066038bebd
Fixed return types
2017-01-04 16:58:25 -05:00
0391475c70
Add read locks to LookupToken/ValidateWrappingToken ( #2232 )
2017-01-04 16:52:03 -05:00
3129187dc2
JWT wrapping tokens ( #2172 )
2017-01-04 16:44:03 -05:00
d70fb45fbb
Removed unused methods
2017-01-03 12:51:35 -05:00
103b7ceab2
all: test: Fix govet warnings
...
Fix calls to t.Fatal() with formatting.
Fixed some calls to Fatalf() with wrong formatting
2016-12-21 19:44:07 +01:00
9f60e9f88d
Add tidy expiration test
2016-12-16 17:04:28 -05:00
bae84e3864
TokenStore: Make the testcase dangle 100 accessors and let it tidy up
2016-12-16 15:41:41 -05:00
ba026aeaa1
TokenStore: Added tidy endpoint ( #2192 )
2016-12-16 15:29:27 -05:00
f6044764c0
Fix revocation of leases when num_uses goes to 0 ( #2190 )
2016-12-16 13:11:55 -05:00
8400b87473
Don't add default policy to child token if parent does not have it ( #2164 )
2016-12-16 00:36:39 -05:00
e3f56f375c
Add 'no-store' response header from all the API outlets ( #2183 )
2016-12-15 17:53:07 -05:00
907e735541
Permissions were changed from a structure to and array of interfaces. Code optimization for acl.go. Fixed bug where multiple parameters would allow if second or following parameters were denied and there was a wildcard in allow.
2016-12-06 18:14:15 -08:00
c27817aba3
Merge branch 'master' of https://github.com/hashicorp/vault
2016-12-06 16:09:32 -08:00
7865143c1d
Minor ports
2016-12-05 12:28:12 -05:00
710e8f2d4c
Change Vault audit broker logic to successfully start when at least one ( #2155 )
...
backend is successfully loaded.
Fixes #2083
2016-12-02 15:09:01 -05:00
90b392c7fc
Fix panic() in test suite ( #2149 )
...
As `base` could be nil, move check in `if base != nil`
2016-12-02 06:31:06 -05:00
49284031c6
Respect logger in TestCluster
2016-12-01 15:25:10 -05:00
3e72e50fa5
Merge remote-tracking branch 'upstream/master'
2016-11-20 18:31:55 -08:00
ee29b329fb
Bump proto files after update
2016-11-17 10:06:26 -05:00
e84a015487
Add extra logic around listener handling. ( #2089 )
2016-11-11 16:43:33 -05:00
6c1d2ffea9
Allow wrapping to be specified by backends, and take the lesser of the request/response times ( #2088 )
2016-11-11 15:12:11 -05:00
168d6e1a3d
Fix other clustering tests on OSX
2016-11-08 10:55:41 -05:00
e381c189e4
Fix cluster testing on OSX; see the inline comment for details
2016-11-08 10:31:35 -05:00
86edada67c
Show the listener address when it's created for the cluster in the log
2016-11-08 10:31:15 -05:00
6f86e664a8
use a const for cluster test pause period
2016-11-08 10:30:44 -05:00
c63d9e9f24
added AllowOperation tests
2016-11-07 12:28:41 -08:00
a847caa4ae
Moved Operations out of test cases variable.
2016-11-07 12:08:17 -08:00
e349d64dbc
Finished merge testing.
2016-11-06 15:16:08 -08:00
42e0ecb0b8
narrowed the problem to: the Permissions struct in the TestPolicyMerge method is not being initialized
2016-11-06 13:38:25 -08:00
2add5dbf3a
Started the testing on merged pathCapabilites
2016-11-01 21:27:33 -07:00
482ed0a659
Add merge testcases
2016-11-01 19:48:00 -07:00
975ac72822
started acl_test updates
2016-10-30 15:09:45 -07:00
b3c805e662
Audit the client token accessors ( #2037 )
2016-10-29 17:01:49 -04:00
b5669d73db
Had to change what a wildcard value in a parameter mapped to, from a nil value to an empty struct
2016-10-28 12:54:37 -07:00
3a0e01a5d7
Added the merging of wildcards to allowed and denied parameters.
