
&framework.Path{
Pattern: "wrapping/lookup$",
Fields: map[string]*framework.FieldSchema{
"token": &framework.FieldSchema{
Type: framework.TypeString,
},
},
Callbacks: map[logical.Operation]framework.OperationFunc{
logical.UpdateOperation: b.handleWrappingLookup,
Make sys/wrapping/lookup unauthenticated. (#3084) We still perform validation on the token, so if the call makes it through to this endpoint it's got a valid token (either explicitly specified in data or as the request token). But this allows introspection for sanity/safety checking without revoking the token in the process.
2017-07-31 20:16:16 +00:00
logical.ReadOperation: b.handleWrappingLookup,
Wrapping enhancements (#1927)
2016-09-29 04:01:28 +00:00
},
HelpSynopsis: strings.TrimSpace(sysHelp["wraplookup"][0]),
HelpDescription: strings.TrimSpace(sysHelp["wraplookup"][1]),
},
&framework.Path{
Pattern: "wrapping/rewrap$",
Fields: map[string]*framework.FieldSchema{
"token": &framework.FieldSchema{
Type: framework.TypeString,
},
},
Callbacks: map[logical.Operation]framework.OperationFunc{
logical.UpdateOperation: b.handleWrappingRewrap,
},
HelpSynopsis: strings.TrimSpace(sysHelp["rewrap"][0]),
HelpDescription: strings.TrimSpace(sysHelp["rewrap"][1]),
},
Configure the request headers that are output to the audit log (#2321) * Add /sys/config/audited-headers endpoint for configuring the headers that will be audited * Remove some debug lines * Add a persistant layer and refactor a bit * update the api endpoints to be more restful * Add comments and clean up a few functions * Remove unneeded hash structure functionaility * Fix existing tests * Add tests * Add test for Applying the header config * Add Benchmark for the ApplyConfig method * ResetTimer on the benchmark: * Update the headers comment * Add test for audit broker * Use hyphens instead of camel case * Add size paramater to the allocation of the result map * Fix the tests for the audit broker * PR feedback * update the path and permissions on config/* paths * Add docs file * Fix TestSystemBackend_RootPaths test
2017-02-02 19:49:20 +00:00
&framework.Path{
Pattern: "config/auditing/request-headers/(?P<header>.+)",
Fields: map[string]*framework.FieldSchema{
"header": &framework.FieldSchema{
Type: framework.TypeString,
},
"hmac": &framework.FieldSchema{
Type: framework.TypeBool,
},
},
Callbacks: map[logical.Operation]framework.OperationFunc{
logical.UpdateOperation: b.handleAuditedHeaderUpdate,
logical.DeleteOperation: b.handleAuditedHeaderDelete,
logical.ReadOperation: b.handleAuditedHeaderRead,
},
Update the help text for auditing headers (#2330) * Update the help text for auditing headers * Update help name
2017-02-03 18:08:31 +00:00
HelpSynopsis: strings.TrimSpace(sysHelp["audited-headers-name"][0]),
HelpDescription: strings.TrimSpace(sysHelp["audited-headers-name"][1]),
Configure the request headers that are output to the audit log (#2321) * Add /sys/config/audited-headers endpoint for configuring the headers that will be audited * Remove some debug lines * Add a persistant layer and refactor a bit * update the api endpoints to be more restful * Add comments and clean up a few functions * Remove unneeded hash structure functionaility * Fix existing tests * Add tests * Add test for Applying the header config * Add Benchmark for the ApplyConfig method * ResetTimer on the benchmark: * Update the headers comment * Add test for audit broker * Use hyphens instead of camel case * Add size paramater to the allocation of the result map * Fix the tests for the audit broker * PR feedback * update the path and permissions on config/* paths * Add docs file * Fix TestSystemBackend_RootPaths test
2017-02-02 19:49:20 +00:00
},
Add the ability to view and list of leases metadata (#2650)
2017-05-04 02:03:42 +00:00
Configure the request headers that are output to the audit log (#2321) * Add /sys/config/audited-headers endpoint for configuring the headers that will be audited * Remove some debug lines * Add a persistant layer and refactor a bit * update the api endpoints to be more restful * Add comments and clean up a few functions * Remove unneeded hash structure functionaility * Fix existing tests * Add tests * Add test for Applying the header config * Add Benchmark for the ApplyConfig method * ResetTimer on the benchmark: * Update the headers comment * Add test for audit broker * Use hyphens instead of camel case * Add size paramater to the allocation of the result map * Fix the tests for the audit broker * PR feedback * update the path and permissions on config/* paths * Add docs file * Fix TestSystemBackend_RootPaths test
2017-02-02 19:49:20 +00:00
&framework.Path{
Pattern: "config/auditing/request-headers$",
Callbacks: map[logical.Operation]framework.OperationFunc{
logical.ReadOperation: b.handleAuditedHeadersRead,
},
Update the help text for auditing headers (#2330) * Update the help text for auditing headers * Update help name
2017-02-03 18:08:31 +00:00
HelpSynopsis: strings.TrimSpace(sysHelp["audited-headers"][0]),
HelpDescription: strings.TrimSpace(sysHelp["audited-headers"][1]),
Configure the request headers that are output to the audit log (#2321) * Add /sys/config/audited-headers endpoint for configuring the headers that will be audited * Remove some debug lines * Add a persistant layer and refactor a bit * update the api endpoints to be more restful * Add comments and clean up a few functions * Remove unneeded hash structure functionaility * Fix existing tests * Add tests * Add test for Applying the header config * Add Benchmark for the ApplyConfig method * ResetTimer on the benchmark: * Update the headers comment * Add test for audit broker * Use hyphens instead of camel case * Add size paramater to the allocation of the result map * Fix the tests for the audit broker * PR feedback * update the path and permissions on config/* paths * Add docs file * Fix TestSystemBackend_RootPaths test
2017-02-02 19:49:20 +00:00
},
Add remaining crud functions to plugin catalog and tests
2017-04-12 16:40:54 +00:00
&framework.Path{
Backend plugin system (#2874) * Add backend plugin changes * Fix totp backend plugin tests * Fix logical/plugin InvalidateKey test * Fix plugin catalog CRUD test, fix NoopBackend * Clean up commented code block * Fix system backend mount test * Set plugin_name to omitempty, fix handleMountTable config parsing * Clean up comments, keep shim connections alive until cleanup * Include pluginClient, disallow LookupPlugin call from within a plugin * Add wrapper around backendPluginClient for proper cleanup * Add logger shim tests * Add logger, storage, and system shim tests * Use pointer receivers for system view shim * Use plugin name if no path is provided on mount * Enable plugins for auth backends * Add backend type attribute, move builtin/plugin/package * Fix merge conflict * Fix missing plugin name in mount config * Add integration tests on enabling auth backend plugins * Remove dependency cycle on mock-plugin * Add passthrough backend plugin, use logical.BackendType to determine lease generation * Remove vault package dependency on passthrough package * Add basic impl test for passthrough plugin * Incorporate feedback; set b.backend after shims creation on backendPluginServer * Fix totp plugin test * Add plugin backends docs * Fix tests * Fix builtin/plugin tests * Remove flatten from PluginRunner fields * Move mock plugin to logical/plugin, remove totp and passthrough plugins * Move pluginMap into newPluginClient * Do not create storage RPC connection on HandleRequest and HandleExistenceCheck * Change shim logger's Fatal to no-op * Change BackendType to uint32, match UX backend types * Change framework.Backend Setup signature * Add Setup func to logical.Backend interface * Move OptionallyEnableMlock call into plugin.Serve, update docs and comments * Remove commented var in plugin package * RegisterLicense on logical.Backend interface (#3017) * Add RegisterLicense to logical.Backend interface * Update RegisterLicense to use callback func on framework.Backend * Refactor framework.Backend.RegisterLicense * plugin: Prevent plugin.SystemViewClient.ResponseWrapData from getting JWTs * plugin: Revert BackendType to remove TypePassthrough and related references * Fix typo in plugin backends docs
2017-07-20 17:28:40 +00:00
Pattern: "plugins/catalog/?$",
Add remaining crud functions to plugin catalog and tests
2017-04-12 16:40:54 +00:00
Fields: map[string]*framework.FieldSchema{},
Callbacks: map[logical.Operation]framework.OperationFunc{
logical.ListOperation: b.handlePluginCatalogList,
},
Add path help and comments for plugin-catalog
2017-04-12 17:01:36 +00:00
HelpSynopsis: strings.TrimSpace(sysHelp["plugin-catalog"][0]),
HelpDescription: strings.TrimSpace(sysHelp["plugin-catalog"][1]),
Add remaining crud functions to plugin catalog and tests
2017-04-12 16:40:54 +00:00
},
Plugin catalog
2017-04-04 00:52:29 +00:00
&framework.Path{
Update path for the plugin catalog in logical system
2017-04-24 18:35:32 +00:00
Pattern: "plugins/catalog/(?P<name>.+)",
Plugin catalog
2017-04-04 00:52:29 +00:00
Fields: map[string]*framework.FieldSchema{
"name": &framework.FieldSchema{
Update the builtin keys; move catalog to core; protect against unset plugin directory
2017-04-24 17:30:33 +00:00
Type: framework.TypeString,
Backend plugin system (#2874) * Add backend plugin changes * Fix totp backend plugin tests * Fix logical/plugin InvalidateKey test * Fix plugin catalog CRUD test, fix NoopBackend * Clean up commented code block * Fix system backend mount test * Set plugin_name to omitempty, fix handleMountTable config parsing * Clean up comments, keep shim connections alive until cleanup * Include pluginClient, disallow LookupPlugin call from within a plugin * Add wrapper around backendPluginClient for proper cleanup * Add logger shim tests * Add logger, storage, and system shim tests * Use pointer receivers for system view shim * Use plugin name if no path is provided on mount * Enable plugins for auth backends * Add backend type attribute, move builtin/plugin/package * Fix merge conflict * Fix missing plugin name in mount config * Add integration tests on enabling auth backend plugins * Remove dependency cycle on mock-plugin * Add passthrough backend plugin, use logical.BackendType to determine lease generation * Remove vault package dependency on passthrough package * Add basic impl test for passthrough plugin * Incorporate feedback; set b.backend after shims creation on backendPluginServer * Fix totp plugin test * Add plugin backends docs * Fix tests * Fix builtin/plugin tests * Remove flatten from PluginRunner fields * Move mock plugin to logical/plugin, remove totp and passthrough plugins * Move pluginMap into newPluginClient * Do not create storage RPC connection on HandleRequest and HandleExistenceCheck * Change shim logger's Fatal to no-op * Change BackendType to uint32, match UX backend types * Change framework.Backend Setup signature * Add Setup func to logical.Backend interface * Move OptionallyEnableMlock call into plugin.Serve, update docs and comments * Remove commented var in plugin package * RegisterLicense on logical.Backend interface (#3017) * Add RegisterLicense to logical.Backend interface * Update RegisterLicense to use callback func on framework.Backend * Refactor framework.Backend.RegisterLicense * plugin: Prevent plugin.SystemViewClient.ResponseWrapData from getting JWTs * plugin: Revert BackendType to remove TypePassthrough and related references * Fix typo in plugin backends docs
2017-07-20 17:28:40 +00:00
Description: strings.TrimSpace(sysHelp["plugin-catalog_name"][0]),
Plugin catalog
2017-04-04 00:52:29 +00:00
},
* Add ability to specify a plugin dir in dev mode (#3184) * Change (with backwards compatibility) sha_256 to sha256 for plugin registration
2017-08-16 15:17:50 +00:00
"sha256": &framework.FieldSchema{
Type: framework.TypeString,
Description: strings.TrimSpace(sysHelp["plugin-catalog_sha-256"][0]),
},
Plugin catalog
2017-04-04 00:52:29 +00:00
"sha_256": &framework.FieldSchema{
Backend plugin system (#2874) * Add backend plugin changes * Fix totp backend plugin tests * Fix logical/plugin InvalidateKey test * Fix plugin catalog CRUD test, fix NoopBackend * Clean up commented code block * Fix system backend mount test * Set plugin_name to omitempty, fix handleMountTable config parsing * Clean up comments, keep shim connections alive until cleanup * Include pluginClient, disallow LookupPlugin call from within a plugin * Add wrapper around backendPluginClient for proper cleanup * Add logger shim tests * Add logger, storage, and system shim tests * Use pointer receivers for system view shim * Use plugin name if no path is provided on mount * Enable plugins for auth backends * Add backend type attribute, move builtin/plugin/package * Fix merge conflict * Fix missing plugin name in mount config * Add integration tests on enabling auth backend plugins * Remove dependency cycle on mock-plugin * Add passthrough backend plugin, use logical.BackendType to determine lease generation * Remove vault package dependency on passthrough package * Add basic impl test for passthrough plugin * Incorporate feedback; set b.backend after shims creation on backendPluginServer * Fix totp plugin test * Add plugin backends docs * Fix tests * Fix builtin/plugin tests * Remove flatten from PluginRunner fields * Move mock plugin to logical/plugin, remove totp and passthrough plugins * Move pluginMap into newPluginClient * Do not create storage RPC connection on HandleRequest and HandleExistenceCheck * Change shim logger's Fatal to no-op * Change BackendType to uint32, match UX backend types * Change framework.Backend Setup signature * Add Setup func to logical.Backend interface * Move OptionallyEnableMlock call into plugin.Serve, update docs and comments * Remove commented var in plugin package * RegisterLicense on logical.Backend interface (#3017) * Add RegisterLicense to logical.Backend interface * Update RegisterLicense to use callback func on framework.Backend * Refactor framework.Backend.RegisterLicense * plugin: Prevent plugin.SystemViewClient.ResponseWrapData from getting JWTs * plugin: Revert BackendType to remove TypePassthrough and related references * Fix typo in plugin backends docs
2017-07-20 17:28:40 +00:00
Type: framework.TypeString,
Description: strings.TrimSpace(sysHelp["plugin-catalog_sha-256"][0]),
Plugin catalog
2017-04-04 00:52:29 +00:00
},
"command": &framework.FieldSchema{
Backend plugin system (#2874) * Add backend plugin changes * Fix totp backend plugin tests * Fix logical/plugin InvalidateKey test * Fix plugin catalog CRUD test, fix NoopBackend * Clean up commented code block * Fix system backend mount test * Set plugin_name to omitempty, fix handleMountTable config parsing * Clean up comments, keep shim connections alive until cleanup * Include pluginClient, disallow LookupPlugin call from within a plugin * Add wrapper around backendPluginClient for proper cleanup * Add logger shim tests * Add logger, storage, and system shim tests * Use pointer receivers for system view shim * Use plugin name if no path is provided on mount * Enable plugins for auth backends * Add backend type attribute, move builtin/plugin/package * Fix merge conflict * Fix missing plugin name in mount config * Add integration tests on enabling auth backend plugins * Remove dependency cycle on mock-plugin * Add passthrough backend plugin, use logical.BackendType to determine lease generation * Remove vault package dependency on passthrough package * Add basic impl test for passthrough plugin * Incorporate feedback; set b.backend after shims creation on backendPluginServer * Fix totp plugin test * Add plugin backends docs * Fix tests * Fix builtin/plugin tests * Remove flatten from PluginRunner fields * Move mock plugin to logical/plugin, remove totp and passthrough plugins * Move pluginMap into newPluginClient * Do not create storage RPC connection on HandleRequest and HandleExistenceCheck * Change shim logger's Fatal to no-op * Change BackendType to uint32, match UX backend types * Change framework.Backend Setup signature * Add Setup func to logical.Backend interface * Move OptionallyEnableMlock call into plugin.Serve, update docs and comments * Remove commented var in plugin package * RegisterLicense on logical.Backend interface (#3017) * Add RegisterLicense to logical.Backend interface * Update RegisterLicense to use callback func on framework.Backend * Refactor framework.Backend.RegisterLicense * plugin: Prevent plugin.SystemViewClient.ResponseWrapData from getting JWTs * plugin: Revert BackendType to remove TypePassthrough and related references * Fix typo in plugin backends docs
2017-07-20 17:28:40 +00:00
Type: framework.TypeString,
Description: strings.TrimSpace(sysHelp["plugin-catalog_command"][0]),
Plugin catalog
2017-04-04 00:52:29 +00:00
},
},
Callbacks: map[logical.Operation]framework.OperationFunc{
logical.UpdateOperation: b.handlePluginCatalogUpdate,
logical.DeleteOperation: b.handlePluginCatalogDelete,
logical.ReadOperation: b.handlePluginCatalogRead,
},
Add path help and comments for plugin-catalog
2017-04-12 17:01:36 +00:00
HelpSynopsis: strings.TrimSpace(sysHelp["plugin-catalog"][0]),
HelpDescription: strings.TrimSpace(sysHelp["plugin-catalog"][1]),
Plugin catalog
2017-04-04 00:52:29 +00:00
},
Add plugin backend reload capability (#3112) * Add plugin reload capability on all mounts for a specific plugin type * Comments cleanup * Add per-mount plugin backend reload, add tests * Fix typos * Remove old comment * Reuse existing storage view in reloadPluginCommon * Correctly handle reloading auth plugin backends * Update path to plugin/backend/reload * Use multierrors on reloadMatchingPluginMounts, attempt to reload all mounts provided * Use internal value as check to ensure plugin backend reload * Remove connection state from request for plugins at the moment * Minor cleanup * Refactor tests
2017-08-08 04:18:59 +00:00
&framework.Path{
plugins/backend/reload -> plugins/reload/backend (#3186)
2017-08-16 16:40:38 +00:00
Pattern: "plugins/reload/backend$",
Add plugin backend reload capability (#3112) * Add plugin reload capability on all mounts for a specific plugin type * Comments cleanup * Add per-mount plugin backend reload, add tests * Fix typos * Remove old comment * Reuse existing storage view in reloadPluginCommon * Correctly handle reloading auth plugin backends * Update path to plugin/backend/reload * Use multierrors on reloadMatchingPluginMounts, attempt to reload all mounts provided * Use internal value as check to ensure plugin backend reload * Remove connection state from request for plugins at the moment * Minor cleanup * Refactor tests
2017-08-08 04:18:59 +00:00
Fields: map[string]*framework.FieldSchema{
"plugin": &framework.FieldSchema{
Type: framework.TypeString,
Description: strings.TrimSpace(sysHelp["plugin-backend-reload-plugin"][0]),
},
"mounts": &framework.FieldSchema{
Type: framework.TypeCommaStringSlice,
Description: strings.TrimSpace(sysHelp["plugin-backend-reload-mounts"][0]),
},
},
Callbacks: map[logical.Operation]framework.OperationFunc{
logical.UpdateOperation: b.handlePluginReloadUpdate,
},
HelpSynopsis: strings.TrimSpace(sysHelp["plugin-reload"][0]),
HelpDescription: strings.TrimSpace(sysHelp["plugin-reload"][1]),
},
copying general purpose tools from transit backend to /sys/tools (#3391)
2017-10-20 14:59:17 +00:00
&framework.Path{
Pattern: "tools/hash" + framework.OptionalParamRegex("urlalgorithm"),
Fields: map[string]*framework.FieldSchema{
"input": &framework.FieldSchema{
Type: framework.TypeString,
Description: "The base64-encoded input data",
},
"algorithm": &framework.FieldSchema{
Type: framework.TypeString,
Default: "sha2-256",
Description: `Algorithm to use (POST body parameter). Valid values are:
* sha2-224
* sha2-256
* sha2-384
* sha2-512
Defaults to "sha2-256".`,
},
"urlalgorithm": &framework.FieldSchema{
Type: framework.TypeString,
Description: `Algorithm to use (POST URL parameter)`,
},
"format": &framework.FieldSchema{
Type: framework.TypeString,
Default: "hex",
Description: `Encoding format to use. Can be "hex" or "base64". Defaults to "hex".`,
},
},
Callbacks: map[logical.Operation]framework.OperationFunc{
logical.UpdateOperation: b.pathHashWrite,
},
HelpSynopsis: strings.TrimSpace(sysHelp["hash"][0]),
HelpDescription: strings.TrimSpace(sysHelp["hash"][1]),
},
&framework.Path{
Pattern: "tools/random" + framework.OptionalParamRegex("urlbytes"),
Fields: map[string]*framework.FieldSchema{
"urlbytes": &framework.FieldSchema{
Type: framework.TypeString,
Description: "The number of bytes to generate (POST URL parameter)",
},
"bytes": &framework.FieldSchema{
Type: framework.TypeInt,
Default: 32,
Description: "The number of bytes to generate (POST body parameter). Defaults to 32 (256 bits).",
},
"format": &framework.FieldSchema{
Type: framework.TypeString,
Default: "base64",
Description: `Encoding format to use. Can be "hex" or "base64". Defaults to "base64".`,
},
},
Callbacks: map[logical.Operation]framework.OperationFunc{
logical.UpdateOperation: b.pathRandomWrite,
},
HelpSynopsis: strings.TrimSpace(sysHelp["random"][0]),
HelpDescription: strings.TrimSpace(sysHelp["random"][1]),
},
vault: system using the framework
2015-03-16 00:35:59 +00:00
},
}
Push a lot of logic into Router to make a bunch of it nicer and enable a lot of cleanup. Plumb config and calls to framework.Backend.Setup() into logical_system and elsewhere, including tests.
2015-09-04 20:58:12 +00:00
Fix rep path fetching method into a function
2017-02-17 04:23:21 +00:00
b.Backend.Paths = append(b.Backend.Paths, replicationPaths(b)...)
More porting from rep (#2388) * More porting from rep * Address review feedback
2017-02-16 21:29:30 +00:00
Disable the `sys/raw` endpoint by default (#3329) * disable raw endpoint by default * adding docs * config option raw -> raw_storage_endpoint * docs updates * adding listing on raw endpoint * reworking tests for enabled raw endpoints * root protecting base raw endpoint
2017-09-15 04:21:35 +00:00
if core.rawEnabled {
b.Backend.Paths = append(b.Backend.Paths, &framework.Path{
Pattern: "(raw/?$|raw/(?P<path>.+))",
Fields: map[string]*framework.FieldSchema{
"path": &framework.FieldSchema{
Type: framework.TypeString,
},
"value": &framework.FieldSchema{
Type: framework.TypeString,
},
},
Callbacks: map[logical.Operation]framework.OperationFunc{
logical.ReadOperation: b.handleRawRead,
logical.UpdateOperation: b.handleRawWrite,
logical.DeleteOperation: b.handleRawDelete,
logical.ListOperation: b.handleRawList,
},
})
}
More porting from rep (#2388) * More porting from rep * Address review feedback
2017-02-16 21:29:30 +00:00
b.Backend.Invalidate = b.invalidate
Fix up CORS. Ref #2021
2017-06-17 05:26:25 +00:00
return b
vault: system using the framework
2015-03-16 00:35:59 +00:00
}
vault: convert system to logical.Backend
2015-03-15 21:42:05 +00:00
// SystemBackend implements logical.Backend and is used to interact with
// the core of the system. This backend is hardcoded to exist at the "sys"
// prefix. Conceptually it is similar to procfs on Linux.
vault: rename SystemBackend2 to SystemBackend
2015-03-15 21:54:49 +00:00
type SystemBackend struct {
Fix up CORS. Ref #2021
2017-06-17 05:26:25 +00:00
*framework.Backend
Core *Core
vault: convert system to logical.Backend
2015-03-15 21:42:05 +00:00
}
Cors headers (#2021)
2017-06-17 04:04:55 +00:00
// handleCORSRead returns the current CORS configuration
func (b *SystemBackend) handleCORSRead(req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
corsConf := b.Core.corsConfig
Fix up CORS. Ref #2021
2017-06-17 05:26:25 +00:00
enabled := corsConf.IsEnabled()
resp := &logical.Response{
Cors headers (#2021)
2017-06-17 04:04:55 +00:00
Data: map[string]interface{}{
Fix up CORS. Ref #2021
2017-06-17 05:26:25 +00:00
"enabled": enabled,
Cors headers (#2021)
2017-06-17 04:04:55 +00:00
},
Fix up CORS. Ref #2021
2017-06-17 05:26:25 +00:00
}
if enabled {
corsConf.RLock()
resp.Data["allowed_origins"] = corsConf.AllowedOrigins
Set allowed headers via API instead of defaulting to wildcard. (#3023)
2017-08-07 14:03:30 +00:00
resp.Data["allowed_headers"] = corsConf.AllowedHeaders
Fix up CORS. Ref #2021
2017-06-17 05:26:25 +00:00
corsConf.RUnlock()
}
return resp, nil
Cors headers (#2021)
2017-06-17 04:04:55 +00:00
}
Fix up CORS. Ref #2021
2017-06-17 05:26:25 +00:00
// handleCORSUpdate sets the list of origins that are allowed to make
// cross-origin requests and sets the CORS enabled flag to true
Cors headers (#2021)
2017-06-17 04:04:55 +00:00
func (b *SystemBackend) handleCORSUpdate(req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
origins := d.Get("allowed_origins").([]string)
Set allowed headers via API instead of defaulting to wildcard. (#3023)
2017-08-07 14:03:30 +00:00
headers := d.Get("allowed_headers").([]string)
Cors headers (#2021)
2017-06-17 04:04:55 +00:00
Set allowed headers via API instead of defaulting to wildcard. (#3023)
2017-08-07 14:03:30 +00:00
return nil, b.Core.corsConfig.Enable(origins, headers)
Cors headers (#2021)
2017-06-17 04:04:55 +00:00
}
Set allowed headers via API instead of defaulting to wildcard. (#3023)
2017-08-07 14:03:30 +00:00
// handleCORSDelete sets the CORS enabled flag to false and clears the list of
// allowed origins & headers.
