Jeff Mitchell
bb05f2d8f8
Fix double-lock
2017-03-02 10:54:31 -05:00
Jeff Mitchell
31cddc43e1
Use own mutex for updating cluster parameters and fix leader UUID bug
2017-03-02 10:50:54 -05:00
Jeff Mitchell
beb3067787
Add some trace level information about new cluster status
2017-03-02 10:21:35 -05:00
Jeff Mitchell
36c84df326
Large update to request forwarding handling. ( #2426 )
2017-03-02 10:03:49 -05:00
Jeff Mitchell
90389323a2
Some more forwarding client cleanup
2017-03-01 20:59:20 -05:00
Jeff Mitchell
b1c2a930fe
Clean up request forwarding logic
2017-03-01 18:17:06 -05:00
Brian Kassouf
259e686d4c
Update TestSeal to ignore setting the config to nil
2017-03-01 14:10:06 -08:00
Jeff Mitchell
00cfaf7f64
Rejig signature of last remote wal
2017-03-01 12:42:10 -05:00
Jeff Mitchell
6ebb2cc958
Add last remote WAL bits
2017-03-01 12:40:36 -05:00
Jeff Mitchell
f2282247ef
Add seal cache purging back into postUnseal
2017-02-28 18:36:28 -05:00
Jeff Mitchell
09543dceeb
Rejig core standby logic to check validity of barrier during active transition
2017-02-28 18:17:30 -05:00
Jeff Mitchell
7f0a99e8eb
Add max/min wrapping TTL ACL statements ( #2411 )
2017-02-27 14:42:00 -05:00
Jeff Mitchell
2cc0906b33
Fix breakage for HTTP2 support due to changes in wrapping introduced in 1.8 ( #2412 )
2017-02-27 12:49:35 -05:00
Jeff Mitchell
8091a10c38
Make rollback attempts trace level instead of debug level
2017-02-27 09:41:56 -05:00
Jeff Mitchell
b29861f7bb
Do some porting to make diffing easier
2017-02-24 10:45:29 -05:00
Jeff Mitchell
4e045d000c
Create upgrade path for cubbyhole's local status
2017-02-24 10:05:44 -05:00
Jeff Mitchell
0e1b1e33be
Add comment around not allowing users to create JWT wrapping tokens
2017-02-22 11:13:40 -05:00
Brian Kassouf
9a9b89f16f
Update confusing comment
2017-02-21 16:06:00 -08:00
Brian Kassouf
dd5b541db6
Added test for the empty values array case
2017-02-21 16:02:00 -08:00
Brian Kassouf
a25132cec4
On merge favor values that have additive privileges
2017-02-21 15:53:27 -08:00
Brian Kassouf
9ec8dd3d17
PR feedback
2017-02-21 15:02:39 -08:00
Brian Kassouf
f992103615
Merge branch 'master' into acl-parameters-permission
2017-02-21 14:46:06 -08:00
Jeff Mitchell
496420a5ab
Make cubbyhole local instead of replicated. ( #2397 )
...
This doesn't really change behavior, just what it looks like in the UX.
However, it does make tests more complicated. Most were fixed by adding
a sorting function, which is generally useful anyways.
2017-02-18 13:51:05 -05:00
Jeff Mitchell
4a966726e5
Make reindex a root path as well
2017-02-16 23:36:06 -05:00
Jeff Mitchell
f3bee3550c
Remove now-unnecessary stanza from default policy
2017-02-16 23:30:38 -05:00
Jeff Mitchell
674a0a48bf
Fix rep path fetching method into a function
2017-02-16 23:23:21 -05:00
Jeff Mitchell
f37b6492d1
More rep porting ( #2391 )
...
* More rep porting
* Add a bit more porting
2017-02-16 23:09:39 -05:00
Brian Kassouf
1c5264c66c
ToLower parameter strings
2017-02-16 17:50:10 -08:00
Jeff Mitchell
494b4c844b
More porting from rep ( #2389 )
...
* More porting from rep
* Address feedback
2017-02-16 20:13:19 -05:00
Brian Kassouf
07799f665d
Simplify the merging of two policies
2017-02-16 16:30:08 -08:00
Brian Kassouf
7229bdfd38
Remove debug code
2017-02-16 16:14:30 -08:00
Brian Kassouf
136730cb01
Update logic to fix a few edge cases:
2017-02-16 15:20:11 -08:00
Jeff Mitchell
c81582fea0
More porting from rep ( #2388 )
...
