9f1e6c7b26
Merge pull request #1607 from hashicorp/standardize-time
...
Remove redundant invocations of UTC() call on `time.Time` objects
2016-07-13 10:19:23 -06:00
fcb0b580ab
Fix broken build
2016-07-08 23:16:58 -04:00
55a667b8cd
Fix broken build
2016-07-08 20:30:27 -04:00
dc690d6233
Place error check before the response check in expiration test
2016-07-08 19:01:36 -04:00
e09b40e155
Remove Unix() invocations on 'time.Time' objects and removed conversion of time to UTC
2016-07-08 18:30:18 -04:00
c7d72fea90
Do some extra checking in the modified renewal check
2016-07-08 10:34:49 -04:00
7023eafc67
Make the API client retry on 5xx errors.
...
This should help with transient issues. Full control over min/max delays
and number of retries (and ability to turn off) is provided in the API
and via env vars.
Fix tests.
2016-07-06 16:50:23 -04:00
475b0e2d33
Add table/type checking to mounts table.
2016-05-26 12:55:00 -04:00
fb07d07ad9
all: Cleanup from running go vet
2016-04-13 14:38:29 -05:00
75650ec1ad
Keep the expiration manager from keeping old token entries.
...
The expiration manager would never be poked to remove token entries upon
token revocation, if that revocation was initiated in the token store
itself. It might have been to avoid deadlock, since during revocation of
tokens the expiration manager is called, which then calls back into the
token store, and so on.
This adds a way to skip that last call back into the token store if we
know that we're on the revocation path because we're in the middle of
revoking a token. That way the lease is cleaned up. This both prevents
log entries appearing for already-revoked tokens, and it also releases
timer/memory resources since we're not keeping the leases around.
2016-03-31 15:10:25 -04:00
6df72e6efd
Merge pull request #1168 from hashicorp/revoke-force
...
Add forced revocation.
2016-03-09 16:59:52 -05:00
d171931e59
Add unit test for forced revocation
2016-03-09 16:47:58 -05:00
86dca39141
Fix testcase
2016-03-04 15:03:01 -05:00
4c87c101f7
Fix tests
2016-02-26 16:44:35 -05:00
b2bde47b01
Pull out setting the root token ID; use the new ParseUUID method in
...
go-uuid instead, and revoke if there is an error.
2016-01-19 19:44:33 -05:00
3b994dbc7f
Add the ability to generate root tokens via unseal keys.
2016-01-19 18:28:10 -05:00
9c5ad28632
Update deps, and adjust usage of go-uuid to match new return values
2016-01-13 13:40:08 -05:00
e990b77d6e
Address review feedback; move storage of these values to the expiration manager
2016-01-04 16:43:07 -05:00
f2da5b639f
Migrate 'uuid' to 'go-uuid' to better fit HC naming convention
2015-12-16 12:56:20 -05:00
395d6bead4
Fix removing secondary index from exp manager.
...
Due to a typo, revoking ensures that index entries are created rather
than removed. This adds a failing, then fixed test case (and helper
function) to ensure that index entries are properly removed on revoke.
Fixes #749
2015-11-04 10:50:31 -05:00
636d57a026
Make the token store's Create and RootToken functions non-exported.
...
Nothing requires them to be exported, and I don't want anything in the
future to think it's okay to simply create a root token when it likes.
2015-10-30 10:59:26 -04:00
a9155ef85e
Use split-out hashicorp/uuid
2015-10-12 14:07:12 -04:00
c460ff10ca
Push a lot of logic into Router to make a bunch of it nicer and enable a
...
lot of cleanup. Plumb config and calls to framework.Backend.Setup() into
logical_system and elsewhere, including tests.
2015-09-10 15:09:54 -04:00
ea9fbb90bc
Rejig Lease terminology internally; also, put a few JSON names back to their original values
2015-08-20 22:27:01 -07:00
93ef9a54bd
Internally refactor Lease/LeaseGracePeriod into TTL/GracePeriod
2015-08-20 18:00:51 -07:00
8bc99f8c23
helper/uuid: single generateUUID definition
2015-06-30 12:38:32 -07:00
e2b0f5dae8
vault: improve lease error message. Fixes #338
2015-06-18 15:37:08 -07:00
c849aba53a
vault: Adding InternalData to Auth
2015-05-09 11:39:54 -07:00
f17d65507f
Use UTC in tests
2015-04-28 22:18:00 -04:00
95c8001388
Disable mlock in tests
2015-04-28 22:18:00 -04:00
eef1a10e8e
vault: fix more test race conditions
2015-04-28 19:17:45 -07:00
992028e23e
vault: the expiration time should be relative to the issue time
2015-04-10 21:21:06 -07:00
1e2863e2b8
vault: remove unused RevokeAll method
2015-04-10 14:59:49 -07:00
b10fbc4d83
vault: Adding token based revocation
2015-04-10 14:48:08 -07:00
39c51ede2e
vault: testing renewAuthEntry
2015-04-10 14:07:06 -07:00
13836e8612
vault: groundwork to allow auth renew
2015-04-10 13:59:49 -07:00
4679febdf3
logical: Refactor LeaseOptions to share between Secret and Auth
2015-04-09 12:14:04 -07:00
7df486482b
vault: Adding LeaseIssue for renew to allow limiting maximum lease length
2015-04-09 11:54:32 -07:00
82c5d9c478
vault: Enforce non-renewability
2015-04-08 17:03:46 -07:00
429ad7e5cb
vault: Handle auth entry without lease
2015-04-08 15:43:26 -07:00
466c7575d3
Replace VaultID with LeaseID for terminology simplification
2015-04-08 13:35:32 -07:00
493ee49e4d
vault: unify the token renew response
2015-04-06 16:35:39 -07:00
002b2ad589
vault: Provide salted client token to logical backends
2015-04-03 14:42:39 -07:00
adaa83b48c
vault: Adding RenewToken to expiration manager
2015-04-03 11:58:10 -07:00
c82fbbb8c3
vault: Support prefix based token revocation
2015-04-03 11:40:08 -07:00
1b19a8ee1b
vault: Rename RegisterLogin to RegisterAuth
2015-04-02 17:45:42 -07:00
69593cde56
remove credential/ lots of tests faililng
2015-03-30 18:07:05 -07:00
6fd3cae2c2
vault: Adding auth/token/create endpoint
2015-03-24 15:10:46 -07:00
65ef4f1032
vault: wire tokens into expiration manager
2015-03-23 18:11:15 -07:00
86c9bd9083
vault: Give expiration manager a token store reference
2015-03-23 18:00:14 -07:00
Vishal Nayak