vishalnayak
5f70576715
Added steps to check if invalid token is properly cleaned up
2017-05-02 17:11:35 -04:00
vishalnayak
668595b902
Added a test for tidying of empty token
2017-05-02 16:54:03 -04:00
vishalnayak
68635e8a1c
Skip checking the validity of an empty client token
2017-05-02 16:53:41 -04:00
Ben Gadbois
537342f038
Fixing printf (and similar) issues ( #2666 )
2017-05-01 23:34:10 -04:00
vishalnayak
72d05cd8dd
Refactor locking code in lease tidy; add ending debug statements
2017-04-27 16:22:19 -04:00
vishalnayak
d8e91ef616
refactor lock handling in token tidy function
2017-04-27 13:48:29 -04:00
vishalnayak
f9c1426ac8
Use an atomic lock for tidy operation in token store
2017-04-27 11:41:33 -04:00
vishalnayak
ac8aae36fe
Distinguish valid and invalid tokens using bool value in cache
2017-04-27 11:31:42 -04:00
vishalnayak
58967c0bbd
Merge branch 'oss' into sys-tidy-leases
2017-04-27 11:23:48 -04:00
vishalnayak
749ec4fab1
Some more logging updates
2017-04-27 11:20:55 -04:00
vishalnayak
e64ba93d54
Cache only valid tokens
2017-04-27 11:08:11 -04:00
vishalnayak
d256248095
Fix logging suggestions; put the policyStore nil check back in
2017-04-27 10:56:19 -04:00
Chris Hoffman
1a60fede58
Updating revoke/renew to prefer PUT method ( #2646 )
2017-04-27 10:47:43 -04:00
Brian Kassouf
50c0d520e1
Fix revoke tree test
2017-04-26 16:26:48 -07:00
vishalnayak
3fd019574d
Fix logging levels
2017-04-26 17:29:04 -04:00
vishalnayak
7c3e20e9c5
Fix the log statements
2017-04-26 17:17:19 -04:00
vishalnayak
671353810b
Added caching of looked up tokens
2017-04-26 16:54:48 -04:00
vishalnayak
9025ef16e4
Added logger to token store and logs to tidy function
2017-04-26 16:11:23 -04:00
vishalnayak
27dd95156d
Revoke lease that has empty token; added logs
2017-04-26 15:48:28 -04:00
vishalnayak
b939d049e4
Added atomic lock to ensure a single tidy operation is in progress
2017-04-26 15:07:58 -04:00
vishalnayak
5909d81b7b
Merge branch 'oss' into clean-stale-leases
2017-04-26 15:07:27 -04:00
Jeff Mitchell
4a4c981fb2
Update error message to distinguish tree revocation issue from non-tree
2017-04-26 14:06:45 -04:00
Brian Kassouf
b52b410a47
Update test to reflect the correct read response
2017-04-24 21:24:19 -07:00
Brian Kassouf
e4e61ec18c
return a 404 when no plugin is found
2017-04-24 18:31:27 -07:00
Brian Kassouf
cb1f1d418c
Only run Abs on the plugin directory if it's set
2017-04-24 16:20:20 -07:00
Brian Kassouf
039bc19dd8
Fix test
2017-04-24 13:48:46 -07:00
Brian Kassouf
5ff317eb8d
Update root paths test
2017-04-24 12:47:40 -07:00
Brian Kassouf
ce9688ce8c
Change MlockDisabled to MlockEnabled
2017-04-24 12:21:49 -07:00
Joel Thompson
e06a78a474
Create unified aws auth backend ( #2441 )
...
* Rename builtin/credential/aws-ec2 to aws
The aws-ec2 authentication backend is being expanded and will become the
generic aws backend. This is a small rename commit to keep the commit
history clean.
* Expand aws-ec2 backend to more generic aws
This adds the ability to authenticate arbitrary AWS IAM principals using
AWS's sts:GetCallerIdentity method. The AWS-EC2 auth backend is being to
just AWS with the expansion.
