fa2ba47a5c
Merge branch 'master' into token-roles
2016-03-09 17:23:34 -05:00
f478cc57e0
fix all the broken tests
2016-03-09 13:45:36 -05:00
c4a2c5b56e
Added tests for 'sys/capabilities-accessor' endpoint
2016-03-09 11:29:09 -05:00
151c932875
AccessorID --> Accessor, accessor_id --> accessor
2016-03-09 06:23:31 -05:00
62777c9f7e
ErrUserInput --> StatusBadRequest
2016-03-08 21:47:24 -05:00
8117996378
Implemented /sys/capabilities-accessor and a way for setting HTTP error code in all the responses
2016-03-08 19:14:29 -05:00
2737c81b39
Lay the foundation for returning proper HTTP status codes
2016-03-08 18:27:03 -05:00
301776012f
Introduced AccessorID in TokenEntry and returning it along with token
2016-03-08 14:06:10 -05:00
08c40c9bba
Introduced ErrUserInput to distinguish user error from server error
2016-03-07 22:16:09 -05:00
3b463c2d4e
use errwrap to check the type of error message, fix typos
2016-03-07 18:36:26 -05:00
cc1f5207b3
Merge branch 'master' into token-roles
2016-03-07 10:03:54 -05:00
aab24113b0
test cases for capabilities endpoint
2016-03-05 00:03:55 -05:00
9946a2d8b5
refactoring changes due to acl.Capabilities
2016-03-04 18:55:48 -05:00
7fe871e60a
Removing the 'Message' field
2016-03-04 10:36:03 -05:00
b67ab8ab7c
Test files for capabilities endpoint
2016-03-04 10:36:03 -05:00
816f1f8631
self review rework
2016-03-04 10:36:03 -05:00
286e63a648
Handled root token use case
2016-03-04 10:36:03 -05:00
07f9486ecb
Added capabilities and capabilities-self endpoints to http muxer
2016-03-04 10:36:03 -05:00
a885f9e8d2
Refactor http/sys_capabilities.go
2016-03-04 10:36:03 -05:00
5749a6718c
Added sys/capabililties endpoint
2016-03-04 10:36:02 -05:00
3e7bca82a1
Merge pull request #1146 from hashicorp/step-down
...
Provide 'sys/step-down' and 'vault step-down'
2016-03-03 12:30:08 -05:00
6ed5d10580
Remove proxy function as it's unneeded now
2016-03-02 14:55:51 -05:00
9c47b8c0a7
Remove sys_policy from special handling as it's implemented in
...
logical_system too. Clean up the mux handlers.
2016-03-02 14:16:54 -05:00
7b4478faba
Add a sleep in the RedirectStandby test to try to fix raciness
2016-03-02 12:06:16 -05:00
df2e337e4c
Update tests to add expected role parameters
2016-03-01 12:41:40 -05:00
11ddd2290b
Provide 'sys/step-down' and 'vault step-down'
...
This endpoint causes the node it's hit to step down from active duty.
It's a noop if the node isn't active or not running in HA mode. The node
will wait one second before attempting to reacquire the lock, to give
other nodes a chance to grab it.
Fixes #1093
2016-02-26 19:43:55 -05:00
434962c632
We treat put/post the same, so allow init to use POST
2016-02-22 20:22:31 -05:00
76923aa28a
Add the server's time in UTC to the health response.
2016-02-22 19:51:18 -05:00
8510dbad05
Verify that nonces are non-empty in tests
2016-02-12 15:35:26 -05:00
5f5542cb91
Return status for rekey/root generation at init time. This mitigates a
...
(very unlikely) potential timing attack between init-ing and fetching
status.
Fixes #1054
2016-02-12 14:24:36 -05:00
ff3adce39e
Make "ttl" reflect the actual TTL of the token in lookup calls.
...
Add a new value "creation_ttl" which holds the value at creation time.
Fixes #986
2016-02-01 11:16:32 -05:00
88310ca538
Fix up unit tests to expect new values
2016-01-29 19:36:56 -05:00
7d1d003ba0
Update documentation and use ParseBool for list query param checking
2016-01-22 10:07:32 -05:00
455931873a
Address some review feedback
2016-01-22 10:07:32 -05:00
5341cb69cc
Updates and documentation
2016-01-22 10:07:32 -05:00
9042315973
Add handling of LIST verb to logical router
2016-01-22 10:07:32 -05:00
973c888833
RootGeneration->GenerateRoot
2016-01-19 18:28:10 -05:00
3b994dbc7f
Add the ability to generate root tokens via unseal keys.
2016-01-19 18:28:10 -05:00
386aa408b7
Remove need for PUT in rekey. We've decided that POST and PUT are to
...
stay as synonyms for writes, so there's no reason to limit it for this
operation.
2016-01-14 16:52:34 -05:00
4f4ddbf017
Create more granular ACL capabilities.
...
This commit splits ACL policies into more fine-grained capabilities.
This both drastically simplifies the checking code and makes it possible
to support needed workflows that are not possible with the previous
method. It is backwards compatible; policies containing a "policy"
string are simply converted to a set of capabilities matching previous
behavior.
Fixes #724 (and others).
2016-01-08 13:05:14 -05:00
f3ce90164f
WriteOperation -> UpdateOperation
2016-01-08 13:03:03 -05:00
455acc255b
Have 'sys/renew' return the value provided in Secret.
...
Fixes a regression introduced in 0.3.
2016-01-07 11:35:09 -05:00
a094eedce2
Add rekey nonce/backup.
2016-01-06 09:54:35 -05:00
f6ff39ffb0
Fix StandbyRedirect test
2015-12-17 13:58:16 -05:00
7ce8aff906
Address review feedback
2015-12-14 17:58:30 -05:00
ced0835574
Allow separate HA physical backend.
...
With no separate backend specified, HA will be attempted on the normal
physical backend.
Fixes #395 .
2015-12-14 07:59:58 -05:00
1c7157e632
Reintroduce the ability to look up obfuscated values in the audit log
...
with a new endpoint '/sys/audit-hash', which returns the given input
string hashed with the given audit backend's hash function and salt
(currently, always HMAC-SHA256 and a backend-specific salt).
In the process of adding the HTTP handler, this also removes the custom
HTTP handlers for the other audit endpoints, which were simply
forwarding to the logical system backend. This means that the various
audit functions will now redirect correctly from a standby to master.
(Tests all pass.)
Fixes #784
2015-11-18 20:26:03 -05:00
d6693129de
Create a "default" policy with sensible rules.
...
It is forced to be included with each token, but can be changed (but not
deleted).
Fixes #732
2015-11-09 15:44:09 -05:00
5783f547ab
Display whether a token is an orphan on lookup.
2015-11-09 13:19:59 -05:00
7aa3faa626
Rename core's 'policy' to 'policyStore' for clarification
2015-11-06 12:07:42 -05:00
Jeff Mitchell