Commit graph

167 commits

Author SHA1 Message Date
Jeff Mitchell e58553e7d5 Plumb the system configuration information up into framework 2015-08-27 09:41:03 -07:00
Jeff Mitchell 2e07106c4b Add some documentation to SystemConfig 2015-08-27 09:14:03 -07:00
Jeff Mitchell 992e357d07 Add some plumbing to allow specified system configuration information to
be retrieved by logical backends. First implemented is default/max TTL.
2015-08-27 08:51:35 -07:00
Jeff Mitchell 5695d57ba0 Merge pull request #561 from hashicorp/fix-wild-cards
Allow hyphens in endpoint patterns of most backends
2015-08-21 11:40:42 -07:00
vishalnayak 6c2927ede0 Vault: Fix wild card paths for all backends 2015-08-21 00:56:13 -07:00
Jeff Mitchell ea9fbb90bc Rejig Lease terminology internally; also, put a few JSON names back to their original values 2015-08-20 22:27:01 -07:00
Jeff Mitchell 93ef9a54bd Internally refactor Lease/LeaseGracePeriod into TTL/GracePeriod 2015-08-20 18:00:51 -07:00
Jeff Mitchell b57ce8e5c2 Change "lease" parameter in the generic backend to be "ttl" to reduce confusion. "lease" is now deprecated but will remain valid until 0.4.
Fixes #528.
2015-08-20 16:41:25 -07:00
Armon Dadgar 4abc488cec Merge pull request #510 from ctennis/more_descriptive_errors
More descriptive errors with specific HTTP return codes
2015-08-11 10:11:26 -07:00
Caleb Tennis ae990884a6 Add a validation step in field data to error more quickly vs. allowing panics to happen when we go to get the data and convert it 2015-08-11 12:34:14 -04:00
Caleb Tennis 4da080e769 This adds a new error class which can be used by logical backends to
specify more concrete error cases to make their way back up the stack.

Over time there is probably a cleaner way of doing this, but that's
looking like a more massive rewrite and this solves some issues in
the meantime.

