eb6117cbb2
Work on TLS communication over plugins
2017-03-15 17:14:48 -07:00
f03d500808
Add option to disable caching per-backend. ( #2455 )
2017-03-08 09:20:09 -05:00
f992103615
Merge branch 'master' into acl-parameters-permission
2017-02-21 14:46:06 -08:00
0a9a6d3343
Move ReplicationState to consts
2017-02-16 13:37:21 -05:00
68a1780052
Format dynamic_system_view.go
2017-01-19 16:54:08 -08:00
ae116ada25
Merge branch 'master' into acl-parameters-permission
2017-01-13 16:44:10 -08:00
252e1f1e84
Port over some work to make the system views a bit nicer
2017-01-13 14:51:27 -05:00
d869c0d6a6
Rejig IsPrimary again
2017-01-12 15:59:00 -05:00
32f9ccb6c8
Rejig dynamic system view to build without tags
2017-01-12 15:13:47 -05:00
c2b512cf46
Changed AllowOperation to take logical.Request
2016-10-16 16:29:52 -07:00
58b32e5432
Convert to logxi
2016-08-21 18:13:37 -04:00
fe1f56de40
Make a non-caching but still locking variant of transit for when caches are disabled
2016-05-02 22:36:44 -04:00
8572190b64
Plumb disabling caches through the policy store
2016-05-02 22:36:44 -04:00
12c00b97ef
Allow backends to see taint status.
...
This can be seen via System(). In the PKI backend, if the CA is
reconfigured but not fully (e.g. an intermediate CSR is generated but no
corresponding cert set) and there are already leases (issued certs), the
CRL is unable to be built. As a result revocation fails. But in this
case we don't actually need revocation to be successful since the CRL is
useless after unmounting. By checking taint status we know if we can
simply fast-path out of revocation with a success in this case.
Fixes #946
2016-01-22 17:01:22 -05:00
4f4ddbf017
Create more granular ACL capabilities.
...
This commit splits ACL policies into more fine-grained capabilities.
This both drastically simplifies the checking code and makes it possible
to support needed workflows that are not possible with the previous
method. It is backwards compatible; policies containing a "policy"
string are simply converted to a set of capabilities matching previous
behavior.
Fixes #724 (and others).
2016-01-08 13:05:14 -05:00
7aa3faa626
Rename core's 'policy' to 'policyStore' for clarification
2015-11-06 12:07:42 -05:00
1a01ab3608
Take ClientToken instead of Policies
2015-09-21 10:04:03 -04:00
3b51ee1c48
Using core's logger
2015-09-19 19:01:36 -04:00
02485e7175
Abstraced SudoPrivilege to take list of policies
2015-09-19 18:23:44 -04:00
a2799b235e
Using acl.RootPrivilege and rewrote mockTokenStore
2015-09-19 17:53:24 -04:00
fb77ec3623
TokenStore: Provide access based on sudo permissions and not policy name
2015-09-19 11:14:51 -04:00
39cfcccdac
Remove error returns from sysview TTL calls
2015-09-10 15:09:54 -04:00
5de736e69c
Implement shallow cloning to allow MountEntry pointers to stay consistent when spread across router/core/system views
2015-09-10 15:09:54 -04:00
ace611d56d
Address items from feedback. Make MountConfig use values rather than
...
pointers and change how config is read to compensate.
2015-09-10 15:09:54 -04:00
c460ff10ca
Push a lot of logic into Router to make a bunch of it nicer and enable a
...
lot of cleanup. Plumb config and calls to framework.Backend.Setup() into
logical_system and elsewhere, including tests.
2015-09-10 15:09:54 -04:00
Brian Kassouf