398ed86d04
Split out TestSeal
2016-04-26 00:14:16 +00:00
98d09b0dc6
Add seal tests and update generate-root and others to handle dualseal.
2016-04-25 19:39:04 +00:00
f293b1bb98
Merge pull request #1328 from hashicorp/sethvargo/path-help
...
Add missing path-helps and clarify subpaths in tables
2016-04-25 13:53:06 -04:00
62058a0ff8
Update tests for change in raw blacklisting
2016-04-19 20:26:26 +00:00
556039344a
There's no good story around accessing any of core via /sys/raw, so blacklist it all
2016-04-19 16:01:15 +00:00
b4620d5d04
Add check against seal type to catch errors before we attempt to use the data
2016-04-15 18:16:48 -04:00
9bc24be343
Move recovery info behind the barrier
2016-04-15 17:04:29 +00:00
119238149b
Add Finalize method to seal.
2016-04-14 20:37:34 +00:00
53773f12e3
Register the token entry's path instead of the request path, to handle role suffixes correctly
2016-04-14 08:08:28 -04:00
ae2d000de4
Make period output nicer -- seconds rather than duration
2016-04-14 06:10:22 -04:00
a4ff72841e
Check for seal status when initing and change logic order to avoid defer
2016-04-14 01:13:59 +00:00
03c09341a4
Add missing path-helps and clarify subpaths in tables
2016-04-13 22:15:54 +01:00
fb07d07ad9
all: Cleanup from running go vet
2016-04-13 14:38:29 -05:00
1db6808912
Construct token path from request to fix displaying TTLs when using
...
create-orphan.
2016-04-07 15:45:38 +00:00
f2880561d1
Ensure we only use sysview's max if it's not zero. It never should be, but safety.
2016-04-07 15:27:14 +00:00
09ad6317ea
Merge pull request #1297 from hashicorp/f-bsd-mlock
...
F bsd mlock
2016-04-06 13:57:34 -07:00
e3a1ee92b5
Utility Enhancements
2016-04-05 20:32:59 -04:00
087e7c94d3
Add Vault support for the *BSDs, including Darwin
...
The `syscall` package has been frozen in favor of `x/sys`. As a result, all of the BSDs are supported and do have `mlockall(2)` support in current versions of Go.
2016-04-05 12:18:19 -07:00
afae46feb7
SealInterface
2016-04-04 10:44:22 -04:00
7d20380c42
Merge pull request #1280 from hashicorp/remove-ts-revoke-prefix
...
Remove auth/token/revoke-prefix in favor of sys/revoke-prefix.
2016-04-01 09:48:52 -04:00
2b2541e13f
Merge pull request #1277 from hashicorp/suprious-revoke-timer-logs
...
Keep the expiration manager from keeping old token entries.
2016-03-31 20:16:31 -04:00
2fd02b8dca
Remove auth/token/revoke-prefix in favor of sys/revoke-prefix.
2016-03-31 18:04:05 -04:00
7442867d53
Check for auth/ in the path of the prefix for revoke-prefix in the token
...
store.
2016-03-31 16:21:56 -04:00
75650ec1ad
Keep the expiration manager from keeping old token entries.
...
The expiration manager would never be poked to remove token entries upon
token revocation, if that revocation was initiated in the token store
itself. It might have been to avoid deadlock, since during revocation of
tokens the expiration manager is called, which then calls back into the
token store, and so on.
This adds a way to skip that last call back into the token store if we
know that we're on the revocation path because we're in the middle of
revoking a token. That way the lease is cleaned up. This both prevents
log entries appearing for already-revoked tokens, and it also releases
timer/memory resources since we're not keeping the leases around.
2016-03-31 15:10:25 -04:00
ddce1efd0d
Two items:
...
1: Fix path check in core to handle renew paths from the token store
that aren't simply renew/
2: Use token policy logic if token store role policies are empty
2016-03-31 14:52:49 -04:00
034ffd8af3
Fix capabilities test case
2016-03-18 12:55:18 -04:00
6831e2a8fd
Sort the capabilities before returning
2016-03-18 12:40:17 -04:00
a6f6cbd95a
Tests for capabilites in system backend
2016-03-18 11:58:06 -04:00
d959ffc301
Rename PrepareRequest to PrepareRequestFunc
2016-03-18 10:37:49 -04:00
fbfe72f286
Removed http/sys_capabilties_test.go
2016-03-18 09:48:45 -04:00
55f03b5d25
Add separate path for capabilities-self to enable ACL
2016-03-17 22:52:03 -04:00
68367f60c8
Fix broken testcases
2016-03-17 21:03:32 -04:00
d348735322
Fix help descriptions
2016-03-17 21:03:32 -04:00
f275cd2e9c
Fixed capabilities API to receive logical response
2016-03-17 21:03:32 -04:00
a5d79d587a
Refactoring the capabilities function
2016-03-17 21:03:32 -04:00
dcb7f00bcc
Move sys/capabilities to logical_system along with business logic from core
2016-03-17 21:03:32 -04:00
2b712bc778
Move capabilities accessor logic to logical_system
2016-03-17 21:03:32 -04:00
7db7b47fdd
Merge pull request #1210 from hashicorp/audit-id-path
...
