Commit graph

2049 commits

Author SHA1 Message Date
Jeff Mitchell c28ed23972
Allow most parts of Vault's logging to have its level changed on-the-fly (#5280)
* Allow most parts of Vault's logging to have its level changed on-the-fly

* Use a const for not set
2018-09-05 15:52:54 -04:00
Jeff Mitchell c9e2cd93e8
Move logic around a bit to avoid holding locks when not necessary (#5277)
Also, ensure we are error checking the rand call
2018-09-05 11:49:32 -04:00
Chris Hoffman e2ed8d3d61
Fixing capabilities check for templated policies (#5250)
* fixing capabilities check for templated policies

* remove unnecessary change

* formatting
2018-09-04 14:18:59 -04:00
Brian Shumate 45f1ca162f Log 'marked as sealed' at INFO instead (#5260) 2018-09-04 10:53:40 -07:00
Becca Petrin 7a8c116fb1
undo make fmt (#5265) 2018-09-04 09:29:18 -07:00
Becca Petrin ed7639b0ec
run make fmt (#5261) 2018-09-04 09:12:59 -07:00
Jeff Mitchell a67869de22 Fix typo 2018-09-01 12:15:02 -04:00
Calvin Leung Huang 9988ace85e gofmt files (#5233) 2018-08-31 09:15:40 -07:00
Chris Hoffman 716fb03ab7
perform policy templating on each path (#5229) 2018-08-30 18:45:11 -04:00
Jeff Mitchell d57dfc1875 Move things back 2018-08-29 19:13:10 -04:00
Jeff Mitchell c6f7312f6c Move physical types around 2018-08-29 19:05:33 -04:00
Brian Kassouf 346d87f1f8 Pass the ctx value to make the race detector happy (#5201) 2018-08-27 18:21:54 -07:00
Jeff Mitchell 4761209331 Fix build 2018-08-27 19:59:59 -04:00
Jeff Mitchell b44b25d816
Allow fallback to non /-suffixed path for list acling (#5197)
This works around a very, very common error where people write policies
to affect listing but forget the slash at the end. If there is no exact
rule with a slash at the end when doing a list, we look to see if there
is a rule without it, and if so, use those capabilities.

Fixes #mass-user-confusion
2018-08-27 16:44:07 -07:00
Brian Kassouf c0ba9e8ff7
Fix potential deadlock (#5189) 2018-08-27 10:01:33 -07:00
Brian Kassouf c603a8b811
Add performance standby status to status output (#5192)
* Add performance standby status to status output

* Update ha.go
2018-08-27 10:01:07 -07:00
Jeff Mitchell 7a723b510e
Properly persist alias metadata (#5188)
In addition, don't lie about what's actually being stored
2018-08-26 10:26:34 -07:00
Brian Kassouf b7e33f1d2e
Port some HA changes (#5186) 2018-08-25 14:41:55 -07:00
Jeff Mitchell c4ebf3deda Fix expiration test 2018-08-24 12:47:56 -04:00
Jeff Mitchell f5024770dc Allow comment key in policies 2018-08-24 09:42:47 -04:00
Jeff Mitchell 362a92945e Don't resetnamed 2018-08-23 15:04:18 -04:00
Jeff Mitchell ba0d029247
Restricts ACL templating to paths but allows failures (#5167)
When a templating failure happens, we now simply ignore that path,
rather than fail all access to all policies
2018-08-23 12:15:02 -04:00
Jeff Mitchell 50197d5bfd
Only write valid group alias memberships into leases (#5164) 2018-08-22 21:53:04 -04:00
Jeff Mitchell 4bf0b12bfa Migrate external tests in vault folder 2018-08-22 20:50:52 -04:00
Brian Kassouf 2a89c60c7b Update ha.go 2018-08-22 20:45:31 -04:00
Vishal Nayak ee07e6ae59
Checks for assigning root policy (#5152)
* Fail if other policies present along with root

* disallow entity/group to contain root policy
2018-08-21 16:12:23 -04:00
Jeff Mitchell 3b01b29056
Pass in an ErrorLog to http.Server (#5135)
Fixes #5108
2018-08-21 11:23:18 -04:00
Jeff Mitchell 21cd0dd71a Use strings.Contains for error possibly coming from storage
They may not well errwrap

Fixes #5046
2018-08-17 16:06:47 -04:00
Jeff Mitchell 71d92ef093 ACL Templating (#4994)
* Initial work on templating

* Add check for unbalanced closing in front

* Add missing templated assignment

* Add first cut of end-to-end test on templating.

* Make template errors be 403s and finish up testing

* Review feedback
2018-08-15 11:42:56 -07:00
Vishal Nayak 303b2f97ff
don't ignore errors (#5087) 2018-08-10 22:32:10 -04:00
Vishal Nayak 68d27c7c38
Adjust ACL error checking (#5086)
* Adjust acl error checking

* address review feedback

* unlock before checks
2018-08-10 21:05:10 -04:00
Jeff Mitchell 4798af88f9
Fix some cases where unauthorized calls could return 400 (#5083) 2018-08-10 08:59:58 -05:00
Jeff Mitchell 14dccd7744 Remove unused variable 2018-08-09 16:47:58 -04:00
Jeff Mitchell 2ed2e696a7
Merge Identity Entities if two claim the same alias (#5075)
* Merge Identity Entities if two claim the same alias

Past bugs/race conditions meant two entities could be created each
claiming the same alias. There are planned longer term fixes for this
(outside of the race condition being fixed in 0.10.4) that involve
changing the data model, but this is an immediate workaround that has
the same net effect: if two entities claim the same alias, assume they
were created due to this race condition and merge them.

In this situation, also automatically merge policies so we don't lose
e.g. RGPs.
2018-08-09 15:37:36 -05:00
Martin aa8662c6c0 Add mount_path and mount_type to group lookups (#5074) 2018-08-09 13:07:24 -05:00
Jeff Mitchell 7d90e6eae9 Fix typo 2018-08-08 14:38:11 -04:00
Brian Kassouf 3330a3954a
Rollback: Only grab statelock if we are running async (#5064) 2018-08-07 17:48:43 -07:00
Jim Kalafut 4bdbc820ed
Add PluginEnv to SystemView (#5028) 2018-08-03 09:32:17 -07:00
Chris Hoffman d8b1d19ed6
Plumbing request context through to expiration manager (#5021)
* plumbing request context to expiration manager

* moar context

* address feedback

* only using active context for revoke prefix

* using active context for revoke commands

* cancel tidy on active context

* address feedback
2018-08-01 21:39:39 -04:00
Brian Kassouf bb076f161d
core: Cancel context before taking state lock (#5020)
* core: Cancel context before taking state lock

* Create active context outside of postUnseal

* Attempt to drain requests before canceling context

* fix test
2018-08-01 12:07:37 -07:00
Chris Hoffman b229df9cd2
fixing rollback test 2018-07-31 22:45:38 -04:00
Brian Kassouf 1781ade3a1
core: Read lock when doing a rollback (#5016) 2018-07-30 19:55:43 -06:00
Chris Hoffman 51f8cd9668
do not grab statelock when requested not to (#5015) 2018-07-30 14:54:54 -04:00
Jeff Mitchell 0e659ca6be Simplify sealInternal 2018-07-24 23:26:28 -04:00
Chris Hoffman 1578c5b982 Add locking when adding aliases to existing entities (#4965) 2018-07-24 22:01:58 -04:00
Jeff Mitchell 4261618d10 Add request timeouts in normal request path and to expirations (#4971)
* Add request timeouts in normal request path and to expirations

* Add ability to adjust default max request duration

* Some test fixes

* Ensure tests have defaults set for max request duration

* Add context cancel checking to inmem/file

* Fix tests

* Fix tests

* Set default max request duration to basically infinity for this release for BC

* Address feedback
2018-07-24 14:50:49 -07:00
Jeff Mitchell 9687ccc8fa Tackle #4929 a different way (#4932)
* Tackle #4929 a different way

This turns c.sealed into an atomic, which allows us to call sealInternal
without a lock. By doing so we can better control lock grabbing when a
condition causing the standby loop to get out of active happens. This
encapsulates that logic into two distinct pieces (although they could
be combined into one), and makes lock guarding more understandable.

* Re-add context canceling to the non-HA version of sealInternal

* Return explicitly after stopCh triggered
2018-07-24 13:57:25 -07:00
Jeff Mitchell d144f2935e Two-pronged fix for renew policy checking (#4960)
1) In backends, ensure they are now using TokenPolicies
2) Don't reassign auth.Policies until after expmgr registration as we
don't need them at that point

Fixes #4829
2018-07-24 12:03:11 -07:00
Jeff Mitchell caa5661031
Pass identity metadata through to plugins (#4967)
It's not obvious why this should be secret, and if it were considered
secret, when and what anything would ever be allowed to access it.
Likely the right way to tie secret values to particular
entities/aliases/groups would be to use the upcoming templated ACL
feature.
2018-07-23 12:45:06 -04:00
Jeff Mitchell 1d99b7fd05
Properly watch quit context in expireID instead of locking first (#4970) 2018-07-20 17:00:09 -04:00
Jeff Mitchell 8b0561aad8
Two small items: (#4934)
1) Disable MaxRetries in test cluster clients. We generally want to fail
as fast as possible in tests so adding unpredictable timing in doesn't
help things, especially if we're timing sensitive in the test.

2) EquivalentPolicies is supposed to return true if only one set
contains `default` and the other is empty, but if one set was nil
instead of simply a zero length slice it would always return false. This
means that renewing against, say, `userpass` when not actually
specifying any user policies would always fail.
2018-07-17 01:23:26 -04:00
Jeff Mitchell 75547fcac3 Remove defer of atomic add to see if that fixes data race 2018-07-16 11:34:47 -04:00
Brian Kassouf 57d9c335d8
Don't shutdown if we lose leadership during lease restoration (#4924)
* Don't shutdown if we lose leadership during lease restoration

* Update comment
2018-07-13 11:30:08 -07:00
Seth Vargo cdfa124b04 Don't use activeContext for standby/leader cancelation (#4919)
Move cancelation to after cleanup

Fixes GH-4915
2018-07-13 11:04:23 -04:00
Jeff Mitchell 5c2237de79 Bind locally to opcount to try to make race detector happy 2018-07-13 10:33:42 -04:00
Jeff Mitchell 954f6c4ece
Add config flag to disable non-printable character check (#4917) 2018-07-12 16:29:36 -04:00
Calvin Leung Huang f801f4b808
Add description flag to secrets and auth tune subcommands (#4894)
* Add description flag to secrets and auth tune subcommands

* Allow empty description to be provided in secret and auth mount tune

* Use flagNameDescription
2018-07-12 11:15:50 -04:00
Jeff Mitchell cd51a769ca Fix tests 2018-07-12 10:18:50 -04:00
Jeff Mitchell 98bf463a65 Make single-lease revocation behave like expiration (#4883)
This change makes it so that if a lease is revoked through user action,
we set the expiration time to now and update pending, just as we do with
tokens. This allows the normal retry logic to apply in these cases as
well, instead of just erroring out immediately. The idea being that once
you tell Vault to revoke something it should keep doing its darndest to
actually make that happen.
2018-07-11 15:45:35 -04:00
Jeff Mitchell 8a9957fa4c
Add control group request endpoint to default policy (#4904) 2018-07-11 12:46:30 -04:00
Jeff Mitchell 28890ee198 Make proto
It appears the only thing that actually change is that the tag got
`proto3` values added.
2018-07-10 20:49:48 -04:00
Jeff Mitchell 3885365757 Fix race in exp tidy test 2018-07-06 17:01:02 -04:00
Jeff Mitchell 4a3fe87a39
Allow max request size to be user-specified (#4824)
* Allow max request size to be user-specified

This turned out to be way more impactful than I'd expected because I
felt like the right granularity was per-listener, since an org may want
to treat external clients differently from internal clients. It's pretty
straightforward though.

This also introduces actually using request contexts for values, which
so far we have not done (using our own logical.Request struct instead),
but this allows non-logical methods to still get this benefit.

* Switch to ioutil.ReadAll()
2018-07-06 15:44:56 -04:00
Jeff Mitchell 8f45bc69ba Fix tuning visibility in CLI (#4827)
The API elides the value if it's empty, but empty has meaning. This adds
"hidden" as an option which is fundamentally identical to the default.
2018-07-02 12:13:25 -04:00
Brian Kassouf 3a5d5cb872
Use run groups to manage HA go routines (#4671)
* Use rungroups to spinoff standby go routines

* Update comments
2018-06-29 16:23:52 -07:00
Brian Kassouf 4ede13c91f
HA: Bump the max send/recv size for the gRPC server (#4844) 2018-06-29 09:52:23 -07:00
Vishal Nayak ec42bc1514
avoid panic (#4841) 2018-06-27 10:16:12 -04:00
vishalnayak 235b29f1d3 Add back upsertEntityNonLocked 2018-06-24 07:54:00 -04:00
Vishal Nayak 57c7ecfcd4
Identity: Remove unused MemDB indexes and unused functions (#4817)
* refactor delete utility

* refactor delete alias utility

* remove MemDBUpsertAlias

* Remove MemDBAliasByCanonicalID

* remove MemDBAliasesByMetadata

* remove MemDBDeleteAliasByID

* Remove MemDBUpsertEntity and MemDBEntityByNameInTxn

* Remove is.MemDBEntitiesByBucketEntryKeyHash

* Remove MemDBEntitiesByBucketEntryKeyHash and MemDBEntityByMergedEntityID

* Remove MemDBEntities

* Remove validateMemberGroupID

* Remove validateEntityID, validateGroupID, deleteAliasFromEntity

* Remove updateAliasInEntity

* Remove satisfiesMetadataFilters and UpsertGroup

* Remove MemDBUpsertGroup

* Remove deleteGroupByID

* Remove deleleGroupByName

* Remove MemDBDeleteGroupByNameInTxn

* Remove MemDBGroupsByPolicy and MemDBGroupsByPolicyInTxn

* Remove MemDBGroupIterator

* Remove MemDBGroupsByBucketEntryKeyHash

* Remove deleteGroupAlias

* Remove metadata index from entities table

* Remove unneeded indexes from entity alias and group alias schema

* Remove unneeded index from groups table schema

* Fix test

* s/entity/lockEntity

* Don't expose the memdb instance outside identity store

* More txn.Abort() corrections

* switch back to deferring abort calls
2018-06-24 07:45:53 -04:00
Jeff Mitchell c6180c57c8
Check for nil value in BarrierView.Put (#4804)
Fixes #4802
2018-06-20 09:32:06 -04:00
Vishal Nayak b10c2a87fa Refactor and rewrite the test (#4796) 2018-06-19 16:59:03 -04:00
Vishal Nayak 0d8f424ab4
disallow token use if entity is invalid (#4791) 2018-06-19 12:57:19 -04:00
Jeff Mitchell e52b554c0b
Add an idle timeout for the server (#4760)
* Add an idle timeout for the server

Because tidy operations can be long-running, this also changes all tidy
operations to behave the same operationally (kick off the process, get a
warning back, log errors to server log) and makes them all run in a
goroutine.

