Commit graph

298 commits

Author SHA1 Message Date
vishalnayak f54ff0f842 Add locking where possible while doing auth/token/tidy 2017-03-07 16:06:05 -05:00
Jeff Mitchell 3d162b63cc Use locks in a slice rather than a map, which is faster and makes things cleaner (#2446) 2017-03-07 11:21:32 -05:00
Jeff Mitchell 5119b173c4 Rename helper 'duration' to 'parseutil'. (#2449)
Add a ParseBool function that accepts various kinds of ways of
specifying booleans.

Have config use ParseBool for UI and disabling mlock/cache.
2017-03-07 11:21:22 -05:00
Jeff Mitchell f37b6492d1 More rep porting (#2391)
* More rep porting

* Add a bit more porting
2017-02-16 23:09:39 -05:00
Jeff Mitchell 20c65b8300 Fix regression in 0.6.4 where token store roles could not properly wo… (#2286) 2017-01-18 16:11:25 -05:00
vishalnayak c9bd2a37f8 Don't sanitize disallowed_policies on token role 2017-01-17 21:34:14 -05:00
Vishal Nayak ba026aeaa1 TokenStore: Added tidy endpoint (#2192) 2016-12-16 15:29:27 -05:00
Jeff Mitchell f6044764c0 Fix revocation of leases when num_uses goes to 0 (#2190) 2016-12-16 13:11:55 -05:00
Vishal Nayak 8400b87473 Don't add default policy to child token if parent does not have it (#2164) 2016-12-16 00:36:39 -05:00
Jeff Mitchell b45a481365 Wrapping enhancements (#1927) 2016-09-28 21:01:28 -07:00
vishalnayak 57b21acabb Added unit tests for token entry upgrade 2016-09-26 18:17:50 -04:00
vishalnayak af888573be Handle upgrade of deprecated fields in token entry 2016-09-26 15:47:48 -04:00
vishalnayak 328de60338 Description consistency 2016-08-29 15:53:11 -04:00
Jeff Mitchell ac38863884 Add back token/accessor URL parameters but return a warning.
CC @sethvargo
2016-08-29 15:15:57 -04:00
Jeff Mitchell 9fee9ce8ff Don't allow tokens in paths. (#1783) 2016-08-24 15:59:43 -04:00
Jeff Mitchell 01702415c2 Ensure we don't use a token entry period of 0 in role comparisons.
When we added support for generating periodic tokens for root/sudo in
auth/token/create we used the token entry's period value to store the
shortest period found to eventually populate the TTL. The problem was
that we then assumed later that this value would be populated for
periodic tokens, when it wouldn't have been in the upgrade case.

