luxolus/open-vault
2
0
Fork 0
Code Issues 1 Pull requests Releases Activity
2977 commits 1 branch 0 tags 214 MiB
Commit graph

556 commits

Author SHA1 Message Date
vishalnayak a7c97fcd18 Clear the accessor index during revocation 2016-03-08 14:06:10 -05:00
vishalnayak c0fb69a8b1 Create indexing from Accessor ID to Token ID 2016-03-08 14:06:10 -05:00
vishalnayak 301776012f Introduced AccessorID in TokenEntry and returning it along with token 2016-03-08 14:06:10 -05:00
Vishal Nayak be1163c64a Merge pull request #1171 from hashicorp/capabilities-endpoint 
Capabilities endpoint
 2016-03-08 13:12:09 -05:00
vishalnayak 08c40c9bba Introduced ErrUserInput to distinguish user error from server error 2016-03-07 22:16:09 -05:00
vishalnayak 3b463c2d4e use errwrap to check the type of error message, fix typos 2016-03-07 18:36:26 -05:00
vishalnayak aab24113b0 test cases for capabilities endpoint 2016-03-05 00:03:55 -05:00
vishalnayak 9946a2d8b5 refactoring changes due to acl.Capabilities 2016-03-04 18:55:48 -05:00
vishalnayak 402444c002 review rework 2 2016-03-04 18:08:13 -05:00
vishalnayak 2f5e65ae24 review rework 2016-03-04 15:35:58 -05:00
vishalnayak 35e71f3ebc Place the response nil check before resp.IsError() 2016-03-04 15:13:04 -05:00
vishalnayak 86dca39141 Fix testcase 2016-03-04 15:03:01 -05:00
vishalnayak da9152169b changed response of expiration manager's renewtoken to logical.response 2016-03-04 14:56:51 -05:00
vishalnayak 9217c49184 Adding acl.Capabilities to do the path matching 2016-03-04 12:04:26 -05:00
vishalnayak 7fe871e60a Removing the 'Message' field 2016-03-04 10:36:03 -05:00
vishalnayak b67ab8ab7c Test files for capabilities endpoint 2016-03-04 10:36:03 -05:00
vishalnayak 816f1f8631 self review rework 2016-03-04 10:36:03 -05:00
vishalnayak 286e63a648 Handled root token use case 2016-03-04 10:36:03 -05:00
vishalnayak 5b1100a84f remove changes from token_store.go 2016-03-04 10:36:03 -05:00
vishalnayak abfbc74bd4 Remove capabilities changes from logical_system.go 2016-03-04 10:36:03 -05:00
vishalnayak f1fd5247ad Add vault/capabilities.go 2016-03-04 10:36:02 -05:00
vishalnayak 5749a6718c Added sys/capabililties endpoint 2016-03-04 10:36:02 -05:00
Jeff Mitchell a03ecb64ce Merge pull request #1172 from hashicorp/sanitize-mount-paths 
Create a unified function to sanitize mount paths.
 2016-03-03 13:46:38 -05:00
Jeff Mitchell 7394f97439 Fix out-of-date comment 2016-03-03 13:37:51 -05:00
Jeff Mitchell 0d46fb4696 Create a unified function to sanitize mount paths. 
This allows mount paths to start with '/' in addition to ensuring they
end in '/' before leaving the system backend.
 2016-03-03 13:13:47 -05:00
Jeff Mitchell 3e7bca82a1 Merge pull request #1146 from hashicorp/step-down 
Provide 'sys/step-down' and 'vault step-down'
 2016-03-03 12:30:08 -05:00
Jeff Mitchell 9bf6c40974 Add default case for if the step down channel is blocked 2016-03-03 12:29:30 -05:00
Jeff Mitchell 9717ca5931 Strip leading paths in policies. 
It appears to be a common mistake, but they won't ever match.

