luxolus/open-vault
2
0
Fork 0
Code Issues 1 Pull requests Releases Activity
6894 commits 1 branch 0 tags 214 MiB
Commit graph

309 commits

Author SHA1 Message Date
Jeff Mitchell 69eb5066dd Multi value test seal (#2281) 2017-01-17 15:43:10 -05:00
Jeff Mitchell dd0e44ca10 Add nonce to unseal to allow seeing if the operation has reset (#2276) 2017-01-17 11:47:06 -05:00
vishalnayak ba180a8e2b rekey: pgp keys input validation 2017-01-12 00:05:41 -05:00
vishalnayak adb6ac749f init: pgp-keys input validations 2017-01-11 23:32:38 -05:00
Jeff Mitchell 3129187dc2 JWT wrapping tokens (#2172) 2017-01-04 16:44:03 -05:00
Félix Cantournet 103b7ceab2 all: test: Fix govet warnings 
Fix calls to t.Fatal() with formatting.
Fixed some calls to Fatalf() with wrong formatting
 2016-12-21 19:44:07 +01:00
Vishal Nayak e3f56f375c Add 'no-store' response header from all the API outlets (#2183) 2016-12-15 17:53:07 -05:00
Jeff Mitchell f6a84cb84e Don't unilaterally fail with internal status error when help fails, use the given response. Fixes #2153. 2016-12-02 11:22:13 -05:00
Thomas Soëte c29e5c8bad Use 'http.MaxBytesReader' to limit request size (#2131) 
Fix 'connection reset by peer' error introduced by 300b72e
 2016-12-01 10:59:00 -08:00
Armon Dadgar 57ad75071c http: increase request limit from 8MB to 32MB 2016-11-17 12:15:37 -08:00
Armon Dadgar c8dadb46ec http: limit maximum request size 2016-11-17 12:06:43 -08:00
Jeff Mitchell 97ca3292a4 Set number of pester retries to zero by default and make seal command… (#2093) 
* Set number of pester retries to zero by default and make seal command return 403 if unauthorized instead of 500

* Fix build

* Use 403 instead and update test

* Change another 500 to 403
 2016-11-16 14:08:09 -05:00
Vishal Nayak b3c805e662 Audit the client token accessors (#2037) 2016-10-29 17:01:49 -04:00
vishalnayak 6d1e1a3ba5 Pulled out transit's lock manager and policy structs into a helper 2016-10-26 19:52:31 -04:00
Jeff Mitchell 5657789627 Audit unwrapped response (#1950) 2016-09-29 12:03:47 -07:00
Jeff Mitchell b45a481365 Wrapping enhancements (#1927) 2016-09-28 21:01:28 -07:00
Jeff Mitchell f0203741ff Change default TTL from 30 to 32 to accommodate monthly operations (#1942) 2016-09-28 18:32:49 -04:00
Jeff Mitchell 6bf871995b Don't use time.Time in responses. (#1912) 
This fixes #1911 but not directly; it doesn't address the cause of the
panic. However, it turns out that this is the correct fix anyways,
because it ensures that the value being logged is RFC3339 format, which
is what the time turns into in JSON but not the normal time string
value, so what we audit log (and HMAC) matches what we are returning.
 2016-09-23 12:32:07 -04:00
Jeff Mitchell 722e26f27a Add support for PGP encrypting the initial root token. (#1883) 2016-09-13 18:42:24 -04:00
Jeff Mitchell 5b79e5c115 Redirect rekey operation from standby to master (#1868) 2016-09-13 11:59:12 -04:00
Jeff Mitchell 7ba006acd9 Remove too-verbose log 2016-09-04 07:43:54 -04:00
Jeff Mitchell 1c6f2fd82b Add response wrapping to list operations (#1814) 2016-09-02 01:13:14 -04:00
vishalnayak 9c78c58948 Remove the string 'Vault' from version information 2016-09-01 14:54:04 -04:00
Jeff Mitchell 7e41d5ab45 Pass headers back when request forwarding (#1795) 2016-08-26 17:53:47 -04:00
Jeff Mitchell 1dbc06029d Remove outdated comment. 2016-08-24 14:16:02 -04:00
Jeff Mitchell b89073f7e6 Error when an invalid (as opposed to incorrect) unseal key is given. (#1782) 
Fixes #1777
 2016-08-24 14:15:25 -04:00
Jeff Mitchell 58b32e5432 Convert to logxi 2016-08-21 18:13:37 -04:00
Jeff Mitchell bdcfe05517 Clustering enhancements (#1747) 2016-08-19 11:03:53 -04:00
Jeff Mitchell c349e697f5 Change uninit/sealed status codes from health endpoint 2016-08-18 12:10:23 -04:00
Jeff Mitchell 5c33356d14 Protobuf for forwarding (#1743) 2016-08-17 16:15:15 -04:00
Jeff Mitchell 62c69f8e19 Provide base64 keys in addition to hex encoded. (#1734) 
* Provide base64 keys in addition to hex encoded.

Accept these at unseal/rekey time.