Cors headers (#2021)
2017-06-17 04:04:55 +00:00
func (b *SystemBackend) handleCORSDelete(req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
Fix up CORS. Ref #2021
2017-06-17 05:26:25 +00:00
return nil, b.Core.corsConfig.Disable()
Cors headers (#2021)
2017-06-17 04:04:55 +00:00
}
Added sys/tidy-leases endpoint
2017-03-07 20:22:21 +00:00
func (b *SystemBackend) handleTidyLeases(req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
err := b.Core.expiration.Tidy()
if err != nil {
b.Backend.Logger().Error("sys: failed to tidy leases", "error", err)
return handleError(err)
}
return nil, err
}
More porting from rep (#2388) * More porting from rep * Address review feedback
2017-02-16 21:29:30 +00:00
func (b *SystemBackend) invalidate(key string) {
if b.Core.logger.IsTrace() {
Don't load a required mount if in secondary mode, let sync invalidate do that
2017-05-05 23:40:26 +00:00
b.Core.logger.Trace("sys: invalidating key", "key", key)
More porting from rep (#2388) * More porting from rep * Address review feedback
2017-02-16 21:29:30 +00:00
}
switch {
case strings.HasPrefix(key, policySubPath):
b.Core.stateLock.RLock()
defer b.Core.stateLock.RUnlock()
if b.Core.policyStore != nil {
b.Core.policyStore.invalidate(strings.TrimPrefix(key, policySubPath))
}
}
}
Add remaining crud functions to plugin catalog and tests
2017-04-12 16:40:54 +00:00
func (b *SystemBackend) handlePluginCatalogList(req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
plugins, err := b.Core.pluginCatalog.List()
if err != nil {
return nil, err
}
Update the builtin keys; move catalog to core; protect against unset plugin directory
2017-04-24 17:30:33 +00:00
return logical.ListResponse(plugins), nil
Add remaining crud functions to plugin catalog and tests
2017-04-12 16:40:54 +00:00
}
Plugin catalog
2017-04-04 00:52:29 +00:00
func (b *SystemBackend) handlePluginCatalogUpdate(req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
pluginName := d.Get("name").(string)
if pluginName == "" {
return logical.ErrorResponse("missing plugin name"), nil
}
* Add ability to specify a plugin dir in dev mode (#3184) * Change (with backwards compatibility) sha_256 to sha256 for plugin registration
2017-08-16 15:17:50 +00:00
sha256 := d.Get("sha256").(string)
Plugin catalog
2017-04-04 00:52:29 +00:00
if sha256 == "" {
* Add ability to specify a plugin dir in dev mode (#3184) * Change (with backwards compatibility) sha_256 to sha256 for plugin registration
2017-08-16 15:17:50 +00:00
sha256 = d.Get("sha_256").(string)
if sha256 == "" {
return logical.ErrorResponse("missing SHA-256 value"), nil
}
Plugin catalog
2017-04-04 00:52:29 +00:00
}
command := d.Get("command").(string)
if command == "" {
return logical.ErrorResponse("missing command value"), nil
}
sha256Bytes, err := hex.DecodeString(sha256)
if err != nil {
return logical.ErrorResponse("Could not decode SHA-256 value from Hex"), err
}
err = b.Core.pluginCatalog.Set(pluginName, command, sha256Bytes)
if err != nil {
return nil, err
}
return nil, nil
}
func (b *SystemBackend) handlePluginCatalogRead(req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
pluginName := d.Get("name").(string)
if pluginName == "" {
return logical.ErrorResponse("missing plugin name"), nil
}
plugin, err := b.Core.pluginCatalog.Get(pluginName)
if err != nil {
return nil, err
}
return a 404 when no plugin is found
2017-04-25 01:31:27 +00:00
if plugin == nil {
return nil, nil
}
Plugin catalog
2017-04-04 00:52:29 +00:00
Backend plugin system (#2874) * Add backend plugin changes * Fix totp backend plugin tests * Fix logical/plugin InvalidateKey test * Fix plugin catalog CRUD test, fix NoopBackend * Clean up commented code block * Fix system backend mount test * Set plugin_name to omitempty, fix handleMountTable config parsing * Clean up comments, keep shim connections alive until cleanup * Include pluginClient, disallow LookupPlugin call from within a plugin * Add wrapper around backendPluginClient for proper cleanup * Add logger shim tests * Add logger, storage, and system shim tests * Use pointer receivers for system view shim * Use plugin name if no path is provided on mount * Enable plugins for auth backends * Add backend type attribute, move builtin/plugin/package * Fix merge conflict * Fix missing plugin name in mount config * Add integration tests on enabling auth backend plugins * Remove dependency cycle on mock-plugin * Add passthrough backend plugin, use logical.BackendType to determine lease generation * Remove vault package dependency on passthrough package * Add basic impl test for passthrough plugin * Incorporate feedback; set b.backend after shims creation on backendPluginServer * Fix totp plugin test * Add plugin backends docs * Fix tests * Fix builtin/plugin tests * Remove flatten from PluginRunner fields * Move mock plugin to logical/plugin, remove totp and passthrough plugins * Move pluginMap into newPluginClient * Do not create storage RPC connection on HandleRequest and HandleExistenceCheck * Change shim logger's Fatal to no-op * Change BackendType to uint32, match UX backend types * Change framework.Backend Setup signature * Add Setup func to logical.Backend interface * Move OptionallyEnableMlock call into plugin.Serve, update docs and comments * Remove commented var in plugin package * RegisterLicense on logical.Backend interface (#3017) * Add RegisterLicense to logical.Backend interface * Update RegisterLicense to use callback func on framework.Backend * Refactor framework.Backend.RegisterLicense * plugin: Prevent plugin.SystemViewClient.ResponseWrapData from getting JWTs * plugin: Revert BackendType to remove TypePassthrough and related references * Fix typo in plugin backends docs
2017-07-20 17:28:40 +00:00
// Create a map of data to be returned and remove sensitive information from it
data := structs.New(plugin).Map()
Plugin catalog
2017-04-04 00:52:29 +00:00
return &logical.Response{
Backend plugin system (#2874) * Add backend plugin changes * Fix totp backend plugin tests * Fix logical/plugin InvalidateKey test * Fix plugin catalog CRUD test, fix NoopBackend * Clean up commented code block * Fix system backend mount test * Set plugin_name to omitempty, fix handleMountTable config parsing * Clean up comments, keep shim connections alive until cleanup * Include pluginClient, disallow LookupPlugin call from within a plugin * Add wrapper around backendPluginClient for proper cleanup * Add logger shim tests * Add logger, storage, and system shim tests * Use pointer receivers for system view shim * Use plugin name if no path is provided on mount * Enable plugins for auth backends * Add backend type attribute, move builtin/plugin/package * Fix merge conflict * Fix missing plugin name in mount config * Add integration tests on enabling auth backend plugins * Remove dependency cycle on mock-plugin * Add passthrough backend plugin, use logical.BackendType to determine lease generation * Remove vault package dependency on passthrough package * Add basic impl test for passthrough plugin * Incorporate feedback; set b.backend after shims creation on backendPluginServer * Fix totp plugin test * Add plugin backends docs * Fix tests * Fix builtin/plugin tests * Remove flatten from PluginRunner fields * Move mock plugin to logical/plugin, remove totp and passthrough plugins * Move pluginMap into newPluginClient * Do not create storage RPC connection on HandleRequest and HandleExistenceCheck * Change shim logger's Fatal to no-op * Change BackendType to uint32, match UX backend types * Change framework.Backend Setup signature * Add Setup func to logical.Backend interface * Move OptionallyEnableMlock call into plugin.Serve, update docs and comments * Remove commented var in plugin package * RegisterLicense on logical.Backend interface (#3017) * Add RegisterLicense to logical.Backend interface * Update RegisterLicense to use callback func on framework.Backend * Refactor framework.Backend.RegisterLicense * plugin: Prevent plugin.SystemViewClient.ResponseWrapData from getting JWTs * plugin: Revert BackendType to remove TypePassthrough and related references * Fix typo in plugin backends docs
2017-07-20 17:28:40 +00:00
Data: data,
Plugin catalog
2017-04-04 00:52:29 +00:00
}, nil
}
func (b *SystemBackend) handlePluginCatalogDelete(req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
pluginName := d.Get("name").(string)
if pluginName == "" {
return logical.ErrorResponse("missing plugin name"), nil
}
Add remaining crud functions to plugin catalog and tests
2017-04-12 16:40:54 +00:00
err := b.Core.pluginCatalog.Delete(pluginName)
Plugin catalog
2017-04-04 00:52:29 +00:00
if err != nil {
return nil, err
}
Add remaining crud functions to plugin catalog and tests
2017-04-12 16:40:54 +00:00
return nil, nil
Plugin catalog
2017-04-04 00:52:29 +00:00
}
Add plugin backend reload capability (#3112) * Add plugin reload capability on all mounts for a specific plugin type * Comments cleanup * Add per-mount plugin backend reload, add tests * Fix typos * Remove old comment * Reuse existing storage view in reloadPluginCommon * Correctly handle reloading auth plugin backends * Update path to plugin/backend/reload * Use multierrors on reloadMatchingPluginMounts, attempt to reload all mounts provided * Use internal value as check to ensure plugin backend reload * Remove connection state from request for plugins at the moment * Minor cleanup * Refactor tests
2017-08-08 04:18:59 +00:00
func (b *SystemBackend) handlePluginReloadUpdate(req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
pluginName := d.Get("plugin").(string)
pluginMounts := d.Get("mounts").([]string)
if pluginName != "" && len(pluginMounts) > 0 {
return logical.ErrorResponse("plugin and mounts cannot be set at the same time"), nil
}
if pluginName == "" && len(pluginMounts) == 0 {
return logical.ErrorResponse("plugin or mounts must be provided"), nil
}
if pluginName != "" {
err := b.Core.reloadMatchingPlugin(pluginName)
if err != nil {
return nil, err
}
} else if len(pluginMounts) > 0 {
err := b.Core.reloadMatchingPluginMounts(pluginMounts)
if err != nil {
return nil, err
}
}
return nil, nil
}
Configure the request headers that are output to the audit log (#2321) * Add /sys/config/audited-headers endpoint for configuring the headers that will be audited * Remove some debug lines * Add a persistant layer and refactor a bit * update the api endpoints to be more restful * Add comments and clean up a few functions * Remove unneeded hash structure functionaility * Fix existing tests * Add tests * Add test for Applying the header config * Add Benchmark for the ApplyConfig method * ResetTimer on the benchmark: * Update the headers comment * Add test for audit broker * Use hyphens instead of camel case * Add size paramater to the allocation of the result map * Fix the tests for the audit broker * PR feedback * update the path and permissions on config/* paths * Add docs file * Fix TestSystemBackend_RootPaths test
2017-02-02 19:49:20 +00:00
// handleAuditedHeaderUpdate creates or overwrites a header entry
func (b *SystemBackend) handleAuditedHeaderUpdate(req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
header := d.Get("header").(string)
hmac := d.Get("hmac").(bool)
if header == "" {
return logical.ErrorResponse("missing header name"), nil
}
headerConfig := b.Core.AuditedHeadersConfig()
err := headerConfig.add(header, hmac)
if err != nil {
return nil, err
}
return nil, nil
}
// handleAudtedHeaderDelete deletes the header with the given name
func (b *SystemBackend) handleAuditedHeaderDelete(req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
header := d.Get("header").(string)
if header == "" {
return logical.ErrorResponse("missing header name"), nil
}
headerConfig := b.Core.AuditedHeadersConfig()
err := headerConfig.remove(header)
if err != nil {
return nil, err
}
return nil, nil
}
// handleAuditedHeaderRead returns the header configuration for the given header name
func (b *SystemBackend) handleAuditedHeaderRead(req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
header := d.Get("header").(string)
if header == "" {
return logical.ErrorResponse("missing header name"), nil
}
headerConfig := b.Core.AuditedHeadersConfig()
settings, ok := headerConfig.Headers[header]
if !ok {
return logical.ErrorResponse("Could not find header in config"), nil
}
return &logical.Response{
Data: map[string]interface{}{
header: settings,
},
}, nil
}
// handleAuditedHeadersRead returns the whole audited headers config
func (b *SystemBackend) handleAuditedHeadersRead(req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
headerConfig := b.Core.AuditedHeadersConfig()
return &logical.Response{
Data: map[string]interface{}{
"headers": headerConfig.Headers,
},
}, nil
}
Cors headers (#2021)
2017-06-17 04:04:55 +00:00
// handleCapabilities returns the ACL capabilities of the token for a given path
Move sys/capabilities to logical_system along with business logic from core
2016-03-17 17:33:49 +00:00
func (b *SystemBackend) handleCapabilities(req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
Wrapping enhancements (#1927)
2016-09-29 04:01:28 +00:00
token := d.Get("token").(string)
if token == "" {
token = req.ClientToken
}
capabilities, err := b.Core.Capabilities(token, d.Get("path").(string))
Move sys/capabilities to logical_system along with business logic from core
2016-03-17 17:33:49 +00:00
if err != nil {
return nil, err
}
return &logical.Response{
Data: map[string]interface{}{
Refactoring the capabilities function
2016-03-17 18:07:55 +00:00
"capabilities": capabilities,
Move sys/capabilities to logical_system along with business logic from core
2016-03-17 17:33:49 +00:00
},
}, nil
}
Cors headers (#2021)
2017-06-17 04:04:55 +00:00
// handleCapabilitiesAccessor returns the ACL capabilities of the
// token associted with the given accessor for a given path.
Move sys/capabilities to logical_system along with business logic from core
2016-03-17 17:33:49 +00:00
func (b *SystemBackend) handleCapabilitiesAccessor(req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
Refactoring the capabilities function
2016-03-17 18:07:55 +00:00
accessor := d.Get("accessor").(string)
if accessor == "" {
Fix broken testcases
2016-03-17 19:39:58 +00:00
return logical.ErrorResponse("missing accessor"), nil
Refactoring the capabilities function
2016-03-17 18:07:55 +00:00
}
Add taint flag for looking up by accessor
2017-05-03 17:08:47 +00:00
aEntry, err := b.Core.tokenStore.lookupByAccessor(accessor, false)
Refactoring the capabilities function
2016-03-17 18:07:55 +00:00
if err != nil {
return nil, err
}
Add accessor list function to token store
2016-07-29 22:20:38 +00:00
capabilities, err := b.Core.Capabilities(aEntry.TokenID, d.Get("path").(string))
Move capabilities accessor logic to logical_system
2016-03-17 16:55:38 +00:00
if err != nil {
return nil, err
}
Refactoring the capabilities function
2016-03-17 18:07:55 +00:00
Move capabilities accessor logic to logical_system
2016-03-17 16:55:38 +00:00
return &logical.Response{
Data: map[string]interface{}{
"capabilities": capabilities,
},
}, nil
}
Add rekey nonce/backup.
2015-12-16 21:56:15 +00:00
// handleRekeyRetrieve returns backed-up, PGP-encrypted unseal keys from a
// rekey operation
func (b *SystemBackend) handleRekeyRetrieve(
SealInterface
2016-04-04 14:44:22 +00:00
req *logical.Request,
data *framework.FieldData,
recovery bool) (*logical.Response, error) {
backup, err := b.Core.RekeyRetrieveBackup(recovery)
Add rekey nonce/backup.
2015-12-16 21:56:15 +00:00
if err != nil {
return nil, fmt.Errorf("unable to look up backed-up keys: %v", err)
}
if backup == nil {
return logical.ErrorResponse("no backed-up keys found"), nil
}
Provide base64 keys in addition to hex encoded. (#1734) * Provide base64 keys in addition to hex encoded. Accept these at unseal/rekey time. Also fix a bug where backup would not be honored when doing a rekey with no operation currently ongoing.
2016-08-15 20:01:15 +00:00
keysB64 := map[string][]string{}
for k, v := range backup.Keys {
for _, j := range v {
currB64Keys := keysB64[k]
if currB64Keys == nil {
currB64Keys = []string{}
}
key, err := hex.DecodeString(j)
if err != nil {
return nil, fmt.Errorf("error decoding hex-encoded backup key: %v", err)
}
currB64Keys = append(currB64Keys, base64.StdEncoding.EncodeToString(key))
keysB64[k] = currB64Keys
}
}
Add rekey nonce/backup.
2015-12-16 21:56:15 +00:00
// Format the status
resp := &logical.Response{
Data: map[string]interface{}{
Provide base64 keys in addition to hex encoded. (#1734) * Provide base64 keys in addition to hex encoded. Accept these at unseal/rekey time. Also fix a bug where backup would not be honored when doing a rekey with no operation currently ongoing.
2016-08-15 20:01:15 +00:00
"nonce": backup.Nonce,
"keys": backup.Keys,
"keys_base64": keysB64,
Add rekey nonce/backup.
2015-12-16 21:56:15 +00:00
},
}
return resp, nil
}
SealInterface
2016-04-04 14:44:22 +00:00
func (b *SystemBackend) handleRekeyRetrieveBarrier(
req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
return b.handleRekeyRetrieve(req, data, false)
}
func (b *SystemBackend) handleRekeyRetrieveRecovery(
req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
return b.handleRekeyRetrieve(req, data, true)
}
Add rekey nonce/backup.
2015-12-16 21:56:15 +00:00
// handleRekeyDelete deletes backed-up, PGP-encrypted unseal keys from a rekey
// operation
func (b *SystemBackend) handleRekeyDelete(
SealInterface
2016-04-04 14:44:22 +00:00
req *logical.Request,
data *framework.FieldData,
recovery bool) (*logical.Response, error) {
err := b.Core.RekeyDeleteBackup(recovery)
Add rekey nonce/backup.
2015-12-16 21:56:15 +00:00
if err != nil {
return nil, fmt.Errorf("error during deletion of backed-up keys: %v", err)
}
return nil, nil
}
Wrapping enhancements (#1927)
2016-09-29 04:01:28 +00:00
SealInterface
2016-04-04 14:44:22 +00:00
func (b *SystemBackend) handleRekeyDeleteBarrier(
req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
return b.handleRekeyDelete(req, data, false)
}
func (b *SystemBackend) handleRekeyDeleteRecovery(
req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
return b.handleRekeyDelete(req, data, true)
}
Add rekey nonce/backup.
2015-12-16 21:56:15 +00:00
vault: convert system to logical.Backend
2015-03-15 21:42:05 +00:00
// handleMountTable handles the "mounts" endpoint to provide the mount table
vault: system using the framework
2015-03-16 00:35:59 +00:00
func (b *SystemBackend) handleMountTable(
vault: clean up VaultID duplications, make secret responses clearer /cc @armon - This is a reasonably major refactor that I think cleans up a lot of the logic with secrets in responses. The reason for the refactor is that while implementing Renew/Revoke in logical/framework I found the existing API to be really awkward to work with. Primarily, we needed a way to send down internal data for Vault core to store since not all the data you need to revoke a key is always sent down to the user (for example the user than AWS key belongs to). At first, I was doing this manually in logical/framework with req.Storage, but this is going to be such a common event that I think its something core should assist with. Additionally, I think the added context for secrets will be useful in the future when we have a Vault API for returning orphaned out keys: we can also return the internal data that might help an operator. So this leads me to this refactor. I've removed most of the fields in `logical.Response` and replaced it with a single `*Secret` pointer. If this is non-nil, then the response represents a secret. The Secret struct encapsulates all the lease info and such. It also has some fields on it that are only populated at _request_ time for Revoke/Renew operations. There is precedent for this sort of behavior in the Go stdlib where http.Request/http.Response have fields that differ based on client/server. I copied this style. All core unit tests pass. The APIs fail for obvious reasons but I'll fix that up in the next commit.
2015-03-19 22:11:42 +00:00
req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
Rearchitect MountTable locking and fix rollback. The rollback manager was using a saved MountTable rather than the current table, causing it to attempt to rollback unmounted mounts, and never rollback new mounts. In fixing this, it became clear that bad things could happen to the mount table...the table itself could be locked, but the table pointer (which is what the rollback manager needs) could be modified at any time without locking. This commit therefore also returns locking to a mutex outside the table instead of inside, and plumbs RLock/RUnlock through to the various places that are reading the table but not holding a write lock. Both unit tests and race detection pass. Fixes #771
2015-11-11 16:44:07 +00:00
b.Core.mountsLock.RLock()
defer b.Core.mountsLock.RUnlock()
vault: convert system to logical.Backend
2015-03-15 21:42:05 +00:00
resp := &logical.Response{
vault: clean up VaultID duplications, make secret responses clearer /cc @armon - This is a reasonably major refactor that I think cleans up a lot of the logic with secrets in responses. The reason for the refactor is that while implementing Renew/Revoke in logical/framework I found the existing API to be really awkward to work with. Primarily, we needed a way to send down internal data for Vault core to store since not all the data you need to revoke a key is always sent down to the user (for example the user than AWS key belongs to). At first, I was doing this manually in logical/framework with req.Storage, but this is going to be such a common event that I think its something core should assist with. Additionally, I think the added context for secrets will be useful in the future when we have a Vault API for returning orphaned out keys: we can also return the internal data that might help an operator. So this leads me to this refactor. I've removed most of the fields in `logical.Response` and replaced it with a single `*Secret` pointer. If this is non-nil, then the response represents a secret. The Secret struct encapsulates all the lease info and such. It also has some fields on it that are only populated at _request_ time for Revoke/Renew operations. There is precedent for this sort of behavior in the Go stdlib where http.Request/http.Response have fields that differ based on client/server. I copied this style. All core unit tests pass. The APIs fail for obvious reasons but I'll fix that up in the next commit.