Rename id to path and path to file_path, print audit backend paths
2016-03-15 20:13:21 -04:00
8a5fc6b017
Sort and filter policies going into the create token entry, then use
...
that as the definitive source for the response Auth object.
2016-03-15 14:05:25 -04:00
3861c88211
Accept params both as part of URL or as part of http body
2016-03-14 19:14:36 -04:00
85a888d588
Enable token to be supplied in the body for lookup call
2016-03-14 18:56:00 -04:00
dd94e8e689
Fix broken test case
2016-03-14 18:44:13 -04:00
71fc07833f
Rename id to path and path to file_path, print audit backend paths
2016-03-14 17:15:07 -04:00
04eb6e79f0
Merge pull request #1200 from hashicorp/sethvargo/hcl_errors
...
Show HCL parsing errors and typos
2016-03-10 22:31:55 -05:00
90dd55b1e6
Sort policies before returning/storing, like we do in handleCreateCommon
2016-03-10 22:31:26 -05:00
8094077cd3
Fix broken test case
2016-03-10 20:06:22 -05:00
378db2bc3c
Add default policy to response auth object
2016-03-10 19:55:38 -05:00
f6adea85ce
Preserve pointer
2016-03-10 15:55:47 -05:00
ad7049eed1
Parse policy HCL syntax and keys
2016-03-10 15:25:25 -05:00
cba947b049
Fix path help description for rekey_backup
2016-03-09 21:04:54 -05:00
fa2ba47a5c
Merge branch 'master' into token-roles
2016-03-09 17:23:34 -05:00
d4371d1393
Add accessor to returned auth
2016-03-09 17:15:42 -05:00
6df72e6efd
Merge pull request #1168 from hashicorp/revoke-force
...
Add forced revocation.
2016-03-09 16:59:52 -05:00
d171931e59
Add unit test for forced revocation
2016-03-09 16:47:58 -05:00
0c4d5960a9
In-URL accessor for auth/token/lookup-accessor endpoint
2016-03-09 14:54:52 -05:00
2528ffbc18
Restore old regex expressions for token endpoints
2016-03-09 14:08:52 -05:00
f478cc57e0
fix all the broken tests
2016-03-09 13:45:36 -05:00
007142262f
Provide accessor to revove-accessor in the URL itself
2016-03-09 13:08:37 -05:00
3b302817e5
Added tests for lookup-accessor and revoke-accessor endpoints
2016-03-09 12:50:26 -05:00
2ecdde1781
Address final feedback
2016-03-09 11:59:54 -05:00
c4a2c5b56e
Added tests for 'sys/capabilities-accessor' endpoint
2016-03-09 11:29:09 -05:00
4785bec59d
Address review feedback
2016-03-09 11:07:13 -05:00
2e07f45bfa
Use role's allowed policies if none are given
2016-03-09 10:42:04 -05:00
926e7513d7
Added docs for /sys/capabilities-accessor
2016-03-09 09:48:32 -05:00
7407c27778
Add docs for new token endpoints
2016-03-09 09:31:09 -05:00
6a992272cd
New prefix for accessor indexes
2016-03-09 09:09:09 -05:00
151c932875
AccessorID --> Accessor, accessor_id --> accessor
2016-03-09 06:23:31 -05:00
913bbe7693
Error text corrections and minor refactoring
2016-03-08 22:27:24 -05:00
62777c9f7e
ErrUserInput --> StatusBadRequest
2016-03-08 21:47:24 -05:00
8117996378
Implemented /sys/capabilities-accessor and a way for setting HTTP error code in all the responses
2016-03-08 19:14:29 -05:00
2737c81b39
Lay the foundation for returning proper HTTP status codes
2016-03-08 18:27:03 -05:00
8c6afea1d0
Implemented /auth/token/revoke-accessor in token_store
2016-03-08 18:07:27 -05:00
a7adab25bc
Implemented lookup-accessor as a token_store endpoint
2016-03-08 17:38:19 -05:00
f19ee68fdb
placeholders for revoke-accessor and lookup-accessor
2016-03-08 15:13:29 -05:00
a7c97fcd18
Clear the accessor index during revocation
2016-03-08 14:06:10 -05:00
c0fb69a8b1
Create indexing from Accessor ID to Token ID
2016-03-08 14:06:10 -05:00
301776012f
Introduced AccessorID in TokenEntry and returning it along with token
2016-03-08 14:06:10 -05:00
be1163c64a
Merge pull request #1171 from hashicorp/capabilities-endpoint
...
