Commit graph

1574 commits

Author SHA1 Message Date
Jeff Mitchell a9fb7da890 WIP 2018-05-19 21:31:45 -04:00
Jeff Mitchell a9d8be3c4d WIP 2018-05-19 21:31:45 -04:00
Jeff Mitchell 6b345ccdef
Use copystructure when assigning allowed/denied params from nil check (#4585)
Fixes #4582
2018-05-18 13:33:49 -07:00
Calvin Leung Huang 90d305a322
Optimize revokeSalted by not calling view.List twice (#4465)
* Optimize revokeSalted by not calling view.List twice

* Minor comment update

* Do not go through the orphaning dance if we are revoking the entire tree

* Update comment
2018-05-18 12:14:42 -07:00
Calvin Leung Huang 95958dd9f9
Use a token store with an initialized exp mananger in TestTokenStore_RevokeSelf (#4590) 2018-05-18 12:13:37 -07:00
Calvin Leung Huang d7017c7924
Return as internal error on failed token lookup (#4589) 2018-05-18 10:14:31 -07:00
Calvin Leung Huang 08720c93ec
Return ts.Lookup error on handleCreateCommon (#4587)
* Return ts.Lookup error on handleCreateCommon

* Fix test
2018-05-18 09:30:03 -07:00
Jeff Mitchell c683315b67
Check allowed/denied/required params on read calls. (#4579)
We added support a bit ago for some read operations to take in
parameters, so we should now apply these checks against them.
2018-05-16 11:28:46 -04:00
Calvin Leung Huang 0ad08b3cb9
Token store tests (#4549)
* Expand revocation test to cover non-registered tokens case

* Bump sleep times back down a bit
2018-05-11 12:12:44 -04:00
Jeff Mitchell 58154df811 Fix two failing tests due to the fact that the expiration manager now
needs to be running to properly revoke tests.
2018-05-10 18:22:04 -04:00
Calvin Leung Huang dd7520459e
Token revocation refactor (#4512)
* Hand off lease expiration to expiration manager via timers

* Use sync.Map as the cache to track token deletion state

* Add CreateOrFetchRevocationLeaseByToken to hand off token revocation to exp manager

* Update revoke and revoke-self handlers

* Fix tests

* revokeSalted: Move token entry deletion into the deferred func

* Fix test race

* Add blocking lease revocation test

* Remove test log

* Add HandlerFunc on NoopBackend, adjust locks, and add test

* Add sleep to allow for revocations to settle

* Various updates

* Rename some functions and variables to be more clear
* Change step-down and seal to use expmgr for revoke functionality like
during request handling
* Attempt to WAL the token as being invalid as soon as possible so that
further usage will fail even if revocation does not fully complete

* Address feedback

* Return invalid lease on negative TTL

* Revert "Return invalid lease on negative TTL"

This reverts commit a39597ecdc23cf7fc69fe003eef9f10d533551d8.

* Extend sleep on tests
2018-05-10 15:50:02 -04:00
Jeff Mitchell af802275bd
Fix response wrapping from K/V version 2 (#4511)
This takes place in two parts, since working on this exposed an issue
with response wrapping when there is a raw body set. The changes are (in
diff order):

* A CurrentWrappingLookupFunc has been added to return the current
value. This is necessary for the lookahead call since we don't want the
lookahead call to be wrapped.

* Support for unwrapping < 0.6.2 tokens via the API/CLI has been
removed, because we now have backends returning 404s with data and can't
rely on the 404 trick. These can still be read manually via
cubbyhole/response.

* KV preflight version request now ensures that its calls is not
wrapped, and restores any given function after.

* When responding with a raw body, instead of always base64-decoding a
string value and erroring on failure, on failure we assume that it
simply wasn't a base64-encoded value and use it as is.

* A test that fails on master and works now that ensures that raw body
responses that are wrapped and then unwrapped return the expected
values.

* A flag for response data that indicates to the wrapping handling that
the data contained therein is already JSON decoded (more later).

* RespondWithStatusCode now defaults to a string so that the value is
HMAC'd during audit. The function always JSON encodes the body, so
before now it was always returning []byte which would skip HMACing. We
don't know what's in the data, so this is a "better safe than sorry"
issue. If different behavior is needed, backends can always manually
populate the data instead of relying on the helper function.

* We now check unwrapped data after unwrapping to see if there were raw
flags. If so, we try to detect whether the value can be unbase64'd. The
reason is that if it can it was probably originally a []byte and
shouldn't be audit HMAC'd; if not, it was probably originally a string
and should be. In either case, we then set the value as the raw body and
hit the flag indicating that it's already been JSON decoded so not to
try again before auditing. Doing it this way ensures the right typing.

* There is now a check to see if the data coming from unwrapping is
already JSON decoded and if so the decoding is skipped before setting
the audit response.
2018-05-10 15:40:03 -04:00
Brian Kassouf 55997b6bf0
physical/cache: Add a list of prefixes to not cache (#4515)
* physical/cache: Add a list of prefixes to not cache

* Rename the pathmanager

* Move cache back to the beggining of postUnseal

* Fix comment
2018-05-10 10:29:26 -07:00
Becca Petrin 76c717b081
Restrict cert auth by CIDR (#4478) 2018-05-09 15:39:55 -07:00
Jeff Mitchell c0ed57feae
Revert "proto changes (#4503)" (#4504)
This reverts commit 14594bd76e04ff09c442738800be5fdebc45512f.
2018-05-03 15:38:53 -04:00
Vishal Nayak 7549ea0d12
proto changes (#4503) 2018-05-03 15:23:14 -04:00
Becca Petrin d51acbde68
New proto version (#4501) 2018-05-03 10:19:39 -07:00
Vishal Nayak 7b93377d00
update token store error assertions (#4485) 2018-04-29 07:47:42 -04:00
Jeff Mitchell deafefc1c7
Add ability for revoke-prefix and revoke-force to work on single leases (#4450)
Ping #4143
2018-04-26 16:26:07 -04:00
Jeff Mitchell 61f2144adf Add identity store nil checks 2018-04-24 23:10:22 -04:00
Brian Kassouf 6d447d2671 Rename up path to internal/ui/mounts/<path> (#4435) 2018-04-23 18:16:10 -04:00
Brian Kassouf c7f9d185b0
Kv preflight (#4430)
* Update kv command to use a preflight check