Also fix a bug where backup would not be honored when doing a rekey with
no operation currently ongoing.
 2016-08-15 16:01:15 -04:00
Jeff Mitchell 37320f8798 Request forwarding (#1721) 
Add request forwarding.
 2016-08-15 09:42:42 -04:00
Jeff Mitchell bcb4ab5422 Add periodic support for root/sudo tokens to auth/token/create 2016-08-12 21:14:12 -04:00
vishalnayak 3895ea4c2b Address review feedback from @jefferai 2016-08-10 15:22:12 -04:00
vishalnayak 95f9c62523 Fix Cluster object being returned as nil when unsealed 2016-08-10 15:09:16 -04:00
Jeff Mitchell 5a1ca832af Merge pull request #1699 from hashicorp/dataonly 
Return sys values in top level normal api.Secret
 2016-08-09 07:17:02 -04:00
Jeff Mitchell 5771a539a5 Add HTTP test for renew and fix muxing 2016-08-08 20:01:08 -04:00
Jeff Mitchell ab71b981ad Add ability to specify renew lease ID in POST body. 2016-08-08 18:00:44 -04:00
Jeff Mitchell 3c2aae215c Fix tests and update mapstructure 2016-08-08 16:00:31 -04:00
Jeff Mitchell 3e6b48cca3 Initial dataonly work. 2016-08-08 11:55:24 -04:00
Jeff Mitchell 82b3d136e6 Don't mark never-expiring root tokens as renewable 2016-08-05 11:15:25 -04:00
Jeff Mitchell 1fc837c22a Fix nil panic in certain error conditions 2016-08-02 14:57:11 -04:00
vishalnayak 4e25e729ee Removed duplicated check in tests 2016-07-29 14:18:53 -04:00
vishalnayak 8b0b0d5922 Add cluster information to 'vault status' 2016-07-29 14:13:53 -04:00
vishalnayak e5e0431393 Added Vault version informationto the 'status' command 2016-07-28 17:37:35 -04:00
Laura Bennett 4d9c909ae4 Merge pull request #1650 from hashicorp/request-uuid 
Added unique identifier to each request. Closes hashicorp/vault#1617
 2016-07-27 09:40:48 -04:00
vishalnayak c17534d527 Fix request_id test failures 2016-07-26 18:30:13 -04:00
vishalnayak 9d4a1b03bc Fix broken tests 2016-07-26 16:53:59 -04:00
Laura Bennett 67801bcf64 uncomment 2016-07-26 16:44:50 -04:00
Laura Bennett fb1b032040 fixing id in buildLogicalRequest 2016-07-26 15:50:37 -04:00
vishalnayak 86446ff67e Error out if cluster information is nil when Vault is unsealed 2016-07-26 15:30:38 -04:00
vishalnayak 6145bed088 Added omitempty to ClusterName and ClusterID 2016-07-26 14:11:32 -04:00
vishalnayak 669bbdfa48 Address review feedback from @jefferai 2016-07-26 14:05:27 -04:00
Laura Bennett ad66bd7502 fixes based proper interpretation of comments 2016-07-26 12:20:27 -04:00
vishalnayak a3e6400697 Remove global name/id. Make only cluster name configurable. 2016-07-26 10:01:35 -04:00
vishalnayak c7dabe4def Storing local and global cluster name/id to storage and returning them in health status 2016-07-26 02:32:42 -04:00
Jeff Mitchell 6c393cf17a Fix tests 2016-07-25 17:05:54 -04:00
Laura Bennett 8d52a96df5 moving id to http/logical 2016-07-25 15:24:10 -04:00
vishalnayak 43d352a942 Add version information to health status 2016-07-22 18:28:16 -04:00
vishalnayak c14235b206 Merge branch 'master-oss' into json-use-number 
Conflicts:
	http/handler.go
	logical/framework/field_data.go
	logical/framework/wal.go
	vault/logical_passthrough.go
 2016-07-15 19:21:55 -04:00
Vishal Nayak 9f1e6c7b26 Merge pull request #1607 from hashicorp/standardize-time 
Remove redundant invocations of UTC() call on `time.Time` objects
 2016-07-13 10:19:23 -06:00
vishalnayak 8269f323d3 Revert 'risky' changes 2016-07-12 16:38:07 -04:00
Jeff Mitchell 5b210b2a1f Return a duration instead and port a few other places to use it 2016-07-11 18:19:35 +00:00
vishalnayak e09b40e155 Remove Unix() invocations on 'time.Time' objects and removed conversion of time to UTC 2016-07-08 18:30:18 -04:00
vishalnayak ad7cb2c8f1 Added JSON Decode and Encode helpers. 
Changed all the occurances of Unmarshal to use the helpers.
Fixed http/ package tests.
 2016-07-06 12:25:40 -04:00
Jeff Mitchell 889ff24ccf Fix up error detection regression to return correct status codes 2016-06-22 17:47:05 -04:00
vishalnayak 0bdeea3a33 Fix the test cases 2016-06-20 18:56:19 -04:00
Jeff Mitchell e925987cb6 Add token accessor to wrap information if one exists 2016-06-13 23:58:17 +00:00
Jeff Mitchell 1de6140d5c Fix mah broken tests 2016-06-10 14:03:56 -04:00
Jeff Mitchell 9f6c5bc02a cubbyhole-response-wrapping -> response-wrapping 2016-06-10 13:48:46 -04:00
Daniel Stelter-Gliese 8b1da1a105 Support HEAD requests to /v1/sys/health 
Some load balancers send HTTP HEAD requests to extract the status code.
 2016-06-09 18:16:28 +02:00
Jeff Mitchell 401456ea50 Add creation time to returned wrapped token info 
This makes it easier to understand the expected lifetime without a
lookup call that uses the single use left on the token.

