a9db12670a
errwrap -> go-multierror + errwrap
2015-11-02 13:29:33 -05:00
7e9918ec8e
Run preSeal if postUnseal fails.
...
This also ensures that every error path out of postUnseal returns an
error.
Fixes #733
2015-11-02 13:29:33 -05:00
94b7be702b
Return data on a token with one use left if there is no Lease ID
...
Fixes #615
2015-10-30 12:35:42 -04:00
636d57a026
Make the token store's Create and RootToken functions non-exported.
...
Nothing requires them to be exported, and I don't want anything in the
future to think it's okay to simply create a root token when it likes.
2015-10-30 10:59:26 -04:00
c1d8b97342
Add reset support to the unseal command.
...
Reset clears the provided unseal keys, allowing the process to be begun
again. Includes documentation and unit test changes.
Fixes #695
2015-10-28 15:59:39 -04:00
78b5fcdf51
Serialize changing the state of the expiration manager pointer and
...
calling emitMetrics from its own goroutine.
Fixes #694
2015-10-12 16:33:54 -04:00
a9155ef85e
Use split-out hashicorp/uuid
2015-10-12 14:07:12 -04:00
5fbaa0e64d
Apply mount-tune properties to the token authentication backend.
...
Fixes #688 .
2015-10-09 20:26:39 -04:00
bd1dce7f95
Address review feedback for #684
2015-10-08 14:34:10 -04:00
d58a3b601c
Add a cleanLeaderPrefix function to clean up stale leader entries in core/leader
...
Fixes #679 .
2015-10-08 14:04:58 -04:00
21644751ed
Fix the key rotation upgrade check error message
2015-10-05 18:23:32 -04:00
8f27c250d6
Fix problematic logging statements.
...
Fixes #665 .
2015-10-02 18:31:46 -07:00
81e535dc2d
Minor updates to passthrough and additional tests
2015-09-21 16:57:41 -04:00
47e8c0070a
Don't use leases on the generic backend...with a caveat.
...
You can now turn on and off the lease behavior in the generic backend by
using one of two factories. Core uses the normal one if it's not already
set, so unit tests can use the custom one and all stay working.
This also adds logic into core to check, when the response is coming
from a generic backend, whether that backend has leases enabled. This
adds some slight overhead.
2015-09-21 16:37:37 -04:00
d775445efe
Store token creation time and TTL. This can be used to properly populate
...
fields in 'lookup-self'. Importantly, this also makes credential
backends use the SystemView per-backend TTL values and fixes unit tests
to expect this.
Fully fixes #527
2015-09-18 16:39:35 -04:00
77e7379ab5
Implement the cubbyhole backend
...
In order to implement this efficiently, I have introduced the concept of
"singleton" backends -- currently, 'sys' and 'cubbyhole'. There isn't
much reason to allow sys to be mounted at multiple places, and there
isn't much reason you'd need multiple per-token storage areas. By
restricting it to just one, I can store that particular mount instead of
iterating through them in order to call the appropriate revoke function.
Additionally, because revocation on the backend needs to be triggered by
the token store, the token store's salt is kept in the router and
client tokens going to the cubbyhole backend are double-salted by the
router. This allows the token store to drive when revocation happens
using its salted tokens.
2015-09-15 13:50:37 -04:00
699e12a1c6
When there is one use left and a Secret is being returned, instead
...
return a descriptive error indicating that the Secret cannot be returned
because when the token was revoked the secret was too. This prevents
confusion where credentials come back but cannot be used.
Fixes #615
2015-09-14 11:07:27 -04:00
39cfcccdac
Remove error returns from sysview TTL calls
2015-09-10 15:09:54 -04:00
65ceb3439d
Be consistent as both are the same pointer here
2015-09-10 15:09:54 -04:00
c460ff10ca
Push a lot of logic into Router to make a bunch of it nicer and enable a
...
lot of cleanup. Plumb config and calls to framework.Backend.Setup() into
logical_system and elsewhere, including tests.