Capabilities endpoint
2016-03-08 13:12:09 -05:00
419598ede2
Warn on error when in force revoke mode
2016-03-08 11:05:46 -05:00
08c40c9bba
Introduced ErrUserInput to distinguish user error from server error
2016-03-07 22:16:09 -05:00
3b463c2d4e
use errwrap to check the type of error message, fix typos
2016-03-07 18:36:26 -05:00
6b0f79f499
Address review feedback
2016-03-07 10:07:04 -05:00
cc1f5207b3
Merge branch 'master' into token-roles
2016-03-07 10:03:54 -05:00
aab24113b0
test cases for capabilities endpoint
2016-03-05 00:03:55 -05:00
9946a2d8b5
refactoring changes due to acl.Capabilities
2016-03-04 18:55:48 -05:00
402444c002
review rework 2
2016-03-04 18:08:13 -05:00
2f5e65ae24
review rework
2016-03-04 15:35:58 -05:00
35e71f3ebc
Place the response nil check before resp.IsError()
2016-03-04 15:13:04 -05:00
86dca39141
Fix testcase
2016-03-04 15:03:01 -05:00
da9152169b
changed response of expiration manager's renewtoken to logical.response
2016-03-04 14:56:51 -05:00
9217c49184
Adding acl.Capabilities to do the path matching
2016-03-04 12:04:26 -05:00
7fe871e60a
Removing the 'Message' field
2016-03-04 10:36:03 -05:00
b67ab8ab7c
Test files for capabilities endpoint
2016-03-04 10:36:03 -05:00
816f1f8631
self review rework
2016-03-04 10:36:03 -05:00
286e63a648
Handled root token use case
2016-03-04 10:36:03 -05:00
5b1100a84f
remove changes from token_store.go
2016-03-04 10:36:03 -05:00
abfbc74bd4
Remove capabilities changes from logical_system.go
2016-03-04 10:36:03 -05:00
f1fd5247ad
Add vault/capabilities.go
2016-03-04 10:36:02 -05:00
5749a6718c
Added sys/capabililties endpoint
2016-03-04 10:36:02 -05:00
a03ecb64ce
Merge pull request #1172 from hashicorp/sanitize-mount-paths
...
Create a unified function to sanitize mount paths.
2016-03-03 13:46:38 -05:00
7394f97439
Fix out-of-date comment
2016-03-03 13:37:51 -05:00
0d46fb4696
Create a unified function to sanitize mount paths.
...
This allows mount paths to start with '/' in addition to ensuring they
end in '/' before leaving the system backend.
2016-03-03 13:13:47 -05:00
3e7bca82a1
Merge pull request #1146 from hashicorp/step-down
...
Provide 'sys/step-down' and 'vault step-down'
2016-03-03 12:30:08 -05:00
9bf6c40974
Add default case for if the step down channel is blocked
2016-03-03 12:29:30 -05:00
9717ca5931
Strip leading paths in policies.
...
It appears to be a common mistake, but they won't ever match.
Fixes #1167
2016-03-03 11:32:48 -05:00
62f1b3f91c
Remove unneeded sleeps in test code
2016-03-03 11:09:27 -05:00
41dba5dd5d
Move descriptions into const block
2016-03-03 11:04:05 -05:00
cd86226845
Add forced revocation.
...
In some situations, it can be impossible to revoke leases (for instance,
if someone has gone and manually removed users created by Vault). This
can not only cause Vault to cycle trying to revoke them, but it also
prevents mounts from being unmounted, leaving them in a tainted state
where the only operations allowed are to revoke (or rollback), which
will never successfully complete.
This adds a new endpoint that works similarly to `revoke-prefix` but
ignores errors coming from a backend upon revocation (it does not ignore
errors coming from within the expiration manager, such as errors
accessing the data store). This can be used to force Vault to abandon
leases.
