Commit graph

284 commits

Author SHA1 Message Date
Jeff Mitchell b89073f7e6 Error when an invalid (as opposed to incorrect) unseal key is given. (#1782)
Fixes #1777
2016-08-24 14:15:25 -04:00
Jeff Mitchell 58b32e5432 Convert to logxi 2016-08-21 18:13:37 -04:00
Jeff Mitchell bdcfe05517 Clustering enhancements (#1747) 2016-08-19 11:03:53 -04:00
Jeff Mitchell c349e697f5 Change uninit/sealed status codes from health endpoint 2016-08-18 12:10:23 -04:00
Jeff Mitchell 5c33356d14 Protobuf for forwarding (#1743) 2016-08-17 16:15:15 -04:00
Jeff Mitchell 62c69f8e19 Provide base64 keys in addition to hex encoded. (#1734)
* Provide base64 keys in addition to hex encoded.

Accept these at unseal/rekey time.

Also fix a bug where backup would not be honored when doing a rekey with
no operation currently ongoing.
2016-08-15 16:01:15 -04:00
Jeff Mitchell 37320f8798 Request forwarding (#1721)
Add request forwarding.
2016-08-15 09:42:42 -04:00
Jeff Mitchell bcb4ab5422 Add periodic support for root/sudo tokens to auth/token/create 2016-08-12 21:14:12 -04:00
vishalnayak 3895ea4c2b Address review feedback from @jefferai 2016-08-10 15:22:12 -04:00
vishalnayak 95f9c62523 Fix Cluster object being returned as nil when unsealed 2016-08-10 15:09:16 -04:00
Jeff Mitchell 5a1ca832af Merge pull request #1699 from hashicorp/dataonly
Return sys values in top level normal api.Secret
2016-08-09 07:17:02 -04:00
Jeff Mitchell 5771a539a5 Add HTTP test for renew and fix muxing 2016-08-08 20:01:08 -04:00
Jeff Mitchell ab71b981ad Add ability to specify renew lease ID in POST body. 2016-08-08 18:00:44 -04:00
Jeff Mitchell 3c2aae215c Fix tests and update mapstructure 2016-08-08 16:00:31 -04:00
Jeff Mitchell 3e6b48cca3 Initial dataonly work. 2016-08-08 11:55:24 -04:00
Jeff Mitchell 82b3d136e6 Don't mark never-expiring root tokens as renewable 2016-08-05 11:15:25 -04:00
Jeff Mitchell 1fc837c22a Fix nil panic in certain error conditions 2016-08-02 14:57:11 -04:00
vishalnayak 4e25e729ee Removed duplicated check in tests 2016-07-29 14:18:53 -04:00
vishalnayak 8b0b0d5922 Add cluster information to 'vault status' 2016-07-29 14:13:53 -04:00
vishalnayak e5e0431393 Added Vault version informationto the 'status' command 2016-07-28 17:37:35 -04:00
Laura Bennett 4d9c909ae4 Merge pull request #1650 from hashicorp/request-uuid
Added unique identifier to each request. Closes hashicorp/vault#1617
2016-07-27 09:40:48 -04:00
vishalnayak c17534d527 Fix request_id test failures 2016-07-26 18:30:13 -04:00
vishalnayak 9d4a1b03bc Fix broken tests 2016-07-26 16:53:59 -04:00
Laura Bennett 67801bcf64 uncomment 2016-07-26 16:44:50 -04:00
Laura Bennett fb1b032040 fixing id in buildLogicalRequest 2016-07-26 15:50:37 -04:00
vishalnayak 86446ff67e Error out if cluster information is nil when Vault is unsealed 2016-07-26 15:30:38 -04:00
vishalnayak 6145bed088 Added omitempty to ClusterName and ClusterID 2016-07-26 14:11:32 -04:00
vishalnayak 669bbdfa48 Address review feedback from @jefferai 2016-07-26 14:05:27 -04:00
Laura Bennett ad66bd7502 fixes based proper interpretation of comments 2016-07-26 12:20:27 -04:00
vishalnayak a3e6400697 Remove global name/id. Make only cluster name configurable. 2016-07-26 10:01:35 -04:00
vishalnayak c7dabe4def Storing local and global cluster name/id to storage and returning them in health status 2016-07-26 02:32:42 -04:00
Jeff Mitchell 6c393cf17a Fix tests 2016-07-25 17:05:54 -04:00
Laura Bennett 8d52a96df5 moving id to http/logical 2016-07-25 15:24:10 -04:00
vishalnayak 43d352a942 Add version information to health status 2016-07-22 18:28:16 -04:00
vishalnayak c14235b206 Merge branch 'master-oss' into json-use-number
Conflicts:
	http/handler.go
	logical/framework/field_data.go
	logical/framework/wal.go
	vault/logical_passthrough.go
2016-07-15 19:21:55 -04:00
Vishal Nayak 9f1e6c7b26 Merge pull request #1607 from hashicorp/standardize-time
Remove redundant invocations of UTC() call on `time.Time` objects
2016-07-13 10:19:23 -06:00
vishalnayak 8269f323d3 Revert 'risky' changes 2016-07-12 16:38:07 -04:00
Jeff Mitchell 5b210b2a1f Return a duration instead and port a few other places to use it 2016-07-11 18:19:35 +00:00
vishalnayak e09b40e155 Remove Unix() invocations on 'time.Time' objects and removed conversion of time to UTC 2016-07-08 18:30:18 -04:00
vishalnayak ad7cb2c8f1 Added JSON Decode and Encode helpers.
Changed all the occurances of Unmarshal to use the helpers.
Fixed http/ package tests.
2016-07-06 12:25:40 -04:00
Jeff Mitchell 889ff24ccf Fix up error detection regression to return correct status codes 2016-06-22 17:47:05 -04:00
vishalnayak 0bdeea3a33 Fix the test cases 2016-06-20 18:56:19 -04:00
Jeff Mitchell e925987cb6 Add token accessor to wrap information if one exists 2016-06-13 23:58:17 +00:00
Jeff Mitchell 1de6140d5c Fix mah broken tests 2016-06-10 14:03:56 -04:00
Jeff Mitchell 9f6c5bc02a cubbyhole-response-wrapping -> response-wrapping 2016-06-10 13:48:46 -04:00
Daniel Stelter-Gliese 8b1da1a105 Support HEAD requests to /v1/sys/health
Some load balancers send HTTP HEAD requests to extract the status code.
2016-06-09 18:16:28 +02:00
Jeff Mitchell 401456ea50 Add creation time to returned wrapped token info
This makes it easier to understand the expected lifetime without a
lookup call that uses the single use left on the token.

