Jeff Mitchell
bdcfe05517
Clustering enhancements ( #1747 )
2016-08-19 11:03:53 -04:00
vishalnayak
87c42a796b
s/advertisement/redirect
2016-08-19 10:52:14 -04:00
Jeff Mitchell
62c69f8e19
Provide base64 keys in addition to hex encoded. ( #1734 )
...
* Provide base64 keys in addition to hex encoded.
Accept these at unseal/rekey time.
Also fix a bug where backup would not be honored when doing a rekey with
no operation currently ongoing.
2016-08-15 16:01:15 -04:00
Jeff Mitchell
37320f8798
Request forwarding ( #1721 )
...
Add request forwarding.
2016-08-15 09:42:42 -04:00
vishalnayak
cff7aada7a
Fix invalid input getting marked as internal error
2016-07-28 16:23:11 -04:00
vishalnayak
a3e6400697
Remove global name/id. Make only cluster name configurable.
2016-07-26 10:01:35 -04:00
vishalnayak
c7dabe4def
Storing local and global cluster name/id to storage and returning them in health status
2016-07-26 02:32:42 -04:00
Jeff Mitchell
df621911d7
Merge pull request #1624 from hashicorp/dynamodb-ha-off-default
...
Turn off DynamoDB HA by default.
2016-07-18 13:54:26 -04:00
Jeff Mitchell
028d024345
Add metrics around leadership
...
This can be helpful for detecting flapping.
Fixes #1544
2016-07-18 13:38:44 -04:00
Jeff Mitchell
a3ce0dcb0c
Turn off DynamoDB HA by default.
...
The semantics are wonky and have caused issues from people not reading
docs. It can be enabled but by default is off.
2016-07-18 13:19:58 -04:00
Jeff Mitchell
05b0e0a866
Enable audit-logging of seal and step-down commands.
...
This pulls the logical request building code into its own function so
that it's accessible from other HTTP handlers, then uses that with some
added logic to the Seal() and StepDown() commands to have meaningful
audit log entries.
2016-05-20 17:03:54 +00:00
Jeff Mitchell
c4431a7e30
Address most review feedback. Change responses to multierror to better return more useful values when there are multiple errors
2016-05-16 16:11:33 -04:00
Jeff Mitchell
560e9c30a3
Merge branch 'master-oss' into cubbyhole-the-world
2016-05-12 14:59:12 -04:00
Sean Chittenden
99a5213f0b
Merge pull request #1355 from hashicorp/f-vault-service
...
Vault/Consul Service refinement
2016-05-12 11:48:29 -07:00
Jeff Mitchell
c52d352332
Merge branch 'master-oss' into cubbyhole-the-world
2016-05-07 16:40:04 -04:00
Jeff Mitchell
fe1f56de40
Make a non-caching but still locking variant of transit for when caches are disabled
2016-05-02 22:36:44 -04:00
Jeff Mitchell
8572190b64
Plumb disabling caches through the policy store
2016-05-02 22:36:44 -04:00
Jeff Mitchell
2ebe49d3a1
Change UseToken mechanics.
...
Add locking around UseToken and Lookup. Have UseToken flag an entry that
needs to be revoked so that it can be done at the appropriate time, but
so that Lookup in the interm doesn't return a value.
The locking is a map of 4096 locks keyed off of the first three
characters of the token ID which should provide good distribution.
2016-05-02 03:44:24 -04:00
Jeff Mitchell
aba689a877
Add wrapping through core and change to use TTL instead of Duration.
2016-05-02 00:47:35 -04:00
Sean Chittenden
5068d68a13
Name the output parameters for Leader
2016-04-28 11:05:18 -07:00
Sean Chittenden
0b72906fc3
Change the interface of ServiceDiscovery
...
Instead of passing state, signal that the state has changed and provide a callback handler that can query Core.
2016-04-28 11:05:18 -07:00
Sean Chittenden
7fe0b2c6a1
Persistently retry to update service registration
...
If the local Consul agent is not available while attempting to step down from active or up to active, retry once a second. Allow for concurrent changes to the state with a single registration updater. Fix standby initialization.
2016-04-25 18:01:13 -07:00
Sean Chittenden
230b59f34c
Stub out service discovery functionality
...
Hook asynchronous notifications into Core to change the status of vault based on its active/standby, and sealed/unsealed status.
