Jeff Mitchell
3f45f3f41b
Rename config lease_duration parameters to lease_ttl in line with current standardization efforts
2015-08-27 07:50:24 -07:00
Jeff Mitchell
93ef9a54bd
Internally refactor Lease/LeaseGracePeriod into TTL/GracePeriod
2015-08-20 18:00:51 -07:00
Karl Gutwin
151ec72d00
Add configuration options for default lease duration and max lease duration.
2015-07-30 09:42:49 -04:00
Armon Dadgar
dc8cc308af
vault: fixing test with glob change
2015-07-05 17:31:41 -06:00
Armon Dadgar
41b72a4d39
vault: provide view to backend initializer for setup
2015-06-30 17:30:43 -07:00
Armon Dadgar
dbf6cf6e6d
vault: support core shutdown
2015-06-17 18:23:59 -07:00
Armon Dadgar
5c75a6c5c7
vault: ensure token renew does not double register
2015-06-17 15:22:50 -07:00
Armon Dadgar
716f8d9979
core: adding tests for HA rekey and rotate
2015-05-29 12:16:34 -07:00
Armon Dadgar
0877160754
vault: minor rekey cleanups
2015-05-28 12:07:52 -07:00
Armon Dadgar
c5352d14a4
vault: testing rekey
2015-05-28 12:02:30 -07:00
Armon Dadgar
ba7bfed1af
vault: Expose MountPoint to secret backend. Fixes #248
2015-05-27 11:46:42 -07:00
Armon Dadgar
d15eed47ad
vault: reproducing GH-203
2015-05-15 17:48:03 -07:00
Armon Dadgar
3bcd32228d
vault: lease renewal should not create new lease entry
2015-05-15 17:47:39 -07:00
Armon Dadgar
18795a4b26
vault: Adding test based on bug report
2015-05-15 17:19:41 -07:00
Armon Dadgar
8f4ddfd904
vault: adding test for e33a904
2015-05-11 11:16:21 -07:00
Armon Dadgar
843d9e6484
vault: verify login endpoint never returns a secret
2015-05-09 11:51:58 -07:00
Armon Dadgar
13ab31f4b5
vault: ensure InternalData is never returned from the core
2015-05-09 11:47:46 -07:00
Armon Dadgar
a6eef6bba3
vault: Guard against an invalid seal config
2015-05-08 11:05:31 -07:00
Mitchell Hashimoto
727e0e90cd
vault: validate advertise addr is valid URL [GH-106]
2015-05-02 13:28:33 -07:00
Seth Vargo
95c8001388
Disable mlock in tests
2015-04-28 22:18:00 -04:00
Armon Dadgar
4473abd6ce
vault: core enforcement of limited use tokens
2015-04-17 11:57:56 -07:00
Armon Dadgar
818ce0a045
vault: token store allows specifying display_name
2015-04-15 14:24:07 -07:00
Armon Dadgar
76b69b2514
vault: thread the display name through
2015-04-15 14:12:34 -07:00
Armon Dadgar
9f7143cf44
vault: expose the current leader
2015-04-14 16:53:40 -07:00
Armon Dadgar
445f64eb39
vault: leader should advertise address
2015-04-14 16:44:48 -07:00
Armon Dadgar
7579cf76ab
vault: testing standby mode
2015-04-14 16:08:14 -07:00
Armon Dadgar
2820bec479
vault: testing standby mode
2015-04-14 16:06:58 -07:00
Armon Dadgar
4679febdf3
logical: Refactor LeaseOptions to share between Secret and Auth
2015-04-09 12:14:04 -07:00
Armon Dadgar
466c7575d3
Replace VaultID with LeaseID for terminology simplification
2015-04-08 13:35:32 -07:00
Mitchell Hashimoto
df8dbe9677
vault: allow mount point queries without trailing /
2015-04-03 20:45:00 -07:00
Armon Dadgar
eaa483ff87
vault: Enforce default and max length leasing
2015-04-03 15:42:34 -07:00
Armon Dadgar
0ba7c64c0f
vault: Verify client token is not passed through in the plain
2015-04-03 15:39:56 -07:00
Armon Dadgar
eec6c27fae
vault: Special case auth/token/create
2015-04-02 18:05:23 -07:00
Armon Dadgar
c6479642e9
vault: integrate login with expiration manager
2015-04-02 17:52:11 -07:00
Mitchell Hashimoto
a8912e82d8
enable github
2015-04-01 15:48:56 -07:00
Armon Dadgar
4138e43f00
vault: Adding audit trail for login
2015-04-01 14:48:37 -07:00
Armon Dadgar
3d3e18793b
vault: Integrate audit logging with core
2015-04-01 14:33:48 -07:00
Mitchell Hashimoto
c8294170cc
vault: test bad key to seal
2015-03-31 10:00:04 -07:00
Mitchell Hashimoto
0666bda865
vault: require root token for seal
2015-03-31 09:59:02 -07:00
Mitchell Hashimoto
d4509b0ee3
vault: keep the connection info around for auth
2015-03-30 20:55:01 -07:00
Mitchell Hashimoto
c9acfa17cb
vault: get rid of HangleLogin
2015-03-30 20:26:39 -07:00
Mitchell Hashimoto
69593cde56
remove credential/ lots of tests faililng
2015-03-30 18:07:05 -07:00
Mitchell Hashimoto
e9a3a34c27
vault: tests passing
2015-03-29 16:18:08 -07:00
Armon Dadgar
9a4946f115
vault: Testing core ACL enforcement
2015-03-24 15:55:27 -07:00
Armon Dadgar
23864839bb
vault: testing root privilege restrictions
2015-03-24 15:52:07 -07:00
Armon Dadgar
49df1570d6
vault: test missing and invalid tokens
2015-03-24 11:57:08 -07:00
Armon Dadgar
20c2375352
vault: Adding ACL enforcement
2015-03-24 11:37:07 -07:00
Armon Dadgar
6481ff9e34
vault: Generate a root token when initializing
2015-03-23 17:31:30 -07:00
Armon Dadgar
192dcf7d39
vault: first pass at HandleLogin
2015-03-23 13:56:43 -07:00
Mitchell Hashimoto
c349e97168
vault: clean up VaultID duplications, make secret responses clearer
...
/cc @armon - This is a reasonably major refactor that I think cleans up
a lot of the logic with secrets in responses. The reason for the
refactor is that while implementing Renew/Revoke in logical/framework I
found the existing API to be really awkward to work with.
Primarily, we needed a way to send down internal data for Vault core to
store since not all the data you need to revoke a key is always sent
down to the user (for example the user than AWS key belongs to).
At first, I was doing this manually in logical/framework with
req.Storage, but this is going to be such a common event that I think
its something core should assist with. Additionally, I think the added
context for secrets will be useful in the future when we have a Vault
API for returning orphaned out keys: we can also return the internal
data that might help an operator.
So this leads me to this refactor. I've removed most of the fields in
`logical.Response` and replaced it with a single `*Secret` pointer. If
this is non-nil, then the response represents a secret. The Secret
struct encapsulates all the lease info and such.
It also has some fields on it that are only populated at _request_ time
for Revoke/Renew operations. There is precedent for this sort of
behavior in the Go stdlib where http.Request/http.Response have fields
that differ based on client/server. I copied this style.
All core unit tests pass. The APIs fail for obvious reasons but I'll fix
that up in the next commit.
2015-03-19 23:11:42 +01:00