luxolus/open-vault
2
0
Fork 0
Code Issues 1 Pull requests Releases Activity
3290 commits 1 branch 0 tags 214 MiB
Commit graph

628 commits

Author SHA1 Message Date
vishalnayak 926e7513d7 Added docs for /sys/capabilities-accessor 2016-03-09 09:48:32 -05:00
vishalnayak 7407c27778 Add docs for new token endpoints 2016-03-09 09:31:09 -05:00
vishalnayak 6a992272cd New prefix for accessor indexes 2016-03-09 09:09:09 -05:00
vishalnayak 151c932875 AccessorID --> Accessor, accessor_id --> accessor 2016-03-09 06:23:31 -05:00
vishalnayak 913bbe7693 Error text corrections and minor refactoring 2016-03-08 22:27:24 -05:00
vishalnayak 62777c9f7e ErrUserInput --> StatusBadRequest 2016-03-08 21:47:24 -05:00
vishalnayak 8117996378 Implemented /sys/capabilities-accessor and a way for setting HTTP error code in all the responses 2016-03-08 19:14:29 -05:00
vishalnayak 2737c81b39 Lay the foundation for returning proper HTTP status codes 2016-03-08 18:27:03 -05:00
vishalnayak 8c6afea1d0 Implemented /auth/token/revoke-accessor in token_store 2016-03-08 18:07:27 -05:00
vishalnayak a7adab25bc Implemented lookup-accessor as a token_store endpoint 2016-03-08 17:38:19 -05:00
vishalnayak f19ee68fdb placeholders for revoke-accessor and lookup-accessor 2016-03-08 15:13:29 -05:00
vishalnayak a7c97fcd18 Clear the accessor index during revocation 2016-03-08 14:06:10 -05:00
vishalnayak c0fb69a8b1 Create indexing from Accessor ID to Token ID 2016-03-08 14:06:10 -05:00
vishalnayak 301776012f Introduced AccessorID in TokenEntry and returning it along with token 2016-03-08 14:06:10 -05:00
Vishal Nayak be1163c64a Merge pull request #1171 from hashicorp/capabilities-endpoint 
Capabilities endpoint
 2016-03-08 13:12:09 -05:00
Jeff Mitchell 419598ede2 Warn on error when in force revoke mode 2016-03-08 11:05:46 -05:00
vishalnayak 08c40c9bba Introduced ErrUserInput to distinguish user error from server error 2016-03-07 22:16:09 -05:00
vishalnayak 3b463c2d4e use errwrap to check the type of error message, fix typos 2016-03-07 18:36:26 -05:00
Jeff Mitchell 6b0f79f499 Address review feedback 2016-03-07 10:07:04 -05:00
Jeff Mitchell cc1f5207b3 Merge branch 'master' into token-roles 2016-03-07 10:03:54 -05:00
vishalnayak aab24113b0 test cases for capabilities endpoint 2016-03-05 00:03:55 -05:00
vishalnayak 9946a2d8b5 refactoring changes due to acl.Capabilities 2016-03-04 18:55:48 -05:00
vishalnayak 402444c002 review rework 2 2016-03-04 18:08:13 -05:00
vishalnayak 2f5e65ae24 review rework 2016-03-04 15:35:58 -05:00
vishalnayak 35e71f3ebc Place the response nil check before resp.IsError() 2016-03-04 15:13:04 -05:00
vishalnayak 86dca39141 Fix testcase 2016-03-04 15:03:01 -05:00
vishalnayak da9152169b changed response of expiration manager's renewtoken to logical.response 2016-03-04 14:56:51 -05:00
vishalnayak 9217c49184 Adding acl.Capabilities to do the path matching 2016-03-04 12:04:26 -05:00
vishalnayak 7fe871e60a Removing the 'Message' field 2016-03-04 10:36:03 -05:00
vishalnayak b67ab8ab7c Test files for capabilities endpoint 2016-03-04 10:36:03 -05:00
vishalnayak 816f1f8631 self review rework 2016-03-04 10:36:03 -05:00
vishalnayak 286e63a648 Handled root token use case 2016-03-04 10:36:03 -05:00
vishalnayak 5b1100a84f remove changes from token_store.go 2016-03-04 10:36:03 -05:00
vishalnayak abfbc74bd4 Remove capabilities changes from logical_system.go 2016-03-04 10:36:03 -05:00
vishalnayak f1fd5247ad Add vault/capabilities.go 2016-03-04 10:36:02 -05:00
vishalnayak 5749a6718c Added sys/capabililties endpoint 2016-03-04 10:36:02 -05:00
Jeff Mitchell a03ecb64ce Merge pull request #1172 from hashicorp/sanitize-mount-paths 
Create a unified function to sanitize mount paths.
 2016-03-03 13:46:38 -05:00
Jeff Mitchell 7394f97439 Fix out-of-date comment 2016-03-03 13:37:51 -05:00
Jeff Mitchell 0d46fb4696 Create a unified function to sanitize mount paths. 
This allows mount paths to start with '/' in addition to ensuring they
end in '/' before leaving the system backend.
 2016-03-03 13:13:47 -05:00
Jeff Mitchell 3e7bca82a1 Merge pull request #1146 from hashicorp/step-down 
Provide 'sys/step-down' and 'vault step-down'
 2016-03-03 12:30:08 -05:00
Jeff Mitchell 9bf6c40974 Add default case for if the step down channel is blocked 2016-03-03 12:29:30 -05:00
Jeff Mitchell 9717ca5931 Strip leading paths in policies. 
It appears to be a common mistake, but they won't ever match.

