luxolus/open-vault
2
0
Fork 0
Code Issues 1 Pull requests Releases Activity
3397 commits 1 branch 0 tags 214 MiB
Commit graph

645 commits

Author SHA1 Message Date
vishalnayak 9aa8fb6cc1 Support periodic tidy callback and config endpoints. 2016-04-26 10:22:29 -04:00
Sean Chittenden aeea7628d6 Add a *log.Logger argument to physical.Factory 
Logging in the backend is a good thing.  This is a noisy interface change but should be a functional noop.
 2016-04-25 20:10:32 -07:00
Sean Chittenden 7fe0b2c6a1 Persistently retry to update service registration 
If the local Consul agent is not available while attempting to step down from active or up to active, retry once a second.  Allow for concurrent changes to the state with a single registration updater.  Fix standby initialization.
 2016-04-25 18:01:13 -07:00
Sean Chittenden 230b59f34c Stub out service discovery functionality 
Hook asynchronous notifications into Core to change the status of vault based on its active/standby, and sealed/unsealed status.
 2016-04-25 18:00:54 -07:00
Jeff Mitchell 398ed86d04 Split out TestSeal 2016-04-26 00:14:16 +00:00
Jeff Mitchell 98d09b0dc6 Add seal tests and update generate-root and others to handle dualseal. 2016-04-25 19:39:04 +00:00
Jeff Mitchell f293b1bb98 Merge pull request #1328 from hashicorp/sethvargo/path-help 
Add missing path-helps and clarify subpaths in tables
 2016-04-25 13:53:06 -04:00
Jeff Mitchell 62058a0ff8 Update tests for change in raw blacklisting 2016-04-19 20:26:26 +00:00
Jeff Mitchell 556039344a There's no good story around accessing any of core via /sys/raw, so blacklist it all 2016-04-19 16:01:15 +00:00
Jeff Mitchell b4620d5d04 Add check against seal type to catch errors before we attempt to use the data 2016-04-15 18:16:48 -04:00
Jeff Mitchell 9bc24be343 Move recovery info behind the barrier 2016-04-15 17:04:29 +00:00
Jeff Mitchell 119238149b Add Finalize method to seal. 2016-04-14 20:37:34 +00:00
Jeff Mitchell 53773f12e3 Register the token entry's path instead of the request path, to handle role suffixes correctly 2016-04-14 08:08:28 -04:00
Jeff Mitchell ae2d000de4 Make period output nicer -- seconds rather than duration 2016-04-14 06:10:22 -04:00
Jeff Mitchell a4ff72841e Check for seal status when initing and change logic order to avoid defer 2016-04-14 01:13:59 +00:00
Seth Vargo 03c09341a4 Add missing path-helps and clarify subpaths in tables 2016-04-13 22:15:54 +01:00
Adam Shannon fb07d07ad9 all: Cleanup from running go vet 2016-04-13 14:38:29 -05:00
Jeff Mitchell 1db6808912 Construct token path from request to fix displaying TTLs when using 
create-orphan.
 2016-04-07 15:45:38 +00:00
Jeff Mitchell f2880561d1 Ensure we only use sysview's max if it's not zero. It never should be, but safety. 2016-04-07 15:27:14 +00:00
Sean Chittenden 09ad6317ea Merge pull request #1297 from hashicorp/f-bsd-mlock 
F bsd mlock
 2016-04-06 13:57:34 -07:00
vishalnayak e3a1ee92b5 Utility Enhancements 2016-04-05 20:32:59 -04:00
Sean Chittenden 087e7c94d3 Add Vault support for the *BSDs, including Darwin 
The `syscall` package has been frozen in favor of `x/sys`.  As a result, all of the BSDs are supported and do have `mlockall(2)` support in current versions of Go.
 2016-04-05 12:18:19 -07:00
Jeff Mitchell afae46feb7 SealInterface 2016-04-04 10:44:22 -04:00
Jeff Mitchell 7d20380c42 Merge pull request #1280 from hashicorp/remove-ts-revoke-prefix 
Remove auth/token/revoke-prefix in favor of sys/revoke-prefix.
 2016-04-01 09:48:52 -04:00
Jeff Mitchell 2b2541e13f Merge pull request #1277 from hashicorp/suprious-revoke-timer-logs 
Keep the expiration manager from keeping old token entries.
 2016-03-31 20:16:31 -04:00
Jeff Mitchell 2fd02b8dca Remove auth/token/revoke-prefix in favor of sys/revoke-prefix. 2016-03-31 18:04:05 -04:00
Jeff Mitchell 7442867d53 Check for auth/ in the path of the prefix for revoke-prefix in the token 
store.
 2016-03-31 16:21:56 -04:00
Jeff Mitchell 75650ec1ad Keep the expiration manager from keeping old token entries. 
The expiration manager would never be poked to remove token entries upon
token revocation, if that revocation was initiated in the token store
itself. It might have been to avoid deadlock, since during revocation of
tokens the expiration manager is called, which then calls back into the
token store, and so on.

