Jeff Mitchell
f37b6492d1
More rep porting ( #2391 )
...
* More rep porting
* Add a bit more porting
2017-02-16 23:09:39 -05:00
Jeff Mitchell
20c65b8300
Fix regression in 0.6.4 where token store roles could not properly wo… ( #2286 )
2017-01-18 16:11:25 -05:00
vishalnayak
c9bd2a37f8
Don't sanitize disallowed_policies on token role
2017-01-17 21:34:14 -05:00
Vishal Nayak
fa7d61baa3
Merge pull request #2202 from fcantournet/fix_govet_fatalf
...
all: test: Fix govet warnings
2017-01-17 16:45:35 -05:00
Armon Dadgar
c37d17ed47
Adding interface methods to logical.Backend for parity ( #2242 )
2017-01-07 18:18:22 -05:00
Félix Cantournet
103b7ceab2
all: test: Fix govet warnings
...
Fix calls to t.Fatal() with formatting.
Fixed some calls to Fatalf() with wrong formatting
2016-12-21 19:44:07 +01:00
Jeff Mitchell
9f60e9f88d
Add tidy expiration test
2016-12-16 17:04:28 -05:00
vishalnayak
bae84e3864
TokenStore: Make the testcase dangle 100 accessors and let it tidy up
2016-12-16 15:41:41 -05:00
Vishal Nayak
ba026aeaa1
TokenStore: Added tidy endpoint ( #2192 )
2016-12-16 15:29:27 -05:00
Jeff Mitchell
f6044764c0
Fix revocation of leases when num_uses goes to 0 ( #2190 )
2016-12-16 13:11:55 -05:00
Vishal Nayak
8400b87473
Don't add default policy to child token if parent does not have it ( #2164 )
2016-12-16 00:36:39 -05:00
Jeff Mitchell
b45a481365
Wrapping enhancements ( #1927 )
2016-09-28 21:01:28 -07:00
Jeff Mitchell
f0203741ff
Change default TTL from 30 to 32 to accommodate monthly operations ( #1942 )
2016-09-28 18:32:49 -04:00
vishalnayak
57b21acabb
Added unit tests for token entry upgrade
2016-09-26 18:17:50 -04:00
Jeff Mitchell
9fee9ce8ff
Don't allow tokens in paths. ( #1783 )
2016-08-24 15:59:43 -04:00
Jeff Mitchell
01702415c2
Ensure we don't use a token entry period of 0 in role comparisons.
...
When we added support for generating periodic tokens for root/sudo in
auth/token/create we used the token entry's period value to store the
shortest period found to eventually populate the TTL. The problem was
that we then assumed later that this value would be populated for
periodic tokens, when it wouldn't have been in the upgrade case.
Instead, use a temp var to store the proper value to use; populate
te.Period only if actually given; and check that it's not zero before
comparing against role value during renew.
2016-08-16 16:47:46 -04:00
Jeff Mitchell
40ece8fd7c
Add another test and fix some output
2016-08-14 07:17:14 -04:00
Jeff Mitchell
b6ef112382
Minor wording change
2016-08-13 15:45:13 -04:00
Jeff Mitchell
cdea4b3445
Add some tests and fix some bugs
2016-08-13 14:03:22 -04:00
Jeff Mitchell
bcb4ab5422
Add periodic support for root/sudo tokens to auth/token/create
2016-08-12 21:14:12 -04:00
Jeff Mitchell
0f40fba40d
Don't allow a root token that expires to create one that doesn't
2016-08-09 20:32:40 -04:00
vishalnayak
e783bfe7e1
Minor changes to test cases
2016-08-05 20:22:07 -04:00
vishalnayak
5ddd1c7223
Fix broken test case
2016-08-05 20:07:18 -04:00
Laura Bennett
02911c0e01
full updates based on feedback
2016-08-05 18:57:35 -04:00
Laura Bennett
52623a2395
test updates based on feedback
2016-08-05 18:56:22 -04:00
Laura Bennett
405eb0075a
fix an error, tests still broken
2016-08-05 17:58:48 -04:00
Laura Bennett
68d351c70c
addresses feedback, but tests broken
2016-08-05 10:04:02 -04:00
Laura Bennett
c626277632
initial commit for minor update to token-store
2016-08-03 14:32:17 -04:00
vishalnayak
e7cb3fd990
Addressed review feedback
2016-08-02 16:53:06 -04:00
vishalnayak
9947b33498
Added tests for disallowed_policies
2016-08-02 15:21:15 -04:00
vishalnayak
a936914101
Address review feedback and fix existing tests
2016-08-02 14:10:20 -04:00
Jeff Mitchell
357f2d972f
Add some extra safety checking in accessor listing and update website
...
docs.
2016-08-01 13:12:06 -04:00
Jeff Mitchell
23ab63c78e
Add accessor list function to token store
2016-07-29 18:20:38 -04:00
Jeff Mitchell
e26487ced5
Add test for non-assignable policies
2016-07-25 16:00:18 -04:00
vishalnayak
8269f323d3
Revert 'risky' changes
2016-07-12 16:38:07 -04:00
vishalnayak
e09b40e155
Remove Unix() invocations on 'time.Time' objects and removed conversion of time to UTC
2016-07-08 18:30:18 -04:00
Jeff Mitchell
90c2f5bb55
Fix some more too-tight timing in the token store tests
2016-07-01 11:59:39 -04:00
Jeff Mitchell
f3e6e4ee28
Fix timing in explicit max ttl test
2016-07-01 11:37:27 -04:00
Jeff Mitchell
2b4b6559e3
Merge pull request #1504 from hashicorp/token-store-roles-renewability
...
Add renewable flag to token store roles
2016-06-08 15:56:54 -04:00
Jeff Mitchell
8a1bff7c11
Make out-of-bounds explicit max a cap+warning instead of an error
2016-06-08 15:25:17 -04:00
Jeff Mitchell
cf8f38bd4c
Add renewable flag to token store roles
2016-06-08 15:17:22 -04:00
Jeff Mitchell
65d8973864
Add explicit max TTL capability to token creation API
2016-06-08 14:49:48 -04:00
Jeff Mitchell
f8d70b64a0
Show renewable status for tokens in output
2016-06-01 17:30:31 -04:00
vishalnayak
49b4c83580
Adding default policies while creating tokens
2016-05-31 13:39:58 -04:00
Jeff Mitchell
ce5614bf9b
Merge branch 'master-oss' into cubbyhole-the-world
2016-05-11 19:29:52 -04:00
Jeff Mitchell
6ec1ca05c8
Fix bug around disallowing explicit max greater than sysview max
2016-05-11 18:46:55 -04:00
Jeff Mitchell
aecc3ad824
Add explicit maximum TTLs to token store roles.
2016-05-11 16:51:18 -04:00
Jeff Mitchell
2ebe49d3a1
Change UseToken mechanics.
...
Add locking around UseToken and Lookup. Have UseToken flag an entry that
needs to be revoked so that it can be done at the appropriate time, but
so that Lookup in the interm doesn't return a value.
The locking is a map of 4096 locks keyed off of the first three
characters of the token ID which should provide good distribution.
2016-05-02 03:44:24 -04:00
Jeff Mitchell
81da06de05
Fix fetching parameters in token store when it's optionally in the URL
2016-04-28 15:15:37 -04:00
Jeff Mitchell
53773f12e3
Register the token entry's path instead of the request path, to handle role suffixes correctly
2016-04-14 08:08:28 -04:00