Chris Hoffman
2002543245
Switching atomic vars to int32 to address panic on some architectures ( #3314 )
2017-09-11 11:17:22 -04:00
Chris Hoffman
71952b7738
ExpirationManager restoration to load in the background ( #3260 )
2017-09-05 11:09:00 -04:00
Brian Kassouf
b04e0a7a2a
Dynamically load and invalidate the token store salt ( #3021 )
...
* Dynaically load and invalidate the token store salt
* Pass salt function into the router
2017-07-18 09:02:03 -07:00
Jeff Mitchell
c414a525d2
Fix panic when attempting to renew auth token via sys/leases/renew ( #2901 )
...
This could occur when using the lease ID; this is unsupported but wasn't
checking for the existence of a secret in the lease.
2017-06-21 16:00:39 +01:00
Jeff Mitchell
858deb9ca4
Don't allow parent references in file paths
2017-05-12 13:52:33 -04:00
Jeff Mitchell
b482043de1
Update debugging around tidy
2017-05-05 10:48:12 -04:00
Jeff Mitchell
91e790867f
Address feedback
2017-05-05 10:26:40 -04:00
Jeff Mitchell
b568ea751b
Move client token check in exp register to top
2017-05-04 12:45:57 -04:00
Jeff Mitchell
abd63096f8
Update comments
2017-05-04 12:44:31 -04:00
vishalnayak
1a02f9be11
Fix up the tests
2017-05-04 12:41:15 -04:00
vishalnayak
5683430cb7
Update Tidy function comment
2017-05-04 12:11:00 -04:00
Jeff Mitchell
d74b1b284a
Update commenting
2017-05-04 11:54:57 -04:00
Jeff Mitchell
f8295a301d
Merge branch 'master-oss' into sys-tidy-leases
2017-05-04 09:37:52 -04:00
Chris Hoffman
3d9cf89ad6
Add the ability to view and list of leases metadata ( #2650 )
2017-05-03 22:03:42 -04:00
Jeff Mitchell
3b95e751c0
Add more cleanup if a lease fails to register and revoke tokens if registerauth fails
2017-05-03 14:29:57 -04:00
Jeff Mitchell
596ad2c8f7
Adhere to tainted status in salted accessor lookup
2017-05-03 12:36:10 -04:00
Jeff Mitchell
5f18b1605a
Two things:
...
1) Ensure that if we fail to generate a lease for a secret we attempt to revoke it
2) Ensure that any lease that is registered should never have a blank token
In theory, number 2 will let us a) find places where this *is* the case, and b) if errors are encountered when revoking tokens due to a blank client token, it suggests that the client token values are being stripped somewhere along the way, which is also instructive.
2017-05-03 12:17:09 -04:00
vishalnayak
dd898ed2e1
Added summary logs to help better understand the consequence
2017-05-03 10:54:07 -04:00
vishalnayak
875658531b
Do not duplicate log lines for invalid leases
2017-05-02 17:56:15 -04:00
vishalnayak
5f70576715
Added steps to check if invalid token is properly cleaned up
2017-05-02 17:11:35 -04:00
vishalnayak
68635e8a1c
Skip checking the validity of an empty client token
2017-05-02 16:53:41 -04:00
vishalnayak
72d05cd8dd
Refactor locking code in lease tidy; add ending debug statements
2017-04-27 16:22:19 -04:00
vishalnayak
d8e91ef616
refactor lock handling in token tidy function
2017-04-27 13:48:29 -04:00
vishalnayak
ac8aae36fe
Distinguish valid and invalid tokens using bool value in cache
2017-04-27 11:31:42 -04:00
vishalnayak
749ec4fab1
Some more logging updates
2017-04-27 11:20:55 -04:00
vishalnayak
e64ba93d54
Cache only valid tokens
2017-04-27 11:08:11 -04:00
vishalnayak
d256248095
Fix logging suggestions; put the policyStore nil check back in
2017-04-27 10:56:19 -04:00
vishalnayak
3fd019574d
Fix logging levels
2017-04-26 17:29:04 -04:00
vishalnayak
7c3e20e9c5
Fix the log statements
2017-04-26 17:17:19 -04:00
vishalnayak
671353810b
Added caching of looked up tokens
2017-04-26 16:54:48 -04:00
vishalnayak
9025ef16e4
Added logger to token store and logs to tidy function
2017-04-26 16:11:23 -04:00
vishalnayak
27dd95156d
Revoke lease that has empty token; added logs
2017-04-26 15:48:28 -04:00
vishalnayak
b939d049e4
Added atomic lock to ensure a single tidy operation is in progress
2017-04-26 15:07:58 -04:00
vishalnayak
3522b67e14
Added sys/tidy-leases endpoint
2017-03-07 15:50:17 -05:00
Brian Kassouf
13ec9c5dbf
Load leases into the expiration manager in parallel ( #2370 )
...
