Commit graph

257 commits

Author SHA1 Message Date
Armon Dadgar a8d4319ad5 vault: Update LRU on GetPolicy 2015-04-06 16:43:05 -07:00
Armon Dadgar f022ec97c4 vault: Adding policy LRU cache 2015-04-06 16:41:48 -07:00
Armon Dadgar 493ee49e4d vault: unify the token renew response 2015-04-06 16:35:39 -07:00
Mitchell Hashimoto 7aee6269f7 vault: pass a logger around to logical backends 2015-04-04 11:39:58 -07:00
Mitchell Hashimoto 246c2839b0 logical/framework: make help look nicer 2015-04-03 21:00:23 -07:00
Mitchell Hashimoto 8ff435ba1a vault: fix issue with wrong path getting passed through 2015-04-03 20:48:04 -07:00
Mitchell Hashimoto df8dbe9677 vault: allow mount point queries without trailing / 2015-04-03 20:45:00 -07:00
Armon Dadgar 148fe3d864 vault: Adding Hash function to MountTable 2015-04-03 17:46:57 -07:00
Armon Dadgar d74c4c1c33 vault: Remove log about rollback 2015-04-03 17:11:24 -07:00
Armon Dadgar 3250bfad0a vault: test credential unmount does cleanup 2015-04-03 16:15:34 -07:00
Armon Dadgar 82eda2b169 vault: Do early check for missing backend 2015-04-03 16:09:06 -07:00
Armon Dadgar 0dee7d29ec vault: disable credential backend revokes tokens 2015-04-03 16:07:45 -07:00
Armon Dadgar 56d0b51be0 vault: Reuse mount table methods 2015-04-03 16:00:46 -07:00
Armon Dadgar 683d01e984 vault: Refactor common methods 2015-04-03 15:59:30 -07:00
Armon Dadgar eaa483ff87 vault: Enforce default and max length leasing 2015-04-03 15:42:34 -07:00
Armon Dadgar 0ba7c64c0f vault: Verify client token is not passed through in the plain 2015-04-03 15:39:56 -07:00
Armon Dadgar 002b2ad589 vault: Provide salted client token to logical backends 2015-04-03 14:42:39 -07:00
Armon Dadgar e4854ca59b vault: Allow deep paths for audit backends 2015-04-03 14:27:33 -07:00
Armon Dadgar 2f3e511507 vault: Allow deep paths for auth mounting 2015-04-03 14:24:00 -07:00
Armon Dadgar b8d69a357c vault: Use Auth for lease and renewable 2015-04-03 14:04:50 -07:00
Armon Dadgar 2feba52f40 vault: Adding auth/token/renew endpoint 2015-04-03 12:11:49 -07:00
Armon Dadgar adaa83b48c vault: Adding RenewToken to expiration manager 2015-04-03 11:58:10 -07:00
Armon Dadgar c82fbbb8c3 vault: Support prefix based token revocation 2015-04-03 11:40:08 -07:00
Armon Dadgar eec6c27fae vault: Special case auth/token/create 2015-04-02 18:05:23 -07:00
Armon Dadgar c6479642e9 vault: integrate login with expiration manager 2015-04-02 17:52:11 -07:00
Armon Dadgar 1b19a8ee1b vault: Rename RegisterLogin to RegisterAuth 2015-04-02 17:45:42 -07:00
Armon Dadgar d0ac9e5711 vault: Expose SaltID from token store 2015-04-02 17:39:38 -07:00
Armon Dadgar c54534875a vault: testing remount cleanup 2015-04-02 12:04:37 -07:00
Armon Dadgar f397cd3fb1 vault: remount does appropriate cleanup 2015-04-02 12:03:00 -07:00
Armon Dadgar 3a8dc4dff9 vault: Adding Untaint to router 2015-04-02 12:01:53 -07:00
Armon Dadgar bfe7a1e901 vault: testing unmount cleanup 2015-04-02 11:47:44 -07:00
Armon Dadgar 0b5572a2f7 vault: ensure unmount properly cleans up state 2015-04-02 11:18:06 -07:00
Armon Dadgar 3e427910fb vault: Support tainting router paths 2015-04-02 11:18:06 -07:00