* More porting from rep
* Address review feedback
2017-02-16 16:29:30 -05:00
Jeff Mitchell
0c39b613c8
Port some replication bits to OSS ( #2386 )
2017-02-16 15:15:02 -05:00
Jeff Mitchell
0a9a6d3343
Move ReplicationState to consts
2017-02-16 13:37:21 -05:00
Brian Kassouf
13ec9c5dbf
Load leases into the expiration manager in parallel ( #2370 )
...
* Add a benchmark for exiration.Restore
* Add benchmarks for consul Restore functions
* Add a parallel version of expiration.Restore
* remove debug code
* Up the MaxIdleConnsPerHost
* Add tests for etcd
* Return errors and ensure go routines are exited
* Refactor inmem benchmark
* Add s3 bench and refactor a bit
* Few tweaks
* Fix race with waitgroup.Add()
* Fix waitgroup race condition
* Move wait above the info log
* Add helper/consts package to store consts that are needed in cyclic packages
* Remove not used benchmarks
2017-02-16 10:16:06 -08:00
Brian Kassouf
8d880f5181
Remove duplicate test case
2017-02-15 22:38:33 -08:00
Brian Kassouf
f1d5b60b97
s/has/has been/
2017-02-15 22:19:35 -08:00
Brian Kassouf
c80593387c
Remove unnecessary else condition
2017-02-15 22:18:20 -08:00
Brian Kassouf
c9ae260cdf
Merge branch 'acl-parameters-permission' of github.com:hashicorp/vault into acl-parameters-permission
2017-02-15 22:13:28 -08:00
Brian Kassouf
24d8710233
Fix the issue of returning on the first paramater check. Added tests for this case.
2017-02-15 22:13:18 -08:00
Jeff Mitchell
978772a47a
Merge branch 'master-oss' into acl-parameters-permission
2017-02-16 00:46:40 -05:00
Jeff Mitchell
e60b24431a
Fix audit test and make audited headers more robust in map checks
2017-02-16 00:44:20 -05:00
Jeff Mitchell
da9e62bc24
Remove "permissions" from ACL
2017-02-15 21:12:26 -05:00
Jeff Mitchell
51f7114648
Merge branch 'master-oss' into acl-parameters-permission
2017-02-15 20:37:58 -05:00
Jeff Mitchell
acb7391b12
Compare headers case-insensitively for auditing
...
Fixes #2362
2017-02-15 20:35:35 -05:00
Jeff Mitchell
2fd59ad308
Merge branch 'master-oss' into acl-parameters-permission
2017-02-08 01:59:52 -05:00
Jeff Mitchell
4b2b28e085
Push test functions to a var for overriding
2017-02-07 20:44:31 -05:00
Jeff Mitchell
f1cfb060f6
Remove errant unlock of state lock
2017-02-07 11:08:52 -05:00
Jeff Mitchell
ddc977ba52
Add debug ( #2341 )
2017-02-06 18:30:13 -05:00
Jeff Mitchell
67f96bc64e
Rejig check for HA/Sealed in Leader to check for sealed first. ( #2342 )
...
Fixes #2334
2017-02-06 18:29:56 -05:00
Brian Kassouf
8ef4bc32dd
Update the help text for auditing headers ( #2330 )
...
* Update the help text for auditing headers
* Update help name
2017-02-03 10:08:31 -08:00
Jeff Mitchell
6c02e9357a
Update protos
2017-02-02 16:20:32 -05:00
Brian Kassouf
6701ba8a10
Configure the request headers that are output to the audit log ( #2321 )
...
* Add /sys/config/audited-headers endpoint for configuring the headers that will be audited
* Remove some debug lines
* Add a persistant layer and refactor a bit
* update the api endpoints to be more restful
* Add comments and clean up a few functions
* Remove unneeded hash structure functionaility
* Fix existing tests
* Add tests
* Add test for Applying the header config
* Add Benchmark for the ApplyConfig method
* ResetTimer on the benchmark:
* Update the headers comment
* Add test for audit broker
* Use hyphens instead of camel case
* Add size paramater to the allocation of the result map
* Fix the tests for the audit broker
* PR feedback
* update the path and permissions on config/* paths
* Add docs file
* Fix TestSystemBackend_RootPaths test
2017-02-02 11:49:20 -08:00
Jeff Mitchell
47274eca88
Add cleanup functions to multiple DB backends. ( #2313 )
...
