Jeff Mitchell
f7147025dd
Migrate to sdk/internalshared libs in go-secure-stdlib ( #12090 )
...
* Swap sdk/helper libs to go-secure-stdlib
* Migrate to go-secure-stdlib reloadutil
* Migrate to go-secure-stdlib kv-builder
* Migrate to go-secure-stdlib gatedwriter
2021-07-15 20:17:31 -04:00
Hridoy Roy
1782b4e880
oss part of control groups upgrade ( #11772 )
...
* oss part of control groups upgrade
* changelog and docs
* formatting
* formatting
2021-06-07 09:15:35 -07:00
Lars Lehtonen
53dd619d2f
vault: deprecate errwrap.Wrapf() ( #11577 )
2021-05-11 13:12:54 -04:00
Brian Kassouf
303c2aee7c
Run a more strict formatter over the code ( #11312 )
...
* Update tooling
* Run gofumpt
* go mod vendor
2021-04-08 09:43:39 -07:00
Brian Kassouf
549faf47f2
Add identity templating helper to sdk/framework ( #8088 )
...
* Add identity templating helper to sdk/framework
* Cleanup a bit
* Fix length issue when groups/aliases are filtered due to ns
* review feedback
2020-01-06 10:16:52 -08:00
Jim Kalafut
2bf5db4fe8
Add OIDC token generation to Identity ( #6900 )
...
* Add OIDC token generation to Identity
There are a few open TODOs and some remaining cleanup, but this is
functionally complete and ready for review.
(Tests will being added soon.)
* Simplified key update endpoint
* Cache the config
* Fix Issuer handling
* Suppose base64-encoded templates (#6919 )
* Cache JWKS and switch to go-cache (#6918 )
* Address review comments
* Add warning if neither Issue nor api_addr are set
* adds tests (#6937 )
* adds help synopsis and descriptions to the framework path for the oid… (#6930 )
* adds help synopsis and descriptions to the framework path for the oidc backend
* Update vault/identity_store_oidc.go
Co-Authored-By: Jim Kalafut <jim@kalafut.net>
* Add Now parameter to PopulateStringInput
* Addressing review comments
* Refactor template processing to improve mode-specific handling
* adds a test for the periodic func (#6943 )
* adds a test for the periodic func
* removes commented out code
* adds a comment
* Add comments
2019-06-21 10:23:39 -07:00
Jeff Mitchell
9ebc57581d
Switch to go modules ( #6585 )
...
* Switch to go modules
* Make fmt
2019-04-13 03:44:06 -04:00
Jeff Mitchell
8bcb533a1b
Create sdk/ and api/ submodules ( #6583 )
2019-04-12 17:54:35 -04:00
Jeff Mitchell
aa6fafced9
Fix hasMountPath for segment wildcard mounts; introduce priority order ( #6532 )
...
* Add prioritization when multiple segment/glob rules can match.
* Disallow ambiguous "+*" in policy paths.
2019-04-10 17:46:17 -04:00
Jeff Mitchell
3dfa30acb4
Add ability to use path wildcard segments ( #6164 )
...
* Path globbing
* Add glob support at the beginning
* Ensure when evaluating an ACL that our path never has a leading slash. This already happens in the normal request path but not in tests; putting it here provides it for tests and extra safety in case the request path changes
* Simplify the algorithm, we don't really need to validate the prefix first as glob won't apply if it doesn't
* Add path segment wildcarding
* Disable path globbing for now
* Remove now-unneeded test
* Remove commented out globbing bits
* Remove more holdover glob bits
* Rename k var to something more clear
2019-02-14 18:31:43 -08:00
Jeff Mitchell
c5d8391c38
Prefix path rename ( #6089 )
...
* Rename Prefix -> Path in internal struct
* Update test
2019-01-23 15:04:49 -05:00
Jeff Mitchell
a11f2a3ba2
Rename glob -> prefix in ACL internals ( #6086 )
...
Really, it's a prefix
2019-01-23 13:55:40 -05:00
Jeff Mitchell
59bc9dd361
Add missing value to policy ShallowClone
...
Not related to a bug, just happened to notice it.
2019-01-23 13:20:04 -05:00
Jim Kalafut
d0e2badbae
Run goimports across the repository ( #6010 )
...
The result will still pass gofmtcheck and won't trigger additional
changes if someone isn't using goimports, but it will avoid the
piecemeal imports changes we've been seeing.
2019-01-08 16:48:57 -08:00
Jeff Mitchell
919b968c27
The big one ( #5346 )
2018-09-17 23:03:00 -04:00
Chris Hoffman
716fb03ab7
perform policy templating on each path ( #5229 )
2018-08-30 18:45:11 -04:00
Jeff Mitchell
f5024770dc
Allow comment key in policies
2018-08-24 09:42:47 -04:00
Jeff Mitchell
ba0d029247
Restricts ACL templating to paths but allows failures ( #5167 )
...
When a templating failure happens, we now simply ignore that path,
rather than fail all access to all policies
2018-08-23 12:15:02 -04:00
Jeff Mitchell
71d92ef093
ACL Templating ( #4994 )
...
