e925987cb6
Add token accessor to wrap information if one exists
2016-06-13 23:58:17 +00:00
6c5e1969ac
Added GetDefaultOrZero method to FieldData
2016-06-10 10:42:01 -04:00
10b218d292
Use time.Time which does RFC3339 across the wire to handle time zones. Arguably we should change the API to always do this...
2016-06-07 16:01:09 -04:00
401456ea50
Add creation time to returned wrapped token info
...
This makes it easier to understand the expected lifetime without a
lookup call that uses the single use left on the token.
This also adds a couple of safety checks and for JSON uses int, rather
than int64, for the TTL for the wrapped token.
2016-06-07 15:00:35 -04:00
8f437d6142
Make logical.InmemStorage a wrapper around physical.InmemBackend.
...
This:
* Allows removing LockingInmemStorage since the physical backend already
locks properly
* Makes listing work properly by adhering to expected semantics of only
listing up to the next prefix separator
* Reduces duplicated code
2016-06-06 12:03:08 -04:00
72cfd19078
Add some comments to sanitize
2016-05-16 16:12:45 -04:00
c4431a7e30
Address most review feedback. Change responses to multierror to better return more useful values when there are multiple errors
2016-05-16 16:11:33 -04:00
4c67a739b9
Merge branch 'master-oss' into cubbyhole-the-world
2016-05-16 12:14:40 -04:00
7a4b31ce51
Speling police
2016-05-15 09:58:36 -07:00
6f65d9293a
Fix framework rollback manager tests
2016-05-14 19:35:36 -04:00
ddcaf26396
Merge branch 'master-oss' into aws-auth-backend
2016-05-10 14:50:00 -04:00
31e1ed2417
Implement WrapInfo audit logging
2016-05-07 20:03:56 -04:00
2295cadbf4
Make WrapInfo a pointer to match secret/auth in response
2016-05-07 19:17:51 -04:00
c52d352332
Merge branch 'master-oss' into cubbyhole-the-world
2016-05-07 16:40:04 -04:00
d77563994c
Merge pull request #1346 from hashicorp/disable-all-caches
...
Disable all caches
2016-05-07 16:33:45 -04:00
75dbbff1a6
Merge branch 'master-oss' into cubbyhole-the-world
2016-05-05 20:45:36 -04:00
3e71221839
Merge remote-tracking branch 'origin/master' into aws-auth-backend
2016-05-05 10:04:52 -04:00
92fe94546c
Split SanitizeTTL method to support time.Duration parameters as well
2016-05-05 09:45:48 -04:00
fe1f56de40
Make a non-caching but still locking variant of transit for when caches are disabled
2016-05-02 22:36:44 -04:00
8572190b64
Plumb disabling caches through the policy store
2016-05-02 22:36:44 -04:00
642163f8b0
Remove MountPoint from internal wrap object, for now at least
2016-05-02 10:29:51 -04:00
aba689a877
Add wrapping through core and change to use TTL instead of Duration.
2016-05-02 00:47:35 -04:00
d81806b446
Add:
...
* Request/Response field extension
* Parsing of header into request object
* Handling of duration/mount point within router
* Tests of router WrapDuration handling
2016-05-02 00:24:32 -04:00
21854776af
Added cooldown period for periodic tidying operation
2016-04-26 10:22:29 -04:00
9aa8fb6cc1
Support periodic tidy callback and config endpoints.
2016-04-26 10:22:29 -04:00
aeea7628d6
Add a *log.Logger argument to physical.Factory
...
Logging in the backend is a good thing. This is a noisy interface change but should be a functional noop.
2016-04-25 20:10:32 -07:00
86455b4720
Only show params if there are fields
2016-04-13 22:15:06 +01:00
a861125900
Added a TODO for 'Check' function
2016-04-06 12:51:49 -04:00
d9dcbe04d8
Fix ErrorOk handling
2016-04-06 12:29:04 -04:00
1df5c4d0ce
Use AcceptanceTest bool in Test() function
2016-04-05 16:48:11 -04:00
fd8b023655
s/TF_ACC/VAULT_ACC
2016-04-05 15:24:59 -04:00
95abdebb06
Added AcceptanceTest boolean to logical.TestCase
2016-04-05 15:10:44 -04:00
afae46feb7
SealInterface
2016-04-04 10:44:22 -04:00
ba9b5b8847
Fix SanitizeTTL check
2016-03-16 14:27:01 -04:00
3861c88211
Accept params both as part of URL or as part of http body
2016-03-14 19:14:36 -04:00
151c932875
AccessorID --> Accessor, accessor_id --> accessor
2016-03-09 06:23:31 -05:00
913bbe7693
Error text corrections and minor refactoring
2016-03-08 22:27:24 -05:00
301776012f
Introduced AccessorID in TokenEntry and returning it along with token
2016-03-08 14:06:10 -05:00
7d41607b6e
Add "tidy/" which allows removing expired certificates.
...
A buffer is used to ensure that we only remove certificates that are
both expired and for which the buffer has past. Options allow removal
from revoked/ and/or certs/.
2016-02-24 21:24:48 -05:00
f9fb20bbe4
Make SanitizeTTL treat an empty string the same as a "0" string.
...
This causes a 0 TTL to be returned for the value, which is a clue to
other parts of Vault to use appropriate defaults. However, this makes
the defaults be used at lease allocation or extension time instead of
when parsing parameters.
2016-02-18 16:51:36 -05:00
eb1deefac1
Introduce a locking inmem storage for unit tests that are doing concurrent things
2016-02-04 09:40:35 -05:00
627082b838
Remove grace periods
2016-01-31 19:33:16 -05:00
d5584e12bc
invert logic to prefer client increment
2016-01-29 20:02:15 -05:00
4619473175
Update proposed time
2016-01-29 19:31:37 -05:00
7353fa3e56
Adjust framework unit tests for new LeaseExtend
2016-01-29 19:31:37 -05:00
f53136ab09
Update LeaseExtend
2016-01-29 19:31:37 -05:00
12c00b97ef
Allow backends to see taint status.
...
This can be seen via System(). In the PKI backend, if the CA is
reconfigured but not fully (e.g. an intermediate CSR is generated but no
corresponding cert set) and there are already leases (issued certs), the
CRL is unable to be built. As a result revocation fails. But in this
case we don't actually need revocation to be successful since the CRL is
useless after unmounting. By checking taint status we know if we can
simply fast-path out of revocation with a success in this case.
Fixes #946
2016-01-22 17:01:22 -05:00
8069fa7972
Address some listing review feedback
2016-01-22 10:07:32 -05:00
5341cb69cc
Updates and documentation
2016-01-22 10:07:32 -05:00
f9bbe0fb04
Use logical operations instead of strings for comparison
2016-01-12 21:16:31 -05:00
Jeff Mitchell