* Make the existing ui endpoint return the allowed mounts

* Add kv subcommand tests

* Enable `-field` in `vault kv get/put` (#4426)

* Enable `-field` in `vault kv get/put`

Fixes #4424

* Unify nil value handling

* Use preflight helper

* Update vkv plugin

* Add all the mount info when authenticated

* Add fix the error message on put

* add metadata test

* No need to sort the capabilities

* Remove the kv client header

* kv patch command (#4432)

* Fix test

* Fix tests

* Use permission denied instead of entity disabled
2018-04-23 15:00:02 -07:00
Jeff Mitchell d54191adff Use permission denied for entity disabling 2018-04-23 16:50:04 -04:00
Vishal Nayak 10419845b7
disable identity for local mounts (#4407) 2018-04-23 13:46:14 -04:00
Jeff Mitchell 78b09d77c0 Use ResetNamed for sealunwrapper logger 2018-04-23 13:42:02 -04:00
Becca Petrin dbd1f119ed Use a sub-logger for the transactional cache (#4428) 2018-04-23 12:08:12 -04:00
Jeff Mitchell 6d95b4d266
Add the ability to restrict token usage by IP. Add to token roles. (#4412)
Fixes #815
2018-04-21 10:49:16 -04:00
Jeff Mitchell 640b30ff7b
Resultant acl (#4386) 2018-04-20 14:19:04 -04:00
Jeff Mitchell e69845b458
Defer setting views read/write until the end of postUnseal (#4392)
A few notes:

* We exert positive control over singletons and they usually need to
perform some (known, validated) writes, so this excludes singletons --
they are simply limited to the end of the mount function as before.

* I'm not sure how to test this _specifically_; I've done some testing
of e.g. sealing vault and unsealing and ensuring that I can write to a
KV mount. I think this is tested by every dev server though, since for a
dev server Vault is inited, the default mounts are mounted, then it's
sealed, then it's unsealed for the user, so it already goes through this
code path. The mere fact that you can write to secret/ on a dev server
means it was successfully set read-write.
2018-04-19 13:29:43 -04:00
Martin ad57258d64 Add missing entries in path-help (#4370) 2018-04-17 13:54:04 -04:00
Vishal Nayak 0612103c2f
external identity groups across mounts (#4365) 2018-04-17 12:01:43 -04:00
Vishal Nayak 62ba3f381f
Identity policies in token lookup (#4366)
* Add identity_policies to token lookup

* add tests

* naming change

* add commenting in tests
2018-04-17 11:16:26 -04:00
Jeff Mitchell 530121c655
Add ability to disable an entity (#4353) 2018-04-13 21:49:40 -04:00
Brian Kassouf 6ca3ae4007 Port some ent mount changes (#4330) 2018-04-11 14:32:55 -04:00
Jeff Mitchell 8f1f1ea6a7 Fix some tests 2018-04-10 00:22:23 -04:00
Jeff Mitchell d089ff613b
Don't run every tune function every time tune is called. (#4325) 2018-04-09 22:17:37 -04:00
Jeff Mitchell 991a110cab
Remove prefixes from some logging statements where they still exist (#4324) 2018-04-09 21:14:23 -04:00
Jeff Mitchell 6c73d509cf Fix tests from version update 2018-04-09 16:14:44 -04:00
Jeff Mitchell 0535f46e27 Make standard secret/ mount version 1, but upgrade to v2 in dev mode. 2018-04-09 15:37:36 -04:00
Becca Petrin abb621752f Clean up error string formatting (#4304) 2018-04-09 14:35:21 -04:00
Brian Kassouf a8b8ca136e
KV: Update 'versioned' naming to 'v2' (#4293)
* Update 'versioned' naming to 'v2'

* Make sure options are set

* Fix description of auth flag

* Review feedback
2018-04-09 09:39:32 -07:00
Calvin Leung Huang fb81016252
Fix output-related tests (#4288)
* Fix command tests

* More test fixes

* Use backticks to escape quoted strings

* More test fixes

* Fix mismatched error output failures

* Fix mismatched error output failures
2018-04-05 20:43:29 -04:00
Vishal Nayak 28e3eb9e2c
Errwrap everywhere (#4252)
* package api

* package builtin/credential

* package builtin/logical

* package command

* package helper

* package http and logical

* package physical

* package shamir

* package vault

* package vault

* address feedback

* more fixes
2018-04-05 11:49:21 -04:00
Jeff Mitchell f6f3153b3d
Allow not showing expirations, and don't log when skipToken (#4263)
The latter removes a case where a token being revoked would end up
logging twice.
2018-04-04 03:07:10 -04:00
Jeff Mitchell 599f691141
Allow returning warnings and other data in 404s in the Go API (#4256)
* Allow returning list information and other data in 404s.

On read it'll output data and/or warnings on a 404 if they exist. On
list, the same behavior; the actual 'vault list' command doesn't change
behavior though in terms of output unless there are no actual keys (so
it doesn't just magically show other data).

This corrects some assumptions in response_util and wrapping.go; it also
corrects a few places in the latter where it could leak a (useless)
token in some error cases.

