luxolus/open-vault
2
0
Fork 0
Code Issues 1 Pull requests Releases Activity
2546 commits 1 branch 0 tags 214 MiB
Commit graph

510 commits

Author SHA1 Message Date
Jeff Mitchell 5783f547ab Display whether a token is an orphan on lookup. 2015-11-09 13:19:59 -05:00
Jeff Mitchell 7aa3faa626 Rename core's 'policy' to 'policyStore' for clarification 2015-11-06 12:07:42 -05:00
Jeff Mitchell 7d8371c4a3 Remove warning about nonexistent root policy by using GetPolicy instead 
of the listing function.
 2015-11-06 11:36:40 -05:00
Jeff Mitchell 395d6bead4 Fix removing secondary index from exp manager. 
Due to a typo, revoking ensures that index entries are created rather
than removed. This adds a failing, then fixed test case (and helper
function) to ensure that index entries are properly removed on revoke.

Fixes #749
 2015-11-04 10:50:31 -05:00
Jeff Mitchell 6ccded7a2f Add ability to create orphan tokens from the API 2015-11-03 15:12:21 -05:00
Jeff Mitchell a9db12670a errwrap -> go-multierror + errwrap 2015-11-02 13:29:33 -05:00
Jeff Mitchell 7e9918ec8e Run preSeal if postUnseal fails. 
This also ensures that every error path out of postUnseal returns an
error.

Fixes #733
 2015-11-02 13:29:33 -05:00
Jeff Mitchell 1899bd8ef0 Merge pull request #730 from hashicorp/issue-713 
Write HMAC-SHA256'd client token to audited requests
 2015-10-30 13:36:22 -04:00
Jeff Mitchell 94b7be702b Return data on a token with one use left if there is no Lease ID 
Fixes #615
 2015-10-30 12:35:42 -04:00
Jeff Mitchell 636d57a026 Make the token store's Create and RootToken functions non-exported. 
Nothing requires them to be exported, and I don't want anything in the
future to think it's okay to simply create a root token when it likes.
 2015-10-30 10:59:26 -04:00
Jeff Mitchell cf4b88c196 Write HMAC-SHA256'd client token to audited requests 
Fixes #713
 2015-10-29 13:26:18 -04:00
Jeff Mitchell 85d4dd6a1d Check TTL provided to generic backend on write 
If existing entries have unparseable TTLs, return the value plus a
warning, rather than an error.

Fixes #718
 2015-10-29 11:05:21 -04:00
Jeff Mitchell c1d8b97342 Add reset support to the unseal command. 
Reset clears the provided unseal keys, allowing the process to be begun
again. Includes documentation and unit test changes.

Fixes #695
 2015-10-28 15:59:39 -04:00
Levi Gross fffcfc668b Fixed comment spelling mistake and removed unnecessary variable allocation 2015-10-15 14:51:30 -04:00
Jeff Mitchell 78b5fcdf51 Serialize changing the state of the expiration manager pointer and 
calling emitMetrics from its own goroutine.

Fixes #694
 2015-10-12 16:33:54 -04:00
Jeff Mitchell ed6ce1c53e Fix a logic bug around setting both a mount default and max at the same time. Ping #688. 2015-10-12 14:57:43 -04:00
Jeff Mitchell a9155ef85e Use split-out hashicorp/uuid 2015-10-12 14:07:12 -04:00
Jeff Mitchell 5fbaa0e64d Apply mount-tune properties to the token authentication backend. 
Fixes #688.
 2015-10-09 20:26:39 -04:00
Jeff Mitchell e02517ae42 Rename tune functions 2015-10-09 20:00:17 -04:00
Jeff Mitchell b5d674d94e Add 301 redirect checking to the API client. 
Vault doesn't generate these, but in some cases Go's internal HTTP
handler does. For instance, during a mount-tune command, finishing the
mount path with / (as in secret/) would cause the final URL path to
contain .../mounts/secret//tune. The double slash would trigger this
behavior in Go's handler and generate a 301. Since Vault generates 307s,
this would cause the client to think that everything was okay when in
fact nothing had happened.
 2015-10-09 17:11:31 -04:00
Jeff Mitchell bd1dce7f95 Address review feedback for #684 2015-10-08 14:34:10 -04:00
Jeff Mitchell d58a3b601c Add a cleanLeaderPrefix function to clean up stale leader entries in core/leader 
Fixes #679.
 2015-10-08 14:04:58 -04:00
Jeff Mitchell d740fd4a6a Add the ability for warnings to be added to responses. These are 
marshalled into JSON or displayed from the CLI depending on the output
mode. This allows conferring information such as "no such policy exists"
when creating a token -- not an error, but something the user should be
aware of.

