Commit graph

1893 commits

Author SHA1 Message Date
Jeff Mitchell 29c722dbb6 Enhance SSH backend documentation; remove getting of stored keys and have TTLs honor backends systemview values 2015-09-21 16:14:30 -04:00
Jeff Mitchell 3eb38d19ba Update transit backend documentation, and also return the min decryption
value in a read operation on the key.
2015-09-21 16:13:43 -04:00
Jeff Mitchell ca33cd8423 Add API endpoint documentation to cubbyhole 2015-09-21 16:13:36 -04:00
Jeff Mitchell 273f13fb41 Add API endpoint documentation to generic 2015-09-21 16:13:29 -04:00
Vishal Nayak d526c8ce1c Merge pull request #629 from hashicorp/token-create-sudo
TokenStore: Provide access based on sudo permissions and not policy name
2015-09-21 10:12:29 -04:00
vishalnayak 1a01ab3608 Take ClientToken instead of Policies 2015-09-21 10:04:03 -04:00
Jeff Mitchell ab7d35b95e Fix up per-backend timing logic; also fix error in TypeDurationSecond in
GetOkErr.
2015-09-21 09:55:03 -04:00
Jeff Mitchell 59ba17c601 Add clarity to the lease concepts document. 2015-09-21 08:56:26 -04:00
Jeff Mitchell 5172965850 Merge pull request #630 from hashicorp/barrier-pathing
Bump AESGCM version; include path in the GCM tags.
2015-09-21 08:39:30 -04:00
Jeff Mitchell 455b6dafdc Merge pull request #632 from hashicorp/sethvargo/faster_deploy
Use a faster middleman deploy
2015-09-20 14:36:40 -04:00
Seth Vargo 92e3c02f06 Use a faster middleman deploy 2015-09-20 14:09:35 -04:00
vishalnayak 3b51ee1c48 Using core's logger 2015-09-19 19:01:36 -04:00
vishalnayak 02485e7175 Abstraced SudoPrivilege to take list of policies 2015-09-19 18:23:44 -04:00
vishalnayak a2799b235e Using acl.RootPrivilege and rewrote mockTokenStore 2015-09-19 17:53:24 -04:00
Jeff Mitchell c5ddfbc391 Bump AESGCM version; include path in the GCM tags. 2015-09-19 17:04:37 -04:00
vishalnayak b6d47dd784 fix broken tests 2015-09-19 12:33:52 -04:00
Jeff Mitchell 68c268a6f0 Allow tuning of auth mounts, to set per-mount default/max lease times 2015-09-19 11:50:50 -04:00
Jeff Mitchell bf8a1e2b71 Merge pull request #627 from hashicorp/enhance-audit-security
Enhance audit security with hmac-sha256 on secrets
2015-09-19 11:30:30 -04:00
Jeff Mitchell c8a0eda224 Use hmac-sha256 for protecting secrets in audit entries 2015-09-19 11:29:31 -04:00
vishalnayak fb77ec3623 TokenStore: Provide access based on sudo permissions and not policy name 2015-09-19 11:14:51 -04:00
Jeff Mitchell 8d71601221 Changes to salt to clean up HMAC stuff. 2015-09-18 18:13:10 -04:00
Jeff Mitchell 5dde76fa1c Expand HMAC support in Salt; require an identifier be passed in to specify type but allow generation with and without. Add a StaticSalt ID for testing functions. Fix bugs; unit tests pass. 2015-09-18 17:38:30 -04:00
Jeff Mitchell b655f6b858 Add HMAC capability to salt. Pass a salt into audit backends. Require it for audit.Hash. 2015-09-18 17:38:22 -04:00
Jeff Mitchell d775445efe Store token creation time and TTL. This can be used to properly populate
fields in 'lookup-self'. Importantly, this also makes credential
backends use the SystemView per-backend TTL values and fixes unit tests
to expect this.