2015-03-19 22:11:42 +00:00
Data: make(map[string]interface{}),
vault: convert system to logical.Backend
2015-03-15 21:42:05 +00:00
}
Rearchitect MountTable locking and fix rollback. The rollback manager was using a saved MountTable rather than the current table, causing it to attempt to rollback unmounted mounts, and never rollback new mounts. In fixing this, it became clear that bad things could happen to the mount table...the table itself could be locked, but the table pointer (which is what the rollback manager needs) could be modified at any time without locking. This commit therefore also returns locking to a mutex outside the table instead of inside, and plumbs RLock/RUnlock through to the various places that are reading the table but not holding a write lock. Both unit tests and race detection pass. Fixes #771
2015-11-11 16:44:07 +00:00
vault: convert system to logical.Backend
2015-03-15 21:42:05 +00:00
for _, entry := range b.Core.mounts.Entries {
Backend plugin system (#2874) * Add backend plugin changes * Fix totp backend plugin tests * Fix logical/plugin InvalidateKey test * Fix plugin catalog CRUD test, fix NoopBackend * Clean up commented code block * Fix system backend mount test * Set plugin_name to omitempty, fix handleMountTable config parsing * Clean up comments, keep shim connections alive until cleanup * Include pluginClient, disallow LookupPlugin call from within a plugin * Add wrapper around backendPluginClient for proper cleanup * Add logger shim tests * Add logger, storage, and system shim tests * Use pointer receivers for system view shim * Use plugin name if no path is provided on mount * Enable plugins for auth backends * Add backend type attribute, move builtin/plugin/package * Fix merge conflict * Fix missing plugin name in mount config * Add integration tests on enabling auth backend plugins * Remove dependency cycle on mock-plugin * Add passthrough backend plugin, use logical.BackendType to determine lease generation * Remove vault package dependency on passthrough package * Add basic impl test for passthrough plugin * Incorporate feedback; set b.backend after shims creation on backendPluginServer * Fix totp plugin test * Add plugin backends docs * Fix tests * Fix builtin/plugin tests * Remove flatten from PluginRunner fields * Move mock plugin to logical/plugin, remove totp and passthrough plugins * Move pluginMap into newPluginClient * Do not create storage RPC connection on HandleRequest and HandleExistenceCheck * Change shim logger's Fatal to no-op * Change BackendType to uint32, match UX backend types * Change framework.Backend Setup signature * Add Setup func to logical.Backend interface * Move OptionallyEnableMlock call into plugin.Serve, update docs and comments * Remove commented var in plugin package * RegisterLicense on logical.Backend interface (#3017) * Add RegisterLicense to logical.Backend interface * Update RegisterLicense to use callback func on framework.Backend * Refactor framework.Backend.RegisterLicense * plugin: Prevent plugin.SystemViewClient.ResponseWrapData from getting JWTs * plugin: Revert BackendType to remove TypePassthrough and related references * Fix typo in plugin backends docs
2017-07-20 17:28:40 +00:00
// Populate mount info
structConfig := structs.New(entry.Config).Map()
structConfig["default_lease_ttl"] = int64(structConfig["default_lease_ttl"].(time.Duration).Seconds())
structConfig["max_lease_ttl"] = int64(structConfig["max_lease_ttl"].(time.Duration).Seconds())
Plumb per-mount config options through API
2015-08-31 18:27:49 +00:00
info := map[string]interface{}{
vault: convert system to logical.Backend
2015-03-15 21:42:05 +00:00
"type": entry.Type,
"description": entry.Description,
Create and persist human-friendly-ish mount accessors (#2918)
2017-06-26 17:14:36 +00:00
"accessor": entry.Accessor,
Backend plugin system (#2874) * Add backend plugin changes * Fix totp backend plugin tests * Fix logical/plugin InvalidateKey test * Fix plugin catalog CRUD test, fix NoopBackend * Clean up commented code block * Fix system backend mount test * Set plugin_name to omitempty, fix handleMountTable config parsing * Clean up comments, keep shim connections alive until cleanup * Include pluginClient, disallow LookupPlugin call from within a plugin * Add wrapper around backendPluginClient for proper cleanup * Add logger shim tests * Add logger, storage, and system shim tests * Use pointer receivers for system view shim * Use plugin name if no path is provided on mount * Enable plugins for auth backends * Add backend type attribute, move builtin/plugin/package * Fix merge conflict * Fix missing plugin name in mount config * Add integration tests on enabling auth backend plugins * Remove dependency cycle on mock-plugin * Add passthrough backend plugin, use logical.BackendType to determine lease generation * Remove vault package dependency on passthrough package * Add basic impl test for passthrough plugin * Incorporate feedback; set b.backend after shims creation on backendPluginServer * Fix totp plugin test * Add plugin backends docs * Fix tests * Fix builtin/plugin tests * Remove flatten from PluginRunner fields * Move mock plugin to logical/plugin, remove totp and passthrough plugins * Move pluginMap into newPluginClient * Do not create storage RPC connection on HandleRequest and HandleExistenceCheck * Change shim logger's Fatal to no-op * Change BackendType to uint32, match UX backend types * Change framework.Backend Setup signature * Add Setup func to logical.Backend interface * Move OptionallyEnableMlock call into plugin.Serve, update docs and comments * Remove commented var in plugin package * RegisterLicense on logical.Backend interface (#3017) * Add RegisterLicense to logical.Backend interface * Update RegisterLicense to use callback func on framework.Backend * Refactor framework.Backend.RegisterLicense * plugin: Prevent plugin.SystemViewClient.ResponseWrapData from getting JWTs * plugin: Revert BackendType to remove TypePassthrough and related references * Fix typo in plugin backends docs
2017-07-20 17:28:40 +00:00
"config": structConfig,
"local": entry.Local,
vault: convert system to logical.Backend
2015-03-15 21:42:05 +00:00
}
resp.Data[entry.Path] = info
}
return resp, nil
}
// handleMount is used to mount a new path
vault: system using the framework
2015-03-16 00:35:59 +00:00
func (b *SystemBackend) handleMount(
vault: clean up VaultID duplications, make secret responses clearer /cc @armon - This is a reasonably major refactor that I think cleans up a lot of the logic with secrets in responses. The reason for the refactor is that while implementing Renew/Revoke in logical/framework I found the existing API to be really awkward to work with. Primarily, we needed a way to send down internal data for Vault core to store since not all the data you need to revoke a key is always sent down to the user (for example the user than AWS key belongs to). At first, I was doing this manually in logical/framework with req.Storage, but this is going to be such a common event that I think its something core should assist with. Additionally, I think the added context for secrets will be useful in the future when we have a Vault API for returning orphaned out keys: we can also return the internal data that might help an operator. So this leads me to this refactor. I've removed most of the fields in `logical.Response` and replaced it with a single `*Secret` pointer. If this is non-nil, then the response represents a secret. The Secret struct encapsulates all the lease info and such. It also has some fields on it that are only populated at _request_ time for Revoke/Renew operations. There is precedent for this sort of behavior in the Go stdlib where http.Request/http.Response have fields that differ based on client/server. I copied this style. All core unit tests pass. The APIs fail for obvious reasons but I'll fix that up in the next commit.
2015-03-19 22:11:42 +00:00
req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
More porting from rep (#2388) * More porting from rep * Address review feedback
2017-02-16 21:29:30 +00:00
repState := b.Core.replicationState
local := data.Get("local").(bool)
Update locking components from DR replication changes (#3283) * Update locking components from DR replication changes * Fix plugin backend test * Add a comment about needing the statelock:
2017-09-04 23:38:37 +00:00
if !local && repState.HasState(consts.ReplicationPerformanceSecondary) {
More porting from rep (#2388) * More porting from rep * Address review feedback
2017-02-16 21:29:30 +00:00
return logical.ErrorResponse("cannot add a non-local mount to a replication secondary"), nil
}
vault: system using the framework
2015-03-16 00:35:59 +00:00
// Get all the options
path := data.Get("path").(string)
logicalType := data.Get("type").(string)
description := data.Get("description").(string)
Normalize plugin_name option for mount and enable-auth (#3202)
2017-08-31 16:16:59 +00:00
pluginName := data.Get("plugin_name").(string)
Add DynamicSystemView. This uses a pointer to a pointer to always have up-to-date information. This allows remount to be implemented with the same source and dest, allowing mount options to be changed on the fly. If/when Vault gains the ability to HUP its configuration, this should just work for the global values as well. Need specific unit tests for this functionality.
2015-09-01 22:29:30 +00:00
Create a unified function to sanitize mount paths. This allows mount paths to start with '/' in addition to ensuring they end in '/' before leaving the system backend.
2016-03-03 18:13:47 +00:00
path = sanitizeMountPath(path)
Add DynamicSystemView. This uses a pointer to a pointer to always have up-to-date information. This allows remount to be implemented with the same source and dest, allowing mount options to be changed on the fly. If/when Vault gains the ability to HUP its configuration, this should just work for the global values as well. Need specific unit tests for this functionality.
2015-09-01 22:29:30 +00:00
var config MountConfig
Backend plugin system (#2874) * Add backend plugin changes * Fix totp backend plugin tests * Fix logical/plugin InvalidateKey test * Fix plugin catalog CRUD test, fix NoopBackend * Clean up commented code block * Fix system backend mount test * Set plugin_name to omitempty, fix handleMountTable config parsing * Clean up comments, keep shim connections alive until cleanup * Include pluginClient, disallow LookupPlugin call from within a plugin * Add wrapper around backendPluginClient for proper cleanup * Add logger shim tests * Add logger, storage, and system shim tests * Use pointer receivers for system view shim * Use plugin name if no path is provided on mount * Enable plugins for auth backends * Add backend type attribute, move builtin/plugin/package * Fix merge conflict * Fix missing plugin name in mount config * Add integration tests on enabling auth backend plugins * Remove dependency cycle on mock-plugin * Add passthrough backend plugin, use logical.BackendType to determine lease generation * Remove vault package dependency on passthrough package * Add basic impl test for passthrough plugin * Incorporate feedback; set b.backend after shims creation on backendPluginServer * Fix totp plugin test * Add plugin backends docs * Fix tests * Fix builtin/plugin tests * Remove flatten from PluginRunner fields * Move mock plugin to logical/plugin, remove totp and passthrough plugins * Move pluginMap into newPluginClient * Do not create storage RPC connection on HandleRequest and HandleExistenceCheck * Change shim logger's Fatal to no-op * Change BackendType to uint32, match UX backend types * Change framework.Backend Setup signature * Add Setup func to logical.Backend interface * Move OptionallyEnableMlock call into plugin.Serve, update docs and comments * Remove commented var in plugin package * RegisterLicense on logical.Backend interface (#3017) * Add RegisterLicense to logical.Backend interface * Update RegisterLicense to use callback func on framework.Backend * Refactor framework.Backend.RegisterLicense * plugin: Prevent plugin.SystemViewClient.ResponseWrapData from getting JWTs * plugin: Revert BackendType to remove TypePassthrough and related references * Fix typo in plugin backends docs
2017-07-20 17:28:40 +00:00
var apiConfig APIMountConfig
Switch per-mount values to strings going in and seconds coming out, like other commands. Indicate deprecation of 'lease' in the token backend.
2015-09-25 13:46:20 +00:00
Add DynamicSystemView. This uses a pointer to a pointer to always have up-to-date information. This allows remount to be implemented with the same source and dest, allowing mount options to be changed on the fly. If/when Vault gains the ability to HUP its configuration, this should just work for the global values as well. Need specific unit tests for this functionality.
2015-09-01 22:29:30 +00:00
configMap := data.Get("config").(map[string]interface{})
if configMap != nil && len(configMap) != 0 {
Switch per-mount values to strings going in and seconds coming out, like other commands. Indicate deprecation of 'lease' in the token backend.
2015-09-25 13:46:20 +00:00
err := mapstructure.Decode(configMap, &apiConfig)
Add DynamicSystemView. This uses a pointer to a pointer to always have up-to-date information. This allows remount to be implemented with the same source and dest, allowing mount options to be changed on the fly. If/when Vault gains the ability to HUP its configuration, this should just work for the global values as well. Need specific unit tests for this functionality.
2015-09-01 22:29:30 +00:00
if err != nil {
Plumb per-mount config options through API
2015-08-31 18:27:49 +00:00
return logical.ErrorResponse(
Add DynamicSystemView. This uses a pointer to a pointer to always have up-to-date information. This allows remount to be implemented with the same source and dest, allowing mount options to be changed on the fly. If/when Vault gains the ability to HUP its configuration, this should just work for the global values as well. Need specific unit tests for this functionality.
2015-09-01 22:29:30 +00:00
"unable to convert given mount config information"),
Plumb per-mount config options through API
2015-08-31 18:27:49 +00:00
logical.ErrInvalidRequest
}
}
vault: convert system to logical.Backend
2015-03-15 21:42:05 +00:00
Switch per-mount values to strings going in and seconds coming out, like other commands. Indicate deprecation of 'lease' in the token backend.
2015-09-25 13:46:20 +00:00
switch apiConfig.DefaultLeaseTTL {
case "":
case "system":
default:
Rename helper 'duration' to 'parseutil'. (#2449) Add a ParseBool function that accepts various kinds of ways of specifying booleans. Have config use ParseBool for UI and disabling mlock/cache.
2017-03-07 16:21:22 +00:00
tmpDef, err := parseutil.ParseDurationSecond(apiConfig.DefaultLeaseTTL)
Switch per-mount values to strings going in and seconds coming out, like other commands. Indicate deprecation of 'lease' in the token backend.
2015-09-25 13:46:20 +00:00
if err != nil {
return logical.ErrorResponse(fmt.Sprintf(
"unable to parse default TTL of %s: %s", apiConfig.DefaultLeaseTTL, err)),
logical.ErrInvalidRequest
}
Return a duration instead and port a few other places to use it
2016-07-11 18:19:35 +00:00
config.DefaultLeaseTTL = tmpDef
Switch per-mount values to strings going in and seconds coming out, like other commands. Indicate deprecation of 'lease' in the token backend.
2015-09-25 13:46:20 +00:00
}
switch apiConfig.MaxLeaseTTL {
case "":
case "system":
default:
Rename helper 'duration' to 'parseutil'. (#2449) Add a ParseBool function that accepts various kinds of ways of specifying booleans. Have config use ParseBool for UI and disabling mlock/cache.
2017-03-07 16:21:22 +00:00
tmpMax, err := parseutil.ParseDurationSecond(apiConfig.MaxLeaseTTL)
Switch per-mount values to strings going in and seconds coming out, like other commands. Indicate deprecation of 'lease' in the token backend.
2015-09-25 13:46:20 +00:00
if err != nil {
return logical.ErrorResponse(fmt.Sprintf(
"unable to parse max TTL of %s: %s", apiConfig.MaxLeaseTTL, err)),
logical.ErrInvalidRequest
}
Return a duration instead and port a few other places to use it
2016-07-11 18:19:35 +00:00
config.MaxLeaseTTL = tmpMax
Switch per-mount values to strings going in and seconds coming out, like other commands. Indicate deprecation of 'lease' in the token backend.
2015-09-25 13:46:20 +00:00
}
if config.MaxLeaseTTL != 0 && config.DefaultLeaseTTL > config.MaxLeaseTTL {
return logical.ErrorResponse(
"given default lease TTL greater than given max lease TTL"),
logical.ErrInvalidRequest
}
if config.DefaultLeaseTTL > b.Core.maxLeaseTTL {
return logical.ErrorResponse(fmt.Sprintf(
"given default lease TTL greater than system max lease TTL of %d", int(b.Core.maxLeaseTTL.Seconds()))),
logical.ErrInvalidRequest
}
Normalize plugin_name option for mount and enable-auth (#3202)
2017-08-31 16:16:59 +00:00
// Only set plugin-name if mount is of type plugin, with apiConfig.PluginName
// option taking precedence.
if logicalType == "plugin" {
switch {
case apiConfig.PluginName != "":
config.PluginName = apiConfig.PluginName
case pluginName != "":
config.PluginName = pluginName
default:
return logical.ErrorResponse(
"plugin_name must be provided for plugin backend"),
logical.ErrInvalidRequest
}
Backend plugin system (#2874) * Add backend plugin changes * Fix totp backend plugin tests * Fix logical/plugin InvalidateKey test * Fix plugin catalog CRUD test, fix NoopBackend * Clean up commented code block * Fix system backend mount test * Set plugin_name to omitempty, fix handleMountTable config parsing * Clean up comments, keep shim connections alive until cleanup * Include pluginClient, disallow LookupPlugin call from within a plugin * Add wrapper around backendPluginClient for proper cleanup * Add logger shim tests * Add logger, storage, and system shim tests * Use pointer receivers for system view shim * Use plugin name if no path is provided on mount * Enable plugins for auth backends * Add backend type attribute, move builtin/plugin/package * Fix merge conflict * Fix missing plugin name in mount config * Add integration tests on enabling auth backend plugins * Remove dependency cycle on mock-plugin * Add passthrough backend plugin, use logical.BackendType to determine lease generation * Remove vault package dependency on passthrough package * Add basic impl test for passthrough plugin * Incorporate feedback; set b.backend after shims creation on backendPluginServer * Fix totp plugin test * Add plugin backends docs * Fix tests * Fix builtin/plugin tests * Remove flatten from PluginRunner fields * Move mock plugin to logical/plugin, remove totp and passthrough plugins * Move pluginMap into newPluginClient * Do not create storage RPC connection on HandleRequest and HandleExistenceCheck * Change shim logger's Fatal to no-op * Change BackendType to uint32, match UX backend types * Change framework.Backend Setup signature * Add Setup func to logical.Backend interface * Move OptionallyEnableMlock call into plugin.Serve, update docs and comments * Remove commented var in plugin package * RegisterLicense on logical.Backend interface (#3017) * Add RegisterLicense to logical.Backend interface * Update RegisterLicense to use callback func on framework.Backend * Refactor framework.Backend.RegisterLicense * plugin: Prevent plugin.SystemViewClient.ResponseWrapData from getting JWTs * plugin: Revert BackendType to remove TypePassthrough and related references * Fix typo in plugin backends docs
2017-07-20 17:28:40 +00:00
}
Add option to disable caching per-backend. (#2455)
2017-03-08 14:20:09 +00:00
// Copy over the force no cache if set
if apiConfig.ForceNoCache {
config.ForceNoCache = true
}
vault: convert system to logical.Backend
2015-03-15 21:42:05 +00:00
if logicalType == "" {
vault: system using the framework
2015-03-16 00:35:59 +00:00
return logical.ErrorResponse(
"backend type must be specified as a string"),
logical.ErrInvalidRequest
vault: convert system to logical.Backend
2015-03-15 21:42:05 +00:00
}
// Create the mount entry
me := &MountEntry{
Add table/type checking to mounts table.
2016-05-26 16:55:00 +00:00
Table: mountTableType,
vault: system using the framework
2015-03-16 00:35:59 +00:00
Path: path,
vault: convert system to logical.Backend
2015-03-15 21:42:05 +00:00
Type: logicalType,
Description: description,
Add DynamicSystemView. This uses a pointer to a pointer to always have up-to-date information. This allows remount to be implemented with the same source and dest, allowing mount options to be changed on the fly. If/when Vault gains the ability to HUP its configuration, this should just work for the global values as well. Need specific unit tests for this functionality.
2015-09-01 22:29:30 +00:00
Config: config,
More porting from rep (#2388) * More porting from rep * Address review feedback
2017-02-16 21:29:30 +00:00
Local: local,
vault: convert system to logical.Backend
2015-03-15 21:42:05 +00:00
}
Add DynamicSystemView. This uses a pointer to a pointer to always have up-to-date information. This allows remount to be implemented with the same source and dest, allowing mount options to be changed on the fly. If/when Vault gains the ability to HUP its configuration, this should just work for the global values as well. Need specific unit tests for this functionality.
2015-09-01 22:29:30 +00:00
vault: convert system to logical.Backend
2015-03-15 21:42:05 +00:00
// Attempt mount
Don't write salts in initialization, look up on demand (#2702)
2017-05-09 21:51:09 +00:00
if err := b.Core.mount(me); err != nil {
Convert to logxi
2016-08-19 20:45:17 +00:00
b.Backend.Logger().Error("sys: mount failed", "path", me.Path, "error", err)
This adds a new error class which can be used by logical backends to specify more concrete error cases to make their way back up the stack. Over time there is probably a cleaner way of doing this, but that's looking like a more massive rewrite and this solves some issues in the meantime. Use a CodedError to return a more concrete HTTP return code for operations you want to do so. Returning a regular error leaves the existing behavior in place.
2015-08-10 17:27:25 +00:00
return handleError(err)
vault: convert system to logical.Backend
2015-03-15 21:42:05 +00:00
}
This adds a new error class which can be used by logical backends to specify more concrete error cases to make their way back up the stack. Over time there is probably a cleaner way of doing this, but that's looking like a more massive rewrite and this solves some issues in the meantime. Use a CodedError to return a more concrete HTTP return code for operations you want to do so. Returning a regular error leaves the existing behavior in place.
2015-08-10 17:27:25 +00:00
vault: convert system to logical.Backend
2015-03-15 21:42:05 +00:00
return nil, nil
}
This adds a new error class which can be used by logical backends to specify more concrete error cases to make their way back up the stack. Over time there is probably a cleaner way of doing this, but that's looking like a more massive rewrite and this solves some issues in the meantime. Use a CodedError to return a more concrete HTTP return code for operations you want to do so. Returning a regular error leaves the existing behavior in place.
2015-08-10 17:27:25 +00:00
// used to intercept an HTTPCodedError so it goes back to callee
func handleError(
err error) (*logical.Response, error) {
switch err.(type) {
case logical.HTTPCodedError:
return logical.ErrorResponse(err.Error()), err
default:
return logical.ErrorResponse(err.Error()), logical.ErrInvalidRequest
}
}
vault: convert system to logical.Backend
2015-03-15 21:42:05 +00:00
// handleUnmount is used to unmount a path
vault: system using the framework
2015-03-16 00:35:59 +00:00
func (b *SystemBackend) handleUnmount(
vault: clean up VaultID duplications, make secret responses clearer /cc @armon - This is a reasonably major refactor that I think cleans up a lot of the logic with secrets in responses. The reason for the refactor is that while implementing Renew/Revoke in logical/framework I found the existing API to be really awkward to work with. Primarily, we needed a way to send down internal data for Vault core to store since not all the data you need to revoke a key is always sent down to the user (for example the user than AWS key belongs to). At first, I was doing this manually in logical/framework with req.Storage, but this is going to be such a common event that I think its something core should assist with. Additionally, I think the added context for secrets will be useful in the future when we have a Vault API for returning orphaned out keys: we can also return the internal data that might help an operator. So this leads me to this refactor. I've removed most of the fields in `logical.Response` and replaced it with a single `*Secret` pointer. If this is non-nil, then the response represents a secret. The Secret struct encapsulates all the lease info and such. It also has some fields on it that are only populated at _request_ time for Revoke/Renew operations. There is precedent for this sort of behavior in the Go stdlib where http.Request/http.Response have fields that differ based on client/server. I copied this style. All core unit tests pass. The APIs fail for obvious reasons but I'll fix that up in the next commit.
2015-03-19 22:11:42 +00:00
req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
Cleaning up logical and auth unmount functions (#2994)
2017-07-13 17:57:14 +00:00
path := data.Get("path").(string)
path = sanitizeMountPath(path)
Create a unified function to sanitize mount paths. This allows mount paths to start with '/' in addition to ensuring they end in '/' before leaving the system backend.
2016-03-03 18:13:47 +00:00
Update locking components from DR replication changes (#3283) * Update locking components from DR replication changes * Fix plugin backend test * Add a comment about needing the statelock:
2017-09-04 23:38:37 +00:00
repState := b.Core.replicationState
Cleaning up logical and auth unmount functions (#2994)
2017-07-13 17:57:14 +00:00
entry := b.Core.router.MatchingMountEntry(path)
Update locking components from DR replication changes (#3283) * Update locking components from DR replication changes * Fix plugin backend test * Add a comment about needing the statelock:
2017-09-04 23:38:37 +00:00
if entry != nil && !entry.Local && repState.HasState(consts.ReplicationPerformanceSecondary) {
More porting from rep (#2388) * More porting from rep * Address review feedback
2017-02-16 21:29:30 +00:00
return logical.ErrorResponse("cannot unmount a non-local mount on a replication secondary"), nil
}
Cleaning up logical and auth unmount functions (#2994)
2017-07-13 17:57:14 +00:00
// We return success when the mount does not exists to not expose if the
// mount existed or not
match := b.Core.router.MatchingMount(path)
if match == "" || path != match {
return nil, nil
}
vault: convert system to logical.Backend
2015-03-15 21:42:05 +00:00
// Attempt unmount
Cleaning up logical and auth unmount functions (#2994)
2017-07-13 17:57:14 +00:00
if err := b.Core.unmount(path); err != nil {
b.Backend.Logger().Error("sys: unmount failed", "path", path, "error", err)
This adds a new error class which can be used by logical backends to specify more concrete error cases to make their way back up the stack. Over time there is probably a cleaner way of doing this, but that's looking like a more massive rewrite and this solves some issues in the meantime. Use a CodedError to return a more concrete HTTP return code for operations you want to do so. Returning a regular error leaves the existing behavior in place.
