Commit Graph

221 Commits

Author SHA1 Message Date
Chris Hoffman 71952b7738 ExpirationManager restoration to load in the background (#3260) 2017-09-05 11:09:00 -04:00
Brian Kassouf b04e0a7a2a Dynamically load and invalidate the token store salt (#3021)
* Dynaically load and invalidate the token store salt

* Pass salt function into the router
2017-07-18 09:02:03 -07:00
Jeff Mitchell c414a525d2 Fix panic when attempting to renew auth token via sys/leases/renew (#2901)
This could occur when using the lease ID; this is unsupported but wasn't
checking for the existence of a secret in the lease.
2017-06-21 16:00:39 +01:00
Jeff Mitchell 858deb9ca4 Don't allow parent references in file paths 2017-05-12 13:52:33 -04:00
Jeff Mitchell b482043de1 Update debugging around tidy 2017-05-05 10:48:12 -04:00
Jeff Mitchell 91e790867f Address feedback 2017-05-05 10:26:40 -04:00
Jeff Mitchell b568ea751b Move client token check in exp register to top 2017-05-04 12:45:57 -04:00
Jeff Mitchell abd63096f8 Update comments 2017-05-04 12:44:31 -04:00
vishalnayak 1a02f9be11 Fix up the tests 2017-05-04 12:41:15 -04:00
vishalnayak 5683430cb7 Update Tidy function comment 2017-05-04 12:11:00 -04:00
Jeff Mitchell d74b1b284a Update commenting 2017-05-04 11:54:57 -04:00
Jeff Mitchell f8295a301d Merge branch 'master-oss' into sys-tidy-leases 2017-05-04 09:37:52 -04:00
Chris Hoffman 3d9cf89ad6 Add the ability to view and list of leases metadata (#2650) 2017-05-03 22:03:42 -04:00
Jeff Mitchell 3b95e751c0 Add more cleanup if a lease fails to register and revoke tokens if registerauth fails 2017-05-03 14:29:57 -04:00
Jeff Mitchell 596ad2c8f7 Adhere to tainted status in salted accessor lookup 2017-05-03 12:36:10 -04:00
Jeff Mitchell 5f18b1605a Two things:
1) Ensure that if we fail to generate a lease for a secret we attempt to revoke it

2) Ensure that any lease that is registered should never have a blank token

In theory, number 2 will let us a) find places where this *is* the case, and b) if errors are encountered when revoking tokens due to a blank client token, it suggests that the client token values are being stripped somewhere along the way, which is also instructive.
2017-05-03 12:17:09 -04:00
vishalnayak dd898ed2e1 Added summary logs to help better understand the consequence 2017-05-03 10:54:07 -04:00
vishalnayak 875658531b Do not duplicate log lines for invalid leases 2017-05-02 17:56:15 -04:00
vishalnayak 5f70576715 Added steps to check if invalid token is properly cleaned up 2017-05-02 17:11:35 -04:00
vishalnayak 68635e8a1c Skip checking the validity of an empty client token 2017-05-02 16:53:41 -04:00
vishalnayak 72d05cd8dd Refactor locking code in lease tidy; add ending debug statements 2017-04-27 16:22:19 -04:00
vishalnayak d8e91ef616 refactor lock handling in token tidy function 2017-04-27 13:48:29 -04:00
vishalnayak ac8aae36fe Distinguish valid and invalid tokens using bool value in cache 2017-04-27 11:31:42 -04:00
vishalnayak 749ec4fab1 Some more logging updates 2017-04-27 11:20:55 -04:00
vishalnayak e64ba93d54 Cache only valid tokens 2017-04-27 11:08:11 -04:00
vishalnayak d256248095 Fix logging suggestions; put the policyStore nil check back in 2017-04-27 10:56:19 -04:00
vishalnayak 3fd019574d Fix logging levels 2017-04-26 17:29:04 -04:00
vishalnayak 7c3e20e9c5 Fix the log statements 2017-04-26 17:17:19 -04:00
vishalnayak 671353810b Added caching of looked up tokens 2017-04-26 16:54:48 -04:00
vishalnayak 9025ef16e4 Added logger to token store and logs to tidy function 2017-04-26 16:11:23 -04:00
vishalnayak 27dd95156d Revoke lease that has empty token; added logs 2017-04-26 15:48:28 -04:00
vishalnayak b939d049e4 Added atomic lock to ensure a single tidy operation is in progress 2017-04-26 15:07:58 -04:00
vishalnayak 3522b67e14 Added sys/tidy-leases endpoint 2017-03-07 15:50:17 -05:00
Brian Kassouf 13ec9c5dbf Load leases into the expiration manager in parallel (#2370)
* Add a benchmark for exiration.Restore