Like `revoke-prefix`, this is a very sensitive operation and requires
`sudo`. It is implemented as a separate endpoint, rather than an
argument to `revoke-prefix`, to ensure that control can be delegated
appropriately, as even most administrators should not normally have
this privilege.
Fixes #1135
2016-03-03 10:13:59 -05:00
9c47b8c0a7
Remove sys_policy from special handling as it's implemented in
...
logical_system too. Clean up the mux handlers.
2016-03-02 14:16:54 -05:00
7c5f810bc0
Address first round of feedback
2016-03-01 15:30:37 -05:00
8a500e0181
Add command and token store documentation for roles
2016-03-01 13:02:40 -05:00
54232eb980
Add other token role unit tests and some minor other changes.
2016-03-01 12:41:41 -05:00
df2e337e4c
Update tests to add expected role parameters
2016-03-01 12:41:40 -05:00
b8b59560dc
Add token role CRUD tests
2016-03-01 12:41:40 -05:00
ef990a3681
Initial work on token roles
2016-03-01 12:41:40 -05:00
b5a8e5d724
Fix commenting
2016-02-29 20:29:04 -05:00
6a980b88fd
Address review feedback
2016-02-28 21:51:50 -05:00
11ddd2290b
Provide 'sys/step-down' and 'vault step-down'
...
This endpoint causes the node it's hit to step down from active duty.
It's a noop if the node isn't active or not running in HA mode. The node
will wait one second before attempting to reacquire the lock, to give
other nodes a chance to grab it.
Fixes #1093
2016-02-26 19:43:55 -05:00
4c87c101f7
Fix tests
2016-02-26 16:44:35 -05:00
bc4710eb06
Cert: renewal enhancements
2016-02-24 14:31:38 -05:00
fff201014d
Merge pull request #1021 from hashicorp/vault-seal-1006
...
Sealing vault in standby mode
2016-02-03 15:22:16 -05:00
eeea9710b6
Generalized the error message and updated doc
2016-02-03 15:06:18 -05:00
63d63e8dbc
Oops, we needed that, but for a different reason than the comment said. So put the test back but fix the comment
2016-02-03 14:05:29 -05:00
fd4283b430
Remove some unneeded copied logic from passthrough in cubbyhole
2016-02-03 13:57:34 -05:00
1394555a4d
Add listing of cubbyhole's root to the default policy.
...
This allows `vault list cubbyhole` to behave as expected rather than
requiring `vault list cubbyhole/`. It could be special cased in logic,
but it also serves as a model for the same behavior in e.g. `generic`
mounts where special casing is not possible due to unforeseen mount
paths.
2016-02-03 13:50:47 -05:00
f5fbd12ac3
Test for seal on standby node
2016-02-03 12:28:01 -05:00
a10888f1f1
Added comments to changes the error message
2016-02-03 11:35:47 -05:00
f1facb0f9f
Throw error on sealing vault in standby mode
2016-02-03 10:58:33 -05:00
ff3adce39e
Make "ttl" reflect the actual TTL of the token in lookup calls.
...
Add a new value "creation_ttl" which holds the value at creation time.
Fixes #986
2016-02-01 11:16:32 -05:00
d3a705f17b
Make backends much more consistent:
...
1) Use the new LeaseExtend
2) Use default values controlled by mount tuning/system defaults instead
of a random hard coded value
3) Remove grace periods
2016-01-29 20:03:37 -05:00
dcf844027b
Show entry path in log, not internal view path
2016-01-28 12:34:49 -05:00
8b9fa042fe
If the path is not correct, don't fail due to existence check, fail due to unsupported path
2016-01-23 14:05:09 -05:00
12c00b97ef
Allow backends to see taint status.
...
This can be seen via System(). In the PKI backend, if the CA is
reconfigured but not fully (e.g. an intermediate CSR is generated but no
corresponding cert set) and there are already leases (issued certs), the
CRL is unable to be built. As a result revocation fails. But in this
case we don't actually need revocation to be successful since the CRL is
useless after unmounting. By checking taint status we know if we can
simply fast-path out of revocation with a success in this case.
Fixes #946
2016-01-22 17:01:22 -05:00
9cac7ccd0f
Add some commenting
2016-01-22 10:13:49 -05:00
3955604d3e
Address more list feedback
2016-01-22 10:07:32 -05:00
eb847f4e36
Error out if trying to write to a directory path
2016-01-22 10:07:32 -05:00
be1b4c8a46
Only allow listing on folders and enforce this. Also remove string sorting from Consul backend as it's not a requirement and other backends don't do it.
