Jeff Mitchell
b4620d5d04
Add check against seal type to catch errors before we attempt to use the data
2016-04-15 18:16:48 -04:00
Jeff Mitchell
9bc24be343
Move recovery info behind the barrier
2016-04-15 17:04:29 +00:00
Jeff Mitchell
119238149b
Add Finalize method to seal.
2016-04-14 20:37:34 +00:00
Jeff Mitchell
53773f12e3
Register the token entry's path instead of the request path, to handle role suffixes correctly
2016-04-14 08:08:28 -04:00
Jeff Mitchell
ae2d000de4
Make period output nicer -- seconds rather than duration
2016-04-14 06:10:22 -04:00
Jeff Mitchell
a4ff72841e
Check for seal status when initing and change logic order to avoid defer
2016-04-14 01:13:59 +00:00
Adam Shannon
fb07d07ad9
all: Cleanup from running go vet
2016-04-13 14:38:29 -05:00
Jeff Mitchell
1db6808912
Construct token path from request to fix displaying TTLs when using
...
create-orphan.
2016-04-07 15:45:38 +00:00
Jeff Mitchell
f2880561d1
Ensure we only use sysview's max if it's not zero. It never should be, but safety.
2016-04-07 15:27:14 +00:00
Sean Chittenden
09ad6317ea
Merge pull request #1297 from hashicorp/f-bsd-mlock
...
F bsd mlock
2016-04-06 13:57:34 -07:00
vishalnayak
e3a1ee92b5
Utility Enhancements
2016-04-05 20:32:59 -04:00
Sean Chittenden
087e7c94d3
Add Vault support for the *BSDs, including Darwin
...
The `syscall` package has been frozen in favor of `x/sys`. As a result, all of the BSDs are supported and do have `mlockall(2)` support in current versions of Go.
2016-04-05 12:18:19 -07:00
Jeff Mitchell
afae46feb7
SealInterface
2016-04-04 10:44:22 -04:00
Jeff Mitchell
7d20380c42
Merge pull request #1280 from hashicorp/remove-ts-revoke-prefix
...
Remove auth/token/revoke-prefix in favor of sys/revoke-prefix.
2016-04-01 09:48:52 -04:00
Jeff Mitchell
2b2541e13f
Merge pull request #1277 from hashicorp/suprious-revoke-timer-logs
...
Keep the expiration manager from keeping old token entries.
2016-03-31 20:16:31 -04:00
Jeff Mitchell
2fd02b8dca
Remove auth/token/revoke-prefix in favor of sys/revoke-prefix.
2016-03-31 18:04:05 -04:00
Jeff Mitchell
7442867d53
Check for auth/ in the path of the prefix for revoke-prefix in the token
...
store.
2016-03-31 16:21:56 -04:00
Jeff Mitchell
75650ec1ad
Keep the expiration manager from keeping old token entries.
...
The expiration manager would never be poked to remove token entries upon
token revocation, if that revocation was initiated in the token store
itself. It might have been to avoid deadlock, since during revocation of
tokens the expiration manager is called, which then calls back into the
token store, and so on.
This adds a way to skip that last call back into the token store if we
know that we're on the revocation path because we're in the middle of
revoking a token. That way the lease is cleaned up. This both prevents
log entries appearing for already-revoked tokens, and it also releases
timer/memory resources since we're not keeping the leases around.
2016-03-31 15:10:25 -04:00
Jeff Mitchell
ddce1efd0d
Two items:
...
1: Fix path check in core to handle renew paths from the token store
that aren't simply renew/
2: Use token policy logic if token store role policies are empty
2016-03-31 14:52:49 -04:00
vishalnayak
034ffd8af3
Fix capabilities test case
2016-03-18 12:55:18 -04:00
vishalnayak
6831e2a8fd
Sort the capabilities before returning
2016-03-18 12:40:17 -04:00
vishalnayak
a6f6cbd95a
Tests for capabilites in system backend
2016-03-18 11:58:06 -04:00
vishalnayak
d959ffc301
Rename PrepareRequest to PrepareRequestFunc
2016-03-18 10:37:49 -04:00
vishalnayak
fbfe72f286
Removed http/sys_capabilties_test.go
2016-03-18 09:48:45 -04:00
vishalnayak
55f03b5d25
Add separate path for capabilities-self to enable ACL
2016-03-17 22:52:03 -04:00
vishalnayak
68367f60c8
Fix broken testcases
2016-03-17 21:03:32 -04:00
vishalnayak
d348735322
Fix help descriptions
2016-03-17 21:03:32 -04:00
vishalnayak
f275cd2e9c
Fixed capabilities API to receive logical response
2016-03-17 21:03:32 -04:00
vishalnayak
a5d79d587a
Refactoring the capabilities function
2016-03-17 21:03:32 -04:00
vishalnayak
dcb7f00bcc
Move sys/capabilities to logical_system along with business logic from core
2016-03-17 21:03:32 -04:00
vishalnayak
2b712bc778
Move capabilities accessor logic to logical_system
2016-03-17 21:03:32 -04:00
Vishal Nayak
7db7b47fdd
Merge pull request #1210 from hashicorp/audit-id-path
...
Rename id to path and path to file_path, print audit backend paths
2016-03-15 20:13:21 -04:00
Jeff Mitchell
8a5fc6b017
Sort and filter policies going into the create token entry, then use
...
that as the definitive source for the response Auth object.
2016-03-15 14:05:25 -04:00
vishalnayak
3861c88211
Accept params both as part of URL or as part of http body
2016-03-14 19:14:36 -04:00
vishalnayak
85a888d588
Enable token to be supplied in the body for lookup call
2016-03-14 18:56:00 -04:00
vishalnayak
dd94e8e689
Fix broken test case
2016-03-14 18:44:13 -04:00
vishalnayak
71fc07833f
Rename id to path and path to file_path, print audit backend paths
2016-03-14 17:15:07 -04:00
Jeff Mitchell
04eb6e79f0
Merge pull request #1200 from hashicorp/sethvargo/hcl_errors
...
Show HCL parsing errors and typos
2016-03-10 22:31:55 -05:00
Jeff Mitchell
90dd55b1e6
Sort policies before returning/storing, like we do in handleCreateCommon
2016-03-10 22:31:26 -05:00
vishalnayak
8094077cd3
Fix broken test case
2016-03-10 20:06:22 -05:00
vishalnayak
378db2bc3c
Add default policy to response auth object
2016-03-10 19:55:38 -05:00
Seth Vargo
f6adea85ce
Preserve pointer
2016-03-10 15:55:47 -05:00
Seth Vargo
ad7049eed1
Parse policy HCL syntax and keys
2016-03-10 15:25:25 -05:00
Jeff Mitchell
cba947b049
Fix path help description for rekey_backup
2016-03-09 21:04:54 -05:00
Jeff Mitchell
fa2ba47a5c
Merge branch 'master' into token-roles
2016-03-09 17:23:34 -05:00
Jeff Mitchell
d4371d1393
Add accessor to returned auth
2016-03-09 17:15:42 -05:00
Jeff Mitchell
6df72e6efd
Merge pull request #1168 from hashicorp/revoke-force
...
Add forced revocation.
2016-03-09 16:59:52 -05:00
Jeff Mitchell
d171931e59
Add unit test for forced revocation
2016-03-09 16:47:58 -05:00
vishalnayak
0c4d5960a9
In-URL accessor for auth/token/lookup-accessor endpoint
2016-03-09 14:54:52 -05:00
vishalnayak
2528ffbc18
Restore old regex expressions for token endpoints
2016-03-09 14:08:52 -05:00