2015-08-10 17:27:25 +00:00
return handleError(err)
vault: convert system to logical.Backend
2015-03-15 21:42:05 +00:00
}
return nil, nil
}
// handleRemount is used to remount a path
vault: system using the framework
2015-03-16 00:35:59 +00:00
func (b *SystemBackend) handleRemount(
vault: clean up VaultID duplications, make secret responses clearer /cc @armon - This is a reasonably major refactor that I think cleans up a lot of the logic with secrets in responses. The reason for the refactor is that while implementing Renew/Revoke in logical/framework I found the existing API to be really awkward to work with. Primarily, we needed a way to send down internal data for Vault core to store since not all the data you need to revoke a key is always sent down to the user (for example the user than AWS key belongs to). At first, I was doing this manually in logical/framework with req.Storage, but this is going to be such a common event that I think its something core should assist with. Additionally, I think the added context for secrets will be useful in the future when we have a Vault API for returning orphaned out keys: we can also return the internal data that might help an operator. So this leads me to this refactor. I've removed most of the fields in `logical.Response` and replaced it with a single `*Secret` pointer. If this is non-nil, then the response represents a secret. The Secret struct encapsulates all the lease info and such. It also has some fields on it that are only populated at _request_ time for Revoke/Renew operations. There is precedent for this sort of behavior in the Go stdlib where http.Request/http.Response have fields that differ based on client/server. I copied this style. All core unit tests pass. The APIs fail for obvious reasons but I'll fix that up in the next commit.
2015-03-19 22:11:42 +00:00
req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
More porting from rep (#2388) * More porting from rep * Address review feedback
2017-02-16 21:29:30 +00:00
repState := b.Core.replicationState
vault: convert system to logical.Backend
2015-03-15 21:42:05 +00:00
// Get the paths
vault: clean up VaultID duplications, make secret responses clearer /cc @armon - This is a reasonably major refactor that I think cleans up a lot of the logic with secrets in responses. The reason for the refactor is that while implementing Renew/Revoke in logical/framework I found the existing API to be really awkward to work with. Primarily, we needed a way to send down internal data for Vault core to store since not all the data you need to revoke a key is always sent down to the user (for example the user than AWS key belongs to). At first, I was doing this manually in logical/framework with req.Storage, but this is going to be such a common event that I think its something core should assist with. Additionally, I think the added context for secrets will be useful in the future when we have a Vault API for returning orphaned out keys: we can also return the internal data that might help an operator. So this leads me to this refactor. I've removed most of the fields in `logical.Response` and replaced it with a single `*Secret` pointer. If this is non-nil, then the response represents a secret. The Secret struct encapsulates all the lease info and such. It also has some fields on it that are only populated at _request_ time for Revoke/Renew operations. There is precedent for this sort of behavior in the Go stdlib where http.Request/http.Response have fields that differ based on client/server. I copied this style. All core unit tests pass. The APIs fail for obvious reasons but I'll fix that up in the next commit.
2015-03-19 22:11:42 +00:00
fromPath := data.Get("from").(string)
toPath := data.Get("to").(string)
vault: convert system to logical.Backend
2015-03-15 21:42:05 +00:00
if fromPath == "" || toPath == "" {
return logical.ErrorResponse(
"both 'from' and 'to' path must be specified as a string"),
vault: convert to logical.Request and friends
2015-03-15 21:53:41 +00:00
logical.ErrInvalidRequest
vault: convert system to logical.Backend
2015-03-15 21:42:05 +00:00
}
Add DynamicSystemView. This uses a pointer to a pointer to always have up-to-date information. This allows remount to be implemented with the same source and dest, allowing mount options to be changed on the fly. If/when Vault gains the ability to HUP its configuration, this should just work for the global values as well. Need specific unit tests for this functionality.
2015-09-01 22:29:30 +00:00
Create a unified function to sanitize mount paths. This allows mount paths to start with '/' in addition to ensuring they end in '/' before leaving the system backend.
2016-03-03 18:13:47 +00:00
fromPath = sanitizeMountPath(fromPath)
toPath = sanitizeMountPath(toPath)
More porting from rep (#2388) * More porting from rep * Address review feedback
2017-02-16 21:29:30 +00:00
entry := b.Core.router.MatchingMountEntry(fromPath)
Update locking components from DR replication changes (#3283) * Update locking components from DR replication changes * Fix plugin backend test * Add a comment about needing the statelock:
2017-09-04 23:38:37 +00:00
if entry != nil && !entry.Local && repState.HasState(consts.ReplicationPerformanceSecondary) {
More porting from rep (#2388) * More porting from rep * Address review feedback
2017-02-16 21:29:30 +00:00
return logical.ErrorResponse("cannot remount a non-local mount on a replication secondary"), nil
}
Rejig how dynamic values are represented in system view and location of some functions in various packages; create mount-tune command and API analogues; update documentation
2015-09-02 19:56:58 +00:00
// Attempt remount
if err := b.Core.remount(fromPath, toPath); err != nil {
Convert to logxi
2016-08-19 20:45:17 +00:00
b.Backend.Logger().Error("sys: remount failed", "from_path", fromPath, "to_path", toPath, "error", err)
Rejig how dynamic values are represented in system view and location of some functions in various packages; create mount-tune command and API analogues; update documentation
2015-09-02 19:56:58 +00:00
return handleError(err)
}
return nil, nil
}
Added 'sys/auth/<path>/tune' endpoints. Displaying 'Default TTL' and 'Max TTL' in the output of 'vault auth -methods'
2016-06-15 16:35:30 +00:00
// handleAuthTuneRead is used to get config settings on a auth path
func (b *SystemBackend) handleAuthTuneRead(
req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
path := data.Get("path").(string)
if path == "" {
return logical.ErrorResponse(
"path must be specified as a string"),
logical.ErrInvalidRequest
}
return b.handleTuneReadCommon("auth/" + path)
}
Rename tune functions
2015-10-10 00:00:17 +00:00
// handleMountTuneRead is used to get config settings on a backend
func (b *SystemBackend) handleMountTuneRead(
Rejig how dynamic values are represented in system view and location of some functions in various packages; create mount-tune command and API analogues; update documentation
2015-09-02 19:56:58 +00:00
req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
path := data.Get("path").(string)
if path == "" {
return logical.ErrorResponse(
"path must be specified as a string"),
logical.ErrInvalidRequest
}
Added 'sys/auth/<path>/tune' endpoints. Displaying 'Default TTL' and 'Max TTL' in the output of 'vault auth -methods'
2016-06-15 16:35:30 +00:00
// This call will read both logical backend's configuration as well as auth backends'.
// Retaining this behavior for backward compatibility. If this behavior is not desired,
// an error can be returned if path has a prefix of "auth/".
return b.handleTuneReadCommon(path)
}
// handleTuneReadCommon returns the config settings of a path
func (b *SystemBackend) handleTuneReadCommon(path string) (*logical.Response, error) {
Create a unified function to sanitize mount paths. This allows mount paths to start with '/' in addition to ensuring they end in '/' before leaving the system backend.
2016-03-03 18:13:47 +00:00
path = sanitizeMountPath(path)
Push a lot of logic into Router to make a bunch of it nicer and enable a lot of cleanup. Plumb config and calls to framework.Backend.Setup() into logical_system and elsewhere, including tests.
2015-09-04 20:58:12 +00:00
sysView := b.Core.router.MatchingSystemView(path)
if sysView == nil {
Convert to logxi
2016-08-19 20:45:17 +00:00
b.Backend.Logger().Error("sys: cannot fetch sysview", "path", path)
return handleError(fmt.Errorf("sys: cannot fetch sysview for path %s", path))
Push a lot of logic into Router to make a bunch of it nicer and enable a lot of cleanup. Plumb config and calls to framework.Backend.Setup() into logical_system and elsewhere, including tests.
2015-09-04 20:58:12 +00:00
}
Add option to disable caching per-backend. (#2455)
2017-03-08 14:20:09 +00:00
mountEntry := b.Core.router.MatchingMountEntry(path)
if mountEntry == nil {
b.Backend.Logger().Error("sys: cannot fetch mount entry", "path", path)
return handleError(fmt.Errorf("sys: cannot fetch mount entry for path %s", path))
}
Rejig how dynamic values are represented in system view and location of some functions in various packages; create mount-tune command and API analogues; update documentation
2015-09-02 19:56:58 +00:00
resp := &logical.Response{
Data: map[string]interface{}{
Switch per-mount values to strings going in and seconds coming out, like other commands. Indicate deprecation of 'lease' in the token backend.
2015-09-25 13:46:20 +00:00
"default_lease_ttl": int(sysView.DefaultLeaseTTL().Seconds()),
"max_lease_ttl": int(sysView.MaxLeaseTTL().Seconds()),
Add option to disable caching per-backend. (#2455)
2017-03-08 14:20:09 +00:00
"force_no_cache": mountEntry.Config.ForceNoCache,
Rejig how dynamic values are represented in system view and location of some functions in various packages; create mount-tune command and API analogues; update documentation
2015-09-02 19:56:58 +00:00
},
}
return resp, nil
}
Added 'sys/auth/<path>/tune' endpoints. Displaying 'Default TTL' and 'Max TTL' in the output of 'vault auth -methods'
2016-06-15 16:35:30 +00:00
// handleAuthTuneWrite is used to set config settings on an auth path
func (b *SystemBackend) handleAuthTuneWrite(
req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
path := data.Get("path").(string)
if path == "" {
return logical.ErrorResponse("path must be specified as a string"),
logical.ErrInvalidRequest
}
return b.handleTuneWriteCommon("auth/"+path, data)
}
Rename tune functions
2015-10-10 00:00:17 +00:00
// handleMountTuneWrite is used to set config settings on a backend
func (b *SystemBackend) handleMountTuneWrite(
Rejig how dynamic values are represented in system view and location of some functions in various packages; create mount-tune command and API analogues; update documentation
2015-09-02 19:56:58 +00:00
req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
path := data.Get("path").(string)
if path == "" {
Added 'sys/auth/<path>/tune' endpoints. Displaying 'Default TTL' and 'Max TTL' in the output of 'vault auth -methods'
2016-06-15 16:35:30 +00:00
return logical.ErrorResponse("path must be specified as a string"),
Rejig how dynamic values are represented in system view and location of some functions in various packages; create mount-tune command and API analogues; update documentation
2015-09-02 19:56:58 +00:00
logical.ErrInvalidRequest
}
Added 'sys/auth/<path>/tune' endpoints. Displaying 'Default TTL' and 'Max TTL' in the output of 'vault auth -methods'
2016-06-15 16:35:30 +00:00
// This call will write both logical backend's configuration as well as auth backends'.
// Retaining this behavior for backward compatibility. If this behavior is not desired,
// an error can be returned if path has a prefix of "auth/".
return b.handleTuneWriteCommon(path, data)
}
Rejig how dynamic values are represented in system view and location of some functions in various packages; create mount-tune command and API analogues; update documentation
2015-09-02 19:56:58 +00:00
Added 'sys/auth/<path>/tune' endpoints. Displaying 'Default TTL' and 'Max TTL' in the output of 'vault auth -methods'
2016-06-15 16:35:30 +00:00
// handleTuneWriteCommon is used to set config settings on a path
func (b *SystemBackend) handleTuneWriteCommon(
path string, data *framework.FieldData) (*logical.Response, error) {
More porting from rep (#2388) * More porting from rep * Address review feedback
2017-02-16 21:29:30 +00:00
repState := b.Core.replicationState
Create a unified function to sanitize mount paths. This allows mount paths to start with '/' in addition to ensuring they end in '/' before leaving the system backend.
2016-03-03 18:13:47 +00:00
path = sanitizeMountPath(path)
Push a lot of logic into Router to make a bunch of it nicer and enable a lot of cleanup. Plumb config and calls to framework.Backend.Setup() into logical_system and elsewhere, including tests.
2015-09-04 20:58:12 +00:00
Address items from feedback. Make MountConfig use values rather than pointers and change how config is read to compensate.
2015-09-09 19:24:45 +00:00
// Prevent protected paths from being changed
Allow tuning of auth mounts, to set per-mount default/max lease times
2015-09-19 15:50:50 +00:00
for _, p := range untunableMounts {
Address items from feedback. Make MountConfig use values rather than pointers and change how config is read to compensate.
2015-09-09 19:24:45 +00:00
if strings.HasPrefix(path, p) {
Convert to logxi
2016-08-19 20:45:17 +00:00
b.Backend.Logger().Error("sys: cannot tune this mount", "path", path)
return handleError(fmt.Errorf("sys: cannot tune '%s'", path))
Address items from feedback. Make MountConfig use values rather than pointers and change how config is read to compensate.
2015-09-09 19:24:45 +00:00
}
Plumb per-mount config options through API
2015-08-31 18:27:49 +00:00
}
vault: convert system to logical.Backend
2015-03-15 21:42:05 +00:00
Address items from feedback. Make MountConfig use values rather than pointers and change how config is read to compensate.
2015-09-09 19:24:45 +00:00
mountEntry := b.Core.router.MatchingMountEntry(path)
if mountEntry == nil {
Convert to logxi
2016-08-19 20:45:17 +00:00
b.Backend.Logger().Error("sys: tune failed: no mount entry found", "path", path)
return handleError(fmt.Errorf("sys: tune of path '%s' failed: no mount entry found", path))
Rejig how dynamic values are represented in system view and location of some functions in various packages; create mount-tune command and API analogues; update documentation
2015-09-02 19:56:58 +00:00
}
Update locking components from DR replication changes (#3283) * Update locking components from DR replication changes * Fix plugin backend test * Add a comment about needing the statelock:
2017-09-04 23:38:37 +00:00
if mountEntry != nil && !mountEntry.Local && repState.HasState(consts.ReplicationPerformanceSecondary) {
More porting from rep (#2388) * More porting from rep * Address review feedback
2017-02-16 21:29:30 +00:00
return logical.ErrorResponse("cannot tune a non-local mount on a replication secondary"), nil
}
Fix mount config test by proxying mounts/ in addition to mounts
2015-09-03 12:54:59 +00:00
Properly persist auth mount tuning
2016-05-03 18:24:04 +00:00
var lock *sync.RWMutex
switch {
case strings.HasPrefix(path, "auth/"):
lock = &b.Core.authLock
default:
lock = &b.Core.mountsLock
}
Simplify a lot of the mount tuning code (#3285)
2017-09-05 14:57:25 +00:00
lock.Lock()
defer lock.Unlock()
// Check again after grabbing the lock
mountEntry = b.Core.router.MatchingMountEntry(path)
if mountEntry == nil {
b.Backend.Logger().Error("sys: tune failed: no mount entry found", "path", path)
return handleError(fmt.Errorf("sys: tune of path '%s' failed: no mount entry found", path))
}
if mountEntry != nil && !mountEntry.Local && repState.HasState(consts.ReplicationPerformanceSecondary) {
return logical.ErrorResponse("cannot tune a non-local mount on a replication secondary"), nil
}
Address items from feedback. Make MountConfig use values rather than pointers and change how config is read to compensate.
2015-09-09 19:24:45 +00:00
// Timing configuration parameters
{
Simplify a lot of the mount tuning code (#3285)
2017-09-05 14:57:25 +00:00
var newDefault, newMax time.Duration
Switch per-mount values to strings going in and seconds coming out, like other commands. Indicate deprecation of 'lease' in the token backend.
2015-09-25 13:46:20 +00:00
defTTL := data.Get("default_lease_ttl").(string)
switch defTTL {
case "":
Simplify a lot of the mount tuning code (#3285)
2017-09-05 14:57:25 +00:00
newDefault = mountEntry.Config.DefaultLeaseTTL
Switch per-mount values to strings going in and seconds coming out, like other commands. Indicate deprecation of 'lease' in the token backend.
2015-09-25 13:46:20 +00:00
case "system":
Simplify a lot of the mount tuning code (#3285)
2017-09-05 14:57:25 +00:00
newDefault = time.Duration(0)
Switch per-mount values to strings going in and seconds coming out, like other commands. Indicate deprecation of 'lease' in the token backend.
2015-09-25 13:46:20 +00:00
default:
Rename helper 'duration' to 'parseutil'. (#2449) Add a ParseBool function that accepts various kinds of ways of specifying booleans. Have config use ParseBool for UI and disabling mlock/cache.
2017-03-07 16:21:22 +00:00
tmpDef, err := parseutil.ParseDurationSecond(defTTL)
Switch per-mount values to strings going in and seconds coming out, like other commands. Indicate deprecation of 'lease' in the token backend.
2015-09-25 13:46:20 +00:00
if err != nil {
return handleError(err)
}
Simplify a lot of the mount tuning code (#3285)
2017-09-05 14:57:25 +00:00
newDefault = tmpDef
Address items from feedback. Make MountConfig use values rather than pointers and change how config is read to compensate.
2015-09-09 19:24:45 +00:00
}
Switch per-mount values to strings going in and seconds coming out, like other commands. Indicate deprecation of 'lease' in the token backend.
2015-09-25 13:46:20 +00:00
maxTTL := data.Get("max_lease_ttl").(string)
switch maxTTL {
case "":
Simplify a lot of the mount tuning code (#3285)
2017-09-05 14:57:25 +00:00
newMax = mountEntry.Config.MaxLeaseTTL
Switch per-mount values to strings going in and seconds coming out, like other commands. Indicate deprecation of 'lease' in the token backend.
2015-09-25 13:46:20 +00:00
case "system":
Simplify a lot of the mount tuning code (#3285)
2017-09-05 14:57:25 +00:00
newMax = time.Duration(0)
Switch per-mount values to strings going in and seconds coming out, like other commands. Indicate deprecation of 'lease' in the token backend.
2015-09-25 13:46:20 +00:00
default:
Rename helper 'duration' to 'parseutil'. (#2449) Add a ParseBool function that accepts various kinds of ways of specifying booleans. Have config use ParseBool for UI and disabling mlock/cache.
2017-03-07 16:21:22 +00:00
tmpMax, err := parseutil.ParseDurationSecond(maxTTL)
Switch per-mount values to strings going in and seconds coming out, like other commands. Indicate deprecation of 'lease' in the token backend.
2015-09-25 13:46:20 +00:00
if err != nil {
return handleError(err)
}
Simplify a lot of the mount tuning code (#3285)
2017-09-05 14:57:25 +00:00
newMax = tmpMax
Address items from feedback. Make MountConfig use values rather than pointers and change how config is read to compensate.
2015-09-09 19:24:45 +00:00
}
Switch per-mount values to strings going in and seconds coming out, like other commands. Indicate deprecation of 'lease' in the token backend.
2015-09-25 13:46:20 +00:00
Simplify a lot of the mount tuning code (#3285)
2017-09-05 14:57:25 +00:00
if newDefault != mountEntry.Config.DefaultLeaseTTL ||
newMax != mountEntry.Config.MaxLeaseTTL {
Properly persist auth mount tuning
2016-05-03 18:24:04 +00:00
Understand local when persisting mount tables, to avoid invalidations when not necessary (#2427)
2017-03-02 19:37:59 +00:00
if err := b.tuneMountTTLs(path, mountEntry, newDefault, newMax); err != nil {
Convert to logxi
2016-08-19 20:45:17 +00:00
b.Backend.Logger().Error("sys: tuning failed", "path", path, "error", err)
Address items from feedback. Make MountConfig use values rather than pointers and change how config is read to compensate.
2015-09-09 19:24:45 +00:00
return handleError(err)
}
}
vault: convert system to logical.Backend
2015-03-15 21:42:05 +00:00
}
Simplify a lot of the mount tuning code (#3285)
2017-09-05 14:57:25 +00:00
description := data.Get("description").(string)
if description != "" {
oldDesc := mountEntry.Description
mountEntry.Description = description
// Update the mount table
var err error
switch {
case strings.HasPrefix(path, "auth/"):
err = b.Core.persistAuth(b.Core.auth, mountEntry.Local)
default:
err = b.Core.persistMounts(b.Core.mounts, mountEntry.Local)
}
if err != nil {
mountEntry.Description = oldDesc
return handleError(err)
}
if b.Core.logger.IsInfo() {
b.Core.logger.Info("core: mount tuning of description successful", "path", path)
}
}
vault: convert system to logical.Backend
2015-03-15 21:42:05 +00:00
return nil, nil
}
vault: system using the framework
2015-03-16 00:35:59 +00:00
Add the ability to view and list of leases metadata (#2650)
2017-05-04 02:03:42 +00:00
// handleLease is use to view the metadata for a given LeaseID
func (b *SystemBackend) handleLeaseLookup(
req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
leaseID := data.Get("lease_id").(string)
if leaseID == "" {
return logical.ErrorResponse("lease_id must be specified"),
logical.ErrInvalidRequest
}
leaseTimes, err := b.Core.expiration.FetchLeaseTimes(leaseID)
if err != nil {
b.Backend.Logger().Error("sys: error retrieving lease", "lease_id", leaseID, "error", err)
return handleError(err)
}
if leaseTimes == nil {
return logical.ErrorResponse("invalid lease"), logical.ErrInvalidRequest
}
resp := &logical.Response{
Data: map[string]interface{}{
"id": leaseID,
"issue_time": leaseTimes.IssueTime,
"expire_time": nil,
"last_renewal": nil,
"ttl": int64(0),
},
}
renewable, _ := leaseTimes.renewable()
resp.Data["renewable"] = renewable
if !leaseTimes.LastRenewalTime.IsZero() {
resp.Data["last_renewal"] = leaseTimes.LastRenewalTime
}
if !leaseTimes.ExpireTime.IsZero() {
resp.Data["expire_time"] = leaseTimes.ExpireTime
resp.Data["ttl"] = leaseTimes.ttl()
}
return resp, nil
}
func (b *SystemBackend) handleLeaseLookupList(
req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
prefix := data.Get("prefix").(string)
if prefix != "" && !strings.HasSuffix(prefix, "/") {
prefix = prefix + "/"
}
keys, err := b.Core.expiration.idView.List(prefix)
if err != nil {
b.Backend.Logger().Error("sys: error listing leases", "prefix", prefix, "error", err)
return handleError(err)
}
return logical.ListResponse(keys), nil
}
Replace VaultID with LeaseID for terminology simplification
2015-04-08 20:35:32 +00:00
// handleRenew is used to renew a lease with a given LeaseID
vault: Testing sys/renew
2015-03-16 23:11:55 +00:00
func (b *SystemBackend) handleRenew(
vault: clean up VaultID duplications, make secret responses clearer /cc @armon - This is a reasonably major refactor that I think cleans up a lot of the logic with secrets in responses. The reason for the refactor is that while implementing Renew/Revoke in logical/framework I found the existing API to be really awkward to work with. Primarily, we needed a way to send down internal data for Vault core to store since not all the data you need to revoke a key is always sent down to the user (for example the user than AWS key belongs to). At first, I was doing this manually in logical/framework with req.Storage, but this is going to be such a common event that I think its something core should assist with. Additionally, I think the added context for secrets will be useful in the future when we have a Vault API for returning orphaned out keys: we can also return the internal data that might help an operator. So this leads me to this refactor. I've removed most of the fields in `logical.Response` and replaced it with a single `*Secret` pointer. If this is non-nil, then the response represents a secret. The Secret struct encapsulates all the lease info and such. It also has some fields on it that are only populated at _request_ time for Revoke/Renew operations. There is precedent for this sort of behavior in the Go stdlib where http.Request/http.Response have fields that differ based on client/server. I copied this style. All core unit tests pass. The APIs fail for obvious reasons but I'll fix that up in the next commit.
2015-03-19 22:11:42 +00:00
req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
vault: Testing sys/renew
2015-03-16 23:11:55 +00:00
// Get all the options
Replace VaultID with LeaseID for terminology simplification
2015-04-08 20:35:32 +00:00
leaseID := data.Get("lease_id").(string)
Add ability to specify renew lease ID in POST body.
2016-08-08 22:00:44 +00:00
if leaseID == "" {
urllease_id -> url_lease_id
2016-08-08 22:34:00 +00:00
leaseID = data.Get("url_lease_id").(string)
Add ability to specify renew lease ID in POST body.