Fixes #676
 2015-10-07 16:18:39 -04:00
Jeff Mitchell 50b9129e65 Normalize policy names to lowercase on write. They are not currently 
normalized when reading or deleting, for backwards compatibility.

Ping #676.
 2015-10-07 13:52:21 -04:00
Jeff Mitchell 4a52de13e3 Add renew-self endpoint. 
Fixes #455.
 2015-10-07 12:49:13 -04:00
Jeff Mitchell 3c914f7fa8 Add revocation/renewal functions in all cases in the generic backend. 
Fixes #673.
 2015-10-07 11:42:23 -04:00
Jeff Mitchell 21644751ed Fix the key rotation upgrade check error message 2015-10-05 18:23:32 -04:00
vishalnayak 145aee229e Merge branch 'master' of https://github.com/hashicorp/vault 2015-10-03 00:07:34 -04:00
Jeff Mitchell 8f27c250d6 Fix problematic logging statements. 
Fixes #665.
 2015-10-02 18:31:46 -07:00
vishalnayak 3dd84446ab Github backend: enable auth renewals 2015-10-02 13:33:19 -04:00
Jeff Mitchell ca50012017 Format token lease/TTL as int in JSON API when looking up 2015-09-27 22:36:36 -04:00
Jesse Szwedko 6ef455af89 Fix warnings returned by make vet 
$GOPATH/src/github.com/hashicorp/vault/vault/policy.go:69: unreachable code
$GOPATH/src/github.com/hashicorp/vault/vault/policy_store_test.go:139: github.com/hashicorp/vault/logical.StorageEntry composite literal uses unkeyed fields
 2015-09-26 21:17:39 -07:00
Jeff Mitchell 62ac518ae7 Switch per-mount values to strings going in and seconds coming out, like other commands. Indicate deprecation of 'lease' in the token backend. 2015-09-25 10:41:21 -04:00
Jeff Mitchell c694c7d31d Fix situation where a new required singleton backend would not be activated upon upgrade. 2015-09-21 17:54:36 -04:00
Jeff Mitchell 81e535dc2d Minor updates to passthrough and additional tests 2015-09-21 16:57:41 -04:00
Jeff Mitchell 47e8c0070a Don't use leases on the generic backend...with a caveat. 
You can now turn on and off the lease behavior in the generic backend by
using one of two factories. Core uses the normal one if it's not already
set, so unit tests can use the custom one and all stay working.

This also adds logic into core to check, when the response is coming
from a generic backend, whether that backend has leases enabled. This
adds some slight overhead.
 2015-09-21 16:37:37 -04:00
Vishal Nayak d526c8ce1c Merge pull request #629 from hashicorp/token-create-sudo 
TokenStore: Provide access based on sudo permissions and not policy name
 2015-09-21 10:12:29 -04:00
vishalnayak 1a01ab3608 Take ClientToken instead of Policies 2015-09-21 10:04:03 -04:00
Jeff Mitchell ab7d35b95e Fix up per-backend timing logic; also fix error in TypeDurationSecond in 
GetOkErr.
 2015-09-21 09:55:03 -04:00
vishalnayak 3b51ee1c48 Using core's logger 2015-09-19 19:01:36 -04:00
vishalnayak 02485e7175 Abstraced SudoPrivilege to take list of policies 2015-09-19 18:23:44 -04:00
vishalnayak a2799b235e Using acl.RootPrivilege and rewrote mockTokenStore 2015-09-19 17:53:24 -04:00
Jeff Mitchell c5ddfbc391 Bump AESGCM version; include path in the GCM tags. 2015-09-19 17:04:37 -04:00
vishalnayak b6d47dd784 fix broken tests 2015-09-19 12:33:52 -04:00
Jeff Mitchell 68c268a6f0 Allow tuning of auth mounts, to set per-mount default/max lease times 2015-09-19 11:50:50 -04:00
Jeff Mitchell c8a0eda224 Use hmac-sha256 for protecting secrets in audit entries 2015-09-19 11:29:31 -04:00
vishalnayak fb77ec3623 TokenStore: Provide access based on sudo permissions and not policy name 2015-09-19 11:14:51 -04:00
Jeff Mitchell 5dde76fa1c Expand HMAC support in Salt; require an identifier be passed in to specify type but allow generation with and without. Add a StaticSalt ID for testing functions. Fix bugs; unit tests pass. 2015-09-18 17:38:30 -04:00
Jeff Mitchell b655f6b858 Add HMAC capability to salt. Pass a salt into audit backends. Require it for audit.Hash. 2015-09-18 17:38:22 -04:00
Jeff Mitchell d775445efe Store token creation time and TTL. This can be used to properly populate 
fields in 'lookup-self'. Importantly, this also makes credential
backends use the SystemView per-backend TTL values and fixes unit tests
to expect this.

