vishalnayak
0c4d5960a9
In-URL accessor for auth/token/lookup-accessor endpoint
2016-03-09 14:54:52 -05:00
vishalnayak
2528ffbc18
Restore old regex expressions for token endpoints
2016-03-09 14:08:52 -05:00
vishalnayak
f478cc57e0
fix all the broken tests
2016-03-09 13:45:36 -05:00
vishalnayak
007142262f
Provide accessor to revove-accessor in the URL itself
2016-03-09 13:08:37 -05:00
vishalnayak
3b302817e5
Added tests for lookup-accessor and revoke-accessor endpoints
2016-03-09 12:50:26 -05:00
Jeff Mitchell
2ecdde1781
Address final feedback
2016-03-09 11:59:54 -05:00
vishalnayak
c4a2c5b56e
Added tests for 'sys/capabilities-accessor' endpoint
2016-03-09 11:29:09 -05:00
Jeff Mitchell
4785bec59d
Address review feedback
2016-03-09 11:07:13 -05:00
Jeff Mitchell
2e07f45bfa
Use role's allowed policies if none are given
2016-03-09 10:42:04 -05:00
vishalnayak
926e7513d7
Added docs for /sys/capabilities-accessor
2016-03-09 09:48:32 -05:00
vishalnayak
7407c27778
Add docs for new token endpoints
2016-03-09 09:31:09 -05:00
vishalnayak
6a992272cd
New prefix for accessor indexes
2016-03-09 09:09:09 -05:00
vishalnayak
151c932875
AccessorID --> Accessor, accessor_id --> accessor
2016-03-09 06:23:31 -05:00
vishalnayak
913bbe7693
Error text corrections and minor refactoring
2016-03-08 22:27:24 -05:00
vishalnayak
62777c9f7e
ErrUserInput --> StatusBadRequest
2016-03-08 21:47:24 -05:00
vishalnayak
8117996378
Implemented /sys/capabilities-accessor and a way for setting HTTP error code in all the responses
2016-03-08 19:14:29 -05:00
vishalnayak
2737c81b39
Lay the foundation for returning proper HTTP status codes
2016-03-08 18:27:03 -05:00
vishalnayak
8c6afea1d0
Implemented /auth/token/revoke-accessor in token_store
2016-03-08 18:07:27 -05:00
vishalnayak
a7adab25bc
Implemented lookup-accessor as a token_store endpoint
2016-03-08 17:38:19 -05:00
vishalnayak
f19ee68fdb
placeholders for revoke-accessor and lookup-accessor
2016-03-08 15:13:29 -05:00
vishalnayak
a7c97fcd18
Clear the accessor index during revocation
2016-03-08 14:06:10 -05:00
vishalnayak
c0fb69a8b1
Create indexing from Accessor ID to Token ID
2016-03-08 14:06:10 -05:00
vishalnayak
301776012f
Introduced AccessorID in TokenEntry and returning it along with token
2016-03-08 14:06:10 -05:00
Vishal Nayak
be1163c64a
Merge pull request #1171 from hashicorp/capabilities-endpoint
...
Capabilities endpoint
2016-03-08 13:12:09 -05:00
Jeff Mitchell
419598ede2
Warn on error when in force revoke mode
2016-03-08 11:05:46 -05:00
vishalnayak
08c40c9bba
Introduced ErrUserInput to distinguish user error from server error
2016-03-07 22:16:09 -05:00
vishalnayak
3b463c2d4e
use errwrap to check the type of error message, fix typos
2016-03-07 18:36:26 -05:00
Jeff Mitchell
6b0f79f499
Address review feedback
2016-03-07 10:07:04 -05:00
Jeff Mitchell
cc1f5207b3
Merge branch 'master' into token-roles
2016-03-07 10:03:54 -05:00
vishalnayak
aab24113b0
test cases for capabilities endpoint
2016-03-05 00:03:55 -05:00
vishalnayak
9946a2d8b5
refactoring changes due to acl.Capabilities
2016-03-04 18:55:48 -05:00
vishalnayak
402444c002
review rework 2
2016-03-04 18:08:13 -05:00
vishalnayak
2f5e65ae24
review rework
2016-03-04 15:35:58 -05:00
vishalnayak
35e71f3ebc
Place the response nil check before resp.IsError()
2016-03-04 15:13:04 -05:00
vishalnayak
86dca39141
Fix testcase
2016-03-04 15:03:01 -05:00
vishalnayak
da9152169b
changed response of expiration manager's renewtoken to logical.response
2016-03-04 14:56:51 -05:00
vishalnayak
9217c49184
Adding acl.Capabilities to do the path matching
2016-03-04 12:04:26 -05:00
vishalnayak
7fe871e60a
Removing the 'Message' field
2016-03-04 10:36:03 -05:00
vishalnayak
b67ab8ab7c
Test files for capabilities endpoint
2016-03-04 10:36:03 -05:00
vishalnayak
816f1f8631
self review rework
2016-03-04 10:36:03 -05:00
vishalnayak
286e63a648
Handled root token use case
2016-03-04 10:36:03 -05:00
vishalnayak
5b1100a84f
remove changes from token_store.go
2016-03-04 10:36:03 -05:00
vishalnayak
abfbc74bd4
Remove capabilities changes from logical_system.go
2016-03-04 10:36:03 -05:00
vishalnayak
f1fd5247ad
Add vault/capabilities.go
2016-03-04 10:36:02 -05:00
vishalnayak
5749a6718c
Added sys/capabililties endpoint
2016-03-04 10:36:02 -05:00
Jeff Mitchell
a03ecb64ce
Merge pull request #1172 from hashicorp/sanitize-mount-paths
...
Create a unified function to sanitize mount paths.
2016-03-03 13:46:38 -05:00
Jeff Mitchell
7394f97439
Fix out-of-date comment
2016-03-03 13:37:51 -05:00
Jeff Mitchell
0d46fb4696
Create a unified function to sanitize mount paths.
...
This allows mount paths to start with '/' in addition to ensuring they
end in '/' before leaving the system backend.
2016-03-03 13:13:47 -05:00
Jeff Mitchell
3e7bca82a1
Merge pull request #1146 from hashicorp/step-down
...
Provide 'sys/step-down' and 'vault step-down'
2016-03-03 12:30:08 -05:00
Jeff Mitchell
9bf6c40974
Add default case for if the step down channel is blocked
2016-03-03 12:29:30 -05:00
Jeff Mitchell
9717ca5931
Strip leading paths in policies.
...
It appears to be a common mistake, but they won't ever match.
Fixes #1167
2016-03-03 11:32:48 -05:00
Jeff Mitchell
62f1b3f91c
Remove unneeded sleeps in test code
2016-03-03 11:09:27 -05:00
Jeff Mitchell
41dba5dd5d
Move descriptions into const block
2016-03-03 11:04:05 -05:00
Jeff Mitchell
cd86226845
Add forced revocation.
...
In some situations, it can be impossible to revoke leases (for instance,
if someone has gone and manually removed users created by Vault). This
can not only cause Vault to cycle trying to revoke them, but it also
prevents mounts from being unmounted, leaving them in a tainted state
where the only operations allowed are to revoke (or rollback), which
will never successfully complete.
This adds a new endpoint that works similarly to `revoke-prefix` but
ignores errors coming from a backend upon revocation (it does not ignore
errors coming from within the expiration manager, such as errors
accessing the data store). This can be used to force Vault to abandon
leases.
Like `revoke-prefix`, this is a very sensitive operation and requires
`sudo`. It is implemented as a separate endpoint, rather than an
argument to `revoke-prefix`, to ensure that control can be delegated
appropriately, as even most administrators should not normally have
this privilege.
Fixes #1135
2016-03-03 10:13:59 -05:00
Jeff Mitchell
9c47b8c0a7
Remove sys_policy from special handling as it's implemented in
...
logical_system too. Clean up the mux handlers.
2016-03-02 14:16:54 -05:00
Jeff Mitchell
7c5f810bc0
Address first round of feedback
2016-03-01 15:30:37 -05:00
Jeff Mitchell
8a500e0181
Add command and token store documentation for roles
2016-03-01 13:02:40 -05:00
Jeff Mitchell
54232eb980
Add other token role unit tests and some minor other changes.
2016-03-01 12:41:41 -05:00
Jeff Mitchell
df2e337e4c
Update tests to add expected role parameters
2016-03-01 12:41:40 -05:00
Jeff Mitchell
b8b59560dc
Add token role CRUD tests
2016-03-01 12:41:40 -05:00
Jeff Mitchell
ef990a3681
Initial work on token roles
2016-03-01 12:41:40 -05:00
Jeff Mitchell
b5a8e5d724
Fix commenting
2016-02-29 20:29:04 -05:00
Jeff Mitchell
6a980b88fd
Address review feedback
2016-02-28 21:51:50 -05:00
Jeff Mitchell
11ddd2290b
Provide 'sys/step-down' and 'vault step-down'
...
This endpoint causes the node it's hit to step down from active duty.
It's a noop if the node isn't active or not running in HA mode. The node
will wait one second before attempting to reacquire the lock, to give
other nodes a chance to grab it.
Fixes #1093
2016-02-26 19:43:55 -05:00
Jeff Mitchell
4c87c101f7
Fix tests
2016-02-26 16:44:35 -05:00
vishalnayak
bc4710eb06
Cert: renewal enhancements
2016-02-24 14:31:38 -05:00
Vishal Nayak
fff201014d
Merge pull request #1021 from hashicorp/vault-seal-1006
...
Sealing vault in standby mode
2016-02-03 15:22:16 -05:00
vishalnayak
eeea9710b6
Generalized the error message and updated doc
2016-02-03 15:06:18 -05:00
Jeff Mitchell
63d63e8dbc
Oops, we needed that, but for a different reason than the comment said. So put the test back but fix the comment
2016-02-03 14:05:29 -05:00
Jeff Mitchell
fd4283b430
Remove some unneeded copied logic from passthrough in cubbyhole
2016-02-03 13:57:34 -05:00
Jeff Mitchell
1394555a4d
Add listing of cubbyhole's root to the default policy.
...
This allows `vault list cubbyhole` to behave as expected rather than
requiring `vault list cubbyhole/`. It could be special cased in logic,
but it also serves as a model for the same behavior in e.g. `generic`
mounts where special casing is not possible due to unforeseen mount
paths.
2016-02-03 13:50:47 -05:00
vishalnayak
f5fbd12ac3
Test for seal on standby node
2016-02-03 12:28:01 -05:00
vishalnayak
a10888f1f1
Added comments to changes the error message
2016-02-03 11:35:47 -05:00
vishalnayak
f1facb0f9f
Throw error on sealing vault in standby mode
2016-02-03 10:58:33 -05:00
Jeff Mitchell
ff3adce39e
Make "ttl" reflect the actual TTL of the token in lookup calls.
