Commit Graph

148 Commits

Author SHA1 Message Date
Jeff Mitchell 6ccded7a2f Add ability to create orphan tokens from the API 2015-11-03 15:12:21 -05:00
Jeff Mitchell 636d57a026 Make the token store's Create and RootToken functions non-exported.
Nothing requires them to be exported, and I don't want anything in the
future to think it's okay to simply create a root token when it likes.
2015-10-30 10:59:26 -04:00
Jeff Mitchell a9155ef85e Use split-out hashicorp/uuid 2015-10-12 14:07:12 -04:00
Jeff Mitchell 4a52de13e3 Add renew-self endpoint.
Fixes #455.
2015-10-07 12:49:13 -04:00
Jeff Mitchell ca50012017 Format token lease/TTL as int in JSON API when looking up 2015-09-27 22:36:36 -04:00
Jeff Mitchell 62ac518ae7 Switch per-mount values to strings going in and seconds coming out, like other commands. Indicate deprecation of 'lease' in the token backend. 2015-09-25 10:41:21 -04:00
Vishal Nayak d526c8ce1c Merge pull request #629 from hashicorp/token-create-sudo
TokenStore: Provide access based on sudo permissions and not policy name
2015-09-21 10:12:29 -04:00
vishalnayak a2799b235e Using acl.RootPrivilege and rewrote mockTokenStore 2015-09-19 17:53:24 -04:00
vishalnayak b6d47dd784 fix broken tests 2015-09-19 12:33:52 -04:00
Jeff Mitchell d775445efe Store token creation time and TTL. This can be used to properly populate
fields in 'lookup-self'. Importantly, this also makes credential
backends use the SystemView per-backend TTL values and fixes unit tests
to expect this.

Fully fixes #527
2015-09-18 16:39:35 -04:00
Jeff Mitchell 8f79e8be82 Add revoke-self endpoint.
Fixes #620.
2015-09-17 13:22:30 -04:00
Jeff Mitchell 047ba90a44 Restrict orphan revocation to root tokens 2015-09-16 09:22:15 -04:00
Jeff Mitchell c460ff10ca Push a lot of logic into Router to make a bunch of it nicer and enable a
lot of cleanup. Plumb config and calls to framework.Backend.Setup() into
logical_system and elsewhere, including tests.
2015-09-10 15:09:54 -04:00
Jeff Mitchell 93ef9a54bd Internally refactor Lease/LeaseGracePeriod into TTL/GracePeriod 2015-08-20 18:00:51 -07:00
Armon Dadgar ffeb6ea76c vault: allow increment to be duration string. Fixes #340 2015-06-17 15:58:20 -07:00
Armon Dadgar ae421f75b7 vault: fixing issues with token renewal 2015-06-17 14:28:13 -07:00
Armon Dadgar 538c795f9b vault: Adding method to consume a limited use token 2015-04-17 11:51:04 -07:00
Armon Dadgar fd3948d476 vault: Tokens can have a use count specified 2015-04-17 11:34:25 -07:00
Armon Dadgar 818ce0a045 vault: token store allows specifying display_name 2015-04-15 14:24:07 -07:00
Mitchell Hashimoto 5eff7f1b57 vault: upper bound on test 2015-04-10 21:22:17 -07:00
Mitchell Hashimoto 992028e23e vault: the expiration time should be relative to the issue time 2015-04-10 21:21:06 -07:00
Armon Dadgar a6d974c74e vault: revoking a token should revoke all secrets it has generated 2015-04-10 15:12:04 -07:00
Armon Dadgar 1e2863e2b8 vault: remove unused RevokeAll method 2015-04-10 14:59:49 -07:00
Armon Dadgar 13836e8612 vault: groundwork to allow auth renew 2015-04-10 13:59:49 -07:00
Armon Dadgar 4679febdf3 logical: Refactor LeaseOptions to share between Secret and Auth 2015-04-09 12:14:04 -07:00
Armon Dadgar 82c5d9c478 vault: Enforce non-renewability 2015-04-08 17:03:46 -07:00
Mitchell Hashimoto 9378d0388a vault: token store inehrits policies by default 2015-04-07 14:19:52 -07:00
Armon Dadgar 493ee49e4d vault: unify the token renew response 2015-04-06 16:35:39 -07:00
Armon Dadgar b8d69a357c vault: Use Auth for lease and renewable 2015-04-03 14:04:50 -07:00
Armon Dadgar 2feba52f40 vault: Adding auth/token/renew endpoint 2015-04-03 12:11:49 -07:00
Armon Dadgar c82fbbb8c3 vault: Support prefix based token revocation 2015-04-03 11:40:08 -07:00
Mitchell Hashimoto 1dcb37c6b6 vault: lookup-self for TokenStore to look up your own store 2015-03-31 12:51:00 -07:00
Mitchell Hashimoto 63f259cc8d vault: lookup without a token looks up self 2015-03-31 12:50:07 -07:00
Mitchell Hashimoto 6a72ea61d5 vault: convert TokenStore to logical/framework 2015-03-31 12:48:19 -07:00
Mitchell Hashimoto c9acfa17cb vault: get rid of HangleLogin 2015-03-30 20:26:39 -07:00
Mitchell Hashimoto e9a3a34c27 vault: tests passing 2015-03-29 16:18:08 -07:00
Armon Dadgar 23864839bb vault: testing root privilege restrictions 2015-03-24 15:52:07 -07:00
Armon Dadgar b354f03cb2 vault: adding auth/token/lookup/ support 2015-03-24 15:39:33 -07:00
Armon Dadgar 4a4d1d3e45 vault: adding auth/token/revoke/ and auth/token/revoke-orphan/ 2015-03-24 15:30:09 -07:00
Armon Dadgar 26f05f7a20 vault: Passthrough of client token to token store 2015-03-24 15:12:52 -07:00
Armon Dadgar 6fd3cae2c2 vault: Adding auth/token/create endpoint 2015-03-24 15:10:46 -07:00
Armon Dadgar b5332404d1 vault: Allow providing token ID during creation 2015-03-24 14:22:50 -07:00
Armon Dadgar cd3ee5cc03 vault: Remove core reference 2015-03-23 17:29:36 -07:00
Armon Dadgar 3607eae208 vault: Adding method to generate root token 2015-03-23 17:16:37 -07:00
Armon Dadgar 56d99fe580 vault: token tracks generation path and meta data 2015-03-23 13:39:43 -07:00
Armon Dadgar 8cc88981d6 vault: token store is a credential implementation 2015-03-18 19:11:52 -07:00
Armon Dadgar 481a3a2a91 vault: testing token revocation 2015-03-18 13:50:36 -07:00
Armon Dadgar ded5dc71e9 vault: First pass token store 2015-03-18 13:19:19 -07:00