2016-01-22 10:07:32 -05:00
e412ac8461
Remove bare option, prevent writes ending in slash, and return an exact file match as "."
2016-01-22 10:07:32 -05:00
455931873a
Address some review feedback
2016-01-22 10:07:32 -05:00
5341cb69cc
Updates and documentation
2016-01-22 10:07:32 -05:00
b2bde47b01
Pull out setting the root token ID; use the new ParseUUID method in
...
go-uuid instead, and revoke if there is an error.
2016-01-19 19:44:33 -05:00
7a59af7d18
Fix lost code after rebase
2016-01-19 19:19:07 -05:00
973c888833
RootGeneration->GenerateRoot
2016-01-19 18:28:10 -05:00
3b994dbc7f
Add the ability to generate root tokens via unseal keys.
2016-01-19 18:28:10 -05:00
1ac2faa136
Implement existence check for cubbyhole
2016-01-16 19:35:11 -05:00
b830e29449
Use capabilities rather than policies in default policy. Also add cubbyhole to it.
2016-01-16 18:02:31 -05:00
9857da207c
Move rekey to its own files for cleanliness
2016-01-14 17:01:04 -05:00
9c5ad28632
Update deps, and adjust usage of go-uuid to match new return values
2016-01-13 13:40:08 -05:00
f9bbe0fb04
Use logical operations instead of strings for comparison
2016-01-12 21:16:31 -05:00
d949043cac
Merge pull request #914 from hashicorp/acl-rework
...
More granular ACL capabilities
2016-01-12 21:11:52 -05:00
4253299dfe
Store uint32s in radix
2016-01-12 17:24:01 -05:00
e58705b34c
Cleanup
2016-01-12 17:10:48 -05:00
87fba5dad0
Convert map to bitmap
2016-01-12 17:08:10 -05:00
da87d490eb
Add some commenting around create/update
2016-01-12 15:13:54 -05:00
9db22dcfad
Address some more review feedback
2016-01-12 15:09:16 -05:00
ce5bd64244
Clean up HelpOperation
2016-01-12 14:34:49 -05:00
a99787afeb
Don't allow a policy with no name, even though it is a valid slice member
2016-01-08 21:23:40 -05:00
f6d2271a3c
Use an array of keys so that if the same fingerprint is used none are lost when using PGP key backup
2016-01-08 14:29:23 -05:00
4f4ddbf017
Create more granular ACL capabilities.
...
This commit splits ACL policies into more fine-grained capabilities.
This both drastically simplifies the checking code and makes it possible
to support needed workflows that are not possible with the previous
method. It is backwards compatible; policies containing a "policy"
string are simply converted to a set of capabilities matching previous
behavior.
Fixes #724 (and others).
2016-01-08 13:05:14 -05:00
f3ce90164f
WriteOperation -> UpdateOperation
2016-01-08 13:03:03 -05:00
2412c078ac
Also convert policy store cache to 2q.
...
Ping #908
2016-01-07 09:26:08 -05:00
85509e7ba5
Simplify some logic and ensure that if key share backup fails, we fail
...
the operation as well.
Ping #907
2016-01-06 13:14:23 -05:00
a094eedce2
Add rekey nonce/backup.
2016-01-06 09:54:35 -05:00
d51d723c1f
Use int64 for converting time values, not int (will be float64 in JSON anyways, so no need to lose precision, plus could hit a 32-bit max in some edge cases)
2016-01-04 17:11:22 -05:00
e990b77d6e
Address review feedback; move storage of these values to the expiration manager
2016-01-04 16:43:07 -05:00
5ddd243144
Store a last renewal time in the token entry and return it upon lookup
...
of the token.
Fixes #889
2016-01-04 11:20:49 -05:00
df68e3bd4c
Filter out duplicate policies during token creation.
2015-12-30 15:18:30 -05:00
96cb7d0051
Commenting/format update
2015-12-18 10:34:54 -05:00
4482fdacfd
If we have not yet completed post-unseal when running in single-node
...
mode, don't advertise that we are active.
Ping #872
2015-12-17 13:48:08 -05:00
f2da5b639f
Migrate 'uuid' to 'go-uuid' to better fit HC naming convention
2015-12-16 12:56:20 -05:00
b2a0b48a2e
Add test to ensure the right backend was used with separate HA
2015-12-14 20:48:22 -05:00
7ce8aff906
Address review feedback
2015-12-14 17:58:30 -05:00
ced0835574
Allow separate HA physical backend.
...
With no separate backend specified, HA will be attempted on the normal
physical backend.
Fixes #395 .