Fully fixes #527
 2015-09-18 16:39:35 -04:00
Jeff Mitchell 8f79e8be82 Add revoke-self endpoint. 
Fixes #620.
 2015-09-17 13:22:30 -04:00
Jeff Mitchell 047ba90a44 Restrict orphan revocation to root tokens 2015-09-16 09:22:15 -04:00
Jeff Mitchell e7d5a18e94 Directly pass the cubbyhole backend to the token store and bypass logic in router 2015-09-15 13:50:37 -04:00
Jeff Mitchell 849b78daee Move more cubby logic outside of router into auth setup 2015-09-15 13:50:37 -04:00
Jeff Mitchell bdb8cf128d Cleanup; remove everything but double-salting from the router and give 
the token store cubby backend information for direct calling.
 2015-09-15 13:50:37 -04:00
Jeff Mitchell b50f7ec1b5 Remove noop checks in unmount/remount and restore previous behavior 2015-09-15 13:50:37 -04:00
Jeff Mitchell 77e7379ab5 Implement the cubbyhole backend 
In order to implement this efficiently, I have introduced the concept of
"singleton" backends -- currently, 'sys' and 'cubbyhole'. There isn't
much reason to allow sys to be mounted at multiple places, and there
isn't much reason you'd need multiple per-token storage areas. By
restricting it to just one, I can store that particular mount instead of
iterating through them in order to call the appropriate revoke function.

Additionally, because revocation on the backend needs to be triggered by
the token store, the token store's salt is kept in the router and
client tokens going to the cubbyhole backend are double-salted by the
router. This allows the token store to drive when revocation happens
using its salted tokens.
 2015-09-15 13:50:37 -04:00
Jeff Mitchell 104b29ab04 Rename View to StorageView to make it more distinct from SystemView 2015-09-15 13:50:37 -04:00
Jeff Mitchell 699e12a1c6 When there is one use left and a Secret is being returned, instead 
return a descriptive error indicating that the Secret cannot be returned
because when the token was revoked the secret was too. This prevents
confusion where credentials come back but cannot be used.

Fixes #615
 2015-09-14 11:07:27 -04:00
vishalnayak 142cb563a6 Improve documentation of token renewal 2015-09-11 21:08:32 -04:00
Lassi Pölönen d3aec0ba31 Cleanup routines should now use routeEntry instead of mountEntry. 2015-09-11 13:40:31 +03:00
Lassi Pölönen fb07cf9f53 Implement clean up routine to backend as some backends may require 
e.g closing database connections on unmount to avoud connection
stacking.
 2015-09-11 11:45:58 +03:00
Jeff Mitchell 39cfcccdac Remove error returns from sysview TTL calls 2015-09-10 15:09:54 -04:00
Jeff Mitchell 65ceb3439d Be consistent as both are the same pointer here 2015-09-10 15:09:54 -04:00
Jeff Mitchell 5de736e69c Implement shallow cloning to allow MountEntry pointers to stay consistent when spread across router/core/system views 2015-09-10 15:09:54 -04:00
Jeff Mitchell ace611d56d Address items from feedback. Make MountConfig use values rather than 
pointers and change how config is read to compensate.
 2015-09-10 15:09:54 -04:00
Jeff Mitchell c460ff10ca Push a lot of logic into Router to make a bunch of it nicer and enable a 
lot of cleanup. Plumb config and calls to framework.Backend.Setup() into
logical_system and elsewhere, including tests.
 2015-09-10 15:09:54 -04:00
Jeff Mitchell eff1c331ad Add more unit tests against backend TTLs, and fix two bugs found by them 
(yay unit tests!)
 2015-09-10 15:09:54 -04:00
Jeff Mitchell 86ccae7bd5 Fix mount config test by proxying mounts/ in addition to mounts 2015-09-10 15:09:54 -04:00
Jeff Mitchell 775dfe38a2 A couple bug fixes + most unit tests 2015-09-10 15:09:54 -04:00
Jeff Mitchell 488d33c70a Rejig how dynamic values are represented in system view and location of some functions in various packages; create mount-tune command and API analogues; update documentation 2015-09-10 15:09:54 -04:00
Jeff Mitchell 4239f9d243 Add DynamicSystemView. This uses a pointer to a pointer to always have 
up-to-date information. This allows remount to be implemented with the
same source and dest, allowing mount options to be changed on the fly.
If/when Vault gains the ability to HUP its configuration, this should
just work for the global values as well.