Ensure it's called on unmount, not just for seal.
2017-02-01 14:05:25 -05:00
Jeff Mitchell
67410ab230
Make TLS 1.2 *explicitly* required for cluster communications
2017-01-31 13:30:25 -05:00
Brian Kassouf
3c0de664a4
Fix keyring test
2017-01-24 12:58:14 -08:00
Jeff Mitchell
061bd6012d
Fix keyring copypasta test failure
2017-01-24 14:00:13 -05:00
Jeff Mitchell
31ce37188b
Fix keyring tests, working around Go nil timezone bug in DeepEqual
...
See https://github.com/golang/go/issues/10089
2017-01-24 12:33:28 -05:00
Jeff Mitchell
2c8d18ad8d
Attempt to fix expiration test again
2017-01-24 11:17:48 -05:00
Jeff Mitchell
b0f741d4a1
Add some extra lease debugging to try to figure out Travis timezone issue
2017-01-24 10:48:11 -05:00
Jeff Mitchell
d75b5f01ec
Use the same time object in the serialization test
2017-01-24 10:32:40 -05:00
Jeff Mitchell
77bc6fa481
Use time.Now rather than using time as a struct
2017-01-24 10:21:41 -05:00
Jeff Mitchell
43acbea6a9
Add some newlines to a failing test to make it easier to spot differences
2017-01-23 14:08:29 -05:00
Brian Kassouf
7ec19459a7
Remove extra comments
2017-01-20 11:38:40 -08:00
Brian Kassouf
df800198e0
Remove some extra comments
2017-01-20 11:32:58 -08:00
Brian Kassouf
e1424c631e
Add logic to merge the two arrays and refactor the test around merging
2017-01-20 11:16:46 -08:00
Brian Kassouf
090736d4df
Clean up logic a bit and add some comments
2017-01-19 18:41:15 -08:00
Brian Kassouf
37f393ff94
Remove unneeded comment block
2017-01-19 18:18:06 -08:00
Brian Kassouf
1580296ae5
Update tests to check parsing of types
2017-01-19 18:13:39 -08:00
Brian Kassouf
5ccb3e052b
Add tests for boolean values
2017-01-19 17:41:02 -08:00
Brian Kassouf
68a1780052
Format dynamic_system_view.go
2017-01-19 16:54:08 -08:00
Brian Kassouf
f3870061ee
fix some of the tests and rename allowed/dissallowed paramaters
2017-01-19 16:40:19 -08:00
Brian Kassouf
25b49b8bae
Add test cases for map and integer types
2017-01-18 17:11:25 -08:00
Jeff Mitchell
20c65b8300
Fix regression in 0.6.4 where token store roles could not properly wo… ( #2286 )
2017-01-18 16:11:25 -05:00
vishalnayak
c9bd2a37f8
Don't sanitize disallowed_policies on token role
2017-01-17 21:34:14 -05:00
Brian Kassouf
be10ef9d42
Use deepequals and write tests for the allow/disallow values
2017-01-17 16:40:21 -08:00
Vishal Nayak
fa7d61baa3
Merge pull request #2202 from fcantournet/fix_govet_fatalf
...
all: test: Fix govet warnings
2017-01-17 16:45:35 -05:00
Jeff Mitchell
69eb5066dd
Multi value test seal ( #2281 )
2017-01-17 15:43:10 -05:00
Jeff Mitchell
2052e406d2
Move router mount back below table persistence
2017-01-17 15:15:28 -05:00
Jeff Mitchell
8e62acbd59
Sync the locking behavior between logical/auth backend ( #2280 )
2017-01-17 13:02:29 -05:00
Jeff Mitchell
dd0e44ca10
Add nonce to unseal to allow seeing if the operation has reset ( #2276 )
2017-01-17 11:47:06 -05:00
Brian Kassouf
1d3cae860b
Start to check the values with allowed/dissallowed lists in policy.