Instead, use a temp var to store the proper value to use; populate
te.Period only if actually given; and check that it's not zero before
comparing against role value during renew.
2016-08-16 16:47:46 -04:00
Jeff Mitchell c1aa89363a Make time logic a bit clearer 2016-08-16 16:29:07 -04:00
Jeff Mitchell cdea4b3445 Add some tests and fix some bugs 2016-08-13 14:03:22 -04:00
Jeff Mitchell de60702d76 Don't check the role period again as we've checked it earlier and it may be greater than the te Period 2016-08-13 13:21:56 -04:00
Jeff Mitchell bcb4ab5422 Add periodic support for root/sudo tokens to auth/token/create 2016-08-12 21:14:12 -04:00
Jeff Mitchell 0f40fba40d Don't allow a root token that expires to create one that doesn't 2016-08-09 20:32:40 -04:00
Jeff Mitchell d7f6218869 Move checking non-assignable policies above the actual token creation 2016-08-08 16:44:29 -04:00
Laura Bennett da615642f5 Merge pull request #1687 from hashicorp/token-store-update
Minor update to token-store
2016-08-08 10:25:05 -04:00
vishalnayak e783bfe7e1 Minor changes to test cases 2016-08-05 20:22:07 -04:00
Laura Bennett 405eb0075a fix an error, tests still broken 2016-08-05 17:58:48 -04:00
Jeff Mitchell 82b3d136e6 Don't mark never-expiring root tokens as renewable 2016-08-05 11:15:25 -04:00
Laura Bennett 68d351c70c addresses feedback, but tests broken 2016-08-05 10:04:02 -04:00
Laura Bennett c626277632 initial commit for minor update to token-store 2016-08-03 14:32:17 -04:00
Vishal Nayak 0b2098de2f Merge pull request #1681 from hashicorp/disallowed-policies
Support disallowed_policies in token roles
2016-08-02 17:32:53 -04:00
vishalnayak e7cb3fd990 Addressed review feedback 2016-08-02 16:53:06 -04:00
vishalnayak 4f45910dfc disallowed_policies doc update 2016-08-02 16:33:22 -04:00
Jeff Mitchell 31b36fe2c2 Use duration helper to allow not specifying duration units 2016-08-02 15:12:45 -04:00
vishalnayak a936914101 Address review feedback and fix existing tests 2016-08-02 14:10:20 -04:00
vishalnayak a0c711d0cf Added disallowed_policies to token roles 2016-08-02 10:33:50 -04:00
Jeff Mitchell 357f2d972f Add some extra safety checking in accessor listing and update website
docs.
2016-08-01 13:12:06 -04:00
Jeff Mitchell 6546005487 Fix typo 2016-07-29 23:24:04 -04:00
Jeff Mitchell e606aab6e0 oops, fix createAccessor 2016-07-29 18:23:55 -04:00
Jeff Mitchell 23ab63c78e Add accessor list function to token store 2016-07-29 18:20:38 -04:00
Laura Bennett 7e29cf1cae edits based on comments in PR 2016-07-25 09:46:10 -04:00
Laura Bennett 9ea1c8b801 initial commit for nonAssignablePolicies 2016-07-24 22:27:41 -04:00
vishalnayak 331f229858 Added a cap of 256 for CreateLocks utility 2016-07-20 04:48:35 -04:00
vishalnayak 50e8a189e9 Added helper to create locks 2016-07-19 21:37:28 -04:00
vishalnayak c14235b206 Merge branch 'master-oss' into json-use-number
Conflicts:
	http/handler.go
	logical/framework/field_data.go
	logical/framework/wal.go
	vault/logical_passthrough.go
2016-07-15 19:21:55 -04:00
vishalnayak 8269f323d3 Revert 'risky' changes 2016-07-12 16:38:07 -04:00
vishalnayak e09b40e155 Remove Unix() invocations on 'time.Time' objects and removed conversion of time to UTC 2016-07-08 18:30:18 -04:00
vishalnayak ad7cb2c8f1 Added JSON Decode and Encode helpers.
Changed all the occurances of Unmarshal to use the helpers.
Fixed http/ package tests.
2016-07-06 12:25:40 -04:00
Jeff Mitchell 09720bbd8e Fix picking wrong token lock 2016-06-27 11:17:08 -04:00
Jeff Mitchell 2b4b6559e3 Merge pull request #1504 from hashicorp/token-store-roles-renewability
Add renewable flag to token store roles
2016-06-08 15:56:54 -04:00
Jeff Mitchell 8a1bff7c11 Make out-of-bounds explicit max a cap+warning instead of an error 2016-06-08 15:25:17 -04:00
Jeff Mitchell cf8f38bd4c Add renewable flag to token store roles 2016-06-08 15:17:22 -04:00
Jeff Mitchell 65d8973864 Add explicit max TTL capability to token creation API 2016-06-08 14:49:48 -04:00
Jeff Mitchell c0155ac02b Add renewable flag and API setting for token creation 2016-06-08 11:14:30 -04:00
Jeff Mitchell f8d70b64a0 Show renewable status for tokens in output 2016-06-01 17:30:31 -04:00
vishalnayak 1e4834bd20 Remove addDefault param from ParsePolicies 2016-05-31 13:39:58 -04:00
vishalnayak 49b4c83580 Adding default policies while creating tokens 2016-05-31 13:39:58 -04:00
vishalnayak c0e745dbfa s/logical.ErrorResponse/fmt.Errorf in renewal functions of credential backends 2016-05-26 10:21:03 -04:00
Jeff Mitchell c4431a7e30 Address most review feedback. Change responses to multierror to better return more useful values when there are multiple errors 2016-05-16 16:11:33 -04:00
Jeff Mitchell 4c67a739b9 Merge branch 'master-oss' into cubbyhole-the-world 2016-05-16 12:14:40 -04:00
Sean Chittenden 7a4b31ce51
Speling police 2016-05-15 09:58:36 -07:00
Jeff Mitchell ce5614bf9b Merge branch 'master-oss' into cubbyhole-the-world 2016-05-11 19:29:52 -04:00
Jeff Mitchell 6ec1ca05c8 Fix bug around disallowing explicit max greater than sysview max 2016-05-11 18:46:55 -04:00
Jeff Mitchell aecc3ad824 Add explicit maximum TTLs to token store roles. 2016-05-11 16:51:18 -04:00
Jeff Mitchell 1b190c9c62 Don't check if numuses is -1 with a read lock, it shouldn't come in with that from lookup anyways 2016-05-02 15:31:28 -04:00
Jeff Mitchell 324bb9cfac Use a 256-level mutex map instead of 4096, and optimize the case for tokens that are not limited use 2016-05-02 14:57:17 -04:00
Jeff Mitchell 2ebe49d3a1 Change UseToken mechanics.
Add locking around UseToken and Lookup. Have UseToken flag an entry that
needs to be revoked so that it can be done at the appropriate time, but
so that Lookup in the interm doesn't return a value.

