Brian Kassouf
2f19de0305
Add context to storage backends and wire it through a lot of places ( #3817 )
2018-01-19 01:44:44 -05:00
Calvin Leung Huang
bffaf9b0c3
Remove vlogger, add log.Logger to PolicyStore struct ( #3813 )
2018-01-18 01:01:51 -05:00
Jeff Mitchell
88313f0398
Update replication state logic.
...
Fixes #3727
2018-01-16 13:51:55 -05:00
Jeff Mitchell
2b78bc2a9b
Port over bits ( #3575 )
2017-11-13 15:31:32 -05:00
Jeff Mitchell
d38a699c32
Make compile
2017-10-23 17:15:56 -04:00
Jeff Mitchell
d7c5a3acfc
Remove some diffing cruft
2017-10-23 15:13:04 -04:00
Jeff Mitchell
40643aa14c
Remove some old policy upgrade code
2017-10-23 15:11:29 -04:00
Jeff Mitchell
47dae8ffc7
Sync
2017-10-23 14:59:37 -04:00
Chris Hoffman
e4065e33d2
copying general purpose tools from transit backend to /sys/tools ( #3391 )
2017-10-20 10:59:17 -04:00
Brian Kassouf
a8d9426d9f
Update locking components from DR replication changes ( #3283 )
...
* Update locking components from DR replication changes
* Fix plugin backend test
* Add a comment about needing the statelock:
2017-09-04 19:38:37 -04:00
Jeff Mitchell
654e7d92ac
Properly lowercase policy names. ( #3210 )
...
Previously we lowercased names on ingress but not on lookup or delete
which could cause unexpected results. Now, just unilaterally lowercase
policy names on write and delete. On get, to avoid the performance hit
of always lowercasing when not necessary since it's in the critical
path, we have a minor optimization -- we check the LRU first before
normalizing. For tokens, because they're already normalized when adding
policies during creation, this should always work; it might just be
slower for API calls.
Fixes #3187
2017-08-18 19:47:23 -04:00
Jeff Mitchell
a9b1d699d0
Make sys/wrapping/lookup unauthenticated. ( #3084 )
...
We still perform validation on the token, so if the call makes it
through to this endpoint it's got a valid token (either explicitly
specified in data or as the request token). But this allows
introspection for sanity/safety checking without revoking the token in
the process.
2017-07-31 16:16:16 -04:00
Jeff Mitchell
f3f4452334
Revert "Remove wrapping/wrap from default policy and add a note about guarantees ( #2957 )" ( #3008 )
...
This reverts commit b2d2459711d9cb7552daf1cc2330c07d31ef4f51.
2017-07-13 18:47:29 -04:00
Jeff Mitchell
2c6b7db279
Remove wrapping/wrap from default policy and add a note about guarantees ( #2957 )
2017-07-13 15:29:04 -07:00
Jeff Mitchell
7250b3d01e
Fix comment typo
2017-05-03 20:25:55 -04:00
Jeff Mitchell
b7128f53a8
Add sys/leases/lookup and sys/leases/renew to the default policy
2017-05-03 20:22:16 -04:00
Jeff Mitchell
f3bee3550c
Remove now-unnecessary stanza from default policy
2017-02-16 23:30:38 -05:00
Jeff Mitchell
494b4c844b
More porting from rep ( #2389 )
...
* More porting from rep
* Address feedback
2017-02-16 20:13:19 -05:00
Jeff Mitchell
9e5d1eaac9
Port some updates
2017-01-06 15:42:18 -05:00
Jeff Mitchell
b45a481365
Wrapping enhancements ( #1927 )
2016-09-28 21:01:28 -07:00
Jeff Mitchell
065da5fd69
Migrate default policy to a const
2016-08-08 18:33:31 -04:00
Jeff Mitchell
ab71b981ad
Add ability to specify renew lease ID in POST body.
2016-08-08 18:00:44 -04:00
Jeff Mitchell
796c93a8b0
Add sys/renew to default policy
2016-08-08 17:32:30 -04:00
Jeff Mitchell
ac62b18d56
Make capabilities-self
part of the default policy.