Need specific unit tests for this functionality.
 2015-09-10 15:09:54 -04:00
Jeff Mitchell d435048d9e Switch StaticSystemView values to pointers, to support updating 2015-09-10 15:09:54 -04:00
Jeff Mitchell 696d0c7b1d Plumb per-mount config options through API 2015-09-10 15:09:53 -04:00
Jeff Mitchell 893d2d9b00 Minor cleanup of MountConfig 2015-09-10 15:09:53 -04:00
Jeff Mitchell 17c60d3e78 Add logic to core to fetch a SystemView for a given mount entry and use those values for default/max TTL. The SystemView will reflect system defaults if not set for that mount. 2015-09-10 15:09:53 -04:00
Jeff Mitchell 98d0d23d70 Ensure token store is available when looking up token 2015-09-01 08:21:47 -04:00
Jeff Mitchell b74fa8c888 Make DefaultSystemView StaticSystemView with statically-configured information. Export this from Framework to make it easy to override for testing. 2015-08-27 11:25:07 -07:00
Jeff Mitchell 7c2bbe4c7f Use a SystemView interface and turn SystemConfig into DefaultSystemView 2015-08-27 10:36:44 -07:00
Jeff Mitchell e58553e7d5 Plumb the system configuration information up into framework 2015-08-27 09:41:03 -07:00
Jeff Mitchell 992e357d07 Add some plumbing to allow specified system configuration information to 
be retrieved by logical backends. First implemented is default/max TTL.
 2015-08-27 08:51:35 -07:00
Jeff Mitchell 3f45f3f41b Rename config lease_duration parameters to lease_ttl in line with current standardization efforts 2015-08-27 07:50:24 -07:00
Jeff Mitchell cc232e6f79 Address comments from review. 2015-08-25 15:33:58 -07:00
Jeff Mitchell c887df93cc Add support for pgp-keys argument to rekey, as well as tests, plus 
refactor common bits out of init.
 2015-08-25 14:52:13 -07:00
Jeff Mitchell f57e7892e7 Don't store the given public keys in the seal config 2015-08-25 14:52:13 -07:00
Jeff Mitchell 2f3e245b0b Add support for "pgp-tokens" parameters to init. 
There are thorough unit tests that read the returned
encrypted tokens, seal the vault, and unseal it
again to ensure all works as expected.
 2015-08-25 14:52:13 -07:00
Jeff Mitchell ea9fbb90bc Rejig Lease terminology internally; also, put a few JSON names back to their original values 2015-08-20 22:27:01 -07:00
Jeff Mitchell 93ef9a54bd Internally refactor Lease/LeaseGracePeriod into TTL/GracePeriod 2015-08-20 18:00:51 -07:00
Jeff Mitchell 0fa783f850 Update help text for TTL values in generic backend 2015-08-20 17:59:30 -07:00
Jeff Mitchell b57ce8e5c2 Change "lease" parameter in the generic backend to be "ttl" to reduce confusion. "lease" is now deprecated but will remain valid until 0.4. 
Fixes #528.
 2015-08-20 16:41:25 -07:00
Jeff Mitchell 15f57082e0 Begin factoring out sys paths into logical routes. Also, standardize on 307 as redirect code. 2015-08-20 13:20:35 -07:00
Jeff Mitchell 46d06144a8 Merge pull request #552 from hashicorp/fix-uselimit-decrement 
Fix #461 properly by defering potential revocation of a token until a…
 2015-08-20 10:39:24 -07:00
Jeff Mitchell db79dd8c22 Don't defer revocation when sealing, and clear out response/auth if there is a token use error 2015-08-20 10:37:42 -07:00
Jeff Mitchell 0e8e3660ff Fix #461 properly by defering potential revocation of a token until after the request is fully handled. 2015-08-20 10:14:13 -07:00
vishalnayak 1f5062a6e1 Merge branch 'master' of https://github.com/hashicorp/vault into vishalvault 2015-08-19 12:16:37 -07:00
Jeff Mitchell fe8c1c514d Add -no-verify option to CLI auth command, to avoid decrementing the token use count during auth. 2015-08-18 19:22:17 -07:00
vishalnayak 9324db7979 Vault SSH: verify echo test 2015-08-18 16:48:50 -07:00
Caleb Tennis 688df0be6d See if this clears build error 2015-08-13 13:17:09 -04:00
vishalnayak 93dfa67039 Merging changes from master 2015-08-12 09:28:16 -07:00
Caleb Tennis 323b49f03d Fix #392 by giving a more specific error 2015-08-11 20:18:52 -04:00