2015-12-14 07:59:58 -05:00
900b3d8882
Return 400 instead of 500 if generic backend is written to without data.
...
Fixes #825
2015-12-09 10:39:22 -05:00
1c7157e632
Reintroduce the ability to look up obfuscated values in the audit log
...
with a new endpoint '/sys/audit-hash', which returns the given input
string hashed with the given audit backend's hash function and salt
(currently, always HMAC-SHA256 and a backend-specific salt).
In the process of adding the HTTP handler, this also removes the custom
HTTP handlers for the other audit endpoints, which were simply
forwarding to the logical system backend. This means that the various
audit functions will now redirect correctly from a standby to master.
(Tests all pass.)
Fixes #784
2015-11-18 20:26:03 -05:00
bece637eb7
Address feedback from review
2015-11-15 17:32:57 -05:00
bc4c18a1cf
Rearchitect MountTable locking and fix rollback.
...
The rollback manager was using a saved MountTable rather than the
current table, causing it to attempt to rollback unmounted mounts, and
never rollback new mounts.
In fixing this, it became clear that bad things could happen to the
mount table...the table itself could be locked, but the table pointer
(which is what the rollback manager needs) could be modified at any time
without locking. This commit therefore also returns locking to a mutex
outside the table instead of inside, and plumbs RLock/RUnlock through to
the various places that are reading the table but not holding a write
lock.
Both unit tests and race detection pass.
Fixes #771
2015-11-11 11:54:52 -05:00
1a45696208
Add no-default-policy flag and API parameter to allow exclusion of the
...
default policy from a token create command.
2015-11-09 17:30:50 -05:00
d6693129de
Create a "default" policy with sensible rules.
...
It is forced to be included with each token, but can be changed (but not
deleted).
Fixes #732
2015-11-09 15:44:09 -05:00
1a621b7000
Minor test fix
2015-11-09 15:37:30 -05:00
8673f36b34
Don't require root tokens for mount and policy endpoints.
2015-11-09 15:29:21 -05:00
5783f547ab
Display whether a token is an orphan on lookup.
2015-11-09 13:19:59 -05:00
7aa3faa626
Rename core's 'policy' to 'policyStore' for clarification
2015-11-06 12:07:42 -05:00
7d8371c4a3
Remove warning about nonexistent root policy by using GetPolicy instead
...
of the listing function.
2015-11-06 11:36:40 -05:00
395d6bead4
Fix removing secondary index from exp manager.
...
Due to a typo, revoking ensures that index entries are created rather
than removed. This adds a failing, then fixed test case (and helper
function) to ensure that index entries are properly removed on revoke.
Fixes #749
2015-11-04 10:50:31 -05:00
6ccded7a2f
Add ability to create orphan tokens from the API
2015-11-03 15:12:21 -05:00
a9db12670a
errwrap -> go-multierror + errwrap
2015-11-02 13:29:33 -05:00
7e9918ec8e
Run preSeal if postUnseal fails.
...
This also ensures that every error path out of postUnseal returns an
error.
Fixes #733
2015-11-02 13:29:33 -05:00
1899bd8ef0
Merge pull request #730 from hashicorp/issue-713
...
Write HMAC-SHA256'd client token to audited requests
2015-10-30 13:36:22 -04:00
94b7be702b
Return data on a token with one use left if there is no Lease ID
...
Fixes #615
2015-10-30 12:35:42 -04:00
636d57a026
Make the token store's Create and RootToken functions non-exported.
...
Nothing requires them to be exported, and I don't want anything in the
future to think it's okay to simply create a root token when it likes.
2015-10-30 10:59:26 -04:00
cf4b88c196
Write HMAC-SHA256'd client token to audited requests
...
Fixes #713
2015-10-29 13:26:18 -04:00
85d4dd6a1d
Check TTL provided to generic backend on write
...
If existing entries have unparseable TTLs, return the value plus a
warning, rather than an error.
Fixes #718
2015-10-29 11:05:21 -04:00
c1d8b97342
Add reset support to the unseal command.
...
Reset clears the provided unseal keys, allowing the process to be begun
again. Includes documentation and unit test changes.
Fixes #695
2015-10-28 15:59:39 -04:00
fffcfc668b
Fixed comment spelling mistake and removed unnecessary variable allocation
2015-10-15 14:51:30 -04:00
78b5fcdf51
Serialize changing the state of the expiration manager pointer and
...
calling emitMetrics from its own goroutine.
Fixes #694
2015-10-12 16:33:54 -04:00
ed6ce1c53e
Fix a logic bug around setting both a mount default and max at the same time. Ping #688 .