2016-10-28 12:33:50 -07:00
0ed2dece6d
Don't panic if postUnseal calls preSeal due to audit table never being set up. Also call cleanup funcs on auth backends. ( #2043 )
2016-10-28 15:32:32 -04:00
bcd0618623
updated testing on a policy to cover parameters in the policy
2016-10-28 10:18:31 -07:00
2ea4caeffb
Update acl and policy tests to use Permissions.
2016-10-21 23:45:39 -07:00
353241e328
Fixing type assertions.
2016-10-21 21:12:02 -07:00
ed982675a1
permissions structure now holds a map of strings to empty structs. Modified acl.go to acommidate these changes
2016-10-21 19:35:55 -07:00
c6b63b5312
Implemented AllowOperation parameter permission checking for request data.
2016-10-21 18:38:05 -07:00
e06aaf20e1
Remove unused WrapListenersForClustering ( #2007 )
2016-10-18 10:20:09 -04:00
c2b512cf46
Changed AllowOperation to take logical.Request
2016-10-16 16:29:52 -07:00
bd7711bebf
Merge allowed and disallowed parameters maps.
2016-10-16 15:24:32 -07:00
93bb52b733
policy now includes whether a certain parameter can be updated
2016-10-15 16:44:57 -07:00
231d3e7758
policy now includes whether a certain parameter can be updated
2016-10-15 16:43:55 -07:00
119dd9653e
Adding permissions to hcl config and decoding it.
2016-10-14 14:24:45 -07:00
bd5235960c
Fixed permission conflicts
2016-10-14 10:33:12 -07:00
d480df7141
Fixed Policy Permissions intergration and spelling.
2016-10-14 10:22:00 -07:00
eb8b8a1def
created structure for permissions and modified parsePaths in policy.go and newAcl/AllowOperation in acl.go
2016-10-14 10:17:25 -07:00
4582f2268c
working on modifying AllowOperation in acl.go
2016-10-10 11:21:25 -07:00
6aa9a1d165
updated policy.go to include an expanded structure to add the ability to track allowed and disallowed params in the PathCapabilities structure. Updating Acl.go to interface with the updated PathCapabilites structure
2016-10-09 15:39:58 -07:00
b5225fd000
Add KeyNotFoundError to seal file
2016-10-05 17:17:33 -04:00
6d00f0c483
Adds HUP support for audit log files to close and reopen. ( #1953 )
...
Adds HUP support for audit log files to close and reopen. This makes it
much easier to deal with normal log rotation methods.
As part of testing this I noticed that HUP and other items that come out
of command/server.go are going to stderr, which is where our normal log
lines go. This isn't so much problematic with our normal output but as
we officially move to supporting other formats this can cause
interleaving issues, so I moved those to stdout instead.
2016-09-30 12:04:50 -07:00
85315ff188
Rejig where the reload functions live
2016-09-30 00:07:22 -04:00
4a505bfa3e
Update text around cubbyhole/response
2016-09-29 17:44:15 -04:00
5657789627
Audit unwrapped response ( #1950 )
2016-09-29 12:03:47 -07:00
b45a481365
Wrapping enhancements ( #1927 )
2016-09-28 21:01:28 -07:00
f0203741ff
Change default TTL from 30 to 32 to accommodate monthly operations ( #1942 )
2016-09-28 18:32:49 -04:00
57b21acabb
Added unit tests for token entry upgrade
2016-09-26 18:17:50 -04:00
af888573be
Handle upgrade of deprecated fields in token entry
2016-09-26 15:47:48 -04:00
f3ab4971a6
Follow Vault convention on `DELETE` being idempotent ( #1903 )
...
* Follow Vault convention on `DELETE` being idempotent with
audit/auth/mounts deletes (a.k.a. disabling/unmounting).