2017-01-16 17:48:22 -08:00
Brian Kassouf
ae116ada25
Merge branch 'master' into acl-parameters-permission
2017-01-13 16:44:10 -08:00
Brian Kassouf
3d47e5ebc7
add initialize method to noopbackend
2017-01-13 13:12:27 -08:00
Jeff Mitchell
252e1f1e84
Port over some work to make the system views a bit nicer
2017-01-13 14:51:27 -05:00
Jeff Mitchell
d869c0d6a6
Rejig IsPrimary again
2017-01-12 15:59:00 -05:00
Jeff Mitchell
ec4f069da4
Fix building some test code without build tags
2017-01-12 15:21:47 -05:00
Jeff Mitchell
32f9ccb6c8
Rejig dynamic system view to build without tags
2017-01-12 15:13:47 -05:00
Vishal Nayak
00ffd80fcd
Merge pull request #2236 from hashicorp/pgp-keys-check
...
rekey: added check to ensure that length of PGP keys and the shares are matching
2017-01-12 11:19:08 -05:00
vishalnayak
daacf23c38
rekey: remove the check from vault/rekey.go in favor of check in http layer
2017-01-12 00:07:49 -05:00
vishalnayak
adb6ac749f
init: pgp-keys input validations
2017-01-11 23:32:38 -05:00
vishalnayak
0778a2eba7
core: adding error server logs for failure to update mount table
2017-01-11 20:21:34 -05:00
vishalnayak
bf6aa296b3
rekey: added check to ensure that length of PGP keys and the shares are matching
2017-01-11 13:29:10 -05:00
Jeff Mitchell
9923c753d0
Set c.standby true in non-HA context. ( #2259 )
...
This value is the key for some checks in core logic. In a non-HA
environment, if the core was sealed it would never be set back to true.
2017-01-11 11:13:09 -05:00
Vishal Nayak
7367158a2a
Merge pull request #2252 from hashicorp/mountentry-clone
...
Adding Tainted to MountEntry.Clone
2017-01-10 10:28:13 -05:00
vishalnayak
28c3f4a192
Adding Tainted to MountEntry.Clone
2017-01-10 08:32:33 -05:00
Jeff Mitchell
bb32853fcd
Fix up exclusion rules for dynamic system view IsPrimary
2017-01-07 18:31:43 -05:00
Jeff Mitchell
9d89aae00c
Fix up invalidations in noopbackend
2017-01-07 18:22:34 -05:00
Armon Dadgar
c37d17ed47
Adding interface methods to logical.Backend for parity ( #2242 )
2017-01-07 18:18:22 -05:00
Jeff Mitchell
336dfed5c3
Rename gRPC request forwarding method
2017-01-06 17:08:43 -05:00
Jeff Mitchell
681e36c4af
Split Unseal into Unseal and unsealInternal
2017-01-06 16:30:43 -05:00
Jeff Mitchell
9e5d1eaac9
Port some updates
2017-01-06 15:42:18 -05:00
Jeff Mitchell
64fc18e523
When a JWT wrapping token is returned, audit the inner token both for
...
request and response. This makes it far easier to properly check
validity elsewhere in Vault because we simply replace the request client
token with the inner value.
2017-01-04 23:50:24 -05:00
vishalnayak
066038bebd
Fixed return types
2017-01-04 16:58:25 -05:00
Jeff Mitchell
0391475c70
Add read locks to LookupToken/ValidateWrappingToken ( #2232 )
2017-01-04 16:52:03 -05:00
Jeff Mitchell
3129187dc2
JWT wrapping tokens ( #2172 )
2017-01-04 16:44:03 -05:00
vishalnayak
d70fb45fbb
Removed unused methods
2017-01-03 12:51:35 -05:00
Félix Cantournet
103b7ceab2
all: test: Fix govet warnings
...
Fix calls to t.Fatal() with formatting.
Fixed some calls to Fatalf() with wrong formatting
2016-12-21 19:44:07 +01:00
Jeff Mitchell
9f60e9f88d
Add tidy expiration test
2016-12-16 17:04:28 -05:00
vishalnayak
bae84e3864
TokenStore: Make the testcase dangle 100 accessors and let it tidy up
2016-12-16 15:41:41 -05:00
Vishal Nayak
ba026aeaa1
TokenStore: Added tidy endpoint ( #2192 )
2016-12-16 15:29:27 -05:00
Jeff Mitchell
f6044764c0
Fix revocation of leases when num_uses goes to 0 ( #2190 )
2016-12-16 13:11:55 -05:00
Vishal Nayak
8400b87473
Don't add default policy to child token if parent does not have it ( #2164 )
2016-12-16 00:36:39 -05:00
Vishal Nayak
e3f56f375c
Add 'no-store' response header from all the API outlets ( #2183 )
2016-12-15 17:53:07 -05:00
mwoolsey
907e735541
Permissions were changed from a structure to and array of interfaces. Code optimization for acl.go. Fixed bug where multiple parameters would allow if second or following parameters were denied and there was a wildcard in allow.