2015-10-12 14:57:43 -04:00
a9155ef85e
Use split-out hashicorp/uuid
2015-10-12 14:07:12 -04:00
5fbaa0e64d
Apply mount-tune properties to the token authentication backend.
...
Fixes #688 .
2015-10-09 20:26:39 -04:00
e02517ae42
Rename tune functions
2015-10-09 20:00:17 -04:00
b5d674d94e
Add 301 redirect checking to the API client.
...
Vault doesn't generate these, but in some cases Go's internal HTTP
handler does. For instance, during a mount-tune command, finishing the
mount path with / (as in secret/) would cause the final URL path to
contain .../mounts/secret//tune. The double slash would trigger this
behavior in Go's handler and generate a 301. Since Vault generates 307s,
this would cause the client to think that everything was okay when in
fact nothing had happened.
2015-10-09 17:11:31 -04:00
bd1dce7f95
Address review feedback for #684
2015-10-08 14:34:10 -04:00
d58a3b601c
Add a cleanLeaderPrefix function to clean up stale leader entries in core/leader
...
Fixes #679 .
2015-10-08 14:04:58 -04:00
d740fd4a6a
Add the ability for warnings to be added to responses. These are
...
marshalled into JSON or displayed from the CLI depending on the output
mode. This allows conferring information such as "no such policy exists"
when creating a token -- not an error, but something the user should be
aware of.
Fixes #676
2015-10-07 16:18:39 -04:00
50b9129e65
Normalize policy names to lowercase on write. They are not currently
...
normalized when reading or deleting, for backwards compatibility.
Ping #676 .
2015-10-07 13:52:21 -04:00
4a52de13e3
Add renew-self endpoint.
...
Fixes #455 .
2015-10-07 12:49:13 -04:00
3c914f7fa8
Add revocation/renewal functions in all cases in the generic backend.
...
Fixes #673 .
2015-10-07 11:42:23 -04:00
21644751ed
Fix the key rotation upgrade check error message
2015-10-05 18:23:32 -04:00
145aee229e
Merge branch 'master' of https://github.com/hashicorp/vault
2015-10-03 00:07:34 -04:00
8f27c250d6
Fix problematic logging statements.
...
Fixes #665 .
2015-10-02 18:31:46 -07:00
3dd84446ab
Github backend: enable auth renewals
2015-10-02 13:33:19 -04:00
ca50012017
Format token lease/TTL as int in JSON API when looking up
2015-09-27 22:36:36 -04:00
6ef455af89
Fix warnings returned by `make vet`
...
$GOPATH/src/github.com/hashicorp/vault/vault/policy.go:69: unreachable code
$GOPATH/src/github.com/hashicorp/vault/vault/policy_store_test.go:139: github.com/hashicorp/vault/logical.StorageEntry composite literal uses unkeyed fields
2015-09-26 21:17:39 -07:00
62ac518ae7
Switch per-mount values to strings going in and seconds coming out, like other commands. Indicate deprecation of 'lease' in the token backend.
2015-09-25 10:41:21 -04:00
c694c7d31d
Fix situation where a new required singleton backend would not be activated upon upgrade.
2015-09-21 17:54:36 -04:00
81e535dc2d
Minor updates to passthrough and additional tests
2015-09-21 16:57:41 -04:00
47e8c0070a
Don't use leases on the generic backend...with a caveat.
...
You can now turn on and off the lease behavior in the generic backend by
using one of two factories. Core uses the normal one if it's not already
set, so unit tests can use the custom one and all stay working.
This also adds logic into core to check, when the response is coming
from a generic backend, whether that backend has leases enabled. This
adds some slight overhead.
2015-09-21 16:37:37 -04:00
d526c8ce1c
Merge pull request #629 from hashicorp/token-create-sudo
...
TokenStore: Provide access based on sudo permissions and not policy name
2015-09-21 10:12:29 -04:00
1a01ab3608
Take ClientToken instead of Policies
2015-09-21 10:04:03 -04:00
ab7d35b95e
Fix up per-backend timing logic; also fix error in TypeDurationSecond in
...
GetOkErr.
2015-09-21 09:55:03 -04:00
3b51ee1c48
Using core's logger
2015-09-19 19:01:36 -04:00
02485e7175
Abstraced SudoPrivilege to take list of policies
2015-09-19 18:23:44 -04:00
a2799b235e
Using acl.RootPrivilege and rewrote mockTokenStore
2015-09-19 17:53:24 -04:00
c5ddfbc391
Bump AESGCM version; include path in the GCM tags.