This adds a way to skip that last call back into the token store if we
know that we're on the revocation path because we're in the middle of
revoking a token. That way the lease is cleaned up. This both prevents
log entries appearing for already-revoked tokens, and it also releases
timer/memory resources since we're not keeping the leases around.
 2016-03-31 15:10:25 -04:00
Jeff Mitchell ddce1efd0d Two items: 
1: Fix path check in core to handle renew paths from the token store
that aren't simply renew/
2: Use token policy logic if token store role policies are empty
 2016-03-31 14:52:49 -04:00
vishalnayak 034ffd8af3 Fix capabilities test case 2016-03-18 12:55:18 -04:00
vishalnayak 6831e2a8fd Sort the capabilities before returning 2016-03-18 12:40:17 -04:00
vishalnayak a6f6cbd95a Tests for capabilites in system backend 2016-03-18 11:58:06 -04:00
vishalnayak d959ffc301 Rename PrepareRequest to PrepareRequestFunc 2016-03-18 10:37:49 -04:00
vishalnayak fbfe72f286 Removed http/sys_capabilties_test.go 2016-03-18 09:48:45 -04:00
vishalnayak 55f03b5d25 Add separate path for capabilities-self to enable ACL 2016-03-17 22:52:03 -04:00
vishalnayak 68367f60c8 Fix broken testcases 2016-03-17 21:03:32 -04:00
vishalnayak d348735322 Fix help descriptions 2016-03-17 21:03:32 -04:00
vishalnayak f275cd2e9c Fixed capabilities API to receive logical response 2016-03-17 21:03:32 -04:00
vishalnayak a5d79d587a Refactoring the capabilities function 2016-03-17 21:03:32 -04:00
vishalnayak dcb7f00bcc Move sys/capabilities to logical_system along with business logic from core 2016-03-17 21:03:32 -04:00
vishalnayak 2b712bc778 Move capabilities accessor logic to logical_system 2016-03-17 21:03:32 -04:00
Vishal Nayak 7db7b47fdd Merge pull request #1210 from hashicorp/audit-id-path 
Rename id to path and path to file_path, print audit backend paths
 2016-03-15 20:13:21 -04:00
Jeff Mitchell 8a5fc6b017 Sort and filter policies going into the create token entry, then use 
that as the definitive source for the response Auth object.
 2016-03-15 14:05:25 -04:00
vishalnayak 3861c88211 Accept params both as part of URL or as part of http body 2016-03-14 19:14:36 -04:00
vishalnayak 85a888d588 Enable token to be supplied in the body for lookup call 2016-03-14 18:56:00 -04:00
vishalnayak dd94e8e689 Fix broken test case 2016-03-14 18:44:13 -04:00
vishalnayak 71fc07833f Rename id to path and path to file_path, print audit backend paths 2016-03-14 17:15:07 -04:00
Jeff Mitchell 04eb6e79f0 Merge pull request #1200 from hashicorp/sethvargo/hcl_errors 
Show HCL parsing errors and typos
 2016-03-10 22:31:55 -05:00
Jeff Mitchell 90dd55b1e6 Sort policies before returning/storing, like we do in handleCreateCommon 2016-03-10 22:31:26 -05:00
vishalnayak 8094077cd3 Fix broken test case 2016-03-10 20:06:22 -05:00