* Add missing aws auth handler to CLI
This was omitted from the previous commit
* aws auth backend general variable name cleanup
Also fixed a bug where allowed auth types weren't being checked upon
login, and added tests for it.
* Update docs for the aws auth backend
* Refactor aws bind validation
* Fix env var override in aws backend test
Intent is to override the AWS environment variables with the TEST_*
versions if they are set, but the reverse was happening.
* Update docs on use of IAM authentication profile
AWS now allows you to change the instance profile of a running instance,
so the use case of "a long-lived instance that's not in an instance
profile" no longer means you have to use the the EC2 auth method. You
can now just change the instance profile on the fly.
* Fix typo in aws auth cli help
* Respond to PR feedback
* More PR feedback
* Respond to additional PR feedback
* Address more feedback on aws auth PR
* Make aws auth_type immutable per role
* Address more aws auth PR feedback
* Address more iam auth PR feedback
* Rename aws-ec2.html.md to aws.html.md
Per PR feedback, to go along with new backend name.
* Add MountType to logical.Request
* Make default aws auth_type dependent upon MountType
When MountType is aws-ec2, default to ec2 auth_type for backwards
compatibility with legacy roles. Otherwise, default to iam.
* Pass MountPoint and MountType back up to the core
Previously the request router reset the MountPoint and MountType back to
the empty string before returning to the core. This ensures they get set
back to the correct values.
2017-04-24 15:15:50 -04:00
Brian Kassouf
657d433330
Update the ResponseWrapData function to return a wrapping.ResponseWrapInfo object
2017-04-24 12:15:01 -07:00
Brian Kassouf
c4e2ad74c5
Update path for the plugin catalog in logical system
2017-04-24 11:35:32 -07:00
Brian Kassouf
6c8239ba03
Update the builtin keys; move catalog to core; protect against unset plugin directory
2017-04-24 10:30:33 -07:00
Jeff Mitchell
3ba162fea1
List should use a trailing slash
2017-04-21 15:37:43 -04:00
Brian Kassouf
4d0aac963d
Fix tests
2017-04-21 10:24:34 -07:00
Brian Kassouf
30b06b593c
Fix tests
2017-04-21 09:10:26 -07:00
Brian Kassouf
6f9d178370
Calls to builtin plugins now go directly to the implementation instead of go-plugin
2017-04-20 18:46:41 -07:00
Brian Kassouf
af9ff63e9a
Merge remote-tracking branch 'oss/master' into database-refactor
2017-04-19 15:16:00 -07:00
Chris Hoffman
847c86f788
Rename ParseDedupAndSortStrings to ParseDedupLowercaseAndSortStrings ( #2614 )
2017-04-19 10:39:07 -04:00
Brian Kassouf
8ccf10641b
Merge branch 'master' into database-refactor
2017-04-12 14:29:10 -07:00
Brian Kassouf
3cd5dd1839
Fix RootPaths test
2017-04-12 14:22:52 -07:00
Brian Kassouf
433004f75e
Add test for logical_system plugin-catalog handling
2017-04-12 10:39:18 -07:00
Brian Kassouf
c3724c6f17
Add path help and comments for plugin-catalog
2017-04-12 10:01:36 -07:00
Brian Kassouf
faaeb09065
Add remaining crud functions to plugin catalog and tests
2017-04-12 09:40:54 -07:00
Brian Kassouf
8071aed758
Mlock the plugin process
2017-04-10 17:12:52 -07:00
Brian Kassouf
db91a80540
Update plugin test
2017-04-10 14:12:28 -07:00
Brian Kassouf
93136ea51e
Add backend test
2017-04-07 15:50:03 -07:00
Brian Kassouf
ca2c3d0c53
Refactor to use builtin plugins from an external repo
2017-04-05 16:20:31 -07:00
Brian Kassouf
b071144c67
move builtin plugins list to the pluginutil
2017-04-05 11:00:13 -07:00
Brian Kassouf
11abcd52e6
Add a cli command to run builtin plugins
2017-04-04 17:12:02 -07:00
Brian Kassouf
0034074691
Execute builtin plugins
2017-04-04 14:43:39 -07:00
Jeff Mitchell
709389dd36
Use ParseStringSlice on PKI organization/organizational unit. ( #2561 )
...