The locking is a map of 4096 locks keyed off of the first three
characters of the token ID which should provide good distribution.
2016-05-02 03:44:24 -04:00
Jeff Mitchell 81da06de05 Fix fetching parameters in token store when it's optionally in the URL 2016-04-28 15:15:37 -04:00
Jeff Mitchell 98d09b0dc6 Add seal tests and update generate-root and others to handle dualseal. 2016-04-25 19:39:04 +00:00
Jeff Mitchell ae2d000de4 Make period output nicer -- seconds rather than duration 2016-04-14 06:10:22 -04:00
Jeff Mitchell 1db6808912 Construct token path from request to fix displaying TTLs when using
create-orphan.
2016-04-07 15:45:38 +00:00
Jeff Mitchell f2880561d1 Ensure we only use sysview's max if it's not zero. It never should be, but safety. 2016-04-07 15:27:14 +00:00
vishalnayak e3a1ee92b5 Utility Enhancements 2016-04-05 20:32:59 -04:00
Jeff Mitchell 7d20380c42 Merge pull request #1280 from hashicorp/remove-ts-revoke-prefix
Remove auth/token/revoke-prefix in favor of sys/revoke-prefix.
2016-04-01 09:48:52 -04:00
Jeff Mitchell 2b2541e13f Merge pull request #1277 from hashicorp/suprious-revoke-timer-logs
Keep the expiration manager from keeping old token entries.
2016-03-31 20:16:31 -04:00
Jeff Mitchell 2fd02b8dca Remove auth/token/revoke-prefix in favor of sys/revoke-prefix. 2016-03-31 18:04:05 -04:00
Jeff Mitchell 7442867d53 Check for auth/ in the path of the prefix for revoke-prefix in the token
store.
2016-03-31 16:21:56 -04:00
Jeff Mitchell 75650ec1ad Keep the expiration manager from keeping old token entries.
The expiration manager would never be poked to remove token entries upon
token revocation, if that revocation was initiated in the token store
itself. It might have been to avoid deadlock, since during revocation of
tokens the expiration manager is called, which then calls back into the
token store, and so on.

