luxolus/open-vault
2
0
Fork 0
Code Issues 1 Pull requests Releases Activity
4996 commits 1 branch 0 tags 214 MiB
Commit graph

895 commits

Author SHA1 Message Date
Vishal Nayak 00ffd80fcd Merge pull request #2236 from hashicorp/pgp-keys-check 
rekey: added check to ensure that length of PGP keys and the shares are matching
 2017-01-12 11:19:08 -05:00
vishalnayak daacf23c38 rekey: remove the check from vault/rekey.go in favor of check in http layer 2017-01-12 00:07:49 -05:00
vishalnayak adb6ac749f init: pgp-keys input validations 2017-01-11 23:32:38 -05:00
vishalnayak 0778a2eba7 core: adding error server logs for failure to update mount table 2017-01-11 20:21:34 -05:00
vishalnayak bf6aa296b3 rekey: added check to ensure that length of PGP keys and the shares are matching 2017-01-11 13:29:10 -05:00
Jeff Mitchell 9923c753d0 Set c.standby true in non-HA context. (#2259) 
This value is the key for some checks in core logic. In a non-HA
environment, if the core was sealed it would never be set back to true.
 2017-01-11 11:13:09 -05:00
Vishal Nayak 7367158a2a Merge pull request #2252 from hashicorp/mountentry-clone 
Adding Tainted to MountEntry.Clone
 2017-01-10 10:28:13 -05:00
vishalnayak 28c3f4a192 Adding Tainted to MountEntry.Clone 2017-01-10 08:32:33 -05:00
Jeff Mitchell bb32853fcd Fix up exclusion rules for dynamic system view IsPrimary 2017-01-07 18:31:43 -05:00
Jeff Mitchell 9d89aae00c Fix up invalidations in noopbackend 2017-01-07 18:22:34 -05:00
Armon Dadgar c37d17ed47 Adding interface methods to logical.Backend for parity (#2242) 2017-01-07 18:18:22 -05:00
Jeff Mitchell 336dfed5c3 Rename gRPC request forwarding method 2017-01-06 17:08:43 -05:00
Jeff Mitchell 681e36c4af Split Unseal into Unseal and unsealInternal 2017-01-06 16:30:43 -05:00
Jeff Mitchell 9e5d1eaac9 Port some updates 2017-01-06 15:42:18 -05:00
Jeff Mitchell 64fc18e523 When a JWT wrapping token is returned, audit the inner token both for 
request and response. This makes it far easier to properly check
validity elsewhere in Vault because we simply replace the request client
token with the inner value.
 2017-01-04 23:50:24 -05:00
vishalnayak 066038bebd Fixed return types 2017-01-04 16:58:25 -05:00
Jeff Mitchell 0391475c70 Add read locks to LookupToken/ValidateWrappingToken (#2232) 2017-01-04 16:52:03 -05:00
Jeff Mitchell 3129187dc2 JWT wrapping tokens (#2172) 2017-01-04 16:44:03 -05:00
vishalnayak d70fb45fbb Removed unused methods 2017-01-03 12:51:35 -05:00
Jeff Mitchell 9f60e9f88d Add tidy expiration test 2016-12-16 17:04:28 -05:00
vishalnayak bae84e3864 TokenStore: Make the testcase dangle 100 accessors and let it tidy up 2016-12-16 15:41:41 -05:00
Vishal Nayak ba026aeaa1 TokenStore: Added tidy endpoint (#2192) 2016-12-16 15:29:27 -05:00
Jeff Mitchell f6044764c0 Fix revocation of leases when num_uses goes to 0 (#2190) 2016-12-16 13:11:55 -05:00
Vishal Nayak 8400b87473 Don't add default policy to child token if parent does not have it (#2164) 2016-12-16 00:36:39 -05:00
Vishal Nayak e3f56f375c Add 'no-store' response header from all the API outlets (#2183) 2016-12-15 17:53:07 -05:00
Jeff Mitchell 7865143c1d Minor ports 2016-12-05 12:28:12 -05:00
Jeff Mitchell 710e8f2d4c Change Vault audit broker logic to successfully start when at least one (#2155) 
backend is successfully loaded.