...
Fixes #1695
2016-08-08 10:00:01 -04:00
Laura Bennett
eb75afe54d
minor edit for error statement
2016-07-25 13:29:57 -04:00
Laura Bennett
7e29cf1cae
edits based on comments in PR
2016-07-25 09:46:10 -04:00
Laura Bennett
395f052870
minor error correction
2016-07-24 22:35:54 -04:00
Laura Bennett
9ea1c8b801
initial commit for nonAssignablePolicies
2016-07-24 22:27:41 -04:00
Jeff Mitchell
9f6c5bc02a
cubbyhole-response-wrapping -> response-wrapping
2016-06-10 13:48:46 -04:00
Jeff Mitchell
c4431a7e30
Address most review feedback. Change responses to multierror to better return more useful values when there are multiple errors
2016-05-16 16:11:33 -04:00
Jeff Mitchell
c52d352332
Merge branch 'master-oss' into cubbyhole-the-world
2016-05-07 16:40:04 -04:00
Jeff Mitchell
6f7409bb49
Slightly nicer check for LRU in policy store
2016-05-02 22:36:44 -04:00
Jeff Mitchell
fe1f56de40
Make a non-caching but still locking variant of transit for when caches are disabled
2016-05-02 22:36:44 -04:00
Jeff Mitchell
8572190b64
Plumb disabling caches through the policy store
2016-05-02 22:36:44 -04:00
Jeff Mitchell
aba689a877
Add wrapping through core and change to use TTL instead of Duration.
2016-05-02 00:47:35 -04:00
Jeff Mitchell
1394555a4d
Add listing of cubbyhole's root to the default policy.
...
This allows `vault list cubbyhole` to behave as expected rather than
requiring `vault list cubbyhole/`. It could be special cased in logic,
but it also serves as a model for the same behavior in e.g. `generic`
mounts where special casing is not possible due to unforeseen mount
paths.
2016-02-03 13:50:47 -05:00
Jeff Mitchell
b830e29449
Use capabilities rather than policies in default policy. Also add cubbyhole to it.
2016-01-16 18:02:31 -05:00
Jeff Mitchell
2412c078ac
Also convert policy store cache to 2q.
...
Ping #908
2016-01-07 09:26:08 -05:00
Jeff Mitchell
d6693129de
Create a "default" policy with sensible rules.
...
It is forced to be included with each token, but can be changed (but not
deleted).
Fixes #732
2015-11-09 15:44:09 -05:00
Jeff Mitchell
7aa3faa626
Rename core's 'policy' to 'policyStore' for clarification
2015-11-06 12:07:42 -05:00
Jeff Mitchell
c460ff10ca
Push a lot of logic into Router to make a bunch of it nicer and enable a
...
lot of cleanup. Plumb config and calls to framework.Backend.Setup() into
logical_system and elsewhere, including tests.
2015-09-10 15:09:54 -04:00
Armon Dadgar
03be7a5999
vault: upgrade old policies with implicit glob
2015-07-05 19:14:15 -06:00
Armon Dadgar
512b3d7afd
vault: Adding metrics profiling
2015-04-08 16:43:17 -07:00
Armon Dadgar
a8d4319ad5
vault: Update LRU on GetPolicy
2015-04-06 16:43:05 -07:00
Armon Dadgar
f022ec97c4
vault: Adding policy LRU cache
2015-04-06 16:41:48 -07:00
Armon Dadgar
28bc849fd9
vault: Attach policy name if missing
2015-04-01 17:45:00 -07:00
Armon Dadgar
43a99aec93
vault: Special case root policy
2015-03-24 11:27:21 -07:00
Armon Dadgar
6e22ca50eb
vault: integrate policy and token store into core
2015-03-18 14:00:42 -07:00
Armon Dadgar
51ce336753
vault: Adding PolicyStore
2015-03-18 12:17:03 -07:00