...
Add a new value "creation_ttl" which holds the value at creation time.
Fixes #986
2016-02-01 11:16:32 -05:00
Jeff Mitchell
d3a705f17b
Make backends much more consistent:
...
1) Use the new LeaseExtend
2) Use default values controlled by mount tuning/system defaults instead
of a random hard coded value
3) Remove grace periods
2016-01-29 20:03:37 -05:00
Jeff Mitchell
dcf844027b
Show entry path in log, not internal view path
2016-01-28 12:34:49 -05:00
Jeff Mitchell
8b9fa042fe
If the path is not correct, don't fail due to existence check, fail due to unsupported path
2016-01-23 14:05:09 -05:00
Jeff Mitchell
12c00b97ef
Allow backends to see taint status.
...
This can be seen via System(). In the PKI backend, if the CA is
reconfigured but not fully (e.g. an intermediate CSR is generated but no
corresponding cert set) and there are already leases (issued certs), the
CRL is unable to be built. As a result revocation fails. But in this
case we don't actually need revocation to be successful since the CRL is
useless after unmounting. By checking taint status we know if we can
simply fast-path out of revocation with a success in this case.
Fixes #946
2016-01-22 17:01:22 -05:00
Jeff Mitchell
9cac7ccd0f
Add some commenting
2016-01-22 10:13:49 -05:00
Jeff Mitchell
3955604d3e
Address more list feedback
2016-01-22 10:07:32 -05:00
Jeff Mitchell
eb847f4e36
Error out if trying to write to a directory path
2016-01-22 10:07:32 -05:00
Jeff Mitchell
be1b4c8a46
Only allow listing on folders and enforce this. Also remove string sorting from Consul backend as it's not a requirement and other backends don't do it.
2016-01-22 10:07:32 -05:00
Jeff Mitchell
e412ac8461
Remove bare option, prevent writes ending in slash, and return an exact file match as "."
2016-01-22 10:07:32 -05:00
Jeff Mitchell
455931873a
Address some review feedback
2016-01-22 10:07:32 -05:00
Jeff Mitchell
5341cb69cc
Updates and documentation
2016-01-22 10:07:32 -05:00
Jeff Mitchell
b2bde47b01
Pull out setting the root token ID; use the new ParseUUID method in
...
go-uuid instead, and revoke if there is an error.
2016-01-19 19:44:33 -05:00
Jeff Mitchell
7a59af7d18
Fix lost code after rebase
2016-01-19 19:19:07 -05:00
Jeff Mitchell
973c888833
RootGeneration->GenerateRoot
2016-01-19 18:28:10 -05:00
Jeff Mitchell
3b994dbc7f
Add the ability to generate root tokens via unseal keys.
2016-01-19 18:28:10 -05:00
Jeff Mitchell
1ac2faa136
Implement existence check for cubbyhole
2016-01-16 19:35:11 -05:00
Jeff Mitchell
b830e29449
Use capabilities rather than policies in default policy. Also add cubbyhole to it.
2016-01-16 18:02:31 -05:00
Jeff Mitchell
9857da207c
Move rekey to its own files for cleanliness
2016-01-14 17:01:04 -05:00
Jeff Mitchell
9c5ad28632
Update deps, and adjust usage of go-uuid to match new return values
2016-01-13 13:40:08 -05:00
Jeff Mitchell
f9bbe0fb04
Use logical operations instead of strings for comparison
2016-01-12 21:16:31 -05:00
Jeff Mitchell
d949043cac
Merge pull request #914 from hashicorp/acl-rework
...
More granular ACL capabilities
2016-01-12 21:11:52 -05:00
Jeff Mitchell
4253299dfe
Store uint32s in radix
2016-01-12 17:24:01 -05:00
Jeff Mitchell
e58705b34c
Cleanup
2016-01-12 17:10:48 -05:00
Jeff Mitchell
87fba5dad0
Convert map to bitmap
2016-01-12 17:08:10 -05:00
Jeff Mitchell
da87d490eb
Add some commenting around create/update
2016-01-12 15:13:54 -05:00
Jeff Mitchell
9db22dcfad
Address some more review feedback
2016-01-12 15:09:16 -05:00
Jeff Mitchell
ce5bd64244
Clean up HelpOperation
2016-01-12 14:34:49 -05:00
Jeff Mitchell
a99787afeb
Don't allow a policy with no name, even though it is a valid slice member
2016-01-08 21:23:40 -05:00
Jeff Mitchell
f6d2271a3c
Use an array of keys so that if the same fingerprint is used none are lost when using PGP key backup
2016-01-08 14:29:23 -05:00
Jeff Mitchell
4f4ddbf017
Create more granular ACL capabilities.
...
This commit splits ACL policies into more fine-grained capabilities.
This both drastically simplifies the checking code and makes it possible
to support needed workflows that are not possible with the previous
method. It is backwards compatible; policies containing a "policy"
string are simply converted to a set of capabilities matching previous
behavior.
Fixes #724 (and others).
2016-01-08 13:05:14 -05:00
Jeff Mitchell
f3ce90164f
WriteOperation -> UpdateOperation
2016-01-08 13:03:03 -05:00
Jeff Mitchell
2412c078ac
Also convert policy store cache to 2q.
...
Ping #908
2016-01-07 09:26:08 -05:00
Jeff Mitchell
85509e7ba5
Simplify some logic and ensure that if key share backup fails, we fail
...
the operation as well.
Ping #907
2016-01-06 13:14:23 -05:00
Jeff Mitchell
a094eedce2
Add rekey nonce/backup.
2016-01-06 09:54:35 -05:00
Jeff Mitchell
d51d723c1f
Use int64 for converting time values, not int (will be float64 in JSON anyways, so no need to lose precision, plus could hit a 32-bit max in some edge cases)
2016-01-04 17:11:22 -05:00
Jeff Mitchell
e990b77d6e
Address review feedback; move storage of these values to the expiration manager
2016-01-04 16:43:07 -05:00
Jeff Mitchell
5ddd243144
Store a last renewal time in the token entry and return it upon lookup
...
of the token.
Fixes #889
2016-01-04 11:20:49 -05:00
Jeff Mitchell
df68e3bd4c
Filter out duplicate policies during token creation.
2015-12-30 15:18:30 -05:00
Jeff Mitchell
96cb7d0051
Commenting/format update
2015-12-18 10:34:54 -05:00
Jeff Mitchell
4482fdacfd
If we have not yet completed post-unseal when running in single-node
...
mode, don't advertise that we are active.
Ping #872
2015-12-17 13:48:08 -05:00
Jeff Mitchell
f2da5b639f
Migrate 'uuid' to 'go-uuid' to better fit HC naming convention
2015-12-16 12:56:20 -05:00
Jeff Mitchell
b2a0b48a2e
Add test to ensure the right backend was used with separate HA
2015-12-14 20:48:22 -05:00
Jeff Mitchell
7ce8aff906
Address review feedback
2015-12-14 17:58:30 -05:00
Jeff Mitchell
ced0835574
Allow separate HA physical backend.
...
With no separate backend specified, HA will be attempted on the normal
physical backend.
Fixes #395 .
2015-12-14 07:59:58 -05:00
Jeff Mitchell
900b3d8882
Return 400 instead of 500 if generic backend is written to without data.
...
Fixes #825
2015-12-09 10:39:22 -05:00
Jeff Mitchell
1c7157e632
Reintroduce the ability to look up obfuscated values in the audit log
...
with a new endpoint '/sys/audit-hash', which returns the given input
string hashed with the given audit backend's hash function and salt
(currently, always HMAC-SHA256 and a backend-specific salt).
In the process of adding the HTTP handler, this also removes the custom
HTTP handlers for the other audit endpoints, which were simply
forwarding to the logical system backend. This means that the various
audit functions will now redirect correctly from a standby to master.
(Tests all pass.)
Fixes #784
2015-11-18 20:26:03 -05:00
Jeff Mitchell
bece637eb7
Address feedback from review
2015-11-15 17:32:57 -05:00
Jeff Mitchell
bc4c18a1cf
Rearchitect MountTable locking and fix rollback.
...
The rollback manager was using a saved MountTable rather than the
current table, causing it to attempt to rollback unmounted mounts, and
never rollback new mounts.
In fixing this, it became clear that bad things could happen to the
mount table...the table itself could be locked, but the table pointer
(which is what the rollback manager needs) could be modified at any time
without locking. This commit therefore also returns locking to a mutex
outside the table instead of inside, and plumbs RLock/RUnlock through to
the various places that are reading the table but not holding a write
lock.
Both unit tests and race detection pass.
Fixes #771
2015-11-11 11:54:52 -05:00
Jeff Mitchell
1a45696208
Add no-default-policy flag and API parameter to allow exclusion of the
...
default policy from a token create command.
2015-11-09 17:30:50 -05:00
Jeff Mitchell
d6693129de
Create a "default" policy with sensible rules.
...
It is forced to be included with each token, but can be changed (but not
deleted).
Fixes #732
2015-11-09 15:44:09 -05:00
Jeff Mitchell
1a621b7000
Minor test fix
2015-11-09 15:37:30 -05:00
Jeff Mitchell
8673f36b34
Don't require root tokens for mount and policy endpoints.
2015-11-09 15:29:21 -05:00
Jeff Mitchell
5783f547ab
Display whether a token is an orphan on lookup.
2015-11-09 13:19:59 -05:00
Jeff Mitchell
7aa3faa626
Rename core's 'policy' to 'policyStore' for clarification
2015-11-06 12:07:42 -05:00
Jeff Mitchell
7d8371c4a3
Remove warning about nonexistent root policy by using GetPolicy instead
...
of the listing function.
2015-11-06 11:36:40 -05:00
Jeff Mitchell
395d6bead4
Fix removing secondary index from exp manager.
...
Due to a typo, revoking ensures that index entries are created rather
than removed. This adds a failing, then fixed test case (and helper
function) to ensure that index entries are properly removed on revoke.
Fixes #749
2015-11-04 10:50:31 -05:00
Jeff Mitchell
6ccded7a2f
Add ability to create orphan tokens from the API
2015-11-03 15:12:21 -05:00
Jeff Mitchell
a9db12670a
errwrap -> go-multierror + errwrap
2015-11-02 13:29:33 -05:00
Jeff Mitchell
7e9918ec8e
Run preSeal if postUnseal fails.
...
This also ensures that every error path out of postUnseal returns an
error.
Fixes #733
2015-11-02 13:29:33 -05:00
Jeff Mitchell
1899bd8ef0
Merge pull request #730 from hashicorp/issue-713
...