* Initial work on templating
* Add check for unbalanced closing in front
* Add missing templated assignment
* Add first cut of end-to-end test on templating.
* Make template errors be 403s and finish up testing
* Review feedback
2018-08-15 11:42:56 -07:00
Calvin Leung Huang
c4abeb9ea5
Move checkHCLKeys into hclutil ( #4749 )
2018-06-12 12:38:08 -04:00
Vishal Nayak
28e3eb9e2c
Errwrap everywhere ( #4252 )
...
* package api
* package builtin/credential
* package builtin/logical
* package command
* package helper
* package http and logical
* package physical
* package shamir
* package vault
* package vault
* address feedback
* more fixes
2018-04-05 11:49:21 -04:00
Chris Hoffman
3d8d887676
Add ability to require parameters in ACLs ( #3510 )
2017-11-02 07:18:49 -04:00
Jeff Mitchell
8e9317792d
Fix some merge/update bugs
2017-10-23 16:49:46 -04:00
Jeff Mitchell
47dae8ffc7
Sync
2017-10-23 14:59:37 -04:00
Jeff Mitchell
ab5014534e
Clone policy permissions and then use existing values rather than policy values for modifications ( #2826 )
...
Should fix #2804
2017-06-07 13:49:51 -04:00
Jeff Mitchell
5119b173c4
Rename helper 'duration' to 'parseutil'. ( #2449 )
...
Add a ParseBool function that accepts various kinds of ways of
specifying booleans.
Have config use ParseBool for UI and disabling mlock/cache.
2017-03-07 11:21:22 -05:00
Jeff Mitchell
7f0a99e8eb
Add max/min wrapping TTL ACL statements ( #2411 )
2017-02-27 14:42:00 -05:00
Brian Kassouf
1c5264c66c
ToLower parameter strings
2017-02-16 17:50:10 -08:00
Jeff Mitchell
da9e62bc24
Remove "permissions" from ACL
2017-02-15 21:12:26 -05:00
Brian Kassouf
7ec19459a7
Remove extra comments
2017-01-20 11:38:40 -08:00
Brian Kassouf
df800198e0
Remove some extra comments
2017-01-20 11:32:58 -08:00
Brian Kassouf
37f393ff94
Remove unneeded comment block
2017-01-19 18:18:06 -08:00
Brian Kassouf
f3870061ee
fix some of the tests and rename allowed/dissallowed paramaters
2017-01-19 16:40:19 -08:00
mwoolsey
907e735541
Permissions were changed from a structure to and array of interfaces. Code optimization for acl.go. Fixed bug where multiple parameters would allow if second or following parameters were denied and there was a wildcard in allow.
2016-12-06 18:14:15 -08:00
ChaseLEngel
2ea4caeffb
Update acl and policy tests to use Permissions.
2016-10-21 23:45:39 -07:00
mwoolsey
ed982675a1
permissions structure now holds a map of strings to empty structs. Modified acl.go to acommidate these changes
2016-10-21 19:35:55 -07:00
ChaseLEngel
c6b63b5312
Implemented AllowOperation parameter permission checking for request data.
2016-10-21 18:38:05 -07:00
ChaseLEngel
c2b512cf46
Changed AllowOperation to take logical.Request
2016-10-16 16:29:52 -07:00
ChaseLEngel
bd7711bebf
Merge allowed and disallowed parameters maps.
2016-10-16 15:24:32 -07:00
mwoolsey
93bb52b733
policy now includes whether a certain parameter can be updated
2016-10-15 16:44:57 -07:00
mwoolsey
231d3e7758
policy now includes whether a certain parameter can be updated
2016-10-15 16:43:55 -07:00
ChaseLEngel
119dd9653e
Adding permissions to hcl config and decoding it.
2016-10-14 14:24:45 -07:00
ChaseLEngel
bd5235960c
Fixed permission conflicts
2016-10-14 10:33:12 -07:00
ChaseLEngel
d480df7141
Fixed Policy Permissions intergration and spelling.
2016-10-14 10:22:00 -07:00
mwoolsey
eb8b8a1def
created structure for permissions and modified parsePaths in policy.go and newAcl/AllowOperation in acl.go
2016-10-14 10:17:25 -07:00
mwoolsey
6aa9a1d165
updated policy.go to include an expanded structure to add the ability to track allowed and disallowed params in the PathCapabilities structure. Updating Acl.go to interface with the updated PathCapabilites structure
2016-10-09 15:39:58 -07:00
Seth Vargo
f6adea85ce
Preserve pointer
2016-03-10 15:55:47 -05:00
Seth Vargo
ad7049eed1
Parse policy HCL syntax and keys
2016-03-10 15:25:25 -05:00
vishalnayak
9946a2d8b5
refactoring changes due to acl.Capabilities
2016-03-04 18:55:48 -05:00
Jeff Mitchell
9717ca5931
Strip leading paths in policies.
...
It appears to be a common mistake, but they won't ever match.
Fixes #1167
2016-03-03 11:32:48 -05:00