2015-09-10 15:09:54 -04:00
488d33c70a
Rejig how dynamic values are represented in system view and location of some functions in various packages; create mount-tune command and API analogues; update documentation
2015-09-10 15:09:54 -04:00
17c60d3e78
Add logic to core to fetch a SystemView for a given mount entry and use those values for default/max TTL. The SystemView will reflect system defaults if not set for that mount.
2015-09-10 15:09:53 -04:00
98d0d23d70
Ensure token store is available when looking up token
2015-09-01 08:21:47 -04:00
3f45f3f41b
Rename config lease_duration parameters to lease_ttl in line with current standardization efforts
2015-08-27 07:50:24 -07:00
cc232e6f79
Address comments from review.
2015-08-25 15:33:58 -07:00
c887df93cc
Add support for pgp-keys argument to rekey, as well as tests, plus
...
refactor common bits out of init.
2015-08-25 14:52:13 -07:00
f57e7892e7
Don't store the given public keys in the seal config
2015-08-25 14:52:13 -07:00
2f3e245b0b
Add support for "pgp-tokens" parameters to init.
...
There are thorough unit tests that read the returned
encrypted tokens, seal the vault, and unseal it
again to ensure all works as expected.
2015-08-25 14:52:13 -07:00
93ef9a54bd
Internally refactor Lease/LeaseGracePeriod into TTL/GracePeriod
2015-08-20 18:00:51 -07:00
db79dd8c22
Don't defer revocation when sealing, and clear out response/auth if there is a token use error
2015-08-20 10:37:42 -07:00
0e8e3660ff
Fix #461 properly by defering potential revocation of a token until after the request is fully handled.
2015-08-20 10:14:13 -07:00
151ec72d00
Add configuration options for default lease duration and max lease duration.
2015-07-30 09:42:49 -04:00
41b72a4d39
vault: provide view to backend initializer for setup
2015-06-30 17:30:43 -07:00
8bc99f8c23
helper/uuid: single generateUUID definition
2015-06-30 12:38:32 -07:00
496ebe561c
vault: cleanups for the audit log changes
2015-06-29 15:27:28 -07:00
b667ef4c71
Collapsing audit response logging to a single point
2015-06-18 19:48:26 -07:00
4ec685dc1a
Logging authentication errors and bad token usage
2015-06-18 18:30:18 -07:00
dbf6cf6e6d
vault: support core shutdown
2015-06-17 18:23:59 -07:00
5c75a6c5c7
vault: ensure token renew does not double register
2015-06-17 15:22:50 -07:00
daffef08db
vault: reload master key before keyring
2015-05-29 14:30:03 -07:00
4f5fde039f
vault: all rekey commands should fail as standby
2015-05-29 11:52:37 -07:00
5aaad32af8
vault: ensure upgrades are cleaned up
2015-05-28 16:52:06 -07:00
db0afc9ebe
vault: move upgrade logic out of core
2015-05-28 16:43:44 -07:00
82ef0b1ac7
vault: handle read of key upgrades
2015-05-28 16:11:31 -07:00
c60970e743
vault: prevent rekey on standby
2015-05-28 15:26:35 -07:00
01e890653c
vault: more logging
2015-05-28 14:15:06 -07:00
0877160754
vault: minor rekey cleanups
2015-05-28 12:07:52 -07:00
361c722c5c
vault: first pass at rekey
2015-05-28 11:40:01 -07:00
3bcd32228d
vault: lease renewal should not create new lease entry
2015-05-15 17:47:39 -07:00
843d9e6484
vault: verify login endpoint never returns a secret
2015-05-09 11:51:58 -07:00
13ab31f4b5
vault: ensure InternalData is never returned from the core
2015-05-09 11:47:46 -07:00
c7496772d4
vault: defer barrier initialization until as late as possible
2015-05-08 11:06:39 -07:00
a6eef6bba3
vault: Guard against an invalid seal config
2015-05-08 11:05:31 -07:00
727e0e90cd
vault: validate advertise addr is valid URL [GH-106]
2015-05-02 13:28:33 -07:00
e80111502b