2016-04-25 18:00:54 -07:00
Jeff Mitchell
53773f12e3
Register the token entry's path instead of the request path, to handle role suffixes correctly
2016-04-14 08:08:28 -04:00
Jeff Mitchell
a4ff72841e
Check for seal status when initing and change logic order to avoid defer
2016-04-14 01:13:59 +00:00
vishalnayak
e3a1ee92b5
Utility Enhancements
2016-04-05 20:32:59 -04:00
Jeff Mitchell
afae46feb7
SealInterface
2016-04-04 10:44:22 -04:00
Jeff Mitchell
ddce1efd0d
Two items:
...
1: Fix path check in core to handle renew paths from the token store
that aren't simply renew/
2: Use token policy logic if token store role policies are empty
2016-03-31 14:52:49 -04:00
Jeff Mitchell
8a5fc6b017
Sort and filter policies going into the create token entry, then use
...
that as the definitive source for the response Auth object.
2016-03-15 14:05:25 -04:00
Jeff Mitchell
90dd55b1e6
Sort policies before returning/storing, like we do in handleCreateCommon
2016-03-10 22:31:26 -05:00
vishalnayak
378db2bc3c
Add default policy to response auth object
2016-03-10 19:55:38 -05:00
Jeff Mitchell
fa2ba47a5c
Merge branch 'master' into token-roles
2016-03-09 17:23:34 -05:00
Jeff Mitchell
d4371d1393
Add accessor to returned auth
2016-03-09 17:15:42 -05:00
Jeff Mitchell
cc1f5207b3
Merge branch 'master' into token-roles
2016-03-07 10:03:54 -05:00
Jeff Mitchell
9bf6c40974
Add default case for if the step down channel is blocked
2016-03-03 12:29:30 -05:00
Jeff Mitchell
ef990a3681
Initial work on token roles
2016-03-01 12:41:40 -05:00
Jeff Mitchell
6a980b88fd
Address review feedback
2016-02-28 21:51:50 -05:00
Jeff Mitchell
11ddd2290b
Provide 'sys/step-down' and 'vault step-down'
...
This endpoint causes the node it's hit to step down from active duty.
It's a noop if the node isn't active or not running in HA mode. The node
will wait one second before attempting to reacquire the lock, to give
other nodes a chance to grab it.
Fixes #1093
2016-02-26 19:43:55 -05:00
vishalnayak
a10888f1f1
Added comments to changes the error message
2016-02-03 11:35:47 -05:00
vishalnayak
f1facb0f9f
Throw error on sealing vault in standby mode
2016-02-03 10:58:33 -05:00
Jeff Mitchell
8b9fa042fe
If the path is not correct, don't fail due to existence check, fail due to unsupported path
2016-01-23 14:05:09 -05:00
Jeff Mitchell
9cac7ccd0f
Add some commenting
2016-01-22 10:13:49 -05:00
Jeff Mitchell
3955604d3e
Address more list feedback
2016-01-22 10:07:32 -05:00
Jeff Mitchell
b2bde47b01
Pull out setting the root token ID; use the new ParseUUID method in
...
go-uuid instead, and revoke if there is an error.
2016-01-19 19:44:33 -05:00
Jeff Mitchell
973c888833
RootGeneration->GenerateRoot
2016-01-19 18:28:10 -05:00
Jeff Mitchell
3b994dbc7f
Add the ability to generate root tokens via unseal keys.
2016-01-19 18:28:10 -05:00
Jeff Mitchell
9857da207c
Move rekey to its own files for cleanliness
2016-01-14 17:01:04 -05:00
Jeff Mitchell
9c5ad28632
Update deps, and adjust usage of go-uuid to match new return values
2016-01-13 13:40:08 -05:00
Jeff Mitchell
d949043cac
Merge pull request #914 from hashicorp/acl-rework
...
More granular ACL capabilities
2016-01-12 21:11:52 -05:00
Jeff Mitchell
da87d490eb
Add some commenting around create/update
2016-01-12 15:13:54 -05:00
Jeff Mitchell
9db22dcfad
Address some more review feedback
2016-01-12 15:09:16 -05:00
Jeff Mitchell
f6d2271a3c
Use an array of keys so that if the same fingerprint is used none are lost when using PGP key backup
2016-01-08 14:29:23 -05:00
Jeff Mitchell
4f4ddbf017
Create more granular ACL capabilities.
...
This commit splits ACL policies into more fine-grained capabilities.
This both drastically simplifies the checking code and makes it possible
to support needed workflows that are not possible with the previous
method. It is backwards compatible; policies containing a "policy"
string are simply converted to a set of capabilities matching previous
behavior.
Fixes #724 (and others).
2016-01-08 13:05:14 -05:00
Jeff Mitchell
f3ce90164f
WriteOperation -> UpdateOperation
2016-01-08 13:03:03 -05:00
Jeff Mitchell
85509e7ba5
Simplify some logic and ensure that if key share backup fails, we fail
...
the operation as well.