* Use same 404 logic in delete/put too

* Add the same secret parsing logic to the KV request functions
2018-04-03 22:35:45 -04:00
Jeff Mitchell 69a8158913
Fix race condition caught by detector in barrier view (#4261) 2018-04-03 21:39:11 -04:00
Brian Kassouf e26e821107
Don't pass the upgrade flag into the backend (#4255) 2018-04-03 11:37:34 -07:00
Calvin Leung Huang 6b840e6c1c
Fix compilation and tests failures (#4254) 2018-04-03 14:07:43 -04:00
Chris Hoffman a7ada08b3b
Core handling of TTLs (#4230)
* govet cleanup in token store

* adding general ttl handling to login requests

* consolidating TTL calculation to system view

* deprecate LeaseExtend

* deprecate LeaseExtend

* set the increment to the correct value

* move calculateTTL out of SystemView

* remove unused value

* add back clearing of lease id

* implement core ttl in some backends

* removing increment and issue time from lease options

* adding ttl tests, fixing some compile issue

* adding ttl tests

* fixing some explicit max TTL logic

* fixing up some tests

* removing unneeded test

* off by one errors...

* adding back some logic for bc

* adding period to return on renewal

* tweaking max ttl capping slightly

* use the appropriate precision for ttl calculation

* deprecate proto fields instead of delete

* addressing feedback

* moving TTL handling for backends to core

* mongo is a secret backend not auth

* adding estimated ttl for backends that also manage the expiration time

* set the estimate values before calling the renew request

* moving calculate TTL to framework, revert removal of increment and issue time from logical

* minor edits

* addressing feedback

* address more feedback
2018-04-03 12:20:20 -04:00
Jeff Mitchell 2bd107a806 Update logformat -> logging 2018-04-03 12:03:35 -04:00
Chris Hoffman 35e944e485 adds ability to override default CSP with warning (#395) 2018-04-03 09:34:14 -05:00
Chris Hoffman e293fe84c3 OSS: Adding UI handlers and configurable headers (#390)
* adding UI handlers and UI header configuration

* forcing specific static headers

* properly getting UI config value from config/environment

* fixing formatting in stub UI text

* use http.Header

* case-insensitive X-Vault header check

* fixing var name

* wrap both stubbed and real UI in header handler

* adding test for >1 keys
2018-04-03 09:34:01 -05:00
Vishal Nayak 1a6ff5cb80
port missed items from identity store to oss (#4242) 2018-04-02 22:17:33 -04:00
Jeff Mitchell 42d2ee04bd
Alias versioned kv as vkv when mounting (#4240) 2018-04-02 20:51:35 -04:00
Becca Petrin 03cf302e9a Move to "github.com/hashicorp/go-hclog" (#4227)
* logbridge with hclog and identical output

* Initial search & replace

This compiles, but there is a fair amount of TODO
and commented out code, especially around the
plugin logclient/logserver code.

* strip logbridge

* fix majority of tests

* update logxi aliases

* WIP fixing tests

* more test fixes

* Update test to hclog

* Fix format

* Rename hclog -> log

* WIP making hclog and logxi love each other

* update logger_test.go

* clean up merged comments

* Replace RawLogger interface with a Logger

* Add some logger names

* Replace Trace with Debug

* update builtin logical logging patterns

* Fix build errors

* More log updates

* update log approach in command and builtin

* More log updates

* update helper, http, and logical directories

* Update loggers

* Log updates

* Update logging

* Update logging

* Update logging

* Update logging

* update logging in physical

* prefixing and lowercase

* Update logging

* Move phyisical logging name to server command

* Fix som tests

* address jims feedback so far

* incorporate brians feedback so far

* strip comments

* move vault.go to logging package

* update Debug to Trace

* Update go-plugin deps

* Update logging based on review comments

* Updates from review

* Unvendor logxi

* Remove null_logger.go
2018-04-02 17:46:59 -07:00
Vishal Nayak 96fc0c2509
Update group alias by ID (#4237)
* update group alias by id

* update docs
2018-04-02 10:42:01 -04:00
Jeff Mitchell 26c891c223 Merge branch 'master-oss' into 0.10-beta 2018-03-28 10:14:43 -04:00
Jeff Mitchell 48cb30312a
Remove old workaround for a rollback error (#4206)
It can now cause problems in other situations
2018-03-27 16:34:06 -04:00
Jeff Mitchell 2f90e0c2e1 Merge branch 'master-oss' into 0.10-beta 2018-03-27 12:40:30 -04:00
Calvin Leung Huang 8d9295c539
Token store deleted parent (#4193)
* Handle removal of parent index on revoke-orphan and tidy operations

* Refactor handleTidy to use same for loop children deletion of invalid parent entry

* Update comments

* Add logic for revoke-orphan and tidy to turn no-parent tokens into orphans

* Add orphan check to test

* Update test comments

* Fix TestTokenStore_Revoke_Orphan test

* Address feedback, add explicit delete when parent prefix is empty

* Revert explicit delete, add comment on why it's not done

* Update comment to indicate ok on marking token as orphan

* Fix test
2018-03-27 11:12:06 -04:00
Jeff Mitchell a1d5defe01 Update tests to use the real accessors listing path 2018-03-26 14:21:36 -04:00
Jeff Mitchell 65d8eb0914 Add more docs around list paths in policies.
CC #4199
2018-03-26 11:30:58 -04:00
Calvin Leung Huang 25792df5a9
Passthrough request headers (#4172)
* Add passthrough request headers for secret/auth mounts

* Update comments

* Fix SyncCache deletion of passthrough_request_headers

* Remove debug line

* Case-insensitive header comparison

* Remove unnecessary allocation

* Short-circuit filteredPassthroughHeaders if there's nothing to filter

* Add whitelistedHeaders list

* Update router logic after merge

* Add whitelist test

* Add lowercase x-vault-kv-client to whitelist

* Add back const

* Refactor whitelist logic
2018-03-21 19:56:47 -04:00
Brian Kassouf 5c84c36915
command/kv: Add a "kv" subcommand for using the key-value store (#4168)
* Add more cli subcommands

