da9e62bc24
Remove "permissions" from ACL
2017-02-15 21:12:26 -05:00
51f7114648
Merge branch 'master-oss' into acl-parameters-permission
2017-02-15 20:37:58 -05:00
acb7391b12
Compare headers case-insensitively for auditing
...
Fixes #2362
2017-02-15 20:35:35 -05:00
2fd59ad308
Merge branch 'master-oss' into acl-parameters-permission
2017-02-08 01:59:52 -05:00
4b2b28e085
Push test functions to a var for overriding
2017-02-07 20:44:31 -05:00
f1cfb060f6
Remove errant unlock of state lock
2017-02-07 11:08:52 -05:00
ddc977ba52
Add debug ( #2341 )
2017-02-06 18:30:13 -05:00
67f96bc64e
Rejig check for HA/Sealed in Leader to check for sealed first. ( #2342 )
...
Fixes #2334
2017-02-06 18:29:56 -05:00
8ef4bc32dd
Update the help text for auditing headers ( #2330 )
...
* Update the help text for auditing headers
* Update help name
2017-02-03 10:08:31 -08:00
6c02e9357a
Update protos
2017-02-02 16:20:32 -05:00
6701ba8a10
Configure the request headers that are output to the audit log ( #2321 )
...
* Add /sys/config/audited-headers endpoint for configuring the headers that will be audited
* Remove some debug lines
* Add a persistant layer and refactor a bit
* update the api endpoints to be more restful
* Add comments and clean up a few functions
* Remove unneeded hash structure functionaility
* Fix existing tests
* Add tests
* Add test for Applying the header config
* Add Benchmark for the ApplyConfig method
* ResetTimer on the benchmark:
* Update the headers comment
* Add test for audit broker
* Use hyphens instead of camel case
* Add size paramater to the allocation of the result map
* Fix the tests for the audit broker
* PR feedback
* update the path and permissions on config/* paths
* Add docs file
* Fix TestSystemBackend_RootPaths test
2017-02-02 11:49:20 -08:00
47274eca88
Add cleanup functions to multiple DB backends. ( #2313 )
...
Ensure it's called on unmount, not just for seal.
2017-02-01 14:05:25 -05:00
67410ab230
Make TLS 1.2 *explicitly* required for cluster communications
2017-01-31 13:30:25 -05:00
3c0de664a4
Fix keyring test
2017-01-24 12:58:14 -08:00
061bd6012d
Fix keyring copypasta test failure
2017-01-24 14:00:13 -05:00
31ce37188b
Fix keyring tests, working around Go nil timezone bug in DeepEqual
...
See https://github.com/golang/go/issues/10089
2017-01-24 12:33:28 -05:00
2c8d18ad8d
Attempt to fix expiration test again
2017-01-24 11:17:48 -05:00
b0f741d4a1
Add some extra lease debugging to try to figure out Travis timezone issue
2017-01-24 10:48:11 -05:00
d75b5f01ec
Use the same time object in the serialization test
2017-01-24 10:32:40 -05:00
77bc6fa481
Use time.Now rather than using time as a struct
2017-01-24 10:21:41 -05:00
43acbea6a9
Add some newlines to a failing test to make it easier to spot differences
2017-01-23 14:08:29 -05:00
7ec19459a7
Remove extra comments
2017-01-20 11:38:40 -08:00
df800198e0
Remove some extra comments
2017-01-20 11:32:58 -08:00
e1424c631e
Add logic to merge the two arrays and refactor the test around merging
2017-01-20 11:16:46 -08:00
090736d4df
Clean up logic a bit and add some comments
2017-01-19 18:41:15 -08:00
37f393ff94
Remove unneeded comment block
2017-01-19 18:18:06 -08:00
1580296ae5
Update tests to check parsing of types
2017-01-19 18:13:39 -08:00
5ccb3e052b
Add tests for boolean values
2017-01-19 17:41:02 -08:00
68a1780052
Format dynamic_system_view.go
2017-01-19 16:54:08 -08:00
f3870061ee
fix some of the tests and rename allowed/dissallowed paramaters
2017-01-19 16:40:19 -08:00
25b49b8bae
Add test cases for map and integer types
2017-01-18 17:11:25 -08:00
20c65b8300
Fix regression in 0.6.4 where token store roles could not properly wo… ( #2286 )
2017-01-18 16:11:25 -05:00
c9bd2a37f8
Don't sanitize disallowed_policies on token role
2017-01-17 21:34:14 -05:00
be10ef9d42
Use deepequals and write tests for the allow/disallow values
2017-01-17 16:40:21 -08:00
fa7d61baa3
Merge pull request #2202 from fcantournet/fix_govet_fatalf
...
