f022ec97c4
vault: Adding policy LRU cache
2015-04-06 16:41:48 -07:00
493ee49e4d
vault: unify the token renew response
2015-04-06 16:35:39 -07:00
7aee6269f7
vault: pass a logger around to logical backends
2015-04-04 11:39:58 -07:00
246c2839b0
logical/framework: make help look nicer
2015-04-03 21:00:23 -07:00
8ff435ba1a
vault: fix issue with wrong path getting passed through
2015-04-03 20:48:04 -07:00
df8dbe9677
vault: allow mount point queries without trailing /
2015-04-03 20:45:00 -07:00
148fe3d864
vault: Adding Hash function to MountTable
2015-04-03 17:46:57 -07:00
d74c4c1c33
vault: Remove log about rollback
2015-04-03 17:11:24 -07:00
3250bfad0a
vault: test credential unmount does cleanup
2015-04-03 16:15:34 -07:00
82eda2b169
vault: Do early check for missing backend
2015-04-03 16:09:06 -07:00
0dee7d29ec
vault: disable credential backend revokes tokens
2015-04-03 16:07:45 -07:00
56d0b51be0
vault: Reuse mount table methods
2015-04-03 16:00:46 -07:00
683d01e984
vault: Refactor common methods
2015-04-03 15:59:30 -07:00
eaa483ff87
vault: Enforce default and max length leasing
2015-04-03 15:42:34 -07:00
0ba7c64c0f
vault: Verify client token is not passed through in the plain
2015-04-03 15:39:56 -07:00
002b2ad589
vault: Provide salted client token to logical backends
2015-04-03 14:42:39 -07:00
e4854ca59b
vault: Allow deep paths for audit backends
2015-04-03 14:27:33 -07:00
2f3e511507
vault: Allow deep paths for auth mounting
2015-04-03 14:24:00 -07:00
b8d69a357c
vault: Use Auth for lease and renewable
2015-04-03 14:04:50 -07:00
2feba52f40
vault: Adding auth/token/renew endpoint
2015-04-03 12:11:49 -07:00
adaa83b48c
vault: Adding RenewToken to expiration manager
2015-04-03 11:58:10 -07:00
c82fbbb8c3
vault: Support prefix based token revocation
2015-04-03 11:40:08 -07:00
eec6c27fae
vault: Special case auth/token/create
2015-04-02 18:05:23 -07:00
c6479642e9
vault: integrate login with expiration manager
2015-04-02 17:52:11 -07:00
1b19a8ee1b
vault: Rename RegisterLogin to RegisterAuth
2015-04-02 17:45:42 -07:00
d0ac9e5711
vault: Expose SaltID from token store
2015-04-02 17:39:38 -07:00
c54534875a
vault: testing remount cleanup
2015-04-02 12:04:37 -07:00
f397cd3fb1
vault: remount does appropriate cleanup
2015-04-02 12:03:00 -07:00
3a8dc4dff9
vault: Adding Untaint to router
2015-04-02 12:01:53 -07:00
bfe7a1e901
vault: testing unmount cleanup
2015-04-02 11:47:44 -07:00
0b5572a2f7
vault: ensure unmount properly cleans up state
2015-04-02 11:18:06 -07:00
3e427910fb
vault: Support tainting router paths
2015-04-02 11:18:06 -07:00
c718408055
vault: Added MatchingView method
2015-04-02 11:18:06 -07:00
d5e5499ddd
vault: Adding ClearView method
2015-04-02 11:18:05 -07:00
d5403d6673
vault: TODO cleanups
2015-04-01 22:13:08 -07:00
f231a6c67d
vault: rollback supports joining an inflight operation
2015-04-01 22:12:03 -07:00
c3aed5589e
vault: Adding intermediate taint step to unmount
2015-04-01 22:12:03 -07:00
6218c2729d
http: audit endpoints
2015-04-01 18:36:13 -07:00
114c1e1dea
vault: Adding the raw/ endpoints to sys
2015-04-01 17:45:00 -07:00
28bc849fd9
vault: Attach policy name if missing
2015-04-01 17:45:00 -07:00
6933f94acd
vault: Prevent UUID injection on sys mount path
2015-04-01 17:45:00 -07:00
a8912e82d8
enable github
2015-04-01 15:48:56 -07:00
4138e43f00
vault: Adding audit trail for login
2015-04-01 14:48:37 -07:00
3d3e18793b
vault: Integrate audit logging with core
2015-04-01 14:33:48 -07:00
b657b74a97
vault: Minor rework for clarity
2015-04-01 14:11:26 -07:00
c83f46606b
vault: Simpify token checking logic
2015-04-01 14:03:17 -07:00
cd681d7226
vault: Extending AuditBroker to support new audit methods
2015-04-01 13:55:07 -07:00
08a9216aa7
vault: register vault ID even fi no lease
2015-03-31 21:04:10 -07:00
2c9ebecda7
vault: register zero lease entries with the expiration manager
...