This adds a way to skip that last call back into the token store if we
know that we're on the revocation path because we're in the middle of
revoking a token. That way the lease is cleaned up. This both prevents
log entries appearing for already-revoked tokens, and it also releases
timer/memory resources since we're not keeping the leases around.
2016-03-31 15:10:25 -04:00
Jeff Mitchell ddce1efd0d Two items:
1: Fix path check in core to handle renew paths from the token store
that aren't simply renew/
2: Use token policy logic if token store role policies are empty
2016-03-31 14:52:49 -04:00
vishalnayak 3861c88211 Accept params both as part of URL or as part of http body 2016-03-14 19:14:36 -04:00
vishalnayak 85a888d588 Enable token to be supplied in the body for lookup call 2016-03-14 18:56:00 -04:00
Jeff Mitchell fa2ba47a5c Merge branch 'master' into token-roles 2016-03-09 17:23:34 -05:00
vishalnayak 0c4d5960a9 In-URL accessor for auth/token/lookup-accessor endpoint 2016-03-09 14:54:52 -05:00
vishalnayak 2528ffbc18 Restore old regex expressions for token endpoints 2016-03-09 14:08:52 -05:00
vishalnayak f478cc57e0 fix all the broken tests 2016-03-09 13:45:36 -05:00
vishalnayak 007142262f Provide accessor to revove-accessor in the URL itself 2016-03-09 13:08:37 -05:00
Jeff Mitchell 2ecdde1781 Address final feedback 2016-03-09 11:59:54 -05:00
vishalnayak c4a2c5b56e Added tests for 'sys/capabilities-accessor' endpoint 2016-03-09 11:29:09 -05:00
Jeff Mitchell 4785bec59d Address review feedback 2016-03-09 11:07:13 -05:00
Jeff Mitchell 2e07f45bfa Use role's allowed policies if none are given 2016-03-09 10:42:04 -05:00
vishalnayak 926e7513d7 Added docs for /sys/capabilities-accessor 2016-03-09 09:48:32 -05:00
vishalnayak 7407c27778 Add docs for new token endpoints 2016-03-09 09:31:09 -05:00
vishalnayak 6a992272cd New prefix for accessor indexes 2016-03-09 09:09:09 -05:00
vishalnayak 151c932875 AccessorID --> Accessor, accessor_id --> accessor 2016-03-09 06:23:31 -05:00
vishalnayak 913bbe7693 Error text corrections and minor refactoring 2016-03-08 22:27:24 -05:00
vishalnayak 62777c9f7e ErrUserInput --> StatusBadRequest 2016-03-08 21:47:24 -05:00
vishalnayak 2737c81b39 Lay the foundation for returning proper HTTP status codes 2016-03-08 18:27:03 -05:00
vishalnayak 8c6afea1d0 Implemented /auth/token/revoke-accessor in token_store 2016-03-08 18:07:27 -05:00
vishalnayak a7adab25bc Implemented lookup-accessor as a token_store endpoint 2016-03-08 17:38:19 -05:00
vishalnayak f19ee68fdb placeholders for revoke-accessor and lookup-accessor 2016-03-08 15:13:29 -05:00
vishalnayak a7c97fcd18 Clear the accessor index during revocation 2016-03-08 14:06:10 -05:00
vishalnayak c0fb69a8b1 Create indexing from Accessor ID to Token ID 2016-03-08 14:06:10 -05:00
vishalnayak 301776012f Introduced AccessorID in TokenEntry and returning it along with token 2016-03-08 14:06:10 -05:00
Jeff Mitchell 6b0f79f499 Address review feedback 2016-03-07 10:07:04 -05:00
Jeff Mitchell cc1f5207b3 Merge branch 'master' into token-roles 2016-03-07 10:03:54 -05:00
vishalnayak da9152169b changed response of expiration manager's renewtoken to logical.response 2016-03-04 14:56:51 -05:00
Jeff Mitchell 41dba5dd5d Move descriptions into const block 2016-03-03 11:04:05 -05:00
Jeff Mitchell 7c5f810bc0 Address first round of feedback 2016-03-01 15:30:37 -05:00
Jeff Mitchell 8a500e0181 Add command and token store documentation for roles 2016-03-01 13:02:40 -05:00
Jeff Mitchell 54232eb980 Add other token role unit tests and some minor other changes. 2016-03-01 12:41:41 -05:00
Jeff Mitchell df2e337e4c Update tests to add expected role parameters 2016-03-01 12:41:40 -05:00
Jeff Mitchell b8b59560dc Add token role CRUD tests 2016-03-01 12:41:40 -05:00
Jeff Mitchell ef990a3681 Initial work on token roles 2016-03-01 12:41:40 -05:00
vishalnayak bc4710eb06 Cert: renewal enhancements 2016-02-24 14:31:38 -05:00
Jeff Mitchell ff3adce39e Make "ttl" reflect the actual TTL of the token in lookup calls.
Add a new value "creation_ttl" which holds the value at creation time.