all: test: Fix govet warnings
2017-01-17 16:45:35 -05:00
69eb5066dd
Multi value test seal ( #2281 )
2017-01-17 15:43:10 -05:00
2052e406d2
Move router mount back below table persistence
2017-01-17 15:15:28 -05:00
8e62acbd59
Sync the locking behavior between logical/auth backend ( #2280 )
2017-01-17 13:02:29 -05:00
dd0e44ca10
Add nonce to unseal to allow seeing if the operation has reset ( #2276 )
2017-01-17 11:47:06 -05:00
1d3cae860b
Start to check the values with allowed/dissallowed lists in policy.
2017-01-16 17:48:22 -08:00
ae116ada25
Merge branch 'master' into acl-parameters-permission
2017-01-13 16:44:10 -08:00
3d47e5ebc7
add initialize method to noopbackend
2017-01-13 13:12:27 -08:00
252e1f1e84
Port over some work to make the system views a bit nicer
2017-01-13 14:51:27 -05:00
d869c0d6a6
Rejig IsPrimary again
2017-01-12 15:59:00 -05:00
ec4f069da4
Fix building some test code without build tags
2017-01-12 15:21:47 -05:00
32f9ccb6c8
Rejig dynamic system view to build without tags
2017-01-12 15:13:47 -05:00
00ffd80fcd
Merge pull request #2236 from hashicorp/pgp-keys-check
...
rekey: added check to ensure that length of PGP keys and the shares are matching
2017-01-12 11:19:08 -05:00
daacf23c38
rekey: remove the check from vault/rekey.go in favor of check in http layer
2017-01-12 00:07:49 -05:00
adb6ac749f
init: pgp-keys input validations
2017-01-11 23:32:38 -05:00
0778a2eba7
core: adding error server logs for failure to update mount table
2017-01-11 20:21:34 -05:00
bf6aa296b3
rekey: added check to ensure that length of PGP keys and the shares are matching
2017-01-11 13:29:10 -05:00
9923c753d0
Set c.standby true in non-HA context. ( #2259 )
...
This value is the key for some checks in core logic. In a non-HA
environment, if the core was sealed it would never be set back to true.
2017-01-11 11:13:09 -05:00
7367158a2a
Merge pull request #2252 from hashicorp/mountentry-clone
...
Adding Tainted to MountEntry.Clone
2017-01-10 10:28:13 -05:00
28c3f4a192
Adding Tainted to MountEntry.Clone
2017-01-10 08:32:33 -05:00
bb32853fcd
Fix up exclusion rules for dynamic system view IsPrimary
2017-01-07 18:31:43 -05:00
9d89aae00c
Fix up invalidations in noopbackend
2017-01-07 18:22:34 -05:00
c37d17ed47
Adding interface methods to logical.Backend for parity ( #2242 )
2017-01-07 18:18:22 -05:00
336dfed5c3
Rename gRPC request forwarding method
2017-01-06 17:08:43 -05:00
681e36c4af
Split Unseal into Unseal and unsealInternal
2017-01-06 16:30:43 -05:00
9e5d1eaac9
Port some updates
2017-01-06 15:42:18 -05:00
64fc18e523
When a JWT wrapping token is returned, audit the inner token both for
...
request and response. This makes it far easier to properly check
validity elsewhere in Vault because we simply replace the request client
token with the inner value.
2017-01-04 23:50:24 -05:00
066038bebd
Fixed return types
2017-01-04 16:58:25 -05:00
0391475c70
Add read locks to LookupToken/ValidateWrappingToken ( #2232 )
2017-01-04 16:52:03 -05:00
3129187dc2
JWT wrapping tokens ( #2172 )
2017-01-04 16:44:03 -05:00
d70fb45fbb
Removed unused methods
2017-01-03 12:51:35 -05:00
103b7ceab2
all: test: Fix govet warnings
...
