Commit graph

881 commits

Author SHA1 Message Date
Jeff Mitchell bdcfe05517 Clustering enhancements (#1747) 2016-08-19 11:03:53 -04:00
vishalnayak 87c42a796b s/advertisement/redirect 2016-08-19 10:52:14 -04:00
Jeff Mitchell 01702415c2 Ensure we don't use a token entry period of 0 in role comparisons.
When we added support for generating periodic tokens for root/sudo in
auth/token/create we used the token entry's period value to store the
shortest period found to eventually populate the TTL. The problem was
that we then assumed later that this value would be populated for
periodic tokens, when it wouldn't have been in the upgrade case.

Instead, use a temp var to store the proper value to use; populate
te.Period only if actually given; and check that it's not zero before
comparing against role value during renew.
2016-08-16 16:47:46 -04:00
Jeff Mitchell c1aa89363a Make time logic a bit clearer 2016-08-16 16:29:07 -04:00
Jeff Mitchell 02d9702fbd Add local into handler path for forwarded requests 2016-08-16 11:46:37 -04:00
Jeff Mitchell 62c69f8e19 Provide base64 keys in addition to hex encoded. (#1734)
* Provide base64 keys in addition to hex encoded.

Accept these at unseal/rekey time.

Also fix a bug where backup would not be honored when doing a rekey with
no operation currently ongoing.
2016-08-15 16:01:15 -04:00
Jeff Mitchell 37320f8798 Request forwarding (#1721)
Add request forwarding.
2016-08-15 09:42:42 -04:00
Jeff Mitchell 40ece8fd7c Add another test and fix some output 2016-08-14 07:17:14 -04:00
Jeff Mitchell b6ef112382 Minor wording change 2016-08-13 15:45:13 -04:00
Jeff Mitchell cdea4b3445 Add some tests and fix some bugs 2016-08-13 14:03:22 -04:00
Jeff Mitchell de60702d76 Don't check the role period again as we've checked it earlier and it may be greater than the te Period 2016-08-13 13:21:56 -04:00
Jeff Mitchell bcb4ab5422 Add periodic support for root/sudo tokens to auth/token/create 2016-08-12 21:14:12 -04:00
Jeff Mitchell c1a46349fa Change to keybase openpgp fork as it has important fixes 2016-08-11 08:31:43 -04:00
vishalnayak 3895ea4c2b Address review feedback from @jefferai 2016-08-10 15:22:12 -04:00
vishalnayak 95f9c62523 Fix Cluster object being returned as nil when unsealed 2016-08-10 15:09:16 -04:00
Jeff Mitchell 0f40fba40d Don't allow a root token that expires to create one that doesn't 2016-08-09 20:32:40 -04:00
vishalnayak b5d55a9f47 Fix broken mount_test 2016-08-09 12:06:59 -04:00
Jeff Mitchell 4246ab1220 Change local cluster info path 2016-08-09 11:28:42 -04:00
Vishal Nayak c27a52069c Merge pull request #1693 from hashicorp/mount-table-compress
Added utilities to compress the JSON encoded string.
2016-08-09 11:23:14 -04:00
Jeff Mitchell cc10fd7a7e Use config file cluster name after automatic gen 2016-08-09 11:03:50 -04:00
vishalnayak b43cc03f0e Address review feedback from @jefferai 2016-08-09 10:47:55 -04:00
Jeff Mitchell 94c9fc3b49 Minor test fix 2016-08-09 07:13:29 -04:00
vishalnayak 78d57520fb Refactoring and test fixes 2016-08-09 03:43:03 -04:00
vishalnayak 5866cee5b4 Added utilities to compress the data 2016-08-09 00:50:19 -04:00
Jeff Mitchell d2124486ef Merge pull request #1702 from hashicorp/renew-post-body
Add ability to specify renew lease ID in POST body.
2016-08-08 20:01:25 -04:00
Jeff Mitchell c86fd0353c urllease_id -> url_lease_id 2016-08-08 18:34:00 -04:00
Jeff Mitchell 065da5fd69 Migrate default policy to a const 2016-08-08 18:33:31 -04:00
Jeff Mitchell 5a48611a62 Add test for both paths in backend 2016-08-08 18:32:18 -04:00
Jeff Mitchell 56b7f595aa Fix parsing optional URL param 2016-08-08 18:08:25 -04:00
Jeff Mitchell ab71b981ad Add ability to specify renew lease ID in POST body. 2016-08-08 18:00:44 -04:00
Jeff Mitchell 13b7d37a0b Remove change to naming return values 2016-08-08 17:56:14 -04:00
Jeff Mitchell a583f8a3f8 Use policyutil sanitizing 2016-08-08 17:42:25 -04:00
Jeff Mitchell 4f0310ed96 Don't allow root from authentication backends either.
We've disabled this in the token store, but it makes no sense to have
that disabled but have it enabled elsewhere. It's the same issue across
all, so simply remove the ability altogether.
2016-08-08 17:32:37 -04:00
Jeff Mitchell 796c93a8b0 Add sys/renew to default policy 2016-08-08 17:32:30 -04:00
Jeff Mitchell d7f6218869 Move checking non-assignable policies above the actual token creation 2016-08-08 16:44:29 -04:00
Laura Bennett da615642f5 Merge pull request #1687 from hashicorp/token-store-update
Minor update to token-store
2016-08-08 10:25:05 -04:00
Jeff Mitchell ac62b18d56 Make capabilities-self part of the default policy.
Fixes #1695
2016-08-08 10:00:01 -04:00
vishalnayak e783bfe7e1 Minor changes to test cases 2016-08-05 20:22:07 -04:00
vishalnayak 5ddd1c7223 Fix broken test case 2016-08-05 20:07:18 -04:00
Laura Bennett 02911c0e01 full updates based on feedback 2016-08-05 18:57:35 -04:00