Fixes #1167
 2016-03-03 11:32:48 -05:00
Jeff Mitchell 62f1b3f91c Remove unneeded sleeps in test code 2016-03-03 11:09:27 -05:00
Jeff Mitchell 41dba5dd5d Move descriptions into const block 2016-03-03 11:04:05 -05:00
Jeff Mitchell cd86226845 Add forced revocation. 
In some situations, it can be impossible to revoke leases (for instance,
if someone has gone and manually removed users created by Vault). This
can not only cause Vault to cycle trying to revoke them, but it also
prevents mounts from being unmounted, leaving them in a tainted state
where the only operations allowed are to revoke (or rollback), which
will never successfully complete.

This adds a new endpoint that works similarly to `revoke-prefix` but
ignores errors coming from a backend upon revocation (it does not ignore
errors coming from within the expiration manager, such as errors
accessing the data store). This can be used to force Vault to abandon
leases.

Like `revoke-prefix`, this is a very sensitive operation and requires
`sudo`. It is implemented as a separate endpoint, rather than an
argument to `revoke-prefix`, to ensure that control can be delegated
appropriately, as even most administrators should not normally have
this privilege.

Fixes #1135
 2016-03-03 10:13:59 -05:00
Jeff Mitchell 9c47b8c0a7 Remove sys_policy from special handling as it's implemented in 
logical_system too. Clean up the mux handlers.
 2016-03-02 14:16:54 -05:00
Jeff Mitchell 7c5f810bc0 Address first round of feedback 2016-03-01 15:30:37 -05:00
Jeff Mitchell 8a500e0181 Add command and token store documentation for roles 2016-03-01 13:02:40 -05:00
Jeff Mitchell 54232eb980 Add other token role unit tests and some minor other changes. 2016-03-01 12:41:41 -05:00
Jeff Mitchell df2e337e4c Update tests to add expected role parameters 2016-03-01 12:41:40 -05:00
Jeff Mitchell b8b59560dc Add token role CRUD tests 2016-03-01 12:41:40 -05:00
Jeff Mitchell ef990a3681 Initial work on token roles 2016-03-01 12:41:40 -05:00
Jeff Mitchell b5a8e5d724 Fix commenting 2016-02-29 20:29:04 -05:00
Jeff Mitchell 6a980b88fd Address review feedback 2016-02-28 21:51:50 -05:00
Jeff Mitchell 11ddd2290b Provide 'sys/step-down' and 'vault step-down' 
This endpoint causes the node it's hit to step down from active duty.
It's a noop if the node isn't active or not running in HA mode. The node
will wait one second before attempting to reacquire the lock, to give
other nodes a chance to grab it.