This could mean a sort of hard stop if Vault gets sealed because the
function won't have the read lock. This should generally be okay
(running tidy again should pick back up where it left off), but future
work could use cleanup funcs to trigger the functions to stop.

* Fix up tidy test

* Add deadline to cluster connections and an idle timeout to the cluster server, plus add readheader/read timeout to api server
2018-06-16 18:21:33 -04:00
Wim 3e1930e7c3 Use %q in error output for better visibility (#4771) 2018-06-14 18:19:22 -04:00
Jeff Mitchell 75eb0f862e
Revert some of commit 050ab805a7565c5b0cadb0176023031ee5f0d17b. (#4768)
If we have a panic defer functions are run but unlocks aren't. Since we
can't really trust plugins and storage, this backs out the changes for
those parts of the request path.
2018-06-14 13:44:13 -04:00
Jeff Mitchell 5d44c54947
Changes the way policies are reported in audit logs (#4747)
* This changes the way policies are reported in audit logs.

Previously, only policies tied to tokens would be reported. This could
make it difficult to perform after-the-fact analysis based on both the
initial response entry and further requests. Now, the full set of
applicable policies from both the token and any derived policies from
Identity are reported.

To keep things consistent, token authentications now also return the
full set of policies in api.Secret.Auth responses, so this both makes it
easier for users to understand their actual full set, and it matches
what the audit logs now report.
2018-06-14 09:49:33 -04:00
Jeff Mitchell 0c2d2226c4
Remove a lot of deferred functions in the request path. (#4733)
* Remove a lot of deferred functions in the request path.

There is an interesting benchmark at https://www.reddit.com/r/golang/comments/3h21nk/simple_micro_benchmark_to_measure_the_overhead_of/

It shows that defer actually adds quite a lot of overhead -- maybe 100ns
per call but we defer a *lot* of functions in the request path. So this
removes some of the ones in request handling, ha, barrier, router, and
physical cache.

One meta-note: nearly every metrics function is in a defer which means
every metrics call we add could add a non-trivial amount of time, e.g.
for every 10 extra metrics statements we add 1ms to a request. I don't
know how to solve this right now without doing what I did in some of
these cases and putting that call into a simple function call that then
goes before each return.

* Simplify barrier defer cleanup
2018-06-14 09:49:10 -04:00
Calvin Leung Huang c4abeb9ea5
Move checkHCLKeys into hclutil (#4749) 2018-06-12 12:38:08 -04:00
Jeff Mitchell 45da5a45ba
Store lease times suitable for export in pending (#4730)
* Store lease times suitable for export in pending

This essentially caches lease information for token lookups, preventing
going to disk over and over.

* Simplify logic
2018-06-11 11:58:56 -04:00
Jeff Mitchell f23ff11abe Fast-path root 2018-06-09 17:41:46 -04:00
Jeff Mitchell d3cbde6ae2 Fix nil pointer 2018-06-09 16:57:57 -04:00
Jeff Mitchell 8916f6b625
Some atomic cleanup (#4732)
Taking inspiration from
https://github.com/golang/go/issues/17604#issuecomment-256384471
suggests that taking the address of a stack variable for use in atomics
works (at least, the race detector doesn't complain) but is doing it
wrong.

The only other change is a change in Leader() detecting if HA is enabled
to fast-path out. This value never changes after NewCore, so we don't
need to grab the read lock to check it.
2018-06-09 15:35:22 -04:00
Jeff Mitchell e461b945a5 Add a test for nil-ing out request tokenentry 2018-06-08 19:55:39 -04:00
Jeff Mitchell 743e31202d Don't pass te to backends 2018-06-08 17:53:28 -04:00
Jeff Mitchell be64c859e1
Make sure updating pending and storage are done as a group (#4727) 2018-06-08 17:24:44 -04:00
Jeff Mitchell 575a606db7
Move TokenEntry into logical. (#4729)
This allows the HTTP logicalAuth handler to cache the value in the
logical.Request, avoiding a lookup later when performing acl
checks/counting a use.
2018-06-08 17:24:27 -04:00
Jeff Mitchell 5207099042 Offline token revocation fix 2018-06-05 18:53:27 -04:00
Jeff Mitchell e294e8666b
Fix panic if passing "rules" via sys/policies/acl (#4705) 2018-06-05 13:01:55 -04:00
Chris Hoffman 5344b7c5ae
adding option go_package to protos (#4687)
* adding option go_package to protos

* switching proto output dir to relative paths
2018-06-04 10:19:26 -04:00
Chris Hoffman 09f3a62be9
Add entity information request to system view (#4681)
* Add entity information request to system view

* fixing a few comments

* sharing types between plugin and logical

* sharing types between plugin and logical

* fixing output directory for proto

* removing extra replacement

* adding mount type lookup

* empty entities return nil instead of error

* adding some comments
2018-06-03 20:48:12 -04:00
Calvin Leung Huang 36db9818ab
Use same handlers for sys policy and policies endpoints (#4677)
* Use same handlers for sys policy and policies endpoints

* Remove fmt.Println
2018-06-01 12:11:33 -04:00
Vishal Nayak 9aca33487e
Passthrough EntityID to backends (#4663)
* passthrough entity id

* address review feedback
2018-05-31 10:18:34 -04:00
Brian Kassouf 05b46def62
Cleanup core.go and break out HA functionality (#4661) 2018-05-30 17:30:50 -07:00
Jeff Mitchell 52ab8f50ea Give the token store revoke-self test more breathing room as Travis timings are too tight 2018-05-30 08:41:55 -04:00
Jeff Mitchell d9150969af Re-add removed check between shares/threshold 2018-05-29 18:38:14 -04:00
Brian Kassouf 893d874291 Update proto files (#4651) 2018-05-29 18:23:51 -04:00
Jeff Mitchell 4b1eb2805a Fix rekey tests 2018-05-29 18:02:13 -04:00
Jeff Mitchell bde0bda710
Merge pull request #4600 from hashicorp/rekey-verification
Rekey verification, allowing new key shares to be confirmed before committing the new key.
2018-05-29 15:00:07 -04:00
Jeff Mitchell 3274d44012
Add num_member_entities and num_parent_groups to key_info in group listing (#4648) 2018-05-29 14:58:23 -04:00
Jeff Mitchell c53717ba1c Fix panic and update some text 2018-05-29 13:13:47 -04:00
Jeff Mitchell 2d05e072b9 Fix a null pointer and update status threshold 2018-05-29 12:04:30 -04:00
Jeff Mitchell bd0ac25eb9
Merge branch 'master' into rekey-verification 2018-05-29 10:19:57 -04:00
Jeff Mitchell 14b65ff4db
Builds on top of #4600 to provide CLI support (#4605) 2018-05-28 00:39:53 -04:00
Jeff Mitchell 8231825cd1 Give more time for the self revocation test to run 2018-05-25 15:24:06 -04:00
Jeff Mitchell 835b355489
Add key information to list endpoints in identity. (#4634)
* Add key information to list endpoints in identity.

Also fixes some bugs from before where we were persisting data that we
should not have been (mount type/path).

* Add cached lookups of real time mount info
2018-05-25 14:34:24 -04:00
Martin a259c16c8b Typo in Visibility + Add accepted values in Description (#4638) 2018-05-25 13:39:35 -04:00
Brian Kassouf 248b988586
Add debug comment when singleton reload is skipped (#4625) 2018-05-23 17:52:11 -07:00
Brian Kassouf 210df327d1
ui/mounts: Add a better error message when permission is denied (#4624)
* ui/mounts: Add a better error message when permission is denied

* Update logical_system.go
2018-05-23 17:47:54 -07:00
Jeff Mitchell 1414eb5e32 Add a switch for the demo server to use version 2 kv mount by default 2018-05-22 17:31:36 -04:00
Jeff Mitchell 3caf193707 Failure to provide correct key shares isn't an internal error, it's a
user error
2018-05-21 21:06:38 -04:00
Jeff Mitchell 0b4ead52a0 Don't allow providing original key shares once we've moved on to verification 2018-05-21 21:02:45 -04:00
Jeff Mitchell 4464c3a65f Fix introduced bug in refactor 2018-05-21 20:54:20 -04:00
Jeff Mitchell f22c0c92e6 Address feedback 2018-05-21 18:25:58 -04:00
Jeff Mitchell 7e7163f826 Factor out a bunch of shared code 2018-05-21 17:46:32 -04:00
Jeff Mitchell 8ad0bbbc44 Address feedback 2018-05-21 16:13:38 -04:00
Jeff Mitchell 62f46c5411 Fix tests 2018-05-21 15:29:41 -04:00
Jeff Mitchell 6adbe7780e Fix review feedback update 2018-05-21 14:51:05 -04:00
Becca Petrin fb04064967
Restrict userpass logins & tokens by CIDR (#4557) 2018-05-21 11:47:28 -07:00
Jeff Mitchell 462afbd0b9 Address review feedback 2018-05-21 14:47:00 -04:00
Brian Kassouf bc4372741f
Don't reload singleton mounts (#4593) 2018-05-21 11:05:04 -07:00
Jeff Mitchell e07fd14eb7 More work on recovery test 2018-05-20 18:42:14 -04:00
Jeff Mitchell acce3997a8 Start of seal improvements for testing 2018-05-20 17:49:37 -04:00
Jeff Mitchell 6340add8c1 Finish non-recovery test 2018-05-20 02:42:15 -04:00
Jeff Mitchell b5868a1de7 Add some more test structure and update test 2018-05-20 00:02:45 -04:00
Jeff Mitchell 72af2d49f9 Update rekey methods to indicate proper error codes in responses 2018-05-19 23:43:48 -04:00
Jeff Mitchell a9fb7da890 WIP 2018-05-19 21:31:45 -04:00
Jeff Mitchell a9d8be3c4d WIP 2018-05-19 21:31:45 -04:00
Jeff Mitchell 6b345ccdef
Use copystructure when assigning allowed/denied params from nil check (#4585)
Fixes #4582
2018-05-18 13:33:49 -07:00
Calvin Leung Huang 90d305a322
Optimize revokeSalted by not calling view.List twice (#4465)
* Optimize revokeSalted by not calling view.List twice

* Minor comment update

* Do not go through the orphaning dance if we are revoking the entire tree

* Update comment
2018-05-18 12:14:42 -07:00
Calvin Leung Huang 95958dd9f9
Use a token store with an initialized exp mananger in TestTokenStore_RevokeSelf (#4590) 2018-05-18 12:13:37 -07:00
Calvin Leung Huang d7017c7924
Return as internal error on failed token lookup (#4589) 2018-05-18 10:14:31 -07:00
Calvin Leung Huang 08720c93ec
Return ts.Lookup error on handleCreateCommon (#4587)
* Return ts.Lookup error on handleCreateCommon

* Fix test
2018-05-18 09:30:03 -07:00
Jeff Mitchell c683315b67
Check allowed/denied/required params on read calls. (#4579)
We added support a bit ago for some read operations to take in
parameters, so we should now apply these checks against them.
2018-05-16 11:28:46 -04:00
Calvin Leung Huang 0ad08b3cb9
Token store tests (#4549)
* Expand revocation test to cover non-registered tokens case

* Bump sleep times back down a bit
2018-05-11 12:12:44 -04:00
Jeff Mitchell 58154df811 Fix two failing tests due to the fact that the expiration manager now
needs to be running to properly revoke tests.
2018-05-10 18:22:04 -04:00
Calvin Leung Huang dd7520459e
Token revocation refactor (#4512)
* Hand off lease expiration to expiration manager via timers

* Use sync.Map as the cache to track token deletion state

* Add CreateOrFetchRevocationLeaseByToken to hand off token revocation to exp manager

* Update revoke and revoke-self handlers

* Fix tests

* revokeSalted: Move token entry deletion into the deferred func

* Fix test race

* Add blocking lease revocation test

* Remove test log

* Add HandlerFunc on NoopBackend, adjust locks, and add test

* Add sleep to allow for revocations to settle

* Various updates

* Rename some functions and variables to be more clear
* Change step-down and seal to use expmgr for revoke functionality like
during request handling
* Attempt to WAL the token as being invalid as soon as possible so that
further usage will fail even if revocation does not fully complete

* Address feedback

* Return invalid lease on negative TTL

* Revert "Return invalid lease on negative TTL"

This reverts commit a39597ecdc23cf7fc69fe003eef9f10d533551d8.

