Commit graph

186 commits

Author SHA1 Message Date
vishalnayak 328de60338 Description consistency 2016-08-29 15:53:11 -04:00
Jeff Mitchell ac38863884 Add back token/accessor URL parameters but return a warning.
CC @sethvargo
2016-08-29 15:15:57 -04:00
Jeff Mitchell 9fee9ce8ff Don't allow tokens in paths. (#1783) 2016-08-24 15:59:43 -04:00
Jeff Mitchell 01702415c2 Ensure we don't use a token entry period of 0 in role comparisons.
When we added support for generating periodic tokens for root/sudo in
auth/token/create we used the token entry's period value to store the
shortest period found to eventually populate the TTL. The problem was
that we then assumed later that this value would be populated for
periodic tokens, when it wouldn't have been in the upgrade case.

Instead, use a temp var to store the proper value to use; populate
te.Period only if actually given; and check that it's not zero before
comparing against role value during renew.
2016-08-16 16:47:46 -04:00
Jeff Mitchell c1aa89363a Make time logic a bit clearer 2016-08-16 16:29:07 -04:00
Jeff Mitchell cdea4b3445 Add some tests and fix some bugs 2016-08-13 14:03:22 -04:00
Jeff Mitchell de60702d76 Don't check the role period again as we've checked it earlier and it may be greater than the te Period 2016-08-13 13:21:56 -04:00
Jeff Mitchell bcb4ab5422 Add periodic support for root/sudo tokens to auth/token/create 2016-08-12 21:14:12 -04:00
Jeff Mitchell 0f40fba40d Don't allow a root token that expires to create one that doesn't 2016-08-09 20:32:40 -04:00
Jeff Mitchell d7f6218869 Move checking non-assignable policies above the actual token creation 2016-08-08 16:44:29 -04:00
Laura Bennett da615642f5 Merge pull request #1687 from hashicorp/token-store-update
Minor update to token-store
2016-08-08 10:25:05 -04:00
vishalnayak e783bfe7e1 Minor changes to test cases 2016-08-05 20:22:07 -04:00
Laura Bennett 405eb0075a fix an error, tests still broken 2016-08-05 17:58:48 -04:00
Jeff Mitchell 82b3d136e6 Don't mark never-expiring root tokens as renewable 2016-08-05 11:15:25 -04:00
Laura Bennett 68d351c70c addresses feedback, but tests broken 2016-08-05 10:04:02 -04:00
Laura Bennett c626277632 initial commit for minor update to token-store 2016-08-03 14:32:17 -04:00
Vishal Nayak 0b2098de2f Merge pull request #1681 from hashicorp/disallowed-policies
Support disallowed_policies in token roles
2016-08-02 17:32:53 -04:00
vishalnayak e7cb3fd990 Addressed review feedback 2016-08-02 16:53:06 -04:00
vishalnayak 4f45910dfc disallowed_policies doc update 2016-08-02 16:33:22 -04:00
Jeff Mitchell 31b36fe2c2 Use duration helper to allow not specifying duration units 2016-08-02 15:12:45 -04:00
vishalnayak a936914101 Address review feedback and fix existing tests 2016-08-02 14:10:20 -04:00
vishalnayak a0c711d0cf Added disallowed_policies to token roles 2016-08-02 10:33:50 -04:00
Jeff Mitchell 357f2d972f Add some extra safety checking in accessor listing and update website
docs.
2016-08-01 13:12:06 -04:00
Jeff Mitchell 6546005487 Fix typo 2016-07-29 23:24:04 -04:00
Jeff Mitchell e606aab6e0 oops, fix createAccessor 2016-07-29 18:23:55 -04:00
Jeff Mitchell 23ab63c78e Add accessor list function to token store 2016-07-29 18:20:38 -04:00
Laura Bennett 7e29cf1cae edits based on comments in PR 2016-07-25 09:46:10 -04:00
Laura Bennett 9ea1c8b801 initial commit for nonAssignablePolicies 2016-07-24 22:27:41 -04:00
vishalnayak 331f229858 Added a cap of 256 for CreateLocks utility 2016-07-20 04:48:35 -04:00
vishalnayak 50e8a189e9 Added helper to create locks 2016-07-19 21:37:28 -04:00
vishalnayak c14235b206 Merge branch 'master-oss' into json-use-number
Conflicts:
	http/handler.go
	logical/framework/field_data.go
	logical/framework/wal.go
	vault/logical_passthrough.go
2016-07-15 19:21:55 -04:00
vishalnayak 8269f323d3 Revert 'risky' changes 2016-07-12 16:38:07 -04:00
vishalnayak e09b40e155 Remove Unix() invocations on 'time.Time' objects and removed conversion of time to UTC 2016-07-08 18:30:18 -04:00
vishalnayak ad7cb2c8f1 Added JSON Decode and Encode helpers.
Changed all the occurances of Unmarshal to use the helpers.
Fixed http/ package tests.
2016-07-06 12:25:40 -04:00
Jeff Mitchell 09720bbd8e Fix picking wrong token lock 2016-06-27 11:17:08 -04:00
Jeff Mitchell 2b4b6559e3 Merge pull request #1504 from hashicorp/token-store-roles-renewability
Add renewable flag to token store roles
2016-06-08 15:56:54 -04:00
Jeff Mitchell 8a1bff7c11 Make out-of-bounds explicit max a cap+warning instead of an error 2016-06-08 15:25:17 -04:00
Jeff Mitchell cf8f38bd4c Add renewable flag to token store roles 2016-06-08 15:17:22 -04:00
Jeff Mitchell 65d8973864 Add explicit max TTL capability to token creation API 2016-06-08 14:49:48 -04:00
Jeff Mitchell c0155ac02b Add renewable flag and API setting for token creation 2016-06-08 11:14:30 -04:00
Jeff Mitchell f8d70b64a0 Show renewable status for tokens in output 2016-06-01 17:30:31 -04:00
vishalnayak 1e4834bd20 Remove addDefault param from ParsePolicies 2016-05-31 13:39:58 -04:00
vishalnayak 49b4c83580 Adding default policies while creating tokens 2016-05-31 13:39:58 -04:00
vishalnayak c0e745dbfa s/logical.ErrorResponse/fmt.Errorf in renewal functions of credential backends 2016-05-26 10:21:03 -04:00
Jeff Mitchell c4431a7e30 Address most review feedback. Change responses to multierror to better return more useful values when there are multiple errors 2016-05-16 16:11:33 -04:00
Jeff Mitchell 4c67a739b9 Merge branch 'master-oss' into cubbyhole-the-world 2016-05-16 12:14:40 -04:00
Sean Chittenden 7a4b31ce51
Speling police 2016-05-15 09:58:36 -07:00
Jeff Mitchell ce5614bf9b Merge branch 'master-oss' into cubbyhole-the-world 2016-05-11 19:29:52 -04:00
Jeff Mitchell 6ec1ca05c8 Fix bug around disallowing explicit max greater than sysview max 2016-05-11 18:46:55 -04:00
Jeff Mitchell aecc3ad824 Add explicit maximum TTLs to token store roles. 2016-05-11 16:51:18 -04:00