2016-08-08 22:00:44 +00:00
}
Updating revoke/renew to prefer PUT method (#2646)
2017-04-27 14:47:43 +00:00
if leaseID == "" {
return logical.ErrorResponse("lease_id must be specified"),
logical.ErrInvalidRequest
}
vault: Testing sys/renew
2015-03-16 23:11:55 +00:00
incrementRaw := data.Get("increment").(int)
// Convert the increment
increment := time.Duration(incrementRaw) * time.Second
// Invoke the expiration manager directly
Replace VaultID with LeaseID for terminology simplification
2015-04-08 20:35:32 +00:00
resp, err := b.Core.expiration.Renew(leaseID, increment)
vault: Test renew of bad ID
2015-03-16 23:14:53 +00:00
if err != nil {
Convert to logxi
2016-08-19 20:45:17 +00:00
b.Backend.Logger().Error("sys: lease renewal failed", "lease_id", leaseID, "error", err)
This adds a new error class which can be used by logical backends to specify more concrete error cases to make their way back up the stack. Over time there is probably a cleaner way of doing this, but that's looking like a more massive rewrite and this solves some issues in the meantime. Use a CodedError to return a more concrete HTTP return code for operations you want to do so. Returning a regular error leaves the existing behavior in place.
2015-08-10 17:27:25 +00:00
return handleError(err)
vault: Test renew of bad ID
2015-03-16 23:14:53 +00:00
}
return resp, err
vault: Testing sys/renew
2015-03-16 23:11:55 +00:00
}
Replace VaultID with LeaseID for terminology simplification
2015-04-08 20:35:32 +00:00
// handleRevoke is used to revoke a given LeaseID
vault: Adding sys/revoke
2015-03-16 23:26:34 +00:00
func (b *SystemBackend) handleRevoke(
vault: clean up VaultID duplications, make secret responses clearer /cc @armon - This is a reasonably major refactor that I think cleans up a lot of the logic with secrets in responses. The reason for the refactor is that while implementing Renew/Revoke in logical/framework I found the existing API to be really awkward to work with. Primarily, we needed a way to send down internal data for Vault core to store since not all the data you need to revoke a key is always sent down to the user (for example the user than AWS key belongs to). At first, I was doing this manually in logical/framework with req.Storage, but this is going to be such a common event that I think its something core should assist with. Additionally, I think the added context for secrets will be useful in the future when we have a Vault API for returning orphaned out keys: we can also return the internal data that might help an operator. So this leads me to this refactor. I've removed most of the fields in `logical.Response` and replaced it with a single `*Secret` pointer. If this is non-nil, then the response represents a secret. The Secret struct encapsulates all the lease info and such. It also has some fields on it that are only populated at _request_ time for Revoke/Renew operations. There is precedent for this sort of behavior in the Go stdlib where http.Request/http.Response have fields that differ based on client/server. I copied this style. All core unit tests pass. The APIs fail for obvious reasons but I'll fix that up in the next commit.
2015-03-19 22:11:42 +00:00
req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
vault: Adding sys/revoke
2015-03-16 23:26:34 +00:00
// Get all the options
Replace VaultID with LeaseID for terminology simplification
2015-04-08 20:35:32 +00:00
leaseID := data.Get("lease_id").(string)
Updating revoke/renew to prefer PUT method (#2646)
2017-04-27 14:47:43 +00:00
if leaseID == "" {
leaseID = data.Get("url_lease_id").(string)
}
if leaseID == "" {
return logical.ErrorResponse("lease_id must be specified"),
logical.ErrInvalidRequest
}
vault: Adding sys/revoke
2015-03-16 23:26:34 +00:00
// Invoke the expiration manager directly
Replace VaultID with LeaseID for terminology simplification
2015-04-08 20:35:32 +00:00
if err := b.Core.expiration.Revoke(leaseID); err != nil {
Convert to logxi
2016-08-19 20:45:17 +00:00
b.Backend.Logger().Error("sys: lease revocation failed", "lease_id", leaseID, "error", err)
This adds a new error class which can be used by logical backends to specify more concrete error cases to make their way back up the stack. Over time there is probably a cleaner way of doing this, but that's looking like a more massive rewrite and this solves some issues in the meantime. Use a CodedError to return a more concrete HTTP return code for operations you want to do so. Returning a regular error leaves the existing behavior in place.
2015-08-10 17:27:25 +00:00
return handleError(err)
vault: Adding sys/revoke
2015-03-16 23:26:34 +00:00
}
return nil, nil
}
Replace VaultID with LeaseID for terminology simplification
2015-04-08 20:35:32 +00:00
// handleRevokePrefix is used to revoke a prefix with many LeaseIDs
vault: Support sys/revoke-prefix/
2015-03-16 23:33:48 +00:00
func (b *SystemBackend) handleRevokePrefix(
vault: clean up VaultID duplications, make secret responses clearer /cc @armon - This is a reasonably major refactor that I think cleans up a lot of the logic with secrets in responses. The reason for the refactor is that while implementing Renew/Revoke in logical/framework I found the existing API to be really awkward to work with. Primarily, we needed a way to send down internal data for Vault core to store since not all the data you need to revoke a key is always sent down to the user (for example the user than AWS key belongs to). At first, I was doing this manually in logical/framework with req.Storage, but this is going to be such a common event that I think its something core should assist with. Additionally, I think the added context for secrets will be useful in the future when we have a Vault API for returning orphaned out keys: we can also return the internal data that might help an operator. So this leads me to this refactor. I've removed most of the fields in `logical.Response` and replaced it with a single `*Secret` pointer. If this is non-nil, then the response represents a secret. The Secret struct encapsulates all the lease info and such. It also has some fields on it that are only populated at _request_ time for Revoke/Renew operations. There is precedent for this sort of behavior in the Go stdlib where http.Request/http.Response have fields that differ based on client/server. I copied this style. All core unit tests pass. The APIs fail for obvious reasons but I'll fix that up in the next commit.
2015-03-19 22:11:42 +00:00
req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
Add forced revocation. In some situations, it can be impossible to revoke leases (for instance, if someone has gone and manually removed users created by Vault). This can not only cause Vault to cycle trying to revoke them, but it also prevents mounts from being unmounted, leaving them in a tainted state where the only operations allowed are to revoke (or rollback), which will never successfully complete. This adds a new endpoint that works similarly to `revoke-prefix` but ignores errors coming from a backend upon revocation (it does not ignore errors coming from within the expiration manager, such as errors accessing the data store). This can be used to force Vault to abandon leases. Like `revoke-prefix`, this is a very sensitive operation and requires `sudo`. It is implemented as a separate endpoint, rather than an argument to `revoke-prefix`, to ensure that control can be delegated appropriately, as even most administrators should not normally have this privilege. Fixes #1135
2016-03-03 01:26:38 +00:00
return b.handleRevokePrefixCommon(req, data, false)
}
// handleRevokeForce is used to revoke a prefix with many LeaseIDs, ignoring errors
func (b *SystemBackend) handleRevokeForce(
req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
return b.handleRevokePrefixCommon(req, data, true)
}
// handleRevokePrefixCommon is used to revoke a prefix with many LeaseIDs
func (b *SystemBackend) handleRevokePrefixCommon(
req *logical.Request, data *framework.FieldData, force bool) (*logical.Response, error) {
vault: Support sys/revoke-prefix/
2015-03-16 23:33:48 +00:00
// Get all the options
prefix := data.Get("prefix").(string)
// Invoke the expiration manager directly
Add forced revocation. In some situations, it can be impossible to revoke leases (for instance, if someone has gone and manually removed users created by Vault). This can not only cause Vault to cycle trying to revoke them, but it also prevents mounts from being unmounted, leaving them in a tainted state where the only operations allowed are to revoke (or rollback), which will never successfully complete. This adds a new endpoint that works similarly to `revoke-prefix` but ignores errors coming from a backend upon revocation (it does not ignore errors coming from within the expiration manager, such as errors accessing the data store). This can be used to force Vault to abandon leases. Like `revoke-prefix`, this is a very sensitive operation and requires `sudo`. It is implemented as a separate endpoint, rather than an argument to `revoke-prefix`, to ensure that control can be delegated appropriately, as even most administrators should not normally have this privilege. Fixes #1135
2016-03-03 01:26:38 +00:00
var err error
if force {
err = b.Core.expiration.RevokeForce(prefix)
} else {
err = b.Core.expiration.RevokePrefix(prefix)
}
if err != nil {
Convert to logxi
2016-08-19 20:45:17 +00:00
b.Backend.Logger().Error("sys: revoke prefix failed", "prefix", prefix, "error", err)
This adds a new error class which can be used by logical backends to specify more concrete error cases to make their way back up the stack. Over time there is probably a cleaner way of doing this, but that's looking like a more massive rewrite and this solves some issues in the meantime. Use a CodedError to return a more concrete HTTP return code for operations you want to do so. Returning a regular error leaves the existing behavior in place.
2015-08-10 17:27:25 +00:00
return handleError(err)
vault: Support sys/revoke-prefix/
2015-03-16 23:33:48 +00:00
}
return nil, nil
}
vault: implement the sys/auth* endpoints
2015-03-20 19:48:19 +00:00
// handleAuthTable handles the "auth" endpoint to provide the auth table
func (b *SystemBackend) handleAuthTable(
req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
Rearchitect MountTable locking and fix rollback. The rollback manager was using a saved MountTable rather than the current table, causing it to attempt to rollback unmounted mounts, and never rollback new mounts. In fixing this, it became clear that bad things could happen to the mount table...the table itself could be locked, but the table pointer (which is what the rollback manager needs) could be modified at any time without locking. This commit therefore also returns locking to a mutex outside the table instead of inside, and plumbs RLock/RUnlock through to the various places that are reading the table but not holding a write lock. Both unit tests and race detection pass. Fixes #771
2015-11-11 16:44:07 +00:00
b.Core.authLock.RLock()
defer b.Core.authLock.RUnlock()
vault: implement the sys/auth* endpoints
2015-03-20 19:48:19 +00:00
resp := &logical.Response{
Data: make(map[string]interface{}),
}
for _, entry := range b.Core.auth.Entries {
Added 'sys/auth/<path>/tune' endpoints. Displaying 'Default TTL' and 'Max TTL' in the output of 'vault auth -methods'
2016-06-15 16:35:30 +00:00
info := map[string]interface{}{
vault: implement the sys/auth* endpoints
2015-03-20 19:48:19 +00:00
"type": entry.Type,
"description": entry.Description,
Create and persist human-friendly-ish mount accessors (#2918)
2017-06-26 17:14:36 +00:00
"accessor": entry.Accessor,
Added 'sys/auth/<path>/tune' endpoints. Displaying 'Default TTL' and 'Max TTL' in the output of 'vault auth -methods'
2016-06-15 16:35:30 +00:00
"config": map[string]interface{}{
Made default_lease_ttl and max_lease_ttl as int64 and fixed tests
2016-06-21 00:08:12 +00:00
"default_lease_ttl": int64(entry.Config.DefaultLeaseTTL.Seconds()),
"max_lease_ttl": int64(entry.Config.MaxLeaseTTL.Seconds()),
Added 'sys/auth/<path>/tune' endpoints. Displaying 'Default TTL' and 'Max TTL' in the output of 'vault auth -methods'
2016-06-15 16:35:30 +00:00
},
More porting from rep (#2388) * More porting from rep * Address review feedback
2017-02-16 21:29:30 +00:00
"local": entry.Local,
vault: implement the sys/auth* endpoints
2015-03-20 19:48:19 +00:00
}
resp.Data[entry.Path] = info
}
return resp, nil
}
// handleEnableAuth is used to enable a new credential backend
func (b *SystemBackend) handleEnableAuth(
req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
More porting from rep (#2388) * More porting from rep * Address review feedback
2017-02-16 21:29:30 +00:00
repState := b.Core.replicationState
local := data.Get("local").(bool)
Update locking components from DR replication changes (#3283) * Update locking components from DR replication changes * Fix plugin backend test * Add a comment about needing the statelock:
2017-09-04 23:38:37 +00:00
if !local && repState.HasState(consts.ReplicationPerformanceSecondary) {
More porting from rep (#2388) * More porting from rep * Address review feedback
2017-02-16 21:29:30 +00:00
return logical.ErrorResponse("cannot add a non-local mount to a replication secondary"), nil
}
vault: implement the sys/auth* endpoints
2015-03-20 19:48:19 +00:00
// Get all the options
path := data.Get("path").(string)
logicalType := data.Get("type").(string)
description := data.Get("description").(string)
Backend plugin system (#2874) * Add backend plugin changes * Fix totp backend plugin tests * Fix logical/plugin InvalidateKey test * Fix plugin catalog CRUD test, fix NoopBackend * Clean up commented code block * Fix system backend mount test * Set plugin_name to omitempty, fix handleMountTable config parsing * Clean up comments, keep shim connections alive until cleanup * Include pluginClient, disallow LookupPlugin call from within a plugin * Add wrapper around backendPluginClient for proper cleanup * Add logger shim tests * Add logger, storage, and system shim tests * Use pointer receivers for system view shim * Use plugin name if no path is provided on mount * Enable plugins for auth backends * Add backend type attribute, move builtin/plugin/package * Fix merge conflict * Fix missing plugin name in mount config * Add integration tests on enabling auth backend plugins * Remove dependency cycle on mock-plugin * Add passthrough backend plugin, use logical.BackendType to determine lease generation * Remove vault package dependency on passthrough package * Add basic impl test for passthrough plugin * Incorporate feedback; set b.backend after shims creation on backendPluginServer * Fix totp plugin test * Add plugin backends docs * Fix tests * Fix builtin/plugin tests * Remove flatten from PluginRunner fields * Move mock plugin to logical/plugin, remove totp and passthrough plugins * Move pluginMap into newPluginClient * Do not create storage RPC connection on HandleRequest and HandleExistenceCheck * Change shim logger's Fatal to no-op * Change BackendType to uint32, match UX backend types * Change framework.Backend Setup signature * Add Setup func to logical.Backend interface * Move OptionallyEnableMlock call into plugin.Serve, update docs and comments * Remove commented var in plugin package * RegisterLicense on logical.Backend interface (#3017) * Add RegisterLicense to logical.Backend interface * Update RegisterLicense to use callback func on framework.Backend * Refactor framework.Backend.RegisterLicense * plugin: Prevent plugin.SystemViewClient.ResponseWrapData from getting JWTs * plugin: Revert BackendType to remove TypePassthrough and related references * Fix typo in plugin backends docs
2017-07-20 17:28:40 +00:00
pluginName := data.Get("plugin_name").(string)
var config MountConfig
Normalize plugin_name option for mount and enable-auth (#3202)
2017-08-31 16:16:59 +00:00
var apiConfig APIMountConfig
Backend plugin system (#2874) * Add backend plugin changes * Fix totp backend plugin tests * Fix logical/plugin InvalidateKey test * Fix plugin catalog CRUD test, fix NoopBackend * Clean up commented code block * Fix system backend mount test * Set plugin_name to omitempty, fix handleMountTable config parsing * Clean up comments, keep shim connections alive until cleanup * Include pluginClient, disallow LookupPlugin call from within a plugin * Add wrapper around backendPluginClient for proper cleanup * Add logger shim tests * Add logger, storage, and system shim tests * Use pointer receivers for system view shim * Use plugin name if no path is provided on mount * Enable plugins for auth backends * Add backend type attribute, move builtin/plugin/package * Fix merge conflict * Fix missing plugin name in mount config * Add integration tests on enabling auth backend plugins * Remove dependency cycle on mock-plugin * Add passthrough backend plugin, use logical.BackendType to determine lease generation * Remove vault package dependency on passthrough package * Add basic impl test for passthrough plugin * Incorporate feedback; set b.backend after shims creation on backendPluginServer * Fix totp plugin test * Add plugin backends docs * Fix tests * Fix builtin/plugin tests * Remove flatten from PluginRunner fields * Move mock plugin to logical/plugin, remove totp and passthrough plugins * Move pluginMap into newPluginClient * Do not create storage RPC connection on HandleRequest and HandleExistenceCheck * Change shim logger's Fatal to no-op * Change BackendType to uint32, match UX backend types * Change framework.Backend Setup signature * Add Setup func to logical.Backend interface * Move OptionallyEnableMlock call into plugin.Serve, update docs and comments * Remove commented var in plugin package * RegisterLicense on logical.Backend interface (#3017) * Add RegisterLicense to logical.Backend interface * Update RegisterLicense to use callback func on framework.Backend * Refactor framework.Backend.RegisterLicense * plugin: Prevent plugin.SystemViewClient.ResponseWrapData from getting JWTs * plugin: Revert BackendType to remove TypePassthrough and related references * Fix typo in plugin backends docs
2017-07-20 17:28:40 +00:00
Normalize plugin_name option for mount and enable-auth (#3202)
2017-08-31 16:16:59 +00:00
configMap := data.Get("config").(map[string]interface{})
if configMap != nil && len(configMap) != 0 {
err := mapstructure.Decode(configMap, &apiConfig)
if err != nil {
return logical.ErrorResponse(
"unable to convert given auth config information"),
logical.ErrInvalidRequest
}
}
// Only set plugin name if mount is of type plugin, with apiConfig.PluginName
// option taking precedence.
if logicalType == "plugin" {
switch {
case apiConfig.PluginName != "":
config.PluginName = apiConfig.PluginName
case pluginName != "":
config.PluginName = pluginName
default:
return logical.ErrorResponse(
"plugin_name must be provided for plugin backend"),
logical.ErrInvalidRequest
}
Backend plugin system (#2874) * Add backend plugin changes * Fix totp backend plugin tests * Fix logical/plugin InvalidateKey test * Fix plugin catalog CRUD test, fix NoopBackend * Clean up commented code block * Fix system backend mount test * Set plugin_name to omitempty, fix handleMountTable config parsing * Clean up comments, keep shim connections alive until cleanup * Include pluginClient, disallow LookupPlugin call from within a plugin * Add wrapper around backendPluginClient for proper cleanup * Add logger shim tests * Add logger, storage, and system shim tests * Use pointer receivers for system view shim * Use plugin name if no path is provided on mount * Enable plugins for auth backends * Add backend type attribute, move builtin/plugin/package * Fix merge conflict * Fix missing plugin name in mount config * Add integration tests on enabling auth backend plugins * Remove dependency cycle on mock-plugin * Add passthrough backend plugin, use logical.BackendType to determine lease generation * Remove vault package dependency on passthrough package * Add basic impl test for passthrough plugin * Incorporate feedback; set b.backend after shims creation on backendPluginServer * Fix totp plugin test * Add plugin backends docs * Fix tests * Fix builtin/plugin tests * Remove flatten from PluginRunner fields * Move mock plugin to logical/plugin, remove totp and passthrough plugins * Move pluginMap into newPluginClient * Do not create storage RPC connection on HandleRequest and HandleExistenceCheck * Change shim logger's Fatal to no-op * Change BackendType to uint32, match UX backend types * Change framework.Backend Setup signature * Add Setup func to logical.Backend interface * Move OptionallyEnableMlock call into plugin.Serve, update docs and comments * Remove commented var in plugin package * RegisterLicense on logical.Backend interface (#3017) * Add RegisterLicense to logical.Backend interface * Update RegisterLicense to use callback func on framework.Backend * Refactor framework.Backend.RegisterLicense * plugin: Prevent plugin.SystemViewClient.ResponseWrapData from getting JWTs * plugin: Revert BackendType to remove TypePassthrough and related references * Fix typo in plugin backends docs
2017-07-20 17:28:40 +00:00
}
vault: implement the sys/auth* endpoints
2015-03-20 19:48:19 +00:00
if logicalType == "" {
return logical.ErrorResponse(
"backend type must be specified as a string"),
logical.ErrInvalidRequest
}
Create a unified function to sanitize mount paths. This allows mount paths to start with '/' in addition to ensuring they end in '/' before leaving the system backend.
2016-03-03 18:13:47 +00:00
path = sanitizeMountPath(path)
vault: implement the sys/auth* endpoints
2015-03-20 19:48:19 +00:00
// Create the mount entry
me := &MountEntry{
Add to auth/audit too
2016-05-26 17:38:51 +00:00
Table: credentialTableType,
vault: implement the sys/auth* endpoints
2015-03-20 19:48:19 +00:00
Path: path,
Type: logicalType,
Description: description,
Backend plugin system (#2874) * Add backend plugin changes * Fix totp backend plugin tests * Fix logical/plugin InvalidateKey test * Fix plugin catalog CRUD test, fix NoopBackend * Clean up commented code block * Fix system backend mount test * Set plugin_name to omitempty, fix handleMountTable config parsing * Clean up comments, keep shim connections alive until cleanup * Include pluginClient, disallow LookupPlugin call from within a plugin * Add wrapper around backendPluginClient for proper cleanup * Add logger shim tests * Add logger, storage, and system shim tests * Use pointer receivers for system view shim * Use plugin name if no path is provided on mount * Enable plugins for auth backends * Add backend type attribute, move builtin/plugin/package * Fix merge conflict * Fix missing plugin name in mount config * Add integration tests on enabling auth backend plugins * Remove dependency cycle on mock-plugin * Add passthrough backend plugin, use logical.BackendType to determine lease generation * Remove vault package dependency on passthrough package * Add basic impl test for passthrough plugin * Incorporate feedback; set b.backend after shims creation on backendPluginServer * Fix totp plugin test * Add plugin backends docs * Fix tests * Fix builtin/plugin tests * Remove flatten from PluginRunner fields * Move mock plugin to logical/plugin, remove totp and passthrough plugins * Move pluginMap into newPluginClient * Do not create storage RPC connection on HandleRequest and HandleExistenceCheck * Change shim logger's Fatal to no-op * Change BackendType to uint32, match UX backend types * Change framework.Backend Setup signature * Add Setup func to logical.Backend interface * Move OptionallyEnableMlock call into plugin.Serve, update docs and comments * Remove commented var in plugin package * RegisterLicense on logical.Backend interface (#3017) * Add RegisterLicense to logical.Backend interface * Update RegisterLicense to use callback func on framework.Backend * Refactor framework.Backend.RegisterLicense * plugin: Prevent plugin.SystemViewClient.ResponseWrapData from getting JWTs * plugin: Revert BackendType to remove TypePassthrough and related references * Fix typo in plugin backends docs
2017-07-20 17:28:40 +00:00
Config: config,
More porting from rep (#2388) * More porting from rep * Address review feedback
2017-02-16 21:29:30 +00:00
Local: local,
vault: implement the sys/auth* endpoints
2015-03-20 19:48:19 +00:00
}
// Attempt enabling
Don't write salts in initialization, look up on demand (#2702)
2017-05-09 21:51:09 +00:00
if err := b.Core.enableCredential(me); err != nil {
Convert to logxi
2016-08-19 20:45:17 +00:00
b.Backend.Logger().Error("sys: enable auth mount failed", "path", me.Path, "error", err)
This adds a new error class which can be used by logical backends to specify more concrete error cases to make their way back up the stack. Over time there is probably a cleaner way of doing this, but that's looking like a more massive rewrite and this solves some issues in the meantime. Use a CodedError to return a more concrete HTTP return code for operations you want to do so. Returning a regular error leaves the existing behavior in place.
2015-08-10 17:27:25 +00:00
return handleError(err)
vault: implement the sys/auth* endpoints
2015-03-20 19:48:19 +00:00
}
return nil, nil
}
// handleDisableAuth is used to disable a credential backend
func (b *SystemBackend) handleDisableAuth(
req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
Cleaning up logical and auth unmount functions (#2994)
2017-07-13 17:57:14 +00:00
path := data.Get("path").(string)
path = sanitizeMountPath(path)
fullPath := credentialRoutePrefix + path
Update locking components from DR replication changes (#3283) * Update locking components from DR replication changes * Fix plugin backend test * Add a comment about needing the statelock:
2017-09-04 23:38:37 +00:00
repState := b.Core.replicationState
Cleaning up logical and auth unmount functions (#2994)
2017-07-13 17:57:14 +00:00
entry := b.Core.router.MatchingMountEntry(fullPath)
Update locking components from DR replication changes (#3283) * Update locking components from DR replication changes * Fix plugin backend test * Add a comment about needing the statelock:
2017-09-04 23:38:37 +00:00
if entry != nil && !entry.Local && repState.HasState(consts.ReplicationPerformanceSecondary) {
Cleaning up logical and auth unmount functions (#2994)
2017-07-13 17:57:14 +00:00
return logical.ErrorResponse("cannot unmount a non-local mount on a replication secondary"), nil
vault: implement the sys/auth* endpoints
2015-03-20 19:48:19 +00:00
}
Cleaning up logical and auth unmount functions (#2994)
2017-07-13 17:57:14 +00:00
// We return success when the mount does not exists to not expose if the
// mount existed or not
match := b.Core.router.MatchingMount(fullPath)
if match == "" || fullPath != match {
return nil, nil
}
Create a unified function to sanitize mount paths. This allows mount paths to start with '/' in addition to ensuring they end in '/' before leaving the system backend.