* Extend sleep on tests
2018-05-10 15:50:02 -04:00
Jeff Mitchell af802275bd
Fix response wrapping from K/V version 2 (#4511)
This takes place in two parts, since working on this exposed an issue
with response wrapping when there is a raw body set. The changes are (in
diff order):

* A CurrentWrappingLookupFunc has been added to return the current
value. This is necessary for the lookahead call since we don't want the
lookahead call to be wrapped.

* Support for unwrapping < 0.6.2 tokens via the API/CLI has been
removed, because we now have backends returning 404s with data and can't
rely on the 404 trick. These can still be read manually via
cubbyhole/response.

* KV preflight version request now ensures that its calls is not
wrapped, and restores any given function after.

* When responding with a raw body, instead of always base64-decoding a
string value and erroring on failure, on failure we assume that it
simply wasn't a base64-encoded value and use it as is.

* A test that fails on master and works now that ensures that raw body
responses that are wrapped and then unwrapped return the expected
values.

* A flag for response data that indicates to the wrapping handling that
the data contained therein is already JSON decoded (more later).

* RespondWithStatusCode now defaults to a string so that the value is
HMAC'd during audit. The function always JSON encodes the body, so
before now it was always returning []byte which would skip HMACing. We
don't know what's in the data, so this is a "better safe than sorry"
issue. If different behavior is needed, backends can always manually
populate the data instead of relying on the helper function.

* We now check unwrapped data after unwrapping to see if there were raw
flags. If so, we try to detect whether the value can be unbase64'd. The
reason is that if it can it was probably originally a []byte and
shouldn't be audit HMAC'd; if not, it was probably originally a string
and should be. In either case, we then set the value as the raw body and
hit the flag indicating that it's already been JSON decoded so not to
try again before auditing. Doing it this way ensures the right typing.

* There is now a check to see if the data coming from unwrapping is
already JSON decoded and if so the decoding is skipped before setting
the audit response.
2018-05-10 15:40:03 -04:00
Brian Kassouf 55997b6bf0
physical/cache: Add a list of prefixes to not cache (#4515)
* physical/cache: Add a list of prefixes to not cache

* Rename the pathmanager

* Move cache back to the beggining of postUnseal

* Fix comment
2018-05-10 10:29:26 -07:00
Becca Petrin 76c717b081
Restrict cert auth by CIDR (#4478) 2018-05-09 15:39:55 -07:00
Jeff Mitchell c0ed57feae
Revert "proto changes (#4503)" (#4504)
This reverts commit 14594bd76e04ff09c442738800be5fdebc45512f.
2018-05-03 15:38:53 -04:00
Vishal Nayak 7549ea0d12
proto changes (#4503) 2018-05-03 15:23:14 -04:00
Becca Petrin d51acbde68
New proto version (#4501) 2018-05-03 10:19:39 -07:00
Vishal Nayak 7b93377d00
update token store error assertions (#4485) 2018-04-29 07:47:42 -04:00
Jeff Mitchell deafefc1c7
Add ability for revoke-prefix and revoke-force to work on single leases (#4450)
Ping #4143
2018-04-26 16:26:07 -04:00
Jeff Mitchell 61f2144adf Add identity store nil checks 2018-04-24 23:10:22 -04:00
Brian Kassouf 6d447d2671 Rename up path to internal/ui/mounts/<path> (#4435) 2018-04-23 18:16:10 -04:00
Brian Kassouf c7f9d185b0
Kv preflight (#4430)
* Update kv command to use a preflight check

* Make the existing ui endpoint return the allowed mounts

* Add kv subcommand tests

* Enable `-field` in `vault kv get/put` (#4426)

* Enable `-field` in `vault kv get/put`

Fixes #4424

* Unify nil value handling

* Use preflight helper

* Update vkv plugin

* Add all the mount info when authenticated

* Add fix the error message on put

* add metadata test

* No need to sort the capabilities

* Remove the kv client header

* kv patch command (#4432)

* Fix test

* Fix tests

* Use permission denied instead of entity disabled
2018-04-23 15:00:02 -07:00
Jeff Mitchell d54191adff Use permission denied for entity disabling 2018-04-23 16:50:04 -04:00
Vishal Nayak 10419845b7
disable identity for local mounts (#4407) 2018-04-23 13:46:14 -04:00
Jeff Mitchell 78b09d77c0 Use ResetNamed for sealunwrapper logger 2018-04-23 13:42:02 -04:00
Becca Petrin dbd1f119ed Use a sub-logger for the transactional cache (#4428) 2018-04-23 12:08:12 -04:00
Jeff Mitchell 6d95b4d266
Add the ability to restrict token usage by IP. Add to token roles. (#4412)
Fixes #815
2018-04-21 10:49:16 -04:00
Jeff Mitchell 640b30ff7b
Resultant acl (#4386) 2018-04-20 14:19:04 -04:00
Jeff Mitchell e69845b458
Defer setting views read/write until the end of postUnseal (#4392)
A few notes:

* We exert positive control over singletons and they usually need to
perform some (known, validated) writes, so this excludes singletons --
they are simply limited to the end of the mount function as before.

* I'm not sure how to test this _specifically_; I've done some testing
of e.g. sealing vault and unsealing and ensuring that I can write to a
KV mount. I think this is tested by every dev server though, since for a
dev server Vault is inited, the default mounts are mounted, then it's
sealed, then it's unsealed for the user, so it already goes through this
code path. The mere fact that you can write to secret/ on a dev server
means it was successfully set read-write.
2018-04-19 13:29:43 -04:00
Martin ad57258d64 Add missing entries in path-help (#4370) 2018-04-17 13:54:04 -04:00
Vishal Nayak 0612103c2f
external identity groups across mounts (#4365) 2018-04-17 12:01:43 -04:00
Vishal Nayak 62ba3f381f
Identity policies in token lookup (#4366)
* Add identity_policies to token lookup

* add tests

* naming change

* add commenting in tests
2018-04-17 11:16:26 -04:00
Jeff Mitchell 530121c655
Add ability to disable an entity (#4353) 2018-04-13 21:49:40 -04:00
Brian Kassouf 6ca3ae4007 Port some ent mount changes (#4330) 2018-04-11 14:32:55 -04:00
Jeff Mitchell 8f1f1ea6a7 Fix some tests 2018-04-10 00:22:23 -04:00
Jeff Mitchell d089ff613b
Don't run every tune function every time tune is called. (#4325) 2018-04-09 22:17:37 -04:00
Jeff Mitchell 991a110cab
Remove prefixes from some logging statements where they still exist (#4324) 2018-04-09 21:14:23 -04:00
Jeff Mitchell 6c73d509cf Fix tests from version update 2018-04-09 16:14:44 -04:00
Jeff Mitchell 0535f46e27 Make standard secret/ mount version 1, but upgrade to v2 in dev mode. 2018-04-09 15:37:36 -04:00
Becca Petrin abb621752f Clean up error string formatting (#4304) 2018-04-09 14:35:21 -04:00
Brian Kassouf a8b8ca136e
KV: Update 'versioned' naming to 'v2' (#4293)
* Update 'versioned' naming to 'v2'

* Make sure options are set

* Fix description of auth flag

* Review feedback
2018-04-09 09:39:32 -07:00
Calvin Leung Huang fb81016252
Fix output-related tests (#4288)
* Fix command tests

* More test fixes

* Use backticks to escape quoted strings

* More test fixes

* Fix mismatched error output failures

* Fix mismatched error output failures
2018-04-05 20:43:29 -04:00
Vishal Nayak 28e3eb9e2c
Errwrap everywhere (#4252)
* package api

* package builtin/credential

* package builtin/logical

* package command

* package helper

* package http and logical

* package physical

* package shamir

* package vault

* package vault

* address feedback

* more fixes
2018-04-05 11:49:21 -04:00
Jeff Mitchell f6f3153b3d
Allow not showing expirations, and don't log when skipToken (#4263)
The latter removes a case where a token being revoked would end up
logging twice.
2018-04-04 03:07:10 -04:00
Jeff Mitchell 599f691141
Allow returning warnings and other data in 404s in the Go API (#4256)
* Allow returning list information and other data in 404s.

On read it'll output data and/or warnings on a 404 if they exist. On
list, the same behavior; the actual 'vault list' command doesn't change
behavior though in terms of output unless there are no actual keys (so
it doesn't just magically show other data).

This corrects some assumptions in response_util and wrapping.go; it also
corrects a few places in the latter where it could leak a (useless)
token in some error cases.

* Use same 404 logic in delete/put too

* Add the same secret parsing logic to the KV request functions
2018-04-03 22:35:45 -04:00
Jeff Mitchell 69a8158913
Fix race condition caught by detector in barrier view (#4261) 2018-04-03 21:39:11 -04:00
Brian Kassouf e26e821107
Don't pass the upgrade flag into the backend (#4255) 2018-04-03 11:37:34 -07:00
Calvin Leung Huang 6b840e6c1c
Fix compilation and tests failures (#4254) 2018-04-03 14:07:43 -04:00
Chris Hoffman a7ada08b3b
Core handling of TTLs (#4230)
* govet cleanup in token store

* adding general ttl handling to login requests

* consolidating TTL calculation to system view

* deprecate LeaseExtend

* deprecate LeaseExtend

* set the increment to the correct value

* move calculateTTL out of SystemView

* remove unused value

* add back clearing of lease id

* implement core ttl in some backends

* removing increment and issue time from lease options

* adding ttl tests, fixing some compile issue

* adding ttl tests

* fixing some explicit max TTL logic

* fixing up some tests

* removing unneeded test

* off by one errors...

* adding back some logic for bc

* adding period to return on renewal

* tweaking max ttl capping slightly

* use the appropriate precision for ttl calculation

* deprecate proto fields instead of delete

* addressing feedback

* moving TTL handling for backends to core

* mongo is a secret backend not auth

* adding estimated ttl for backends that also manage the expiration time

* set the estimate values before calling the renew request

* moving calculate TTL to framework, revert removal of increment and issue time from logical

* minor edits

* addressing feedback

* address more feedback
2018-04-03 12:20:20 -04:00
Jeff Mitchell 2bd107a806 Update logformat -> logging 2018-04-03 12:03:35 -04:00
Chris Hoffman 35e944e485 adds ability to override default CSP with warning (#395) 2018-04-03 09:34:14 -05:00
Chris Hoffman e293fe84c3 OSS: Adding UI handlers and configurable headers (#390)
* adding UI handlers and UI header configuration

* forcing specific static headers

* properly getting UI config value from config/environment

* fixing formatting in stub UI text

* use http.Header

* case-insensitive X-Vault header check

* fixing var name

* wrap both stubbed and real UI in header handler

* adding test for >1 keys
2018-04-03 09:34:01 -05:00
Vishal Nayak 1a6ff5cb80
port missed items from identity store to oss (#4242) 2018-04-02 22:17:33 -04:00
Jeff Mitchell 42d2ee04bd
Alias versioned kv as vkv when mounting (#4240) 2018-04-02 20:51:35 -04:00
Becca Petrin 03cf302e9a Move to "github.com/hashicorp/go-hclog" (#4227)
* logbridge with hclog and identical output

* Initial search & replace

This compiles, but there is a fair amount of TODO
and commented out code, especially around the
plugin logclient/logserver code.

* strip logbridge

* fix majority of tests

* update logxi aliases

* WIP fixing tests

* more test fixes

* Update test to hclog

* Fix format

* Rename hclog -> log

* WIP making hclog and logxi love each other

* update logger_test.go

* clean up merged comments

* Replace RawLogger interface with a Logger

* Add some logger names

* Replace Trace with Debug

* update builtin logical logging patterns

* Fix build errors

* More log updates

* update log approach in command and builtin

* More log updates

* update helper, http, and logical directories

* Update loggers

* Log updates

* Update logging

* Update logging

* Update logging

* Update logging

* update logging in physical

* prefixing and lowercase

* Update logging

* Move phyisical logging name to server command

* Fix som tests

* address jims feedback so far

* incorporate brians feedback so far

* strip comments

* move vault.go to logging package

* update Debug to Trace

* Update go-plugin deps

* Update logging based on review comments

* Updates from review

* Unvendor logxi

* Remove null_logger.go
2018-04-02 17:46:59 -07:00
Vishal Nayak 96fc0c2509
Update group alias by ID (#4237)
* update group alias by id

* update docs
2018-04-02 10:42:01 -04:00
Jeff Mitchell 26c891c223 Merge branch 'master-oss' into 0.10-beta 2018-03-28 10:14:43 -04:00
Jeff Mitchell 48cb30312a
Remove old workaround for a rollback error (#4206)
It can now cause problems in other situations
2018-03-27 16:34:06 -04:00
Jeff Mitchell 2f90e0c2e1 Merge branch 'master-oss' into 0.10-beta 2018-03-27 12:40:30 -04:00
Calvin Leung Huang 8d9295c539
Token store deleted parent (#4193)
* Handle removal of parent index on revoke-orphan and tidy operations

* Refactor handleTidy to use same for loop children deletion of invalid parent entry

* Update comments

* Add logic for revoke-orphan and tidy to turn no-parent tokens into orphans

* Add orphan check to test

* Update test comments

* Fix TestTokenStore_Revoke_Orphan test

* Address feedback, add explicit delete when parent prefix is empty

* Revert explicit delete, add comment on why it's not done

* Update comment to indicate ok on marking token as orphan

* Fix test
2018-03-27 11:12:06 -04:00
Jeff Mitchell a1d5defe01 Update tests to use the real accessors listing path 2018-03-26 14:21:36 -04:00
Jeff Mitchell 65d8eb0914 Add more docs around list paths in policies.
CC #4199
2018-03-26 11:30:58 -04:00
Calvin Leung Huang 25792df5a9
Passthrough request headers (#4172)
* Add passthrough request headers for secret/auth mounts

