Commit graph

82 commits

Author SHA1 Message Date
vishalnayak eeea9710b6 Generalized the error message and updated doc 2016-02-03 15:06:18 -05:00
vishalnayak f5fbd12ac3 Test for seal on standby node 2016-02-03 12:28:01 -05:00
Jeff Mitchell 9857da207c Move rekey to its own files for cleanliness 2016-01-14 17:01:04 -05:00
Jeff Mitchell 9c5ad28632 Update deps, and adjust usage of go-uuid to match new return values 2016-01-13 13:40:08 -05:00
Jeff Mitchell f3ce90164f WriteOperation -> UpdateOperation 2016-01-08 13:03:03 -05:00
Jeff Mitchell a094eedce2 Add rekey nonce/backup. 2016-01-06 09:54:35 -05:00
Jeff Mitchell 5ddd243144 Store a last renewal time in the token entry and return it upon lookup
of the token.

Fixes #889
2016-01-04 11:20:49 -05:00
Jeff Mitchell df68e3bd4c Filter out duplicate policies during token creation. 2015-12-30 15:18:30 -05:00
Jeff Mitchell f2da5b639f Migrate 'uuid' to 'go-uuid' to better fit HC naming convention 2015-12-16 12:56:20 -05:00
Jeff Mitchell b2a0b48a2e Add test to ensure the right backend was used with separate HA 2015-12-14 20:48:22 -05:00
Jeff Mitchell 7ce8aff906 Address review feedback 2015-12-14 17:58:30 -05:00
Jeff Mitchell ced0835574 Allow separate HA physical backend.
With no separate backend specified, HA will be attempted on the normal
physical backend.

Fixes #395.
2015-12-14 07:59:58 -05:00
Jeff Mitchell 1a45696208 Add no-default-policy flag and API parameter to allow exclusion of the
default policy from a token create command.
2015-11-09 17:30:50 -05:00
Jeff Mitchell d6693129de Create a "default" policy with sensible rules.
It is forced to be included with each token, but can be changed (but not
deleted).

Fixes #732
2015-11-09 15:44:09 -05:00
Jeff Mitchell a9155ef85e Use split-out hashicorp/uuid 2015-10-12 14:07:12 -04:00
Jeff Mitchell bd1dce7f95 Address review feedback for #684 2015-10-08 14:34:10 -04:00
Jeff Mitchell d58a3b601c Add a cleanLeaderPrefix function to clean up stale leader entries in core/leader
Fixes #679.
2015-10-08 14:04:58 -04:00
Jeff Mitchell 47e8c0070a Don't use leases on the generic backend...with a caveat.
You can now turn on and off the lease behavior in the generic backend by
using one of two factories. Core uses the normal one if it's not already
set, so unit tests can use the custom one and all stay working.

This also adds logic into core to check, when the response is coming
from a generic backend, whether that backend has leases enabled. This
adds some slight overhead.
2015-09-21 16:37:37 -04:00
Jeff Mitchell 5dde76fa1c Expand HMAC support in Salt; require an identifier be passed in to specify type but allow generation with and without. Add a StaticSalt ID for testing functions. Fix bugs; unit tests pass. 2015-09-18 17:38:30 -04:00
Jeff Mitchell d775445efe Store token creation time and TTL. This can be used to properly populate
fields in 'lookup-self'. Importantly, this also makes credential
backends use the SystemView per-backend TTL values and fixes unit tests
to expect this.

Fully fixes #527
2015-09-18 16:39:35 -04:00
Jeff Mitchell 3f45f3f41b Rename config lease_duration parameters to lease_ttl in line with current standardization efforts 2015-08-27 07:50:24 -07:00
Jeff Mitchell 93ef9a54bd Internally refactor Lease/LeaseGracePeriod into TTL/GracePeriod 2015-08-20 18:00:51 -07:00
Karl Gutwin 151ec72d00 Add configuration options for default lease duration and max lease duration. 2015-07-30 09:42:49 -04:00
Armon Dadgar dc8cc308af vault: fixing test with glob change 2015-07-05 17:31:41 -06:00
Armon Dadgar 41b72a4d39 vault: provide view to backend initializer for setup 2015-06-30 17:30:43 -07:00
Armon Dadgar dbf6cf6e6d vault: support core shutdown 2015-06-17 18:23:59 -07:00
Armon Dadgar 5c75a6c5c7 vault: ensure token renew does not double register 2015-06-17 15:22:50 -07:00
Armon Dadgar 716f8d9979 core: adding tests for HA rekey and rotate 2015-05-29 12:16:34 -07:00
Armon Dadgar 0877160754 vault: minor rekey cleanups 2015-05-28 12:07:52 -07:00
Armon Dadgar c5352d14a4 vault: testing rekey 2015-05-28 12:02:30 -07:00
Armon Dadgar ba7bfed1af vault: Expose MountPoint to secret backend. Fixes #248 2015-05-27 11:46:42 -07:00
Armon Dadgar d15eed47ad vault: reproducing GH-203 2015-05-15 17:48:03 -07:00
Armon Dadgar 3bcd32228d vault: lease renewal should not create new lease entry 2015-05-15 17:47:39 -07:00
Armon Dadgar 18795a4b26 vault: Adding test based on bug report 2015-05-15 17:19:41 -07:00
Armon Dadgar 8f4ddfd904 vault: adding test for e33a904 2015-05-11 11:16:21 -07:00
Armon Dadgar 843d9e6484 vault: verify login endpoint never returns a secret 2015-05-09 11:51:58 -07:00
Armon Dadgar 13ab31f4b5 vault: ensure InternalData is never returned from the core 2015-05-09 11:47:46 -07:00
Armon Dadgar a6eef6bba3 vault: Guard against an invalid seal config 2015-05-08 11:05:31 -07:00
Mitchell Hashimoto 727e0e90cd vault: validate advertise addr is valid URL [GH-106] 2015-05-02 13:28:33 -07:00
Seth Vargo 95c8001388 Disable mlock in tests 2015-04-28 22:18:00 -04:00
Armon Dadgar 4473abd6ce vault: core enforcement of limited use tokens 2015-04-17 11:57:56 -07:00
Armon Dadgar 818ce0a045 vault: token store allows specifying display_name 2015-04-15 14:24:07 -07:00
Armon Dadgar 76b69b2514 vault: thread the display name through 2015-04-15 14:12:34 -07:00
Armon Dadgar 9f7143cf44 vault: expose the current leader 2015-04-14 16:53:40 -07:00
Armon Dadgar 445f64eb39 vault: leader should advertise address 2015-04-14 16:44:48 -07:00
Armon Dadgar 7579cf76ab vault: testing standby mode 2015-04-14 16:08:14 -07:00
Armon Dadgar 2820bec479 vault: testing standby mode 2015-04-14 16:06:58 -07:00
Armon Dadgar 4679febdf3 logical: Refactor LeaseOptions to share between Secret and Auth 2015-04-09 12:14:04 -07:00
Armon Dadgar 466c7575d3 Replace VaultID with LeaseID for terminology simplification 2015-04-08 13:35:32 -07:00
Mitchell Hashimoto df8dbe9677 vault: allow mount point queries without trailing / 2015-04-03 20:45:00 -07:00