2016-09-19 13:02:25 -04:00
722e26f27a
Add support for PGP encrypting the initial root token. ( #1883 )
2016-09-13 18:42:24 -04:00
fffee5611a
Rejig locks during unmount/remount. ( #1855 )
2016-09-13 11:50:14 -04:00
1c6f2fd82b
Add response wrapping to list operations ( #1814 )
2016-09-02 01:13:14 -04:00
19d64a476a
Apply fix from #1827 to rekey
2016-09-01 17:42:28 -04:00
5bd93b62d4
Return bad request error on providing same key for root generation ( #1833 )
...
Fixes #1827
2016-09-01 17:40:01 -04:00
328de60338
Description consistency
2016-08-29 15:53:11 -04:00
ac38863884
Add back token/accessor URL parameters but return a warning.
...
CC @sethvargo
2016-08-29 15:15:57 -04:00
aec05fdf02
Remove the upgrade code to update the mount table from 'aws' to 'aws-ec2'
2016-08-29 11:53:52 -04:00
7e41d5ab45
Pass headers back when request forwarding ( #1795 )
2016-08-26 17:53:47 -04:00
2ce4397deb
Plumb through the ability to set the storage read cache size. ( #1784 )
...
Plumb through the ability to set the storage read cache size.
Fixes #1772
2016-08-26 10:27:06 -04:00
9fee9ce8ff
Don't allow tokens in paths. ( #1783 )
2016-08-24 15:59:43 -04:00
b89073f7e6
Error when an invalid (as opposed to incorrect) unseal key is given. ( #1782 )
...
Fixes #1777
2016-08-24 14:15:25 -04:00
58b32e5432
Convert to logxi
2016-08-21 18:13:37 -04:00
2bb8adcbde
Cleanup and avoid unnecessary advertisement parsing in leader check
2016-08-19 14:49:11 -04:00
b7acf5b5ab
Rename proto service stuff and change log levels for some messages
2016-08-19 11:49:25 -04:00
bdcfe05517
Clustering enhancements ( #1747 )
2016-08-19 11:03:53 -04:00
87c42a796b
s/advertisement/redirect
2016-08-19 10:52:14 -04:00
01702415c2
Ensure we don't use a token entry period of 0 in role comparisons.
...
When we added support for generating periodic tokens for root/sudo in
auth/token/create we used the token entry's period value to store the
shortest period found to eventually populate the TTL. The problem was
that we then assumed later that this value would be populated for
periodic tokens, when it wouldn't have been in the upgrade case.
Instead, use a temp var to store the proper value to use; populate
te.Period only if actually given; and check that it's not zero before
comparing against role value during renew.
2016-08-16 16:47:46 -04:00
c1aa89363a
Make time logic a bit clearer
2016-08-16 16:29:07 -04:00
02d9702fbd
Add local into handler path for forwarded requests
2016-08-16 11:46:37 -04:00
62c69f8e19
Provide base64 keys in addition to hex encoded. ( #1734 )
...
* Provide base64 keys in addition to hex encoded.
Accept these at unseal/rekey time.
Also fix a bug where backup would not be honored when doing a rekey with
no operation currently ongoing.
2016-08-15 16:01:15 -04:00
37320f8798
Request forwarding ( #1721 )
...
Add request forwarding.
2016-08-15 09:42:42 -04:00
40ece8fd7c
Add another test and fix some output
2016-08-14 07:17:14 -04:00
b6ef112382
Minor wording change
2016-08-13 15:45:13 -04:00
cdea4b3445
Add some tests and fix some bugs
2016-08-13 14:03:22 -04:00
de60702d76
Don't check the role period again as we've checked it earlier and it may be greater than the te Period
2016-08-13 13:21:56 -04:00
bcb4ab5422
Add periodic support for root/sudo tokens to auth/token/create
2016-08-12 21:14:12 -04:00
c1a46349fa
Change to keybase openpgp fork as it has important fixes
2016-08-11 08:31:43 -04:00
3895ea4c2b
Address review feedback from @jefferai
2016-08-10 15:22:12 -04:00
95f9c62523
Fix Cluster object being returned as nil when unsealed
2016-08-10 15:09:16 -04:00
0f40fba40d
Don't allow a root token that expires to create one that doesn't
2016-08-09 20:32:40 -04:00
b5d55a9f47
Fix broken mount_test
2016-08-09 12:06:59 -04:00
4246ab1220
Change local cluster info path
2016-08-09 11:28:42 -04:00
c27a52069c
Merge pull request #1693 from hashicorp/mount-table-compress
...
