luxolus/open-vault
2
0
Fork 0
Code Issues 1 Pull requests Releases Activity
3990 commits 1 branch 0 tags 214 MiB
Commit graph

735 commits

Author SHA1 Message Date
Jeff Mitchell 5b210b2a1f Return a duration instead and port a few other places to use it 2016-07-11 18:19:35 +00:00
Jeff Mitchell ab6c2bc5e8 Factor out parsing duration second type and use it for parsing tune values too 2016-07-11 17:53:39 +00:00
vishalnayak fcb0b580ab Fix broken build 2016-07-08 23:16:58 -04:00
vishalnayak 55a667b8cd Fix broken build 2016-07-08 20:30:27 -04:00
vishalnayak dc690d6233 Place error check before the response check in expiration test 2016-07-08 19:01:36 -04:00
Jeff Mitchell c7d72fea90 Do some extra checking in the modified renewal check 2016-07-08 10:34:49 -04:00
Jeff Mitchell 7023eafc67 Make the API client retry on 5xx errors. 
This should help with transient issues. Full control over min/max delays
and number of retries (and ability to turn off) is provided in the API
and via env vars.

Fix tests.
 2016-07-06 16:50:23 -04:00
Jeff Mitchell 88c7292023 Fix broken test 2016-07-05 12:54:27 -04:00
Jeff Mitchell 8ce13b3f68 Add non-wrapped step 2016-07-05 12:11:40 -04:00
Jeff Mitchell b6ca7e9423 Add response wrapping support to login endpoints. 
Fixes #1587
 2016-07-05 11:46:21 -04:00
Jeff Mitchell 90c2f5bb55 Fix some more too-tight timing in the token store tests 2016-07-01 11:59:39 -04:00
Jeff Mitchell f3e6e4ee28 Fix timing in explicit max ttl test 2016-07-01 11:37:27 -04:00
Jeff Mitchell 09720bbd8e Fix picking wrong token lock 2016-06-27 11:17:08 -04:00
vishalnayak 2933c5ce08 Made default_lease_ttl and max_lease_ttl as int64 and fixed tests 2016-06-20 20:23:49 -04:00
vishalnayak 0bdeea3a33 Fix the test cases 2016-06-20 18:56:19 -04:00
vishalnayak 848b479a61 Added 'sys/auth/<path>/tune' endpoints. 
Displaying 'Default TTL' and 'Max TTL' in the output of 'vault auth -methods'
 2016-06-15 13:58:24 -04:00
Jeff Mitchell 368a17e978 Add some commenting 2016-06-14 05:54:09 +00:00
Jeff Mitchell e925987cb6 Add token accessor to wrap information if one exists 2016-06-13 23:58:17 +00:00
Jeff Mitchell 1de6140d5c Fix mah broken tests 2016-06-10 14:03:56 -04:00
Jeff Mitchell 9f6c5bc02a cubbyhole-response-wrapping -> response-wrapping 2016-06-10 13:48:46 -04:00
Jeff Mitchell e4ce81afa1 Remove unneeded Fields in passthrough 2016-06-09 10:33:24 -04:00
Jeff Mitchell 351f536913 Don't check parsability of a ttl key on write. 
On read we already ignore bad values, so we shouldn't be restricting
this on write; doing so alters expected data-in-data-out behavior. In
addition, don't issue a warning if a given `ttl` value can't be parsed,
as this can quickly get annoying if it's on purpose.

The documentation has been updated/clarified to make it clear that this
is optional behavior that doesn't affect the status of the key as POD
and the `lease_duration` returned will otherwise default to the
system/mount defaults.