After, separately dedup and use new flag to not lowercase value.
Fixes #2555
2017-04-04 08:54:18 -07:00
Brian Kassouf
e8781b6a2b
Plugin catalog
2017-04-03 17:52:29 -07:00
Brian Kassouf
29ae4602dc
More work on getting tests to pass
2017-03-23 15:54:15 -07:00
Brian Kassouf
eb6117cbb2
Work on TLS communication over plugins
2017-03-15 17:14:48 -07:00
Vishal Nayak
5a6193a56e
Audit: Add token's use count to audit response ( #2437 )
...
* audit: Added token_num_uses to audit response
* Fixed jsonx tests
* Revert logical auth to NumUses instead of TokenNumUses
* s/TokenNumUses/NumUses
* Audit: Add num uses to audit requests as well
* Added RemainingUses to distinguish NumUses in audit requests
2017-03-08 17:36:50 -05:00
Jeff Mitchell
f03d500808
Add option to disable caching per-backend. ( #2455 )
2017-03-08 09:20:09 -05:00
vishalnayak
f54ff0f842
Add locking where possible while doing auth/token/tidy
2017-03-07 16:06:05 -05:00
vishalnayak
3522b67e14
Added sys/tidy-leases endpoint
2017-03-07 15:50:17 -05:00
Jeff Mitchell
3d162b63cc
Use locks in a slice rather than a map, which is faster and makes things cleaner ( #2446 )
2017-03-07 11:21:32 -05:00
Jeff Mitchell
5119b173c4
Rename helper 'duration' to 'parseutil'. ( #2449 )
...
Add a ParseBool function that accepts various kinds of ways of
specifying booleans.
Have config use ParseBool for UI and disabling mlock/cache.
2017-03-07 11:21:22 -05:00
Jeff Mitchell
8462d945d3
Add some nil checks to mounting
2017-03-04 16:43:18 -05:00
Jeff Mitchell
e7f418c903
Fix poison pill location
2017-03-04 10:21:27 -05:00
Brian Kassouf
e62f5dbc31
Allowed/Denied parameters support for globs ( #2438 )
...
* Add check for globbed strings
* Add tests for the acl globbing
* Fix bad test case
2017-03-03 14:50:55 -08:00
Jeff Mitchell
25428971c8
Add poison pill
2017-03-03 15:05:25 -05:00
Vishal Nayak
491a56fe9f
AppRole: Support restricted use tokens ( #2435 )
...