* Add benchmarks for consul Restore functions

* Add a parallel version of expiration.Restore

* remove debug code

* Up the MaxIdleConnsPerHost

* Add tests for etcd

* Return errors and ensure go routines are exited

* Refactor inmem benchmark

* Add s3 bench and refactor a bit

* Few tweaks

* Fix race with waitgroup.Add()

* Fix waitgroup race condition

* Move wait above the info log

* Add helper/consts package to store consts that are needed in cyclic packages

* Remove not used benchmarks
2017-02-16 10:16:06 -08:00
Jeff Mitchell ddc977ba52 Add debug (#2341) 2017-02-06 18:30:13 -05:00
Jeff Mitchell 2c8d18ad8d Attempt to fix expiration test again 2017-01-24 11:17:48 -05:00
Jeff Mitchell b0f741d4a1 Add some extra lease debugging to try to figure out Travis timezone issue 2017-01-24 10:48:11 -05:00
Jeff Mitchell 9e5d1eaac9 Port some updates 2017-01-06 15:42:18 -05:00
Vishal Nayak ba026aeaa1 TokenStore: Added tidy endpoint (#2192) 2016-12-16 15:29:27 -05:00
Jeff Mitchell f6044764c0 Fix revocation of leases when num_uses goes to 0 (#2190) 2016-12-16 13:11:55 -05:00
Jeff Mitchell f0203741ff Change default TTL from 30 to 32 to accommodate monthly operations (#1942) 2016-09-28 18:32:49 -04:00
Jeff Mitchell 58b32e5432 Convert to logxi 2016-08-21 18:13:37 -04:00
vishalnayak c14235b206 Merge branch 'master-oss' into json-use-number
Conflicts:
	http/handler.go
	logical/framework/field_data.go
	logical/framework/wal.go
	vault/logical_passthrough.go
2016-07-15 19:21:55 -04:00
Vishal Nayak 9f1e6c7b26 Merge pull request #1607 from hashicorp/standardize-time
Remove redundant invocations of UTC() call on `time.Time` objects
2016-07-13 10:19:23 -06:00
vishalnayak e09b40e155 Remove Unix() invocations on 'time.Time' objects and removed conversion of time to UTC 2016-07-08 18:30:18 -04:00
Jeff Mitchell 7023eafc67 Make the API client retry on 5xx errors.
This should help with transient issues. Full control over min/max delays
and number of retries (and ability to turn off) is provided in the API
and via env vars.

Fix tests.
2016-07-06 16:50:23 -04:00
vishalnayak ad7cb2c8f1 Added JSON Decode and Encode helpers.
Changed all the occurances of Unmarshal to use the helpers.
Fixed http/ package tests.
2016-07-06 12:25:40 -04:00
Jeff Mitchell bb1e8ddaa2 Make token renewable status work properly on lookup 2016-06-08 09:19:39 -04:00
vishalnayak 70b8530962 Fix the consul secret backends renewal revocation problem 2016-05-25 23:24:16 -04:00
Jeff Mitchell 75650ec1ad Keep the expiration manager from keeping old token entries.
The expiration manager would never be poked to remove token entries upon
token revocation, if that revocation was initiated in the token store
itself. It might have been to avoid deadlock, since during revocation of
tokens the expiration manager is called, which then calls back into the
token store, and so on.