2016-03-03 18:13:47 +00:00
vault: implement the sys/auth* endpoints
2015-03-20 19:48:19 +00:00
// Attempt disable
Cleaning up logical and auth unmount functions (#2994)
2017-07-13 17:57:14 +00:00
if err := b.Core.disableCredential(path); err != nil {
b.Backend.Logger().Error("sys: disable auth mount failed", "path", path, "error", err)
This adds a new error class which can be used by logical backends to specify more concrete error cases to make their way back up the stack. Over time there is probably a cleaner way of doing this, but that's looking like a more massive rewrite and this solves some issues in the meantime. Use a CodedError to return a more concrete HTTP return code for operations you want to do so. Returning a regular error leaves the existing behavior in place.
2015-08-10 17:27:25 +00:00
return handleError(err)
vault: implement the sys/auth* endpoints
2015-03-20 19:48:19 +00:00
}
return nil, nil
}
vault: Support policy CRUD
2015-03-23 21:43:31 +00:00
// handlePolicyList handles the "policy" endpoint to provide the enabled policies
func (b *SystemBackend) handlePolicyList(
req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
// Get all the configured policies
Rename core's 'policy' to 'policyStore' for clarification
2015-11-06 16:52:26 +00:00
policies, err := b.Core.policyStore.ListPolicies()
vault: Support policy CRUD
2015-03-23 21:43:31 +00:00
// Add the special "root" policy
policies = append(policies, "root")
Remove sys_policy from special handling as it's implemented in logical_system too. Clean up the mux handlers.
2016-03-02 19:16:54 +00:00
resp := logical.ListResponse(policies)
// Backwords compatibility
resp.Data["policies"] = resp.Data["keys"]
return resp, err
vault: Support policy CRUD
2015-03-23 21:43:31 +00:00
}
// handlePolicyRead handles the "policy/<name>" endpoint to read a policy
func (b *SystemBackend) handlePolicyRead(
req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
name := data.Get("name").(string)
Rename core's 'policy' to 'policyStore' for clarification
2015-11-06 16:52:26 +00:00
policy, err := b.Core.policyStore.GetPolicy(name)
vault: Support policy CRUD
2015-03-23 21:43:31 +00:00
if err != nil {
This adds a new error class which can be used by logical backends to specify more concrete error cases to make their way back up the stack. Over time there is probably a cleaner way of doing this, but that's looking like a more massive rewrite and this solves some issues in the meantime. Use a CodedError to return a more concrete HTTP return code for operations you want to do so. Returning a regular error leaves the existing behavior in place.
2015-08-10 17:27:25 +00:00
return handleError(err)
vault: Support policy CRUD
2015-03-23 21:43:31 +00:00
}
if policy == nil {
return nil, nil
}
return &logical.Response{
Data: map[string]interface{}{
Properly lowercase policy names. (#3210) Previously we lowercased names on ingress but not on lookup or delete which could cause unexpected results. Now, just unilaterally lowercase policy names on write and delete. On get, to avoid the performance hit of always lowercasing when not necessary since it's in the critical path, we have a minor optimization -- we check the LRU first before normalizing. For tokens, because they're already normalized when adding policies during creation, this should always work; it might just be slower for API calls. Fixes #3187
2017-08-18 23:47:23 +00:00
"name": policy.Name,
vault: Support policy CRUD
2015-03-23 21:43:31 +00:00
"rules": policy.Raw,
},
}, nil
}
// handlePolicySet handles the "policy/<name>" endpoint to set a policy
func (b *SystemBackend) handlePolicySet(
req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
name := data.Get("name").(string)
Input checks for policy rules (#2771) * Input checks for policy rules * Address review feedback
2017-05-26 14:48:41 +00:00
rulesRaw, ok := data.GetOk("rules")
if !ok {
return logical.ErrorResponse("'rules' parameter not supplied"), nil
}
rules := rulesRaw.(string)
if rules == "" {
return logical.ErrorResponse("'rules' parameter empty"), nil
}
vault: Support policy CRUD
2015-03-23 21:43:31 +00:00
// Validate the rules parse
parse, err := Parse(rules)
if err != nil {
This adds a new error class which can be used by logical backends to specify more concrete error cases to make their way back up the stack. Over time there is probably a cleaner way of doing this, but that's looking like a more massive rewrite and this solves some issues in the meantime. Use a CodedError to return a more concrete HTTP return code for operations you want to do so. Returning a regular error leaves the existing behavior in place.
2015-08-10 17:27:25 +00:00
return handleError(err)
vault: Support policy CRUD
2015-03-23 21:43:31 +00:00
}
Properly lowercase policy names. (#3210) Previously we lowercased names on ingress but not on lookup or delete which could cause unexpected results. Now, just unilaterally lowercase policy names on write and delete. On get, to avoid the performance hit of always lowercasing when not necessary since it's in the critical path, we have a minor optimization -- we check the LRU first before normalizing. For tokens, because they're already normalized when adding policies during creation, this should always work; it might just be slower for API calls. Fixes #3187
2017-08-18 23:47:23 +00:00
if name != "" {
parse.Name = name
}
vault: Support policy CRUD
2015-03-23 21:43:31 +00:00
// Update the policy
Rename core's 'policy' to 'policyStore' for clarification
2015-11-06 16:52:26 +00:00
if err := b.Core.policyStore.SetPolicy(parse); err != nil {
This adds a new error class which can be used by logical backends to specify more concrete error cases to make their way back up the stack. Over time there is probably a cleaner way of doing this, but that's looking like a more massive rewrite and this solves some issues in the meantime. Use a CodedError to return a more concrete HTTP return code for operations you want to do so. Returning a regular error leaves the existing behavior in place.
2015-08-10 17:27:25 +00:00
return handleError(err)
vault: Support policy CRUD
2015-03-23 21:43:31 +00:00
}
return nil, nil
}
// handlePolicyDelete handles the "policy/<name>" endpoint to delete a policy
func (b *SystemBackend) handlePolicyDelete(
req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
name := data.Get("name").(string)
Add wrapping through core and change to use TTL instead of Duration.
2016-05-02 04:08:07 +00:00
Rename core's 'policy' to 'policyStore' for clarification
2015-11-06 16:52:26 +00:00
if err := b.Core.policyStore.DeletePolicy(name); err != nil {
This adds a new error class which can be used by logical backends to specify more concrete error cases to make their way back up the stack. Over time there is probably a cleaner way of doing this, but that's looking like a more massive rewrite and this solves some issues in the meantime. Use a CodedError to return a more concrete HTTP return code for operations you want to do so. Returning a regular error leaves the existing behavior in place.
2015-08-10 17:27:25 +00:00
return handleError(err)
vault: Support policy CRUD
2015-03-23 21:43:31 +00:00
}
return nil, nil
}
vault: Adding sys/ paths to enable/disable audit backends
2015-03-31 23:45:00 +00:00
// handleAuditTable handles the "audit" endpoint to provide the audit table
func (b *SystemBackend) handleAuditTable(
req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
Rearchitect MountTable locking and fix rollback. The rollback manager was using a saved MountTable rather than the current table, causing it to attempt to rollback unmounted mounts, and never rollback new mounts. In fixing this, it became clear that bad things could happen to the mount table...the table itself could be locked, but the table pointer (which is what the rollback manager needs) could be modified at any time without locking. This commit therefore also returns locking to a mutex outside the table instead of inside, and plumbs RLock/RUnlock through to the various places that are reading the table but not holding a write lock. Both unit tests and race detection pass. Fixes #771
2015-11-11 16:44:07 +00:00
b.Core.auditLock.RLock()
defer b.Core.auditLock.RUnlock()
vault: Adding sys/ paths to enable/disable audit backends
2015-03-31 23:45:00 +00:00
resp := &logical.Response{
Data: make(map[string]interface{}),
}
for _, entry := range b.Core.audit.Entries {
info := map[string]interface{}{
Rename id to path and path to file_path, print audit backend paths
2016-03-14 21:15:07 +00:00
"path": entry.Path,
vault: Adding sys/ paths to enable/disable audit backends
2015-03-31 23:45:00 +00:00
"type": entry.Type,
"description": entry.Description,
"options": entry.Options,
More porting from rep (#2388) * More porting from rep * Address review feedback
2017-02-16 21:29:30 +00:00
"local": entry.Local,
vault: Adding sys/ paths to enable/disable audit backends
2015-03-31 23:45:00 +00:00
}
resp.Data[entry.Path] = info
}
return resp, nil
}
Reintroduce the ability to look up obfuscated values in the audit log with a new endpoint '/sys/audit-hash', which returns the given input string hashed with the given audit backend's hash function and salt (currently, always HMAC-SHA256 and a backend-specific salt). In the process of adding the HTTP handler, this also removes the custom HTTP handlers for the other audit endpoints, which were simply forwarding to the logical system backend. This means that the various audit functions will now redirect correctly from a standby to master. (Tests all pass.) Fixes #784
2015-11-19 01:26:03 +00:00
// handleAuditHash is used to fetch the hash of the given input data with the
// specified audit backend's salt
func (b *SystemBackend) handleAuditHash(
req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
path := data.Get("path").(string)
input := data.Get("input").(string)
if input == "" {
return logical.ErrorResponse("the \"input\" parameter is empty"), nil
}
Create a unified function to sanitize mount paths. This allows mount paths to start with '/' in addition to ensuring they end in '/' before leaving the system backend.
2016-03-03 18:13:47 +00:00
path = sanitizeMountPath(path)
Reintroduce the ability to look up obfuscated values in the audit log with a new endpoint '/sys/audit-hash', which returns the given input string hashed with the given audit backend's hash function and salt (currently, always HMAC-SHA256 and a backend-specific salt). In the process of adding the HTTP handler, this also removes the custom HTTP handlers for the other audit endpoints, which were simply forwarding to the logical system backend. This means that the various audit functions will now redirect correctly from a standby to master. (Tests all pass.) Fixes #784
2015-11-19 01:26:03 +00:00
hash, err := b.Core.auditBroker.GetHash(path, input)
if err != nil {
return logical.ErrorResponse(err.Error()), nil
}
return &logical.Response{
Data: map[string]interface{}{
"hash": hash,
},
}, nil
}
vault: Adding sys/ paths to enable/disable audit backends
2015-03-31 23:45:00 +00:00
// handleEnableAudit is used to enable a new audit backend
func (b *SystemBackend) handleEnableAudit(
req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
More porting from rep (#2388) * More porting from rep * Address review feedback
2017-02-16 21:29:30 +00:00
repState := b.Core.replicationState
local := data.Get("local").(bool)
Update locking components from DR replication changes (#3283) * Update locking components from DR replication changes * Fix plugin backend test * Add a comment about needing the statelock:
2017-09-04 23:38:37 +00:00
if !local && repState.HasState(consts.ReplicationPerformanceSecondary) {
More porting from rep (#2388) * More porting from rep * Address review feedback
2017-02-16 21:29:30 +00:00
return logical.ErrorResponse("cannot add a non-local mount to a replication secondary"), nil
}
vault: Adding sys/ paths to enable/disable audit backends
2015-03-31 23:45:00 +00:00
// Get all the options
path := data.Get("path").(string)
backendType := data.Get("type").(string)
description := data.Get("description").(string)
options := data.Get("options").(map[string]interface{})
optionMap := make(map[string]string)
for k, v := range options {
vStr, ok := v.(string)
if !ok {
return logical.ErrorResponse("options must be string valued"),
logical.ErrInvalidRequest
}
optionMap[k] = vStr
}
// Create the mount entry
me := &MountEntry{
Add to auth/audit too
2016-05-26 17:38:51 +00:00
Table: auditTableType,
vault: Adding sys/ paths to enable/disable audit backends
2015-03-31 23:45:00 +00:00
Path: path,
Type: backendType,
Description: description,
Options: optionMap,
More porting from rep (#2388) * More porting from rep * Address review feedback
2017-02-16 21:29:30 +00:00
Local: local,
vault: Adding sys/ paths to enable/disable audit backends
2015-03-31 23:45:00 +00:00
}
// Attempt enabling
if err := b.Core.enableAudit(me); err != nil {
Convert to logxi
2016-08-19 20:45:17 +00:00
b.Backend.Logger().Error("sys: enable audit mount failed", "path", me.Path, "error", err)
This adds a new error class which can be used by logical backends to specify more concrete error cases to make their way back up the stack. Over time there is probably a cleaner way of doing this, but that's looking like a more massive rewrite and this solves some issues in the meantime. Use a CodedError to return a more concrete HTTP return code for operations you want to do so. Returning a regular error leaves the existing behavior in place.
2015-08-10 17:27:25 +00:00
return handleError(err)
vault: Adding sys/ paths to enable/disable audit backends
2015-03-31 23:45:00 +00:00
}
return nil, nil
}
// handleDisableAudit is used to disable an audit backend
func (b *SystemBackend) handleDisableAudit(
req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
path := data.Get("path").(string)
// Attempt disable
Follow Vault convention on `DELETE` being idempotent (#1903) * Follow Vault convention on `DELETE` being idempotent with audit/auth/mounts deletes (a.k.a. disabling/unmounting).
2016-09-19 17:02:25 +00:00
if existed, err := b.Core.disableAudit(path); existed && err != nil {
Convert to logxi
2016-08-19 20:45:17 +00:00
b.Backend.Logger().Error("sys: disable audit mount failed", "path", path, "error", err)
This adds a new error class which can be used by logical backends to specify more concrete error cases to make their way back up the stack. Over time there is probably a cleaner way of doing this, but that's looking like a more massive rewrite and this solves some issues in the meantime. Use a CodedError to return a more concrete HTTP return code for operations you want to do so. Returning a regular error leaves the existing behavior in place.
2015-08-10 17:27:25 +00:00
return handleError(err)
vault: Adding sys/ paths to enable/disable audit backends
2015-03-31 23:45:00 +00:00
}
return nil, nil
}
vault: Adding the raw/ endpoints to sys
2015-04-02 00:44:43 +00:00
// handleRawRead is used to read directly from the barrier
func (b *SystemBackend) handleRawRead(
req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
path := data.Get("path").(string)
vault: prevent raw access to protected paths
2015-05-28 17:24:41 +00:00
// Prevent access of protected paths
for _, p := range protectedPaths {
if strings.HasPrefix(path, p) {
err := fmt.Sprintf("cannot read '%s'", path)
return logical.ErrorResponse(err), logical.ErrInvalidRequest
}
}
vault: Adding the raw/ endpoints to sys
2015-04-02 00:44:43 +00:00
entry, err := b.Core.barrier.Get(path)
if err != nil {
This adds a new error class which can be used by logical backends to specify more concrete error cases to make their way back up the stack. Over time there is probably a cleaner way of doing this, but that's looking like a more massive rewrite and this solves some issues in the meantime. Use a CodedError to return a more concrete HTTP return code for operations you want to do so. Returning a regular error leaves the existing behavior in place.
2015-08-10 17:27:25 +00:00
return handleError(err)
vault: Adding the raw/ endpoints to sys
2015-04-02 00:44:43 +00:00
}
if entry == nil {
return nil, nil
}
resp := &logical.Response{
Data: map[string]interface{}{
"value": string(entry.Value),
},
}
return resp, nil
}
// handleRawWrite is used to write directly to the barrier
func (b *SystemBackend) handleRawWrite(
req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
path := data.Get("path").(string)
vault: prevent raw access to protected paths
2015-05-28 17:24:41 +00:00
// Prevent access of protected paths
for _, p := range protectedPaths {
if strings.HasPrefix(path, p) {
err := fmt.Sprintf("cannot write '%s'", path)
return logical.ErrorResponse(err), logical.ErrInvalidRequest
}
}
vault: Adding the raw/ endpoints to sys
2015-04-02 00:44:43 +00:00
value := data.Get("value").(string)
entry := &Entry{
Key: path,
Value: []byte(value),
}
if err := b.Core.barrier.Put(entry); err != nil {
return logical.ErrorResponse(err.Error()), logical.ErrInvalidRequest
}
return nil, nil
}
// handleRawDelete is used to delete directly from the barrier
func (b *SystemBackend) handleRawDelete(
req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
path := data.Get("path").(string)
vault: prevent raw access to protected paths
2015-05-28 17:24:41 +00:00
// Prevent access of protected paths
for _, p := range protectedPaths {
if strings.HasPrefix(path, p) {
err := fmt.Sprintf("cannot delete '%s'", path)
return logical.ErrorResponse(err), logical.ErrInvalidRequest
}
}
vault: Adding the raw/ endpoints to sys
2015-04-02 00:44:43 +00:00
if err := b.Core.barrier.Delete(path); err != nil {
This adds a new error class which can be used by logical backends to specify more concrete error cases to make their way back up the stack. Over time there is probably a cleaner way of doing this, but that's looking like a more massive rewrite and this solves some issues in the meantime. Use a CodedError to return a more concrete HTTP return code for operations you want to do so. Returning a regular error leaves the existing behavior in place.
2015-08-10 17:27:25 +00:00
return handleError(err)
vault: Adding the raw/ endpoints to sys
2015-04-02 00:44:43 +00:00
}
return nil, nil
}
Disable the `sys/raw` endpoint by default (#3329) * disable raw endpoint by default * adding docs * config option raw -> raw_storage_endpoint * docs updates * adding listing on raw endpoint * reworking tests for enabled raw endpoints * root protecting base raw endpoint
2017-09-15 04:21:35 +00:00
// handleRawList is used to list directly from the barrier
func (b *SystemBackend) handleRawList(
req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
path := data.Get("path").(string)
if path != "" && !strings.HasSuffix(path, "/") {
path = path + "/"
}
// Prevent access of protected paths
for _, p := range protectedPaths {
if strings.HasPrefix(path, p) {
err := fmt.Sprintf("cannot list '%s'", path)
return logical.ErrorResponse(err), logical.ErrInvalidRequest
}
}
keys, err := b.Core.barrier.List(path)
if err != nil {
return handleError(err)
}
return logical.ListResponse(keys), nil
}
vault: adding sys/key-status and sys/rotate
2015-05-28 00:53:42 +00:00
// handleKeyStatus returns status information about the backend key
func (b *SystemBackend) handleKeyStatus(
req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
// Get the key info
info, err := b.Core.barrier.ActiveKeyInfo()
if err != nil {
return nil, err
}
resp := &logical.Response{
Data: map[string]interface{}{
"term": info.Term,
Use RFC3339Nano for better precision
2016-07-25 18:11:57 +00:00
"install_time": info.InstallTime.Format(time.RFC3339Nano),
vault: adding sys/key-status and sys/rotate
2015-05-28 00:53:42 +00:00
},
}
return resp, nil
}
// handleRotate is used to trigger a key rotation
func (b *SystemBackend) handleRotate(
req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
More porting from rep (#2388) * More porting from rep * Address review feedback
2017-02-16 21:29:30 +00:00
repState := b.Core.replicationState
Update locking components from DR replication changes (#3283) * Update locking components from DR replication changes * Fix plugin backend test * Add a comment about needing the statelock:
2017-09-04 23:38:37 +00:00
if repState.HasState(consts.ReplicationPerformanceSecondary) {
More porting from rep (#2388) * More porting from rep * Address review feedback
2017-02-16 21:29:30 +00:00
return logical.ErrorResponse("cannot rotate on a replication secondary"), nil
}
vault: create upgrade path in HA mode
2015-05-28 23:43:15 +00:00
// Rotate to the new term
newTerm, err := b.Core.barrier.Rotate()
if err != nil {
Convert to logxi
2016-08-19 20:45:17 +00:00
b.Backend.Logger().Error("sys: failed to create new encryption key", "error", err)
This adds a new error class which can be used by logical backends to specify more concrete error cases to make their way back up the stack. Over time there is probably a cleaner way of doing this, but that's looking like a more massive rewrite and this solves some issues in the meantime. Use a CodedError to return a more concrete HTTP return code for operations you want to do so. Returning a regular error leaves the existing behavior in place.
2015-08-10 17:27:25 +00:00
return handleError(err)
vault: adding sys/key-status and sys/rotate
2015-05-28 00:53:42 +00:00
}
Convert to logxi
2016-08-19 20:45:17 +00:00
b.Backend.Logger().Info("sys: installed new encryption key")
vault: create upgrade path in HA mode
2015-05-28 23:43:15 +00:00
Begin factoring out sys paths into logical routes. Also, standardize on 307 as redirect code.
2015-08-20 20:20:35 +00:00
// In HA mode, we need to an upgrade path for the standby instances
vault: create upgrade path in HA mode
2015-05-28 23:43:15 +00:00
if b.Core.ha != nil {
// Create the upgrade path to the new term
if err := b.Core.barrier.CreateUpgrade(newTerm); err != nil {
Convert to logxi
2016-08-19 20:45:17 +00:00
b.Backend.Logger().Error("sys: failed to create new upgrade", "term", newTerm, "error", err)
vault: create upgrade path in HA mode
2015-05-28 23:43:15 +00:00
}
// Schedule the destroy of the upgrade path
time.AfterFunc(keyRotateGracePeriod, func() {
if err := b.Core.barrier.DestroyUpgrade(newTerm); err != nil {
Convert to logxi
2016-08-19 20:45:17 +00:00
b.Backend.Logger().Error("sys: failed to destroy upgrade", "term", newTerm, "error", err)
vault: create upgrade path in HA mode
2015-05-28 23:43:15 +00:00
}
})
}
More porting from rep (#2388) * More porting from rep * Address review feedback
2017-02-16 21:29:30 +00:00
// Write to the canary path, which will force a synchronous truing during
// replication
if err := b.Core.barrier.Put(&Entry{
Key: coreKeyringCanaryPath,
Value: []byte(fmt.Sprintf("new-rotation-term-%d", newTerm)),
}); err != nil {
b.Core.logger.Error("core: error saving keyring canary", "error", err)
return nil, fmt.Errorf("failed to save keyring canary: %v", err)
}
vault: adding sys/key-status and sys/rotate
2015-05-28 00:53:42 +00:00
return nil, nil
}
JWT wrapping tokens (#2172)
2017-01-04 21:44:03 +00:00
func (b *SystemBackend) handleWrappingPubkey(
req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
x, _ := b.Core.wrappingJWTKey.X.MarshalText()
y, _ := b.Core.wrappingJWTKey.Y.MarshalText()
return &logical.Response{
Data: map[string]interface{}{
"jwt_x": string(x),
"jwt_y": string(y),
"jwt_curve": corePrivateKeyTypeP521,
},
}, nil
}
Wrapping enhancements (#1927)
2016-09-29 04:01:28 +00:00
func (b *SystemBackend) handleWrappingWrap(
req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
JWT wrapping tokens (#2172)
2017-01-04 21:44:03 +00:00
if req.WrapInfo == nil || req.WrapInfo.TTL == 0 {
Wrapping enhancements (#1927)
2016-09-29 04:01:28 +00:00
return logical.ErrorResponse("endpoint requires response wrapping to be used"), logical.ErrInvalidRequest
}
Add comment around not allowing users to create JWT wrapping tokens
2017-02-22 16:13:40 +00:00
// N.B.: Do *NOT* allow JWT wrapping tokens to be created through this
// endpoint. JWTs are signed so if we don't allow users to create wrapping
// tokens using them we can ensure that an operator can't spoof a legit JWT
// wrapped token, which makes certain init/rekey/generate-root cases have
// better properties.
req.WrapInfo.Format = "uuid"
Wrapping enhancements (#1927)
2016-09-29 04:01:28 +00:00
return &logical.Response{
Data: data.Raw,
}, nil
}
func (b *SystemBackend) handleWrappingUnwrap(
req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
// If a third party is unwrapping (rather than the calling token being the
// wrapping token) we detect this so that we can revoke the original
// wrapping token after reading it
var thirdParty bool
token := data.Get("token").(string)
if token != "" {
thirdParty = true
} else {
token = req.ClientToken
}
if thirdParty {
// Use the token to decrement the use count to avoid a second operation on the token.