* approle: added token_num_uses to the role
* approle: added RUD tests for token_num_uses on role
* approle: doc: added token_num_uses
2017-03-03 09:31:20 -05:00
Jeff Mitchell
a585f709d3
Understand local when persisting mount tables, to avoid invalidations when not necessary ( #2427 )
2017-03-02 14:37:59 -05:00
Jeff Mitchell
bb05f2d8f8
Fix double-lock
2017-03-02 10:54:31 -05:00
Jeff Mitchell
31cddc43e1
Use own mutex for updating cluster parameters and fix leader UUID bug
2017-03-02 10:50:54 -05:00
Jeff Mitchell
beb3067787
Add some trace level information about new cluster status
2017-03-02 10:21:35 -05:00
Jeff Mitchell
36c84df326
Large update to request forwarding handling. ( #2426 )
2017-03-02 10:03:49 -05:00
Jeff Mitchell
90389323a2
Some more forwarding client cleanup
2017-03-01 20:59:20 -05:00
Jeff Mitchell
b1c2a930fe
Clean up request forwarding logic
2017-03-01 18:17:06 -05:00
Brian Kassouf
259e686d4c
Update TestSeal to ignore setting the config to nil
2017-03-01 14:10:06 -08:00
Jeff Mitchell
00cfaf7f64
Rejig signature of last remote wal
2017-03-01 12:42:10 -05:00
Jeff Mitchell
6ebb2cc958
Add last remote WAL bits
2017-03-01 12:40:36 -05:00
Jeff Mitchell
f2282247ef
Add seal cache purging back into postUnseal
2017-02-28 18:36:28 -05:00
Jeff Mitchell
09543dceeb
Rejig core standby logic to check validity of barrier during active transition
2017-02-28 18:17:30 -05:00
Jeff Mitchell
7f0a99e8eb
Add max/min wrapping TTL ACL statements ( #2411 )
2017-02-27 14:42:00 -05:00
Jeff Mitchell
2cc0906b33
Fix breakage for HTTP2 support due to changes in wrapping introduced in 1.8 ( #2412 )
2017-02-27 12:49:35 -05:00
Jeff Mitchell
8091a10c38
Make rollback attempts trace level instead of debug level
2017-02-27 09:41:56 -05:00
Jeff Mitchell
b29861f7bb
Do some porting to make diffing easier
2017-02-24 10:45:29 -05:00
Jeff Mitchell
4e045d000c
Create upgrade path for cubbyhole's local status
2017-02-24 10:05:44 -05:00
Jeff Mitchell
0e1b1e33be
Add comment around not allowing users to create JWT wrapping tokens
2017-02-22 11:13:40 -05:00
Brian Kassouf
9a9b89f16f
Update confusing comment
2017-02-21 16:06:00 -08:00
Brian Kassouf
dd5b541db6
Added test for the empty values array case
2017-02-21 16:02:00 -08:00
Brian Kassouf
a25132cec4
On merge favor values that have additive privileges
2017-02-21 15:53:27 -08:00
Brian Kassouf
9ec8dd3d17
PR feedback
2017-02-21 15:02:39 -08:00
Brian Kassouf
f992103615
Merge branch 'master' into acl-parameters-permission
2017-02-21 14:46:06 -08:00
Jeff Mitchell
496420a5ab
Make cubbyhole local instead of replicated. ( #2397 )
...
This doesn't really change behavior, just what it looks like in the UX.
However, it does make tests more complicated. Most were fixed by adding
a sorting function, which is generally useful anyways.
2017-02-18 13:51:05 -05:00
Jeff Mitchell
4a966726e5
Make reindex a root path as well
2017-02-16 23:36:06 -05:00
Jeff Mitchell
f3bee3550c
Remove now-unnecessary stanza from default policy
2017-02-16 23:30:38 -05:00
Jeff Mitchell
674a0a48bf
Fix rep path fetching method into a function
2017-02-16 23:23:21 -05:00
Jeff Mitchell
f37b6492d1
More rep porting ( #2391 )
...
* More rep porting
* Add a bit more porting
2017-02-16 23:09:39 -05:00
Brian Kassouf
1c5264c66c
ToLower parameter strings
2017-02-16 17:50:10 -08:00
Jeff Mitchell
494b4c844b
More porting from rep ( #2389 )
...
* More porting from rep
* Address feedback
2017-02-16 20:13:19 -05:00
Brian Kassouf
07799f665d
Simplify the merging of two policies
2017-02-16 16:30:08 -08:00
Brian Kassouf
7229bdfd38
Remove debug code
2017-02-16 16:14:30 -08:00
Brian Kassouf
136730cb01
Update logic to fix a few edge cases:
2017-02-16 15:20:11 -08:00
Jeff Mitchell
c81582fea0
More porting from rep ( #2388 )
...
* More porting from rep
* Address review feedback
2017-02-16 16:29:30 -05:00
Jeff Mitchell
0c39b613c8
Port some replication bits to OSS ( #2386 )
2017-02-16 15:15:02 -05:00