Commit graph

30 commits

Author SHA1 Message Date
Jeff Mitchell f3ab4971a6 Follow Vault convention on DELETE being idempotent (#1903)
* Follow Vault convention on `DELETE` being idempotent with
audit/auth/mounts deletes (a.k.a. disabling/unmounting).
2016-09-19 13:02:25 -04:00
Jeff Mitchell fffee5611a Rejig locks during unmount/remount. (#1855) 2016-09-13 11:50:14 -04:00
Jeff Mitchell 58b32e5432 Convert to logxi 2016-08-21 18:13:37 -04:00
Laura Bennett fb1b032040 fixing id in buildLogicalRequest 2016-07-26 15:50:37 -04:00
Laura Bennett e5737b6789 initial local commit 2016-07-23 21:46:28 -04:00
vishalnayak ad7cb2c8f1 Added JSON Decode and Encode helpers.
Changed all the occurances of Unmarshal to use the helpers.
Fixed http/ package tests.
2016-07-06 12:25:40 -04:00
Jeff Mitchell a57996ac08 Add to auth/audit too 2016-05-26 13:38:51 -04:00
Jeff Mitchell 9c5ad28632 Update deps, and adjust usage of go-uuid to match new return values 2016-01-13 13:40:08 -05:00
Jeff Mitchell f2da5b639f Migrate 'uuid' to 'go-uuid' to better fit HC naming convention 2015-12-16 12:56:20 -05:00
Jeff Mitchell 1c7157e632 Reintroduce the ability to look up obfuscated values in the audit log
with a new endpoint '/sys/audit-hash', which returns the given input
string hashed with the given audit backend's hash function and salt
(currently, always HMAC-SHA256 and a backend-specific salt).

In the process of adding the HTTP handler, this also removes the custom
HTTP handlers for the other audit endpoints, which were simply
forwarding to the logical system backend. This means that the various
audit functions will now redirect correctly from a standby to master.
(Tests all pass.)

Fixes #784
2015-11-18 20:26:03 -05:00
Jeff Mitchell bc4c18a1cf Rearchitect MountTable locking and fix rollback.
The rollback manager was using a saved MountTable rather than the
current table, causing it to attempt to rollback unmounted mounts, and
never rollback new mounts.

In fixing this, it became clear that bad things could happen to the
mount table...the table itself could be locked, but the table pointer
(which is what the rollback manager needs) could be modified at any time
without locking. This commit therefore also returns locking to a mutex
outside the table instead of inside, and plumbs RLock/RUnlock through to
the various places that are reading the table but not holding a write
lock.

Both unit tests and race detection pass.

Fixes #771
2015-11-11 11:54:52 -05:00
Jeff Mitchell cf4b88c196 Write HMAC-SHA256'd client token to audited requests
Fixes #713
2015-10-29 13:26:18 -04:00
Jeff Mitchell a9155ef85e Use split-out hashicorp/uuid 2015-10-12 14:07:12 -04:00
Jeff Mitchell 8f27c250d6 Fix problematic logging statements.
Fixes #665.
2015-10-02 18:31:46 -07:00
Jeff Mitchell c8a0eda224 Use hmac-sha256 for protecting secrets in audit entries 2015-09-19 11:29:31 -04:00
Jeff Mitchell 5dde76fa1c Expand HMAC support in Salt; require an identifier be passed in to specify type but allow generation with and without. Add a StaticSalt ID for testing functions. Fix bugs; unit tests pass. 2015-09-18 17:38:30 -04:00
Jeff Mitchell b655f6b858 Add HMAC capability to salt. Pass a salt into audit backends. Require it for audit.Hash. 2015-09-18 17:38:22 -04:00
Jeff Mitchell 5de736e69c Implement shallow cloning to allow MountEntry pointers to stay consistent when spread across router/core/system views 2015-09-10 15:09:54 -04:00
Armon Dadgar 8bc99f8c23 helper/uuid: single generateUUID definition 2015-06-30 12:38:32 -07:00
Armon Dadgar add8e1a3fd Fixing merge conflict 2015-06-29 15:19:04 -07:00
Armon Dadgar deeb611ab2 vault: handle a panic while generating audit output 2015-06-29 15:11:35 -07:00
Nate Brown 4ec685dc1a Logging authentication errors and bad token usage 2015-06-18 18:30:18 -07:00
Armon Dadgar 8ebc29d1b9 vault: audit broker profiles each backend 2015-04-08 17:09:36 -07:00
Armon Dadgar 512b3d7afd vault: Adding metrics profiling 2015-04-08 16:43:17 -07:00
Armon Dadgar 56d0b51be0 vault: Reuse mount table methods 2015-04-03 16:00:46 -07:00
Armon Dadgar e4854ca59b vault: Allow deep paths for audit backends 2015-04-03 14:27:33 -07:00
Armon Dadgar cd681d7226 vault: Extending AuditBroker to support new audit methods 2015-04-01 13:55:07 -07:00
Armon Dadgar 7ca462c028 vault: Adding enable/disable audit methods 2015-03-31 15:26:07 -07:00
Armon Dadgar a6bc60c7d6 vault: Adding AuditBroker and basic tests 2015-03-31 13:22:40 -07:00
Armon Dadgar 042db7798e vault: Adding basic audit table load/unload 2015-03-27 14:00:38 -07:00