Write HMAC-SHA256'd client token to audited requests
2015-10-30 13:36:22 -04:00
Jeff Mitchell
94b7be702b
Return data on a token with one use left if there is no Lease ID
...
Fixes #615
2015-10-30 12:35:42 -04:00
Jeff Mitchell
636d57a026
Make the token store's Create and RootToken functions non-exported.
...
Nothing requires them to be exported, and I don't want anything in the
future to think it's okay to simply create a root token when it likes.
2015-10-30 10:59:26 -04:00
Jeff Mitchell
cf4b88c196
Write HMAC-SHA256'd client token to audited requests
...
Fixes #713
2015-10-29 13:26:18 -04:00
Jeff Mitchell
85d4dd6a1d
Check TTL provided to generic backend on write
...
If existing entries have unparseable TTLs, return the value plus a
warning, rather than an error.
Fixes #718
2015-10-29 11:05:21 -04:00
Jeff Mitchell
c1d8b97342
Add reset support to the unseal command.
...
Reset clears the provided unseal keys, allowing the process to be begun
again. Includes documentation and unit test changes.
Fixes #695
2015-10-28 15:59:39 -04:00
Levi Gross
fffcfc668b
Fixed comment spelling mistake and removed unnecessary variable allocation
2015-10-15 14:51:30 -04:00
Jeff Mitchell
78b5fcdf51
Serialize changing the state of the expiration manager pointer and
...
calling emitMetrics from its own goroutine.
Fixes #694
2015-10-12 16:33:54 -04:00
Jeff Mitchell
ed6ce1c53e
Fix a logic bug around setting both a mount default and max at the same time. Ping #688 .
2015-10-12 14:57:43 -04:00
Jeff Mitchell
a9155ef85e
Use split-out hashicorp/uuid
2015-10-12 14:07:12 -04:00
Jeff Mitchell
5fbaa0e64d
Apply mount-tune properties to the token authentication backend.
...
Fixes #688 .
2015-10-09 20:26:39 -04:00
Jeff Mitchell
e02517ae42
Rename tune functions
2015-10-09 20:00:17 -04:00
Jeff Mitchell
b5d674d94e
Add 301 redirect checking to the API client.
...
Vault doesn't generate these, but in some cases Go's internal HTTP
handler does. For instance, during a mount-tune command, finishing the
mount path with / (as in secret/) would cause the final URL path to
contain .../mounts/secret//tune. The double slash would trigger this
behavior in Go's handler and generate a 301. Since Vault generates 307s,
this would cause the client to think that everything was okay when in
fact nothing had happened.
2015-10-09 17:11:31 -04:00
Jeff Mitchell
bd1dce7f95
Address review feedback for #684
2015-10-08 14:34:10 -04:00
Jeff Mitchell
d58a3b601c
Add a cleanLeaderPrefix function to clean up stale leader entries in core/leader
...
Fixes #679 .
2015-10-08 14:04:58 -04:00
Jeff Mitchell
d740fd4a6a
Add the ability for warnings to be added to responses. These are
...
marshalled into JSON or displayed from the CLI depending on the output
mode. This allows conferring information such as "no such policy exists"
when creating a token -- not an error, but something the user should be
aware of.
Fixes #676
2015-10-07 16:18:39 -04:00
Jeff Mitchell
50b9129e65
Normalize policy names to lowercase on write. They are not currently
...
normalized when reading or deleting, for backwards compatibility.
Ping #676 .
2015-10-07 13:52:21 -04:00
Jeff Mitchell
4a52de13e3
Add renew-self endpoint.
...
Fixes #455 .
2015-10-07 12:49:13 -04:00
Jeff Mitchell
3c914f7fa8
Add revocation/renewal functions in all cases in the generic backend.
...
Fixes #673 .
2015-10-07 11:42:23 -04:00
Jeff Mitchell
21644751ed
Fix the key rotation upgrade check error message
2015-10-05 18:23:32 -04:00
vishalnayak
145aee229e
Merge branch 'master' of https://github.com/hashicorp/vault
2015-10-03 00:07:34 -04:00
Jeff Mitchell
8f27c250d6
Fix problematic logging statements.
...
Fixes #665 .
2015-10-02 18:31:46 -07:00
vishalnayak
3dd84446ab
Github backend: enable auth renewals
2015-10-02 13:33:19 -04:00
Jeff Mitchell
ca50012017
Format token lease/TTL as int in JSON API when looking up
2015-09-27 22:36:36 -04:00
Jesse Szwedko
6ef455af89
Fix warnings returned by make vet
...
$GOPATH/src/github.com/hashicorp/vault/vault/policy.go:69: unreachable code
$GOPATH/src/github.com/hashicorp/vault/vault/policy_store_test.go:139: github.com/hashicorp/vault/logical.StorageEntry composite literal uses unkeyed fields
2015-09-26 21:17:39 -07:00
Jeff Mitchell
62ac518ae7
Switch per-mount values to strings going in and seconds coming out, like other commands. Indicate deprecation of 'lease' in the token backend.
2015-09-25 10:41:21 -04:00
Jeff Mitchell
c694c7d31d
Fix situation where a new required singleton backend would not be activated upon upgrade.
2015-09-21 17:54:36 -04:00
Jeff Mitchell
81e535dc2d
Minor updates to passthrough and additional tests
2015-09-21 16:57:41 -04:00
Jeff Mitchell
47e8c0070a
Don't use leases on the generic backend...with a caveat.
...
You can now turn on and off the lease behavior in the generic backend by
using one of two factories. Core uses the normal one if it's not already
set, so unit tests can use the custom one and all stay working.
This also adds logic into core to check, when the response is coming
from a generic backend, whether that backend has leases enabled. This
adds some slight overhead.
2015-09-21 16:37:37 -04:00
Vishal Nayak
d526c8ce1c
Merge pull request #629 from hashicorp/token-create-sudo
...
TokenStore: Provide access based on sudo permissions and not policy name
2015-09-21 10:12:29 -04:00
vishalnayak
1a01ab3608
Take ClientToken instead of Policies
2015-09-21 10:04:03 -04:00
Jeff Mitchell
ab7d35b95e
Fix up per-backend timing logic; also fix error in TypeDurationSecond in
...
GetOkErr.
2015-09-21 09:55:03 -04:00
vishalnayak
3b51ee1c48
Using core's logger
2015-09-19 19:01:36 -04:00
vishalnayak
02485e7175
Abstraced SudoPrivilege to take list of policies
2015-09-19 18:23:44 -04:00
vishalnayak
a2799b235e
Using acl.RootPrivilege and rewrote mockTokenStore
2015-09-19 17:53:24 -04:00
Jeff Mitchell
c5ddfbc391
Bump AESGCM version; include path in the GCM tags.
2015-09-19 17:04:37 -04:00
vishalnayak
b6d47dd784
fix broken tests
2015-09-19 12:33:52 -04:00
Jeff Mitchell
68c268a6f0
Allow tuning of auth mounts, to set per-mount default/max lease times
2015-09-19 11:50:50 -04:00
Jeff Mitchell
c8a0eda224
Use hmac-sha256 for protecting secrets in audit entries
2015-09-19 11:29:31 -04:00
vishalnayak
fb77ec3623
TokenStore: Provide access based on sudo permissions and not policy name
2015-09-19 11:14:51 -04:00
Jeff Mitchell
5dde76fa1c
Expand HMAC support in Salt; require an identifier be passed in to specify type but allow generation with and without. Add a StaticSalt ID for testing functions. Fix bugs; unit tests pass.
2015-09-18 17:38:30 -04:00
Jeff Mitchell
b655f6b858
Add HMAC capability to salt. Pass a salt into audit backends. Require it for audit.Hash.
2015-09-18 17:38:22 -04:00
Jeff Mitchell
d775445efe
Store token creation time and TTL. This can be used to properly populate
...
fields in 'lookup-self'. Importantly, this also makes credential
backends use the SystemView per-backend TTL values and fixes unit tests
to expect this.
Fully fixes #527
2015-09-18 16:39:35 -04:00
Jeff Mitchell
8f79e8be82
Add revoke-self endpoint.
...
Fixes #620 .
2015-09-17 13:22:30 -04:00
Jeff Mitchell
047ba90a44
Restrict orphan revocation to root tokens
2015-09-16 09:22:15 -04:00
Jeff Mitchell
e7d5a18e94
Directly pass the cubbyhole backend to the token store and bypass logic in router
2015-09-15 13:50:37 -04:00
Jeff Mitchell
849b78daee
Move more cubby logic outside of router into auth setup
2015-09-15 13:50:37 -04:00
Jeff Mitchell
bdb8cf128d
Cleanup; remove everything but double-salting from the router and give
...
the token store cubby backend information for direct calling.
2015-09-15 13:50:37 -04:00
Jeff Mitchell
b50f7ec1b5
Remove noop checks in unmount/remount and restore previous behavior
2015-09-15 13:50:37 -04:00
Jeff Mitchell
77e7379ab5
Implement the cubbyhole backend
...
In order to implement this efficiently, I have introduced the concept of
"singleton" backends -- currently, 'sys' and 'cubbyhole'. There isn't
much reason to allow sys to be mounted at multiple places, and there
isn't much reason you'd need multiple per-token storage areas. By
restricting it to just one, I can store that particular mount instead of
iterating through them in order to call the appropriate revoke function.
Additionally, because revocation on the backend needs to be triggered by
the token store, the token store's salt is kept in the router and
client tokens going to the cubbyhole backend are double-salted by the
router. This allows the token store to drive when revocation happens
using its salted tokens.
2015-09-15 13:50:37 -04:00
Jeff Mitchell
104b29ab04
Rename View to StorageView to make it more distinct from SystemView
2015-09-15 13:50:37 -04:00
Jeff Mitchell
699e12a1c6
When there is one use left and a Secret is being returned, instead
...
return a descriptive error indicating that the Secret cannot be returned
because when the token was revoked the secret was too. This prevents
confusion where credentials come back but cannot be used.
Fixes #615
2015-09-14 11:07:27 -04:00
vishalnayak
142cb563a6
Improve documentation of token renewal
2015-09-11 21:08:32 -04:00
Lassi Pölönen
d3aec0ba31
Cleanup routines should now use routeEntry instead of mountEntry.
2015-09-11 13:40:31 +03:00
Lassi Pölönen
fb07cf9f53
Implement clean up routine to backend as some backends may require
...
e.g closing database connections on unmount to avoud connection
stacking.
2015-09-11 11:45:58 +03:00
Jeff Mitchell
39cfcccdac
Remove error returns from sysview TTL calls
2015-09-10 15:09:54 -04:00
Jeff Mitchell
65ceb3439d
Be consistent as both are the same pointer here
2015-09-10 15:09:54 -04:00
Jeff Mitchell
5de736e69c
Implement shallow cloning to allow MountEntry pointers to stay consistent when spread across router/core/system views
2015-09-10 15:09:54 -04:00
Jeff Mitchell
ace611d56d
Address items from feedback. Make MountConfig use values rather than
...
pointers and change how config is read to compensate.