Use a CodedError to return a more concrete HTTP return code for
operations you want to do so.  Returning a regular error leaves
the existing behavior in place.
2015-08-10 13:27:25 -04:00
Caleb Tennis 7750af7014 Fix a couple of typos 2015-08-09 15:20:06 -04:00
vishalnayak 4409e704b5 Vault Test: Disabling mlock for logical.testing.Test() 2015-07-31 12:23:50 -04:00
Armon Dadgar c40cf7fcdf logical/framework: handle nil duration value. Fixes #408 2015-07-08 16:55:52 -06:00
Armon Dadgar cf82f4d6d6 logical/testing: Allow factory to be provided instead of Backend 2015-06-30 18:08:43 -07:00
Armon Dadgar 4b27e4d8c5 Remove SetLogger, and unify on framework.Setup 2015-06-30 17:45:20 -07:00
Armon Dadgar 541014e315 logical: remove SetLogger method 2015-06-30 17:39:39 -07:00
Armon Dadgar 5d69e7da90 Updating for backend API change 2015-06-30 17:36:12 -07:00
Armon Dadgar 41b72a4d39 vault: provide view to backend initializer for setup 2015-06-30 17:30:43 -07:00
Armon Dadgar e892d728a2 logical/framework: support Salt in PathMap 2015-06-30 14:28:45 -07:00
Armon Dadgar 6b23b14773 logical/framework: adding a new duration type to convert to seconds 2015-06-17 15:56:26 -07:00
Armon Dadgar f39b522681 logical/framework: allow the lease max to come from existing lease 2015-06-17 14:24:12 -07:00
Armon Dadgar cfab07b19f logical/framework: simplify calculation of lease renew 2015-06-17 14:16:44 -07:00
Armon Dadgar ae02203624 logical: remove IncrementedLease, simplify ExpirationTime calculation 2015-06-17 13:59:09 -07:00
Armon Dadgar 784f17a0a8 logical: Adding special fields to do raw HTTP 2015-05-27 14:09:47 -07:00
Armon Dadgar ba7bfed1af vault: Expose MountPoint to secret backend. Fixes #248 2015-05-27 11:46:42 -07:00
Armon Dadgar 7131f12fee logical/testing: Fixing revoke in acceptance tests. Fixes #236 2015-05-27 11:19:15 -07:00
Jonathan Sokolowski d58512b3f8 logical/framework: Fix help text in PathMap 2015-05-15 07:56:32 +10:00
Jonathan Sokolowski 283e8ccacb logical/framework: Add delete to PathMap 2015-05-14 22:28:33 +10:00
Jonathan Sokolowski 896f9cd4d3 logical/framework: Add delete to PathStruct 2015-05-14 22:25:30 +10:00
Mitchell Hashimoto 5c63b70eea logical/framework: PathMap is case insensitive by default 2015-05-11 10:27:04 -07:00
Mitchell Hashimoto 4e861f29bc credential/github: case insensitive mappings 2015-05-11 10:24:39 -07:00
Armon Dadgar c849aba53a vault: Adding InternalData to Auth 2015-05-09 11:39:54 -07:00
Armon Dadgar 8ed48191fb logical/framework: Generate help output even if no synopsis provided 2015-05-07 15:45:43 -07:00
Mitchell Hashimoto 81b12660c5 logical/framework: PathMap allows hyphens in keys [GH-119] 2015-05-02 13:17:42 -07:00
Mitchell Hashimoto 6287513c30 logical/testing: add return after fatal? 2015-04-28 18:46:56 -07:00
Armon Dadgar c4a92a276d logical/framework: Supporting list of path map 2015-04-23 21:44:04 -07:00
Armon Dadgar af4f9196b8 logical: allow specifying ConnState 2015-04-23 16:36:31 -07:00
Mitchell Hashimoto f7a1b2ced9 credential/app-id: allow restriction by CIDR block [GH-10] 2015-04-17 10:14:39 -07:00
Mitchell Hashimoto e643b48235 credential/app-id: support associating a name with app ID [GH-9] 2015-04-17 10:01:03 -07:00
Mitchell Hashimoto cd3fa3be92 logical/framework: more flexible Pathmap and PolicyMap 2015-04-17 09:35:49 -07:00
Mitchell Hashimoto 910bf9c76d logical/framework: PathStruct 2015-04-17 09:18:21 -07:00
Armon Dadgar 9d2bd2bf29 logical: Adding a DisplayName for operators 2015-04-15 13:56:42 -07:00
Mitchell Hashimoto 463a32ba56 logical/framework: doc for defaultduration on secret 2015-04-13 20:42:06 -07:00
Mitchell Hashimoto 6272ad75dc logical/framework: secret lease tests 2015-04-13 15:18:27 -07:00
Mitchell Hashimoto 209b275bfd logical/framework: allow max session time 2015-04-11 16:41:08 -07:00
Mitchell Hashimoto 33d66f0130 vault: token store allows unlimited renew 2015-04-11 16:28:16 -07:00
Mitchell Hashimoto d81707a222 logical/framework: more tests 2015-04-11 14:51:00 -07:00
Mitchell Hashimoto a360ca4928 logical/framework: AuthRenew callback, add LeaseExtend
/cc @armon - Going with this "standard library" of callbacks approach
to make extending leases in a customizable way easy. See the docs/tests
above.
2015-04-11 14:46:09 -07:00
Mitchell Hashimoto f996dcf964 logical: add LeaseOptions.IncrementedLease() 2015-04-10 21:35:17 -07:00
Mitchell Hashimoto 7139ad427e logical: lease tests 2015-04-10 21:29:03 -07:00
Mitchell Hashimoto 992028e23e vault: the expiration time should be relative to the issue time 2015-04-10 21:21:06 -07:00
Mitchell Hashimoto 2c5ac09b23 logical: note time zone of lease 2015-04-10 20:49:17 -07:00
Armon Dadgar f7dbb6966b logical: Adding support for renew of Auth 2015-04-10 13:59:49 -07:00
Armon Dadgar 5a3ab973e6 vault: Simplify common lease logic 2015-04-09 12:29:13 -07:00
Armon Dadgar 4679febdf3 logical: Refactor LeaseOptions to share between Secret and Auth 2015-04-09 12:14:04 -07:00
Armon Dadgar 7df486482b vault: Adding LeaseIssue for renew to allow limiting maximum lease length 2015-04-09 11:54:32 -07:00
Armon Dadgar 466c7575d3 Replace VaultID with LeaseID for terminology simplification 2015-04-08 13:35:32 -07:00
Mitchell Hashimoto 569991fcc5 credential/app-id 2015-04-04 18:41:49 -07:00
Mitchell Hashimoto 606b3dbff9 credential/github: improve help 2015-04-04 12:18:33 -07:00
Mitchell Hashimoto 7aee6269f7 vault: pass a logger around to logical backends 2015-04-04 11:39:58 -07:00
Mitchell Hashimoto 8dc9e0e0d5 logical/framework: better string values for types 2015-04-03 21:15:59 -07:00
Mitchell Hashimoto ec9df0439b logical/aws: help 2015-04-03 21:10:54 -07:00
Mitchell Hashimoto 246c2839b0 logical/framework: make help look nicer 2015-04-03 21:00:23 -07:00
Mitchell Hashimoto 0bbad03c70 logical/framework: support root help 2015-04-03 20:36:47 -07:00
Armon Dadgar b8d69a357c vault: Use Auth for lease and renewable 2015-04-03 14:04:50 -07:00
Mitchell Hashimoto 2e3d6d6a0e command/help 2015-04-02 22:42:05 -07:00
Armon Dadgar 745bcb951d logical: adding lease to auth 2015-04-02 17:25:22 -07:00
Armon Dadgar faa759ea1d logical/framework: Panic if routing pattern is blank 2015-04-01 22:12:03 -07:00
Armon Dadgar c5a5c6e3a6 logical/framework: automatically anchor 2015-04-01 17:53:02 -07:00
Mitchell Hashimoto 04cf4ef093 logical/framework: add PolicyMap 2015-04-01 15:46:37 -07:00
Mitchell Hashimoto 4e94cf1ace logical/testing: helper to test auth 2015-04-01 15:46:37 -07:00
Mitchell Hashimoto 906f81b588 logical: GoStringer for Auth 2015-04-01 15:46:37 -07:00
Mitchell Hashimoto 5676373742 logical/testing: support unauthenticated requests 2015-04-01 15:46:37 -07:00
Mitchell Hashimoto 83de0fd03d logical/framework: PathMap can get missing things 2015-04-01 15:46:37 -07:00
Mitchell Hashimoto 856f1e854a logical: validation should allow 0 leases 2015-03-31 21:11:23 -07:00
Mitchell Hashimoto 67e4bdf1e4 misc typos 2015-03-31 17:27:04 -07:00
Mitchell Hashimoto af8a9cd2e5 logical/testing: tokens for acceptance tests 2015-03-31 17:26:31 -07:00
Armon Dadgar 0943c2bf45 logical/framework: Added missing case for TypeMap 2015-03-31 16:45:08 -07:00
Armon Dadgar cb66c93a34 logical/framework: Adding TypeMap 2015-03-31 16:45:08 -07:00
Mitchell Hashimoto d4509b0ee3 vault: keep the connection info around for auth 2015-03-30 20:55:01 -07:00
Mitchell Hashimoto c9acfa17cb vault: get rid of HangleLogin 2015-03-30 20:26:39 -07:00
Mitchell Hashimoto 65145cf435 logical: add Redirect to response 2015-03-30 17:56:24 -07:00
Mitchell Hashimoto 62ee621ea3 logical: move cred stuff over here 2015-03-30 17:46:18 -07:00
Mitchell Hashimoto 2c3657f4fe logical: add credential info to logical backend structures 2015-03-30 14:23:32 -07:00
Armon Dadgar cb563b881c logical: Special error for permission denied 2015-03-24 11:23:59 -07:00
Armon Dadgar 4598e43140 vault: Adding ClientToken 2015-03-24 11:09:25 -07:00
Mitchell Hashimoto 27d33ad9f7 logical/framework: auto-extend leases if requested 2015-03-21 16:20:30 +01:00
Mitchell Hashimoto f6d5e3f0f4 logical/testing: immediate rollback, ignore RollbackMinAge 2015-03-21 11:18:33 +01:00
Mitchell Hashimoto 17c58633d6 logical/framework: rollback should return error, easier API 2015-03-21 11:08:13 +01:00
Mitchell Hashimoto a54d90ac1f logical/framework: rollback needs to have access to request for storage 2015-03-21 11:03:59 +01:00
Mitchell Hashimoto 62d9bec8be logical/aws 2015-03-20 19:03:20 +01:00
Mitchell Hashimoto a0f59f682b logical/framework: can specify InternalData for secret 2015-03-20 17:59:48 +01:00
Mitchell Hashimoto d43f395050 logical/testing: rollback/revoke secrets, error dangling secrets 2015-03-20 17:20:55 +01:00
Mitchell Hashimoto c349e97168 vault: clean up VaultID duplications, make secret responses clearer
/cc @armon - This is a reasonably major refactor that I think cleans up
a lot of the logic with secrets in responses. The reason for the
refactor is that while implementing Renew/Revoke in logical/framework I
found the existing API to be really awkward to work with.