This adds a way to skip that last call back into the token store if we
know that we're on the revocation path because we're in the middle of
revoking a token. That way the lease is cleaned up. This both prevents
log entries appearing for already-revoked tokens, and it also releases
timer/memory resources since we're not keeping the leases around.
2016-03-31 15:10:25 -04:00
Jeff Mitchell fa2ba47a5c Merge branch 'master' into token-roles 2016-03-09 17:23:34 -05:00
Jeff Mitchell 6df72e6efd Merge pull request #1168 from hashicorp/revoke-force
Add forced revocation.
2016-03-09 16:59:52 -05:00
Jeff Mitchell 4785bec59d Address review feedback 2016-03-09 11:07:13 -05:00
Jeff Mitchell 419598ede2 Warn on error when in force revoke mode 2016-03-08 11:05:46 -05:00
Jeff Mitchell cc1f5207b3 Merge branch 'master' into token-roles 2016-03-07 10:03:54 -05:00
vishalnayak 402444c002 review rework 2 2016-03-04 18:08:13 -05:00
vishalnayak 2f5e65ae24 review rework 2016-03-04 15:35:58 -05:00
vishalnayak 35e71f3ebc Place the response nil check before resp.IsError() 2016-03-04 15:13:04 -05:00
vishalnayak da9152169b changed response of expiration manager's renewtoken to logical.response 2016-03-04 14:56:51 -05:00
Jeff Mitchell cd86226845 Add forced revocation.
In some situations, it can be impossible to revoke leases (for instance,
if someone has gone and manually removed users created by Vault). This
can not only cause Vault to cycle trying to revoke them, but it also
prevents mounts from being unmounted, leaving them in a tainted state
where the only operations allowed are to revoke (or rollback), which
will never successfully complete.

This adds a new endpoint that works similarly to `revoke-prefix` but
ignores errors coming from a backend upon revocation (it does not ignore
errors coming from within the expiration manager, such as errors
accessing the data store). This can be used to force Vault to abandon
leases.

Like `revoke-prefix`, this is a very sensitive operation and requires
`sudo`. It is implemented as a separate endpoint, rather than an
argument to `revoke-prefix`, to ensure that control can be delegated
appropriately, as even most administrators should not normally have
this privilege.

Fixes #1135
2016-03-03 10:13:59 -05:00
Jeff Mitchell 54232eb980 Add other token role unit tests and some minor other changes. 2016-03-01 12:41:41 -05:00
vishalnayak bc4710eb06 Cert: renewal enhancements 2016-02-24 14:31:38 -05:00
Jeff Mitchell 9c5ad28632 Update deps, and adjust usage of go-uuid to match new return values 2016-01-13 13:40:08 -05:00
Jeff Mitchell e990b77d6e Address review feedback; move storage of these values to the expiration manager 2016-01-04 16:43:07 -05:00
Jeff Mitchell f2da5b639f Migrate 'uuid' to 'go-uuid' to better fit HC naming convention 2015-12-16 12:56:20 -05:00
Jeff Mitchell 395d6bead4 Fix removing secondary index from exp manager.
Due to a typo, revoking ensures that index entries are created rather
than removed. This adds a failing, then fixed test case (and helper
function) to ensure that index entries are properly removed on revoke.

Fixes #749
2015-11-04 10:50:31 -05:00
Jeff Mitchell 78b5fcdf51 Serialize changing the state of the expiration manager pointer and
calling emitMetrics from its own goroutine.

Fixes #694
2015-10-12 16:33:54 -04:00
Jeff Mitchell a9155ef85e Use split-out hashicorp/uuid 2015-10-12 14:07:12 -04:00
Jeff Mitchell 77e7379ab5 Implement the cubbyhole backend
In order to implement this efficiently, I have introduced the concept of
"singleton" backends -- currently, 'sys' and 'cubbyhole'. There isn't
much reason to allow sys to be mounted at multiple places, and there
isn't much reason you'd need multiple per-token storage areas. By
restricting it to just one, I can store that particular mount instead of
iterating through them in order to call the appropriate revoke function.