* Add metadata commands

* Add more subcommands

* Update cli

* Move archive commands to delete

* Add helpers for making http calls to the kv backend

* rename cli header

* Format the various maps from kv

* Add list command

* Update help text

* Add a command to enable versioning on a backend

* Rename enable-versions command

* Some review feedback

* Fix listing of top level keys

* Fix issue when metadata is nil

* Add test for lising top level keys

* Fix some typos

* Add a note about deleting all versions
2018-03-21 15:02:41 -07:00
Brian Kassouf cc625e19ee
Add options to mount tune and mount endpoints in preparation for versioning (#4155)
* Add some requirements for versioned k/v

* Add a warning message when an upgrade is triggered

* Add path help values

* Make the kv header a const

* Add the uid to mount entry instead of options map

* Pass the backend aware uuid to the mounts and plugins

* Fix comment

* Add options to secret/auth enable and tune CLI commands (#4170)

* Switch mount/tune options to use TypeKVPairs (#4171)

* switching options to TypeKVPairs, adding bool parse for versioned flag

* flipping bool check

* Fix leases coming back from non-leased pluin kv store

* add a test for updating mount options

* Fix tests
2018-03-21 12:04:27 -07:00
Josh Soref 73b1fde82f Spelling (#4119) 2018-03-20 14:54:10 -04:00
Jeff Mitchell e49c230f7b
Log revocations in revokeCommon rather than expireID (#4164)
Revocations that happen not as a result of direct expirations will
therefore be logged

Fixes #4156
2018-03-20 11:46:27 -04:00
Jeff Mitchell 933f1e4b87 Sync 2018-03-20 10:42:57 -04:00
Calvin Leung Huang f86881c295
Unauthenticated endpoint to list secret and auth mounts (#4134)
* Add audit hmac values to AuthConfigInput and AuthConfigOutput, fix docs

* docs: Add ttl params to auth enable endpoint

* Rewording of go string to simply string

* Add audit hmac keys as CLI flags on auth/secrets enable

* Fix copypasta mistake

* WIP on auth-list endpoint

* Rename variable to be singular, add CLI flag, show value in auth and secrets list

* Add audit hmac keys to auth and secrets list

* Only set config values if they exist

* Fix http sys/auth tests

* More auth plugin_name test fixes

* Rename tag internal_ui_show_mount to _ui_show_mount

* Add tests

* Make endpoint unauthed

* Rename field to listing_visibility

* Add listing-visibility to cli tune commands

* Use ListingVisiblityType

* Fix type conversion

* Do not actually change token's value on testHttpGet

* Remove unused ListingVisibilityAuth, use const in pathInternalUIMountsRead
2018-03-19 23:16:33 -04:00
Jeff Mitchell 3a5e1792c0 Update path-help to make clear you shouldn't put things in the URL.
Remove from website docs as those have been long deprecated.
2018-03-19 11:50:16 -04:00
Jeff Mitchell 60adb4297f Update SealWrapStorage in passthrough to use newer style glob for matching all 2018-03-18 14:25:15 -04:00
Jeff Mitchell 6e93a6c4fb
Properly forward (or specifically don't) sys calls that result in read only errors (#4129)
Prior to this policy writes against a performance secondary would not
succeed because the read-only error was swallowed by handleError. In
addition to fixing this, it adds a similar function that explicitly
doesn't trigger forwarding. This is useful for things that are local to
the secondary such as raw operations and lease management.
2018-03-17 21:29:17 -04:00
Jin-wook Jeong 92ea5f9d66 Make credential plugin to work that is modified before vault startup and reloaded after vault startup. (#4121)
Set routeEntry.rootPaths, loginPaths after plugin reload using atomic values.
2018-03-16 10:35:19 -07:00
Calvin Leung Huang 3108860d4b
Audit HMAC values on AuthConfig (#4077)
* Add audit hmac values to AuthConfigInput and AuthConfigOutput, fix docs

* docs: Add ttl params to auth enable endpoint

* Rewording of go string to simply string

* Add audit hmac keys as CLI flags on auth/secrets enable

* Fix copypasta mistake

* Add audit hmac keys to auth and secrets list

* Only set config values if they exist

* Fix http sys/auth tests

* More auth plugin_name test fixes

* Pass API values into MountEntry's config when creating auth/secrets mount

* Update usage wording
2018-03-09 14:32:28 -05:00
Jeff Mitchell 55187255bd
Truncate token store issued token periods when greater than tuned max at (#4112)
issue time, not just renew time.
2018-03-09 10:53:04 -05:00
Jeff Mitchell a82b43081c Fix output in warning displaying nanoseconds instead of seconds 2018-03-08 16:14:20 -05:00
Brian Kassouf 9dba3590ac
Add context to the NewSalt function (#4102) 2018-03-08 11:21:11 -08:00
Brian Kassouf 34d958968d Revert stopoptions (#4088)
* Use an atomic value instead to communicate whether to give up HA lock

* Remove now-unneeded StopOptions struct

* Add a channel based mutex acquisition function to avoid a deadlock

* Make periodic leader refresh only spawn a single waiting goroutine and
extend logic to the key upgrade check
2018-03-06 21:35:58 -05:00
Jeff Mitchell 6b777dc63e
Rearrange shutdown logic to remove some lock switching (#4083)
* Rearrange shutdown logic to remove some lock switching and to allow
giving up the HA lock to be skipped.
2018-03-06 18:06:09 -05:00
Calvin Leung Huang e2fb199ce5
Non-HMAC audit values (#4033)
* Add non-hmac request keys