2015-09-19 17:04:37 -04:00
b6d47dd784
fix broken tests
2015-09-19 12:33:52 -04:00
68c268a6f0
Allow tuning of auth mounts, to set per-mount default/max lease times
2015-09-19 11:50:50 -04:00
c8a0eda224
Use hmac-sha256 for protecting secrets in audit entries
2015-09-19 11:29:31 -04:00
fb77ec3623
TokenStore: Provide access based on sudo permissions and not policy name
2015-09-19 11:14:51 -04:00
5dde76fa1c
Expand HMAC support in Salt; require an identifier be passed in to specify type but allow generation with and without. Add a StaticSalt ID for testing functions. Fix bugs; unit tests pass.
2015-09-18 17:38:30 -04:00
b655f6b858
Add HMAC capability to salt. Pass a salt into audit backends. Require it for audit.Hash.
2015-09-18 17:38:22 -04:00
d775445efe
Store token creation time and TTL. This can be used to properly populate
...
fields in 'lookup-self'. Importantly, this also makes credential
backends use the SystemView per-backend TTL values and fixes unit tests
to expect this.
Fully fixes #527
2015-09-18 16:39:35 -04:00
8f79e8be82
Add revoke-self endpoint.
...
Fixes #620 .
2015-09-17 13:22:30 -04:00
047ba90a44
Restrict orphan revocation to root tokens
2015-09-16 09:22:15 -04:00
e7d5a18e94
Directly pass the cubbyhole backend to the token store and bypass logic in router
2015-09-15 13:50:37 -04:00
849b78daee
Move more cubby logic outside of router into auth setup
2015-09-15 13:50:37 -04:00
bdb8cf128d
Cleanup; remove everything but double-salting from the router and give
...
the token store cubby backend information for direct calling.
2015-09-15 13:50:37 -04:00
b50f7ec1b5
Remove noop checks in unmount/remount and restore previous behavior
2015-09-15 13:50:37 -04:00
77e7379ab5
Implement the cubbyhole backend
...
In order to implement this efficiently, I have introduced the concept of
"singleton" backends -- currently, 'sys' and 'cubbyhole'. There isn't
much reason to allow sys to be mounted at multiple places, and there
isn't much reason you'd need multiple per-token storage areas. By
restricting it to just one, I can store that particular mount instead of
iterating through them in order to call the appropriate revoke function.
Additionally, because revocation on the backend needs to be triggered by
the token store, the token store's salt is kept in the router and
client tokens going to the cubbyhole backend are double-salted by the
router. This allows the token store to drive when revocation happens
using its salted tokens.
2015-09-15 13:50:37 -04:00
104b29ab04
Rename View to StorageView to make it more distinct from SystemView
2015-09-15 13:50:37 -04:00
699e12a1c6
When there is one use left and a Secret is being returned, instead
...
return a descriptive error indicating that the Secret cannot be returned
because when the token was revoked the secret was too. This prevents
confusion where credentials come back but cannot be used.
Fixes #615
2015-09-14 11:07:27 -04:00
142cb563a6
Improve documentation of token renewal
2015-09-11 21:08:32 -04:00
d3aec0ba31
Cleanup routines should now use routeEntry instead of mountEntry.
2015-09-11 13:40:31 +03:00
fb07cf9f53
Implement clean up routine to backend as some backends may require
...
e.g closing database connections on unmount to avoud connection
stacking.
2015-09-11 11:45:58 +03:00
39cfcccdac
Remove error returns from sysview TTL calls
2015-09-10 15:09:54 -04:00
65ceb3439d
Be consistent as both are the same pointer here
2015-09-10 15:09:54 -04:00
5de736e69c
Implement shallow cloning to allow MountEntry pointers to stay consistent when spread across router/core/system views
2015-09-10 15:09:54 -04:00
ace611d56d
Address items from feedback. Make MountConfig use values rather than
...
pointers and change how config is read to compensate.
2015-09-10 15:09:54 -04:00
c460ff10ca
Push a lot of logic into Router to make a bunch of it nicer and enable a
...
lot of cleanup. Plumb config and calls to framework.Backend.Setup() into
logical_system and elsewhere, including tests.
2015-09-10 15:09:54 -04:00
eff1c331ad
Add more unit tests against backend TTLs, and fix two bugs found by them
...
(yay unit tests!)
2015-09-10 15:09:54 -04:00
86ccae7bd5
Fix mount config test by proxying mounts/ in addition to mounts
2015-09-10 15:09:54 -04:00
Jeff Mitchell