Fixes #986
2016-02-01 11:16:32 -05:00
Jeff Mitchell d3a705f17b Make backends much more consistent:
1) Use the new LeaseExtend
2) Use default values controlled by mount tuning/system defaults instead
of a random hard coded value
3) Remove grace periods
2016-01-29 20:03:37 -05:00
Jeff Mitchell 9c5ad28632 Update deps, and adjust usage of go-uuid to match new return values 2016-01-13 13:40:08 -05:00
Jeff Mitchell a99787afeb Don't allow a policy with no name, even though it is a valid slice member 2016-01-08 21:23:40 -05:00
Jeff Mitchell f3ce90164f WriteOperation -> UpdateOperation 2016-01-08 13:03:03 -05:00
Jeff Mitchell d51d723c1f Use int64 for converting time values, not int (will be float64 in JSON anyways, so no need to lose precision, plus could hit a 32-bit max in some edge cases) 2016-01-04 17:11:22 -05:00
Jeff Mitchell e990b77d6e Address review feedback; move storage of these values to the expiration manager 2016-01-04 16:43:07 -05:00
Jeff Mitchell 5ddd243144 Store a last renewal time in the token entry and return it upon lookup
of the token.

Fixes #889
2016-01-04 11:20:49 -05:00
Jeff Mitchell df68e3bd4c Filter out duplicate policies during token creation. 2015-12-30 15:18:30 -05:00
Jeff Mitchell f2da5b639f Migrate 'uuid' to 'go-uuid' to better fit HC naming convention 2015-12-16 12:56:20 -05:00
Jeff Mitchell 1a45696208 Add no-default-policy flag and API parameter to allow exclusion of the
default policy from a token create command.
2015-11-09 17:30:50 -05:00
Jeff Mitchell d6693129de Create a "default" policy with sensible rules.
It is forced to be included with each token, but can be changed (but not
deleted).

Fixes #732
2015-11-09 15:44:09 -05:00
Jeff Mitchell 5783f547ab Display whether a token is an orphan on lookup. 2015-11-09 13:19:59 -05:00
Jeff Mitchell 7aa3faa626 Rename core's 'policy' to 'policyStore' for clarification 2015-11-06 12:07:42 -05:00
Jeff Mitchell 7d8371c4a3 Remove warning about nonexistent root policy by using GetPolicy instead
of the listing function.
2015-11-06 11:36:40 -05:00
Jeff Mitchell 6ccded7a2f Add ability to create orphan tokens from the API 2015-11-03 15:12:21 -05:00
Jeff Mitchell 636d57a026 Make the token store's Create and RootToken functions non-exported.
Nothing requires them to be exported, and I don't want anything in the
future to think it's okay to simply create a root token when it likes.
2015-10-30 10:59:26 -04:00
Jeff Mitchell a9155ef85e Use split-out hashicorp/uuid 2015-10-12 14:07:12 -04:00
Jeff Mitchell b5d674d94e Add 301 redirect checking to the API client.
Vault doesn't generate these, but in some cases Go's internal HTTP
handler does. For instance, during a mount-tune command, finishing the
mount path with / (as in secret/) would cause the final URL path to
contain .../mounts/secret//tune. The double slash would trigger this
behavior in Go's handler and generate a 301. Since Vault generates 307s,
this would cause the client to think that everything was okay when in
fact nothing had happened.
2015-10-09 17:11:31 -04:00
Jeff Mitchell d740fd4a6a Add the ability for warnings to be added to responses. These are
marshalled into JSON or displayed from the CLI depending on the output
mode. This allows conferring information such as "no such policy exists"
when creating a token -- not an error, but something the user should be
aware of.

