open-vault

luxolus/open-vault

Fork 0

Commit graph

Author	SHA1	Message	Date
ncabatoff	ef1926b5e4	Agent auto auth wrapping new config checks (#6479 ) * Simplify Run(): the function that was being sent over a channel doesn't need to close over anything except latestToken, and we don't need to create a new one each iteration. Instead just pass the relevant items, namely the token and sink to work on. * Disallow the following config combinations: 1. auto_auth.method.wrap_ttl > 0 and multiple file sinks 2. auto_auth.method.wrap_ttl > 0 and single file sink with wrap_ttl > 0 3. auto_auth.method.wrap_ttl > 0 and cache.use_auto_auth_token = true * Expose errors that occur when APIProxy is forwarding request to Vault. * Fix merge issues.	2019-04-05 16:12:54 -04:00
Calvin Leung Huang	b7dcef399d	agent/caching: add X-Cache and Age headers (#6394 ) * agent/caching: add X-Cache and Age headers, update Date header on cached resp * Update command/agent/cache/lease_cache.go Co-Authored-By: calvn <cleung2010@gmail.com> * Update command/agent/cache/proxy.go Co-Authored-By: calvn <cleung2010@gmail.com>	2019-03-12 13:21:02 -07:00
Vishal Nayak	feb235d5f8	Vault Agent Cache (#6220 ) * vault-agent-cache: squashed 250+ commits * Add proper token revocation validations to the tests * Add more test cases * Avoid leaking by not closing request/response bodies; add comments * Fix revoke orphan use case; update tests * Add CLI test for making request over unix socket * agent/cache: remove namespace-related tests * Strip-off the auto-auth token from the lookup response * Output listener details along with configuration * Add scheme to API address output * leasecache: use IndexNameLease for prefix lease revocations * Make CLI accept the fully qualified unix address * export VAULT_AGENT_ADDR=unix://path/to/socket * unix:/ to unix://	2019-02-14 20:10:36 -05:00

Author

SHA1

Message

Date

ncabatoff

ef1926b5e4

Agent auto auth wrapping new config checks (#6479 )

* Simplify Run(): the function that was being sent over a channel doesn't
need to close over anything except latestToken, and we don't need to
create a new one each iteration.  Instead just pass the relevant items,
namely the token and sink to work on.

* Disallow the following config combinations:
1. auto_auth.method.wrap_ttl > 0 and multiple file sinks
2. auto_auth.method.wrap_ttl > 0 and single file sink with wrap_ttl > 0
3. auto_auth.method.wrap_ttl > 0 and cache.use_auto_auth_token = true

* Expose errors that occur when APIProxy is forwarding request to Vault.

* Fix merge issues.

2019-04-05 16:12:54 -04:00

Calvin Leung Huang

b7dcef399d

agent/caching: add X-Cache and Age headers (#6394 )

* agent/caching: add X-Cache and Age headers, update Date header on cached resp

* Update command/agent/cache/lease_cache.go

Co-Authored-By: calvn <cleung2010@gmail.com>

* Update command/agent/cache/proxy.go

Co-Authored-By: calvn <cleung2010@gmail.com>

2019-03-12 13:21:02 -07:00

Vishal Nayak

feb235d5f8

Vault Agent Cache (#6220 )

* vault-agent-cache: squashed 250+ commits

* Add proper token revocation validations to the tests

* Add more test cases

* Avoid leaking by not closing request/response bodies; add comments

* Fix revoke orphan use case; update tests

* Add CLI test for making request over unix socket

* agent/cache: remove namespace-related tests

* Strip-off the auto-auth token from the lookup response

* Output listener details along with configuration

* Add scheme to API address output

* leasecache: use IndexNameLease for prefix lease revocations

* Make CLI accept the fully qualified unix address

* export VAULT_AGENT_ADDR=unix://path/to/socket

* unix:/ to unix://

2019-02-14 20:10:36 -05:00

3 commits