2016-12-06 18:14:15 -08:00
mwoolsey
c27817aba3
Merge branch 'master' of https://github.com/hashicorp/vault
2016-12-06 16:09:32 -08:00
Jeff Mitchell
7865143c1d
Minor ports
2016-12-05 12:28:12 -05:00
Jeff Mitchell
710e8f2d4c
Change Vault audit broker logic to successfully start when at least one ( #2155 )
...
backend is successfully loaded.
Fixes #2083
2016-12-02 15:09:01 -05:00
Thomas Soëte
90b392c7fc
Fix panic() in test suite ( #2149 )
...
As `base` could be nil, move check in `if base != nil`
2016-12-02 06:31:06 -05:00
Jeff Mitchell
49284031c6
Respect logger in TestCluster
2016-12-01 15:25:10 -05:00
mwoolsey
3e72e50fa5
Merge remote-tracking branch 'upstream/master'
2016-11-20 18:31:55 -08:00
Jeff Mitchell
ee29b329fb
Bump proto files after update
2016-11-17 10:06:26 -05:00
Jeff Mitchell
e84a015487
Add extra logic around listener handling. ( #2089 )
2016-11-11 16:43:33 -05:00
Jeff Mitchell
6c1d2ffea9
Allow wrapping to be specified by backends, and take the lesser of the request/response times ( #2088 )
2016-11-11 15:12:11 -05:00
Jeff Mitchell
168d6e1a3d
Fix other clustering tests on OSX
2016-11-08 10:55:41 -05:00
Jeff Mitchell
e381c189e4
Fix cluster testing on OSX; see the inline comment for details
2016-11-08 10:31:35 -05:00
Jeff Mitchell
86edada67c
Show the listener address when it's created for the cluster in the log
2016-11-08 10:31:15 -05:00
Jeff Mitchell
6f86e664a8
use a const for cluster test pause period
2016-11-08 10:30:44 -05:00
lemondrank
c63d9e9f24
added AllowOperation tests
2016-11-07 12:28:41 -08:00
ChaseLEngel
a847caa4ae
Moved Operations out of test cases variable.
2016-11-07 12:08:17 -08:00
ChaseLEngel
e349d64dbc
Finished merge testing.
2016-11-06 15:16:08 -08:00
mwoolsey
42e0ecb0b8
narrowed the problem to: the Permissions struct in the TestPolicyMerge method is not being initialized
2016-11-06 13:38:25 -08:00
mwoolsey
2add5dbf3a
Started the testing on merged pathCapabilites
2016-11-01 21:27:33 -07:00
ChaseLEngel
482ed0a659
Add merge testcases
2016-11-01 19:48:00 -07:00
lemondrank
975ac72822
started acl_test updates
2016-10-30 15:09:45 -07:00
Vishal Nayak
b3c805e662
Audit the client token accessors ( #2037 )
2016-10-29 17:01:49 -04:00
mwoolsey
b5669d73db
Had to change what a wildcard value in a parameter mapped to, from a nil value to an empty struct
2016-10-28 12:54:37 -07:00
mwoolsey
3a0e01a5d7
Added the merging of wildcards to allowed and denied parameters.
2016-10-28 12:33:50 -07:00
Jeff Mitchell
0ed2dece6d
Don't panic if postUnseal calls preSeal due to audit table never being set up. Also call cleanup funcs on auth backends. ( #2043 )
2016-10-28 15:32:32 -04:00
mwoolsey
bcd0618623
updated testing on a policy to cover parameters in the policy
2016-10-28 10:18:31 -07:00
ChaseLEngel
2ea4caeffb
Update acl and policy tests to use Permissions.
2016-10-21 23:45:39 -07:00
ChaseLEngel
353241e328
Fixing type assertions.
2016-10-21 21:12:02 -07:00
mwoolsey
ed982675a1
permissions structure now holds a map of strings to empty structs. Modified acl.go to acommidate these changes
2016-10-21 19:35:55 -07:00
ChaseLEngel
c6b63b5312
Implemented AllowOperation parameter permission checking for request data.