2015-09-10 15:09:54 -04:00
Jeff Mitchell
c460ff10ca
Push a lot of logic into Router to make a bunch of it nicer and enable a
...
lot of cleanup. Plumb config and calls to framework.Backend.Setup() into
logical_system and elsewhere, including tests.
2015-09-10 15:09:54 -04:00
Jeff Mitchell
eff1c331ad
Add more unit tests against backend TTLs, and fix two bugs found by them
...
(yay unit tests!)
2015-09-10 15:09:54 -04:00
Jeff Mitchell
86ccae7bd5
Fix mount config test by proxying mounts/ in addition to mounts
2015-09-10 15:09:54 -04:00
Jeff Mitchell
775dfe38a2
A couple bug fixes + most unit tests
2015-09-10 15:09:54 -04:00
Jeff Mitchell
488d33c70a
Rejig how dynamic values are represented in system view and location of some functions in various packages; create mount-tune command and API analogues; update documentation
2015-09-10 15:09:54 -04:00
Jeff Mitchell
4239f9d243
Add DynamicSystemView. This uses a pointer to a pointer to always have
...
up-to-date information. This allows remount to be implemented with the
same source and dest, allowing mount options to be changed on the fly.
If/when Vault gains the ability to HUP its configuration, this should
just work for the global values as well.
Need specific unit tests for this functionality.
2015-09-10 15:09:54 -04:00
Jeff Mitchell
d435048d9e
Switch StaticSystemView values to pointers, to support updating
2015-09-10 15:09:54 -04:00
Jeff Mitchell
696d0c7b1d
Plumb per-mount config options through API
2015-09-10 15:09:53 -04:00
Jeff Mitchell
893d2d9b00
Minor cleanup of MountConfig
2015-09-10 15:09:53 -04:00
Jeff Mitchell
17c60d3e78
Add logic to core to fetch a SystemView for a given mount entry and use those values for default/max TTL. The SystemView will reflect system defaults if not set for that mount.
2015-09-10 15:09:53 -04:00
Jeff Mitchell
98d0d23d70
Ensure token store is available when looking up token
2015-09-01 08:21:47 -04:00
Jeff Mitchell
b74fa8c888
Make DefaultSystemView StaticSystemView with statically-configured information. Export this from Framework to make it easy to override for testing.
2015-08-27 11:25:07 -07:00
Jeff Mitchell
7c2bbe4c7f
Use a SystemView interface and turn SystemConfig into DefaultSystemView
2015-08-27 10:36:44 -07:00
Jeff Mitchell
e58553e7d5
Plumb the system configuration information up into framework
2015-08-27 09:41:03 -07:00
Jeff Mitchell
992e357d07
Add some plumbing to allow specified system configuration information to
...
be retrieved by logical backends. First implemented is default/max TTL.
2015-08-27 08:51:35 -07:00
Jeff Mitchell
3f45f3f41b
Rename config lease_duration parameters to lease_ttl in line with current standardization efforts
2015-08-27 07:50:24 -07:00
Jeff Mitchell
cc232e6f79
Address comments from review.
2015-08-25 15:33:58 -07:00
Jeff Mitchell
c887df93cc
Add support for pgp-keys argument to rekey, as well as tests, plus
...
refactor common bits out of init.
2015-08-25 14:52:13 -07:00
Jeff Mitchell
f57e7892e7
Don't store the given public keys in the seal config
2015-08-25 14:52:13 -07:00
Jeff Mitchell
2f3e245b0b
Add support for "pgp-tokens" parameters to init.
...
There are thorough unit tests that read the returned
encrypted tokens, seal the vault, and unseal it
again to ensure all works as expected.
2015-08-25 14:52:13 -07:00
Jeff Mitchell
ea9fbb90bc
Rejig Lease terminology internally; also, put a few JSON names back to their original values
2015-08-20 22:27:01 -07:00
Jeff Mitchell
93ef9a54bd
Internally refactor Lease/LeaseGracePeriod into TTL/GracePeriod
2015-08-20 18:00:51 -07:00
Jeff Mitchell
0fa783f850
Update help text for TTL values in generic backend
2015-08-20 17:59:30 -07:00
Jeff Mitchell
b57ce8e5c2
Change "lease" parameter in the generic backend to be "ttl" to reduce confusion. "lease" is now deprecated but will remain valid until 0.4.
...
Fixes #528 .
2015-08-20 16:41:25 -07:00
Jeff Mitchell
15f57082e0
Begin factoring out sys paths into logical routes. Also, standardize on 307 as redirect code.
2015-08-20 13:20:35 -07:00
Jeff Mitchell
46d06144a8
Merge pull request #552 from hashicorp/fix-uselimit-decrement
...
Fix #461 properly by defering potential revocation of a token until a…
2015-08-20 10:39:24 -07:00
Jeff Mitchell
db79dd8c22
Don't defer revocation when sealing, and clear out response/auth if there is a token use error
2015-08-20 10:37:42 -07:00
Jeff Mitchell
0e8e3660ff
Fix #461 properly by defering potential revocation of a token until after the request is fully handled.
2015-08-20 10:14:13 -07:00
vishalnayak
1f5062a6e1
Merge branch 'master' of https://github.com/hashicorp/vault into vishalvault
2015-08-19 12:16:37 -07:00
Jeff Mitchell
fe8c1c514d
Add -no-verify option to CLI auth command, to avoid decrementing the token use count during auth.
2015-08-18 19:22:17 -07:00
vishalnayak
9324db7979
Vault SSH: verify echo test
2015-08-18 16:48:50 -07:00
Caleb Tennis
688df0be6d
See if this clears build error
2015-08-13 13:17:09 -04:00
vishalnayak
93dfa67039
Merging changes from master
2015-08-12 09:28:16 -07:00
Caleb Tennis
323b49f03d
Fix #392 by giving a more specific error
2015-08-11 20:18:52 -04:00
Caleb Tennis
4da080e769
This adds a new error class which can be used by logical backends to
...
specify more concrete error cases to make their way back up the stack.
Over time there is probably a cleaner way of doing this, but that's
looking like a more massive rewrite and this solves some issues in
the meantime.
Use a CodedError to return a more concrete HTTP return code for
operations you want to do so. Returning a regular error leaves
the existing behavior in place.
2015-08-10 13:27:25 -04:00
vishalnayak
e5080a7f32
Merging with master
2015-08-06 18:44:40 -04:00
Karl Gutwin
151ec72d00
Add configuration options for default lease duration and max lease duration.
2015-07-30 09:42:49 -04:00
Vishal Nayak
27e66e175f
Merge branch 'master' of https://github.com/hashicorp/vault into vishalvault
2015-07-17 17:22:17 -04:00
Armon Dadgar
ef770e371a
vault: guard against potentially missing keyring
2015-07-13 18:18:22 +10:00
Vishal Nayak
ed258f80c6
Vault SSH: Refactoring and fixes
2015-07-10 18:44:31 -06:00
Vishal Nayak
89a0e37a89
Vault SSH: Backend and CLI testing
2015-07-10 16:18:02 -06:00
Vishal Nayak
2901890df2
Merge branch 'master' of https://github.com/hashicorp/vault into vishalvault
2015-07-10 09:56:21 -06:00
Vishal Nayak
3c7dd8611c
Vault SSH: Test case skeleton
2015-07-10 09:56:14 -06:00
Armon Dadgar
7ecd8f05d1
nomad: fixing issue with keyring upgrade
2015-07-07 16:02:49 -06:00
Armon Dadgar
03be7a5999
vault: upgrade old policies with implicit glob
2015-07-05 19:14:15 -06:00
Armon Dadgar
3d2fa8818e
vault: adding another ACL test
2015-07-05 17:34:34 -06:00
Armon Dadgar
dc8cc308af
vault: fixing test with glob change
2015-07-05 17:31:41 -06:00
Armon Dadgar
05b3fa836e
vault: Handle exact vs glob match, deny has highest precedence
2015-07-05 17:31:30 -06:00
Armon Dadgar
eda88c18ff
vault: Adding precedence logic for conflicting policy
2015-07-05 17:30:19 -06:00
Armon Dadgar
27d01270c8
vault: look for glob character in policy
2015-07-05 14:58:38 -07:00
Armon Dadgar
541014e315
logical: remove SetLogger method
2015-06-30 17:39:39 -07:00
Armon Dadgar
41b72a4d39
vault: provide view to backend initializer for setup
2015-06-30 17:30:43 -07:00
Armon Dadgar
579c1433a2
vault: use helper/salt library to share code
2015-06-30 14:08:21 -07:00
Armon Dadgar
8bc99f8c23
helper/uuid: single generateUUID definition
2015-06-30 12:38:32 -07:00
Armon Dadgar
3bc388f30d
Merge pull request #366 from nbrownus/http_responses
...