* Update comments

* Fix SyncCache deletion of passthrough_request_headers

* Remove debug line

* Case-insensitive header comparison

* Remove unnecessary allocation

* Short-circuit filteredPassthroughHeaders if there's nothing to filter

* Add whitelistedHeaders list

* Update router logic after merge

* Add whitelist test

* Add lowercase x-vault-kv-client to whitelist

* Add back const

* Refactor whitelist logic
2018-03-21 19:56:47 -04:00
Brian Kassouf 5c84c36915
command/kv: Add a "kv" subcommand for using the key-value store (#4168)
* Add more cli subcommands

* Add metadata commands

* Add more subcommands

* Update cli

* Move archive commands to delete

* Add helpers for making http calls to the kv backend

* rename cli header

* Format the various maps from kv

* Add list command

* Update help text

* Add a command to enable versioning on a backend

* Rename enable-versions command

* Some review feedback

* Fix listing of top level keys

* Fix issue when metadata is nil

* Add test for lising top level keys

* Fix some typos

* Add a note about deleting all versions
2018-03-21 15:02:41 -07:00
Brian Kassouf cc625e19ee
Add options to mount tune and mount endpoints in preparation for versioning (#4155)
* Add some requirements for versioned k/v

* Add a warning message when an upgrade is triggered

* Add path help values

* Make the kv header a const

* Add the uid to mount entry instead of options map

* Pass the backend aware uuid to the mounts and plugins

* Fix comment

* Add options to secret/auth enable and tune CLI commands (#4170)

* Switch mount/tune options to use TypeKVPairs (#4171)

* switching options to TypeKVPairs, adding bool parse for versioned flag

* flipping bool check

* Fix leases coming back from non-leased pluin kv store

* add a test for updating mount options

* Fix tests
2018-03-21 12:04:27 -07:00
Josh Soref 73b1fde82f Spelling (#4119) 2018-03-20 14:54:10 -04:00
Jeff Mitchell e49c230f7b
Log revocations in revokeCommon rather than expireID (#4164)
Revocations that happen not as a result of direct expirations will
therefore be logged

Fixes #4156
2018-03-20 11:46:27 -04:00
Jeff Mitchell 933f1e4b87 Sync 2018-03-20 10:42:57 -04:00
Calvin Leung Huang f86881c295
Unauthenticated endpoint to list secret and auth mounts (#4134)
* Add audit hmac values to AuthConfigInput and AuthConfigOutput, fix docs

* docs: Add ttl params to auth enable endpoint

* Rewording of go string to simply string

* Add audit hmac keys as CLI flags on auth/secrets enable

* Fix copypasta mistake

* WIP on auth-list endpoint

* Rename variable to be singular, add CLI flag, show value in auth and secrets list

* Add audit hmac keys to auth and secrets list

* Only set config values if they exist

* Fix http sys/auth tests

* More auth plugin_name test fixes

* Rename tag internal_ui_show_mount to _ui_show_mount

* Add tests

* Make endpoint unauthed

* Rename field to listing_visibility

* Add listing-visibility to cli tune commands

* Use ListingVisiblityType

* Fix type conversion

* Do not actually change token's value on testHttpGet

* Remove unused ListingVisibilityAuth, use const in pathInternalUIMountsRead
2018-03-19 23:16:33 -04:00
Jeff Mitchell 3a5e1792c0 Update path-help to make clear you shouldn't put things in the URL.
Remove from website docs as those have been long deprecated.
2018-03-19 11:50:16 -04:00
Jeff Mitchell 60adb4297f Update SealWrapStorage in passthrough to use newer style glob for matching all 2018-03-18 14:25:15 -04:00
Jeff Mitchell 6e93a6c4fb
Properly forward (or specifically don't) sys calls that result in read only errors (#4129)
Prior to this policy writes against a performance secondary would not
succeed because the read-only error was swallowed by handleError. In
addition to fixing this, it adds a similar function that explicitly
doesn't trigger forwarding. This is useful for things that are local to
the secondary such as raw operations and lease management.
2018-03-17 21:29:17 -04:00
Jin-wook Jeong 92ea5f9d66 Make credential plugin to work that is modified before vault startup and reloaded after vault startup. (#4121)
Set routeEntry.rootPaths, loginPaths after plugin reload using atomic values.
2018-03-16 10:35:19 -07:00
Calvin Leung Huang 3108860d4b
Audit HMAC values on AuthConfig (#4077)
* Add audit hmac values to AuthConfigInput and AuthConfigOutput, fix docs

* docs: Add ttl params to auth enable endpoint

* Rewording of go string to simply string

* Add audit hmac keys as CLI flags on auth/secrets enable

* Fix copypasta mistake

* Add audit hmac keys to auth and secrets list

* Only set config values if they exist

* Fix http sys/auth tests

* More auth plugin_name test fixes

* Pass API values into MountEntry's config when creating auth/secrets mount

* Update usage wording
2018-03-09 14:32:28 -05:00
Jeff Mitchell 55187255bd
Truncate token store issued token periods when greater than tuned max at (#4112)
issue time, not just renew time.
2018-03-09 10:53:04 -05:00
Jeff Mitchell a82b43081c Fix output in warning displaying nanoseconds instead of seconds 2018-03-08 16:14:20 -05:00
Brian Kassouf 9dba3590ac
Add context to the NewSalt function (#4102) 2018-03-08 11:21:11 -08:00
Brian Kassouf 34d958968d Revert stopoptions (#4088)
* Use an atomic value instead to communicate whether to give up HA lock

* Remove now-unneeded StopOptions struct

* Add a channel based mutex acquisition function to avoid a deadlock

* Make periodic leader refresh only spawn a single waiting goroutine and
extend logic to the key upgrade check
2018-03-06 21:35:58 -05:00
Jeff Mitchell 6b777dc63e
Rearrange shutdown logic to remove some lock switching (#4083)
* Rearrange shutdown logic to remove some lock switching and to allow
giving up the HA lock to be skipped.
2018-03-06 18:06:09 -05:00
Calvin Leung Huang e2fb199ce5
Non-HMAC audit values (#4033)
* Add non-hmac request keys

* Update comment

* Initial audit request keys implementation

* Add audit_non_hmac_response_keys

* Move where req.NonHMACKeys gets set

* Minor refactor

* Add params to auth tune endpoints

* Sync cache on loadCredentials

* Explicitly unset req.NonHMACKeys

* Do not error if entry is nil

* Add tests

* docs: Add params to api sections

* Refactor audit.Backend and Formatter interfaces, update audit broker methods

* Add audit_broker.go

* Fix method call params in audit backends

* Remove fields from logical.Request and logical.Response, pass keys via LogInput

* Use data.GetOk to allow unsetting existing values

* Remove debug lines

* Add test for unsetting values

* Address review feedback

* Initialize values in FormatRequest and FormatResponse using input values

* Update docs

* Use strutil.StrListContains

* Use strutil.StrListContains
2018-03-02 12:18:39 -05:00
Jeff Mitchell 5034ae2dcb Add the ability to use multiple paths for capability checking (#3663)
* Add the ability to use multiple paths for capability checking. WIP
(tests, docs).

Fixes #3336

* Added tests

* added 'paths' field

* Update docs

* return error if paths is not supplied
2018-03-01 11:14:56 -05:00
Jeff Mitchell f1bd0cbe74
Use atomic values in seal to avoid some data races (#4040) 2018-02-23 17:18:48 -05:00
Jeff Mitchell d4a431b298
Move local cluster parameters to atomic values to fix some potential data races (#4036) 2018-02-23 14:47:07 -05:00
Brian Kassouf cb08fb92d2 Port some replicated cluster changes from ent (#4037) 2018-02-23 14:01:15 -05:00
Jeff Mitchell 1a814803d7 Add core object to policy store for some ent uses 2018-02-23 14:00:46 -05:00
Calvin Leung Huang 1bb4d165e7
Add TTL related config options on auth enable (#4019) 2018-02-22 10:26:29 -05:00
Jeff Mitchell 4669f37c78 Add four cluster flag 2018-02-22 00:23:37 -05:00
Gobin Sougrakpam 33e22c41ca Log warnings when too many leases are active (#3957) 2018-02-14 09:22:46 -05:00
Kevin Paulisse 2282fcef8a Decompress data before sending via sys/raw (#3954) 2018-02-09 18:43:48 -05:00
Jeff Mitchell 96ea0620fd
Add sealunwrapper to ease OSS downgrades (#3936) 2018-02-09 16:37:40 -05:00
Jeff Mitchell 847e499261 Simplify readonly view logic 2018-02-09 15:39:27 -05:00
Vishal Nayak bf66dc2841 Make mount view read only until after mount persist (#3910) 2018-02-09 14:04:25 -05:00
Vishal Nayak 81c66efd6d
AppRole/Identity: Fix for race when creating an entity during login (#3932)
* possible fix for race in approle login while creating entity

* Add a test that hits the login request concurrently

* address review comments
2018-02-09 10:40:56 -05:00
seanjfellows 4739342fdb Create audit failure metrics unconditionally (#3937) 2018-02-07 15:57:00 -05:00
Jeff Mitchell 1a8a843588
Change grpc's max sent/recv size to a very large value. (#3912) 2018-02-06 13:52:35 -05:00
Jeff Mitchell 642b88c76a go vet fixes 2018-02-05 14:26:31 -05:00
Jeff Mitchell 05723e1229 Revert cluster.go change 2018-02-04 20:42:45 -05:00
Jeff Mitchell f33563f667 Some vet fixes 2018-02-04 20:37:57 -05:00
Jeff Mitchell fc6564e4ee
Don't run rollback and upgrade functionality if we are a replication secondary (#3900)
* Don't run rollback and upgrade functionality if we are a replication
secondary, but do if the mount is local.
2018-02-02 20:28:25 -05:00
Jeff Mitchell 676b302dbf
Add a sysview call to determine if a mount is local. (#3899)
This is useful for deciding when to run upgrade logic, e.g. if on a
performance secondary but local it's fine to run.
2018-02-02 18:17:12 -05:00
Calvin Leung Huang 848ce6427b
Handle period's zero value in token store's token creation (#3880)
* Handle period's zero value on handleCreateCommon

* Add test for period zero value
2018-02-01 12:01:46 -05:00
Jeff Mitchell 60e2209532
Remove core restriction in cache and turn it into an active/standby restriction instead (#3849) 2018-01-25 22:21:51 -05:00
Vishal Nayak 150ad8405b
Remove logical.Initialize() method (#3848)
* Remove logical.Initialize() method

* More cleanup

* Fix test
2018-01-25 20:19:27 -05:00
Jeff Mitchell ad9da2e0b8
Fix intermittent panic by storing a reference to the grpc server (#3842)
* Fix intermittent panic by storing a reference to the grpc server and
using that to ensure it will never be nil.

* Just get rid of c.rpcServer
2018-01-24 20:23:08 -05:00
Jeff Mitchell cf87cc54fc Fix build 2018-01-22 21:45:22 -05:00
Jeff Mitchell 8e8675053b Sync some bits over 2018-01-22 21:44:49 -05:00
Jeff Mitchell 7d6fed2e86
Use a separate var for active node replication state (#3819) 2018-01-19 19:24:04 -05:00
Jeff Mitchell 43617619ad Embed derived contexts into replication clients 2018-01-19 07:22:31 -05:00
Jeff Mitchell 123e22cd7e Fix compile 2018-01-19 05:31:55 -05:00
Jeff Mitchell b4be030d07
Add context to barrier encryptor interface 2018-01-19 05:28:47 -05:00
Jeff Mitchell 31a7eb1168
Add context to barrier encryptor access 2018-01-19 05:24:40 -05:00
Jeff Mitchell 69aead14f0 A bit more context plumbing 2018-01-19 04:11:59 -05:00
Jeff Mitchell 33b68ebf3d Remove context from a few extraneous places 2018-01-19 03:44:06 -05:00
Jeff Mitchell 6be5b8e8a1 Don't use context in barrier type/recovery type 2018-01-19 03:17:36 -05:00
Jeff Mitchell 0f7e3bb79b Add context to performPolicyChecks 2018-01-19 02:43:39 -05:00
Jeff Mitchell c97e73ce70
Don't check recovery seal in Initialized()
It doesn't actually matter and can give false positives.
2018-01-19 01:55:33 -05:00
Brian Kassouf 2f19de0305 Add context to storage backends and wire it through a lot of places (#3817) 2018-01-19 01:44:44 -05:00
Jeff Mitchell 842a3a4a05 Remove RegisterLicense from logical.Backend
It's almost certainly the wrong signature and nothing uses it currently
anyways.
2018-01-18 13:44:29 -05:00
Calvin Leung Huang f59069c22f
Don't call LeaseExtend on login renewal paths when period is provided (#3803)
* Don't call LeaseExtend on login renewal paths when period is provided