Armon Dadgar c718408055 vault: Added MatchingView method 2015-04-02 11:18:06 -07:00
Armon Dadgar d5e5499ddd vault: Adding ClearView method 2015-04-02 11:18:05 -07:00
Armon Dadgar d5403d6673 vault: TODO cleanups 2015-04-01 22:13:08 -07:00
Armon Dadgar f231a6c67d vault: rollback supports joining an inflight operation 2015-04-01 22:12:03 -07:00
Armon Dadgar c3aed5589e vault: Adding intermediate taint step to unmount 2015-04-01 22:12:03 -07:00
Mitchell Hashimoto 6218c2729d http: audit endpoints 2015-04-01 18:36:13 -07:00
Armon Dadgar 114c1e1dea vault: Adding the raw/ endpoints to sys 2015-04-01 17:45:00 -07:00
Armon Dadgar 28bc849fd9 vault: Attach policy name if missing 2015-04-01 17:45:00 -07:00
Armon Dadgar 6933f94acd vault: Prevent UUID injection on sys mount path 2015-04-01 17:45:00 -07:00
Mitchell Hashimoto a8912e82d8 enable github 2015-04-01 15:48:56 -07:00
Armon Dadgar 4138e43f00 vault: Adding audit trail for login 2015-04-01 14:48:37 -07:00
Armon Dadgar 3d3e18793b vault: Integrate audit logging with core 2015-04-01 14:33:48 -07:00
Armon Dadgar b657b74a97 vault: Minor rework for clarity 2015-04-01 14:11:26 -07:00
Armon Dadgar c83f46606b vault: Simpify token checking logic 2015-04-01 14:03:17 -07:00
Armon Dadgar cd681d7226 vault: Extending AuditBroker to support new audit methods 2015-04-01 13:55:07 -07:00
Mitchell Hashimoto 08a9216aa7 vault: register vault ID even fi no lease 2015-03-31 21:04:10 -07:00
Mitchell Hashimoto 2c9ebecda7 vault: register zero lease entries with the expiration manager
/cc @armon - would appreciate a review on this one
2015-03-31 21:01:12 -07:00
Mitchell Hashimoto aba7fc1910 http: auth handlers 2015-03-31 20:24:51 -07:00
Armon Dadgar dda8dec5bf vault: Adding sys/ paths to enable/disable audit backends 2015-03-31 16:45:08 -07:00
Armon Dadgar 7ca462c028 vault: Adding enable/disable audit methods 2015-03-31 15:26:07 -07:00
Armon Dadgar d817e31d67 vault: Sanity check keys in the barrier view 2015-03-31 13:32:24 -07:00
Armon Dadgar a6bc60c7d6 vault: Adding AuditBroker and basic tests 2015-03-31 13:22:40 -07:00
Armon Dadgar 0a7df0b3d4 vault: Adding options to mount table 2015-03-31 13:14:08 -07:00
Mitchell Hashimoto 1dcb37c6b6 vault: lookup-self for TokenStore to look up your own store 2015-03-31 12:51:00 -07:00
Mitchell Hashimoto 63f259cc8d vault: lookup without a token looks up self 2015-03-31 12:50:07 -07:00
Mitchell Hashimoto 6a72ea61d5 vault: convert TokenStore to logical/framework 2015-03-31 12:48:19 -07:00
Mitchell Hashimoto c8294170cc vault: test bad key to seal 2015-03-31 10:00:04 -07:00
Mitchell Hashimoto 0666bda865 vault: require root token for seal 2015-03-31 09:59:02 -07:00
Mitchell Hashimoto 04c80a81bc vault: add seal to the sys backend 2015-03-31 09:36:13 -07:00
Mitchell Hashimoto d4509b0ee3 vault: keep the connection info around for auth 2015-03-30 20:55:01 -07:00
Mitchell Hashimoto c9acfa17cb vault: get rid of HangleLogin 2015-03-30 20:26:39 -07:00
Mitchell Hashimoto 69593cde56 remove credential/ lots of tests faililng 2015-03-30 18:07:05 -07:00
Mitchell Hashimoto 62ee621ea3 logical: move cred stuff over here 2015-03-30 17:46:18 -07:00
