Commit graph

94 commits

Author SHA1 Message Date
Calvin Leung Huang db9d9e6415 Store original request path in WrapInfo (#3100)
* Store original request path in WrapInfo as CreationPath

* Add wrapping_token_creation_path to CLI output

* Add CreationPath to AuditResponseWrapInfo

* Fix tests

* Add and fix tests, update API docs with new sample responses
2017-08-02 18:28:58 -04:00
Chris Hoffman 7e7d766e21 Exclude /sys/leases/renew from registering with expiration manager (#2891)
* exclude /sys/leases/renew from registering with expiration manager

* adding sys/leases/renew to return full secret object, adding tests to catch renew errors
2017-06-20 12:34:00 -04:00
Brian Rodgers e9b52ed928 Log auth info on permission denied due to ACL (#2754) 2017-06-05 18:04:31 -04:00
Jeff Mitchell f7df60b131 Allow accessing Warnings directly in Response. (#2806)
A change in copystructure has caused some panics due to the custom copy
function. I'm more nervous about production panics than I am about
keeping some bad code wiping out some existing warnings, so remove the
custom copy function and just allow direct setting of Warnings.
2017-06-05 10:52:43 -04:00
Jeff Mitchell 55ef4f2566 Merge branch 'master-oss' into sys-tidy-leases 2017-05-05 10:53:41 -04:00
Jeff Mitchell 3b95e751c0 Add more cleanup if a lease fails to register and revoke tokens if registerauth fails 2017-05-03 14:29:57 -04:00
Brian Kassouf 657d433330 Update the ResponseWrapData function to return a wrapping.ResponseWrapInfo object 2017-04-24 12:15:01 -07:00
Vishal Nayak 491a56fe9f AppRole: Support restricted use tokens (#2435)
* approle: added token_num_uses to the role

* approle: added RUD tests for token_num_uses on role

* approle: doc: added token_num_uses
2017-03-03 09:31:20 -05:00
Jeff Mitchell f37b6492d1 More rep porting (#2391)
* More rep porting

* Add a bit more porting
2017-02-16 23:09:39 -05:00
Jeff Mitchell 0c39b613c8 Port some replication bits to OSS (#2386) 2017-02-16 15:15:02 -05:00
Brian Kassouf 6701ba8a10 Configure the request headers that are output to the audit log (#2321)
* Add /sys/config/audited-headers endpoint for configuring the headers that will be audited

* Remove some debug lines

* Add a persistant layer and refactor a bit

* update the api endpoints to be more restful

* Add comments and clean up a few functions

* Remove unneeded hash structure functionaility

* Fix existing tests

* Add tests

* Add test for Applying the header config

* Add Benchmark for the ApplyConfig method

* ResetTimer on the benchmark:

* Update the headers comment

* Add test for audit broker

* Use hyphens instead of camel case

* Add size paramater to the allocation of the result map

* Fix the tests for the audit broker

* PR feedback

* update the path and permissions on config/* paths

* Add docs file

* Fix TestSystemBackend_RootPaths test
2017-02-02 11:49:20 -08:00
Jeff Mitchell 3129187dc2 JWT wrapping tokens (#2172) 2017-01-04 16:44:03 -05:00
Jeff Mitchell 6c1d2ffea9 Allow wrapping to be specified by backends, and take the lesser of the request/response times (#2088) 2016-11-11 15:12:11 -05:00
Jeff Mitchell 4a505bfa3e Update text around cubbyhole/response 2016-09-29 17:44:15 -04:00
Jeff Mitchell 5657789627 Audit unwrapped response (#1950) 2016-09-29 12:03:47 -07:00
Jeff Mitchell b45a481365 Wrapping enhancements (#1927) 2016-09-28 21:01:28 -07:00
Jeff Mitchell 1c6f2fd82b Add response wrapping to list operations (#1814) 2016-09-02 01:13:14 -04:00
Jeff Mitchell 58b32e5432 Convert to logxi 2016-08-21 18:13:37 -04:00
Jeff Mitchell d2124486ef Merge pull request #1702 from hashicorp/renew-post-body
Add ability to specify renew lease ID in POST body.
2016-08-08 20:01:25 -04:00
Jeff Mitchell ab71b981ad Add ability to specify renew lease ID in POST body. 2016-08-08 18:00:44 -04:00
Jeff Mitchell 13b7d37a0b Remove change to naming return values 2016-08-08 17:56:14 -04:00
Jeff Mitchell a583f8a3f8 Use policyutil sanitizing 2016-08-08 17:42:25 -04:00
Jeff Mitchell 4f0310ed96 Don't allow root from authentication backends either.
We've disabled this in the token store, but it makes no sense to have
that disabled but have it enabled elsewhere. It's the same issue across
all, so simply remove the ability altogether.
2016-08-08 17:32:37 -04:00
Laura Bennett ad66bd7502 fixes based proper interpretation of comments 2016-07-26 12:20:27 -04:00
Laura Bennett ae8a90be30 adding ids 2016-07-25 16:54:43 -04:00
Laura Bennett 8d52a96df5 moving id to http/logical 2016-07-25 15:24:10 -04:00
Laura Bennett c63cdc23a1 Merge branch 'master' of https://github.com/hashicorp/vault into request-uuid 2016-07-23 21:47:08 -04:00
Laura Bennett e5737b6789 initial local commit 2016-07-23 21:46:28 -04:00
Jeff Mitchell 4ab60f36a3 Rename err var to be more clear 2016-07-22 16:57:47 -04:00
Jeff Mitchell b6ca7e9423 Add response wrapping support to login endpoints.
Fixes #1587
2016-07-05 11:46:21 -04:00
Jeff Mitchell 368a17e978 Add some commenting 2016-06-14 05:54:09 +00:00
Jeff Mitchell e925987cb6 Add token accessor to wrap information if one exists 2016-06-13 23:58:17 +00:00
Jeff Mitchell 9f6c5bc02a cubbyhole-response-wrapping -> response-wrapping 2016-06-10 13:48:46 -04:00
Jeff Mitchell 10b218d292 Use time.Time which does RFC3339 across the wire to handle time zones. Arguably we should change the API to always do this... 2016-06-07 16:01:09 -04:00
Jeff Mitchell 401456ea50 Add creation time to returned wrapped token info
This makes it easier to understand the expected lifetime without a
lookup call that uses the single use left on the token.

This also adds a couple of safety checks and for JSON uses int, rather
than int64, for the TTL for the wrapped token.
2016-06-07 15:00:35 -04:00
Jeff Mitchell 0da8762bd5 Add unwrap command, and change how the response is embedded (as a string, not an object) 2016-05-19 11:25:15 -04:00
Jeff Mitchell 2e6ac4c37a Remove wrap specs from backend response 2016-05-19 03:06:09 +00:00
Jeff Mitchell c4431a7e30 Address most review feedback. Change responses to multierror to better return more useful values when there are multiple errors 2016-05-16 16:11:33 -04:00
Jeff Mitchell 2295cadbf4 Make WrapInfo a pointer to match secret/auth in response 2016-05-07 19:17:51 -04:00
Jeff Mitchell c5085bc79f Merge response fix over from mfatw 2016-05-07 16:41:24 -04:00
Jeff Mitchell 09f06554cb Address some review feedback 2016-05-04 16:03:53 -04:00
Jeff Mitchell 2ebe49d3a1 Change UseToken mechanics.
Add locking around UseToken and Lookup. Have UseToken flag an entry that
needs to be revoked so that it can be done at the appropriate time, but
so that Lookup in the interm doesn't return a value.

The locking is a map of 4096 locks keyed off of the first three
characters of the token ID which should provide good distribution.
2016-05-02 03:44:24 -04:00
Jeff Mitchell 1ffd5653c6 Add wrap support to API/CLI 2016-05-02 02:03:23 -04:00
Jeff Mitchell aba689a877 Add wrapping through core and change to use TTL instead of Duration. 2016-05-02 00:47:35 -04:00