* Update comment

* Initial audit request keys implementation

* Add audit_non_hmac_response_keys

* Move where req.NonHMACKeys gets set

* Minor refactor

* Add params to auth tune endpoints

* Sync cache on loadCredentials

* Explicitly unset req.NonHMACKeys

* Do not error if entry is nil

* Add tests

* docs: Add params to api sections

* Refactor audit.Backend and Formatter interfaces, update audit broker methods

* Add audit_broker.go

* Fix method call params in audit backends

* Remove fields from logical.Request and logical.Response, pass keys via LogInput

* Use data.GetOk to allow unsetting existing values

* Remove debug lines

* Add test for unsetting values

* Address review feedback

* Initialize values in FormatRequest and FormatResponse using input values

* Update docs

* Use strutil.StrListContains

* Use strutil.StrListContains
2018-03-02 12:18:39 -05:00
Jeff Mitchell 5034ae2dcb Add the ability to use multiple paths for capability checking (#3663)
* Add the ability to use multiple paths for capability checking. WIP
(tests, docs).

Fixes #3336

* Added tests

* added 'paths' field

* Update docs

* return error if paths is not supplied
2018-03-01 11:14:56 -05:00
Jeff Mitchell f1bd0cbe74
Use atomic values in seal to avoid some data races (#4040) 2018-02-23 17:18:48 -05:00
Jeff Mitchell d4a431b298
Move local cluster parameters to atomic values to fix some potential data races (#4036) 2018-02-23 14:47:07 -05:00
Brian Kassouf cb08fb92d2 Port some replicated cluster changes from ent (#4037) 2018-02-23 14:01:15 -05:00
Jeff Mitchell 1a814803d7 Add core object to policy store for some ent uses 2018-02-23 14:00:46 -05:00
Calvin Leung Huang 1bb4d165e7
Add TTL related config options on auth enable (#4019) 2018-02-22 10:26:29 -05:00
Jeff Mitchell 4669f37c78 Add four cluster flag 2018-02-22 00:23:37 -05:00
Gobin Sougrakpam 33e22c41ca Log warnings when too many leases are active (#3957) 2018-02-14 09:22:46 -05:00
Kevin Paulisse 2282fcef8a Decompress data before sending via sys/raw (#3954) 2018-02-09 18:43:48 -05:00
Jeff Mitchell 96ea0620fd
Add sealunwrapper to ease OSS downgrades (#3936) 2018-02-09 16:37:40 -05:00
Jeff Mitchell 847e499261 Simplify readonly view logic 2018-02-09 15:39:27 -05:00
Vishal Nayak bf66dc2841 Make mount view read only until after mount persist (#3910) 2018-02-09 14:04:25 -05:00
Vishal Nayak 81c66efd6d
AppRole/Identity: Fix for race when creating an entity during login (#3932)
* possible fix for race in approle login while creating entity

* Add a test that hits the login request concurrently

* address review comments
2018-02-09 10:40:56 -05:00
seanjfellows 4739342fdb Create audit failure metrics unconditionally (#3937) 2018-02-07 15:57:00 -05:00
Jeff Mitchell 1a8a843588
Change grpc's max sent/recv size to a very large value. (#3912) 2018-02-06 13:52:35 -05:00
Jeff Mitchell 642b88c76a go vet fixes 2018-02-05 14:26:31 -05:00
Jeff Mitchell 05723e1229 Revert cluster.go change 2018-02-04 20:42:45 -05:00
Jeff Mitchell f33563f667 Some vet fixes 2018-02-04 20:37:57 -05:00
Jeff Mitchell fc6564e4ee
Don't run rollback and upgrade functionality if we are a replication secondary (#3900)
* Don't run rollback and upgrade functionality if we are a replication
secondary, but do if the mount is local.
2018-02-02 20:28:25 -05:00
Jeff Mitchell 676b302dbf
Add a sysview call to determine if a mount is local. (#3899)
This is useful for deciding when to run upgrade logic, e.g. if on a
performance secondary but local it's fine to run.
2018-02-02 18:17:12 -05:00
Calvin Leung Huang 848ce6427b
Handle period's zero value in token store's token creation (#3880)
* Handle period's zero value on handleCreateCommon

* Add test for period zero value
2018-02-01 12:01:46 -05:00
Jeff Mitchell 60e2209532
Remove core restriction in cache and turn it into an active/standby restriction instead (#3849) 2018-01-25 22:21:51 -05:00
Vishal Nayak 150ad8405b
Remove logical.Initialize() method (#3848)
* Remove logical.Initialize() method

* More cleanup

* Fix test
2018-01-25 20:19:27 -05:00
Jeff Mitchell ad9da2e0b8
Fix intermittent panic by storing a reference to the grpc server (#3842)
* Fix intermittent panic by storing a reference to the grpc server and
using that to ensure it will never be nil.