Fully fixes #527
2015-09-18 16:39:35 -04:00
Jeff Mitchell 61e331200c Merge pull request #626 from hashicorp/f-transit-enhancements
Enhancements to the transit backend
2015-09-18 14:48:24 -04:00
Jeff Mitchell 01ee6c4fe1 Move no_plaintext to two separate paths for datakey. 2015-09-18 14:41:05 -04:00
Jeff Mitchell 448249108c Add datakey generation to transit.
Can specify 128 bits (defaults to 256) and control whether or not
plaintext is returned (default true).

Unit tests for all of the new functionality.
2015-09-18 14:41:05 -04:00
Jeff Mitchell 61398f1b01 Remove enable/disable and make deletion_allowed a configurable property. On read, return the version and creation time of each key 2015-09-18 14:41:05 -04:00
Jeff Mitchell 801e531364 Enhance transit backend:
* Remove raw endpoint from transit
* Add multi-key structure
* Add enable, disable, rewrap, and rotate functionality
* Upgrade functionality, and record creation time of keys in metadata. Add flag in config function to control the minimum decryption version, and enforce that in the decrypt function
* Unit tests for everything
2015-09-18 14:41:05 -04:00
Jeff Mitchell 9c5dcac90c Make TLS backend honor SystemView default values. Expose lease TTLs on read. Make auth command show lease TTL if one exists. Addresses most of #527 2015-09-18 14:01:28 -04:00
Vishal Nayak e27b824dcb Merge pull request #623 from hashicorp/userpass-renewal
Vault userpass: Enable renewals for login tokens
2015-09-17 16:41:09 -04:00
vishalnayak 1f53376ae6 Userpass Bk: Added tests for TTL duration verifications 2015-09-17 16:33:26 -04:00
vishalnayak a2e88414f5 Throw error if system view boundaries are violated 2015-09-17 15:47:36 -04:00
vishalnayak 4332eb9d05 Vault userpass: Enable renewals for login tokens 2015-09-17 14:35:50 -04:00
Jeff Mitchell 8f79e8be82 Add revoke-self endpoint.
Fixes #620.
2015-09-17 13:22:30 -04:00
Vishal Nayak 5b6d6bf79a Merge pull request #624 from hashicorp/vault-i583
CLI: Avoiding CR when printing specific fields
2015-09-17 11:47:51 -04:00
vishalnayak fdf05e8ead Adding type checking to ensure only BasicUi is affected 2015-09-17 11:37:21 -04:00
vishalnayak 7f640c4374 Error on violating SysView boundaries 2015-09-17 11:24:46 -04:00
vishalnayak e885dff580 CLI: Avoiding CR when printing specific fields 2015-09-17 10:05:56 -04:00
Jeff Mitchell 91bcf83e5f Merge pull request #606 from tsilen/renew-etcd-semaphore-key
Renew the semaphore key periodically
2015-09-17 10:00:06 -04:00
vishalnayak 6a4089b2a8 Vault userpass: Enable renewals for login tokens 2015-09-16 23:55:35 -04:00
Jeff Mitchell b08f6e5540 Merge pull request #622 from Poohblah/log-level-help
improve documentation for available log levels
2015-09-16 15:15:36 -04:00
hendrenj 0532682816 improve documentation for available log levels 2015-09-16 11:01:33 -06:00
Jeff Mitchell 047ba90a44 Restrict orphan revocation to root tokens 2015-09-16 09:22:15 -04:00
Seth Vargo 5c363a1bd3 Merge pull request #621 from jklein/patch-1
Grammar fix
2015-09-15 20:54:24 +01:00
Jonathan Klein dff6e468f9 Grammar fix 2015-09-15 15:53:27 -04:00
Jeff Mitchell 461609b754 Merge pull request #612 from hashicorp/f-cubby
Implement the cubbyhole backend
2015-09-15 14:04:07 -04:00
Jeff Mitchell e7d5a18e94 Directly pass the cubbyhole backend to the token store and bypass logic in router 2015-09-15 13:50:37 -04:00
Jeff Mitchell 849b78daee Move more cubby logic outside of router into auth setup 2015-09-15 13:50:37 -04:00
Jeff Mitchell bdb8cf128d Cleanup; remove everything but double-salting from the router and give
the token store cubby backend information for direct calling.
2015-09-15 13:50:37 -04:00