Jeff Mitchell
3129187dc2
JWT wrapping tokens ( #2172 )
2017-01-04 16:44:03 -05:00
Vishal Nayak
e3f56f375c
Add 'no-store' response header from all the API outlets ( #2183 )
2016-12-15 17:53:07 -05:00
Thomas Soëte
c29e5c8bad
Use 'http.MaxBytesReader' to limit request size ( #2131 )
...
Fix 'connection reset by peer' error introduced by 300b72e
2016-12-01 10:59:00 -08:00
Armon Dadgar
57ad75071c
http: increase request limit from 8MB to 32MB
2016-11-17 12:15:37 -08:00
Armon Dadgar
c8dadb46ec
http: limit maximum request size
2016-11-17 12:06:43 -08:00
Vishal Nayak
b3c805e662
Audit the client token accessors ( #2037 )
2016-10-29 17:01:49 -04:00
Jeff Mitchell
b45a481365
Wrapping enhancements ( #1927 )
2016-09-28 21:01:28 -07:00
Jeff Mitchell
7ba006acd9
Remove too-verbose log
2016-09-04 07:43:54 -04:00
Jeff Mitchell
7e41d5ab45
Pass headers back when request forwarding ( #1795 )
2016-08-26 17:53:47 -04:00
Jeff Mitchell
58b32e5432
Convert to logxi
2016-08-21 18:13:37 -04:00
Jeff Mitchell
bdcfe05517
Clustering enhancements ( #1747 )
2016-08-19 11:03:53 -04:00
Jeff Mitchell
37320f8798
Request forwarding ( #1721 )
...
Add request forwarding.
2016-08-15 09:42:42 -04:00
Jeff Mitchell
5771a539a5
Add HTTP test for renew and fix muxing
2016-08-08 20:01:08 -04:00
Jeff Mitchell
ab71b981ad
Add ability to specify renew lease ID in POST body.
2016-08-08 18:00:44 -04:00
Jeff Mitchell
1fc837c22a
Fix nil panic in certain error conditions
2016-08-02 14:57:11 -04:00
vishalnayak
c14235b206
Merge branch 'master-oss' into json-use-number
...
Conflicts:
http/handler.go
logical/framework/field_data.go
logical/framework/wal.go
vault/logical_passthrough.go
2016-07-15 19:21:55 -04:00
Jeff Mitchell
5b210b2a1f
Return a duration instead and port a few other places to use it
2016-07-11 18:19:35 +00:00
vishalnayak
ad7cb2c8f1
Added JSON Decode and Encode helpers.
...
Changed all the occurances of Unmarshal to use the helpers.
Fixed http/ package tests.
2016-07-06 12:25:40 -04:00
Jeff Mitchell
889ff24ccf
Fix up error detection regression to return correct status codes
2016-06-22 17:47:05 -04:00
Jeff Mitchell
401456ea50
Add creation time to returned wrapped token info
...
This makes it easier to understand the expected lifetime without a
lookup call that uses the single use left on the token.
This also adds a couple of safety checks and for JSON uses int, rather
than int64, for the TTL for the wrapped token.
2016-06-07 15:00:35 -04:00
Jeff Mitchell
c4431a7e30
Address most review feedback. Change responses to multierror to better return more useful values when there are multiple errors
2016-05-16 16:11:33 -04:00
Jeff Mitchell
09f06554cb
Address some review feedback
2016-05-04 16:03:53 -04:00
Jeff Mitchell
aba689a877
Add wrapping through core and change to use TTL instead of Duration.
2016-05-02 00:47:35 -04:00
Jeff Mitchell
d81806b446
Add:
...
* Request/Response field extension
* Parsing of header into request object
* Handling of duration/mount point within router
* Tests of router WrapDuration handling
2016-05-02 00:24:32 -04:00
Jeff Mitchell
afae46feb7
SealInterface
2016-04-04 10:44:22 -04:00
vishalnayak
fbfe72f286
Removed http/sys_capabilties_test.go
2016-03-18 09:48:45 -04:00
vishalnayak
55f03b5d25
Add separate path for capabilities-self to enable ACL
2016-03-17 22:52:03 -04:00
vishalnayak
a70d4d5c9f
Deleted http/sys_capabilities.go since the requests are directly going to system backend
2016-03-17 22:44:48 -04:00
vishalnayak
4e6dcfd6d0
Enable callbacks for handling logical.Request changes before processing requests
2016-03-17 22:29:53 -04:00
vishalnayak
62777c9f7e
ErrUserInput --> StatusBadRequest
2016-03-08 21:47:24 -05:00
vishalnayak
8117996378
Implemented /sys/capabilities-accessor and a way for setting HTTP error code in all the responses
2016-03-08 19:14:29 -05:00
vishalnayak
2737c81b39
Lay the foundation for returning proper HTTP status codes
2016-03-08 18:27:03 -05:00
vishalnayak
07f9486ecb
Added capabilities and capabilities-self endpoints to http muxer
2016-03-04 10:36:03 -05:00
Jeff Mitchell
3e7bca82a1
Merge pull request #1146 from hashicorp/step-down
...