* Just get rid of c.rpcServer
2018-01-24 20:23:08 -05:00
Jeff Mitchell cf87cc54fc Fix build 2018-01-22 21:45:22 -05:00
Jeff Mitchell 8e8675053b Sync some bits over 2018-01-22 21:44:49 -05:00
Jeff Mitchell 7d6fed2e86
Use a separate var for active node replication state (#3819) 2018-01-19 19:24:04 -05:00
Jeff Mitchell 43617619ad Embed derived contexts into replication clients 2018-01-19 07:22:31 -05:00
Jeff Mitchell 123e22cd7e Fix compile 2018-01-19 05:31:55 -05:00
Jeff Mitchell b4be030d07
Add context to barrier encryptor interface 2018-01-19 05:28:47 -05:00
Jeff Mitchell 31a7eb1168
Add context to barrier encryptor access 2018-01-19 05:24:40 -05:00
Jeff Mitchell 69aead14f0 A bit more context plumbing 2018-01-19 04:11:59 -05:00
Jeff Mitchell 33b68ebf3d Remove context from a few extraneous places 2018-01-19 03:44:06 -05:00
Jeff Mitchell 6be5b8e8a1 Don't use context in barrier type/recovery type 2018-01-19 03:17:36 -05:00
Jeff Mitchell 0f7e3bb79b Add context to performPolicyChecks 2018-01-19 02:43:39 -05:00
Jeff Mitchell c97e73ce70
Don't check recovery seal in Initialized()
It doesn't actually matter and can give false positives.
2018-01-19 01:55:33 -05:00
Brian Kassouf 2f19de0305 Add context to storage backends and wire it through a lot of places (#3817) 2018-01-19 01:44:44 -05:00
Jeff Mitchell 842a3a4a05 Remove RegisterLicense from logical.Backend
It's almost certainly the wrong signature and nothing uses it currently
anyways.
2018-01-18 13:44:29 -05:00
Calvin Leung Huang f59069c22f
Don't call LeaseExtend on login renewal paths when period is provided (#3803)
* Don't call LeaseExtend on login renewal paths when period is provided

* WIP tests

* NoopBackend accept backend ttl values

* Test period value on credentials backend

* Use t.Fatalf instead

* Remove mockCoreExpiration

* Add login renewal test for approle backend

* Add resp.Auth.Period check on aws and cert backend tests

* Pass in approle's period via role's period

* Correctly set period in valid-role's role

* Add period renewal test using TestCluster and approle backend

* Check for ttl values after renewals on test
2018-01-18 12:19:18 -05:00
Jeff Mitchell cf895fc19a Actually print out forwarded stacktrace 2018-01-18 11:40:59 -05:00
Calvin Leung Huang bffaf9b0c3 Remove vlogger, add log.Logger to PolicyStore struct (#3813) 2018-01-18 01:01:51 -05:00
Jeff Mitchell 5371b0489f Rename var from last commit 2018-01-17 23:08:35 -05:00
Jeff Mitchell 307a177540 Make heartbeatInterval a package var to allow tests to modify it 2018-01-17 23:05:11 -05:00
Jeff Mitchell a71c74aa3f
Add replication state to EchoReply (#3810) 2018-01-17 22:17:47 -05:00
Tom Wilkie e06cb595fc Make the plugin catalog endpoint roundtrip so we can use terraform to manage them. (#3778) 2018-01-17 19:19:28 -05:00
Jeff Mitchell 88313f0398 Update replication state logic.
Fixes #3727
2018-01-16 13:51:55 -05:00
Vishal Nayak 8ef51c0065
Delete group alias upon group deletion (#3773) 2018-01-11 10:58:05 -05:00
Jeff Mitchell d8009bced1 Merge branch 'master-oss' into sethvargo/cli-magic 2018-01-10 11:15:49 -05:00
Brian Kassouf 64da50c27c
Update plugin deps to include context changes (#3765)
* Update plugin deps to include context changes

* Fix tests
2018-01-08 12:26:13 -08:00
Brian Kassouf 1c190d4bda
Pass context to backends (#3750)
* Start work on passing context to backends

* More work on passing context

* Unindent logical system

* Unindent token store

* Unindent passthrough

* Unindent cubbyhole

* Fix tests

* use requestContext in rollback and expiration managers
2018-01-08 10:31:38 -08:00
Jeff Mitchell 6681329041 Update redirect address error to be more clear 2018-01-04 10:45:40 -05:00
Jeff Mitchell 1fe494e8e1
Port IsDRSecondary over and enable returning it via sys_health (#3749) 2018-01-03 15:07:13 -05:00
Jeff Mitchell d1803098ae Merge branch 'master-oss' into sethvargo/cli-magic 2018-01-03 14:02:31 -05:00
Jeff Mitchell 92aaebd20e Bust recovery cache after unsealed is set true to force migration 2017-12-19 16:22:09 -05:00
Jeff Mitchell 9630f93845
Fix audited request header lookup (#3707)
The headers are stored lowercased but the lookup function wasn't
properly lowercasing when indexing in the header map.

Fixes #3701
2017-12-18 10:05:51 -05:00
Chris Hoffman 164849f056
Add support for encrypted TLS key files (#3685) 2017-12-15 17:33:55 -05:00
Calvin Leung Huang 57bc19c169 Defer reader.Close that is used to determine sha256 2017-12-15 14:04:09 -05:00
Calvin Leung Huang 7c0b4f1333 Avoid unseal failure if plugin backends fail to setup during postUnseal (#3686) 2017-12-15 13:31:57 -05:00
Calvin Leung Huang 79cb82e133
Add logic for using Auth.Period when handling auth login/renew requests (#3677)
* Add logic for using Auth.Period when handling auth login/renew requests

* Set auth.TTL if not set in handleLoginRequest

* Always set auth.TTL = te.TTL on handleLoginRequest, check TTL and period against sys values on RenewToken

* Get sysView from le.Path, revert tests

* Add back auth.Policies

* Fix TokenStore tests, add resp warning when capping values

* Use switch for ttl/period check on RenewToken

* Move comments around
2017-12-15 13:30:05 -05:00
Brian Kassouf afe53eb862
Database gRPC plugins (#3666)
* Start work on context aware backends