* WIP tests

* NoopBackend accept backend ttl values

* Test period value on credentials backend

* Use t.Fatalf instead

* Remove mockCoreExpiration

* Add login renewal test for approle backend

* Add resp.Auth.Period check on aws and cert backend tests

* Pass in approle's period via role's period

* Correctly set period in valid-role's role

* Add period renewal test using TestCluster and approle backend

* Check for ttl values after renewals on test
2018-01-18 12:19:18 -05:00
Jeff Mitchell cf895fc19a Actually print out forwarded stacktrace 2018-01-18 11:40:59 -05:00
Calvin Leung Huang bffaf9b0c3 Remove vlogger, add log.Logger to PolicyStore struct (#3813) 2018-01-18 01:01:51 -05:00
Jeff Mitchell 5371b0489f Rename var from last commit 2018-01-17 23:08:35 -05:00
Jeff Mitchell 307a177540 Make heartbeatInterval a package var to allow tests to modify it 2018-01-17 23:05:11 -05:00
Jeff Mitchell a71c74aa3f
Add replication state to EchoReply (#3810) 2018-01-17 22:17:47 -05:00
Tom Wilkie e06cb595fc Make the plugin catalog endpoint roundtrip so we can use terraform to manage them. (#3778) 2018-01-17 19:19:28 -05:00
Jeff Mitchell 88313f0398 Update replication state logic.
Fixes #3727
2018-01-16 13:51:55 -05:00
Vishal Nayak 8ef51c0065
Delete group alias upon group deletion (#3773) 2018-01-11 10:58:05 -05:00
Jeff Mitchell d8009bced1 Merge branch 'master-oss' into sethvargo/cli-magic 2018-01-10 11:15:49 -05:00
Brian Kassouf 64da50c27c
Update plugin deps to include context changes (#3765)
* Update plugin deps to include context changes

* Fix tests
2018-01-08 12:26:13 -08:00
Brian Kassouf 1c190d4bda
Pass context to backends (#3750)
* Start work on passing context to backends

* More work on passing context

* Unindent logical system

* Unindent token store

* Unindent passthrough

* Unindent cubbyhole

* Fix tests

* use requestContext in rollback and expiration managers
2018-01-08 10:31:38 -08:00
Jeff Mitchell 6681329041 Update redirect address error to be more clear 2018-01-04 10:45:40 -05:00
Jeff Mitchell 1fe494e8e1
Port IsDRSecondary over and enable returning it via sys_health (#3749) 2018-01-03 15:07:13 -05:00
Jeff Mitchell d1803098ae Merge branch 'master-oss' into sethvargo/cli-magic 2018-01-03 14:02:31 -05:00
Jeff Mitchell 92aaebd20e Bust recovery cache after unsealed is set true to force migration 2017-12-19 16:22:09 -05:00
Jeff Mitchell 9630f93845
Fix audited request header lookup (#3707)
The headers are stored lowercased but the lookup function wasn't
properly lowercasing when indexing in the header map.

Fixes #3701
2017-12-18 10:05:51 -05:00
Chris Hoffman 164849f056
Add support for encrypted TLS key files (#3685) 2017-12-15 17:33:55 -05:00
Calvin Leung Huang 57bc19c169 Defer reader.Close that is used to determine sha256 2017-12-15 14:04:09 -05:00
Calvin Leung Huang 7c0b4f1333 Avoid unseal failure if plugin backends fail to setup during postUnseal (#3686) 2017-12-15 13:31:57 -05:00
Calvin Leung Huang 79cb82e133
Add logic for using Auth.Period when handling auth login/renew requests (#3677)
* Add logic for using Auth.Period when handling auth login/renew requests

* Set auth.TTL if not set in handleLoginRequest

* Always set auth.TTL = te.TTL on handleLoginRequest, check TTL and period against sys values on RenewToken

* Get sysView from le.Path, revert tests

* Add back auth.Policies

* Fix TokenStore tests, add resp warning when capping values

* Use switch for ttl/period check on RenewToken

* Move comments around
2017-12-15 13:30:05 -05:00
Brian Kassouf afe53eb862
Database gRPC plugins (#3666)
* Start work on context aware backends

* Start work on moving the database plugins to gRPC in order to pass context

* Add context to builtin database plugins

* use byte slice instead of string

* Context all the things

* Move proto messages to the dbplugin package

* Add a grpc mechanism for running backend plugins

* Serve the GRPC plugin

* Add backwards compatibility to the database plugins

* Remove backend plugin changes

* Remove backend plugin changes

* Cleanup the transport implementations

* If grpc connection is in an unexpected state restart the plugin

* Fix tests

* Fix tests

* Remove context from the request object, replace it with context.TODO

* Add a test to verify netRPC plugins still work

* Remove unused mapstructure call

* Code review fixes

* Code review fixes

* Code review fixes
2017-12-14 14:03:11 -08:00
Brian Kassouf de9b7d779d
Fix leaking connections on cluster port (#3680) 2017-12-12 17:18:04 -08:00
Chris Hoffman 822ce95dc4
adding ability to override temp dir in dev cluster (#3673) 2017-12-11 18:02:35 -05:00
lemondrank 255212af23 Non-recursive DFS token tree revoke (#2478) 2017-12-11 16:51:37 -05:00
Vishal Nayak 0928a65c38
remove unused function (#3657) 2017-12-06 18:55:43 -05:00
Chris Hoffman f966d20225
Adding ability to cache core values, cache transaction improvements (#3640) 2017-12-06 12:25:17 -05:00
Jeff Mitchell 8f159b12b1
allowed/disallowed_policies as TypeCommaStringSlice (#3641)
Our docs apparently claim that this is a list, but the code is
string-only. This fixes that discrepancy.
2017-12-04 12:47:05 -05:00
Jeff Mitchell 20320cd71e
Move location of quit channel closing in exp manager (#3638)
* Move location of quit channel closing in exp manager

If it happens after stopping timers any timers firing before all timers
are stopped will still run the revocation function. With plugin
auto-crash-recovery this could end up instantiating a plugin that could
then try to unwrap a token from a nil token store.

This also plumbs in core so that we can grab a read lock during the
operation and check standby/sealed status before running it (after
grabbing the lock).

* Use context instead of checking core values directly

* Use official Go context in a few key places
2017-12-01 17:08:38 -05:00
Jeff Mitchell 548629e8ef Port over some changes 2017-11-30 09:43:07 -05:00
Jeff Mitchell eef6afec3e
Fix mount path for credential values in aliases (#3580) 2017-11-14 01:31:10 -05:00
Calvin Leung Huang 2f9ff5c062 Acquire state lock at the start of UnsealWithRecoveryKeys (#3579)
* Acquire state lock from the start of UnsealWithRecoveryKeys, add metrics

* Change metrics variable
2017-11-13 22:05:22 -05:00
Vishal Nayak 5d976794d4
API refactoring and doc updates (#3577)
* Doc updates and API refactoring

* fix tests

* change metadata fieldtype to TypeKVPairs

* Give example for TypeKVPairs in CLI for metadata

* Update API docs examples to reflect the native expected value for TypeKVPairs

* Don't mention comma separation in the docs for TypeCommaStringSlice

* s/groups/group; s/entities/entity; s/entity-aliases/entity-alias; s/group-aliases/group-alias

* Address review feedback

* Fix formatting

* fix sidebar links
2017-11-13 20:59:42 -05:00
Chris Hoffman 9e79e9b397
generate token functions to share common names (#3576) 2017-11-13 15:44:26 -05:00
Jeff Mitchell 2b78bc2a9b
Port over bits (#3575) 2017-11-13 15:31:32 -05:00
Jeff Mitchell d55f94f4a3
Plumb more seal wrap stuff through and move to outside layer of mount options (#3572) 2017-11-13 11:22:22 -05:00
Jeff Mitchell 0798ccdd7c Populate config error in three node test function 2017-11-10 17:44:25 -05:00
Jeff Mitchell e66c4b11d5 Add core numbers to output in dev three node 2017-11-10 16:21:46 -05:00
Brian Kassouf ab3b625a3b
Add API methods for creating a DR Operation Token and make generate root accept strategy types (#3565)
* Add API and Command code for generating a DR Operation Token

* Update generate root to accept different token strategies
2017-11-10 10:19:42 -08:00
Jeff Mitchell c3b382d010 If kv entry is sealwrapped and is response-wrapped ensure it carries through 2017-11-10 12:56:31 -05:00
Brian Shumate a7af6c4cb7 Debug level logging of socket audit backend config at startup (#3560) 2017-11-10 12:08:36 -05:00
Jeff Mitchell 18f76d0909 Change test cluster to request client cert rather than verify if given 2017-11-09 15:55:23 -05:00
Jeff Mitchell fdaed84e82
Add ability to send seal wrap response info into cubbyhole request. (#3562)
Ref 84f80db4bf499ce7345615cc2def77e7d48bc690
2017-11-09 12:47:42 -05:00
Jeff Mitchell 922ac56222
Seal wrap requesting in logical.Request wrapinfo (#3559) 2017-11-09 10:32:49 -05:00
Vishal Nayak 660c9ab382
Merge identity alias lookups into either entity or group lookup endpoints (#3538)
* merge identity alias lookups into either entity or group lookups

* Address review feedback

* address review feedback
2017-11-09 01:29:19 -05:00
Chris Hoffman a7f510c9b4 converting identity metadata to use TypeKVPairs (#3549) 2017-11-08 14:51:40 -05:00
Jeff Mitchell dd551eb12f Put back original test cluster client redirect behavior 2017-11-08 10:15:56 -05:00
Jeff Mitchell 0c9e692414
Minor mount logic updates (#3553) 2017-11-07 20:30:02 -05:00
Jeff Mitchell febda30382
Fix potential panic reading local mount tables (#3552) 2017-11-07 18:04:37 -05:00
Jeff Mitchell 98dc8e9bea Fix regression involving cluster listener 2017-11-07 17:27:13 -05:00
Jeff Mitchell a2db5671c5 Add logbridge for testing 2017-11-07 15:50:09 -05:00
Calvin Leung Huang d9eaacf5de
Barrier unseal using recovery keys (#3541)
* Barrier unseal using recovery keys

* Remove tests
2017-11-07 15:15:39 -05:00
Jonathan Freedman 4109473134 More Mount Conflict Detection (#2919) 2017-11-06 15:29:09 -05:00
Lars Lehtonen 8ccdaa1860 Fix swallowed errors in TestRollbackManager_Join() (#3327) 2017-11-06 14:34:27 -05:00
Jeff Mitchell 119607dcb7
Seal wrap all root tokens and their leases (#3540) 2017-11-06 13:10:36 -05:00
Vishal Nayak 2af5b9274f
Return group memberships of entity during read (#3526)
* return group memberships of entity during read

* Add implied group memberships to read response of entity

* distinguish between all, direct and inherited group IDs of an entity

* address review feedback

* address review feedback

* s/implied/inherited in tests
2017-11-06 13:01:48 -05:00
Chris Hoffman 1e03e1bad3
Fix group/policy iterators with multiple groups (#3527)
* fixing some group iterators

* fix slice rewrite
2017-11-03 11:26:22 -04:00
Vishal Nayak e4e4a7ba67
Capabilities responds considering policies on entities and groups (#3522)
* Capabilities endpoint will now return considering policies on entities and groups

* refactor the policy derivation into a separate function

* Docs: Update docs to reflect the change in capabilities endpoint
2017-11-03 11:20:10 -04:00
Chris Hoffman 16059b4e94
Fix policy lookup when entity is part of multiple groups (#3524) 2017-11-03 07:19:29 -04:00
Vishal Nayak 707e270f54
Added lookup endpoint for entity (#3519)
* Added lookup endpoint for entity

* Address review comments
2017-11-02 16:38:15 -04:00
Vishal Nayak 7bae606662
External identity groups (#3447)
* external identity groups

* add local LDAP groups as well to group aliases

* add group aliases for okta credential backend

* Fix panic in tests

* fix build failure

* remove duplicated struct tag

* add test steps to test out removal of group member during renewals

* Add comment for having a prefix check in router

* fix tests

* s/parent_id/canonical_id

* s/parent/canonical in comments and errors
2017-11-02 16:05:48 -04:00
Jeff Mitchell d229d7d5b0
Redo API locking (#3508)
* Redo the API client quite a bit to make the behavior of NewClient more
predictable and add locking to make it safer to use with Clone() and if
multiple goroutines for some reason decide to change things.

Along the way I discovered that currently, the x/net/http2 package is
broke with the built-in h2 support in released Go. For those using
DefaultConfig (the vast majority of cases) this will be a non-event.
Others can manually call http2.ConfigureTransport as needed. We should
keep an eye on commits on that repo and consider more updates before
release. Alternately we could go back revisions but miss out on bug
fixes; my theory is that this is not a purposeful break and I'll be
following up on this in the Go issue tracker.

In a few tests that don't use NewTestCluster, either for legacy or other
reasons, ensure that http2.ConfigureTransport is called.

* Use tls config cloning

* Don't http2.ConfigureServer anymore as current Go seems to work properly without requiring the http2 package

* Address feedback
2017-11-02 09:30:04 -05:00
Jeff Mitchell 1ba4e828b4
Ensure revocation happens before seal/step-down since token store isn't (#3500)
available after when using single-use tokens.

Fixes #3497
2017-11-02 08:47:02 -05:00
Jeff Mitchell 3be99466d6
Change some instances of adding headers to setting headers, since really (#3501)
we want to replace anything that might be there (e.g. for request
forwarding and content-type).