Provide 'sys/step-down' and 'vault step-down'
2016-03-03 12:30:08 -05:00
Jeff Mitchell
6ed5d10580
Remove proxy function as it's unneeded now
2016-03-02 14:55:51 -05:00
Jeff Mitchell
9c47b8c0a7
Remove sys_policy from special handling as it's implemented in
...
logical_system too. Clean up the mux handlers.
2016-03-02 14:16:54 -05:00
Jeff Mitchell
11ddd2290b
Provide 'sys/step-down' and 'vault step-down'
...
This endpoint causes the node it's hit to step down from active duty.
It's a noop if the node isn't active or not running in HA mode. The node
will wait one second before attempting to reacquire the lock, to give
other nodes a chance to grab it.
Fixes #1093
2016-02-26 19:43:55 -05:00
Jeff Mitchell
973c888833
RootGeneration->GenerateRoot
2016-01-19 18:28:10 -05:00
Jeff Mitchell
3b994dbc7f
Add the ability to generate root tokens via unseal keys.
2016-01-19 18:28:10 -05:00
Jeff Mitchell
455acc255b
Have 'sys/renew' return the value provided in Secret.
...
Fixes a regression introduced in 0.3.
2016-01-07 11:35:09 -05:00
Jeff Mitchell
a094eedce2
Add rekey nonce/backup.
2016-01-06 09:54:35 -05:00
Jeff Mitchell
1c7157e632
Reintroduce the ability to look up obfuscated values in the audit log
...
with a new endpoint '/sys/audit-hash', which returns the given input
string hashed with the given audit backend's hash function and salt
(currently, always HMAC-SHA256 and a backend-specific salt).
In the process of adding the HTTP handler, this also removes the custom
HTTP handlers for the other audit endpoints, which were simply
forwarding to the logical system backend. This means that the various
audit functions will now redirect correctly from a standby to master.
(Tests all pass.)
Fixes #784
2015-11-18 20:26:03 -05:00
Jeff Mitchell
77e7379ab5
Implement the cubbyhole backend
...
In order to implement this efficiently, I have introduced the concept of
"singleton" backends -- currently, 'sys' and 'cubbyhole'. There isn't
much reason to allow sys to be mounted at multiple places, and there
isn't much reason you'd need multiple per-token storage areas. By
restricting it to just one, I can store that particular mount instead of
iterating through them in order to call the appropriate revoke function.
Additionally, because revocation on the backend needs to be triggered by
the token store, the token store's salt is kept in the router and
client tokens going to the cubbyhole backend are double-salted by the
router. This allows the token store to drive when revocation happens
using its salted tokens.
2015-09-15 13:50:37 -04:00
Jeff Mitchell
86ccae7bd5
Fix mount config test by proxying mounts/ in addition to mounts
2015-09-10 15:09:54 -04:00
Jeff Mitchell
4596ed6484
Remove custom http/sys_auth handler in favor of logical. Unit tests
...
pass.
2015-08-28 13:42:01 -07:00
Jeff Mitchell
6bc86cfee1
Use logical passthrough for renew API calls
2015-08-26 13:22:16 -07:00
Jeff Mitchell
17cbd9e1ca
If JSON decoding fails, make it clear that the problem is failing to
...
parse the JSON, rather than returning the possibly confusing error from
the JSON decoder.
Fixes #553 .
2015-08-26 07:03:33 -07:00
Jeff Mitchell
a8ef0e8a80
Remove cookie authentication.
2015-08-21 19:46:23 -07:00
Jeff Mitchell
271255b008
Send sys mounting logic directly to logical backend. Unit tests run.
2015-08-20 13:59:57 -07:00
Jeff Mitchell
15f57082e0
Begin factoring out sys paths into logical routes. Also, standardize on 307 as redirect code.
2015-08-20 13:20:35 -07:00
Caleb Tennis
4da080e769
This adds a new error class which can be used by logical backends to
...
specify more concrete error cases to make their way back up the stack.