* Start work on moving the database plugins to gRPC in order to pass context

* Add context to builtin database plugins

* use byte slice instead of string

* Context all the things

* Move proto messages to the dbplugin package

* Add a grpc mechanism for running backend plugins

* Serve the GRPC plugin

* Add backwards compatibility to the database plugins

* Remove backend plugin changes

* Remove backend plugin changes

* Cleanup the transport implementations

* If grpc connection is in an unexpected state restart the plugin

* Fix tests

* Fix tests

* Remove context from the request object, replace it with context.TODO

* Add a test to verify netRPC plugins still work

* Remove unused mapstructure call

* Code review fixes

* Code review fixes

* Code review fixes
2017-12-14 14:03:11 -08:00
Brian Kassouf de9b7d779d
Fix leaking connections on cluster port (#3680) 2017-12-12 17:18:04 -08:00
Chris Hoffman 822ce95dc4
adding ability to override temp dir in dev cluster (#3673) 2017-12-11 18:02:35 -05:00
lemondrank 255212af23 Non-recursive DFS token tree revoke (#2478) 2017-12-11 16:51:37 -05:00
Vishal Nayak 0928a65c38
remove unused function (#3657) 2017-12-06 18:55:43 -05:00
Chris Hoffman f966d20225
Adding ability to cache core values, cache transaction improvements (#3640) 2017-12-06 12:25:17 -05:00
Jeff Mitchell 8f159b12b1
allowed/disallowed_policies as TypeCommaStringSlice (#3641)
Our docs apparently claim that this is a list, but the code is
string-only. This fixes that discrepancy.
2017-12-04 12:47:05 -05:00
Jeff Mitchell 20320cd71e
Move location of quit channel closing in exp manager (#3638)
* Move location of quit channel closing in exp manager

If it happens after stopping timers any timers firing before all timers
are stopped will still run the revocation function. With plugin
auto-crash-recovery this could end up instantiating a plugin that could
then try to unwrap a token from a nil token store.

This also plumbs in core so that we can grab a read lock during the
operation and check standby/sealed status before running it (after
grabbing the lock).

* Use context instead of checking core values directly

* Use official Go context in a few key places
2017-12-01 17:08:38 -05:00
Jeff Mitchell 548629e8ef Port over some changes 2017-11-30 09:43:07 -05:00
Jeff Mitchell eef6afec3e
Fix mount path for credential values in aliases (#3580) 2017-11-14 01:31:10 -05:00
Calvin Leung Huang 2f9ff5c062 Acquire state lock at the start of UnsealWithRecoveryKeys (#3579)
* Acquire state lock from the start of UnsealWithRecoveryKeys, add metrics

* Change metrics variable
2017-11-13 22:05:22 -05:00
Vishal Nayak 5d976794d4
API refactoring and doc updates (#3577)
* Doc updates and API refactoring

* fix tests

* change metadata fieldtype to TypeKVPairs

* Give example for TypeKVPairs in CLI for metadata

* Update API docs examples to reflect the native expected value for TypeKVPairs

* Don't mention comma separation in the docs for TypeCommaStringSlice

* s/groups/group; s/entities/entity; s/entity-aliases/entity-alias; s/group-aliases/group-alias

* Address review feedback

* Fix formatting

* fix sidebar links
2017-11-13 20:59:42 -05:00
Chris Hoffman 9e79e9b397
generate token functions to share common names (#3576) 2017-11-13 15:44:26 -05:00
Jeff Mitchell 2b78bc2a9b
Port over bits (#3575) 2017-11-13 15:31:32 -05:00
Jeff Mitchell d55f94f4a3
Plumb more seal wrap stuff through and move to outside layer of mount options (#3572) 2017-11-13 11:22:22 -05:00
Jeff Mitchell 0798ccdd7c Populate config error in three node test function 2017-11-10 17:44:25 -05:00
Jeff Mitchell e66c4b11d5 Add core numbers to output in dev three node 2017-11-10 16:21:46 -05:00
Brian Kassouf ab3b625a3b
Add API methods for creating a DR Operation Token and make generate root accept strategy types (#3565)
* Add API and Command code for generating a DR Operation Token

* Update generate root to accept different token strategies
2017-11-10 10:19:42 -08:00
Jeff Mitchell c3b382d010 If kv entry is sealwrapped and is response-wrapped ensure it carries through 2017-11-10 12:56:31 -05:00
Brian Shumate a7af6c4cb7 Debug level logging of socket audit backend config at startup (#3560) 2017-11-10 12:08:36 -05:00
Jeff Mitchell 18f76d0909 Change test cluster to request client cert rather than verify if given 2017-11-09 15:55:23 -05:00
Jeff Mitchell fdaed84e82
Add ability to send seal wrap response info into cubbyhole request. (#3562)
Ref 84f80db4bf499ce7345615cc2def77e7d48bc690
2017-11-09 12:47:42 -05:00
Jeff Mitchell 922ac56222
Seal wrap requesting in logical.Request wrapinfo (#3559) 2017-11-09 10:32:49 -05:00
Vishal Nayak 660c9ab382
Merge identity alias lookups into either entity or group lookup endpoints (#3538)
* merge identity alias lookups into either entity or group lookups

* Address review feedback

* address review feedback
2017-11-09 01:29:19 -05:00
Chris Hoffman a7f510c9b4 converting identity metadata to use TypeKVPairs (#3549) 2017-11-08 14:51:40 -05:00
Jeff Mitchell dd551eb12f Put back original test cluster client redirect behavior 2017-11-08 10:15:56 -05:00
Jeff Mitchell 0c9e692414
Minor mount logic updates (#3553) 2017-11-07 20:30:02 -05:00
Jeff Mitchell febda30382
Fix potential panic reading local mount tables (#3552) 2017-11-07 18:04:37 -05:00
Jeff Mitchell 98dc8e9bea Fix regression involving cluster listener 2017-11-07 17:27:13 -05:00
Jeff Mitchell a2db5671c5 Add logbridge for testing 2017-11-07 15:50:09 -05:00
Calvin Leung Huang d9eaacf5de
Barrier unseal using recovery keys (#3541)
* Barrier unseal using recovery keys