Hopefully fixes #3485
2017-11-02 07:31:50 -05:00
Chris Hoffman 3d8d887676
Add ability to require parameters in ACLs (#3510) 2017-11-02 07:18:49 -04:00
Jeff Mitchell e670447947 Use an atomic store in expiration loading test to fix race detector 2017-11-01 15:52:59 -04:00
Vishal Nayak 859cdd35fd
fix deadlock while loading groups (#3515) 2017-11-01 14:14:21 -04:00
Jeff Mitchell d548181d50
Fix memory leak when a connection would hit the cluster port and go away (#3513) 2017-10-31 20:58:45 -05:00
Jeff Mitchell bb924a404f Update seal type names 2017-10-27 17:28:50 -04:00
Jeff Mitchell 03cd40345f Properly format autogenerated clusteraddr 2017-10-25 14:43:05 -04:00
Jeff Mitchell d9bef0abca Update storedBarrierKeysPath name 2017-10-25 11:59:02 -04:00
Jeff Mitchell cf1cf8eee4 If no clusterAddr is given but we have a single synthesized cluster addresses, automatically use it. (#3486) 2017-10-24 16:58:53 -04:00
Seth Vargo c5665920f6
Standardize on "auth method"
This removes all references I could find to:

- credential provider
- authentication backend
- authentication provider
- auth provider
- auth backend

in favor of the unified:

- auth method
2017-10-24 09:32:15 -04:00
Jeff Mitchell a80791ce7e Update proto 2017-10-23 17:45:05 -04:00
Jeff Mitchell d38a699c32 Make compile 2017-10-23 17:15:56 -04:00
Jeff Mitchell 8e9317792d Fix some merge/update bugs 2017-10-23 16:49:46 -04:00
Jeff Mitchell c144f95be0 Sync over 2017-10-23 16:43:07 -04:00
Jeff Mitchell aaa1094240 Remove extra curly brace 2017-10-23 16:06:27 -04:00
Jeff Mitchell b7ffe7ec99 Sync over 2017-10-23 16:03:36 -04:00
Jeff Mitchell 3c6fe40a91 Sync 2017-10-23 15:35:28 -04:00
Jeff Mitchell d7c5a3acfc Remove some diffing cruft 2017-10-23 15:13:04 -04:00
Jeff Mitchell 40643aa14c Remove some old policy upgrade code 2017-10-23 15:11:29 -04:00
Jeff Mitchell 47dae8ffc7 Sync 2017-10-23 14:59:37 -04:00
Jeff Mitchell d6a9a770c1 Sync some seal testing stuff 2017-10-23 13:42:04 -04:00
Jeff Mitchell 14b832fde0 Sync some changes 2017-10-23 12:50:34 -04:00
Chris Hoffman e4065e33d2 copying general purpose tools from transit backend to /sys/tools (#3391) 2017-10-20 10:59:17 -04:00
Seth Vargo 6fd9d11c79 Allow more complex errors from plugins (no interface change) (#3444)
* Allow more complex errors from plugins

This enables more complex types to be registered and returned from plugins.

*  Register common error types

This is a slightly less drastic change, which keeps the HTTPCodedError
as an interface.

* Remove replication error from list
2017-10-19 13:29:59 -07:00
Vishal Nayak ea1f552d48 set entity id on the token (#3468) 2017-10-18 13:23:05 -04:00
Vishal Nayak 6f531986c4 remove premium version checks for identity store (#3462) 2017-10-17 14:08:51 -04:00
Vishal Nayak f7ed6732a5 Porting identity store (#3419)
* porting identity to OSS

* changes that glue things together

* add testing bits

* wrapped entity id

* fix mount error

* some more changes to core

* fix storagepacker tests

* fix some more tests

* fix mount tests

* fix http mount tests

* audit changes for identity

* remove upgrade structs on the oss side

* added go-memdb to vendor
2017-10-11 10:21:20 -07:00
Chris Hoffman 375587fbf2 Removing reset of quit channel (#3376) 2017-09-26 20:29:42 -04:00
Chris Hoffman 1029ad3b33 Rename "generic" secret backend to "kv" (#3292) 2017-09-15 09:02:29 -04:00
Chris Hoffman 9d73c81f38 Disable the sys/raw endpoint by default (#3329)
* disable raw endpoint by default

* adding docs

* config option raw -> raw_storage_endpoint

* docs updates

* adding listing on raw endpoint

* reworking tests for enabled raw endpoints

* root protecting base raw endpoint
2017-09-15 00:21:35 -04:00
Chris Hoffman 91338d7aa2 Adding latency injector option to -dev mode for storage operations (#3289) 2017-09-11 14:49:08 -04:00
Chris Hoffman 2002543245 Switching atomic vars to int32 to address panic on some architectures (#3314) 2017-09-11 11:17:22 -04:00
Jeff Mitchell 675cbe1bcd Handle expiration manager being nil 2017-09-05 12:01:02 -04:00
Chris Hoffman 71952b7738 ExpirationManager restoration to load in the background (#3260) 2017-09-05 11:09:00 -04:00
Jeff Mitchell dae06d9a0e Simplify a lot of the mount tuning code (#3285) 2017-09-05 10:57:25 -04:00
Brian Kassouf a8d9426d9f Update locking components from DR replication changes (#3283)
* Update locking components from DR replication changes

* Fix plugin backend test

* Add a comment about needing the statelock:
2017-09-04 19:38:37 -04:00
Jeff Mitchell d7e933a072 Fix inverted skipinit logic 2017-09-04 18:39:57 -04:00
Jeff Mitchell 4785e56283 Fix nil pointer on test 2017-09-04 18:08:56 -04:00
Jeff Mitchell 0da8fa412d DoNotInit -> SkipInit 2017-09-04 16:29:43 -04:00
Jeff Mitchell cbb0313f78 Add option to NewTestCluster to not init 2017-09-04 16:28:21 -04:00
Calvin Leung Huang 48263622cb Add comment to the reason behind mounting a nil backend for plugin mounts during setup 2017-09-01 12:26:31 -04:00
Calvin Leung Huang a581e96b78 Lazy-load plugin mounts (#3255)
* Lazy load plugins to avoid setup-unwrap cycle

* Remove commented blocks

* Refactor NewTestCluster, use single core cluster on basic plugin tests

* Set c.pluginDirectory in TestAddTestPlugin for setupPluginCatalog to work properly

* Add special path to mock plugin

* Move ensureCoresSealed to vault/testing.go

* Use same method for EnsureCoresSealed and Cleanup

* Bump ensureCoresSealed timeout to 60s

* Correctly handle nil opts on NewTestCluster

* Add metadata flag to APIClientMeta, use meta-enabled plugin when mounting to bootstrap

* Check metadata flag directly on the plugin process

* Plumb isMetadataMode down to PluginRunner

* Add NOOP shims when running in metadata mode

* Remove unused flag from the APIMetadata object

* Remove setupSecretPlugins and setupCredentialPlugins functions

* Move when we setup rollback manager to after the plugins are initialized

* Fix tests

* Fix merge issue

* start rollback manager after the credential setup

* Add guards against running certain client and server functions while in metadata mode

* Call initialize once a plugin is loaded on the fly

* Add more tests, update basic secret/auth plugin tests to trigger lazy loading

* Skip mount if plugin removed from catalog

* Fixup

* Remove commented line on LookupPlugin

* Fail on mount operation if plugin is re-added to catalog and mount is on existing path

* Check type and special paths on startBackend

* Fix merge conflicts

* Refactor PluginRunner run methods to use runCommon, fix TestSystemBackend_Plugin_auth
2017-09-01 01:02:03 -04:00
Jeff Mitchell 4ec737b013 Don't append a trailing slash to the request path if it doesn't actually help find something (#3271) 2017-08-31 16:50:03 -04:00
Calvin Leung Huang 6f417d39da Normalize plugin_name option for mount and enable-auth (#3202) 2017-08-31 12:16:59 -04:00
Jeff Mitchell 3edb337a00 Add option to set cluster TLS cipher suites. (#3228)
* Add option to set cluster TLS cipher suites.

Fixes #3227
2017-08-30 16:28:23 -04:00
Jeff Mitchell 654e7d92ac Properly lowercase policy names. (#3210)
Previously we lowercased names on ingress but not on lookup or delete
which could cause unexpected results. Now, just unilaterally lowercase
policy names on write and delete. On get, to avoid the performance hit
of always lowercasing when not necessary since it's in the critical
path, we have a minor optimization -- we check the LRU first before
normalizing. For tokens, because they're already normalized when adding
policies during creation, this should always work; it might just be
slower for API calls.

Fixes #3187
2017-08-18 19:47:23 -04:00
Jeff Mitchell 411419cbf8 plugins/backend/reload -> plugins/reload/backend (#3186) 2017-08-16 12:40:38 -04:00
Jeff Mitchell c34a5b2e93 * Add ability to specify a plugin dir in dev mode (#3184)
* Change (with backwards compatibility) sha_256 to sha256 for plugin
registration
2017-08-16 11:17:50 -04:00
Calvin Leung Huang 86ea7e945d Add plugin auto-reload capability (#3171)
* Add automatic plugin reload

* Refactor builtin/backend

* Remove plugin reload at the core level

* Refactor plugin tests

* Add auto-reload test case

* Change backend to use sync.RWMutex, fix dangling test plugin processes

* Add a canary to plugin backends to avoid reloading many times (#3174)

* Call setupPluginCatalog before mount-related operations in postUnseal

* Don't create multiple system backends since core only holds a reference (#3176)

to one.
2017-08-15 22:10:32 -04:00
Jeff Mitchell 48bf1d6edc Add core sealing to test cluster shutdown 2017-08-15 17:06:38 -04:00
Jeff Mitchell c864c0bad5 Return 500 if existence check fails, not 400 (#3173)
Fixes #3162
2017-08-15 16:44:16 -04:00
Chris Hoffman 6092538511 splitting cache into transactional and non-transactional cache structs (#3132) 2017-08-08 20:47:14 -04:00
Calvin Leung Huang 6853d80212 Add plugin backend reload capability (#3112)
* Add plugin reload capability on all mounts for a specific plugin type

* Comments cleanup

* Add per-mount plugin backend reload, add tests

* Fix typos

* Remove old comment

* Reuse existing storage view in reloadPluginCommon

* Correctly handle reloading auth plugin backends

* Update path to plugin/backend/reload

* Use multierrors on reloadMatchingPluginMounts, attempt to reload all mounts provided

* Use internal value as check to ensure plugin backend reload

* Remove connection state from request for plugins at the moment

* Minor cleanup

* Refactor tests
2017-08-08 00:18:59 -04:00
Jeff Mitchell 691d00149a Fix exporting stdAllowedHeaders 2017-08-07 15:02:08 -04:00
Aaron Salvo ad1d74cae0 Set allowed headers via API instead of defaulting to wildcard. (#3023) 2017-08-07 10:03:30 -04:00
Tony Cai 12a1681122 Fix minor typo (#3120) 2017-08-07 09:52:49 -04:00
Jeff Mitchell c2c908cdc0 Unlock the statelock on unsuccessful sealInitCommon 2017-08-04 16:49:31 -04:00
Jeff Mitchell 3ef2113be9 Remove a couple unneeded cancels 2017-08-04 16:47:04 -04:00
Jeff Mitchell ae75312185 Make seal/stepdown functions async internally so they can poke the request context 2017-08-04 16:42:51 -04:00
Jeff Mitchell fdaaaadee2 Migrate physical backends into separate packages (#3106) 2017-08-03 13:24:27 -04:00
Calvin Leung Huang db9d9e6415 Store original request path in WrapInfo (#3100)
* Store original request path in WrapInfo as CreationPath

* Add wrapping_token_creation_path to CLI output

* Add CreationPath to AuditResponseWrapInfo

* Fix tests

* Add and fix tests, update API docs with new sample responses
2017-08-02 18:28:58 -04:00
Brian Kassouf e0713b307d Add Testing Interface to test helpers (#3091)
* Add testing interface

* Add vendored files
2017-08-01 11:07:08 -07:00
Jeff Mitchell d0f329e124 Add leader cluster address to status/leader output. (#3061)
* Add leader cluster address to status/leader output. This helps in
identifying a particular node when all share the same redirect address.

Fixes #3042
2017-07-31 18:25:27 -04:00
Jeff Mitchell 2b05ab962c Use certIPs in all test certs, not just CA 2017-07-31 17:35:51 -04:00
Jeff Mitchell a9b1d699d0 Make sys/wrapping/lookup unauthenticated. (#3084)
We still perform validation on the token, so if the call makes it
through to this endpoint it's got a valid token (either explicitly
specified in data or as the request token). But this allows
introspection for sanity/safety checking without revoking the token in
the process.
2017-07-31 16:16:16 -04:00
Jeff Mitchell 5074ccb9f3 Fix up tests 2017-07-31 15:31:44 -04:00
Jeff Mitchell 474f008b2d Clean up plugin tests with CA info 2017-07-31 15:09:19 -04:00
Jeff Mitchell 1b603b8e22 Validate opts is not nil in NewTestCluster 2017-07-31 12:13:29 -04:00
Jeff Mitchell 1bfc6d4fe7 Add a -dev-three-node option for devs. (#3081) 2017-07-31 11:28:06 -04:00
Jeff Mitchell 935b6d7b5c Fix error message formatting and response body 2017-07-27 11:44:56 -04:00
Jeff Mitchell 0a2ac3160d Recover during a request forward.
gRPC doesn't have a handler for recovering from a panic like a normal
HTTP request so a panic will actually kill Vault's listener. This
basically copies the net/http logic for managing this.