* Add a benchmark for exiration.Restore
* Add benchmarks for consul Restore functions
* Add a parallel version of expiration.Restore
* remove debug code
* Up the MaxIdleConnsPerHost
* Add tests for etcd
* Return errors and ensure go routines are exited
* Refactor inmem benchmark
* Add s3 bench and refactor a bit
* Few tweaks
* Fix race with waitgroup.Add()
* Fix waitgroup race condition
* Move wait above the info log
* Add helper/consts package to store consts that are needed in cyclic packages
* Remove not used benchmarks
2017-02-16 10:16:06 -08:00
Jeff Mitchell
ddc977ba52
Add debug ( #2341 )
2017-02-06 18:30:13 -05:00
Jeff Mitchell
2c8d18ad8d
Attempt to fix expiration test again
2017-01-24 11:17:48 -05:00
Jeff Mitchell
b0f741d4a1
Add some extra lease debugging to try to figure out Travis timezone issue
2017-01-24 10:48:11 -05:00
Jeff Mitchell
9e5d1eaac9
Port some updates
2017-01-06 15:42:18 -05:00
Vishal Nayak
ba026aeaa1
TokenStore: Added tidy endpoint ( #2192 )
2016-12-16 15:29:27 -05:00
Jeff Mitchell
f6044764c0
Fix revocation of leases when num_uses goes to 0 ( #2190 )
2016-12-16 13:11:55 -05:00
Jeff Mitchell
f0203741ff
Change default TTL from 30 to 32 to accommodate monthly operations ( #1942 )
2016-09-28 18:32:49 -04:00
Jeff Mitchell
58b32e5432
Convert to logxi
2016-08-21 18:13:37 -04:00
vishalnayak
c14235b206
Merge branch 'master-oss' into json-use-number
...
Conflicts:
http/handler.go
logical/framework/field_data.go
logical/framework/wal.go
vault/logical_passthrough.go
2016-07-15 19:21:55 -04:00
Vishal Nayak
9f1e6c7b26
Merge pull request #1607 from hashicorp/standardize-time
...
Remove redundant invocations of UTC() call on `time.Time` objects
2016-07-13 10:19:23 -06:00
vishalnayak
e09b40e155
Remove Unix() invocations on 'time.Time' objects and removed conversion of time to UTC
2016-07-08 18:30:18 -04:00
Jeff Mitchell
7023eafc67
Make the API client retry on 5xx errors.
...
This should help with transient issues. Full control over min/max delays
and number of retries (and ability to turn off) is provided in the API
and via env vars.
Fix tests.
2016-07-06 16:50:23 -04:00
vishalnayak
ad7cb2c8f1
Added JSON Decode and Encode helpers.
...
Changed all the occurances of Unmarshal to use the helpers.
Fixed http/ package tests.
2016-07-06 12:25:40 -04:00
Jeff Mitchell
bb1e8ddaa2
Make token renewable status work properly on lookup
2016-06-08 09:19:39 -04:00
vishalnayak
70b8530962
Fix the consul secret backends renewal revocation problem
2016-05-25 23:24:16 -04:00