Added utilities to compress the JSON encoded string.
2016-08-09 11:23:14 -04:00
cc10fd7a7e
Use config file cluster name after automatic gen
2016-08-09 11:03:50 -04:00
b43cc03f0e
Address review feedback from @jefferai
2016-08-09 10:47:55 -04:00
94c9fc3b49
Minor test fix
2016-08-09 07:13:29 -04:00
78d57520fb
Refactoring and test fixes
2016-08-09 03:43:03 -04:00
5866cee5b4
Added utilities to compress the data
2016-08-09 00:50:19 -04:00
d2124486ef
Merge pull request #1702 from hashicorp/renew-post-body
...
Add ability to specify renew lease ID in POST body.
2016-08-08 20:01:25 -04:00
c86fd0353c
urllease_id -> url_lease_id
2016-08-08 18:34:00 -04:00
065da5fd69
Migrate default policy to a const
2016-08-08 18:33:31 -04:00
5a48611a62
Add test for both paths in backend
2016-08-08 18:32:18 -04:00
56b7f595aa
Fix parsing optional URL param
2016-08-08 18:08:25 -04:00
ab71b981ad
Add ability to specify renew lease ID in POST body.
2016-08-08 18:00:44 -04:00
13b7d37a0b
Remove change to naming return values
2016-08-08 17:56:14 -04:00
a583f8a3f8
Use policyutil sanitizing
2016-08-08 17:42:25 -04:00
4f0310ed96
Don't allow root from authentication backends either.
...
We've disabled this in the token store, but it makes no sense to have
that disabled but have it enabled elsewhere. It's the same issue across
all, so simply remove the ability altogether.
2016-08-08 17:32:37 -04:00
796c93a8b0
Add sys/renew to default policy
2016-08-08 17:32:30 -04:00
d7f6218869
Move checking non-assignable policies above the actual token creation
2016-08-08 16:44:29 -04:00
da615642f5
Merge pull request #1687 from hashicorp/token-store-update
...
Minor update to token-store
2016-08-08 10:25:05 -04:00
ac62b18d56
Make `capabilities-self` part of the default policy.
...
Fixes #1695
2016-08-08 10:00:01 -04:00
e783bfe7e1
Minor changes to test cases
2016-08-05 20:22:07 -04:00
5ddd1c7223
Fix broken test case
2016-08-05 20:07:18 -04:00
02911c0e01
full updates based on feedback
2016-08-05 18:57:35 -04:00
52623a2395
test updates based on feedback
2016-08-05 18:56:22 -04:00
405eb0075a
fix an error, tests still broken
2016-08-05 17:58:48 -04:00
82b3d136e6
Don't mark never-expiring root tokens as renewable
2016-08-05 11:15:25 -04:00
68d351c70c
addresses feedback, but tests broken
2016-08-05 10:04:02 -04:00
4b2b5363d4
Switch some errors that ought to be 500 to 500
2016-08-04 09:11:24 -04:00
c626277632
initial commit for minor update to token-store
2016-08-03 14:32:17 -04:00
a7ed50dbc8
coreClusterPath -> coreLocalClusterPath
2016-08-03 09:50:21 -04:00
0b2098de2f
Merge pull request #1681 from hashicorp/disallowed-policies
...
Support disallowed_policies in token roles
2016-08-02 17:32:53 -04:00
e7cb3fd990
Addressed review feedback
2016-08-02 16:53:06 -04:00
4f45910dfc
disallowed_policies doc update
2016-08-02 16:33:22 -04:00
9947b33498
Added tests for disallowed_policies
2016-08-02 15:21:15 -04:00
31b36fe2c2
Use duration helper to allow not specifying duration units
2016-08-02 15:12:45 -04:00
a936914101
Address review feedback and fix existing tests
2016-08-02 14:10:20 -04:00
a0c711d0cf
Added disallowed_policies to token roles
2016-08-02 10:33:50 -04:00
357f2d972f
Add some extra safety checking in accessor listing and update website
...
docs.