Better http responses
2015-06-29 15:31:45 -07:00
Armon Dadgar
496ebe561c
vault: cleanups for the audit log changes
2015-06-29 15:27:28 -07:00
Armon Dadgar
add8e1a3fd
Fixing merge conflict
2015-06-29 15:19:04 -07:00
Armon Dadgar
deeb611ab2
vault: handle a panic while generating audit output
2015-06-29 15:11:35 -07:00
Nate Brown
a0be7af858
Fixing key-status if audit logging is on
2015-06-24 10:57:05 -07:00
Nate Brown
94e89537a1
Fixing tests
2015-06-19 14:04:32 -07:00
Nate Brown
31ab086063
Doing a little better with http response codes
2015-06-19 14:00:48 -07:00
Nate Brown
91611a32c9
Fixing tests
2015-06-18 20:14:20 -07:00
Nate Brown
b667ef4c71
Collapsing audit response logging to a single point
2015-06-18 19:48:26 -07:00
Nate Brown
4ec685dc1a
Logging authentication errors and bad token usage
2015-06-18 18:30:18 -07:00
Nate Brown
c55f103c58
Adding error and remote_address to audit log lines
2015-06-18 17:17:18 -07:00
Armon Dadgar
e2b0f5dae8
vault: improve lease error message. Fixes #338
2015-06-18 15:37:08 -07:00
Armon Dadgar
dbf6cf6e6d
vault: support core shutdown
2015-06-17 18:23:59 -07:00
Armon Dadgar
ffeb6ea76c
vault: allow increment to be duration string. Fixes #340
2015-06-17 15:58:20 -07:00
Armon Dadgar
5c75a6c5c7
vault: ensure token renew does not double register
2015-06-17 15:22:50 -07:00
Armon Dadgar
ae421f75b7
vault: fixing issues with token renewal
2015-06-17 14:28:13 -07:00
Armon Dadgar
a0cf8f1793
vault: attempt to resolve #303
2015-06-02 22:55:18 +02:00
Armon Dadgar
0f933df76e
vault: fixing a typo
2015-06-02 16:04:05 +02:00
Armon Dadgar
daffef08db
vault: reload master key before keyring
2015-05-29 14:30:03 -07:00
Armon Dadgar
f6729b29f8
vault: adding ability to reload master key
2015-05-29 14:29:55 -07:00
Armon Dadgar
716f8d9979
core: adding tests for HA rekey and rotate
2015-05-29 12:16:34 -07:00
Armon Dadgar
4f5fde039f
vault: all rekey commands should fail as standby
2015-05-29 11:52:37 -07:00
Armon Dadgar
5aaad32af8
vault: ensure upgrades are cleaned up
2015-05-28 16:52:06 -07:00
Armon Dadgar
db0afc9ebe
vault: move upgrade logic out of core
2015-05-28 16:43:44 -07:00
Armon Dadgar
4eb5c63a5d
vault: create upgrade path in HA mode
2015-05-28 16:43:15 -07:00
Armon Dadgar
67ed0a3c16
vault: moving upgrade path into barrier
2015-05-28 16:42:32 -07:00
Armon Dadgar
82ef0b1ac7
vault: handle read of key upgrades
2015-05-28 16:11:31 -07:00
Armon Dadgar
796ae59a89
vault: support keyring reload
2015-05-28 16:09:15 -07:00
Armon Dadgar
2e86fa62d5
vault: adding barrier AddKey
2015-05-28 15:52:26 -07:00
Armon Dadgar
c095861a02
keyring: Add key serialization
2015-05-28 15:49:52 -07:00
Armon Dadgar
c60970e743
vault: prevent rekey on standby
2015-05-28 15:26:35 -07:00
Armon Dadgar
01e890653c
vault: more logging
2015-05-28 14:15:06 -07:00
Armon Dadgar
0877160754
vault: minor rekey cleanups
2015-05-28 12:07:52 -07:00
Armon Dadgar
c5352d14a4
vault: testing rekey
2015-05-28 12:02:30 -07:00
Armon Dadgar
361c722c5c
vault: first pass at rekey
2015-05-28 11:40:01 -07:00
Armon Dadgar
5aed043ea5
vault: ensure master key is copied to avoid memzero issues
2015-05-28 11:38:59 -07:00
Armon Dadgar
4e3f0cddcf
vault: Adding VerifyMaster to Barrier
2015-05-28 11:28:33 -07:00
Armon Dadgar
9f399eb9ff
vault: prevent raw access to protected paths
2015-05-28 10:24:41 -07:00
Armon Dadgar
1a4256c20c
vault: more logging around rotate
2015-05-27 17:56:55 -07:00
Armon Dadgar
d0b93a6164
vault: adding sys/key-status and sys/rotate
2015-05-27 17:53:42 -07:00
Armon Dadgar
26cff2f42f
vault: expose information about keys
2015-05-27 17:25:36 -07:00
Armon Dadgar
3e717907cd
vault: testing barrier rekey
2015-05-27 17:17:03 -07:00
Armon Dadgar
b93feb8a6b
vault: first pass at rekey
2015-05-27 17:13:40 -07:00
Armon Dadgar
9e39fec4a5
vault: testing key rotation
2015-05-27 17:10:08 -07:00
Armon Dadgar
ead96e8c99
vault: first pass at key rotation
2015-05-27 17:05:02 -07:00
Armon Dadgar
3d800fe7be
vault: keyring api changes
2015-05-27 17:04:46 -07:00
Armon Dadgar
490bece0a0
vault: make keyring immutable
2015-05-27 16:58:55 -07:00
Armon Dadgar
28560a612f
vault: test for backwards compatability
2015-05-27 16:42:42 -07:00
Armon Dadgar
e8e9103300
vault: share keyring persistence code
2015-05-27 16:29:59 -07:00
Armon Dadgar
0e9136d14c
vault: first pass at keyring integration
2015-05-27 16:01:25 -07:00
Armon Dadgar
50dc6a471e
vault: adding path for keyring
2015-05-27 15:23:43 -07:00
Armon Dadgar
8c2a767f4f
vault: Adding version to key entry
2015-05-27 15:23:31 -07:00
Armon Dadgar
1903518202
vault: Ensure we always set a key InstallTime
2015-05-27 14:37:40 -07:00
Armon Dadgar
ef2f71e17f
vault: Adding InstallTime to key in keyring
2015-05-27 14:37:40 -07:00
Armon Dadgar
57c763a3fa
vault: Adding keyring
2015-05-27 14:37:40 -07:00
Armon Dadgar
70b3b37ffb
vault: rename key epoch to term for clarity
2015-05-27 14:37:39 -07:00
Armon Dadgar
daa5b9c1b5
vault: physical -> storage for clarity
2015-05-27 14:33:58 -07:00
Armon Dadgar
8ee5aebb3c
vault: testing raw responses
2015-05-27 14:19:12 -07:00
Armon Dadgar
ba7bfed1af
vault: Expose MountPoint to secret backend. Fixes #248
2015-05-27 11:46:42 -07:00
Armon Dadgar
d15eed47ad
vault: reproducing GH-203
2015-05-15 17:48:03 -07:00
Armon Dadgar
3bcd32228d
vault: lease renewal should not create new lease entry
2015-05-15 17:47:39 -07:00
Armon Dadgar
18795a4b26
vault: Adding test based on bug report
2015-05-15 17:19:41 -07:00
Armon Dadgar
0b84e86483
vault: Adding more logging
2015-05-15 17:19:32 -07:00
Armon Dadgar
8f4ddfd904
vault: adding test for e33a904
2015-05-11 11:16:21 -07:00
Armon Dadgar
843d9e6484
vault: verify login endpoint never returns a secret
2015-05-09 11:51:58 -07:00
Armon Dadgar
13ab31f4b5
vault: ensure InternalData is never returned from the core
2015-05-09 11:47:46 -07:00
Armon Dadgar
c849aba53a
vault: Adding InternalData to Auth
2015-05-09 11:39:54 -07:00
Armon Dadgar
c7496772d4
vault: defer barrier initialization until as late as possible
2015-05-08 11:06:39 -07:00
Armon Dadgar
a6eef6bba3
vault: Guard against an invalid seal config
2015-05-08 11:05:31 -07:00
Armon Dadgar
3500535db3
vault: fix detection of missing trailing slash. Fixes #157
2015-05-07 12:18:50 -07:00
Mitchell Hashimoto
727e0e90cd
vault: validate advertise addr is valid URL [GH-106]
2015-05-02 13:28:33 -07:00
Seth Vargo
c3a793ccdf
Lowercase again
2015-04-30 14:27:32 -04:00
Aaron Bedra
57a7a41a42
Add test that ensure keylength check is working
...
Not likely to fail, but if it did would result in complete failure, so
probably good to have a test for it.
2015-04-30 13:12:47 -05:00
Seth Vargo
2de4965598
Use lowercase
2015-04-30 13:37:47 -04:00
Aaron Bedra
ea0c41aa81
Add test to verify unique encrypted values
...
It wasn't immediately clear that the proper random seeding was taking
place. This ensures that the same plaintext encrypted twice does not
result in the same ciphertext. It will also be a good test to keep
around incase of future regressions.
2015-04-30 12:15:41 -05:00
Seth Vargo
f17d65507f
Use UTC in tests
2015-04-28 22:18:00 -04:00
Seth Vargo
95c8001388
Disable mlock in tests
2015-04-28 22:18:00 -04:00
Mitchell Hashimoto
eef1a10e8e
vault: fix more test race conditions
2015-04-28 19:17:45 -07:00
Mitchell Hashimoto
e80111502b
vault: way more verbose error if mlock fails [GH-59]
2015-04-28 18:56:16 -07:00
Mitchell Hashimoto
b5f8f3b05a
vault: add helper/mlock for doing mlock
2015-04-28 14:59:43 -07:00
Mitchell Hashimoto
2e55c3de68
vault: ability to toggle mlock on core
2015-04-27 16:40:14 -07:00
Armon Dadgar
a2bd832519
vault: token create should return various metadata for logging
2015-04-25 20:21:35 -07:00
Armon Dadgar
f1d8730c46
vault: restrict mlockall to just linux for now. Fixes #31
2015-04-23 16:10:50 -07:00
Armon Dadgar
2f0995d650
vault: Swap the HAEnabled check with the sealed check
2015-04-20 12:19:09 -07:00
Armon Dadgar
c5f914cb34
vault: Lock memory when possible
2015-04-19 13:42:47 -07:00
Armon Dadgar
a03268bc32
vault: Adding an epoch prefix to keys to support eventual online key rotation
2015-04-17 16:51:13 -07:00
Armon Dadgar
4473abd6ce
vault: core enforcement of limited use tokens
2015-04-17 11:57:56 -07:00
Armon Dadgar
538c795f9b
vault: Adding method to consume a limited use token
2015-04-17 11:51:04 -07:00
Armon Dadgar
fd3948d476
vault: Tokens can have a use count specified
2015-04-17 11:34:25 -07:00
Armon Dadgar
b65e1b3e22
vault: using a constant to make @mitchellh feel better
2015-04-15 17:19:59 -07:00
Aaron Bedra
95c37c1c4d
Clarify Barrier encryption defaults.
...
Declare the defaults in the comments to be what they are now (256 bit
key and default golang NONCE value). Make the key error message more
precise since. It isn't between 16 and 32, it is 16 OR 32.
2015-04-15 18:24:23 -05:00
Armon Dadgar
818ce0a045
vault: token store allows specifying display_name
2015-04-15 14:24:07 -07:00
Armon Dadgar
76b69b2514
vault: thread the display name through
2015-04-15 14:12:34 -07:00
Armon Dadgar
e6fd2f2ce5
vault: Default key size to 256bit.