2016-10-21 18:38:05 -07:00
Vishal Nayak
e06aaf20e1
Remove unused WrapListenersForClustering ( #2007 )
2016-10-18 10:20:09 -04:00
ChaseLEngel
c2b512cf46
Changed AllowOperation to take logical.Request
2016-10-16 16:29:52 -07:00
ChaseLEngel
bd7711bebf
Merge allowed and disallowed parameters maps.
2016-10-16 15:24:32 -07:00
mwoolsey
93bb52b733
policy now includes whether a certain parameter can be updated
2016-10-15 16:44:57 -07:00
mwoolsey
231d3e7758
policy now includes whether a certain parameter can be updated
2016-10-15 16:43:55 -07:00
ChaseLEngel
119dd9653e
Adding permissions to hcl config and decoding it.
2016-10-14 14:24:45 -07:00
ChaseLEngel
bd5235960c
Fixed permission conflicts
2016-10-14 10:33:12 -07:00
ChaseLEngel
d480df7141
Fixed Policy Permissions intergration and spelling.
2016-10-14 10:22:00 -07:00
mwoolsey
eb8b8a1def
created structure for permissions and modified parsePaths in policy.go and newAcl/AllowOperation in acl.go
2016-10-14 10:17:25 -07:00
mwoolsey
4582f2268c
working on modifying AllowOperation in acl.go
2016-10-10 11:21:25 -07:00
mwoolsey
6aa9a1d165
updated policy.go to include an expanded structure to add the ability to track allowed and disallowed params in the PathCapabilities structure. Updating Acl.go to interface with the updated PathCapabilites structure
2016-10-09 15:39:58 -07:00
Jeff Mitchell
b5225fd000
Add KeyNotFoundError to seal file
2016-10-05 17:17:33 -04:00
Jeff Mitchell
6d00f0c483
Adds HUP support for audit log files to close and reopen. ( #1953 )
...
Adds HUP support for audit log files to close and reopen. This makes it
much easier to deal with normal log rotation methods.
As part of testing this I noticed that HUP and other items that come out
of command/server.go are going to stderr, which is where our normal log
lines go. This isn't so much problematic with our normal output but as
we officially move to supporting other formats this can cause
interleaving issues, so I moved those to stdout instead.
2016-09-30 12:04:50 -07:00
Jeff Mitchell
85315ff188
Rejig where the reload functions live
2016-09-30 00:07:22 -04:00
Jeff Mitchell
4a505bfa3e
Update text around cubbyhole/response
2016-09-29 17:44:15 -04:00
Jeff Mitchell
5657789627
Audit unwrapped response ( #1950 )
2016-09-29 12:03:47 -07:00
Jeff Mitchell
b45a481365
Wrapping enhancements ( #1927 )
2016-09-28 21:01:28 -07:00
Jeff Mitchell
f0203741ff
Change default TTL from 30 to 32 to accommodate monthly operations ( #1942 )
2016-09-28 18:32:49 -04:00
vishalnayak
57b21acabb
Added unit tests for token entry upgrade
2016-09-26 18:17:50 -04:00
vishalnayak
af888573be
Handle upgrade of deprecated fields in token entry
2016-09-26 15:47:48 -04:00
Jeff Mitchell
f3ab4971a6
Follow Vault convention on `DELETE` being idempotent ( #1903 )
...
* Follow Vault convention on `DELETE` being idempotent with
audit/auth/mounts deletes (a.k.a. disabling/unmounting).
2016-09-19 13:02:25 -04:00
Jeff Mitchell
722e26f27a
Add support for PGP encrypting the initial root token. ( #1883 )
2016-09-13 18:42:24 -04:00
Jeff Mitchell
fffee5611a
Rejig locks during unmount/remount. ( #1855 )
2016-09-13 11:50:14 -04:00
Jeff Mitchell
1c6f2fd82b
Add response wrapping to list operations ( #1814 )
2016-09-02 01:13:14 -04:00
Jeff Mitchell
19d64a476a
Apply fix from #1827 to rekey
2016-09-01 17:42:28 -04:00
Jeff Mitchell
5bd93b62d4
Return bad request error on providing same key for root generation ( #1833 )
...
Fixes #1827
2016-09-01 17:40:01 -04:00
vishalnayak
328de60338
Description consistency
2016-08-29 15:53:11 -04:00
Jeff Mitchell
ac38863884
Add back token/accessor URL parameters but return a warning.
...