vault: way more verbose error if mlock fails [GH-59]
2015-04-28 18:56:16 -07:00
b5f8f3b05a
vault: add helper/mlock for doing mlock
2015-04-28 14:59:43 -07:00
2e55c3de68
vault: ability to toggle mlock on core
2015-04-27 16:40:14 -07:00
2f0995d650
vault: Swap the HAEnabled check with the sealed check
2015-04-20 12:19:09 -07:00
c5f914cb34
vault: Lock memory when possible
2015-04-19 13:42:47 -07:00
4473abd6ce
vault: core enforcement of limited use tokens
2015-04-17 11:57:56 -07:00
b65e1b3e22
vault: using a constant to make @mitchellh feel better
2015-04-15 17:19:59 -07:00
76b69b2514
vault: thread the display name through
2015-04-15 14:12:34 -07:00
9f7143cf44
vault: expose the current leader
2015-04-14 16:53:40 -07:00
445f64eb39
vault: leader should advertise address
2015-04-14 16:44:48 -07:00
ec8a41d2d2
vault: rename internal variable
2015-04-14 16:11:39 -07:00
2820bec479
vault: testing standby mode
2015-04-14 16:06:58 -07:00
a0e1b90b81
vault: reject operation if standby
2015-04-14 14:09:11 -07:00
d7102e2661
vault: first pass at HA standby mode
2015-04-14 14:06:15 -07:00
255e0fbda4
vault: enable physical cache in core
2015-04-14 11:08:04 -07:00
512b3d7afd
vault: Adding metrics profiling
2015-04-08 16:43:17 -07:00
466c7575d3
Replace VaultID with LeaseID for terminology simplification
2015-04-08 13:35:32 -07:00
eaa483ff87
vault: Enforce default and max length leasing
2015-04-03 15:42:34 -07:00
eec6c27fae
vault: Special case auth/token/create
2015-04-02 18:05:23 -07:00
c6479642e9
vault: integrate login with expiration manager
2015-04-02 17:52:11 -07:00
4138e43f00
vault: Adding audit trail for login
2015-04-01 14:48:37 -07:00
3d3e18793b
vault: Integrate audit logging with core
2015-04-01 14:33:48 -07:00
b657b74a97
vault: Minor rework for clarity
2015-04-01 14:11:26 -07:00
c83f46606b
vault: Simpify token checking logic
2015-04-01 14:03:17 -07:00
2c9ebecda7
vault: register zero lease entries with the expiration manager
...
/cc @armon - would appreciate a review on this one
2015-03-31 21:01:12 -07:00
a6bc60c7d6
vault: Adding AuditBroker and basic tests
2015-03-31 13:22:40 -07:00
0666bda865
vault: require root token for seal
2015-03-31 09:59:02 -07:00
c9acfa17cb
vault: get rid of HangleLogin
2015-03-30 20:26:39 -07:00
69593cde56
remove credential/ lots of tests faililng
2015-03-30 18:07:05 -07:00
042db7798e
vault: Adding basic audit table load/unload
2015-03-27 14:00:38 -07:00
609ac4c562
vault: Allow passing in audit factory methods
2015-03-27 13:45:13 -07:00
20c2375352
vault: Adding ACL enforcement
2015-03-24 11:37:07 -07:00
65ef4f1032
vault: wire tokens into expiration manager
2015-03-23 18:11:15 -07:00
86c9bd9083
vault: Give expiration manager a token store reference
2015-03-23 18:00:14 -07:00
6481ff9e34
vault: Generate a root token when initializing
2015-03-23 17:31:30 -07:00
192dcf7d39
vault: first pass at HandleLogin
2015-03-23 13:56:43 -07:00
879a0501f8
vault: Track the token store in core
2015-03-23 13:41:05 -07:00
c349e97168
vault: clean up VaultID duplications, make secret responses clearer
...
/cc @armon - This is a reasonably major refactor that I think cleans up
a lot of the logic with secrets in responses. The reason for the
refactor is that while implementing Renew/Revoke in logical/framework I
found the existing API to be really awkward to work with.
Primarily, we needed a way to send down internal data for Vault core to
store since not all the data you need to revoke a key is always sent
down to the user (for example the user than AWS key belongs to).