_, err := b.Core.tokenStore.UseTokenByID(token)
if err != nil {
return nil, fmt.Errorf("error decrementing wrapping token's use-count: %v", err)
}
defer b.Core.tokenStore.Revoke(token)
}
cubbyReq := &logical.Request{
Operation: logical.ReadOperation,
Path: "cubbyhole/response",
ClientToken: token,
}
cubbyResp, err := b.Core.router.Route(cubbyReq)
if err != nil {
return nil, fmt.Errorf("error looking up wrapping information: %v", err)
}
if cubbyResp == nil {
return logical.ErrorResponse("no information found; wrapping token may be from a previous Vault version"), nil
}
if cubbyResp != nil && cubbyResp.IsError() {
return cubbyResp, nil
}
if cubbyResp.Data == nil {
return logical.ErrorResponse("wrapping information was nil; wrapping token may be from a previous Vault version"), nil
}
responseRaw := cubbyResp.Data["response"]
if responseRaw == nil {
return nil, fmt.Errorf("no response found inside the cubbyhole")
}
response, ok := responseRaw.(string)
if !ok {
return nil, fmt.Errorf("could not decode response inside the cubbyhole")
}
resp := &logical.Response{
Data: map[string]interface{}{},
}
if len(response) == 0 {
resp.Data[logical.HTTPStatusCode] = 204
} else {
resp.Data[logical.HTTPStatusCode] = 200
resp.Data[logical.HTTPRawBody] = []byte(response)
resp.Data[logical.HTTPContentType] = "application/json"
}
return resp, nil
}
func (b *SystemBackend) handleWrappingLookup(
req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
Make sys/wrapping/lookup unauthenticated. (#3084) We still perform validation on the token, so if the call makes it through to this endpoint it's got a valid token (either explicitly specified in data or as the request token). But this allows introspection for sanity/safety checking without revoking the token in the process.
2017-07-31 20:16:16 +00:00
// This ordering of lookups has been validated already in the wrapping
// validation func, we're just doing this for a safety check
Wrapping enhancements (#1927)
2016-09-29 04:01:28 +00:00
token := data.Get("token").(string)
if token == "" {
Make sys/wrapping/lookup unauthenticated. (#3084) We still perform validation on the token, so if the call makes it through to this endpoint it's got a valid token (either explicitly specified in data or as the request token). But this allows introspection for sanity/safety checking without revoking the token in the process.
2017-07-31 20:16:16 +00:00
token = req.ClientToken
if token == "" {
return logical.ErrorResponse("missing \"token\" value in input"), logical.ErrInvalidRequest
}
Wrapping enhancements (#1927)
2016-09-29 04:01:28 +00:00
}
cubbyReq := &logical.Request{
Operation: logical.ReadOperation,
Path: "cubbyhole/wrapinfo",
ClientToken: token,
}
cubbyResp, err := b.Core.router.Route(cubbyReq)
if err != nil {
return nil, fmt.Errorf("error looking up wrapping information: %v", err)
}
if cubbyResp == nil {
return logical.ErrorResponse("no information found; wrapping token may be from a previous Vault version"), nil
}
if cubbyResp != nil && cubbyResp.IsError() {
return cubbyResp, nil
}
if cubbyResp.Data == nil {
return logical.ErrorResponse("wrapping information was nil; wrapping token may be from a previous Vault version"), nil
}
creationTTLRaw := cubbyResp.Data["creation_ttl"]
creationTime := cubbyResp.Data["creation_time"]
Store original request path in WrapInfo (#3100) * Store original request path in WrapInfo as CreationPath * Add wrapping_token_creation_path to CLI output * Add CreationPath to AuditResponseWrapInfo * Fix tests * Add and fix tests, update API docs with new sample responses
2017-08-02 22:28:58 +00:00
creationPath := cubbyResp.Data["creation_path"]
Wrapping enhancements (#1927)
2016-09-29 04:01:28 +00:00
resp := &logical.Response{
Data: map[string]interface{}{},
}
if creationTTLRaw != nil {
creationTTL, err := creationTTLRaw.(json.Number).Int64()
if err != nil {
return nil, fmt.Errorf("error reading creation_ttl value from wrapping information: %v", err)
}
resp.Data["creation_ttl"] = time.Duration(creationTTL).Seconds()
}
if creationTime != nil {
// This was JSON marshaled so it's already a string in RFC3339 format
resp.Data["creation_time"] = cubbyResp.Data["creation_time"]
}
Store original request path in WrapInfo (#3100) * Store original request path in WrapInfo as CreationPath * Add wrapping_token_creation_path to CLI output * Add CreationPath to AuditResponseWrapInfo * Fix tests * Add and fix tests, update API docs with new sample responses
2017-08-02 22:28:58 +00:00
if creationPath != nil {
resp.Data["creation_path"] = cubbyResp.Data["creation_path"]
}
Wrapping enhancements (#1927)
2016-09-29 04:01:28 +00:00
return resp, nil
}
func (b *SystemBackend) handleWrappingRewrap(
req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
// If a third party is rewrapping (rather than the calling token being the
// wrapping token) we detect this so that we can revoke the original
// wrapping token after reading it. Right now wrapped tokens can't unwrap
// themselves, but in case we change it, this will be ready to do the right
// thing.
var thirdParty bool
token := data.Get("token").(string)
if token != "" {
thirdParty = true
} else {
token = req.ClientToken
}
if thirdParty {
// Use the token to decrement the use count to avoid a second operation on the token.
_, err := b.Core.tokenStore.UseTokenByID(token)
if err != nil {
return nil, fmt.Errorf("error decrementing wrapping token's use-count: %v", err)
}
defer b.Core.tokenStore.Revoke(token)
}
// Fetch the original TTL
cubbyReq := &logical.Request{
Operation: logical.ReadOperation,
Path: "cubbyhole/wrapinfo",
ClientToken: token,
}
cubbyResp, err := b.Core.router.Route(cubbyReq)
if err != nil {
return nil, fmt.Errorf("error looking up wrapping information: %v", err)
}
if cubbyResp == nil {
return logical.ErrorResponse("no information found; wrapping token may be from a previous Vault version"), nil
}
if cubbyResp != nil && cubbyResp.IsError() {
return cubbyResp, nil
}
if cubbyResp.Data == nil {
return logical.ErrorResponse("wrapping information was nil; wrapping token may be from a previous Vault version"), nil
}
// Set the creation TTL on the request
creationTTLRaw := cubbyResp.Data["creation_ttl"]
if creationTTLRaw == nil {
return nil, fmt.Errorf("creation_ttl value in wrapping information was nil")
}
creationTTL, err := cubbyResp.Data["creation_ttl"].(json.Number).Int64()
if err != nil {
return nil, fmt.Errorf("error reading creation_ttl value from wrapping information: %v", err)
}
Store original request path in WrapInfo (#3100) * Store original request path in WrapInfo as CreationPath * Add wrapping_token_creation_path to CLI output * Add CreationPath to AuditResponseWrapInfo * Fix tests * Add and fix tests, update API docs with new sample responses
2017-08-02 22:28:58 +00:00
// Get creation_path to return as the response later
creationPathRaw := cubbyResp.Data["creation_path"]
if creationPathRaw == nil {
return nil, fmt.Errorf("creation_path value in wrapping information was nil")
}
creationPath := creationPathRaw.(string)
Wrapping enhancements (#1927)
2016-09-29 04:01:28 +00:00
// Fetch the original response and return it as the data for the new response
cubbyReq = &logical.Request{
Operation: logical.ReadOperation,
Path: "cubbyhole/response",
ClientToken: token,
}
cubbyResp, err = b.Core.router.Route(cubbyReq)
if err != nil {
return nil, fmt.Errorf("error looking up response: %v", err)
}
if cubbyResp == nil {
return logical.ErrorResponse("no information found; wrapping token may be from a previous Vault version"), nil
}
if cubbyResp != nil && cubbyResp.IsError() {
return cubbyResp, nil
}
if cubbyResp.Data == nil {
return logical.ErrorResponse("wrapping information was nil; wrapping token may be from a previous Vault version"), nil
}
response := cubbyResp.Data["response"]
if response == nil {
return nil, fmt.Errorf("no response found inside the cubbyhole")
}
// Return response in "response"; wrapping code will detect the rewrap and
// slot in instead of nesting
return &logical.Response{
Data: map[string]interface{}{
"response": response,
},
Update the ResponseWrapData function to return a wrapping.ResponseWrapInfo object
2017-04-24 19:15:01 +00:00
WrapInfo: &wrapping.ResponseWrapInfo{
Store original request path in WrapInfo (#3100) * Store original request path in WrapInfo as CreationPath * Add wrapping_token_creation_path to CLI output * Add CreationPath to AuditResponseWrapInfo * Fix tests * Add and fix tests, update API docs with new sample responses
2017-08-02 22:28:58 +00:00
TTL: time.Duration(creationTTL),
CreationPath: creationPath,
Allow wrapping to be specified by backends, and take the lesser of the request/response times (#2088)
2016-11-11 20:12:11 +00:00
},
Wrapping enhancements (#1927)
2016-09-29 04:01:28 +00:00
}, nil
}
copying general purpose tools from transit backend to /sys/tools (#3391)
2017-10-20 14:59:17 +00:00
func (b *SystemBackend) pathHashWrite(
req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
inputB64 := d.Get("input").(string)
format := d.Get("format").(string)
algorithm := d.Get("urlalgorithm").(string)
if algorithm == "" {
algorithm = d.Get("algorithm").(string)
}
input, err := base64.StdEncoding.DecodeString(inputB64)
if err != nil {
return logical.ErrorResponse(fmt.Sprintf("unable to decode input as base64: %s", err)), logical.ErrInvalidRequest
}
switch format {
case "hex":
case "base64":
default:
return logical.ErrorResponse(fmt.Sprintf("unsupported encoding format %s; must be \"hex\" or \"base64\"", format)), nil
}
var hf hash.Hash
switch algorithm {
case "sha2-224":
hf = sha256.New224()
case "sha2-256":
hf = sha256.New()
case "sha2-384":
hf = sha512.New384()
case "sha2-512":
hf = sha512.New()
default:
return logical.ErrorResponse(fmt.Sprintf("unsupported algorithm %s", algorithm)), nil
}
hf.Write(input)
retBytes := hf.Sum(nil)
var retStr string
switch format {
case "hex":
retStr = hex.EncodeToString(retBytes)
case "base64":
retStr = base64.StdEncoding.EncodeToString(retBytes)
}
// Generate the response
resp := &logical.Response{
Data: map[string]interface{}{
"sum": retStr,
},
}
return resp, nil
}
func (b *SystemBackend) pathRandomWrite(
req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
bytes := 0
var err error
strBytes := d.Get("urlbytes").(string)
if strBytes != "" {
bytes, err = strconv.Atoi(strBytes)
if err != nil {
return logical.ErrorResponse(fmt.Sprintf("error parsing url-set byte count: %s", err)), nil
}
} else {
bytes = d.Get("bytes").(int)
}
format := d.Get("format").(string)
if bytes < 1 {
return logical.ErrorResponse(`"bytes" cannot be less than 1`), nil
}
switch format {
case "hex":
case "base64":
default:
return logical.ErrorResponse(fmt.Sprintf("unsupported encoding format %s; must be \"hex\" or \"base64\"", format)), nil
}
randBytes, err := uuid.GenerateRandomBytes(bytes)
if err != nil {
return nil, err
}
var retStr string
switch format {
case "hex":
retStr = hex.EncodeToString(randBytes)
case "base64":
retStr = base64.StdEncoding.EncodeToString(randBytes)
}
// Generate the response
resp := &logical.Response{
Data: map[string]interface{}{
"random_bytes": retStr,
},
}
return resp, nil
}
Create a unified function to sanitize mount paths. This allows mount paths to start with '/' in addition to ensuring they end in '/' before leaving the system backend.
2016-03-03 18:13:47 +00:00
func sanitizeMountPath(path string) string {
if !strings.HasSuffix(path, "/") {
path += "/"
}
if strings.HasPrefix(path, "/") {
path = path[1:]
}
return path
}
logical/framework: make help look nicer
2015-04-04 04:00:23 +00:00
const sysHelpRoot = `
The system backend is built-in to Vault and cannot be remounted or
unmounted. It contains the paths that are used to configure Vault itself
as well as perform core operations.
`
vault: system using the framework
2015-03-16 00:35:59 +00:00
// sysHelp is all the help text for the sys backend.
var sysHelp = map[string][2]string{
Cors headers (#2021)
2017-06-17 04:04:55 +00:00
"config/cors": {
"Configures or returns the current configuration of CORS settings.",
`
This path responds to the following HTTP methods.
GET /
Returns the configuration of the CORS setting.
POST /
Sets the comma-separated list of origins that can make cross-origin requests.
DELETE /
Clears the CORS configuration and disables acceptance of CORS requests.
`,
},
Add missing path-helps and clarify subpaths in tables
2016-04-13 21:15:54 +00:00
"init": {
"Initializes or returns the initialization status of the Vault.",
`
This path responds to the following HTTP methods.
GET /
Returns the initialization status of the Vault.
POST /
Initializes a new vault.
`,
},
"generate-root": {
"Reads, generates, or deletes a root token regeneration process.",
`
This path responds to multiple HTTP methods which change the behavior. Those
HTTP methods are listed below.
GET /attempt
Reads the configuration and progress of the current root generation
attempt.
POST /attempt
Initializes a new root generation attempt. Only a single root generation
attempt can take place at a time. One (and only one) of otp or pgp_key
are required.
DELETE /attempt
Cancels any in-progress root generation attempt. This clears any
progress made. This must be called to change the OTP or PGP key being
used.
`,
},
"seal-status": {
"Returns the seal status of the Vault.",
`
This path responds to the following HTTP methods.
GET /
Returns the seal status of the Vault. This is an unauthenticated
endpoint.
`,
},
"seal": {
"Seals the Vault.",
`
This path responds to the following HTTP methods.
PUT /
Seals the Vault.
`,
},
"unseal": {
"Unseals the Vault.",
`
This path responds to the following HTTP methods.
PUT /
Unseals the Vault.
`,
},
vault: system using the framework
2015-03-16 00:35:59 +00:00
"mounts": {
"List the currently mounted backends.",
`
Add missing path-helps and clarify subpaths in tables
2016-04-13 21:15:54 +00:00
This path responds to the following HTTP methods.
GET /
Lists all the mounted secret backends.
GET /<mount point>
Get information about the mount at the specified path.
POST /<mount point>
Mount a new secret backend to the mount point in the URL.
POST /<mount point>/tune
Tune configuration parameters for the given mount point.
DELETE /<mount point>
Unmount the specified mount point.
vault: system using the framework
2015-03-16 00:35:59 +00:00
`,
},
"mount": {
`Mount a new backend at a new path.`,
`
Mount a backend at a new path. A backend can be mounted multiple times at
multiple paths in order to configure multiple separately configured backends.
Example: you might have an AWS backend for the east coast, and one for the
west coast.
`,
},
"mount_path": {
`The path to mount to. Example: "aws/east"`,
"",
},
"mount_type": {
`The type of the backend. Example: "passthrough"`,
"",
},
"mount_desc": {
`User-friendly description for this mount.`,
"",
},
Plumb per-mount config options through API
2015-08-31 18:27:49 +00:00
"mount_config": {
`Configuration for this mount, such as default_lease_ttl
and max_lease_ttl.`,
},
More porting from rep (#2388) * More porting from rep * Address review feedback
2017-02-16 21:29:30 +00:00
"mount_local": {
`Mark the mount as a local mount, which is not replicated
and is unaffected by replication.`,
},
Normalize plugin_name option for mount and enable-auth (#3202)
2017-08-31 16:16:59 +00:00
"mount_plugin_name": {
Allow more complex errors from plugins (no interface change) (#3444) * Allow more complex errors from plugins This enables more complex types to be registered and returned from plugins. * Register common error types This is a slightly less drastic change, which keeps the HTTPCodedError as an interface. * Remove replication error from list
2017-10-19 20:29:59 +00:00
`Name of the plugin to mount based from the name registered
Normalize plugin_name option for mount and enable-auth (#3202)
2017-08-31 16:16:59 +00:00
in the plugin catalog.`,
},
Address items from feedback. Make MountConfig use values rather than pointers and change how config is read to compensate.
2015-09-09 19:24:45 +00:00
"tune_default_lease_ttl": {
`The default lease TTL for this mount.`,
},
"tune_max_lease_ttl": {
`The max lease TTL for this mount.`,
},
vault: system using the framework
2015-03-16 00:35:59 +00:00
"remount": {
"Move the mount point of an already-mounted backend.",
`
Add missing path-helps and clarify subpaths in tables
2016-04-13 21:15:54 +00:00
This path responds to the following HTTP methods.
vault: convert to new callback style
2015-03-19 14:05:22 +00:00
Add missing path-helps and clarify subpaths in tables
2016-04-13 21:15:54 +00:00
POST /sys/remount
Changes the mount point of an already-mounted backend.
`,
vault: convert to new callback style
2015-03-19 14:05:22 +00:00
},
Added 'sys/auth/<path>/tune' endpoints. Displaying 'Default TTL' and 'Max TTL' in the output of 'vault auth -methods'
2016-06-15 16:35:30 +00:00
"auth_tune": {
"Tune the configuration parameters for an auth path.",
`Read and write the 'default-lease-ttl' and 'max-lease-ttl' values of
the auth path.`,
},
Rejig how dynamic values are represented in system view and location of some functions in various packages; create mount-tune command and API analogues; update documentation
2015-09-02 19:56:58 +00:00
"mount_tune": {
"Tune backend configuration parameters for this mount.",
Added 'sys/auth/<path>/tune' endpoints. Displaying 'Default TTL' and 'Max TTL' in the output of 'vault auth -methods'
2016-06-15 16:35:30 +00:00
`Read and write the 'default-lease-ttl' and 'max-lease-ttl' values of
the mount.`,
Rejig how dynamic values are represented in system view and location of some functions in various packages; create mount-tune command and API analogues; update documentation
2015-09-02 19:56:58 +00:00
},
vault: Testing sys/renew
2015-03-16 23:11:55 +00:00
"renew": {
"Renew a lease on a secret",
`
When a secret is read, it may optionally include a lease interval
and a boolean indicating if renew is possible. For secrets that support
lease renewal, this endpoint is used to extend the validity of the
lease and to prevent an automatic revocation.
`,
},
Replace VaultID with LeaseID for terminology simplification
2015-04-08 20:35:32 +00:00
"lease_id": {
"The lease identifier to renew. This is included with a lease.",
vault: Testing sys/renew
2015-03-16 23:11:55 +00:00
"",
},
"increment": {
"The desired increment in seconds to the lease",
"",
},
vault: Adding sys/revoke
2015-03-16 23:26:34 +00:00
"revoke": {
"Revoke a leased secret immediately",
`
When a secret is generated with a lease, it is automatically revoked
at the end of the lease period if not renewed. However, in some cases
you may want to force an immediate revocation. This endpoint can be
Replace VaultID with LeaseID for terminology simplification
2015-04-08 20:35:32 +00:00
used to revoke the secret with the given Lease ID.
vault: Adding sys/revoke
2015-03-16 23:26:34 +00:00
`,
},
vault: Support sys/revoke-prefix/
2015-03-16 23:33:48 +00:00
"revoke-prefix": {
"Revoke all secrets generated in a given prefix",
`
Revokes all the secrets generated under a given mount prefix. As
an example, "prod/aws/" might be the AWS logical backend, and due to
a change in the "ops" policy, we may want to invalidate all the secrets
generated. We can do a revoke prefix at "prod/aws/ops" to revoke all
Replace VaultID with LeaseID for terminology simplification
2015-04-08 20:35:32 +00:00
the ops secrets. This does a prefix match on the Lease IDs and revokes
vault: Support sys/revoke-prefix/
2015-03-16 23:33:48 +00:00
all matching leases.
`,
},
"revoke-prefix-path": {
`The path to revoke keys under. Example: "prod/aws/ops"`,
"",
},
vault: implement the sys/auth* endpoints
2015-03-20 19:48:19 +00:00
Add forced revocation. In some situations, it can be impossible to revoke leases (for instance, if someone has gone and manually removed users created by Vault). This can not only cause Vault to cycle trying to revoke them, but it also prevents mounts from being unmounted, leaving them in a tainted state where the only operations allowed are to revoke (or rollback), which will never successfully complete. This adds a new endpoint that works similarly to `revoke-prefix` but ignores errors coming from a backend upon revocation (it does not ignore errors coming from within the expiration manager, such as errors accessing the data store). This can be used to force Vault to abandon leases. Like `revoke-prefix`, this is a very sensitive operation and requires `sudo`. It is implemented as a separate endpoint, rather than an argument to `revoke-prefix`, to ensure that control can be delegated appropriately, as even most administrators should not normally have this privilege. Fixes #1135
2016-03-03 01:26:38 +00:00
"revoke-force": {
"Revoke all secrets generated in a given prefix, ignoring errors.",
`
See the path help for 'revoke-prefix'; this behaves the same, except that it
ignores errors encountered during revocation. This can be used in certain
recovery situations; for instance, when you want to unmount a backend, but it
is impossible to fix revocation errors and these errors prevent the unmount
from proceeding. This is a DANGEROUS operation as it removes Vault's oversight
of external secrets. Access to this prefix should be tightly controlled.
`,
},
"revoke-force-path": {
`The path to revoke keys under. Example: "prod/aws/ops"`,
"",
},
vault: implement the sys/auth* endpoints
2015-03-20 19:48:19 +00:00
"auth-table": {
"List the currently enabled credential backends.",
`
Add missing path-helps and clarify subpaths in tables
2016-04-13 21:15:54 +00:00
This path responds to the following HTTP methods.
GET /
List the currently enabled credential backends: the name, the type of
the backend, and a user friendly description of the purpose for the
credential backend.
POST /<mount point>
Enable a new auth backend.
DELETE /<mount point>
Disable the auth backend at the given mount point.
vault: implement the sys/auth* endpoints
2015-03-20 19:48:19 +00:00
`,
},
"auth": {
`Enable a new credential backend with a name.`,
`
Enable a credential mechanism at a new path. A backend can be mounted multiple times at
multiple paths in order to configure multiple separately configured backends.
Example: you might have an OAuth backend for GitHub, and one for Google Apps.
`,
},
"auth_path": {
`The path to mount to. Cannot be delimited. Example: "user"`,
"",
},
"auth_type": {
`The type of the backend. Example: "userpass"`,
"",
},
"auth_desc": {
`User-friendly description for this crential backend.`,
"",
},
vault: Support policy CRUD
2015-03-23 21:43:31 +00:00
Normalize plugin_name option for mount and enable-auth (#3202)
2017-08-31 16:16:59 +00:00
"auth_config": {
`Configuration for this mount, such as plugin_name.`,
},
Backend plugin system (#2874) * Add backend plugin changes * Fix totp backend plugin tests * Fix logical/plugin InvalidateKey test * Fix plugin catalog CRUD test, fix NoopBackend * Clean up commented code block * Fix system backend mount test * Set plugin_name to omitempty, fix handleMountTable config parsing * Clean up comments, keep shim connections alive until cleanup * Include pluginClient, disallow LookupPlugin call from within a plugin * Add wrapper around backendPluginClient for proper cleanup * Add logger shim tests * Add logger, storage, and system shim tests * Use pointer receivers for system view shim * Use plugin name if no path is provided on mount * Enable plugins for auth backends * Add backend type attribute, move builtin/plugin/package * Fix merge conflict * Fix missing plugin name in mount config * Add integration tests on enabling auth backend plugins * Remove dependency cycle on mock-plugin * Add passthrough backend plugin, use logical.BackendType to determine lease generation * Remove vault package dependency on passthrough package * Add basic impl test for passthrough plugin * Incorporate feedback; set b.backend after shims creation on backendPluginServer * Fix totp plugin test * Add plugin backends docs * Fix tests * Fix builtin/plugin tests * Remove flatten from PluginRunner fields * Move mock plugin to logical/plugin, remove totp and passthrough plugins * Move pluginMap into newPluginClient * Do not create storage RPC connection on HandleRequest and HandleExistenceCheck * Change shim logger's Fatal to no-op * Change BackendType to uint32, match UX backend types * Change framework.Backend Setup signature * Add Setup func to logical.Backend interface * Move OptionallyEnableMlock call into plugin.Serve, update docs and comments * Remove commented var in plugin package * RegisterLicense on logical.Backend interface (#3017) * Add RegisterLicense to logical.Backend interface * Update RegisterLicense to use callback func on framework.Backend * Refactor framework.Backend.RegisterLicense * plugin: Prevent plugin.SystemViewClient.ResponseWrapData from getting JWTs * plugin: Revert BackendType to remove TypePassthrough and related references * Fix typo in plugin backends docs
2017-07-20 17:28:40 +00:00
"auth_plugin": {
`Name of the auth plugin to use based from the name in the plugin catalog.`,
"",
},
vault: Support policy CRUD
2015-03-23 21:43:31 +00:00
"policy-list": {
`List the configured access control policies.`,
`
Add missing path-helps and clarify subpaths in tables
2016-04-13 21:15:54 +00:00
This path responds to the following HTTP methods.