CC @sethvargo
2016-08-29 15:15:57 -04:00
vishalnayak
aec05fdf02
Remove the upgrade code to update the mount table from 'aws' to 'aws-ec2'
2016-08-29 11:53:52 -04:00
Jeff Mitchell
7e41d5ab45
Pass headers back when request forwarding ( #1795 )
2016-08-26 17:53:47 -04:00
Jeff Mitchell
2ce4397deb
Plumb through the ability to set the storage read cache size. ( #1784 )
...
Plumb through the ability to set the storage read cache size.
Fixes #1772
2016-08-26 10:27:06 -04:00
Jeff Mitchell
9fee9ce8ff
Don't allow tokens in paths. ( #1783 )
2016-08-24 15:59:43 -04:00
Jeff Mitchell
b89073f7e6
Error when an invalid (as opposed to incorrect) unseal key is given. ( #1782 )
...
Fixes #1777
2016-08-24 14:15:25 -04:00
Jeff Mitchell
58b32e5432
Convert to logxi
2016-08-21 18:13:37 -04:00
Jeff Mitchell
2bb8adcbde
Cleanup and avoid unnecessary advertisement parsing in leader check
2016-08-19 14:49:11 -04:00
Jeff Mitchell
b7acf5b5ab
Rename proto service stuff and change log levels for some messages
2016-08-19 11:49:25 -04:00
Jeff Mitchell
bdcfe05517
Clustering enhancements ( #1747 )
2016-08-19 11:03:53 -04:00
vishalnayak
87c42a796b
s/advertisement/redirect
2016-08-19 10:52:14 -04:00
Jeff Mitchell
01702415c2
Ensure we don't use a token entry period of 0 in role comparisons.
...
When we added support for generating periodic tokens for root/sudo in
auth/token/create we used the token entry's period value to store the
shortest period found to eventually populate the TTL. The problem was
that we then assumed later that this value would be populated for
periodic tokens, when it wouldn't have been in the upgrade case.
Instead, use a temp var to store the proper value to use; populate
te.Period only if actually given; and check that it's not zero before
comparing against role value during renew.
2016-08-16 16:47:46 -04:00
Jeff Mitchell
c1aa89363a
Make time logic a bit clearer
2016-08-16 16:29:07 -04:00
Jeff Mitchell
02d9702fbd
Add local into handler path for forwarded requests
2016-08-16 11:46:37 -04:00
Jeff Mitchell
62c69f8e19
Provide base64 keys in addition to hex encoded. ( #1734 )
...
* Provide base64 keys in addition to hex encoded.
Accept these at unseal/rekey time.
Also fix a bug where backup would not be honored when doing a rekey with
no operation currently ongoing.
2016-08-15 16:01:15 -04:00
Jeff Mitchell
37320f8798
Request forwarding ( #1721 )
...
Add request forwarding.
2016-08-15 09:42:42 -04:00
Jeff Mitchell
40ece8fd7c
Add another test and fix some output
2016-08-14 07:17:14 -04:00
Jeff Mitchell
b6ef112382
Minor wording change
2016-08-13 15:45:13 -04:00
Jeff Mitchell
cdea4b3445
Add some tests and fix some bugs
2016-08-13 14:03:22 -04:00
Jeff Mitchell
de60702d76
Don't check the role period again as we've checked it earlier and it may be greater than the te Period
2016-08-13 13:21:56 -04:00
Jeff Mitchell
bcb4ab5422
Add periodic support for root/sudo tokens to auth/token/create
2016-08-12 21:14:12 -04:00
Jeff Mitchell
c1a46349fa
Change to keybase openpgp fork as it has important fixes
2016-08-11 08:31:43 -04:00
vishalnayak
3895ea4c2b
Address review feedback from @jefferai
2016-08-10 15:22:12 -04:00
vishalnayak
95f9c62523
Fix Cluster object being returned as nil when unsealed
2016-08-10 15:09:16 -04:00
Jeff Mitchell
0f40fba40d
Don't allow a root token that expires to create one that doesn't
2016-08-09 20:32:40 -04:00
vishalnayak
b5d55a9f47
Fix broken mount_test
2016-08-09 12:06:59 -04:00
Jeff Mitchell
4246ab1220
Change local cluster info path
2016-08-09 11:28:42 -04:00
Vishal Nayak
c27a52069c
Merge pull request #1693 from hashicorp/mount-table-compress
...
Added utilities to compress the JSON encoded string.
2016-08-09 11:23:14 -04:00