Over time there is probably a cleaner way of doing this, but that's
looking like a more massive rewrite and this solves some issues in
the meantime.
Use a CodedError to return a more concrete HTTP return code for
operations you want to do so. Returning a regular error leaves
the existing behavior in place.
2015-08-10 13:27:25 -04:00
Nate Brown
31ab086063
Doing a little better with http response codes
2015-06-19 14:00:48 -07:00
Armon Dadgar
7964fa4d86
http: adding rekey handlers
2015-05-28 14:28:50 -07:00
Armon Dadgar
af47c72639
http: adding key-status and rotate handlers
2015-05-27 18:02:50 -07:00
Ian Unruh
63199e5af4
HTTP should return 503 when sealed
2015-05-19 00:59:19 -07:00
Mitchell Hashimoto
42d6b2a916
http: allow header for auth token [GH-124]
2015-05-11 10:56:58 -07:00
Armon Dadgar
cca4580db8
Merge pull request #29 from hashicorp/f-health
...
Adding sys/health for Consul HTTP health monitoring
2015-04-23 11:58:58 -07:00
Armon Dadgar
667a1bf2d8
http: adding sys/health endpoint
2015-04-23 11:53:31 -07:00
Mitchell Hashimoto
bfaf52c34e
http: fix redirect issues with trailing slashes
2015-04-22 07:55:40 +02:00
Armon Dadgar
f9501c4981
http: Adding sys/leader endpoint
2015-04-20 11:59:24 -07:00
Armon Dadgar
c7d521b2be
http: pass raw request through
2015-04-19 14:36:50 -07:00
Armon Dadgar
6f5b4637fb
http: support standby redirects
2015-04-19 13:47:57 -07:00
Mitchell Hashimoto
a44eb0dcd0
http: renew endpoints
2015-04-13 20:42:07 -07:00
Mitchell Hashimoto
6015a8d7c2
http: handle errors better
2015-04-08 11:19:03 -07:00
Mitchell Hashimoto
f9f7001242
http: remount
2015-04-07 10:54:58 -07:00
Mitchell Hashimoto
020af2fac2
http: help
2015-04-02 22:26:45 -07:00
Mitchell Hashimoto
6218c2729d
http: audit endpoints
2015-04-01 18:36:13 -07:00
Mitchell Hashimoto
c25b7010d9
http: all policy endpoints
2015-04-01 17:59:50 -07:00
Mitchell Hashimoto
fce856d19c
http: list policies
2015-04-01 17:43:58 -07:00
Mitchell Hashimoto
4e8efbbd48
http: respondCommon to do common responses
2015-03-31 21:29:53 -07:00
Mitchell Hashimoto
795e117867
http: detect errors in logical and return them properly
2015-03-31 21:24:20 -07:00
Mitchell Hashimoto
aba7fc1910
http: auth handlers
2015-03-31 20:24:51 -07:00
Mitchell Hashimoto
ed2cc3a769
http: revoke-prefix
2015-03-31 19:23:32 -07:00
Mitchell Hashimoto
bbaa137f4e
command/revoke: revoke
2015-03-31 19:21:02 -07:00
Mitchell Hashimoto
e9b20c7ae3
http: handle redirects and set auth cookies
2015-03-30 21:06:15 -07:00
Mitchell Hashimoto
cfce19d9a8
http: remove /sys/login
2015-03-30 20:28:52 -07:00
Mitchell Hashimoto
e46cc7cc87
http: start implementing /sys/login (incomplete)
2015-03-30 12:21:06 -07:00
Mitchell Hashimoto
4cacaf62f0
http: support auth
2015-03-29 16:14:54 -07:00
Mitchell Hashimoto
4161f7a440
http: fix mount endpoints
2015-03-16 10:51:13 -07:00
Mitchell Hashimoto
0e61d88b31
http: /v1/sys/mount DELETE
2015-03-16 10:41:08 -07:00
Mitchell Hashimoto
e3a796028e
http: /v1/sys/mount endpoint
2015-03-16 10:36:43 -07:00
Mitchell Hashimoto
850349425a
http: /sys/mounts
2015-03-15 21:18:25 -07:00
Mitchell Hashimoto
742923452b
http: generic read/write endpoint for secrets
2015-03-15 19:35:04 -07:00
Mitchell Hashimoto
d35b8eaa6f
http: init endpoints
2015-03-12 12:37:54 -07:00
Mitchell Hashimoto
352ad00e68
http: prefix with v1
2015-03-12 10:47:31 -07:00
Mitchell Hashimoto
cacb209471
http: start the API server
2015-03-11 23:05:16 -07:00