Laura Bennett 52623a2395 test updates based on feedback 2016-08-05 18:56:22 -04:00
Laura Bennett 405eb0075a fix an error, tests still broken 2016-08-05 17:58:48 -04:00
Jeff Mitchell 82b3d136e6 Don't mark never-expiring root tokens as renewable 2016-08-05 11:15:25 -04:00
Laura Bennett 68d351c70c addresses feedback, but tests broken 2016-08-05 10:04:02 -04:00
Jeff Mitchell 4b2b5363d4 Switch some errors that ought to be 500 to 500 2016-08-04 09:11:24 -04:00
Laura Bennett c626277632 initial commit for minor update to token-store 2016-08-03 14:32:17 -04:00
Jeff Mitchell a7ed50dbc8 coreClusterPath -> coreLocalClusterPath 2016-08-03 09:50:21 -04:00
Vishal Nayak 0b2098de2f Merge pull request #1681 from hashicorp/disallowed-policies
Support disallowed_policies in token roles
2016-08-02 17:32:53 -04:00
vishalnayak e7cb3fd990 Addressed review feedback 2016-08-02 16:53:06 -04:00
vishalnayak 4f45910dfc disallowed_policies doc update 2016-08-02 16:33:22 -04:00
vishalnayak 9947b33498 Added tests for disallowed_policies 2016-08-02 15:21:15 -04:00
Jeff Mitchell 31b36fe2c2 Use duration helper to allow not specifying duration units 2016-08-02 15:12:45 -04:00
vishalnayak a936914101 Address review feedback and fix existing tests 2016-08-02 14:10:20 -04:00
vishalnayak a0c711d0cf Added disallowed_policies to token roles 2016-08-02 10:33:50 -04:00
Jeff Mitchell 357f2d972f Add some extra safety checking in accessor listing and update website
docs.
2016-08-01 13:12:06 -04:00
Jeff Mitchell 6546005487 Fix typo 2016-07-29 23:24:04 -04:00
Jeff Mitchell e606aab6e0 oops, fix createAccessor 2016-07-29 18:23:55 -04:00
Jeff Mitchell 23ab63c78e Add accessor list function to token store 2016-07-29 18:20:38 -04:00
vishalnayak cff7aada7a Fix invalid input getting marked as internal error 2016-07-28 16:23:11 -04:00
Laura Bennett 4d9c909ae4 Merge pull request #1650 from hashicorp/request-uuid
Added unique identifier to each request. Closes hashicorp/vault#1617
2016-07-27 09:40:48 -04:00
vishalnayak c17534d527 Fix request_id test failures 2016-07-26 18:30:13 -04:00
Laura Bennett fb1b032040 fixing id in buildLogicalRequest 2016-07-26 15:50:37 -04:00
Vishal Nayak c7bcaa5bb6 Merge pull request #1655 from hashicorp/cluster-id
Vault cluster name and ID
2016-07-26 14:12:48 -04:00
vishalnayak 669bbdfa48 Address review feedback from @jefferai 2016-07-26 14:05:27 -04:00
Laura Bennett ad66bd7502 fixes based proper interpretation of comments 2016-07-26 12:20:27 -04:00
vishalnayak a3e6400697 Remove global name/id. Make only cluster name configurable. 2016-07-26 10:01:35 -04:00
vishalnayak a6907769b0 AppRole authentication backend 2016-07-26 09:32:41 -04:00
vishalnayak 09d362d973 As it is 2016-07-26 09:18:38 -04:00
vishalnayak c7dabe4def Storing local and global cluster name/id to storage and returning them in health status 2016-07-26 02:32:42 -04:00
Laura Bennett 06b1835469 Merge pull request #1649 from hashicorp/internal-policy-block
Closes hashicorp/vault#1618
2016-07-25 17:41:48 -04:00
Laura Bennett ae8a90be30 adding ids 2016-07-25 16:54:43 -04:00
Jeff Mitchell e26487ced5 Add test for non-assignable policies 2016-07-25 16:00:18 -04:00
Laura Bennett 8d52a96df5 moving id to http/logical 2016-07-25 15:24:10 -04:00
Jeff Mitchell d2cbe48aaf Use RFC3339Nano for better precision 2016-07-25 14:11:57 -04:00
Laura Bennett eb75afe54d minor edit for error statement 2016-07-25 13:29:57 -04:00
Laura Bennett 9ef3d90349 still fixing git mistake 2016-07-25 10:11:51 -04:00
Laura Bennett cc668b5c48 Fixing git mistake 2016-07-25 09:57:47 -04:00
Laura Bennett 7e29cf1cae edits based on comments in PR 2016-07-25 09:46:10 -04:00
Laura Bennett 395f052870 minor error correction 2016-07-24 22:35:54 -04:00
Laura Bennett 9ea1c8b801 initial commit for nonAssignablePolicies 2016-07-24 22:27:41 -04:00
Laura Bennett 4945198334 reverting branch mistake 2016-07-24 21:56:52 -04:00
Laura Bennett 483e796177 website update for request uuuid 2016-07-24 21:23:12 -04:00
Laura Bennett c63cdc23a1 Merge branch 'master' of https://github.com/hashicorp/vault into request-uuid 2016-07-23 21:47:08 -04:00
Laura Bennett e5737b6789 initial local commit 2016-07-23 21:46:28 -04:00
Jeff Mitchell 4ab60f36a3 Rename err var to be more clear 2016-07-22 16:57:47 -04:00
vishalnayak 331f229858 Added a cap of 256 for CreateLocks utility 2016-07-20 04:48:35 -04:00
vishalnayak 50e8a189e9 Added helper to create locks 2016-07-19 21:37:28 -04:00
Jeff Mitchell 80a688c059 Ensure mount/auth tables are not nil when triggering rollback
During setup or teardown there could be a race condition so check for it
to avoid a potential panic.
2016-07-18 22:02:39 -04:00
Jeff Mitchell df621911d7 Merge pull request #1624 from hashicorp/dynamodb-ha-off-default
Turn off DynamoDB HA by default.
2016-07-18 13:54:26 -04:00
Jeff Mitchell 028d024345 Add metrics around leadership
This can be helpful for detecting flapping.

