Jeff Mitchell
3129187dc2
JWT wrapping tokens ( #2172 )
2017-01-04 16:44:03 -05:00
Jeff Mitchell
6c1d2ffea9
Allow wrapping to be specified by backends, and take the lesser of the request/response times ( #2088 )
2016-11-11 15:12:11 -05:00
Jeff Mitchell
4a505bfa3e
Update text around cubbyhole/response
2016-09-29 17:44:15 -04:00
Jeff Mitchell
5657789627
Audit unwrapped response ( #1950 )
2016-09-29 12:03:47 -07:00
Jeff Mitchell
b45a481365
Wrapping enhancements ( #1927 )
2016-09-28 21:01:28 -07:00
Jeff Mitchell
1c6f2fd82b
Add response wrapping to list operations ( #1814 )
2016-09-02 01:13:14 -04:00
Jeff Mitchell
58b32e5432
Convert to logxi
2016-08-21 18:13:37 -04:00
Jeff Mitchell
d2124486ef
Merge pull request #1702 from hashicorp/renew-post-body
...
Add ability to specify renew lease ID in POST body.
2016-08-08 20:01:25 -04:00
Jeff Mitchell
ab71b981ad
Add ability to specify renew lease ID in POST body.
2016-08-08 18:00:44 -04:00
Jeff Mitchell
13b7d37a0b
Remove change to naming return values
2016-08-08 17:56:14 -04:00
Jeff Mitchell
a583f8a3f8
Use policyutil sanitizing
2016-08-08 17:42:25 -04:00
Jeff Mitchell
4f0310ed96
Don't allow root from authentication backends either.
...
We've disabled this in the token store, but it makes no sense to have
that disabled but have it enabled elsewhere. It's the same issue across
all, so simply remove the ability altogether.
2016-08-08 17:32:37 -04:00
Laura Bennett
ad66bd7502
fixes based proper interpretation of comments
2016-07-26 12:20:27 -04:00
Laura Bennett
ae8a90be30
adding ids
2016-07-25 16:54:43 -04:00
Laura Bennett
8d52a96df5
moving id to http/logical
2016-07-25 15:24:10 -04:00
Laura Bennett
c63cdc23a1
Merge branch 'master' of https://github.com/hashicorp/vault into request-uuid
2016-07-23 21:47:08 -04:00
Laura Bennett
e5737b6789
initial local commit
2016-07-23 21:46:28 -04:00
Jeff Mitchell
4ab60f36a3
Rename err var to be more clear
2016-07-22 16:57:47 -04:00
Jeff Mitchell
b6ca7e9423
Add response wrapping support to login endpoints.
...
Fixes #1587
2016-07-05 11:46:21 -04:00
Jeff Mitchell
368a17e978
Add some commenting
2016-06-14 05:54:09 +00:00
Jeff Mitchell
e925987cb6
Add token accessor to wrap information if one exists
2016-06-13 23:58:17 +00:00
Jeff Mitchell
9f6c5bc02a
cubbyhole-response-wrapping -> response-wrapping
2016-06-10 13:48:46 -04:00
Jeff Mitchell
10b218d292
Use time.Time which does RFC3339 across the wire to handle time zones. Arguably we should change the API to always do this...
2016-06-07 16:01:09 -04:00
Jeff Mitchell
401456ea50
Add creation time to returned wrapped token info
...
This makes it easier to understand the expected lifetime without a
lookup call that uses the single use left on the token.
This also adds a couple of safety checks and for JSON uses int, rather
than int64, for the TTL for the wrapped token.
2016-06-07 15:00:35 -04:00
Jeff Mitchell
0da8762bd5
Add unwrap command, and change how the response is embedded (as a string, not an object)
2016-05-19 11:25:15 -04:00
Jeff Mitchell
2e6ac4c37a
Remove wrap specs from backend response
2016-05-19 03:06:09 +00:00
Jeff Mitchell
c4431a7e30
Address most review feedback. Change responses to multierror to better return more useful values when there are multiple errors
2016-05-16 16:11:33 -04:00
Jeff Mitchell
2295cadbf4
Make WrapInfo a pointer to match secret/auth in response
2016-05-07 19:17:51 -04:00
Jeff Mitchell
c5085bc79f
Merge response fix over from mfatw
2016-05-07 16:41:24 -04:00
Jeff Mitchell
09f06554cb
Address some review feedback
2016-05-04 16:03:53 -04:00
Jeff Mitchell
2ebe49d3a1
Change UseToken mechanics.
...
Add locking around UseToken and Lookup. Have UseToken flag an entry that
needs to be revoked so that it can be done at the appropriate time, but
so that Lookup in the interm doesn't return a value.
The locking is a map of 4096 locks keyed off of the first three
characters of the token ID which should provide good distribution.
2016-05-02 03:44:24 -04:00
Jeff Mitchell
1ffd5653c6
Add wrap support to API/CLI
2016-05-02 02:03:23 -04:00
Jeff Mitchell
aba689a877
Add wrapping through core and change to use TTL instead of Duration.
2016-05-02 00:47:35 -04:00