Fixes #1167
 2016-03-03 11:32:48 -05:00
Jeff Mitchell 62f1b3f91c Remove unneeded sleeps in test code 2016-03-03 11:09:27 -05:00
Jeff Mitchell 9c47b8c0a7 Remove sys_policy from special handling as it's implemented in 
logical_system too. Clean up the mux handlers.
 2016-03-02 14:16:54 -05:00
Jeff Mitchell b5a8e5d724 Fix commenting 2016-02-29 20:29:04 -05:00
Jeff Mitchell 6a980b88fd Address review feedback 2016-02-28 21:51:50 -05:00
Jeff Mitchell 11ddd2290b Provide 'sys/step-down' and 'vault step-down' 
This endpoint causes the node it's hit to step down from active duty.
It's a noop if the node isn't active or not running in HA mode. The node
will wait one second before attempting to reacquire the lock, to give
other nodes a chance to grab it.

Fixes #1093
 2016-02-26 19:43:55 -05:00
Jeff Mitchell 4c87c101f7 Fix tests 2016-02-26 16:44:35 -05:00
vishalnayak bc4710eb06 Cert: renewal enhancements 2016-02-24 14:31:38 -05:00
Vishal Nayak fff201014d Merge pull request #1021 from hashicorp/vault-seal-1006 
Sealing vault in standby mode
 2016-02-03 15:22:16 -05:00
vishalnayak eeea9710b6 Generalized the error message and updated doc 2016-02-03 15:06:18 -05:00
Jeff Mitchell 63d63e8dbc Oops, we needed that, but for a different reason than the comment said. So put the test back but fix the comment 2016-02-03 14:05:29 -05:00
Jeff Mitchell fd4283b430 Remove some unneeded copied logic from passthrough in cubbyhole 2016-02-03 13:57:34 -05:00
Jeff Mitchell 1394555a4d Add listing of cubbyhole's root to the default policy. 
This allows `vault list cubbyhole` to behave as expected rather than
requiring `vault list cubbyhole/`. It could be special cased in logic,
but it also serves as a model for the same behavior in e.g. `generic`
mounts where special casing is not possible due to unforeseen mount
paths.
 2016-02-03 13:50:47 -05:00
vishalnayak f5fbd12ac3 Test for seal on standby node 2016-02-03 12:28:01 -05:00
vishalnayak a10888f1f1 Added comments to changes the error message 2016-02-03 11:35:47 -05:00
vishalnayak f1facb0f9f Throw error on sealing vault in standby mode 2016-02-03 10:58:33 -05:00
Jeff Mitchell ff3adce39e Make "ttl" reflect the actual TTL of the token in lookup calls. 
Add a new value "creation_ttl" which holds the value at creation time.

Fixes #986
 2016-02-01 11:16:32 -05:00
Jeff Mitchell d3a705f17b Make backends much more consistent: 
1) Use the new LeaseExtend
2) Use default values controlled by mount tuning/system defaults instead
of a random hard coded value
3) Remove grace periods
 2016-01-29 20:03:37 -05:00
Jeff Mitchell dcf844027b Show entry path in log, not internal view path 2016-01-28 12:34:49 -05:00
Jeff Mitchell 8b9fa042fe If the path is not correct, don't fail due to existence check, fail due to unsupported path 2016-01-23 14:05:09 -05:00
Jeff Mitchell 12c00b97ef Allow backends to see taint status. 
This can be seen via System(). In the PKI backend, if the CA is
reconfigured but not fully (e.g. an intermediate CSR is generated but no
corresponding cert set) and there are already leases (issued certs), the
CRL is unable to be built. As a result revocation fails. But in this
case we don't actually need revocation to be successful since the CRL is
useless after unmounting. By checking taint status we know if we can
simply fast-path out of revocation with a success in this case.

Fixes #946
 2016-01-22 17:01:22 -05:00
Jeff Mitchell 9cac7ccd0f Add some commenting 2016-01-22 10:13:49 -05:00
Jeff Mitchell 3955604d3e Address more list feedback 2016-01-22 10:07:32 -05:00