The SSH-specific logic is removed here as the underlying issue is caused
by the request forwarding mechanism.
2017-07-27 11:44:56 -04:00
Lars Lehtonen b851d88d68 fix swallowed error in vault package. (#2993) 2017-07-26 12:15:54 -04:00
Chris Hoffman b89114b011 root protect /sys/revoke-force/* (#2876) 2017-07-25 11:59:43 -04:00
Calvin Leung Huang bb54e9c131 Backend plugin system (#2874)
* Add backend plugin changes

* Fix totp backend plugin tests

* Fix logical/plugin InvalidateKey test

* Fix plugin catalog CRUD test, fix NoopBackend

* Clean up commented code block

* Fix system backend mount test

* Set plugin_name to omitempty, fix handleMountTable config parsing

* Clean up comments, keep shim connections alive until cleanup

* Include pluginClient, disallow LookupPlugin call from within a plugin

* Add wrapper around backendPluginClient for proper cleanup

* Add logger shim tests

* Add logger, storage, and system shim tests

* Use pointer receivers for system view shim

* Use plugin name if no path is provided on mount

* Enable plugins for auth backends

* Add backend type attribute, move builtin/plugin/package

* Fix merge conflict

* Fix missing plugin name in mount config

* Add integration tests on enabling auth backend plugins

* Remove dependency cycle on mock-plugin

* Add passthrough backend plugin, use logical.BackendType to determine lease generation

* Remove vault package dependency on passthrough package

* Add basic impl test for passthrough plugin

* Incorporate feedback; set b.backend after shims creation on backendPluginServer

* Fix totp plugin test

* Add plugin backends docs

* Fix tests

* Fix builtin/plugin tests

* Remove flatten from PluginRunner fields

* Move mock plugin to logical/plugin, remove totp and passthrough plugins

* Move pluginMap into newPluginClient

* Do not create storage RPC connection on HandleRequest and HandleExistenceCheck

* Change shim logger's Fatal to no-op

* Change BackendType to uint32, match UX backend types

* Change framework.Backend Setup signature

* Add Setup func to logical.Backend interface

* Move OptionallyEnableMlock call into plugin.Serve, update docs and comments

* Remove commented var in plugin package

* RegisterLicense on logical.Backend interface (#3017)

* Add RegisterLicense to logical.Backend interface

* Update RegisterLicense to use callback func on framework.Backend

* Refactor framework.Backend.RegisterLicense

* plugin: Prevent plugin.SystemViewClient.ResponseWrapData from getting JWTs

* plugin: Revert BackendType to remove TypePassthrough and related references

* Fix typo in plugin backends docs
2017-07-20 13:28:40 -04:00
Brian Kassouf b04e0a7a2a Dynamically load and invalidate the token store salt (#3021)
* Dynaically load and invalidate the token store salt

* Pass salt function into the router
2017-07-18 09:02:03 -07:00
Jeff Mitchell 96dbc98815 Add metrics counters for audit log failures (#3001)
Fixes #2863
2017-07-14 11:03:56 -04:00
Jeff Mitchell f3f4452334 Revert "Remove wrapping/wrap from default policy and add a note about guarantees (#2957)" (#3008)
This reverts commit b2d2459711d9cb7552daf1cc2330c07d31ef4f51.
2017-07-13 18:47:29 -04:00
Jeff Mitchell 2c6b7db279 Remove wrapping/wrap from default policy and add a note about guarantees (#2957) 2017-07-13 15:29:04 -07:00
Chris Hoffman d481e65c5a Cleaning up logical and auth unmount functions (#2994) 2017-07-13 10:57:14 -07:00
Chris Hoffman 6651f3aa33 checking for nil backends before attempting to rollback on a backend (#2997) 2017-07-12 13:12:55 -07:00
Chris Hoffman 8c179c246f Fixing reverse storage prefix lookup for auth entries (#2967)
* fixing reverse storage prefix for auth entries

* adding test
2017-07-04 14:00:36 -04:00
Lars Lehtonen d0a3f07b07 Stop Vault Package Tests From Swallowing Errors (#2960)
* Fix ignored error in TestAESGCMBarrier_MoveIntegrityV1().

* Fix ignored error in TestAESGCMBarrier_MoveIntegrityV2().

* Fix ignored err in TestExpiration_Tidy().

* Fix ignored error in TestSystemBackend_policyCRUD().
2017-07-04 13:58:28 -04:00
Jeff Mitchell 753b68fa1b Port TestCluster changes from proxy branch 2017-07-03 14:54:01 -04:00
vishalnayak 79b5d2f5bb fix token store tests 2017-07-01 16:06:15 -04:00
vishalnayak e0404d17e9 fix router tests 2017-06-30 22:06:17 -04:00
vishalnayak 3f9ec7a2e2 fix expiration tests 2017-06-30 21:31:27 -04:00
Jeff Mitchell e52ec0aacf Bring TestCluster_ListenForRequests port numbers in line with spread out ports from earlier change 2017-06-30 13:31:57 -04:00
Vishal Nayak 4b26425609 Input validation for router mount (#2942)
* Added input validation for router mount

* Add path and type in returned errors
2017-06-29 17:00:13 -04:00
Jeff Mitchell 034a1f91be Fix missed 10->100 conversion in tests 2017-06-29 01:45:48 -04:00
Jeff Mitchell 4502b649c6 Use more separation between test cluster ports for OSX' sake 2017-06-29 00:29:17 -04:00
Jeff Mitchell d169918465 Create and persist human-friendly-ish mount accessors (#2918) 2017-06-26 18:14:36 +01:00
Jeff Mitchell a71cb52f1b Don't allow overriding token ID with the same token ID (#2917)
Fixes #2916
2017-06-24 01:52:48 +01:00
Jeff Mitchell d55d75a79f Convert listener arguments to map[string]interface{} (#2905)
This allows people to use more natural constructs, e.g. for tls_disable
it can be a bool, int, or string.
2017-06-22 20:29:53 +01:00
Jeff Mitchell 286392c2a2 Fix tests 2017-06-21 11:19:38 -04:00
Jeff Mitchell c414a525d2 Fix panic when attempting to renew auth token via sys/leases/renew (#2901)
This could occur when using the lease ID; this is unsupported but wasn't
checking for the existence of a secret in the lease.
2017-06-21 16:00:39 +01:00
Jeff Mitchell 069764ea8f Add option to have dev mode generic backend return leases 2017-06-21 10:42:50 -04:00
Chris Hoffman 7e7d766e21 Exclude /sys/leases/renew from registering with expiration manager (#2891)
* exclude /sys/leases/renew from registering with expiration manager

* adding sys/leases/renew to return full secret object, adding tests to catch renew errors
2017-06-20 12:34:00 -04:00
Jeff Mitchell fade02bb43 Fix root paths test 2017-06-17 01:51:42 -04:00
Jeff Mitchell cf7d56e8f3 Fix up CORS.
Ref #2021
2017-06-17 01:26:25 -04:00
Aaron Salvo 0303f51b68 Cors headers (#2021) 2017-06-17 00:04:55 -04:00
Jeff Mitchell 43d7547235 Address review feedback 2017-06-16 23:54:49 -04:00
vishalnayak 186e4af95e Fix the test error message 2017-06-16 23:54:49 -04:00
vishalnayak 4fe7fc4ef9 Added utility on router to fetch mount entry using its ID 2017-06-16 23:54:49 -04:00
Jeff Mitchell ab5014534e Clone policy permissions and then use existing values rather than policy values for modifications (#2826)
Should fix #2804
2017-06-07 13:49:51 -04:00
Brian Rodgers e9b52ed928 Log auth info on permission denied due to ACL (#2754) 2017-06-05 18:04:31 -04:00
Jeff Mitchell 605d74d889 Don't try to clean up upgrades if we're sealed 2017-06-05 16:00:56 -04:00
Jeff Mitchell fb9029e3dd Log heartbeat stopping 2017-06-05 15:57:04 -04:00
Jeff Mitchell f7df60b131 Allow accessing Warnings directly in Response. (#2806)
A change in copystructure has caused some panics due to the custom copy
function. I'm more nervous about production panics than I am about
keeping some bad code wiping out some existing warnings, so remove the
custom copy function and just allow direct setting of Warnings.
2017-06-05 10:52:43 -04:00
Jeff Mitchell 88c0367fa6 Add grpc keepalives as a fallback option for our heartbeating 2017-05-26 13:32:13 -04:00
Vishal Nayak 3696c9b779 Input checks for policy rules (#2771)
* Input checks for policy rules

* Address review feedback
2017-05-26 10:48:41 -04:00
Jeff Mitchell 72a5b5e23b Fix tests 2017-05-25 09:00:49 -04:00
Jeff Mitchell df33f70df4 Heartbeat immediately upon connection 2017-05-24 21:45:51 -04:00
Jeff Mitchell 3d7db4248f Rename peer cluster cache 2017-05-24 21:10:32 -04:00
Jeff Mitchell 5c230c796b Add peer cluster address cache 2017-05-24 20:51:53 -04:00
Jeff Mitchell bbe27aaedf Add heartbeating and cluster address sharing to request forwarding (#2762) 2017-05-24 15:06:56 -04:00
Jeff Mitchell 9d4801b1e8 Revert grpc back a version (they introduced a panic) and clean up a bunch of old request forwarding stuff 2017-05-24 10:38:48 -04:00
Jeff Mitchell 0d4e7fba69 Remove non-gRPC request forwarding 2017-05-24 09:34:59 -04:00
Jeff Mitchell 7cc72a9066 Delay salt initialization for audit backends 2017-05-23 20:36:20 -04:00
emily aa40d2cff6 add gofmt checks to Vault and format existing code (#2745) 2017-05-19 08:34:17 -04:00
Jeff Mitchell 858deb9ca4 Don't allow parent references in file paths 2017-05-12 13:52:33 -04:00
Jeff Mitchell d25aa9fc21 Don't write salts in initialization, look up on demand (#2702) 2017-05-09 17:51:09 -04:00
Jeff Mitchell 76ca5fc377 Allow non-strings to be used to set ttl field in generic. (#2699) 2017-05-09 14:05:00 -04:00
Jeff Mitchell 5b3d80042e Fix mount test 2017-05-09 09:49:45 -04:00
Jeff Mitchell e3c8be72cc Fix local check on singleton required mounts 2017-05-09 08:36:10 -04:00
Jeff Mitchell e0c2b37c2a Add commenting to singletonMountTables 2017-05-08 13:39:18 -04:00
Jeff Mitchell f50d345fa3 Fix imports.
Closes #2688
2017-05-08 10:23:29 -04:00
Jeff Mitchell 726bd6f379 Don't load a required mount if in secondary mode, let sync invalidate do that 2017-05-05 19:40:26 -04:00
Jeff Mitchell 3aafb3270c Move singleton mount fetching function to mount.go and fix tests 2017-05-05 17:20:30 -04:00
Jeff Mitchell b53331d345 Add token to singleton mounts 2017-05-05 16:45:48 -04:00
Jeff Mitchell 6f6f242061 Add logic to skip initialization in some cases and some invalidation logic 2017-05-05 15:01:52 -04:00
vishalnayak fa201f2505 auth/token/tidy log level update 2017-05-05 11:16:13 -04:00
Jeff Mitchell 55ef4f2566 Merge branch 'master-oss' into sys-tidy-leases 2017-05-05 10:53:41 -04:00
Jeff Mitchell b482043de1 Update debugging around tidy 2017-05-05 10:48:12 -04:00
Jeff Mitchell 91e790867f Address feedback 2017-05-05 10:26:40 -04:00
Brian Kassouf 2d6dfbf147 Don't store the plugin directory prepended command in the barrier, prepend on get 2017-05-04 12:36:06 -07:00
Brian Kassouf 5ee0d696d4 Merge remote-tracking branch 'oss/master' into database-refactor 2017-05-04 10:45:18 -07:00
Jeff Mitchell b568ea751b Move client token check in exp register to top 2017-05-04 12:45:57 -04:00
Jeff Mitchell abd63096f8 Update comments 2017-05-04 12:44:31 -04:00
vishalnayak 1a02f9be11 Fix up the tests 2017-05-04 12:41:15 -04:00
vishalnayak 5683430cb7 Update Tidy function comment 2017-05-04 12:11:00 -04:00
Jeff Mitchell d74b1b284a Update commenting 2017-05-04 11:54:57 -04:00
Jeff Mitchell 9a91700263 Move tidy-leases to leases/tidy 2017-05-04 09:40:11 -04:00
Jeff Mitchell f8295a301d Merge branch 'master-oss' into sys-tidy-leases 2017-05-04 09:37:52 -04:00
Chris Hoffman 3d9cf89ad6 Add the ability to view and list of leases metadata (#2650) 2017-05-03 22:03:42 -04:00
Jeff Mitchell 7250b3d01e Fix comment typo 2017-05-03 20:25:55 -04:00
Jeff Mitchell b7128f53a8 Add sys/leases/lookup and sys/leases/renew to the default policy 2017-05-03 20:22:16 -04:00
Jeff Mitchell 7f3891c734 Fix substitution of index/child in delete call 2017-05-03 15:09:13 -04:00
Jeff Mitchell 99884a8f13 Merge remote-tracking branch 'oss/master' into sys-tidy-leases 2017-05-03 15:02:42 -04:00
Jeff Mitchell 3b95e751c0 Add more cleanup if a lease fails to register and revoke tokens if registerauth fails 2017-05-03 14:29:57 -04:00
Jeff Mitchell bb6b5f7aa6 Add taint flag for looking up by accessor 2017-05-03 13:08:50 -04:00
vishalnayak a1a0c2950f logging updates 2017-05-03 12:58:10 -04:00
vishalnayak 6aa7f9b7c9 Added logs when deletion fails so we can rely on server logs 2017-05-03 12:47:05 -04:00
vishalnayak bc5d5b7319 consistent logging 2017-05-03 12:45:22 -04:00
Jeff Mitchell 596ad2c8f7 Adhere to tainted status in salted accessor lookup 2017-05-03 12:36:10 -04:00
Jeff Mitchell 5f18b1605a Two things:
1) Ensure that if we fail to generate a lease for a secret we attempt to revoke it