Primarily, we needed a way to send down internal data for Vault core to
store since not all the data you need to revoke a key is always sent
down to the user (for example the user than AWS key belongs to).

At first, I was doing this manually in logical/framework with
req.Storage, but this is going to be such a common event that I think
its something core should assist with. Additionally, I think the added
context for secrets will be useful in the future when we have a Vault
API for returning orphaned out keys: we can also return the internal
data that might help an operator.

So this leads me to this refactor. I've removed most of the fields in
`logical.Response` and replaced it with a single `*Secret` pointer. If
this is non-nil, then the response represents a secret. The Secret
struct encapsulates all the lease info and such.

It also has some fields on it that are only populated at _request_ time
for Revoke/Renew operations. There is precedent for this sort of
behavior in the Go stdlib where http.Request/http.Response have fields
that differ based on client/server. I copied this style.

All core unit tests pass. The APIs fail for obvious reasons but I'll fix
that up in the next commit.
2015-03-19 23:11:42 +01:00
Mitchell Hashimoto 8039fc5c63 logical/framework: support renew 2015-03-19 20:20:57 +01:00
Mitchell Hashimoto d4b284fba4 logical/framework: revoke support 2015-03-19 19:41:41 +01:00
Mitchell Hashimoto b655a78b78 logical/framework: can specify renew/revoke functins for secret 2015-03-19 15:07:45 +01:00
Mitchell Hashimoto c7ed24282b logical/framework: add methods to look up secret and gen response 2015-03-19 14:59:01 +01:00
Mitchell Hashimoto c21bc26731 logical/framework: use custom request wrapper 2015-03-19 14:39:25 +01:00