This also adds a couple of safety checks and for JSON uses int, rather
than int64, for the TTL for the wrapped token.
2016-06-07 15:00:35 -04:00
Jeff Mitchell 05b0e0a866 Enable audit-logging of seal and step-down commands.
This pulls the logical request building code into its own function so
that it's accessible from other HTTP handlers, then uses that with some
added logic to the Seal() and StepDown() commands to have meaningful
audit log entries.
2016-05-20 17:03:54 +00:00
Jeff Mitchell c9aaabe235 Fix missing return after respondError in handleLogical 2016-05-20 15:49:48 +00:00
Jeff Mitchell caf77109ba Add cubbyhole wrapping documentation 2016-05-19 13:33:51 -04:00
Jeff Mitchell c4431a7e30 Address most review feedback. Change responses to multierror to better return more useful values when there are multiple errors 2016-05-16 16:11:33 -04:00
Jeff Mitchell ce5614bf9b Merge branch 'master-oss' into cubbyhole-the-world 2016-05-11 19:29:52 -04:00
Jeff Mitchell aecc3ad824 Add explicit maximum TTLs to token store roles. 2016-05-11 16:51:18 -04:00
Jeff Mitchell c5008bcaac Add more tests 2016-05-07 21:08:13 -04:00
Jeff Mitchell 2295cadbf4 Make WrapInfo a pointer to match secret/auth in response 2016-05-07 19:17:51 -04:00
Jeff Mitchell 09f06554cb Address some review feedback 2016-05-04 16:03:53 -04:00
Jeff Mitchell 99a5b4402d Merge branch 'master-oss' into cubbyhole-the-world 2016-05-04 14:42:14 -04:00
Jeff Mitchell 7e462e566b Check nil keys and respond internal error if it can't be cast to a []string 2016-05-02 20:00:46 -04:00
Jeff Mitchell 16b717022b In a list response, if there are no keys, 404 to be consistent with GET
and with different backend conditions

