Jeff Mitchell
f2da5b639f
Migrate 'uuid' to 'go-uuid' to better fit HC naming convention
2015-12-16 12:56:20 -05:00
Jeff Mitchell
b2a0b48a2e
Add test to ensure the right backend was used with separate HA
2015-12-14 20:48:22 -05:00
Jeff Mitchell
7ce8aff906
Address review feedback
2015-12-14 17:58:30 -05:00
Jeff Mitchell
ced0835574
Allow separate HA physical backend.
...
With no separate backend specified, HA will be attempted on the normal
physical backend.
Fixes #395 .
2015-12-14 07:59:58 -05:00
Jeff Mitchell
1a45696208
Add no-default-policy flag and API parameter to allow exclusion of the
...
default policy from a token create command.
2015-11-09 17:30:50 -05:00
Jeff Mitchell
d6693129de
Create a "default" policy with sensible rules.
...
It is forced to be included with each token, but can be changed (but not
deleted).
Fixes #732
2015-11-09 15:44:09 -05:00
Jeff Mitchell
a9155ef85e
Use split-out hashicorp/uuid
2015-10-12 14:07:12 -04:00
Jeff Mitchell
bd1dce7f95
Address review feedback for #684
2015-10-08 14:34:10 -04:00
Jeff Mitchell
d58a3b601c
Add a cleanLeaderPrefix function to clean up stale leader entries in core/leader
...
Fixes #679 .
2015-10-08 14:04:58 -04:00
Jeff Mitchell
47e8c0070a
Don't use leases on the generic backend...with a caveat.
...
You can now turn on and off the lease behavior in the generic backend by
using one of two factories. Core uses the normal one if it's not already
set, so unit tests can use the custom one and all stay working.
This also adds logic into core to check, when the response is coming
from a generic backend, whether that backend has leases enabled. This
adds some slight overhead.
2015-09-21 16:37:37 -04:00
Jeff Mitchell
5dde76fa1c
Expand HMAC support in Salt; require an identifier be passed in to specify type but allow generation with and without. Add a StaticSalt ID for testing functions. Fix bugs; unit tests pass.
2015-09-18 17:38:30 -04:00
Jeff Mitchell
d775445efe
Store token creation time and TTL. This can be used to properly populate
...
fields in 'lookup-self'. Importantly, this also makes credential
backends use the SystemView per-backend TTL values and fixes unit tests
to expect this.
Fully fixes #527
2015-09-18 16:39:35 -04:00
Jeff Mitchell
3f45f3f41b
Rename config lease_duration parameters to lease_ttl in line with current standardization efforts
2015-08-27 07:50:24 -07:00
Jeff Mitchell
93ef9a54bd
Internally refactor Lease/LeaseGracePeriod into TTL/GracePeriod
2015-08-20 18:00:51 -07:00
Karl Gutwin
151ec72d00
Add configuration options for default lease duration and max lease duration.
2015-07-30 09:42:49 -04:00
Armon Dadgar
dc8cc308af
vault: fixing test with glob change
2015-07-05 17:31:41 -06:00
Armon Dadgar
41b72a4d39
vault: provide view to backend initializer for setup
2015-06-30 17:30:43 -07:00
Armon Dadgar
dbf6cf6e6d
vault: support core shutdown
2015-06-17 18:23:59 -07:00
Armon Dadgar
5c75a6c5c7
vault: ensure token renew does not double register
2015-06-17 15:22:50 -07:00
Armon Dadgar
716f8d9979
core: adding tests for HA rekey and rotate
2015-05-29 12:16:34 -07:00
Armon Dadgar
0877160754
vault: minor rekey cleanups
2015-05-28 12:07:52 -07:00
Armon Dadgar
c5352d14a4
vault: testing rekey
2015-05-28 12:02:30 -07:00
Armon Dadgar
ba7bfed1af
vault: Expose MountPoint to secret backend. Fixes #248
2015-05-27 11:46:42 -07:00
Armon Dadgar
d15eed47ad
vault: reproducing GH-203
2015-05-15 17:48:03 -07:00
Armon Dadgar
3bcd32228d
vault: lease renewal should not create new lease entry
2015-05-15 17:47:39 -07:00
Armon Dadgar
18795a4b26
vault: Adding test based on bug report
2015-05-15 17:19:41 -07:00
Armon Dadgar
8f4ddfd904
vault: adding test for e33a904
2015-05-11 11:16:21 -07:00
Armon Dadgar
843d9e6484
vault: verify login endpoint never returns a secret
2015-05-09 11:51:58 -07:00
Armon Dadgar
13ab31f4b5
vault: ensure InternalData is never returned from the core
2015-05-09 11:47:46 -07:00
Armon Dadgar
a6eef6bba3
vault: Guard against an invalid seal config
2015-05-08 11:05:31 -07:00
Mitchell Hashimoto
727e0e90cd
vault: validate advertise addr is valid URL [GH-106]
2015-05-02 13:28:33 -07:00
Seth Vargo
95c8001388
Disable mlock in tests
2015-04-28 22:18:00 -04:00
Armon Dadgar
4473abd6ce
vault: core enforcement of limited use tokens
2015-04-17 11:57:56 -07:00
Armon Dadgar
818ce0a045
vault: token store allows specifying display_name
2015-04-15 14:24:07 -07:00
Armon Dadgar
76b69b2514
vault: thread the display name through
2015-04-15 14:12:34 -07:00
Armon Dadgar
9f7143cf44
vault: expose the current leader
2015-04-14 16:53:40 -07:00
Armon Dadgar
445f64eb39
vault: leader should advertise address
2015-04-14 16:44:48 -07:00
Armon Dadgar
7579cf76ab
vault: testing standby mode
2015-04-14 16:08:14 -07:00
Armon Dadgar
2820bec479
vault: testing standby mode
2015-04-14 16:06:58 -07:00
Armon Dadgar
4679febdf3
logical: Refactor LeaseOptions to share between Secret and Auth
2015-04-09 12:14:04 -07:00
Armon Dadgar
466c7575d3
Replace VaultID with LeaseID for terminology simplification
2015-04-08 13:35:32 -07:00
Mitchell Hashimoto
df8dbe9677
vault: allow mount point queries without trailing /
2015-04-03 20:45:00 -07:00
Armon Dadgar
eaa483ff87
vault: Enforce default and max length leasing
2015-04-03 15:42:34 -07:00
Armon Dadgar
0ba7c64c0f
vault: Verify client token is not passed through in the plain
2015-04-03 15:39:56 -07:00
Armon Dadgar
eec6c27fae
vault: Special case auth/token/create
2015-04-02 18:05:23 -07:00
Armon Dadgar
c6479642e9
vault: integrate login with expiration manager
2015-04-02 17:52:11 -07:00
Mitchell Hashimoto
a8912e82d8
enable github
2015-04-01 15:48:56 -07:00
Armon Dadgar
4138e43f00
vault: Adding audit trail for login
2015-04-01 14:48:37 -07:00
Armon Dadgar
3d3e18793b
vault: Integrate audit logging with core
2015-04-01 14:33:48 -07:00
Mitchell Hashimoto
c8294170cc
vault: test bad key to seal
2015-03-31 10:00:04 -07:00