55187255bd
Truncate token store issued token periods when greater than tuned max at ( #4112 )
...
issue time, not just renew time.
2018-03-09 10:53:04 -05:00
9dba3590ac
Add context to the NewSalt function ( #4102 )
2018-03-08 11:21:11 -08:00
848ce6427b
Handle period's zero value in token store's token creation ( #3880 )
...
* Handle period's zero value on handleCreateCommon
* Add test for period zero value
2018-02-01 12:01:46 -05:00
150ad8405b
Remove logical.Initialize() method ( #3848 )
...
* Remove logical.Initialize() method
* More cleanup
* Fix test
2018-01-25 20:19:27 -05:00
2f19de0305
Add context to storage backends and wire it through a lot of places ( #3817 )
2018-01-19 01:44:44 -05:00
1c190d4bda
Pass context to backends ( #3750 )
...
* Start work on passing context to backends
* More work on passing context
* Unindent logical system
* Unindent token store
* Unindent passthrough
* Unindent cubbyhole
* Fix tests
* use requestContext in rollback and expiration managers
2018-01-08 10:31:38 -08:00
255212af23
Non-recursive DFS token tree revoke ( #2478 )
2017-12-11 16:51:37 -05:00
8f159b12b1
allowed/disallowed_policies as TypeCommaStringSlice ( #3641 )
...
Our docs apparently claim that this is a list, but the code is
string-only. This fixes that discrepancy.
2017-12-04 12:47:05 -05:00
2b78bc2a9b
Port over bits ( #3575 )
2017-11-13 15:31:32 -05:00
119607dcb7
Seal wrap all root tokens and their leases ( #3540 )
2017-11-06 13:10:36 -05:00
47dae8ffc7
Sync
2017-10-23 14:59:37 -04:00
f7ed6732a5
Porting identity store ( #3419 )
...
* porting identity to OSS
* changes that glue things together
* add testing bits
* wrapped entity id
* fix mount error
* some more changes to core
* fix storagepacker tests
* fix some more tests
* fix mount tests
* fix http mount tests
* audit changes for identity
* remove upgrade structs on the oss side
* added go-memdb to vendor
2017-10-11 10:21:20 -07:00
675cbe1bcd
Handle expiration manager being nil
2017-09-05 12:01:02 -04:00
71952b7738
ExpirationManager restoration to load in the background ( #3260 )
2017-09-05 11:09:00 -04:00
b851d88d68
fix swallowed error in vault package. ( #2993 )
2017-07-26 12:15:54 -04:00
b04e0a7a2a
Dynamically load and invalidate the token store salt ( #3021 )
...
* Dynaically load and invalidate the token store salt
* Pass salt function into the router
2017-07-18 09:02:03 -07:00
a71cb52f1b
Don't allow overriding token ID with the same token ID ( #2917 )
...
Fixes #2916
2017-06-24 01:52:48 +01:00
858deb9ca4
Don't allow parent references in file paths
2017-05-12 13:52:33 -04:00
d25aa9fc21
Don't write salts in initialization, look up on demand ( #2702 )
2017-05-09 17:51:09 -04:00
fa201f2505
auth/token/tidy log level update
2017-05-05 11:16:13 -04:00
b482043de1
Update debugging around tidy
2017-05-05 10:48:12 -04:00
f8295a301d
Merge branch 'master-oss' into sys-tidy-leases
2017-05-04 09:37:52 -04:00
3d9cf89ad6
Add the ability to view and list of leases metadata ( #2650 )
2017-05-03 22:03:42 -04:00
7f3891c734
Fix substitution of index/child in delete call
2017-05-03 15:09:13 -04:00
99884a8f13
Merge remote-tracking branch 'oss/master' into sys-tidy-leases
2017-05-03 15:02:42 -04:00
bb6b5f7aa6
Add taint flag for looking up by accessor
2017-05-03 13:08:50 -04:00
a1a0c2950f
logging updates
2017-05-03 12:58:10 -04:00
6aa7f9b7c9
Added logs when deletion fails so we can rely on server logs
2017-05-03 12:47:05 -04:00
bc5d5b7319
consistent logging
2017-05-03 12:45:22 -04:00
596ad2c8f7
Adhere to tainted status in salted accessor lookup
2017-05-03 12:36:10 -04:00
0553f7a8d1
change some logging output
2017-05-03 12:14:58 -04:00
c9bd54ad65
Less scary debugging
2017-05-03 11:15:59 -04:00
dd898ed2e1
Added summary logs to help better understand the consequence
2017-05-03 10:54:07 -04:00
537342f038
Fixing printf (and similar) issues ( #2666 )
2017-05-01 23:34:10 -04:00
72d05cd8dd
Refactor locking code in lease tidy; add ending debug statements
2017-04-27 16:22:19 -04:00
d8e91ef616
refactor lock handling in token tidy function
2017-04-27 13:48:29 -04:00
f9c1426ac8
Use an atomic lock for tidy operation in token store
2017-04-27 11:41:33 -04:00
749ec4fab1
Some more logging updates
2017-04-27 11:20:55 -04:00
d256248095
Fix logging suggestions; put the policyStore nil check back in
2017-04-27 10:56:19 -04:00
3fd019574d
Fix logging levels
2017-04-26 17:29:04 -04:00
7c3e20e9c5
Fix the log statements
2017-04-26 17:17:19 -04:00
9025ef16e4
Added logger to token store and logs to tidy function
2017-04-26 16:11:23 -04:00
5909d81b7b
Merge branch 'oss' into clean-stale-leases
2017-04-26 15:07:27 -04:00
4a4c981fb2
Update error message to distinguish tree revocation issue from non-tree
2017-04-26 14:06:45 -04:00
3ba162fea1
List should use a trailing slash
2017-04-21 15:37:43 -04:00
847c86f788
Rename ParseDedupAndSortStrings to ParseDedupLowercaseAndSortStrings ( #2614 )
2017-04-19 10:39:07 -04:00
709389dd36
Use ParseStringSlice on PKI organization/organizational unit. ( #2561 )
...
After, separately dedup and use new flag to not lowercase value.
Fixes #2555
2017-04-04 08:54:18 -07:00
5a6193a56e
Audit: Add token's use count to audit response ( #2437 )
...
* audit: Added token_num_uses to audit response
* Fixed jsonx tests
* Revert logical auth to NumUses instead of TokenNumUses
* s/TokenNumUses/NumUses
* Audit: Add num uses to audit requests as well
* Added RemainingUses to distinguish NumUses in audit requests
2017-03-08 17:36:50 -05:00
f54ff0f842
Add locking where possible while doing auth/token/tidy
2017-03-07 16:06:05 -05:00
3d162b63cc
Use locks in a slice rather than a map, which is faster and makes things cleaner ( #2446 )
2017-03-07 11:21:32 -05:00
Jeff Mitchell