This also adds a couple of safety checks and for JSON uses int, rather
than int64, for the TTL for the wrapped token.
 2016-06-07 15:00:35 -04:00
Jeff Mitchell 05b0e0a866 Enable audit-logging of seal and step-down commands. 
This pulls the logical request building code into its own function so
that it's accessible from other HTTP handlers, then uses that with some
added logic to the Seal() and StepDown() commands to have meaningful
audit log entries.
 2016-05-20 17:03:54 +00:00
Jeff Mitchell c9aaabe235 Fix missing return after respondError in handleLogical 2016-05-20 15:49:48 +00:00
Jeff Mitchell caf77109ba Add cubbyhole wrapping documentation 2016-05-19 13:33:51 -04:00
Jeff Mitchell c4431a7e30 Address most review feedback. Change responses to multierror to better return more useful values when there are multiple errors 2016-05-16 16:11:33 -04:00
Jeff Mitchell ce5614bf9b Merge branch 'master-oss' into cubbyhole-the-world 2016-05-11 19:29:52 -04:00
Jeff Mitchell aecc3ad824 Add explicit maximum TTLs to token store roles. 2016-05-11 16:51:18 -04:00
Jeff Mitchell c5008bcaac Add more tests 2016-05-07 21:08:13 -04:00
Jeff Mitchell 2295cadbf4 Make WrapInfo a pointer to match secret/auth in response 2016-05-07 19:17:51 -04:00
Jeff Mitchell 09f06554cb Address some review feedback 2016-05-04 16:03:53 -04:00
Jeff Mitchell 99a5b4402d Merge branch 'master-oss' into cubbyhole-the-world 2016-05-04 14:42:14 -04:00
Jeff Mitchell 7e462e566b Check nil keys and respond internal error if it can't be cast to a []string 2016-05-02 20:00:46 -04:00
Jeff Mitchell 16b717022b In a list response, if there are no keys, 404 to be consistent with GET 
and with different backend conditions

Fixes #1365
 2016-05-02 19:38:06 -04:00
Jeff Mitchell aba689a877 Add wrapping through core and change to use TTL instead of Duration. 2016-05-02 00:47:35 -04:00
Jeff Mitchell d81806b446 Add: 
* Request/Response field extension
* Parsing of header into request object
* Handling of duration/mount point within router
* Tests of router WrapDuration handling
 2016-05-02 00:24:32 -04:00
Sean Chittenden aeea7628d6 Add a *log.Logger argument to physical.Factory 
Logging in the backend is a good thing.  This is a noisy interface change but should be a functional noop.
 2016-04-25 20:10:32 -07:00
Jeff Mitchell 98d09b0dc6 Add seal tests and update generate-root and others to handle dualseal. 2016-04-25 19:39:04 +00:00
Jeff Mitchell a4ff72841e Check for seal status when initing and change logic order to avoid defer 2016-04-14 01:13:59 +00:00
Jeff Mitchell afae46feb7 SealInterface 2016-04-04 10:44:22 -04:00
vishalnayak d959ffc301 Rename PrepareRequest to PrepareRequestFunc 2016-03-18 10:37:49 -04:00
vishalnayak fbfe72f286 Removed http/sys_capabilties_test.go 2016-03-18 09:48:45 -04:00
vishalnayak 55f03b5d25 Add separate path for capabilities-self to enable ACL 2016-03-17 22:52:03 -04:00
vishalnayak a70d4d5c9f Deleted http/sys_capabilities.go since the requests are directly going to system backend 2016-03-17 22:44:48 -04:00
vishalnayak 4e6dcfd6d0 Enable callbacks for handling logical.Request changes before processing requests 2016-03-17 22:29:53 -04:00
vishalnayak f1feee9b53 Fix http capabilities tests 2016-03-17 21:03:32 -04:00
vishalnayak 68367f60c8 Fix broken testcases 2016-03-17 21:03:32 -04:00
vishalnayak d348735322 Fix help descriptions 2016-03-17 21:03:32 -04:00
vishalnayak f275cd2e9c Fixed capabilities API to receive logical response 2016-03-17 21:03:32 -04:00
vishalnayak a5d79d587a Refactoring the capabilities function 2016-03-17 21:03:32 -04:00