Commit graph

38 commits

Author SHA1 Message Date
Chris Hoffman 3d8d887676
Add ability to require parameters in ACLs (#3510) 2017-11-02 07:18:49 -04:00
Jeff Mitchell 8e9317792d Fix some merge/update bugs 2017-10-23 16:49:46 -04:00
Jeff Mitchell 47dae8ffc7 Sync 2017-10-23 14:59:37 -04:00
Jeff Mitchell ab5014534e Clone policy permissions and then use existing values rather than policy values for modifications (#2826)
Should fix #2804
2017-06-07 13:49:51 -04:00
Jeff Mitchell 5119b173c4 Rename helper 'duration' to 'parseutil'. (#2449)
Add a ParseBool function that accepts various kinds of ways of
specifying booleans.

Have config use ParseBool for UI and disabling mlock/cache.
2017-03-07 11:21:22 -05:00
Jeff Mitchell 7f0a99e8eb Add max/min wrapping TTL ACL statements (#2411) 2017-02-27 14:42:00 -05:00
Brian Kassouf 1c5264c66c ToLower parameter strings 2017-02-16 17:50:10 -08:00
Jeff Mitchell da9e62bc24 Remove "permissions" from ACL 2017-02-15 21:12:26 -05:00
Brian Kassouf 7ec19459a7 Remove extra comments 2017-01-20 11:38:40 -08:00
Brian Kassouf df800198e0 Remove some extra comments 2017-01-20 11:32:58 -08:00
Brian Kassouf 37f393ff94 Remove unneeded comment block 2017-01-19 18:18:06 -08:00
Brian Kassouf f3870061ee fix some of the tests and rename allowed/dissallowed paramaters 2017-01-19 16:40:19 -08:00
mwoolsey 907e735541 Permissions were changed from a structure to and array of interfaces. Code optimization for acl.go. Fixed bug where multiple parameters would allow if second or following parameters were denied and there was a wildcard in allow. 2016-12-06 18:14:15 -08:00
ChaseLEngel 2ea4caeffb Update acl and policy tests to use Permissions. 2016-10-21 23:45:39 -07:00
mwoolsey ed982675a1 permissions structure now holds a map of strings to empty structs. Modified acl.go to acommidate these changes 2016-10-21 19:35:55 -07:00
ChaseLEngel c6b63b5312 Implemented AllowOperation parameter permission checking for request data. 2016-10-21 18:38:05 -07:00
ChaseLEngel c2b512cf46 Changed AllowOperation to take logical.Request 2016-10-16 16:29:52 -07:00
ChaseLEngel bd7711bebf Merge allowed and disallowed parameters maps. 2016-10-16 15:24:32 -07:00
mwoolsey 93bb52b733 policy now includes whether a certain parameter can be updated 2016-10-15 16:44:57 -07:00
mwoolsey 231d3e7758 policy now includes whether a certain parameter can be updated 2016-10-15 16:43:55 -07:00
ChaseLEngel 119dd9653e Adding permissions to hcl config and decoding it. 2016-10-14 14:24:45 -07:00
ChaseLEngel bd5235960c Fixed permission conflicts 2016-10-14 10:33:12 -07:00
ChaseLEngel d480df7141 Fixed Policy Permissions intergration and spelling. 2016-10-14 10:22:00 -07:00
mwoolsey eb8b8a1def created structure for permissions and modified parsePaths in policy.go and newAcl/AllowOperation in acl.go 2016-10-14 10:17:25 -07:00
mwoolsey 6aa9a1d165 updated policy.go to include an expanded structure to add the ability to track allowed and disallowed params in the PathCapabilities structure. Updating Acl.go to interface with the updated PathCapabilites structure 2016-10-09 15:39:58 -07:00
Seth Vargo f6adea85ce Preserve pointer 2016-03-10 15:55:47 -05:00
Seth Vargo ad7049eed1 Parse policy HCL syntax and keys 2016-03-10 15:25:25 -05:00
vishalnayak 9946a2d8b5 refactoring changes due to acl.Capabilities 2016-03-04 18:55:48 -05:00
Jeff Mitchell 9717ca5931 Strip leading paths in policies.
It appears to be a common mistake, but they won't ever match.

Fixes #1167
2016-03-03 11:32:48 -05:00
Jeff Mitchell 87fba5dad0 Convert map to bitmap 2016-01-12 17:08:10 -05:00
Jeff Mitchell 4f4ddbf017 Create more granular ACL capabilities.
This commit splits ACL policies into more fine-grained capabilities.
This both drastically simplifies the checking code and makes it possible
to support needed workflows that are not possible with the previous
method. It is backwards compatible; policies containing a "policy"
string are simply converted to a set of capabilities matching previous
behavior.

Fixes #724 (and others).
2016-01-08 13:05:14 -05:00
Jesse Szwedko 6ef455af89 Fix warnings returned by make vet
$GOPATH/src/github.com/hashicorp/vault/vault/policy.go:69: unreachable code
$GOPATH/src/github.com/hashicorp/vault/vault/policy_store_test.go:139: github.com/hashicorp/vault/logical.StorageEntry composite literal uses unkeyed fields
2015-09-26 21:17:39 -07:00
Armon Dadgar eda88c18ff vault: Adding precedence logic for conflicting policy 2015-07-05 17:30:19 -06:00
Armon Dadgar 27d01270c8 vault: look for glob character in policy 2015-07-05 14:58:38 -07:00
Armon Dadgar f40ed182c4 vault: Support policy CRUD 2015-03-23 14:43:31 -07:00
Armon Dadgar 061b6b24f1 vault: Refactor to use CollectKeys 2015-03-18 12:06:18 -07:00
Armon Dadgar 99abc11ec5 vault: Adding ACL representation 2015-03-17 18:31:20 -07:00
Armon Dadgar ddab671bf4 vault: Adding policy parsing 2015-03-17 15:53:29 -07:00