/cc @armon - would appreciate a review on this one
2015-03-31 21:01:12 -07:00
aba7fc1910
http: auth handlers
2015-03-31 20:24:51 -07:00
dda8dec5bf
vault: Adding sys/ paths to enable/disable audit backends
2015-03-31 16:45:08 -07:00
7ca462c028
vault: Adding enable/disable audit methods
2015-03-31 15:26:07 -07:00
d817e31d67
vault: Sanity check keys in the barrier view
2015-03-31 13:32:24 -07:00
a6bc60c7d6
vault: Adding AuditBroker and basic tests
2015-03-31 13:22:40 -07:00
0a7df0b3d4
vault: Adding options to mount table
2015-03-31 13:14:08 -07:00
1dcb37c6b6
vault: lookup-self for TokenStore to look up your own store
2015-03-31 12:51:00 -07:00
63f259cc8d
vault: lookup without a token looks up self
2015-03-31 12:50:07 -07:00
6a72ea61d5
vault: convert TokenStore to logical/framework
2015-03-31 12:48:19 -07:00
c8294170cc
vault: test bad key to seal
2015-03-31 10:00:04 -07:00
0666bda865
vault: require root token for seal
2015-03-31 09:59:02 -07:00
04c80a81bc
vault: add seal to the sys backend
2015-03-31 09:36:13 -07:00
d4509b0ee3
vault: keep the connection info around for auth
2015-03-30 20:55:01 -07:00
c9acfa17cb
vault: get rid of HangleLogin
2015-03-30 20:26:39 -07:00
69593cde56
remove credential/ lots of tests faililng
2015-03-30 18:07:05 -07:00
62ee621ea3
logical: move cred stuff over here
2015-03-30 17:46:18 -07:00
e9a3a34c27
vault: tests passing
2015-03-29 16:18:08 -07:00
4cacaf62f0
http: support auth
2015-03-29 16:14:54 -07:00
5517910829
vault: Make audit/ a protected path
2015-03-27 14:00:57 -07:00
042db7798e
vault: Adding basic audit table load/unload
2015-03-27 14:00:38 -07:00
609ac4c562
vault: Allow passing in audit factory methods
2015-03-27 13:45:13 -07:00
9a4946f115
vault: Testing core ACL enforcement
2015-03-24 15:55:27 -07:00
23864839bb
vault: testing root privilege restrictions
2015-03-24 15:52:07 -07:00
fe402cdd87
vault: ignore a nil policy object, as it has no permissions
2015-03-24 15:49:17 -07:00
b354f03cb2
vault: adding auth/token/lookup/ support
2015-03-24 15:39:33 -07:00
4a4d1d3e45
vault: adding auth/token/revoke/ and auth/token/revoke-orphan/
2015-03-24 15:30:09 -07:00
26f05f7a20
vault: Passthrough of client token to token store
2015-03-24 15:12:52 -07:00
6fd3cae2c2
vault: Adding auth/token/create endpoint
2015-03-24 15:10:46 -07:00
b5332404d1
vault: Allow providing token ID during creation
2015-03-24 14:22:50 -07:00
b41d2e6368
vault: utility string set methods
2015-03-24 13:56:07 -07:00
493fbc12fc
vault: utility string search methods
2015-03-24 13:44:47 -07:00
49df1570d6
vault: test missing and invalid tokens
2015-03-24 11:57:08 -07:00
20c2375352
vault: Adding ACL enforcement
2015-03-24 11:37:07 -07:00
43a99aec93
vault: Special case root policy
2015-03-24 11:27:21 -07:00
4598e43140
vault: Adding ClientToken
2015-03-24 11:09:25 -07:00
65ef4f1032
vault: wire tokens into expiration manager
2015-03-23 18:11:15 -07:00
86c9bd9083
vault: Give expiration manager a token store reference
2015-03-23 18:00:14 -07:00
6481ff9e34
vault: Generate a root token when initializing
2015-03-23 17:31:30 -07:00
cd3ee5cc03
vault: Remove core reference
2015-03-23 17:29:36 -07:00
539554fc0b
vault: only log expiration notice if useful
2015-03-23 17:27:46 -07:00
3607eae208
vault: Adding method to generate root token
2015-03-23 17:16:37 -07:00
f40ed182c4
vault: Support policy CRUD
2015-03-23 14:43:31 -07:00
192dcf7d39
vault: first pass at HandleLogin
2015-03-23 13:56:43 -07:00
879a0501f8
vault: Track the token store in core
2015-03-23 13:41:05 -07:00
56d99fe580
vault: token tracks generation path and meta data
2015-03-23 13:39:43 -07:00
10e64d1e90
vault: extend router to handle login routing
2015-03-23 11:47:55 -07:00
a78b7207b9
vault: playing with credential store interface
2015-03-20 13:54:57 -07:00
82e13e3c41
vault: implement the sys/auth* endpoints
2015-03-20 12:48:19 -07:00
a0f59f682b
logical/framework: can specify InternalData for secret
2015-03-20 17:59:48 +01:00
1ff229ca68
http: passing tests
2015-03-19 23:28:49 +01:00
c349e97168
vault: clean up VaultID duplications, make secret responses clearer
...
/cc @armon - This is a reasonably major refactor that I think cleans up
a lot of the logic with secrets in responses. The reason for the
refactor is that while implementing Renew/Revoke in logical/framework I
found the existing API to be really awkward to work with.
Primarily, we needed a way to send down internal data for Vault core to
store since not all the data you need to revoke a key is always sent
down to the user (for example the user than AWS key belongs to).
At first, I was doing this manually in logical/framework with
req.Storage, but this is going to be such a common event that I think
its something core should assist with. Additionally, I think the added
context for secrets will be useful in the future when we have a Vault
API for returning orphaned out keys: we can also return the internal
data that might help an operator.
So this leads me to this refactor. I've removed most of the fields in
`logical.Response` and replaced it with a single `*Secret` pointer. If
this is non-nil, then the response represents a secret. The Secret
struct encapsulates all the lease info and such.
It also has some fields on it that are only populated at _request_ time
for Revoke/Renew operations. There is precedent for this sort of
behavior in the Go stdlib where http.Request/http.Response have fields
that differ based on client/server. I copied this style.
All core unit tests pass. The APIs fail for obvious reasons but I'll fix
that up in the next commit.
2015-03-19 23:11:42 +01:00
Armon Dadgar