Fixes #1544
2016-07-18 13:38:44 -04:00
Jeff Mitchell a3ce0dcb0c Turn off DynamoDB HA by default.
The semantics are wonky and have caused issues from people not reading
docs. It can be enabled but by default is off.
2016-07-18 13:19:58 -04:00
vishalnayak c14235b206 Merge branch 'master-oss' into json-use-number
Conflicts:
	http/handler.go
	logical/framework/field_data.go
	logical/framework/wal.go
	vault/logical_passthrough.go
2016-07-15 19:21:55 -04:00
Vishal Nayak 9f1e6c7b26 Merge pull request #1607 from hashicorp/standardize-time
Remove redundant invocations of UTC() call on `time.Time` objects
2016-07-13 10:19:23 -06:00
vishalnayak 8269f323d3 Revert 'risky' changes 2016-07-12 16:38:07 -04:00
Jeff Mitchell 5b210b2a1f Return a duration instead and port a few other places to use it 2016-07-11 18:19:35 +00:00
Jeff Mitchell ab6c2bc5e8 Factor out parsing duration second type and use it for parsing tune values too 2016-07-11 17:53:39 +00:00
vishalnayak fcb0b580ab Fix broken build 2016-07-08 23:16:58 -04:00
vishalnayak 55a667b8cd Fix broken build 2016-07-08 20:30:27 -04:00
vishalnayak dc690d6233 Place error check before the response check in expiration test 2016-07-08 19:01:36 -04:00
vishalnayak e09b40e155 Remove Unix() invocations on 'time.Time' objects and removed conversion of time to UTC 2016-07-08 18:30:18 -04:00