Fixes #1505
 2016-06-08 20:14:36 -04:00
Jeff Mitchell 2b4b6559e3 Merge pull request #1504 from hashicorp/token-store-roles-renewability 
Add renewable flag to token store roles
 2016-06-08 15:56:54 -04:00
Jeff Mitchell 8a1bff7c11 Make out-of-bounds explicit max a cap+warning instead of an error 2016-06-08 15:25:17 -04:00
Jeff Mitchell cf8f38bd4c Add renewable flag to token store roles 2016-06-08 15:17:22 -04:00
Jeff Mitchell 65d8973864 Add explicit max TTL capability to token creation API 2016-06-08 14:49:48 -04:00
Jeff Mitchell c0155ac02b Add renewable flag and API setting for token creation 2016-06-08 11:14:30 -04:00
Jeff Mitchell bb1e8ddaa2 Make token renewable status work properly on lookup 2016-06-08 09:19:39 -04:00
Jeff Mitchell 10b218d292 Use time.Time which does RFC3339 across the wire to handle time zones. Arguably we should change the API to always do this... 2016-06-07 16:01:09 -04:00
Jeff Mitchell 401456ea50 Add creation time to returned wrapped token info 
This makes it easier to understand the expected lifetime without a
lookup call that uses the single use left on the token.

This also adds a couple of safety checks and for JSON uses int, rather
than int64, for the TTL for the wrapped token.
 2016-06-07 15:00:35 -04:00
Jeff Mitchell f8d70b64a0 Show renewable status for tokens in output 2016-06-01 17:30:31 -04:00
Vishal Nayak 9dd4e5ec5b Merge pull request #1235 from hashicorp/policies-validation 
Strip out other policies if root is present
 2016-06-01 12:08:22 -04:00
vishalnayak 4fea41f7e5 Use entry.Type as a criteria for upgrade 2016-06-01 10:30:11 -04:00
vishalnayak 875778a2d9 Modify just the type and not the path 2016-05-31 23:19:13 -04:00
vishalnayak 1e4834bd20 Remove addDefault param from ParsePolicies 2016-05-31 13:39:58 -04:00
vishalnayak 49b4c83580 Adding default policies while creating tokens 2016-05-31 13:39:58 -04:00
vishalnayak 55fbfab4fe Upgrade 'aws' auth table entry to 'aws-ec2' 2016-05-30 18:58:58 -04:00
Jeff Mitchell 8d19b4fb53 Add keyring zeroize function and add some more memzero calls in 
appropriate places. Known to be best-effort, but may help in some cases.

Fixes #1446
 2016-05-27 20:47:40 +00:00
vishalnayak 1d94828e45 Re-enable rollback triggers for auth backends 2016-05-26 14:29:41 -04:00
Vishal Nayak 644ac5f5e8 Merge pull request #1456 from hashicorp/consul-lease-renewal 
Fix the consul secret backends renewal revocation problem
 2016-05-26 13:59:45 -04:00
Jeff Mitchell a57996ac08 Add to auth/audit too 2016-05-26 13:38:51 -04:00
Jeff Mitchell 475b0e2d33 Add table/type checking to mounts table. 2016-05-26 12:55:00 -04:00
vishalnayak c0e745dbfa s/logical.ErrorResponse/fmt.Errorf in renewal functions of credential backends 2016-05-26 10:21:03 -04:00
vishalnayak 70b8530962 Fix the consul secret backends renewal revocation problem 2016-05-25 23:24:16 -04:00
Jeff Mitchell 417a56c42b Disable rollback on auth for now and add workaround for its auth/ adding to entry paths 2016-05-25 17:53:45 -04:00
Jeff Mitchell 05b0e0a866 Enable audit-logging of seal and step-down commands. 
This pulls the logical request building code into its own function so
that it's accessible from other HTTP handlers, then uses that with some
added logic to the Seal() and StepDown() commands to have meaningful
audit log entries.
 2016-05-20 17:03:54 +00:00
Jeff Mitchell 0da8762bd5 Add unwrap command, and change how the response is embedded (as a string, not an object) 2016-05-19 11:25:15 -04:00
Jeff Mitchell 2e6ac4c37a Remove wrap specs from backend response 2016-05-19 03:06:09 +00:00
Jeff Mitchell c4431a7e30 Address most review feedback. Change responses to multierror to better return more useful values when there are multiple errors 2016-05-16 16:11:33 -04:00
Jeff Mitchell 4c67a739b9 Merge branch 'master-oss' into cubbyhole-the-world 2016-05-16 12:14:40 -04:00