Mitchell Hashimoto e9a3a34c27 vault: tests passing 2015-03-29 16:18:08 -07:00
Mitchell Hashimoto 4cacaf62f0 http: support auth 2015-03-29 16:14:54 -07:00
Armon Dadgar 5517910829 vault: Make audit/ a protected path 2015-03-27 14:00:57 -07:00
Armon Dadgar 042db7798e vault: Adding basic audit table load/unload 2015-03-27 14:00:38 -07:00
Armon Dadgar 609ac4c562 vault: Allow passing in audit factory methods 2015-03-27 13:45:13 -07:00
Armon Dadgar 9a4946f115 vault: Testing core ACL enforcement 2015-03-24 15:55:27 -07:00
Armon Dadgar 23864839bb vault: testing root privilege restrictions 2015-03-24 15:52:07 -07:00
Armon Dadgar fe402cdd87 vault: ignore a nil policy object, as it has no permissions 2015-03-24 15:49:17 -07:00
Armon Dadgar b354f03cb2 vault: adding auth/token/lookup/ support 2015-03-24 15:39:33 -07:00
Armon Dadgar 4a4d1d3e45 vault: adding auth/token/revoke/ and auth/token/revoke-orphan/ 2015-03-24 15:30:09 -07:00
Armon Dadgar 26f05f7a20 vault: Passthrough of client token to token store 2015-03-24 15:12:52 -07:00
Armon Dadgar 6fd3cae2c2 vault: Adding auth/token/create endpoint 2015-03-24 15:10:46 -07:00
Armon Dadgar b5332404d1 vault: Allow providing token ID during creation 2015-03-24 14:22:50 -07:00
Armon Dadgar b41d2e6368 vault: utility string set methods 2015-03-24 13:56:07 -07:00
Armon Dadgar 493fbc12fc vault: utility string search methods 2015-03-24 13:44:47 -07:00
Armon Dadgar 49df1570d6 vault: test missing and invalid tokens 2015-03-24 11:57:08 -07:00
Armon Dadgar 20c2375352 vault: Adding ACL enforcement 2015-03-24 11:37:07 -07:00
Armon Dadgar 43a99aec93 vault: Special case root policy 2015-03-24 11:27:21 -07:00
Armon Dadgar 4598e43140 vault: Adding ClientToken 2015-03-24 11:09:25 -07:00
Armon Dadgar 65ef4f1032 vault: wire tokens into expiration manager 2015-03-23 18:11:15 -07:00
Armon Dadgar 86c9bd9083 vault: Give expiration manager a token store reference 2015-03-23 18:00:14 -07:00
Armon Dadgar 6481ff9e34 vault: Generate a root token when initializing 2015-03-23 17:31:30 -07:00
Armon Dadgar cd3ee5cc03 vault: Remove core reference 2015-03-23 17:29:36 -07:00
Armon Dadgar 539554fc0b vault: only log expiration notice if useful 2015-03-23 17:27:46 -07:00
Armon Dadgar 3607eae208 vault: Adding method to generate root token 2015-03-23 17:16:37 -07:00
Armon Dadgar f40ed182c4 vault: Support policy CRUD 2015-03-23 14:43:31 -07:00
Armon Dadgar 192dcf7d39 vault: first pass at HandleLogin 2015-03-23 13:56:43 -07:00
Armon Dadgar 879a0501f8 vault: Track the token store in core 2015-03-23 13:41:05 -07:00
Armon Dadgar 56d99fe580 vault: token tracks generation path and meta data 2015-03-23 13:39:43 -07:00
Armon Dadgar 10e64d1e90 vault: extend router to handle login routing 2015-03-23 11:47:55 -07:00
Armon Dadgar a78b7207b9 vault: playing with credential store interface 2015-03-20 13:54:57 -07:00
Armon Dadgar 82e13e3c41 vault: implement the sys/auth* endpoints 2015-03-20 12:48:19 -07:00
Mitchell Hashimoto a0f59f682b logical/framework: can specify InternalData for secret 2015-03-20 17:59:48 +01:00
Mitchell Hashimoto 1ff229ca68 http: passing tests 2015-03-19 23:28:49 +01:00