2015-04-15 13:33:47 -07:00
Armon Dadgar
3ee434a783
vault: Allow AES key to be up to 256 bits. Fixes #7
2015-04-15 13:33:47 -07:00
Armon Dadgar
9f7143cf44
vault: expose the current leader
2015-04-14 16:53:40 -07:00
Armon Dadgar
445f64eb39
vault: leader should advertise address
2015-04-14 16:44:48 -07:00
Armon Dadgar
ec8a41d2d2
vault: rename internal variable
2015-04-14 16:11:39 -07:00
Armon Dadgar
7579cf76ab
vault: testing standby mode
2015-04-14 16:08:14 -07:00
Armon Dadgar
2820bec479
vault: testing standby mode
2015-04-14 16:06:58 -07:00
Armon Dadgar
a0e1b90b81
vault: reject operation if standby
2015-04-14 14:09:11 -07:00
Armon Dadgar
d7102e2661
vault: first pass at HA standby mode
2015-04-14 14:06:15 -07:00
Armon Dadgar
0be49a97b7
vault: stopExpiration should be idempotent
2015-04-14 13:32:56 -07:00
Armon Dadgar
255e0fbda4
vault: enable physical cache in core
2015-04-14 11:08:04 -07:00
Mitchell Hashimoto
0f15aef9bb
vault: fix tests
2015-04-13 20:42:07 -07:00
Mitchell Hashimoto
a44eb0dcd0
http: renew endpoints
2015-04-13 20:42:07 -07:00
Mitchell Hashimoto
209b275bfd
logical/framework: allow max session time
2015-04-11 16:41:08 -07:00
Mitchell Hashimoto
33d66f0130
vault: token store allows unlimited renew
2015-04-11 16:28:16 -07:00
Mitchell Hashimoto
a360ca4928
logical/framework: AuthRenew callback, add LeaseExtend
...
/cc @armon - Going with this "standard library" of callbacks approach
to make extending leases in a customizable way easy. See the docs/tests
above.
2015-04-11 14:46:09 -07:00
Mitchell Hashimoto
5eff7f1b57
vault: upper bound on test
2015-04-10 21:22:17 -07:00
Mitchell Hashimoto
992028e23e
vault: the expiration time should be relative to the issue time
2015-04-10 21:21:06 -07:00
Armon Dadgar
f2c0f79435
vault: Split SecurityBarrier interface to BarrierStorage
2015-04-10 16:43:35 -07:00
Armon Dadgar
a6d974c74e
vault: revoking a token should revoke all secrets it has generated
2015-04-10 15:12:04 -07:00
Armon Dadgar
c22d18a5be
vault: re-use revokeSalted to share logic
2015-04-10 15:06:54 -07:00
Armon Dadgar
1e2863e2b8
vault: remove unused RevokeAll method
2015-04-10 14:59:49 -07:00
Armon Dadgar
b10fbc4d83
vault: Adding token based revocation
2015-04-10 14:48:08 -07:00
Armon Dadgar
98679ee7b8
vault: Split expiration manager views to index by token
2015-04-10 14:21:23 -07:00
Armon Dadgar
39c51ede2e
vault: testing renewAuthEntry
2015-04-10 14:07:06 -07:00
Armon Dadgar
13836e8612
vault: groundwork to allow auth renew
2015-04-10 13:59:49 -07:00
Armon Dadgar
e7fe48c33f
vault: refactor expiration timer management
2015-04-09 12:39:12 -07:00
Armon Dadgar
5a3ab973e6
vault: Simplify common lease logic
2015-04-09 12:29:13 -07:00
Armon Dadgar
4679febdf3
logical: Refactor LeaseOptions to share between Secret and Auth
2015-04-09 12:14:04 -07:00
Armon Dadgar
7df486482b
vault: Adding LeaseIssue for renew to allow limiting maximum lease length
2015-04-09 11:54:32 -07:00
Mitchell Hashimoto
9a034c4ab8
vault: lookup-self should allow unauthenticated requests
2015-04-08 22:09:47 -07:00
Armon Dadgar
8ebc29d1b9
vault: audit broker profiles each backend
2015-04-08 17:09:36 -07:00
Armon Dadgar
e25886859e
vault: router generates metrics per operation
2015-04-08 17:09:10 -07:00
Armon Dadgar
82c5d9c478
vault: Enforce non-renewability
2015-04-08 17:03:46 -07:00
Armon Dadgar
512b3d7afd
vault: Adding metrics profiling
2015-04-08 16:43:17 -07:00
Armon Dadgar
429ad7e5cb
vault: Handle auth entry without lease
2015-04-08 15:43:26 -07:00
Armon Dadgar
466c7575d3
Replace VaultID with LeaseID for terminology simplification
2015-04-08 13:35:32 -07:00
Mitchell Hashimoto
7e4f47a9e6
vault: proper meta parameter for vaultstorage (tests pass now)
2015-04-07 14:37:50 -07:00
Mitchell Hashimoto
9378d0388a
vault: token store inehrits policies by default
2015-04-07 14:19:52 -07:00
Mitchell Hashimoto
8dce065972
vault: use mapstructure to decode token args
...
JSON sends as interface{}, so we can't decode directly into types.
2015-04-07 14:16:35 -07:00
Armon Dadgar
a8d4319ad5
vault: Update LRU on GetPolicy
2015-04-06 16:43:05 -07:00
Armon Dadgar
f022ec97c4
vault: Adding policy LRU cache
2015-04-06 16:41:48 -07:00
Armon Dadgar
493ee49e4d
vault: unify the token renew response
2015-04-06 16:35:39 -07:00
Mitchell Hashimoto
7aee6269f7
vault: pass a logger around to logical backends
2015-04-04 11:39:58 -07:00
Mitchell Hashimoto
246c2839b0
logical/framework: make help look nicer
2015-04-03 21:00:23 -07:00
Mitchell Hashimoto
8ff435ba1a
vault: fix issue with wrong path getting passed through
2015-04-03 20:48:04 -07:00
Mitchell Hashimoto
df8dbe9677
vault: allow mount point queries without trailing /
2015-04-03 20:45:00 -07:00
Armon Dadgar
148fe3d864
vault: Adding Hash function to MountTable
2015-04-03 17:46:57 -07:00
Armon Dadgar
d74c4c1c33
vault: Remove log about rollback
2015-04-03 17:11:24 -07:00
Armon Dadgar
3250bfad0a
vault: test credential unmount does cleanup
2015-04-03 16:15:34 -07:00
Armon Dadgar
82eda2b169
vault: Do early check for missing backend
2015-04-03 16:09:06 -07:00
Armon Dadgar
0dee7d29ec
vault: disable credential backend revokes tokens
2015-04-03 16:07:45 -07:00
Armon Dadgar
56d0b51be0
vault: Reuse mount table methods
2015-04-03 16:00:46 -07:00
Armon Dadgar
683d01e984
vault: Refactor common methods
2015-04-03 15:59:30 -07:00
Armon Dadgar
eaa483ff87
vault: Enforce default and max length leasing
2015-04-03 15:42:34 -07:00
Armon Dadgar
0ba7c64c0f
vault: Verify client token is not passed through in the plain
2015-04-03 15:39:56 -07:00
Armon Dadgar
002b2ad589
vault: Provide salted client token to logical backends
2015-04-03 14:42:39 -07:00
Armon Dadgar
e4854ca59b
vault: Allow deep paths for audit backends
2015-04-03 14:27:33 -07:00
Armon Dadgar
2f3e511507
vault: Allow deep paths for auth mounting
2015-04-03 14:24:00 -07:00
Armon Dadgar
b8d69a357c
vault: Use Auth for lease and renewable
2015-04-03 14:04:50 -07:00
Armon Dadgar
2feba52f40
vault: Adding auth/token/renew endpoint
2015-04-03 12:11:49 -07:00
Armon Dadgar
adaa83b48c
vault: Adding RenewToken to expiration manager
2015-04-03 11:58:10 -07:00
Armon Dadgar
c82fbbb8c3
vault: Support prefix based token revocation
2015-04-03 11:40:08 -07:00
Armon Dadgar
eec6c27fae
vault: Special case auth/token/create
2015-04-02 18:05:23 -07:00
Armon Dadgar
c6479642e9
vault: integrate login with expiration manager
2015-04-02 17:52:11 -07:00
Armon Dadgar
1b19a8ee1b
vault: Rename RegisterLogin to RegisterAuth
2015-04-02 17:45:42 -07:00
Armon Dadgar
d0ac9e5711
vault: Expose SaltID from token store
2015-04-02 17:39:38 -07:00
Armon Dadgar
c54534875a
vault: testing remount cleanup
2015-04-02 12:04:37 -07:00
Armon Dadgar
f397cd3fb1
vault: remount does appropriate cleanup
2015-04-02 12:03:00 -07:00
Armon Dadgar
3a8dc4dff9
vault: Adding Untaint to router
2015-04-02 12:01:53 -07:00
Armon Dadgar
bfe7a1e901
vault: testing unmount cleanup
2015-04-02 11:47:44 -07:00
Armon Dadgar
0b5572a2f7
vault: ensure unmount properly cleans up state
2015-04-02 11:18:06 -07:00
Armon Dadgar
3e427910fb
vault: Support tainting router paths
2015-04-02 11:18:06 -07:00
Armon Dadgar
c718408055
vault: Added MatchingView method
2015-04-02 11:18:06 -07:00
Armon Dadgar
d5e5499ddd
vault: Adding ClearView method
2015-04-02 11:18:05 -07:00
Armon Dadgar
d5403d6673
vault: TODO cleanups
2015-04-01 22:13:08 -07:00
Armon Dadgar
f231a6c67d
vault: rollback supports joining an inflight operation
2015-04-01 22:12:03 -07:00
Armon Dadgar
c3aed5589e
vault: Adding intermediate taint step to unmount
2015-04-01 22:12:03 -07:00
Mitchell Hashimoto
6218c2729d
http: audit endpoints
2015-04-01 18:36:13 -07:00
Armon Dadgar
114c1e1dea
vault: Adding the raw/ endpoints to sys
2015-04-01 17:45:00 -07:00
Armon Dadgar
28bc849fd9
vault: Attach policy name if missing
2015-04-01 17:45:00 -07:00
Armon Dadgar
6933f94acd
vault: Prevent UUID injection on sys mount path
2015-04-01 17:45:00 -07:00
Mitchell Hashimoto
a8912e82d8
enable github
2015-04-01 15:48:56 -07:00
Armon Dadgar
4138e43f00
vault: Adding audit trail for login
2015-04-01 14:48:37 -07:00
Armon Dadgar
3d3e18793b
vault: Integrate audit logging with core
2015-04-01 14:33:48 -07:00
Armon Dadgar
b657b74a97
vault: Minor rework for clarity
2015-04-01 14:11:26 -07:00
Armon Dadgar
c83f46606b
vault: Simpify token checking logic
2015-04-01 14:03:17 -07:00
Armon Dadgar
cd681d7226
vault: Extending AuditBroker to support new audit methods
2015-04-01 13:55:07 -07:00
Mitchell Hashimoto
08a9216aa7
vault: register vault ID even fi no lease
2015-03-31 21:04:10 -07:00
Mitchell Hashimoto
2c9ebecda7
vault: register zero lease entries with the expiration manager
...