Fixes #1365
2016-05-02 19:38:06 -04:00
Jeff Mitchell aba689a877 Add wrapping through core and change to use TTL instead of Duration. 2016-05-02 00:47:35 -04:00
Jeff Mitchell d81806b446 Add:
* Request/Response field extension
* Parsing of header into request object
* Handling of duration/mount point within router
* Tests of router WrapDuration handling
2016-05-02 00:24:32 -04:00
Sean Chittenden aeea7628d6 Add a *log.Logger argument to physical.Factory
Logging in the backend is a good thing.  This is a noisy interface change but should be a functional noop.
2016-04-25 20:10:32 -07:00
Jeff Mitchell 98d09b0dc6 Add seal tests and update generate-root and others to handle dualseal. 2016-04-25 19:39:04 +00:00
Jeff Mitchell a4ff72841e Check for seal status when initing and change logic order to avoid defer 2016-04-14 01:13:59 +00:00
Jeff Mitchell afae46feb7 SealInterface 2016-04-04 10:44:22 -04:00
vishalnayak d959ffc301 Rename PrepareRequest to PrepareRequestFunc 2016-03-18 10:37:49 -04:00
vishalnayak fbfe72f286 Removed http/sys_capabilties_test.go 2016-03-18 09:48:45 -04:00
vishalnayak 55f03b5d25 Add separate path for capabilities-self to enable ACL 2016-03-17 22:52:03 -04:00
vishalnayak a70d4d5c9f Deleted http/sys_capabilities.go since the requests are directly going to system backend 2016-03-17 22:44:48 -04:00
vishalnayak 4e6dcfd6d0 Enable callbacks for handling logical.Request changes before processing requests 2016-03-17 22:29:53 -04:00
vishalnayak f1feee9b53 Fix http capabilities tests 2016-03-17 21:03:32 -04:00
vishalnayak 68367f60c8 Fix broken testcases 2016-03-17 21:03:32 -04:00
vishalnayak d348735322 Fix help descriptions 2016-03-17 21:03:32 -04:00
vishalnayak f275cd2e9c Fixed capabilities API to receive logical response 2016-03-17 21:03:32 -04:00
vishalnayak a5d79d587a Refactoring the capabilities function 2016-03-17 21:03:32 -04:00
vishalnayak dcb7f00bcc Move sys/capabilities to logical_system along with business logic from core 2016-03-17 21:03:32 -04:00
vishalnayak 2b712bc778 Move capabilities accessor logic to logical_system 2016-03-17 21:03:32 -04:00
vishalnayak dd94e8e689 Fix broken test case 2016-03-14 18:44:13 -04:00
vishalnayak ba50a14736 Refactor fetching sys/health parameters 2016-03-11 09:52:31 -05:00
Jeff Mitchell 77b90c6745 Add query parameters to /sys/health to specify return codes.
Fixes #1199
2016-03-11 00:41:25 -05:00
Jeff Mitchell fa2ba47a5c Merge branch 'master' into token-roles 2016-03-09 17:23:34 -05:00
vishalnayak f478cc57e0 fix all the broken tests 2016-03-09 13:45:36 -05:00
vishalnayak c4a2c5b56e Added tests for 'sys/capabilities-accessor' endpoint 2016-03-09 11:29:09 -05:00
vishalnayak 151c932875 AccessorID --> Accessor, accessor_id --> accessor 2016-03-09 06:23:31 -05:00
vishalnayak 62777c9f7e ErrUserInput --> StatusBadRequest 2016-03-08 21:47:24 -05:00
vishalnayak 8117996378 Implemented /sys/capabilities-accessor and a way for setting HTTP error code in all the responses 2016-03-08 19:14:29 -05:00
vishalnayak 2737c81b39 Lay the foundation for returning proper HTTP status codes 2016-03-08 18:27:03 -05:00
vishalnayak 301776012f Introduced AccessorID in TokenEntry and returning it along with token 2016-03-08 14:06:10 -05:00
vishalnayak 08c40c9bba Introduced ErrUserInput to distinguish user error from server error 2016-03-07 22:16:09 -05:00
vishalnayak 3b463c2d4e use errwrap to check the type of error message, fix typos 2016-03-07 18:36:26 -05:00
Jeff Mitchell cc1f5207b3 Merge branch 'master' into token-roles 2016-03-07 10:03:54 -05:00
vishalnayak aab24113b0 test cases for capabilities endpoint 2016-03-05 00:03:55 -05:00
vishalnayak 9946a2d8b5 refactoring changes due to acl.Capabilities 2016-03-04 18:55:48 -05:00
vishalnayak 7fe871e60a Removing the 'Message' field 2016-03-04 10:36:03 -05:00
vishalnayak b67ab8ab7c Test files for capabilities endpoint 2016-03-04 10:36:03 -05:00
vishalnayak 816f1f8631 self review rework 2016-03-04 10:36:03 -05:00
vishalnayak 286e63a648 Handled root token use case 2016-03-04 10:36:03 -05:00
vishalnayak 07f9486ecb Added capabilities and capabilities-self endpoints to http muxer 2016-03-04 10:36:03 -05:00
vishalnayak a885f9e8d2 Refactor http/sys_capabilities.go 2016-03-04 10:36:03 -05:00
vishalnayak 5749a6718c Added sys/capabililties endpoint 2016-03-04 10:36:02 -05:00