Additionally, because revocation on the backend needs to be triggered by
the token store, the token store's salt is kept in the router and
client tokens going to the cubbyhole backend are double-salted by the
router. This allows the token store to drive when revocation happens
using its salted tokens.
2015-09-15 13:50:37 -04:00
Jeff Mitchell c460ff10ca Push a lot of logic into Router to make a bunch of it nicer and enable a
lot of cleanup. Plumb config and calls to framework.Backend.Setup() into
logical_system and elsewhere, including tests.
2015-09-10 15:09:54 -04:00
Jeff Mitchell 3f45f3f41b Rename config lease_duration parameters to lease_ttl in line with current standardization efforts 2015-08-27 07:50:24 -07:00
Jeff Mitchell ea9fbb90bc Rejig Lease terminology internally; also, put a few JSON names back to their original values 2015-08-20 22:27:01 -07:00
Karl Gutwin 151ec72d00 Add configuration options for default lease duration and max lease duration. 2015-07-30 09:42:49 -04:00
Armon Dadgar 8bc99f8c23 helper/uuid: single generateUUID definition 2015-06-30 12:38:32 -07:00
Armon Dadgar e2b0f5dae8 vault: improve lease error message. Fixes #338 2015-06-18 15:37:08 -07:00
Armon Dadgar ae421f75b7 vault: fixing issues with token renewal 2015-06-17 14:28:13 -07:00
Armon Dadgar 0be49a97b7 vault: stopExpiration should be idempotent 2015-04-14 13:32:56 -07:00
Mitchell Hashimoto a360ca4928 logical/framework: AuthRenew callback, add LeaseExtend
/cc @armon - Going with this "standard library" of callbacks approach
to make extending leases in a customizable way easy. See the docs/tests
above.
2015-04-11 14:46:09 -07:00
Mitchell Hashimoto 992028e23e vault: the expiration time should be relative to the issue time 2015-04-10 21:21:06 -07:00
Armon Dadgar b10fbc4d83 vault: Adding token based revocation 2015-04-10 14:48:08 -07:00
Armon Dadgar 98679ee7b8 vault: Split expiration manager views to index by token 2015-04-10 14:21:23 -07:00
Armon Dadgar 13836e8612 vault: groundwork to allow auth renew 2015-04-10 13:59:49 -07:00
Armon Dadgar e7fe48c33f vault: refactor expiration timer management 2015-04-09 12:39:12 -07:00
Armon Dadgar 5a3ab973e6 vault: Simplify common lease logic 2015-04-09 12:29:13 -07:00
Armon Dadgar 7df486482b vault: Adding LeaseIssue for renew to allow limiting maximum lease length 2015-04-09 11:54:32 -07:00
Armon Dadgar 82c5d9c478 vault: Enforce non-renewability 2015-04-08 17:03:46 -07:00
Armon Dadgar 512b3d7afd vault: Adding metrics profiling 2015-04-08 16:43:17 -07:00
Armon Dadgar 429ad7e5cb vault: Handle auth entry without lease 2015-04-08 15:43:26 -07:00
Armon Dadgar 466c7575d3 Replace VaultID with LeaseID for terminology simplification 2015-04-08 13:35:32 -07:00
Armon Dadgar 493ee49e4d vault: unify the token renew response 2015-04-06 16:35:39 -07:00
Armon Dadgar adaa83b48c vault: Adding RenewToken to expiration manager 2015-04-03 11:58:10 -07:00
Armon Dadgar c82fbbb8c3 vault: Support prefix based token revocation 2015-04-03 11:40:08 -07:00
Armon Dadgar 1b19a8ee1b vault: Rename RegisterLogin to RegisterAuth 2015-04-02 17:45:42 -07:00
Mitchell Hashimoto 08a9216aa7 vault: register vault ID even fi no lease 2015-03-31 21:04:10 -07:00
Mitchell Hashimoto 2c9ebecda7 vault: register zero lease entries with the expiration manager
/cc @armon - would appreciate a review on this one
2015-03-31 21:01:12 -07:00
Mitchell Hashimoto 69593cde56 remove credential/ lots of tests faililng 2015-03-30 18:07:05 -07:00
Armon Dadgar 65ef4f1032 vault: wire tokens into expiration manager 2015-03-23 18:11:15 -07:00
Armon Dadgar 86c9bd9083 vault: Give expiration manager a token store reference 2015-03-23 18:00:14 -07:00
Armon Dadgar 539554fc0b vault: only log expiration notice if useful 2015-03-23 17:27:46 -07:00
Mitchell Hashimoto c349e97168 vault: clean up VaultID duplications, make secret responses clearer
/cc @armon - This is a reasonably major refactor that I think cleans up
a lot of the logic with secrets in responses. The reason for the
refactor is that while implementing Renew/Revoke in logical/framework I
found the existing API to be really awkward to work with.

