Jeff Mitchell
d869c0d6a6
Rejig IsPrimary again
2017-01-12 15:59:00 -05:00
Jeff Mitchell
ec4f069da4
Fix building some test code without build tags
2017-01-12 15:21:47 -05:00
Jeff Mitchell
32f9ccb6c8
Rejig dynamic system view to build without tags
2017-01-12 15:13:47 -05:00
Vishal Nayak
00ffd80fcd
Merge pull request #2236 from hashicorp/pgp-keys-check
...
rekey: added check to ensure that length of PGP keys and the shares are matching
2017-01-12 11:19:08 -05:00
vishalnayak
daacf23c38
rekey: remove the check from vault/rekey.go in favor of check in http layer
2017-01-12 00:07:49 -05:00
vishalnayak
adb6ac749f
init: pgp-keys input validations
2017-01-11 23:32:38 -05:00
vishalnayak
0778a2eba7
core: adding error server logs for failure to update mount table
2017-01-11 20:21:34 -05:00
vishalnayak
bf6aa296b3
rekey: added check to ensure that length of PGP keys and the shares are matching
2017-01-11 13:29:10 -05:00
Jeff Mitchell
9923c753d0
Set c.standby true in non-HA context. ( #2259 )
...
This value is the key for some checks in core logic. In a non-HA
environment, if the core was sealed it would never be set back to true.
2017-01-11 11:13:09 -05:00
Vishal Nayak
7367158a2a
Merge pull request #2252 from hashicorp/mountentry-clone
...
Adding Tainted to MountEntry.Clone
2017-01-10 10:28:13 -05:00
vishalnayak
28c3f4a192
Adding Tainted to MountEntry.Clone
2017-01-10 08:32:33 -05:00
Jeff Mitchell
bb32853fcd
Fix up exclusion rules for dynamic system view IsPrimary
2017-01-07 18:31:43 -05:00
Jeff Mitchell
9d89aae00c
Fix up invalidations in noopbackend
2017-01-07 18:22:34 -05:00
Armon Dadgar
c37d17ed47
Adding interface methods to logical.Backend for parity ( #2242 )
2017-01-07 18:18:22 -05:00
Jeff Mitchell
336dfed5c3
Rename gRPC request forwarding method
2017-01-06 17:08:43 -05:00
Jeff Mitchell
681e36c4af
Split Unseal into Unseal and unsealInternal
2017-01-06 16:30:43 -05:00
Jeff Mitchell
9e5d1eaac9
Port some updates
2017-01-06 15:42:18 -05:00
Jeff Mitchell
64fc18e523
When a JWT wrapping token is returned, audit the inner token both for
...
request and response. This makes it far easier to properly check
validity elsewhere in Vault because we simply replace the request client
token with the inner value.
2017-01-04 23:50:24 -05:00
vishalnayak
066038bebd
Fixed return types
2017-01-04 16:58:25 -05:00
Jeff Mitchell
0391475c70
Add read locks to LookupToken/ValidateWrappingToken ( #2232 )
2017-01-04 16:52:03 -05:00
Jeff Mitchell
3129187dc2
JWT wrapping tokens ( #2172 )
2017-01-04 16:44:03 -05:00
vishalnayak
d70fb45fbb
Removed unused methods
2017-01-03 12:51:35 -05:00
Jeff Mitchell
9f60e9f88d
Add tidy expiration test
2016-12-16 17:04:28 -05:00
vishalnayak
bae84e3864
TokenStore: Make the testcase dangle 100 accessors and let it tidy up
2016-12-16 15:41:41 -05:00
Vishal Nayak
ba026aeaa1
TokenStore: Added tidy endpoint ( #2192 )
2016-12-16 15:29:27 -05:00
Jeff Mitchell
f6044764c0
Fix revocation of leases when num_uses goes to 0 ( #2190 )
2016-12-16 13:11:55 -05:00
Vishal Nayak
8400b87473
Don't add default policy to child token if parent does not have it ( #2164 )
2016-12-16 00:36:39 -05:00
Vishal Nayak
e3f56f375c
Add 'no-store' response header from all the API outlets ( #2183 )
2016-12-15 17:53:07 -05:00
Jeff Mitchell
7865143c1d
Minor ports
2016-12-05 12:28:12 -05:00
Jeff Mitchell
710e8f2d4c
Change Vault audit broker logic to successfully start when at least one ( #2155 )
...
backend is successfully loaded.
Fixes #2083
2016-12-02 15:09:01 -05:00
Thomas Soëte
90b392c7fc
Fix panic() in test suite ( #2149 )
...
As `base` could be nil, move check in `if base != nil`
2016-12-02 06:31:06 -05:00
Jeff Mitchell
49284031c6
Respect logger in TestCluster
2016-12-01 15:25:10 -05:00
Jeff Mitchell
ee29b329fb
Bump proto files after update
2016-11-17 10:06:26 -05:00
Jeff Mitchell
e84a015487
Add extra logic around listener handling. ( #2089 )
2016-11-11 16:43:33 -05:00
Jeff Mitchell
6c1d2ffea9
Allow wrapping to be specified by backends, and take the lesser of the request/response times ( #2088 )
2016-11-11 15:12:11 -05:00
Jeff Mitchell
168d6e1a3d
Fix other clustering tests on OSX
2016-11-08 10:55:41 -05:00
Jeff Mitchell
e381c189e4
Fix cluster testing on OSX; see the inline comment for details
2016-11-08 10:31:35 -05:00
Jeff Mitchell
86edada67c
Show the listener address when it's created for the cluster in the log
2016-11-08 10:31:15 -05:00
Jeff Mitchell
6f86e664a8
use a const for cluster test pause period
2016-11-08 10:30:44 -05:00
Vishal Nayak
b3c805e662
Audit the client token accessors ( #2037 )
2016-10-29 17:01:49 -04:00
Jeff Mitchell
0ed2dece6d
Don't panic if postUnseal calls preSeal due to audit table never being set up. Also call cleanup funcs on auth backends. ( #2043 )
2016-10-28 15:32:32 -04:00
Vishal Nayak
e06aaf20e1
Remove unused WrapListenersForClustering ( #2007 )
2016-10-18 10:20:09 -04:00
Jeff Mitchell
b5225fd000
Add KeyNotFoundError to seal file
2016-10-05 17:17:33 -04:00
Jeff Mitchell
6d00f0c483
Adds HUP support for audit log files to close and reopen. ( #1953 )
...
Adds HUP support for audit log files to close and reopen. This makes it
much easier to deal with normal log rotation methods.
As part of testing this I noticed that HUP and other items that come out
of command/server.go are going to stderr, which is where our normal log
lines go. This isn't so much problematic with our normal output but as
we officially move to supporting other formats this can cause
interleaving issues, so I moved those to stdout instead.
2016-09-30 12:04:50 -07:00
Jeff Mitchell
85315ff188
Rejig where the reload functions live
2016-09-30 00:07:22 -04:00
Jeff Mitchell
4a505bfa3e
Update text around cubbyhole/response
2016-09-29 17:44:15 -04:00
Jeff Mitchell
5657789627
Audit unwrapped response ( #1950 )
2016-09-29 12:03:47 -07:00
Jeff Mitchell
b45a481365
Wrapping enhancements ( #1927 )
2016-09-28 21:01:28 -07:00
Jeff Mitchell
f0203741ff
Change default TTL from 30 to 32 to accommodate monthly operations ( #1942 )
2016-09-28 18:32:49 -04:00
vishalnayak
57b21acabb
Added unit tests for token entry upgrade
2016-09-26 18:17:50 -04:00