Jeff Mitchell
a9b1d699d0
Make sys/wrapping/lookup unauthenticated. ( #3084 )
...
We still perform validation on the token, so if the call makes it
through to this endpoint it's got a valid token (either explicitly
specified in data or as the request token). But this allows
introspection for sanity/safety checking without revoking the token in
the process.
2017-07-31 16:16:16 -04:00
Jeff Mitchell
f3f4452334
Revert "Remove wrapping/wrap from default policy and add a note about guarantees ( #2957 )" ( #3008 )
...
This reverts commit b2d2459711d9cb7552daf1cc2330c07d31ef4f51.
2017-07-13 18:47:29 -04:00
Jeff Mitchell
2c6b7db279
Remove wrapping/wrap from default policy and add a note about guarantees ( #2957 )
2017-07-13 15:29:04 -07:00
Jeff Mitchell
7250b3d01e
Fix comment typo
2017-05-03 20:25:55 -04:00
Jeff Mitchell
b7128f53a8
Add sys/leases/lookup and sys/leases/renew to the default policy
2017-05-03 20:22:16 -04:00
Jeff Mitchell
f3bee3550c
Remove now-unnecessary stanza from default policy
2017-02-16 23:30:38 -05:00
Jeff Mitchell
494b4c844b
More porting from rep ( #2389 )
...
* More porting from rep
* Address feedback
2017-02-16 20:13:19 -05:00
Jeff Mitchell
9e5d1eaac9
Port some updates
2017-01-06 15:42:18 -05:00
Jeff Mitchell
b45a481365
Wrapping enhancements ( #1927 )
2016-09-28 21:01:28 -07:00
Jeff Mitchell
065da5fd69
Migrate default policy to a const
2016-08-08 18:33:31 -04:00
Jeff Mitchell
ab71b981ad
Add ability to specify renew lease ID in POST body.
2016-08-08 18:00:44 -04:00
Jeff Mitchell
796c93a8b0
Add sys/renew to default policy
2016-08-08 17:32:30 -04:00
Jeff Mitchell
ac62b18d56
Make `capabilities-self` part of the default policy.
...
Fixes #1695
2016-08-08 10:00:01 -04:00
Laura Bennett
eb75afe54d
minor edit for error statement
2016-07-25 13:29:57 -04:00
Laura Bennett
7e29cf1cae
edits based on comments in PR
2016-07-25 09:46:10 -04:00
Laura Bennett
395f052870
minor error correction
2016-07-24 22:35:54 -04:00
Laura Bennett
9ea1c8b801
initial commit for nonAssignablePolicies
2016-07-24 22:27:41 -04:00
Jeff Mitchell
9f6c5bc02a
cubbyhole-response-wrapping -> response-wrapping
2016-06-10 13:48:46 -04:00
Jeff Mitchell
c4431a7e30
Address most review feedback. Change responses to multierror to better return more useful values when there are multiple errors
2016-05-16 16:11:33 -04:00
Jeff Mitchell
c52d352332
Merge branch 'master-oss' into cubbyhole-the-world
2016-05-07 16:40:04 -04:00
Jeff Mitchell
6f7409bb49
Slightly nicer check for LRU in policy store
2016-05-02 22:36:44 -04:00
Jeff Mitchell
fe1f56de40
Make a non-caching but still locking variant of transit for when caches are disabled
2016-05-02 22:36:44 -04:00
Jeff Mitchell
8572190b64
Plumb disabling caches through the policy store
2016-05-02 22:36:44 -04:00
Jeff Mitchell
aba689a877
Add wrapping through core and change to use TTL instead of Duration.
2016-05-02 00:47:35 -04:00
Jeff Mitchell
1394555a4d
Add listing of cubbyhole's root to the default policy.
...
This allows `vault list cubbyhole` to behave as expected rather than
requiring `vault list cubbyhole/`. It could be special cased in logic,
but it also serves as a model for the same behavior in e.g. `generic`
mounts where special casing is not possible due to unforeseen mount
paths.
2016-02-03 13:50:47 -05:00
Jeff Mitchell
b830e29449
Use capabilities rather than policies in default policy. Also add cubbyhole to it.
2016-01-16 18:02:31 -05:00
Jeff Mitchell
2412c078ac
Also convert policy store cache to 2q.
...
Ping #908
2016-01-07 09:26:08 -05:00
Jeff Mitchell
d6693129de
Create a "default" policy with sensible rules.
...
It is forced to be included with each token, but can be changed (but not
deleted).
Fixes #732
2015-11-09 15:44:09 -05:00
Jeff Mitchell
7aa3faa626
Rename core's 'policy' to 'policyStore' for clarification
2015-11-06 12:07:42 -05:00
Jeff Mitchell
c460ff10ca
Push a lot of logic into Router to make a bunch of it nicer and enable a
...
lot of cleanup. Plumb config and calls to framework.Backend.Setup() into
logical_system and elsewhere, including tests.
2015-09-10 15:09:54 -04:00
Armon Dadgar
03be7a5999
vault: upgrade old policies with implicit glob
2015-07-05 19:14:15 -06:00
Armon Dadgar
512b3d7afd
vault: Adding metrics profiling
2015-04-08 16:43:17 -07:00
Armon Dadgar
a8d4319ad5
vault: Update LRU on GetPolicy
2015-04-06 16:43:05 -07:00
Armon Dadgar
f022ec97c4
vault: Adding policy LRU cache
2015-04-06 16:41:48 -07:00
Armon Dadgar
28bc849fd9
vault: Attach policy name if missing
2015-04-01 17:45:00 -07:00
Armon Dadgar
43a99aec93
vault: Special case root policy
2015-03-24 11:27:21 -07:00
Armon Dadgar
6e22ca50eb
vault: integrate policy and token store into core
2015-03-18 14:00:42 -07:00
Armon Dadgar
51ce336753
vault: Adding PolicyStore
2015-03-18 12:17:03 -07:00