At first, I was doing this manually in logical/framework with
req.Storage, but this is going to be such a common event that I think
its something core should assist with. Additionally, I think the added
context for secrets will be useful in the future when we have a Vault
API for returning orphaned out keys: we can also return the internal
data that might help an operator.
So this leads me to this refactor. I've removed most of the fields in
`logical.Response` and replaced it with a single `*Secret` pointer. If
this is non-nil, then the response represents a secret. The Secret
struct encapsulates all the lease info and such.
It also has some fields on it that are only populated at _request_ time
for Revoke/Renew operations. There is precedent for this sort of
behavior in the Go stdlib where http.Request/http.Response have fields
that differ based on client/server. I copied this style.
All core unit tests pass. The APIs fail for obvious reasons but I'll fix
that up in the next commit.
2015-03-19 23:11:42 +01:00
d88a41944e
vault: Switch AuthTable to using MountTable
2015-03-19 09:54:57 -07:00
8cc88981d6
vault: token store is a credential implementation
2015-03-18 19:11:52 -07:00
b8da9c2ee2
vault: first pass at initializing credential backends
2015-03-18 15:46:07 -07:00
d2d1822931
vault: Adding hooks for auth loading
2015-03-18 15:30:31 -07:00
21b9bdaf37
vault: Allow passing in credential backends
2015-03-18 15:21:41 -07:00
6e22ca50eb
vault: integrate policy and token store into core
2015-03-18 14:00:42 -07:00
e078b957d4
vault: start/stop rollback manager post/pre seal
2015-03-17 20:39:45 -05:00
abe0859aa5
vault: use RWMutex on MountTable itself
2015-03-17 20:39:45 -05:00
15b7dc2d02
vault: integration expiration manager with core
2015-03-16 15:28:50 -07:00
9f0d59d03f
vault: system using the framework
2015-03-15 17:35:59 -07:00
d4f54be927
vault: can pass in the backends
2015-03-15 16:25:38 -07:00
d1d1929192
vault: convert to logical.Request and friends
2015-03-15 14:53:41 -07:00
9d84e7bacc
vault: don't copy the key so it can be zeroed, document, add helper
2015-03-14 18:25:55 -07:00
866b91d858
vault: public TestCoreUnsealed, don't modify key in Unseal
...
/cc @armon - I do a key copy within Unseal now. It tripped me up for
quite awhile that that method actually modifies the param in-place and I
can't think of any scenario that is good for the user. Do you see any
issues here?
2015-03-14 17:47:11 -07:00
081358091a
vault: improve seal/unseal log messages
2015-03-13 11:34:40 -07:00
d744d4ee5e
vault: integrate expiration manager with core setup/teardown
2015-03-13 11:20:36 -07:00
d0380e553d
vault: Support a pre-seal teardown
2015-03-13 11:16:24 -07:00
15de847389
vault: Setup expiration manager on unseal
2015-03-12 12:44:30 -07:00
6c759416d0
vault: special view path for system
2015-03-12 12:44:30 -07:00
aa0ca02b8c
vault: sanity check key length
2015-03-12 11:20:38 -07:00
718065c733
vault: the config has to be exported
2015-03-12 10:22:12 -07:00
91462a61a2
vault: Adding mounts table endpoint
2015-03-11 16:12:15 -07:00
b212890043
vault: Setup the mount tables after load
2015-03-11 15:50:42 -07:00
f54e4e0f6a
vault: Loading mount tables on start
2015-03-11 15:19:41 -07:00
fdad9e9ce3
vault: Test routing while sealed
2015-03-11 14:31:55 -07:00
8fdac427a7
vault: Test initialization simple
2015-03-11 11:52:01 -07:00
6794e59e2b
vault: First pass at Unseal
2015-03-11 11:43:36 -07:00
8c49152c78
vault: Support secret sharing
2015-03-11 11:34:08 -07:00
53b4e3281a
vault: First pass at initialization
2015-03-09 17:45:34 -07:00
da34cbb39a
vault: Adding core skeleton
2015-03-09 16:33:27 -07:00
Jeff Mitchell