Fixes #676
2015-10-07 16:18:39 -04:00
Jeff Mitchell 4a52de13e3 Add renew-self endpoint.
Fixes #455.
2015-10-07 12:49:13 -04:00
vishalnayak 3dd84446ab Github backend: enable auth renewals 2015-10-02 13:33:19 -04:00
Jeff Mitchell ca50012017 Format token lease/TTL as int in JSON API when looking up 2015-09-27 22:36:36 -04:00
Jeff Mitchell 62ac518ae7 Switch per-mount values to strings going in and seconds coming out, like other commands. Indicate deprecation of 'lease' in the token backend. 2015-09-25 10:41:21 -04:00
Vishal Nayak d526c8ce1c Merge pull request #629 from hashicorp/token-create-sudo
TokenStore: Provide access based on sudo permissions and not policy name
2015-09-21 10:12:29 -04:00
vishalnayak 1a01ab3608 Take ClientToken instead of Policies 2015-09-21 10:04:03 -04:00
vishalnayak 02485e7175 Abstraced SudoPrivilege to take list of policies 2015-09-19 18:23:44 -04:00
vishalnayak a2799b235e Using acl.RootPrivilege and rewrote mockTokenStore 2015-09-19 17:53:24 -04:00
vishalnayak fb77ec3623 TokenStore: Provide access based on sudo permissions and not policy name 2015-09-19 11:14:51 -04:00
Jeff Mitchell b655f6b858 Add HMAC capability to salt. Pass a salt into audit backends. Require it for audit.Hash. 2015-09-18 17:38:22 -04:00
Jeff Mitchell d775445efe Store token creation time and TTL. This can be used to properly populate
fields in 'lookup-self'. Importantly, this also makes credential
backends use the SystemView per-backend TTL values and fixes unit tests
to expect this.

Fully fixes #527
2015-09-18 16:39:35 -04:00
Jeff Mitchell 8f79e8be82 Add revoke-self endpoint.
Fixes #620.
2015-09-17 13:22:30 -04:00
Jeff Mitchell 047ba90a44 Restrict orphan revocation to root tokens 2015-09-16 09:22:15 -04:00
Jeff Mitchell e7d5a18e94 Directly pass the cubbyhole backend to the token store and bypass logic in router 2015-09-15 13:50:37 -04:00
Jeff Mitchell bdb8cf128d Cleanup; remove everything but double-salting from the router and give
the token store cubby backend information for direct calling.
2015-09-15 13:50:37 -04:00
Jeff Mitchell 77e7379ab5 Implement the cubbyhole backend
In order to implement this efficiently, I have introduced the concept of
"singleton" backends -- currently, 'sys' and 'cubbyhole'. There isn't
much reason to allow sys to be mounted at multiple places, and there
isn't much reason you'd need multiple per-token storage areas. By
restricting it to just one, I can store that particular mount instead of
iterating through them in order to call the appropriate revoke function.

Additionally, because revocation on the backend needs to be triggered by
the token store, the token store's salt is kept in the router and
client tokens going to the cubbyhole backend are double-salted by the
router. This allows the token store to drive when revocation happens
using its salted tokens.
2015-09-15 13:50:37 -04:00
vishalnayak 142cb563a6 Improve documentation of token renewal 2015-09-11 21:08:32 -04:00
Jeff Mitchell c460ff10ca Push a lot of logic into Router to make a bunch of it nicer and enable a
lot of cleanup. Plumb config and calls to framework.Backend.Setup() into
logical_system and elsewhere, including tests.
2015-09-10 15:09:54 -04:00