Commit graph

21 commits

Author SHA1 Message Date
Jeff Mitchell 5d44c54947
Changes the way policies are reported in audit logs (#4747)
* This changes the way policies are reported in audit logs.

Previously, only policies tied to tokens would be reported. This could
make it difficult to perform after-the-fact analysis based on both the
initial response entry and further requests. Now, the full set of
applicable policies from both the token and any derived policies from
Identity are reported.

To keep things consistent, token authentications now also return the
full set of policies in api.Secret.Auth responses, so this both makes it
easier for users to understand their actual full set, and it matches
what the audit logs now report.
2018-06-14 09:49:33 -04:00
Jeff Mitchell 5207099042 Offline token revocation fix 2018-06-05 18:53:27 -04:00
Becca Petrin 76c717b081
Restrict cert auth by CIDR (#4478) 2018-05-09 15:39:55 -07:00
Chris Hoffman a7ada08b3b
Core handling of TTLs (#4230)
* govet cleanup in token store

* adding general ttl handling to login requests

* consolidating TTL calculation to system view

* deprecate LeaseExtend

* deprecate LeaseExtend

* set the increment to the correct value

* move calculateTTL out of SystemView

* remove unused value

* add back clearing of lease id

* implement core ttl in some backends

* removing increment and issue time from lease options

* adding ttl tests, fixing some compile issue

* adding ttl tests

* fixing some explicit max TTL logic

* fixing up some tests

* removing unneeded test

* off by one errors...

* adding back some logic for bc

* adding period to return on renewal

* tweaking max ttl capping slightly

* use the appropriate precision for ttl calculation

* deprecate proto fields instead of delete

* addressing feedback

* moving TTL handling for backends to core

* mongo is a secret backend not auth

* adding estimated ttl for backends that also manage the expiration time

* set the estimate values before calling the renew request

* moving calculate TTL to framework, revert removal of increment and issue time from logical

* minor edits

* addressing feedback

* address more feedback
2018-04-03 12:20:20 -04:00
Vishal Nayak 7bae606662
External identity groups (#3447)
* external identity groups

* add local LDAP groups as well to group aliases

* add group aliases for okta credential backend

* Fix panic in tests

* fix build failure

* remove duplicated struct tag

* add test steps to test out removal of group member during renewals

* Add comment for having a prefix check in router

* fix tests

* s/parent_id/canonical_id

* s/parent/canonical in comments and errors
2017-11-02 16:05:48 -04:00
Vishal Nayak f7ed6732a5 Porting identity store (#3419)
* porting identity to OSS

* changes that glue things together

* add testing bits

* wrapped entity id

* fix mount error

* some more changes to core

* fix storagepacker tests

* fix some more tests

* fix mount tests

* fix http mount tests

* audit changes for identity

* remove upgrade structs on the oss side

* added go-memdb to vendor
2017-10-11 10:21:20 -07:00
Vishal Nayak eb418f59a0 Rename persona to alias (#3420)
Merging this will break the build. I'll fix it post merge by updating the vendor libs.
2017-10-04 13:35:05 -04:00
vishalnayak 8902240dfa Added persona to logical auth 2017-08-15 13:55:58 -04:00
Vishal Nayak 491a56fe9f AppRole: Support restricted use tokens (#2435)
* approle: added token_num_uses to the role

* approle: added RUD tests for token_num_uses on role

* approle: doc: added token_num_uses
2017-03-03 09:31:20 -05:00
vishalnayak a6907769b0 AppRole authentication backend 2016-07-26 09:32:41 -04:00
vishalnayak 151c932875 AccessorID --> Accessor, accessor_id --> accessor 2016-03-09 06:23:31 -05:00
vishalnayak 913bbe7693 Error text corrections and minor refactoring 2016-03-08 22:27:24 -05:00
vishalnayak 301776012f Introduced AccessorID in TokenEntry and returning it along with token 2016-03-08 14:06:10 -05:00
Armon Dadgar c849aba53a vault: Adding InternalData to Auth 2015-05-09 11:39:54 -07:00
Armon Dadgar 9d2bd2bf29 logical: Adding a DisplayName for operators 2015-04-15 13:56:42 -07:00
Armon Dadgar 4679febdf3 logical: Refactor LeaseOptions to share between Secret and Auth 2015-04-09 12:14:04 -07:00
Armon Dadgar b8d69a357c vault: Use Auth for lease and renewable 2015-04-03 14:04:50 -07:00
Armon Dadgar 745bcb951d logical: adding lease to auth 2015-04-02 17:25:22 -07:00
Mitchell Hashimoto 906f81b588 logical: GoStringer for Auth 2015-04-01 15:46:37 -07:00
Mitchell Hashimoto c9acfa17cb vault: get rid of HangleLogin 2015-03-30 20:26:39 -07:00
Mitchell Hashimoto 2c3657f4fe logical: add credential info to logical backend structures 2015-03-30 14:23:32 -07:00