Fixes #1093
 2016-02-26 19:43:55 -05:00
Jeff Mitchell 4c87c101f7 Fix tests 2016-02-26 16:44:35 -05:00
vishalnayak bc4710eb06 Cert: renewal enhancements 2016-02-24 14:31:38 -05:00
Vishal Nayak fff201014d Merge pull request #1021 from hashicorp/vault-seal-1006 
Sealing vault in standby mode
 2016-02-03 15:22:16 -05:00
vishalnayak eeea9710b6 Generalized the error message and updated doc 2016-02-03 15:06:18 -05:00
Jeff Mitchell 63d63e8dbc Oops, we needed that, but for a different reason than the comment said. So put the test back but fix the comment 2016-02-03 14:05:29 -05:00
Jeff Mitchell fd4283b430 Remove some unneeded copied logic from passthrough in cubbyhole 2016-02-03 13:57:34 -05:00
Jeff Mitchell 1394555a4d Add listing of cubbyhole's root to the default policy. 
This allows `vault list cubbyhole` to behave as expected rather than
requiring `vault list cubbyhole/`. It could be special cased in logic,
but it also serves as a model for the same behavior in e.g. `generic`
mounts where special casing is not possible due to unforeseen mount
paths.
 2016-02-03 13:50:47 -05:00
vishalnayak f5fbd12ac3 Test for seal on standby node 2016-02-03 12:28:01 -05:00
vishalnayak a10888f1f1 Added comments to changes the error message 2016-02-03 11:35:47 -05:00
vishalnayak f1facb0f9f Throw error on sealing vault in standby mode 2016-02-03 10:58:33 -05:00
Jeff Mitchell ff3adce39e Make "ttl" reflect the actual TTL of the token in lookup calls. 
Add a new value "creation_ttl" which holds the value at creation time.

Fixes #986
 2016-02-01 11:16:32 -05:00
Jeff Mitchell d3a705f17b Make backends much more consistent: 
1) Use the new LeaseExtend
2) Use default values controlled by mount tuning/system defaults instead
of a random hard coded value
3) Remove grace periods
 2016-01-29 20:03:37 -05:00
Jeff Mitchell dcf844027b Show entry path in log, not internal view path 2016-01-28 12:34:49 -05:00
Jeff Mitchell 8b9fa042fe If the path is not correct, don't fail due to existence check, fail due to unsupported path 2016-01-23 14:05:09 -05:00
Jeff Mitchell 12c00b97ef Allow backends to see taint status. 
This can be seen via System(). In the PKI backend, if the CA is
reconfigured but not fully (e.g. an intermediate CSR is generated but no
corresponding cert set) and there are already leases (issued certs), the
CRL is unable to be built. As a result revocation fails. But in this
case we don't actually need revocation to be successful since the CRL is
useless after unmounting. By checking taint status we know if we can
simply fast-path out of revocation with a success in this case.

