Mitchell Hashimoto
463a32ba56
logical/framework: doc for defaultduration on secret
2015-04-13 20:42:06 -07:00
Mitchell Hashimoto
6272ad75dc
logical/framework: secret lease tests
2015-04-13 15:18:27 -07:00
Mitchell Hashimoto
209b275bfd
logical/framework: allow max session time
2015-04-11 16:41:08 -07:00
Mitchell Hashimoto
33d66f0130
vault: token store allows unlimited renew
2015-04-11 16:28:16 -07:00
Mitchell Hashimoto
d81707a222
logical/framework: more tests
2015-04-11 14:51:00 -07:00
Mitchell Hashimoto
a360ca4928
logical/framework: AuthRenew callback, add LeaseExtend
...
/cc @armon - Going with this "standard library" of callbacks approach
to make extending leases in a customizable way easy. See the docs/tests
above.
2015-04-11 14:46:09 -07:00
Mitchell Hashimoto
f996dcf964
logical: add LeaseOptions.IncrementedLease()
2015-04-10 21:35:17 -07:00
Mitchell Hashimoto
992028e23e
vault: the expiration time should be relative to the issue time
2015-04-10 21:21:06 -07:00
Armon Dadgar
f7dbb6966b
logical: Adding support for renew of Auth
2015-04-10 13:59:49 -07:00
Armon Dadgar
4679febdf3
logical: Refactor LeaseOptions to share between Secret and Auth
2015-04-09 12:14:04 -07:00
Mitchell Hashimoto
569991fcc5
credential/app-id
2015-04-04 18:41:49 -07:00
Mitchell Hashimoto
606b3dbff9
credential/github: improve help
2015-04-04 12:18:33 -07:00
Mitchell Hashimoto
7aee6269f7
vault: pass a logger around to logical backends
2015-04-04 11:39:58 -07:00
Mitchell Hashimoto
8dc9e0e0d5
logical/framework: better string values for types
2015-04-03 21:15:59 -07:00
Mitchell Hashimoto
ec9df0439b
logical/aws: help
2015-04-03 21:10:54 -07:00
Mitchell Hashimoto
246c2839b0
logical/framework: make help look nicer
2015-04-03 21:00:23 -07:00
Mitchell Hashimoto
0bbad03c70
logical/framework: support root help
2015-04-03 20:36:47 -07:00
Mitchell Hashimoto
2e3d6d6a0e
command/help
2015-04-02 22:42:05 -07:00
Armon Dadgar
faa759ea1d
logical/framework: Panic if routing pattern is blank
2015-04-01 22:12:03 -07:00
Armon Dadgar
c5a5c6e3a6
logical/framework: automatically anchor
2015-04-01 17:53:02 -07:00
Mitchell Hashimoto
04cf4ef093
logical/framework: add PolicyMap
2015-04-01 15:46:37 -07:00
Mitchell Hashimoto
83de0fd03d
logical/framework: PathMap can get missing things
2015-04-01 15:46:37 -07:00
Mitchell Hashimoto
67e4bdf1e4
misc typos
2015-03-31 17:27:04 -07:00
Armon Dadgar
0943c2bf45
logical/framework: Added missing case for TypeMap
2015-03-31 16:45:08 -07:00
Armon Dadgar
cb66c93a34
logical/framework: Adding TypeMap
2015-03-31 16:45:08 -07:00
Mitchell Hashimoto
62ee621ea3
logical: move cred stuff over here
2015-03-30 17:46:18 -07:00
Mitchell Hashimoto
27d33ad9f7
logical/framework: auto-extend leases if requested
2015-03-21 16:20:30 +01:00
Mitchell Hashimoto
f6d5e3f0f4
logical/testing: immediate rollback, ignore RollbackMinAge
2015-03-21 11:18:33 +01:00
Mitchell Hashimoto
17c58633d6
logical/framework: rollback should return error, easier API
2015-03-21 11:08:13 +01:00
Mitchell Hashimoto
a54d90ac1f
logical/framework: rollback needs to have access to request for storage
2015-03-21 11:03:59 +01:00
Mitchell Hashimoto
62d9bec8be
logical/aws
2015-03-20 19:03:20 +01:00
Mitchell Hashimoto
a0f59f682b
logical/framework: can specify InternalData for secret
2015-03-20 17:59:48 +01:00
Mitchell Hashimoto
c349e97168
vault: clean up VaultID duplications, make secret responses clearer
...
/cc @armon - This is a reasonably major refactor that I think cleans up
a lot of the logic with secrets in responses. The reason for the
refactor is that while implementing Renew/Revoke in logical/framework I
found the existing API to be really awkward to work with.
Primarily, we needed a way to send down internal data for Vault core to
store since not all the data you need to revoke a key is always sent
down to the user (for example the user than AWS key belongs to).
At first, I was doing this manually in logical/framework with
req.Storage, but this is going to be such a common event that I think
its something core should assist with. Additionally, I think the added
context for secrets will be useful in the future when we have a Vault
API for returning orphaned out keys: we can also return the internal
data that might help an operator.
So this leads me to this refactor. I've removed most of the fields in
`logical.Response` and replaced it with a single `*Secret` pointer. If
this is non-nil, then the response represents a secret. The Secret
struct encapsulates all the lease info and such.
It also has some fields on it that are only populated at _request_ time
for Revoke/Renew operations. There is precedent for this sort of
behavior in the Go stdlib where http.Request/http.Response have fields
that differ based on client/server. I copied this style.
All core unit tests pass. The APIs fail for obvious reasons but I'll fix
that up in the next commit.
2015-03-19 23:11:42 +01:00
Mitchell Hashimoto
8039fc5c63
logical/framework: support renew
2015-03-19 20:20:57 +01:00
Mitchell Hashimoto
d4b284fba4
logical/framework: revoke support
2015-03-19 19:41:41 +01:00
Mitchell Hashimoto
b655a78b78
logical/framework: can specify renew/revoke functins for secret
2015-03-19 15:07:45 +01:00
Mitchell Hashimoto
c7ed24282b
logical/framework: add methods to look up secret and gen response
2015-03-19 14:59:01 +01:00
Mitchell Hashimoto
c21bc26731
logical/framework: use custom request wrapper
2015-03-19 14:39:25 +01:00
Mitchell Hashimoto
7d03852f7c
logical/framework: test for minimum age
2015-03-17 20:42:35 -05:00
Mitchell Hashimoto
14a48f6e92
logical/framework: only rollback old enough WAL entries
2015-03-17 20:39:46 -05:00
Mitchell Hashimoto
378968d56e
logical/framework: WAL entry supports "kind"
2015-03-17 20:39:46 -05:00
Mitchell Hashimoto
b8e2272421
logical/framework: rollback support
2015-03-17 20:39:46 -05:00
Mitchell Hashimoto
4016aba7ad
logical/framework: WAL should live here
2015-03-17 20:39:45 -05:00
Mitchell Hashimoto
9f0d59d03f
vault: system using the framework
2015-03-15 17:35:59 -07:00
Mitchell Hashimoto
11f8423b4f
logical/framework, logical/testing
2015-03-15 16:39:49 -07:00