Ping #907
2016-01-06 13:14:23 -05:00
Jeff Mitchell
a094eedce2
Add rekey nonce/backup.
2016-01-06 09:54:35 -05:00
Jeff Mitchell
96cb7d0051
Commenting/format update
2015-12-18 10:34:54 -05:00
Jeff Mitchell
4482fdacfd
If we have not yet completed post-unseal when running in single-node
...
mode, don't advertise that we are active.
Ping #872
2015-12-17 13:48:08 -05:00
Jeff Mitchell
f2da5b639f
Migrate 'uuid' to 'go-uuid' to better fit HC naming convention
2015-12-16 12:56:20 -05:00
Jeff Mitchell
7ce8aff906
Address review feedback
2015-12-14 17:58:30 -05:00
Jeff Mitchell
ced0835574
Allow separate HA physical backend.
...
With no separate backend specified, HA will be attempted on the normal
physical backend.
Fixes #395 .
2015-12-14 07:59:58 -05:00
Jeff Mitchell
bc4c18a1cf
Rearchitect MountTable locking and fix rollback.
...
The rollback manager was using a saved MountTable rather than the
current table, causing it to attempt to rollback unmounted mounts, and
never rollback new mounts.
In fixing this, it became clear that bad things could happen to the
mount table...the table itself could be locked, but the table pointer
(which is what the rollback manager needs) could be modified at any time
without locking. This commit therefore also returns locking to a mutex
outside the table instead of inside, and plumbs RLock/RUnlock through to
the various places that are reading the table but not holding a write
lock.
Both unit tests and race detection pass.
Fixes #771
2015-11-11 11:54:52 -05:00
Jeff Mitchell
d6693129de
Create a "default" policy with sensible rules.
...
It is forced to be included with each token, but can be changed (but not
deleted).
Fixes #732
2015-11-09 15:44:09 -05:00
Jeff Mitchell
7aa3faa626
Rename core's 'policy' to 'policyStore' for clarification
2015-11-06 12:07:42 -05:00
Jeff Mitchell
a9db12670a
errwrap -> go-multierror + errwrap
2015-11-02 13:29:33 -05:00
Jeff Mitchell
7e9918ec8e
Run preSeal if postUnseal fails.
...
This also ensures that every error path out of postUnseal returns an
error.
Fixes #733
2015-11-02 13:29:33 -05:00
Jeff Mitchell
94b7be702b
Return data on a token with one use left if there is no Lease ID
...
Fixes #615
2015-10-30 12:35:42 -04:00
Jeff Mitchell
636d57a026
Make the token store's Create and RootToken functions non-exported.
...
Nothing requires them to be exported, and I don't want anything in the
future to think it's okay to simply create a root token when it likes.
2015-10-30 10:59:26 -04:00
Jeff Mitchell
c1d8b97342
Add reset support to the unseal command.
...
Reset clears the provided unseal keys, allowing the process to be begun
again. Includes documentation and unit test changes.
Fixes #695
2015-10-28 15:59:39 -04:00
Jeff Mitchell
78b5fcdf51
Serialize changing the state of the expiration manager pointer and
...
calling emitMetrics from its own goroutine.
Fixes #694
2015-10-12 16:33:54 -04:00
Jeff Mitchell
a9155ef85e
Use split-out hashicorp/uuid
2015-10-12 14:07:12 -04:00
Jeff Mitchell
5fbaa0e64d
Apply mount-tune properties to the token authentication backend.
...
Fixes #688 .
2015-10-09 20:26:39 -04:00
Jeff Mitchell
bd1dce7f95
Address review feedback for #684
2015-10-08 14:34:10 -04:00
Jeff Mitchell
d58a3b601c
Add a cleanLeaderPrefix function to clean up stale leader entries in core/leader
...
Fixes #679 .
2015-10-08 14:04:58 -04:00
Jeff Mitchell
21644751ed
Fix the key rotation upgrade check error message
2015-10-05 18:23:32 -04:00
Jeff Mitchell
8f27c250d6
Fix problematic logging statements.
...
Fixes #665 .
2015-10-02 18:31:46 -07:00
Jeff Mitchell
81e535dc2d
Minor updates to passthrough and additional tests
2015-09-21 16:57:41 -04:00
Jeff Mitchell
47e8c0070a
Don't use leases on the generic backend...with a caveat.
...
You can now turn on and off the lease behavior in the generic backend by
using one of two factories. Core uses the normal one if it's not already
set, so unit tests can use the custom one and all stay working.