* Remove tests
2017-11-07 15:15:39 -05:00
Jonathan Freedman 4109473134 More Mount Conflict Detection (#2919) 2017-11-06 15:29:09 -05:00
Lars Lehtonen 8ccdaa1860 Fix swallowed errors in TestRollbackManager_Join() (#3327) 2017-11-06 14:34:27 -05:00
Jeff Mitchell 119607dcb7
Seal wrap all root tokens and their leases (#3540) 2017-11-06 13:10:36 -05:00
Vishal Nayak 2af5b9274f
Return group memberships of entity during read (#3526)
* return group memberships of entity during read

* Add implied group memberships to read response of entity

* distinguish between all, direct and inherited group IDs of an entity

* address review feedback

* address review feedback

* s/implied/inherited in tests
2017-11-06 13:01:48 -05:00
Chris Hoffman 1e03e1bad3
Fix group/policy iterators with multiple groups (#3527)
* fixing some group iterators

* fix slice rewrite
2017-11-03 11:26:22 -04:00
Vishal Nayak e4e4a7ba67
Capabilities responds considering policies on entities and groups (#3522)
* Capabilities endpoint will now return considering policies on entities and groups

* refactor the policy derivation into a separate function

* Docs: Update docs to reflect the change in capabilities endpoint
2017-11-03 11:20:10 -04:00
Chris Hoffman 16059b4e94
Fix policy lookup when entity is part of multiple groups (#3524) 2017-11-03 07:19:29 -04:00
Vishal Nayak 707e270f54
Added lookup endpoint for entity (#3519)
* Added lookup endpoint for entity

* Address review comments
2017-11-02 16:38:15 -04:00
Vishal Nayak 7bae606662
External identity groups (#3447)
* external identity groups

* add local LDAP groups as well to group aliases

* add group aliases for okta credential backend

* Fix panic in tests

* fix build failure

* remove duplicated struct tag

* add test steps to test out removal of group member during renewals

* Add comment for having a prefix check in router

* fix tests

* s/parent_id/canonical_id

* s/parent/canonical in comments and errors
2017-11-02 16:05:48 -04:00
Jeff Mitchell d229d7d5b0
Redo API locking (#3508)
* Redo the API client quite a bit to make the behavior of NewClient more
predictable and add locking to make it safer to use with Clone() and if
multiple goroutines for some reason decide to change things.

Along the way I discovered that currently, the x/net/http2 package is
broke with the built-in h2 support in released Go. For those using
DefaultConfig (the vast majority of cases) this will be a non-event.
Others can manually call http2.ConfigureTransport as needed. We should
keep an eye on commits on that repo and consider more updates before
release. Alternately we could go back revisions but miss out on bug
fixes; my theory is that this is not a purposeful break and I'll be
following up on this in the Go issue tracker.

In a few tests that don't use NewTestCluster, either for legacy or other
reasons, ensure that http2.ConfigureTransport is called.

* Use tls config cloning

* Don't http2.ConfigureServer anymore as current Go seems to work properly without requiring the http2 package

* Address feedback
2017-11-02 09:30:04 -05:00
Jeff Mitchell 1ba4e828b4
Ensure revocation happens before seal/step-down since token store isn't (#3500)
available after when using single-use tokens.

Fixes #3497
2017-11-02 08:47:02 -05:00
Jeff Mitchell 3be99466d6
Change some instances of adding headers to setting headers, since really (#3501)
we want to replace anything that might be there (e.g. for request
forwarding and content-type).

Hopefully fixes #3485
2017-11-02 07:31:50 -05:00
Chris Hoffman 3d8d887676
Add ability to require parameters in ACLs (#3510) 2017-11-02 07:18:49 -04:00
Jeff Mitchell e670447947 Use an atomic store in expiration loading test to fix race detector 2017-11-01 15:52:59 -04:00
Vishal Nayak 859cdd35fd
fix deadlock while loading groups (#3515) 2017-11-01 14:14:21 -04:00
Jeff Mitchell d548181d50
Fix memory leak when a connection would hit the cluster port and go away (#3513) 2017-10-31 20:58:45 -05:00
Jeff Mitchell bb924a404f Update seal type names 2017-10-27 17:28:50 -04:00
Jeff Mitchell 03cd40345f Properly format autogenerated clusteraddr 2017-10-25 14:43:05 -04:00
Jeff Mitchell d9bef0abca Update storedBarrierKeysPath name 2017-10-25 11:59:02 -04:00
Jeff Mitchell cf1cf8eee4 If no clusterAddr is given but we have a single synthesized cluster addresses, automatically use it. (#3486) 2017-10-24 16:58:53 -04:00
Seth Vargo c5665920f6
Standardize on "auth method"
This removes all references I could find to:

- credential provider
- authentication backend
- authentication provider
- auth provider
- auth backend

in favor of the unified:

- auth method
2017-10-24 09:32:15 -04:00
Jeff Mitchell a80791ce7e Update proto 2017-10-23 17:45:05 -04:00
Jeff Mitchell d38a699c32 Make compile 2017-10-23 17:15:56 -04:00
Jeff Mitchell 8e9317792d Fix some merge/update bugs 2017-10-23 16:49:46 -04:00
Jeff Mitchell c144f95be0 Sync over 2017-10-23 16:43:07 -04:00
Jeff Mitchell aaa1094240 Remove extra curly brace 2017-10-23 16:06:27 -04:00
Jeff Mitchell b7ffe7ec99 Sync over 2017-10-23 16:03:36 -04:00
Jeff Mitchell 3c6fe40a91 Sync 2017-10-23 15:35:28 -04:00
Jeff Mitchell d7c5a3acfc Remove some diffing cruft 2017-10-23 15:13:04 -04:00
Jeff Mitchell 40643aa14c Remove some old policy upgrade code 2017-10-23 15:11:29 -04:00