/cc @armon - would appreciate a review on this one
2015-03-31 21:01:12 -07:00
Mitchell Hashimoto
aba7fc1910
http: auth handlers
2015-03-31 20:24:51 -07:00
Armon Dadgar
dda8dec5bf
vault: Adding sys/ paths to enable/disable audit backends
2015-03-31 16:45:08 -07:00
Armon Dadgar
7ca462c028
vault: Adding enable/disable audit methods
2015-03-31 15:26:07 -07:00
Armon Dadgar
d817e31d67
vault: Sanity check keys in the barrier view
2015-03-31 13:32:24 -07:00
Armon Dadgar
a6bc60c7d6
vault: Adding AuditBroker and basic tests
2015-03-31 13:22:40 -07:00
Armon Dadgar
0a7df0b3d4
vault: Adding options to mount table
2015-03-31 13:14:08 -07:00
Mitchell Hashimoto
1dcb37c6b6
vault: lookup-self for TokenStore to look up your own store
2015-03-31 12:51:00 -07:00
Mitchell Hashimoto
63f259cc8d
vault: lookup without a token looks up self
2015-03-31 12:50:07 -07:00
Mitchell Hashimoto
6a72ea61d5
vault: convert TokenStore to logical/framework
2015-03-31 12:48:19 -07:00
Mitchell Hashimoto
c8294170cc
vault: test bad key to seal
2015-03-31 10:00:04 -07:00
Mitchell Hashimoto
0666bda865
vault: require root token for seal
2015-03-31 09:59:02 -07:00
Mitchell Hashimoto
04c80a81bc
vault: add seal to the sys backend
2015-03-31 09:36:13 -07:00
Mitchell Hashimoto
d4509b0ee3
vault: keep the connection info around for auth
2015-03-30 20:55:01 -07:00
Mitchell Hashimoto
c9acfa17cb
vault: get rid of HangleLogin
2015-03-30 20:26:39 -07:00
Mitchell Hashimoto
69593cde56
remove credential/ lots of tests faililng
2015-03-30 18:07:05 -07:00
Mitchell Hashimoto
62ee621ea3
logical: move cred stuff over here
2015-03-30 17:46:18 -07:00
Mitchell Hashimoto
e9a3a34c27
vault: tests passing
2015-03-29 16:18:08 -07:00
Mitchell Hashimoto
4cacaf62f0
http: support auth
2015-03-29 16:14:54 -07:00
Armon Dadgar
5517910829
vault: Make audit/ a protected path
2015-03-27 14:00:57 -07:00
Armon Dadgar
042db7798e
vault: Adding basic audit table load/unload
2015-03-27 14:00:38 -07:00
Armon Dadgar
609ac4c562
vault: Allow passing in audit factory methods
2015-03-27 13:45:13 -07:00
Armon Dadgar
9a4946f115
vault: Testing core ACL enforcement
2015-03-24 15:55:27 -07:00
Armon Dadgar
23864839bb
vault: testing root privilege restrictions
2015-03-24 15:52:07 -07:00
Armon Dadgar
fe402cdd87
vault: ignore a nil policy object, as it has no permissions
2015-03-24 15:49:17 -07:00
Armon Dadgar
b354f03cb2
vault: adding auth/token/lookup/ support
2015-03-24 15:39:33 -07:00
Armon Dadgar
4a4d1d3e45
vault: adding auth/token/revoke/ and auth/token/revoke-orphan/
2015-03-24 15:30:09 -07:00
Armon Dadgar
26f05f7a20
vault: Passthrough of client token to token store
2015-03-24 15:12:52 -07:00
Armon Dadgar
6fd3cae2c2
vault: Adding auth/token/create endpoint
2015-03-24 15:10:46 -07:00
Armon Dadgar
b5332404d1
vault: Allow providing token ID during creation
2015-03-24 14:22:50 -07:00
Armon Dadgar
b41d2e6368
vault: utility string set methods
2015-03-24 13:56:07 -07:00
Armon Dadgar
493fbc12fc
vault: utility string search methods
2015-03-24 13:44:47 -07:00
Armon Dadgar
49df1570d6
vault: test missing and invalid tokens
2015-03-24 11:57:08 -07:00
Armon Dadgar
20c2375352
vault: Adding ACL enforcement
2015-03-24 11:37:07 -07:00
Armon Dadgar
43a99aec93
vault: Special case root policy
2015-03-24 11:27:21 -07:00
Armon Dadgar
4598e43140
vault: Adding ClientToken
2015-03-24 11:09:25 -07:00
Armon Dadgar
65ef4f1032
vault: wire tokens into expiration manager
2015-03-23 18:11:15 -07:00
Armon Dadgar
86c9bd9083
vault: Give expiration manager a token store reference
2015-03-23 18:00:14 -07:00
Armon Dadgar
6481ff9e34
vault: Generate a root token when initializing
2015-03-23 17:31:30 -07:00
Armon Dadgar
cd3ee5cc03
vault: Remove core reference
2015-03-23 17:29:36 -07:00
Armon Dadgar
539554fc0b
vault: only log expiration notice if useful
2015-03-23 17:27:46 -07:00
Armon Dadgar
3607eae208
vault: Adding method to generate root token
2015-03-23 17:16:37 -07:00
Armon Dadgar
f40ed182c4
vault: Support policy CRUD
2015-03-23 14:43:31 -07:00
Armon Dadgar
192dcf7d39
vault: first pass at HandleLogin
2015-03-23 13:56:43 -07:00
Armon Dadgar
879a0501f8
vault: Track the token store in core
2015-03-23 13:41:05 -07:00
Armon Dadgar
56d99fe580
vault: token tracks generation path and meta data
2015-03-23 13:39:43 -07:00
Armon Dadgar
10e64d1e90
vault: extend router to handle login routing
2015-03-23 11:47:55 -07:00
Armon Dadgar
a78b7207b9
vault: playing with credential store interface
2015-03-20 13:54:57 -07:00
Armon Dadgar
82e13e3c41
vault: implement the sys/auth* endpoints
2015-03-20 12:48:19 -07:00
Mitchell Hashimoto
a0f59f682b
logical/framework: can specify InternalData for secret
2015-03-20 17:59:48 +01:00
Mitchell Hashimoto
1ff229ca68
http: passing tests
2015-03-19 23:28:49 +01:00
Mitchell Hashimoto
c349e97168
vault: clean up VaultID duplications, make secret responses clearer
...
/cc @armon - This is a reasonably major refactor that I think cleans up
a lot of the logic with secrets in responses. The reason for the
refactor is that while implementing Renew/Revoke in logical/framework I
found the existing API to be really awkward to work with.
Primarily, we needed a way to send down internal data for Vault core to
store since not all the data you need to revoke a key is always sent
down to the user (for example the user than AWS key belongs to).
At first, I was doing this manually in logical/framework with
req.Storage, but this is going to be such a common event that I think
its something core should assist with. Additionally, I think the added
context for secrets will be useful in the future when we have a Vault
API for returning orphaned out keys: we can also return the internal
data that might help an operator.
So this leads me to this refactor. I've removed most of the fields in
`logical.Response` and replaced it with a single `*Secret` pointer. If
this is non-nil, then the response represents a secret. The Secret
struct encapsulates all the lease info and such.
It also has some fields on it that are only populated at _request_ time
for Revoke/Renew operations. There is precedent for this sort of
behavior in the Go stdlib where http.Request/http.Response have fields
that differ based on client/server. I copied this style.
All core unit tests pass. The APIs fail for obvious reasons but I'll fix
that up in the next commit.
2015-03-19 23:11:42 +01:00
Mitchell Hashimoto
8039fc5c63
logical/framework: support renew
2015-03-19 20:20:57 +01:00
Mitchell Hashimoto
d4b284fba4
logical/framework: revoke support
2015-03-19 19:41:41 +01:00
Armon Dadgar
7170bff4f9
vault: testing credential enable/disable
2015-03-19 10:39:47 -07:00
Armon Dadgar
ca44529c9d
vault: Change constant name
2015-03-19 09:56:39 -07:00
Armon Dadgar
d88a41944e
vault: Switch AuthTable to using MountTable
2015-03-19 09:54:57 -07:00
Mitchell Hashimoto
2a1ae18877
vault: convert to new callback style
2015-03-19 15:05:22 +01:00
Armon Dadgar
bb8a014b6a
vault: first pass at enable/disable auth backends
2015-03-18 19:36:17 -07:00
Armon Dadgar
8cc88981d6
vault: token store is a credential implementation
2015-03-18 19:11:52 -07:00
Armon Dadgar
421f73d332
vault: Removing mtype from router
2015-03-18 15:48:14 -07:00
Armon Dadgar
b8da9c2ee2
vault: first pass at initializing credential backends
2015-03-18 15:46:07 -07:00
Armon Dadgar
d2d1822931
vault: Adding hooks for auth loading
2015-03-18 15:30:31 -07:00
Armon Dadgar
21b9bdaf37
vault: Allow passing in credential backends
2015-03-18 15:21:41 -07:00
Armon Dadgar
10a67592cd
vault: more protection of protected mount points
2015-03-18 15:16:52 -07:00
Armon Dadgar
6e22ca50eb
vault: integrate policy and token store into core
2015-03-18 14:00:42 -07:00
Armon Dadgar
481a3a2a91
vault: testing token revocation
2015-03-18 13:50:36 -07:00
Armon Dadgar
4d0700d12f
vault: Guard against blank tokens
2015-03-18 13:21:16 -07:00
Armon Dadgar
ded5dc71e9
vault: First pass token store
2015-03-18 13:19:19 -07:00
Armon Dadgar
51ce336753
vault: Adding PolicyStore
2015-03-18 12:17:03 -07:00
Armon Dadgar
061b6b24f1
vault: Refactor to use CollectKeys
2015-03-18 12:06:18 -07:00
Mitchell Hashimoto
d9bff7b674
vault: TODOs
2015-03-17 20:54:38 -05:00
Mitchell Hashimoto
6f9d63dea5
vault: comment mounts mapping in rollback manager
2015-03-17 20:53:28 -05:00
Mitchell Hashimoto
05f86ca957
vault: put uint32 at top of struct to avoid alignment issues
2015-03-17 20:46:10 -05:00
Mitchell Hashimoto
97dab0c285
vault: ignore backends that don't support rollback
2015-03-17 20:39:45 -05:00
Mitchell Hashimoto
e078b957d4
vault: start/stop rollback manager post/pre seal
2015-03-17 20:39:45 -05:00
Mitchell Hashimoto
c7b9148841
vault: RollbackManager
...
There are some major TODO items here, and it isn't hooked into the core
yet, but the basic functionality is there.