2) Ensure that any lease that is registered should never have a blank token

In theory, number 2 will let us a) find places where this *is* the case, and b) if errors are encountered when revoking tokens due to a blank client token, it suggests that the client token values are being stripped somewhere along the way, which is also instructive.
2017-05-03 12:17:09 -04:00
Jeff Mitchell 0553f7a8d1 change some logging output 2017-05-03 12:14:58 -04:00
Jeff Mitchell c9bd54ad65 Less scary debugging 2017-05-03 11:15:59 -04:00
vishalnayak dd898ed2e1 Added summary logs to help better understand the consequence 2017-05-03 10:54:07 -04:00
vishalnayak 9f682eb9cd Test to check that leases with valid tokens are not being cleaned up 2017-05-02 18:12:03 -04:00
vishalnayak 850cda7861 Added test to check the atomicity of the lease tidy operation 2017-05-02 18:06:59 -04:00
vishalnayak 875658531b Do not duplicate log lines for invalid leases 2017-05-02 17:56:15 -04:00
Brian Kassouf f644c34c5b Remove unused TestCoreUnsealedWithListener function 2017-05-02 14:52:48 -07:00
Brian Kassouf 5e0c03415b Don't need to explictly set redirectAddrs 2017-05-02 14:44:14 -07:00
Brian Kassouf 29d9b831d3 Update the api for serving plugins and provide a utility to pass TLS data for commuinicating with the vault process 2017-05-02 14:40:11 -07:00
vishalnayak 403fd62c61 Check if multiple leases with same invalid token is getting cleaned up 2017-05-02 17:15:26 -04:00
vishalnayak 5f70576715 Added steps to check if invalid token is properly cleaned up 2017-05-02 17:11:35 -04:00
vishalnayak 668595b902 Added a test for tidying of empty token 2017-05-02 16:54:03 -04:00
vishalnayak 68635e8a1c Skip checking the validity of an empty client token 2017-05-02 16:53:41 -04:00
Ben Gadbois 537342f038 Fixing printf (and similar) issues (#2666) 2017-05-01 23:34:10 -04:00
vishalnayak 72d05cd8dd Refactor locking code in lease tidy; add ending debug statements 2017-04-27 16:22:19 -04:00
vishalnayak d8e91ef616 refactor lock handling in token tidy function 2017-04-27 13:48:29 -04:00
vishalnayak f9c1426ac8 Use an atomic lock for tidy operation in token store 2017-04-27 11:41:33 -04:00
vishalnayak ac8aae36fe Distinguish valid and invalid tokens using bool value in cache 2017-04-27 11:31:42 -04:00
vishalnayak 58967c0bbd Merge branch 'oss' into sys-tidy-leases 2017-04-27 11:23:48 -04:00
vishalnayak 749ec4fab1 Some more logging updates 2017-04-27 11:20:55 -04:00
vishalnayak e64ba93d54 Cache only valid tokens 2017-04-27 11:08:11 -04:00
vishalnayak d256248095 Fix logging suggestions; put the policyStore nil check back in 2017-04-27 10:56:19 -04:00
Chris Hoffman 1a60fede58 Updating revoke/renew to prefer PUT method (#2646) 2017-04-27 10:47:43 -04:00
Brian Kassouf 50c0d520e1 Fix revoke tree test 2017-04-26 16:26:48 -07:00
vishalnayak 3fd019574d Fix logging levels 2017-04-26 17:29:04 -04:00
vishalnayak 7c3e20e9c5 Fix the log statements 2017-04-26 17:17:19 -04:00
vishalnayak 671353810b Added caching of looked up tokens 2017-04-26 16:54:48 -04:00
vishalnayak 9025ef16e4 Added logger to token store and logs to tidy function 2017-04-26 16:11:23 -04:00
vishalnayak 27dd95156d Revoke lease that has empty token; added logs 2017-04-26 15:48:28 -04:00
vishalnayak b939d049e4 Added atomic lock to ensure a single tidy operation is in progress 2017-04-26 15:07:58 -04:00
vishalnayak 5909d81b7b Merge branch 'oss' into clean-stale-leases 2017-04-26 15:07:27 -04:00
Jeff Mitchell 4a4c981fb2 Update error message to distinguish tree revocation issue from non-tree 2017-04-26 14:06:45 -04:00
Brian Kassouf b52b410a47 Update test to reflect the correct read response 2017-04-24 21:24:19 -07:00
Brian Kassouf e4e61ec18c return a 404 when no plugin is found 2017-04-24 18:31:27 -07:00
Brian Kassouf cb1f1d418c Only run Abs on the plugin directory if it's set 2017-04-24 16:20:20 -07:00
Brian Kassouf 039bc19dd8 Fix test 2017-04-24 13:48:46 -07:00
Brian Kassouf 5ff317eb8d Update root paths test 2017-04-24 12:47:40 -07:00
Brian Kassouf ce9688ce8c Change MlockDisabled to MlockEnabled 2017-04-24 12:21:49 -07:00
Joel Thompson e06a78a474 Create unified aws auth backend (#2441)
* Rename builtin/credential/aws-ec2 to aws

The aws-ec2 authentication backend is being expanded and will become the
generic aws backend. This is a small rename commit to keep the commit
history clean.

* Expand aws-ec2 backend to more generic aws

This adds the ability to authenticate arbitrary AWS IAM principals using
AWS's sts:GetCallerIdentity method. The AWS-EC2 auth backend is being to
just AWS with the expansion.

* Add missing aws auth handler to CLI

This was omitted from the previous commit

* aws auth backend general variable name cleanup

Also fixed a bug where allowed auth types weren't being checked upon
login, and added tests for it.

* Update docs for the aws auth backend

* Refactor aws bind validation

* Fix env var override in aws backend test

Intent is to override the AWS environment variables with the TEST_*
versions if they are set, but the reverse was happening.

* Update docs on use of IAM authentication profile

AWS now allows you to change the instance profile of a running instance,
so the use case of "a long-lived instance that's not in an instance
profile" no longer means you have to use the the EC2 auth method. You
can now just change the instance profile on the fly.

* Fix typo in aws auth cli help

* Respond to PR feedback

* More PR feedback

* Respond to additional PR feedback

* Address more feedback on aws auth PR

* Make aws auth_type immutable per role

* Address more aws auth PR feedback

* Address more iam auth PR feedback

* Rename aws-ec2.html.md to aws.html.md

Per PR feedback, to go along with new backend name.

* Add MountType to logical.Request

* Make default aws auth_type dependent upon MountType

When MountType is aws-ec2, default to ec2 auth_type for backwards
compatibility with legacy roles. Otherwise, default to iam.

* Pass MountPoint and MountType back up to the core

Previously the request router reset the MountPoint and MountType back to
the empty string before returning to the core. This ensures they get set
back to the correct values.
2017-04-24 15:15:50 -04:00
Brian Kassouf 657d433330 Update the ResponseWrapData function to return a wrapping.ResponseWrapInfo object 2017-04-24 12:15:01 -07:00
Brian Kassouf c4e2ad74c5 Update path for the plugin catalog in logical system 2017-04-24 11:35:32 -07:00
Brian Kassouf 6c8239ba03 Update the builtin keys; move catalog to core; protect against unset plugin directory 2017-04-24 10:30:33 -07:00
Jeff Mitchell 3ba162fea1 List should use a trailing slash 2017-04-21 15:37:43 -04:00
Brian Kassouf 4d0aac963d Fix tests 2017-04-21 10:24:34 -07:00
Brian Kassouf 30b06b593c Fix tests 2017-04-21 09:10:26 -07:00
Brian Kassouf 6f9d178370 Calls to builtin plugins now go directly to the implementation instead of go-plugin 2017-04-20 18:46:41 -07:00
Brian Kassouf af9ff63e9a Merge remote-tracking branch 'oss/master' into database-refactor 2017-04-19 15:16:00 -07:00
Chris Hoffman 847c86f788 Rename ParseDedupAndSortStrings to ParseDedupLowercaseAndSortStrings (#2614) 2017-04-19 10:39:07 -04:00
Brian Kassouf 8ccf10641b Merge branch 'master' into database-refactor 2017-04-12 14:29:10 -07:00
Brian Kassouf 3cd5dd1839 Fix RootPaths test 2017-04-12 14:22:52 -07:00
Brian Kassouf 433004f75e Add test for logical_system plugin-catalog handling 2017-04-12 10:39:18 -07:00
Brian Kassouf c3724c6f17 Add path help and comments for plugin-catalog 2017-04-12 10:01:36 -07:00
Brian Kassouf faaeb09065 Add remaining crud functions to plugin catalog and tests 2017-04-12 09:40:54 -07:00
Brian Kassouf 8071aed758 Mlock the plugin process 2017-04-10 17:12:52 -07:00
Brian Kassouf db91a80540 Update plugin test 2017-04-10 14:12:28 -07:00
Brian Kassouf 93136ea51e Add backend test 2017-04-07 15:50:03 -07:00
Brian Kassouf ca2c3d0c53 Refactor to use builtin plugins from an external repo 2017-04-05 16:20:31 -07:00
Brian Kassouf b071144c67 move builtin plugins list to the pluginutil 2017-04-05 11:00:13 -07:00
Brian Kassouf 11abcd52e6 Add a cli command to run builtin plugins 2017-04-04 17:12:02 -07:00
Brian Kassouf 0034074691 Execute builtin plugins 2017-04-04 14:43:39 -07:00
Jeff Mitchell 709389dd36 Use ParseStringSlice on PKI organization/organizational unit. (#2561)
After, separately dedup and use new flag to not lowercase value.

Fixes #2555
2017-04-04 08:54:18 -07:00
Brian Kassouf e8781b6a2b Plugin catalog 2017-04-03 17:52:29 -07:00
Brian Kassouf 29ae4602dc More work on getting tests to pass 2017-03-23 15:54:15 -07:00
Brian Kassouf eb6117cbb2 Work on TLS communication over plugins 2017-03-15 17:14:48 -07:00
Vishal Nayak 5a6193a56e Audit: Add token's use count to audit response (#2437)
* audit: Added token_num_uses to audit response

* Fixed jsonx tests

* Revert logical auth to NumUses instead of TokenNumUses

* s/TokenNumUses/NumUses

* Audit: Add num uses to audit requests as well

* Added RemainingUses to distinguish NumUses in audit requests
2017-03-08 17:36:50 -05:00
Jeff Mitchell f03d500808 Add option to disable caching per-backend. (#2455) 2017-03-08 09:20:09 -05:00
vishalnayak f54ff0f842 Add locking where possible while doing auth/token/tidy 2017-03-07 16:06:05 -05:00
vishalnayak 3522b67e14 Added sys/tidy-leases endpoint 2017-03-07 15:50:17 -05:00
Jeff Mitchell 3d162b63cc Use locks in a slice rather than a map, which is faster and makes things cleaner (#2446) 2017-03-07 11:21:32 -05:00
Jeff Mitchell 5119b173c4 Rename helper 'duration' to 'parseutil'. (#2449)
Add a ParseBool function that accepts various kinds of ways of
specifying booleans.

Have config use ParseBool for UI and disabling mlock/cache.
2017-03-07 11:21:22 -05:00
Jeff Mitchell 8462d945d3 Add some nil checks to mounting 2017-03-04 16:43:18 -05:00
Jeff Mitchell e7f418c903 Fix poison pill location 2017-03-04 10:21:27 -05:00
Brian Kassouf e62f5dbc31 Allowed/Denied parameters support for globs (#2438)
* Add check for globbed strings

* Add tests for the acl globbing

* Fix bad test case
2017-03-03 14:50:55 -08:00
Jeff Mitchell 25428971c8 Add poison pill 2017-03-03 15:05:25 -05:00
Vishal Nayak 491a56fe9f AppRole: Support restricted use tokens (#2435)
* approle: added token_num_uses to the role

* approle: added RUD tests for token_num_uses on role

* approle: doc: added token_num_uses
2017-03-03 09:31:20 -05:00
Jeff Mitchell a585f709d3 Understand local when persisting mount tables, to avoid invalidations when not necessary (#2427) 2017-03-02 14:37:59 -05:00
Jeff Mitchell bb05f2d8f8 Fix double-lock 2017-03-02 10:54:31 -05:00
Jeff Mitchell 31cddc43e1 Use own mutex for updating cluster parameters and fix leader UUID bug 2017-03-02 10:50:54 -05:00
Jeff Mitchell beb3067787 Add some trace level information about new cluster status 2017-03-02 10:21:35 -05:00
Jeff Mitchell 36c84df326 Large update to request forwarding handling. (#2426) 2017-03-02 10:03:49 -05:00
Jeff Mitchell 90389323a2 Some more forwarding client cleanup 2017-03-01 20:59:20 -05:00
Jeff Mitchell b1c2a930fe Clean up request forwarding logic 2017-03-01 18:17:06 -05:00
Brian Kassouf 259e686d4c Update TestSeal to ignore setting the config to nil 2017-03-01 14:10:06 -08:00
Jeff Mitchell 00cfaf7f64 Rejig signature of last remote wal 2017-03-01 12:42:10 -05:00
Jeff Mitchell 6ebb2cc958 Add last remote WAL bits 2017-03-01 12:40:36 -05:00
Jeff Mitchell f2282247ef Add seal cache purging back into postUnseal 2017-02-28 18:36:28 -05:00
Jeff Mitchell 09543dceeb Rejig core standby logic to check validity of barrier during active transition 2017-02-28 18:17:30 -05:00
Jeff Mitchell 7f0a99e8eb Add max/min wrapping TTL ACL statements (#2411) 2017-02-27 14:42:00 -05:00
Jeff Mitchell 2cc0906b33 Fix breakage for HTTP2 support due to changes in wrapping introduced in 1.8 (#2412) 2017-02-27 12:49:35 -05:00