Fix calls to t.Fatal() with formatting.
Fixed some calls to Fatalf() with wrong formatting
2016-12-21 19:44:07 +01:00
9f60e9f88d
Add tidy expiration test
2016-12-16 17:04:28 -05:00
bae84e3864
TokenStore: Make the testcase dangle 100 accessors and let it tidy up
2016-12-16 15:41:41 -05:00
ba026aeaa1
TokenStore: Added tidy endpoint ( #2192 )
2016-12-16 15:29:27 -05:00
f6044764c0
Fix revocation of leases when num_uses goes to 0 ( #2190 )
2016-12-16 13:11:55 -05:00
8400b87473
Don't add default policy to child token if parent does not have it ( #2164 )
2016-12-16 00:36:39 -05:00
e3f56f375c
Add 'no-store' response header from all the API outlets ( #2183 )
2016-12-15 17:53:07 -05:00
907e735541
Permissions were changed from a structure to and array of interfaces. Code optimization for acl.go. Fixed bug where multiple parameters would allow if second or following parameters were denied and there was a wildcard in allow.
2016-12-06 18:14:15 -08:00
c27817aba3
Merge branch 'master' of https://github.com/hashicorp/vault
2016-12-06 16:09:32 -08:00
7865143c1d
Minor ports
2016-12-05 12:28:12 -05:00
710e8f2d4c
Change Vault audit broker logic to successfully start when at least one ( #2155 )
...
backend is successfully loaded.
Fixes #2083
2016-12-02 15:09:01 -05:00
90b392c7fc
Fix panic() in test suite ( #2149 )
...
As `base` could be nil, move check in `if base != nil`
2016-12-02 06:31:06 -05:00
49284031c6
Respect logger in TestCluster
2016-12-01 15:25:10 -05:00
3e72e50fa5
Merge remote-tracking branch 'upstream/master'
2016-11-20 18:31:55 -08:00
ee29b329fb
Bump proto files after update
2016-11-17 10:06:26 -05:00
e84a015487
Add extra logic around listener handling. ( #2089 )
2016-11-11 16:43:33 -05:00
6c1d2ffea9
Allow wrapping to be specified by backends, and take the lesser of the request/response times ( #2088 )
2016-11-11 15:12:11 -05:00
168d6e1a3d
Fix other clustering tests on OSX
2016-11-08 10:55:41 -05:00
e381c189e4
Fix cluster testing on OSX; see the inline comment for details
2016-11-08 10:31:35 -05:00
86edada67c
Show the listener address when it's created for the cluster in the log
2016-11-08 10:31:15 -05:00
6f86e664a8
use a const for cluster test pause period
2016-11-08 10:30:44 -05:00
c63d9e9f24
added AllowOperation tests
2016-11-07 12:28:41 -08:00
a847caa4ae
Moved Operations out of test cases variable.
2016-11-07 12:08:17 -08:00
e349d64dbc
Finished merge testing.
2016-11-06 15:16:08 -08:00
42e0ecb0b8
narrowed the problem to: the Permissions struct in the TestPolicyMerge method is not being initialized
2016-11-06 13:38:25 -08:00
2add5dbf3a
Started the testing on merged pathCapabilites
2016-11-01 21:27:33 -07:00
482ed0a659
Add merge testcases
2016-11-01 19:48:00 -07:00
975ac72822
started acl_test updates
2016-10-30 15:09:45 -07:00
b3c805e662
Audit the client token accessors ( #2037 )
2016-10-29 17:01:49 -04:00
b5669d73db
Had to change what a wildcard value in a parameter mapped to, from a nil value to an empty struct
2016-10-28 12:54:37 -07:00
3a0e01a5d7
Added the merging of wildcards to allowed and denied parameters.
2016-10-28 12:33:50 -07:00
0ed2dece6d
Don't panic if postUnseal calls preSeal due to audit table never being set up. Also call cleanup funcs on auth backends. ( #2043 )
2016-10-28 15:32:32 -04:00
bcd0618623
updated testing on a policy to cover parameters in the policy
2016-10-28 10:18:31 -07:00
2ea4caeffb
Update acl and policy tests to use Permissions.
2016-10-21 23:45:39 -07:00
353241e328
Fixing type assertions.
2016-10-21 21:12:02 -07:00
Jeff Mitchell