Fixes #2083
 2016-12-02 15:09:01 -05:00
Thomas Soëte 90b392c7fc Fix panic() in test suite (#2149) 
As `base` could be nil, move check in `if base != nil`
 2016-12-02 06:31:06 -05:00
Jeff Mitchell 49284031c6 Respect logger in TestCluster 2016-12-01 15:25:10 -05:00
Jeff Mitchell ee29b329fb Bump proto files after update 2016-11-17 10:06:26 -05:00
Jeff Mitchell e84a015487 Add extra logic around listener handling. (#2089) 2016-11-11 16:43:33 -05:00
Jeff Mitchell 6c1d2ffea9 Allow wrapping to be specified by backends, and take the lesser of the request/response times (#2088) 2016-11-11 15:12:11 -05:00
Jeff Mitchell 168d6e1a3d Fix other clustering tests on OSX 2016-11-08 10:55:41 -05:00
Jeff Mitchell e381c189e4 Fix cluster testing on OSX; see the inline comment for details 2016-11-08 10:31:35 -05:00
Jeff Mitchell 86edada67c Show the listener address when it's created for the cluster in the log 2016-11-08 10:31:15 -05:00
Jeff Mitchell 6f86e664a8 use a const for cluster test pause period 2016-11-08 10:30:44 -05:00
Vishal Nayak b3c805e662 Audit the client token accessors (#2037) 2016-10-29 17:01:49 -04:00
Jeff Mitchell 0ed2dece6d Don't panic if postUnseal calls preSeal due to audit table never being set up. Also call cleanup funcs on auth backends. (#2043) 2016-10-28 15:32:32 -04:00
Vishal Nayak e06aaf20e1 Remove unused WrapListenersForClustering (#2007) 2016-10-18 10:20:09 -04:00
Jeff Mitchell b5225fd000 Add KeyNotFoundError to seal file 2016-10-05 17:17:33 -04:00
Jeff Mitchell 6d00f0c483 Adds HUP support for audit log files to close and reopen. (#1953) 
Adds HUP support for audit log files to close and reopen. This makes it
much easier to deal with normal log rotation methods.

As part of testing this I noticed that HUP and other items that come out
of command/server.go are going to stderr, which is where our normal log
lines go. This isn't so much problematic with our normal output but as
we officially move to supporting other formats this can cause
interleaving issues, so I moved those to stdout instead.
 2016-09-30 12:04:50 -07:00
Jeff Mitchell 85315ff188 Rejig where the reload functions live 2016-09-30 00:07:22 -04:00
Jeff Mitchell 4a505bfa3e Update text around cubbyhole/response 2016-09-29 17:44:15 -04:00
Jeff Mitchell 5657789627 Audit unwrapped response (#1950) 2016-09-29 12:03:47 -07:00
Jeff Mitchell b45a481365 Wrapping enhancements (#1927) 2016-09-28 21:01:28 -07:00
Jeff Mitchell f0203741ff Change default TTL from 30 to 32 to accommodate monthly operations (#1942) 2016-09-28 18:32:49 -04:00
vishalnayak 57b21acabb Added unit tests for token entry upgrade 2016-09-26 18:17:50 -04:00
vishalnayak af888573be Handle upgrade of deprecated fields in token entry 2016-09-26 15:47:48 -04:00
Jeff Mitchell f3ab4971a6 Follow Vault convention on DELETE being idempotent (#1903) 
* Follow Vault convention on `DELETE` being idempotent with
audit/auth/mounts deletes (a.k.a. disabling/unmounting).
 2016-09-19 13:02:25 -04:00
Jeff Mitchell 722e26f27a Add support for PGP encrypting the initial root token. (#1883) 2016-09-13 18:42:24 -04:00