Fixes #946
 2016-01-22 17:01:22 -05:00
Jeff Mitchell 9cac7ccd0f Add some commenting 2016-01-22 10:13:49 -05:00
Jeff Mitchell 3955604d3e Address more list feedback 2016-01-22 10:07:32 -05:00
Jeff Mitchell eb847f4e36 Error out if trying to write to a directory path 2016-01-22 10:07:32 -05:00
Jeff Mitchell be1b4c8a46 Only allow listing on folders and enforce this. Also remove string sorting from Consul backend as it's not a requirement and other backends don't do it. 2016-01-22 10:07:32 -05:00
Jeff Mitchell e412ac8461 Remove bare option, prevent writes ending in slash, and return an exact file match as "." 2016-01-22 10:07:32 -05:00
Jeff Mitchell 455931873a Address some review feedback 2016-01-22 10:07:32 -05:00
Jeff Mitchell 5341cb69cc Updates and documentation 2016-01-22 10:07:32 -05:00
Jeff Mitchell b2bde47b01 Pull out setting the root token ID; use the new ParseUUID method in 
go-uuid instead, and revoke if there is an error.
 2016-01-19 19:44:33 -05:00
Jeff Mitchell 7a59af7d18 Fix lost code after rebase 2016-01-19 19:19:07 -05:00
Jeff Mitchell 973c888833 RootGeneration->GenerateRoot 2016-01-19 18:28:10 -05:00
Jeff Mitchell 3b994dbc7f Add the ability to generate root tokens via unseal keys. 2016-01-19 18:28:10 -05:00
Jeff Mitchell 1ac2faa136 Implement existence check for cubbyhole 2016-01-16 19:35:11 -05:00
Jeff Mitchell b830e29449 Use capabilities rather than policies in default policy. Also add cubbyhole to it. 2016-01-16 18:02:31 -05:00
Jeff Mitchell 9857da207c Move rekey to its own files for cleanliness 2016-01-14 17:01:04 -05:00
Jeff Mitchell 9c5ad28632 Update deps, and adjust usage of go-uuid to match new return values 2016-01-13 13:40:08 -05:00
Jeff Mitchell f9bbe0fb04 Use logical operations instead of strings for comparison 2016-01-12 21:16:31 -05:00
Jeff Mitchell d949043cac Merge pull request #914 from hashicorp/acl-rework 
More granular ACL capabilities
 2016-01-12 21:11:52 -05:00
Jeff Mitchell 4253299dfe Store uint32s in radix 2016-01-12 17:24:01 -05:00
Jeff Mitchell e58705b34c Cleanup 2016-01-12 17:10:48 -05:00
Jeff Mitchell 87fba5dad0 Convert map to bitmap 2016-01-12 17:08:10 -05:00
Jeff Mitchell da87d490eb Add some commenting around create/update 2016-01-12 15:13:54 -05:00
Jeff Mitchell 9db22dcfad Address some more review feedback 2016-01-12 15:09:16 -05:00
Jeff Mitchell ce5bd64244 Clean up HelpOperation 2016-01-12 14:34:49 -05:00
Jeff Mitchell a99787afeb Don't allow a policy with no name, even though it is a valid slice member 2016-01-08 21:23:40 -05:00
Jeff Mitchell f6d2271a3c Use an array of keys so that if the same fingerprint is used none are lost when using PGP key backup 2016-01-08 14:29:23 -05:00
Jeff Mitchell 4f4ddbf017 Create more granular ACL capabilities. 
This commit splits ACL policies into more fine-grained capabilities.
This both drastically simplifies the checking code and makes it possible
to support needed workflows that are not possible with the previous
method. It is backwards compatible; policies containing a "policy"
string are simply converted to a set of capabilities matching previous
behavior.

Fixes #724 (and others).
 2016-01-08 13:05:14 -05:00
Jeff Mitchell f3ce90164f WriteOperation -> UpdateOperation 2016-01-08 13:03:03 -05:00
Jeff Mitchell 2412c078ac Also convert policy store cache to 2q. 
Ping #908
 2016-01-07 09:26:08 -05:00
Jeff Mitchell 85509e7ba5 Simplify some logic and ensure that if key share backup fails, we fail 
the operation as well.

Ping #907
 2016-01-06 13:14:23 -05:00
Jeff Mitchell a094eedce2 Add rekey nonce/backup. 2016-01-06 09:54:35 -05:00