Mitchell Hashimoto
69593cde56
remove credential/ lots of tests faililng
2015-03-30 18:07:05 -07:00
Mitchell Hashimoto
62ee621ea3
logical: move cred stuff over here
2015-03-30 17:46:18 -07:00
Mitchell Hashimoto
e9a3a34c27
vault: tests passing
2015-03-29 16:18:08 -07:00
Mitchell Hashimoto
4cacaf62f0
http: support auth
2015-03-29 16:14:54 -07:00
Armon Dadgar
5517910829
vault: Make audit/ a protected path
2015-03-27 14:00:57 -07:00
Armon Dadgar
042db7798e
vault: Adding basic audit table load/unload
2015-03-27 14:00:38 -07:00
Armon Dadgar
609ac4c562
vault: Allow passing in audit factory methods
2015-03-27 13:45:13 -07:00
Armon Dadgar
9a4946f115
vault: Testing core ACL enforcement
2015-03-24 15:55:27 -07:00
Armon Dadgar
23864839bb
vault: testing root privilege restrictions
2015-03-24 15:52:07 -07:00
Armon Dadgar
fe402cdd87
vault: ignore a nil policy object, as it has no permissions
2015-03-24 15:49:17 -07:00
Armon Dadgar
b354f03cb2
vault: adding auth/token/lookup/ support
2015-03-24 15:39:33 -07:00
Armon Dadgar
4a4d1d3e45
vault: adding auth/token/revoke/ and auth/token/revoke-orphan/
2015-03-24 15:30:09 -07:00
Armon Dadgar
26f05f7a20
vault: Passthrough of client token to token store
2015-03-24 15:12:52 -07:00
Armon Dadgar
6fd3cae2c2
vault: Adding auth/token/create endpoint
2015-03-24 15:10:46 -07:00
Armon Dadgar
b5332404d1
vault: Allow providing token ID during creation
2015-03-24 14:22:50 -07:00
Armon Dadgar
b41d2e6368
vault: utility string set methods
2015-03-24 13:56:07 -07:00
Armon Dadgar
493fbc12fc
vault: utility string search methods
2015-03-24 13:44:47 -07:00
Armon Dadgar
49df1570d6
vault: test missing and invalid tokens
2015-03-24 11:57:08 -07:00
Armon Dadgar
20c2375352
vault: Adding ACL enforcement
2015-03-24 11:37:07 -07:00
Armon Dadgar
43a99aec93
vault: Special case root policy
2015-03-24 11:27:21 -07:00
Armon Dadgar
4598e43140
vault: Adding ClientToken
2015-03-24 11:09:25 -07:00
Armon Dadgar
65ef4f1032
vault: wire tokens into expiration manager
2015-03-23 18:11:15 -07:00
Armon Dadgar
86c9bd9083
vault: Give expiration manager a token store reference
2015-03-23 18:00:14 -07:00
Armon Dadgar
6481ff9e34
vault: Generate a root token when initializing
2015-03-23 17:31:30 -07:00
Armon Dadgar
cd3ee5cc03
vault: Remove core reference
2015-03-23 17:29:36 -07:00
Armon Dadgar
539554fc0b
vault: only log expiration notice if useful
2015-03-23 17:27:46 -07:00
Armon Dadgar
3607eae208
vault: Adding method to generate root token
2015-03-23 17:16:37 -07:00
Armon Dadgar
f40ed182c4
vault: Support policy CRUD
2015-03-23 14:43:31 -07:00
Armon Dadgar
192dcf7d39
vault: first pass at HandleLogin
2015-03-23 13:56:43 -07:00
Armon Dadgar
879a0501f8
vault: Track the token store in core
2015-03-23 13:41:05 -07:00
Armon Dadgar
56d99fe580
vault: token tracks generation path and meta data
2015-03-23 13:39:43 -07:00
Armon Dadgar
10e64d1e90
vault: extend router to handle login routing
2015-03-23 11:47:55 -07:00
Armon Dadgar
a78b7207b9
vault: playing with credential store interface
2015-03-20 13:54:57 -07:00
Armon Dadgar
82e13e3c41
vault: implement the sys/auth* endpoints
2015-03-20 12:48:19 -07:00
Mitchell Hashimoto
a0f59f682b
logical/framework: can specify InternalData for secret
2015-03-20 17:59:48 +01:00
Mitchell Hashimoto
1ff229ca68
http: passing tests
2015-03-19 23:28:49 +01:00
Mitchell Hashimoto
c349e97168
vault: clean up VaultID duplications, make secret responses clearer
...
/cc @armon - This is a reasonably major refactor that I think cleans up
a lot of the logic with secrets in responses. The reason for the
refactor is that while implementing Renew/Revoke in logical/framework I
found the existing API to be really awkward to work with.
Primarily, we needed a way to send down internal data for Vault core to
store since not all the data you need to revoke a key is always sent
down to the user (for example the user than AWS key belongs to).
At first, I was doing this manually in logical/framework with
req.Storage, but this is going to be such a common event that I think
its something core should assist with. Additionally, I think the added
context for secrets will be useful in the future when we have a Vault
API for returning orphaned out keys: we can also return the internal
data that might help an operator.
So this leads me to this refactor. I've removed most of the fields in
`logical.Response` and replaced it with a single `*Secret` pointer. If
this is non-nil, then the response represents a secret. The Secret
struct encapsulates all the lease info and such.
It also has some fields on it that are only populated at _request_ time
for Revoke/Renew operations. There is precedent for this sort of
behavior in the Go stdlib where http.Request/http.Response have fields
that differ based on client/server. I copied this style.
All core unit tests pass. The APIs fail for obvious reasons but I'll fix
that up in the next commit.
2015-03-19 23:11:42 +01:00
Mitchell Hashimoto
8039fc5c63
logical/framework: support renew
2015-03-19 20:20:57 +01:00
Mitchell Hashimoto
d4b284fba4
logical/framework: revoke support
2015-03-19 19:41:41 +01:00
Armon Dadgar
7170bff4f9
vault: testing credential enable/disable
2015-03-19 10:39:47 -07:00
Armon Dadgar
ca44529c9d
vault: Change constant name
2015-03-19 09:56:39 -07:00
Armon Dadgar
d88a41944e
vault: Switch AuthTable to using MountTable
2015-03-19 09:54:57 -07:00
Mitchell Hashimoto
2a1ae18877
vault: convert to new callback style
2015-03-19 15:05:22 +01:00
Armon Dadgar
bb8a014b6a
vault: first pass at enable/disable auth backends
2015-03-18 19:36:17 -07:00
Armon Dadgar
8cc88981d6
vault: token store is a credential implementation
2015-03-18 19:11:52 -07:00
Armon Dadgar
421f73d332
vault: Removing mtype from router
2015-03-18 15:48:14 -07:00
Armon Dadgar
b8da9c2ee2
vault: first pass at initializing credential backends
2015-03-18 15:46:07 -07:00
Armon Dadgar
d2d1822931
vault: Adding hooks for auth loading
2015-03-18 15:30:31 -07:00
Armon Dadgar
21b9bdaf37
vault: Allow passing in credential backends
2015-03-18 15:21:41 -07:00
Armon Dadgar
10a67592cd
vault: more protection of protected mount points
2015-03-18 15:16:52 -07:00