GET /
List the names of the configured access control policies.
GET /<name>
Retrieve the rules for the named policy.
PUT /<name>
Add or update a policy.
DELETE /<name>
Delete the policy with the given name.
vault: Support policy CRUD
2015-03-23 21:43:31 +00:00
`,
},
"policy": {
`Read, Modify, or Delete an access control policy.`,
`
Read the rules of an existing policy, create or update the rules of a policy,
or delete a policy.
`,
},
"policy-name": {
`The name of the policy. Example: "ops"`,
"",
},
"policy-rules": {
`The rules of the policy. Either given in HCL or JSON format.`,
"",
},
vault: Adding sys/ paths to enable/disable audit backends
2015-03-31 23:45:00 +00:00
Reintroduce the ability to look up obfuscated values in the audit log with a new endpoint '/sys/audit-hash', which returns the given input string hashed with the given audit backend's hash function and salt (currently, always HMAC-SHA256 and a backend-specific salt). In the process of adding the HTTP handler, this also removes the custom HTTP handlers for the other audit endpoints, which were simply forwarding to the logical system backend. This means that the various audit functions will now redirect correctly from a standby to master. (Tests all pass.) Fixes #784
2015-11-19 01:26:03 +00:00
"audit-hash": {
"The hash of the given string via the given audit backend",
"",
},
vault: Adding sys/ paths to enable/disable audit backends
2015-03-31 23:45:00 +00:00
"audit-table": {
"List the currently enabled audit backends.",
`
Add missing path-helps and clarify subpaths in tables
2016-04-13 21:15:54 +00:00
This path responds to the following HTTP methods.
GET /
List the currently enabled audit backends.
PUT /<path>
Enable an audit backend at the given path.
DELETE /<path>
Disable the given audit backend.
vault: Adding sys/ paths to enable/disable audit backends
2015-03-31 23:45:00 +00:00
`,
},
"audit_path": {
`The name of the backend. Cannot be delimited. Example: "mysql"`,
"",
},
"audit_type": {
`The type of the backend. Example: "mysql"`,
"",
},
"audit_desc": {
`User-friendly description for this audit backend.`,
"",
},
"audit_opts": {
`Configuration options for the audit backend.`,
"",
},
"audit": {
`Enable or disable audit backends.`,
`
Enable a new audit backend or disable an existing backend.
`,
},
vault: adding sys/key-status and sys/rotate
2015-05-28 00:53:42 +00:00
"key-status": {
"Provides information about the backend encryption key.",
`
Provides the current backend encryption key term and installation time.
`,
},
"rotate": {
"Rotates the backend encryption key used to persist data.",
`
Rotate generates a new encryption key which is used to encrypt all
data going to the storage backend. The old encryption keys are kept so
that data encrypted using those keys can still be decrypted.
`,
},
Fix path help description for rekey_backup
2016-03-10 02:04:54 +00:00
"rekey_backup": {
"Allows fetching or deleting the backup of the rotated unseal keys.",
"",
},
Fix help descriptions
2016-03-17 19:23:36 +00:00
"capabilities": {
"Fetches the capabilities of the given token on the given path.",
Removed http/sys_capabilties_test.go
2016-03-18 03:01:28 +00:00
`Returns the capabilities of the given token on the path.
The path will be searched for a path match in all the policies associated with the token.`,
},
"capabilities_self": {
"Fetches the capabilities of the given token on the given path.",
`Returns the capabilities of the client token on the path.
The path will be searched for a path match in all the policies associated with the client token.`,
Fix help descriptions
2016-03-17 19:23:36 +00:00
},
"capabilities_accessor": {
"Fetches the capabilities of the token associated with the given token, on the given path.",
Removed http/sys_capabilties_test.go
2016-03-18 03:01:28 +00:00
`When there is no access to the token, token accessor can be used to fetch the token's capabilities
on a given path.`,
Fix help descriptions
2016-03-17 19:23:36 +00:00
},
Wrapping enhancements (#1927)
2016-09-29 04:01:28 +00:00
Added sys/tidy-leases endpoint
2017-03-07 20:22:21 +00:00
"tidy_leases": {
`This endpoint performs cleanup tasks that can be run if certain error
conditions have occurred.`,
Add locking where possible while doing auth/token/tidy
2017-03-07 21:06:05 +00:00
`This endpoint performs cleanup tasks that can be run to clean up the
Added sys/tidy-leases endpoint
2017-03-07 20:22:21 +00:00
lease entries after certain error conditions. Usually running this is not
necessary, and is only required if upgrade notes or support personnel suggest
it.`,
},
Wrapping enhancements (#1927)
2016-09-29 04:01:28 +00:00
"wrap": {
"Response-wraps an arbitrary JSON object.",
`Round trips the given input data into a response-wrapped token.`,
},
JWT wrapping tokens (#2172)
2017-01-04 21:44:03 +00:00
"wrappubkey": {
"Returns pubkeys used in some wrapping formats.",
"Returns pubkeys used in some wrapping formats.",
},
Wrapping enhancements (#1927)
2016-09-29 04:01:28 +00:00
"unwrap": {
"Unwraps a response-wrapped token.",
`Unwraps a response-wrapped token. Unlike simply reading from cubbyhole/response,
this provides additional validation on the token, and rather than a JSON-escaped
string, the returned response is the exact same as the contained wrapped response.`,
},
"wraplookup": {
"Looks up the properties of a response-wrapped token.",
`Returns the creation TTL and creation time of a response-wrapped token.`,
},
"rewrap": {
"Rotates a response-wrapped token.",
`Rotates a response-wrapped token; the output is a new token with the same
response wrapped inside and the same creation TTL. The original token is revoked.`,
},
Update the help text for auditing headers (#2330) * Update the help text for auditing headers * Update help name
2017-02-03 18:08:31 +00:00
"audited-headers-name": {
"Configures the headers sent to the audit logs.",
`
This path responds to the following HTTP methods.
GET /<name>
Returns the setting for the header with the given name.
POST /<name>
Enable auditing of the given header.
DELETE /<path>
Disable auditing of the given header.
`,
},
"audited-headers": {
"Lists the headers configured to be audited.",
`Returns a list of headers that have been configured to be audited.`,
},
Backend plugin system (#2874) * Add backend plugin changes * Fix totp backend plugin tests * Fix logical/plugin InvalidateKey test * Fix plugin catalog CRUD test, fix NoopBackend * Clean up commented code block * Fix system backend mount test * Set plugin_name to omitempty, fix handleMountTable config parsing * Clean up comments, keep shim connections alive until cleanup * Include pluginClient, disallow LookupPlugin call from within a plugin * Add wrapper around backendPluginClient for proper cleanup * Add logger shim tests * Add logger, storage, and system shim tests * Use pointer receivers for system view shim * Use plugin name if no path is provided on mount * Enable plugins for auth backends * Add backend type attribute, move builtin/plugin/package * Fix merge conflict * Fix missing plugin name in mount config * Add integration tests on enabling auth backend plugins * Remove dependency cycle on mock-plugin * Add passthrough backend plugin, use logical.BackendType to determine lease generation * Remove vault package dependency on passthrough package * Add basic impl test for passthrough plugin * Incorporate feedback; set b.backend after shims creation on backendPluginServer * Fix totp plugin test * Add plugin backends docs * Fix tests * Fix builtin/plugin tests * Remove flatten from PluginRunner fields * Move mock plugin to logical/plugin, remove totp and passthrough plugins * Move pluginMap into newPluginClient * Do not create storage RPC connection on HandleRequest and HandleExistenceCheck * Change shim logger's Fatal to no-op * Change BackendType to uint32, match UX backend types * Change framework.Backend Setup signature * Add Setup func to logical.Backend interface * Move OptionallyEnableMlock call into plugin.Serve, update docs and comments * Remove commented var in plugin package * RegisterLicense on logical.Backend interface (#3017) * Add RegisterLicense to logical.Backend interface * Update RegisterLicense to use callback func on framework.Backend * Refactor framework.Backend.RegisterLicense * plugin: Prevent plugin.SystemViewClient.ResponseWrapData from getting JWTs * plugin: Revert BackendType to remove TypePassthrough and related references * Fix typo in plugin backends docs
2017-07-20 17:28:40 +00:00
"plugin-catalog": {
"Configures the plugins known to vault",
Add path help and comments for plugin-catalog
2017-04-12 17:01:36 +00:00
`
This path responds to the following HTTP methods.
Backend plugin system (#2874) * Add backend plugin changes * Fix totp backend plugin tests * Fix logical/plugin InvalidateKey test * Fix plugin catalog CRUD test, fix NoopBackend * Clean up commented code block * Fix system backend mount test * Set plugin_name to omitempty, fix handleMountTable config parsing * Clean up comments, keep shim connections alive until cleanup * Include pluginClient, disallow LookupPlugin call from within a plugin * Add wrapper around backendPluginClient for proper cleanup * Add logger shim tests * Add logger, storage, and system shim tests * Use pointer receivers for system view shim * Use plugin name if no path is provided on mount * Enable plugins for auth backends * Add backend type attribute, move builtin/plugin/package * Fix merge conflict * Fix missing plugin name in mount config * Add integration tests on enabling auth backend plugins * Remove dependency cycle on mock-plugin * Add passthrough backend plugin, use logical.BackendType to determine lease generation * Remove vault package dependency on passthrough package * Add basic impl test for passthrough plugin * Incorporate feedback; set b.backend after shims creation on backendPluginServer * Fix totp plugin test * Add plugin backends docs * Fix tests * Fix builtin/plugin tests * Remove flatten from PluginRunner fields * Move mock plugin to logical/plugin, remove totp and passthrough plugins * Move pluginMap into newPluginClient * Do not create storage RPC connection on HandleRequest and HandleExistenceCheck * Change shim logger's Fatal to no-op * Change BackendType to uint32, match UX backend types * Change framework.Backend Setup signature * Add Setup func to logical.Backend interface * Move OptionallyEnableMlock call into plugin.Serve, update docs and comments * Remove commented var in plugin package * RegisterLicense on logical.Backend interface (#3017) * Add RegisterLicense to logical.Backend interface * Update RegisterLicense to use callback func on framework.Backend * Refactor framework.Backend.RegisterLicense * plugin: Prevent plugin.SystemViewClient.ResponseWrapData from getting JWTs * plugin: Revert BackendType to remove TypePassthrough and related references * Fix typo in plugin backends docs
2017-07-20 17:28:40 +00:00
LIST /
Returns a list of names of configured plugins.
Add the ability to view and list of leases metadata (#2650)
2017-05-04 02:03:42 +00:00
Backend plugin system (#2874) * Add backend plugin changes * Fix totp backend plugin tests * Fix logical/plugin InvalidateKey test * Fix plugin catalog CRUD test, fix NoopBackend * Clean up commented code block * Fix system backend mount test * Set plugin_name to omitempty, fix handleMountTable config parsing * Clean up comments, keep shim connections alive until cleanup * Include pluginClient, disallow LookupPlugin call from within a plugin * Add wrapper around backendPluginClient for proper cleanup * Add logger shim tests * Add logger, storage, and system shim tests * Use pointer receivers for system view shim * Use plugin name if no path is provided on mount * Enable plugins for auth backends * Add backend type attribute, move builtin/plugin/package * Fix merge conflict * Fix missing plugin name in mount config * Add integration tests on enabling auth backend plugins * Remove dependency cycle on mock-plugin * Add passthrough backend plugin, use logical.BackendType to determine lease generation * Remove vault package dependency on passthrough package * Add basic impl test for passthrough plugin * Incorporate feedback; set b.backend after shims creation on backendPluginServer * Fix totp plugin test * Add plugin backends docs * Fix tests * Fix builtin/plugin tests * Remove flatten from PluginRunner fields * Move mock plugin to logical/plugin, remove totp and passthrough plugins * Move pluginMap into newPluginClient * Do not create storage RPC connection on HandleRequest and HandleExistenceCheck * Change shim logger's Fatal to no-op * Change BackendType to uint32, match UX backend types * Change framework.Backend Setup signature * Add Setup func to logical.Backend interface * Move OptionallyEnableMlock call into plugin.Serve, update docs and comments * Remove commented var in plugin package * RegisterLicense on logical.Backend interface (#3017) * Add RegisterLicense to logical.Backend interface * Update RegisterLicense to use callback func on framework.Backend * Refactor framework.Backend.RegisterLicense * plugin: Prevent plugin.SystemViewClient.ResponseWrapData from getting JWTs * plugin: Revert BackendType to remove TypePassthrough and related references * Fix typo in plugin backends docs
2017-07-20 17:28:40 +00:00
GET /<name>
Retrieve the metadata for the named plugin.
Add path help and comments for plugin-catalog
2017-04-12 17:01:36 +00:00
Backend plugin system (#2874) * Add backend plugin changes * Fix totp backend plugin tests * Fix logical/plugin InvalidateKey test * Fix plugin catalog CRUD test, fix NoopBackend * Clean up commented code block * Fix system backend mount test * Set plugin_name to omitempty, fix handleMountTable config parsing * Clean up comments, keep shim connections alive until cleanup * Include pluginClient, disallow LookupPlugin call from within a plugin * Add wrapper around backendPluginClient for proper cleanup * Add logger shim tests * Add logger, storage, and system shim tests * Use pointer receivers for system view shim * Use plugin name if no path is provided on mount * Enable plugins for auth backends * Add backend type attribute, move builtin/plugin/package * Fix merge conflict * Fix missing plugin name in mount config * Add integration tests on enabling auth backend plugins * Remove dependency cycle on mock-plugin * Add passthrough backend plugin, use logical.BackendType to determine lease generation * Remove vault package dependency on passthrough package * Add basic impl test for passthrough plugin * Incorporate feedback; set b.backend after shims creation on backendPluginServer * Fix totp plugin test * Add plugin backends docs * Fix tests * Fix builtin/plugin tests * Remove flatten from PluginRunner fields * Move mock plugin to logical/plugin, remove totp and passthrough plugins * Move pluginMap into newPluginClient * Do not create storage RPC connection on HandleRequest and HandleExistenceCheck * Change shim logger's Fatal to no-op * Change BackendType to uint32, match UX backend types * Change framework.Backend Setup signature * Add Setup func to logical.Backend interface * Move OptionallyEnableMlock call into plugin.Serve, update docs and comments * Remove commented var in plugin package * RegisterLicense on logical.Backend interface (#3017) * Add RegisterLicense to logical.Backend interface * Update RegisterLicense to use callback func on framework.Backend * Refactor framework.Backend.RegisterLicense * plugin: Prevent plugin.SystemViewClient.ResponseWrapData from getting JWTs * plugin: Revert BackendType to remove TypePassthrough and related references * Fix typo in plugin backends docs
2017-07-20 17:28:40 +00:00
PUT /<name>
Add or update plugin.
Add path help and comments for plugin-catalog
2017-04-12 17:01:36 +00:00
Backend plugin system (#2874) * Add backend plugin changes * Fix totp backend plugin tests * Fix logical/plugin InvalidateKey test * Fix plugin catalog CRUD test, fix NoopBackend * Clean up commented code block * Fix system backend mount test * Set plugin_name to omitempty, fix handleMountTable config parsing * Clean up comments, keep shim connections alive until cleanup * Include pluginClient, disallow LookupPlugin call from within a plugin * Add wrapper around backendPluginClient for proper cleanup * Add logger shim tests * Add logger, storage, and system shim tests * Use pointer receivers for system view shim * Use plugin name if no path is provided on mount * Enable plugins for auth backends * Add backend type attribute, move builtin/plugin/package * Fix merge conflict * Fix missing plugin name in mount config * Add integration tests on enabling auth backend plugins * Remove dependency cycle on mock-plugin * Add passthrough backend plugin, use logical.BackendType to determine lease generation * Remove vault package dependency on passthrough package * Add basic impl test for passthrough plugin * Incorporate feedback; set b.backend after shims creation on backendPluginServer * Fix totp plugin test * Add plugin backends docs * Fix tests * Fix builtin/plugin tests * Remove flatten from PluginRunner fields * Move mock plugin to logical/plugin, remove totp and passthrough plugins * Move pluginMap into newPluginClient * Do not create storage RPC connection on HandleRequest and HandleExistenceCheck * Change shim logger's Fatal to no-op * Change BackendType to uint32, match UX backend types * Change framework.Backend Setup signature * Add Setup func to logical.Backend interface * Move OptionallyEnableMlock call into plugin.Serve, update docs and comments * Remove commented var in plugin package * RegisterLicense on logical.Backend interface (#3017) * Add RegisterLicense to logical.Backend interface * Update RegisterLicense to use callback func on framework.Backend * Refactor framework.Backend.RegisterLicense * plugin: Prevent plugin.SystemViewClient.ResponseWrapData from getting JWTs * plugin: Revert BackendType to remove TypePassthrough and related references * Fix typo in plugin backends docs
2017-07-20 17:28:40 +00:00
DELETE /<name>
Delete the plugin with the given name.
Add path help and comments for plugin-catalog
2017-04-12 17:01:36 +00:00
`,
},
Backend plugin system (#2874) * Add backend plugin changes * Fix totp backend plugin tests * Fix logical/plugin InvalidateKey test * Fix plugin catalog CRUD test, fix NoopBackend * Clean up commented code block * Fix system backend mount test * Set plugin_name to omitempty, fix handleMountTable config parsing * Clean up comments, keep shim connections alive until cleanup * Include pluginClient, disallow LookupPlugin call from within a plugin * Add wrapper around backendPluginClient for proper cleanup * Add logger shim tests * Add logger, storage, and system shim tests * Use pointer receivers for system view shim * Use plugin name if no path is provided on mount * Enable plugins for auth backends * Add backend type attribute, move builtin/plugin/package * Fix merge conflict * Fix missing plugin name in mount config * Add integration tests on enabling auth backend plugins * Remove dependency cycle on mock-plugin * Add passthrough backend plugin, use logical.BackendType to determine lease generation * Remove vault package dependency on passthrough package * Add basic impl test for passthrough plugin * Incorporate feedback; set b.backend after shims creation on backendPluginServer * Fix totp plugin test * Add plugin backends docs * Fix tests * Fix builtin/plugin tests * Remove flatten from PluginRunner fields * Move mock plugin to logical/plugin, remove totp and passthrough plugins * Move pluginMap into newPluginClient * Do not create storage RPC connection on HandleRequest and HandleExistenceCheck * Change shim logger's Fatal to no-op * Change BackendType to uint32, match UX backend types * Change framework.Backend Setup signature * Add Setup func to logical.Backend interface * Move OptionallyEnableMlock call into plugin.Serve, update docs and comments * Remove commented var in plugin package * RegisterLicense on logical.Backend interface (#3017) * Add RegisterLicense to logical.Backend interface * Update RegisterLicense to use callback func on framework.Backend * Refactor framework.Backend.RegisterLicense * plugin: Prevent plugin.SystemViewClient.ResponseWrapData from getting JWTs * plugin: Revert BackendType to remove TypePassthrough and related references * Fix typo in plugin backends docs
2017-07-20 17:28:40 +00:00
"plugin-catalog_name": {
"The name of the plugin",
"",
},
"plugin-catalog_sha-256": {
Allow more complex errors from plugins (no interface change) (#3444) * Allow more complex errors from plugins This enables more complex types to be registered and returned from plugins. * Register common error types This is a slightly less drastic change, which keeps the HTTPCodedError as an interface. * Remove replication error from list
2017-10-19 20:29:59 +00:00
`The SHA256 sum of the executable used in the
Backend plugin system (#2874) * Add backend plugin changes * Fix totp backend plugin tests * Fix logical/plugin InvalidateKey test * Fix plugin catalog CRUD test, fix NoopBackend * Clean up commented code block * Fix system backend mount test * Set plugin_name to omitempty, fix handleMountTable config parsing * Clean up comments, keep shim connections alive until cleanup * Include pluginClient, disallow LookupPlugin call from within a plugin * Add wrapper around backendPluginClient for proper cleanup * Add logger shim tests * Add logger, storage, and system shim tests * Use pointer receivers for system view shim * Use plugin name if no path is provided on mount * Enable plugins for auth backends * Add backend type attribute, move builtin/plugin/package * Fix merge conflict * Fix missing plugin name in mount config * Add integration tests on enabling auth backend plugins * Remove dependency cycle on mock-plugin * Add passthrough backend plugin, use logical.BackendType to determine lease generation * Remove vault package dependency on passthrough package * Add basic impl test for passthrough plugin * Incorporate feedback; set b.backend after shims creation on backendPluginServer * Fix totp plugin test * Add plugin backends docs * Fix tests * Fix builtin/plugin tests * Remove flatten from PluginRunner fields * Move mock plugin to logical/plugin, remove totp and passthrough plugins * Move pluginMap into newPluginClient * Do not create storage RPC connection on HandleRequest and HandleExistenceCheck * Change shim logger's Fatal to no-op * Change BackendType to uint32, match UX backend types * Change framework.Backend Setup signature * Add Setup func to logical.Backend interface * Move OptionallyEnableMlock call into plugin.Serve, update docs and comments * Remove commented var in plugin package * RegisterLicense on logical.Backend interface (#3017) * Add RegisterLicense to logical.Backend interface * Update RegisterLicense to use callback func on framework.Backend * Refactor framework.Backend.RegisterLicense * plugin: Prevent plugin.SystemViewClient.ResponseWrapData from getting JWTs * plugin: Revert BackendType to remove TypePassthrough and related references * Fix typo in plugin backends docs
2017-07-20 17:28:40 +00:00
command field. This should be HEX encoded.`,
"",
},
"plugin-catalog_command": {
`The command used to start the plugin. The
executable defined in this command must exist in vault's
plugin directory.`,
"",
},
Add the ability to view and list of leases metadata (#2650)
2017-05-04 02:03:42 +00:00
"leases": {
`View or list lease metadata.`,
`
This path responds to the following HTTP methods.
PUT /
Retrieve the metadata for the provided lease id.
LIST /<prefix>
Lists the leases for the named prefix.
`,
},
"leases-list-prefix": {
`The path to list leases under. Example: "aws/creds/deploy"`,
"",
},
Add plugin backend reload capability (#3112) * Add plugin reload capability on all mounts for a specific plugin type * Comments cleanup * Add per-mount plugin backend reload, add tests * Fix typos * Remove old comment * Reuse existing storage view in reloadPluginCommon * Correctly handle reloading auth plugin backends * Update path to plugin/backend/reload * Use multierrors on reloadMatchingPluginMounts, attempt to reload all mounts provided * Use internal value as check to ensure plugin backend reload * Remove connection state from request for plugins at the moment * Minor cleanup * Refactor tests
2017-08-08 04:18:59 +00:00
"plugin-reload": {
"Reload mounts that use a particular backend plugin.",
`Reload mounts that use a particular backend plugin. Either the plugin name
or the desired plugin backend mounts must be provided, but not both. In the
case that the plugin name is provided, all mounted paths that use that plugin
backend will be reloaded.`,
},
"plugin-backend-reload-plugin": {
`The name of the plugin to reload, as registered in the plugin catalog.`,
"",
},
"plugin-backend-reload-mounts": {
`The mount paths of the plugin backends to reload.`,
"",
},
copying general purpose tools from transit backend to /sys/tools (#3391)
2017-10-20 14:59:17 +00:00
"hash": {
"Generate a hash sum for input data",
"Generates a hash sum of the given algorithm against the given input data.",
},
"random": {
"Generate random bytes",
"This function can be used to generate high-entropy random bytes.",
},
vault: system using the framework
2015-03-16 00:35:59 +00:00
}