2015-03-17 20:39:45 -05:00
Mitchell Hashimoto
abe0859aa5
vault: use RWMutex on MountTable itself
2015-03-17 20:39:45 -05:00
Armon Dadgar
99abc11ec5
vault: Adding ACL representation
2015-03-17 18:31:20 -07:00
Armon Dadgar
ddab671bf4
vault: Adding policy parsing
2015-03-17 15:53:29 -07:00
Armon Dadgar
46ccb81db4
vault: Respect grace period for revocation
2015-03-16 17:09:18 -07:00
Armon Dadgar
a24192b728
vault: Support sys/revoke-prefix/
2015-03-16 16:33:48 -07:00
Armon Dadgar
f08659aaaa
vault: Adding sys/revoke
2015-03-16 16:26:34 -07:00
Armon Dadgar
57b4f970d2
vault: Test renew of bad ID
2015-03-16 16:14:53 -07:00
Armon Dadgar
e52f1ee960
vault: Testing sys/renew
2015-03-16 16:11:55 -07:00
Armon Dadgar
15b7dc2d02
vault: integration expiration manager with core
2015-03-16 15:28:50 -07:00
Armon Dadgar
5f1e3e5986
vault: Testing restore
2015-03-16 15:11:47 -07:00
Armon Dadgar
703bcd8190
vault: Testing revoke and renew
2015-03-16 15:11:47 -07:00
Armon Dadgar
b203c27326
vault: testing internal expiration manager methods
2015-03-16 15:11:47 -07:00
Armon Dadgar
11552f132b
vault: testing expiration manager persistence
2015-03-16 15:11:46 -07:00
Armon Dadgar
e85cd66b30
all: Removing fields from Lease
2015-03-16 13:29:51 -07:00
Armon Dadgar
18069d4cf7
vault: Handle a negetive renew increment
2015-03-16 11:52:38 -07:00
Armon Dadgar
bdfa320e01
vault: First pass at expiration manager
2015-03-16 11:35:43 -07:00
Armon Dadgar
c8d00f6aa2
vault: Adding barrier view scan method
2015-03-16 11:35:43 -07:00
Mitchell Hashimoto
de1e28a77c
vault: change to /sys/mounts
2015-03-16 10:52:35 -07:00
Mitchell Hashimoto
e3a796028e
http: /v1/sys/mount endpoint
2015-03-16 10:36:43 -07:00
Mitchell Hashimoto
12b12e578c
vault: fix merge conflict + pass tests
2015-03-15 19:38:23 -07:00
Armon Dadgar
ca358f64dd
vault: Merge conflict
2015-03-15 18:06:19 -07:00
Armon Dadgar
b96ac9f95f
vault: Assign renew time
2015-03-15 18:05:31 -07:00
Mitchell Hashimoto
9f0d59d03f
vault: system using the framework
2015-03-15 17:35:59 -07:00
Mitchell Hashimoto
edd13a5d24
vault: passthrough backend uses logical/framework
2015-03-15 17:07:54 -07:00
Mitchell Hashimoto
d4f54be927
vault: can pass in the backends
2015-03-15 16:25:38 -07:00
Mitchell Hashimoto
ece0be434e
vault: rename SystemBackend2 to SystemBackend
2015-03-15 14:54:49 -07:00
Mitchell Hashimoto
d1d1929192
vault: convert to logical.Request and friends
2015-03-15 14:53:41 -07:00
Mitchell Hashimoto
5ffcd02b7a
vault: convert system to logical.Backend
2015-03-15 14:42:05 -07:00
Mitchell Hashimoto
c3ae1b59a1
vault: Passthrough backend uses logical.Backend
2015-03-15 14:27:06 -07:00
Mitchell Hashimoto
c7e901ce45
vault: incremental change to get closer to logical structs
2015-03-15 14:27:06 -07:00
Mitchell Hashimoto
63a9eb321a
logical: put structs here, vault uses them
2015-03-15 14:27:06 -07:00
Mitchell Hashimoto
92910d18d1
vault: make mount functions private again, going to try something else
2015-03-14 18:31:31 -07:00
Mitchell Hashimoto
9d84e7bacc
vault: don't copy the key so it can be zeroed, document, add helper
2015-03-14 18:25:55 -07:00
Mitchell Hashimoto
866b91d858
vault: public TestCoreUnsealed, don't modify key in Unseal
...
/cc @armon - I do a key copy within Unseal now. It tripped me up for
quite awhile that that method actually modifies the param in-place and I
can't think of any scenario that is good for the user. Do you see any
issues here?
2015-03-14 17:47:11 -07:00
Mitchell Hashimoto
b2af154fb4
vault: make Mount related core functions public
...
/cc @armon - So I know the conversation we had related to this about
auth, but I think we still need to export these and do auth only at the
external API layer. If you're writing to the internal API, then all bets
are off.
The reason is simply that if you have access to the code, you can
already work around it anyways (you can disable auth or w/e), so a
compromised Vault source/binary is already a failure, and that is the
only thing that our previous unexported methods were protecting against.
If you write an external tool to access a Vault, it still needs to be
unsealed so _that_ is the primary security mechanism from an API
perspective. Once it is unsealed then the core API has full access to
the Vault, and identity/auth is only done at the external API layer, not
at the internal API layer.
The benefits of this approach is that it lets us still treat the "sys"
mount specially but at least have sys adopt helper/backend and use that
machinery and it can still be the only backend which actually has a
reference to *vault.Core to do core things (a key difference). So, an
AWS backend still will never be able to muck with things it can't, but
we're explicitly giving Sys (via struct initialization in Go itself)
a reference to *vault.Core.
2015-03-14 17:26:59 -07:00
Mitchell Hashimoto
f43a0290cf
vault: public testing methods
2015-03-13 12:53:09 -07:00
Armon Dadgar
9d5db1286d
vault: Track the renew time
2015-03-13 11:36:24 -07:00
Armon Dadgar
081358091a
vault: improve seal/unseal log messages
2015-03-13 11:34:40 -07:00
Armon Dadgar
f0d00e77ec
vault: Adding start/stop to expiration manager
2015-03-13 11:31:43 -07:00
Armon Dadgar
d744d4ee5e
vault: integrate expiration manager with core setup/teardown
2015-03-13 11:20:36 -07:00
Armon Dadgar
d0380e553d
vault: Support a pre-seal teardown
2015-03-13 11:16:24 -07:00
Armon Dadgar
5ce63ea7cd
vault: Adding lease registration
2015-03-13 10:56:03 -07:00
Armon Dadgar
affeefa7f8
vault: Validate lease values
2015-03-13 10:56:03 -07:00
Armon Dadgar
e77ce26d31
vault: spec out expiration manager API
2015-03-12 18:38:22 -07:00
Armon Dadgar
15de847389
vault: Setup expiration manager on unseal
2015-03-12 12:44:30 -07:00
Armon Dadgar
6c759416d0
vault: special view path for system
2015-03-12 12:44:30 -07:00
Armon Dadgar
ef82fe04c6
vault: Support sub-views
2015-03-12 12:44:30 -07:00
Armon Dadgar
b17607e51f
vault: support remount
2015-03-12 12:09:30 -07:00
Armon Dadgar
3ed3e23d93
vault: Improve error when unseal key is wrong
2015-03-12 11:27:41 -07:00
Armon Dadgar
aa0ca02b8c
vault: sanity check key length
2015-03-12 11:20:38 -07:00
Mitchell Hashimoto
718065c733
vault: the config has to be exported
2015-03-12 10:22:12 -07:00
Armon Dadgar
11b76b064c
vault: Verify paths that are root
2015-03-11 18:47:15 -07:00
Armon Dadgar
67dc52f40f
vault: testing new system endpoints
2015-03-11 18:34:33 -07:00
Armon Dadgar
719eded495
vault: testing mount/unmount
2015-03-11 18:29:49 -07:00
Armon Dadgar
0ca093fb2d
vault: First pass at mount/unmount
2015-03-11 18:19:45 -07:00
Armon Dadgar
59052069bc
vault: Router can check for matching mounts
2015-03-11 18:19:45 -07:00
Armon Dadgar
91462a61a2
vault: Adding mounts table endpoint
2015-03-11 16:12:15 -07:00
Armon Dadgar
b212890043
vault: Setup the mount tables after load
2015-03-11 15:50:42 -07:00
Armon Dadgar
10afebabdd
vault: Moving generic backend into package
2015-03-11 15:50:42 -07:00
Armon Dadgar
c6009345d1
vault: Testing mount table setup
2015-03-11 15:33:25 -07:00
Armon Dadgar
f54e4e0f6a
vault: Loading mount tables on start
2015-03-11 15:19:41 -07:00
Armon Dadgar
370693ebb4
vault: Adding UUID method
2015-03-11 15:13:07 -07:00
Armon Dadgar
fdad9e9ce3
vault: Test routing while sealed
2015-03-11 14:31:55 -07:00
Armon Dadgar
a6508b4010
vault: Testing core unseal
2015-03-11 14:25:16 -07:00
Armon Dadgar
faa337dcbe
vault: Testing initialization
2015-03-11 11:57:05 -07:00
Armon Dadgar
8fdac427a7
vault: Test initialization simple
2015-03-11 11:52:01 -07:00
Armon Dadgar
6794e59e2b
vault: First pass at Unseal
2015-03-11 11:43:36 -07:00
Armon Dadgar
8c49152c78
vault: Support secret sharing
2015-03-11 11:34:08 -07:00
Armon Dadgar
53b4e3281a
vault: First pass at initialization
2015-03-09 17:45:34 -07:00
Armon Dadgar
da34cbb39a
vault: Adding core skeleton
2015-03-09 16:33:27 -07:00
Armon Dadgar
ff5834ddb4
vault: Adding mount type
2015-03-09 16:12:07 -07:00
Armon Dadgar
a453d8fbf8
vault: Adding router
2015-03-05 17:23:56 -08:00
Armon Dadgar
51cc19e92f
logical: Adding generic backend
2015-03-05 16:35:09 -08:00
Armon Dadgar
e997fd31ea
vault: more logical details
2015-03-05 15:31:40 -08:00
Armon Dadgar
0de1ac001f
vault: Skeleton logical backend interface
2015-03-05 15:24:00 -08:00
Armon Dadgar
a249149329
vault: Adding a barrier view
2015-03-05 14:34:05 -08:00
Armon Dadgar
9d2d0298ea
vault: Basic test for barrier confidentiality and integrity
2015-03-05 14:03:00 -08:00
Armon Dadgar
ea7f4a45e6
vault: Structure the barrier init file
2015-03-05 13:57:45 -08:00
Armon Dadgar
7326959d25
vault: Double Unseal should be a no-op
2015-03-05 13:29:23 -08:00
Armon Dadgar
e8abe8b0cd
vault: First pass at a barrier
2015-03-05 13:27:35 -08:00
Armon Dadgar
0cac63234a
vault: Adding utility methods
2015-03-05 11:44:03 -08:00