Primarily, we needed a way to send down internal data for Vault core to
store since not all the data you need to revoke a key is always sent
down to the user (for example the user than AWS key belongs to).

At first, I was doing this manually in logical/framework with
req.Storage, but this is going to be such a common event that I think
its something core should assist with. Additionally, I think the added
context for secrets will be useful in the future when we have a Vault
API for returning orphaned out keys: we can also return the internal
data that might help an operator.

So this leads me to this refactor. I've removed most of the fields in
`logical.Response` and replaced it with a single `*Secret` pointer. If
this is non-nil, then the response represents a secret. The Secret
struct encapsulates all the lease info and such.

It also has some fields on it that are only populated at _request_ time
for Revoke/Renew operations. There is precedent for this sort of
behavior in the Go stdlib where http.Request/http.Response have fields
that differ based on client/server. I copied this style.

All core unit tests pass. The APIs fail for obvious reasons but I'll fix
that up in the next commit.
2015-03-19 23:11:42 +01:00
Mitchell Hashimoto 8039fc5c63 logical/framework: support renew 2015-03-19 20:20:57 +01:00
Mitchell Hashimoto d4b284fba4 logical/framework: revoke support 2015-03-19 19:41:41 +01:00
Armon Dadgar 061b6b24f1 vault: Refactor to use CollectKeys 2015-03-18 12:06:18 -07:00
Armon Dadgar 46ccb81db4 vault: Respect grace period for revocation 2015-03-16 17:09:18 -07:00
Armon Dadgar e52f1ee960 vault: Testing sys/renew 2015-03-16 16:11:55 -07:00
Armon Dadgar 5f1e3e5986 vault: Testing restore 2015-03-16 15:11:47 -07:00
Armon Dadgar 703bcd8190 vault: Testing revoke and renew 2015-03-16 15:11:47 -07:00
Armon Dadgar e85cd66b30 all: Removing fields from Lease 2015-03-16 13:29:51 -07:00
Armon Dadgar 18069d4cf7 vault: Handle a negetive renew increment 2015-03-16 11:52:38 -07:00
Armon Dadgar bdfa320e01 vault: First pass at expiration manager 2015-03-16 11:35:43 -07:00
Mitchell Hashimoto 12b12e578c vault: fix merge conflict + pass tests 2015-03-15 19:38:23 -07:00
Armon Dadgar ca358f64dd vault: Merge conflict 2015-03-15 18:06:19 -07:00
Armon Dadgar b96ac9f95f vault: Assign renew time 2015-03-15 18:05:31 -07:00
Mitchell Hashimoto d1d1929192 vault: convert to logical.Request and friends 2015-03-15 14:53:41 -07:00
Mitchell Hashimoto 63a9eb321a logical: put structs here, vault uses them 2015-03-15 14:27:06 -07:00
Armon Dadgar 9d5db1286d vault: Track the renew time 2015-03-13 11:36:24 -07:00
Armon Dadgar f0d00e77ec vault: Adding start/stop to expiration manager 2015-03-13 11:31:43 -07:00
Armon Dadgar d744d4ee5e vault: integrate expiration manager with core setup/teardown 2015-03-13 11:20:36 -07:00
Armon Dadgar 5ce63ea7cd vault: Adding lease registration 2015-03-13 10:56:03 -07:00
Armon Dadgar e77ce26d31 vault: spec out expiration manager API 2015-03-12 18:38:22 -07:00
Armon Dadgar 15de847389 vault: Setup expiration manager on unseal 2015-03-12 12:44:30 -07:00