This also adds logic into core to check, when the response is coming
from a generic backend, whether that backend has leases enabled. This
adds some slight overhead.
2015-09-21 16:37:37 -04:00
Jeff Mitchell
d775445efe
Store token creation time and TTL. This can be used to properly populate
...
fields in 'lookup-self'. Importantly, this also makes credential
backends use the SystemView per-backend TTL values and fixes unit tests
to expect this.
Fully fixes #527
2015-09-18 16:39:35 -04:00
Jeff Mitchell
77e7379ab5
Implement the cubbyhole backend
...
In order to implement this efficiently, I have introduced the concept of
"singleton" backends -- currently, 'sys' and 'cubbyhole'. There isn't
much reason to allow sys to be mounted at multiple places, and there
isn't much reason you'd need multiple per-token storage areas. By
restricting it to just one, I can store that particular mount instead of
iterating through them in order to call the appropriate revoke function.
Additionally, because revocation on the backend needs to be triggered by
the token store, the token store's salt is kept in the router and
client tokens going to the cubbyhole backend are double-salted by the
router. This allows the token store to drive when revocation happens
using its salted tokens.
2015-09-15 13:50:37 -04:00
Jeff Mitchell
699e12a1c6
When there is one use left and a Secret is being returned, instead
...
return a descriptive error indicating that the Secret cannot be returned
because when the token was revoked the secret was too. This prevents
confusion where credentials come back but cannot be used.
Fixes #615
2015-09-14 11:07:27 -04:00
Jeff Mitchell
39cfcccdac
Remove error returns from sysview TTL calls
2015-09-10 15:09:54 -04:00
Jeff Mitchell
65ceb3439d
Be consistent as both are the same pointer here
2015-09-10 15:09:54 -04:00
Jeff Mitchell
c460ff10ca
Push a lot of logic into Router to make a bunch of it nicer and enable a
...
lot of cleanup. Plumb config and calls to framework.Backend.Setup() into
logical_system and elsewhere, including tests.
2015-09-10 15:09:54 -04:00
Jeff Mitchell
488d33c70a
Rejig how dynamic values are represented in system view and location of some functions in various packages; create mount-tune command and API analogues; update documentation
2015-09-10 15:09:54 -04:00
Jeff Mitchell
17c60d3e78
Add logic to core to fetch a SystemView for a given mount entry and use those values for default/max TTL. The SystemView will reflect system defaults if not set for that mount.
2015-09-10 15:09:53 -04:00
Jeff Mitchell
98d0d23d70
Ensure token store is available when looking up token
2015-09-01 08:21:47 -04:00
Jeff Mitchell
3f45f3f41b
Rename config lease_duration parameters to lease_ttl in line with current standardization efforts
2015-08-27 07:50:24 -07:00
Jeff Mitchell
cc232e6f79
Address comments from review.
2015-08-25 15:33:58 -07:00
Jeff Mitchell
c887df93cc
Add support for pgp-keys argument to rekey, as well as tests, plus
...
refactor common bits out of init.
2015-08-25 14:52:13 -07:00
Jeff Mitchell
f57e7892e7
Don't store the given public keys in the seal config
2015-08-25 14:52:13 -07:00
Jeff Mitchell
2f3e245b0b
Add support for "pgp-tokens" parameters to init.
...
There are thorough unit tests that read the returned
encrypted tokens, seal the vault, and unseal it
again to ensure all works as expected.
2015-08-25 14:52:13 -07:00
Jeff Mitchell
93ef9a54bd
Internally refactor Lease/LeaseGracePeriod into TTL/GracePeriod
2015-08-20 18:00:51 -07:00
Jeff Mitchell
db79dd8c22
Don't defer revocation when sealing, and clear out response/auth if there is a token use error
2015-08-20 10:37:42 -07:00
Jeff Mitchell
0e8e3660ff
Fix #461 properly by defering potential revocation of a token until after the request is fully handled.
2015-08-20 10:14:13 -07:00
Karl Gutwin
151ec72d00
Add configuration options for default lease duration and max lease duration.
2015-07-30 09:42:49 -04:00
Armon Dadgar
41b72a4d39
vault: provide view to backend initializer for setup
2015-06-30 17:30:43 -07:00
Armon Dadgar
8bc99f8c23
helper/uuid: single generateUUID definition
2015-06-30 12:38:32 -07:00
Armon Dadgar
496ebe561c
vault: cleanups for the audit log changes
2015-06-29 15:27:28 -07:00
Nate Brown
b667ef4c71
Collapsing audit response logging to a single point
2015-06-18 19:48:26 -07:00