2016-08-01 13:12:06 -04:00
6546005487
Fix typo
2016-07-29 23:24:04 -04:00
e606aab6e0
oops, fix createAccessor
2016-07-29 18:23:55 -04:00
23ab63c78e
Add accessor list function to token store
2016-07-29 18:20:38 -04:00
cff7aada7a
Fix invalid input getting marked as internal error
2016-07-28 16:23:11 -04:00
4d9c909ae4
Merge pull request #1650 from hashicorp/request-uuid
...
Added unique identifier to each request. Closes hashicorp/vault#1617
2016-07-27 09:40:48 -04:00
c17534d527
Fix request_id test failures
2016-07-26 18:30:13 -04:00
fb1b032040
fixing id in buildLogicalRequest
2016-07-26 15:50:37 -04:00
c7bcaa5bb6
Merge pull request #1655 from hashicorp/cluster-id
...
Vault cluster name and ID
2016-07-26 14:12:48 -04:00
669bbdfa48
Address review feedback from @jefferai
2016-07-26 14:05:27 -04:00
ad66bd7502
fixes based proper interpretation of comments
2016-07-26 12:20:27 -04:00
a3e6400697
Remove global name/id. Make only cluster name configurable.
2016-07-26 10:01:35 -04:00
a6907769b0
AppRole authentication backend
2016-07-26 09:32:41 -04:00
09d362d973
As it is
2016-07-26 09:18:38 -04:00
c7dabe4def
Storing local and global cluster name/id to storage and returning them in health status
2016-07-26 02:32:42 -04:00
06b1835469
Merge pull request #1649 from hashicorp/internal-policy-block
...
Closes hashicorp/vault#1618
2016-07-25 17:41:48 -04:00
ae8a90be30
adding ids
2016-07-25 16:54:43 -04:00
e26487ced5
Add test for non-assignable policies
2016-07-25 16:00:18 -04:00
8d52a96df5
moving id to http/logical
2016-07-25 15:24:10 -04:00
d2cbe48aaf
Use RFC3339Nano for better precision
2016-07-25 14:11:57 -04:00
eb75afe54d
minor edit for error statement
2016-07-25 13:29:57 -04:00
9ef3d90349
still fixing git mistake
2016-07-25 10:11:51 -04:00
cc668b5c48
Fixing git mistake
2016-07-25 09:57:47 -04:00
7e29cf1cae
edits based on comments in PR
2016-07-25 09:46:10 -04:00
395f052870
minor error correction
2016-07-24 22:35:54 -04:00
9ea1c8b801
initial commit for nonAssignablePolicies
2016-07-24 22:27:41 -04:00
4945198334
reverting branch mistake
2016-07-24 21:56:52 -04:00
483e796177
website update for request uuuid
2016-07-24 21:23:12 -04:00
c63cdc23a1
Merge branch 'master' of https://github.com/hashicorp/vault into request-uuid
2016-07-23 21:47:08 -04:00
e5737b6789
initial local commit
2016-07-23 21:46:28 -04:00
4ab60f36a3
Rename err var to be more clear
2016-07-22 16:57:47 -04:00
331f229858
Added a cap of 256 for CreateLocks utility
2016-07-20 04:48:35 -04:00
50e8a189e9
Added helper to create locks
2016-07-19 21:37:28 -04:00
80a688c059
Ensure mount/auth tables are not nil when triggering rollback
...
During setup or teardown there could be a race condition so check for it
to avoid a potential panic.
2016-07-18 22:02:39 -04:00
df621911d7
Merge pull request #1624 from hashicorp/dynamodb-ha-off-default
...
Turn off DynamoDB HA by default.
2016-07-18 13:54:26 -04:00
028d024345
Add metrics around leadership
...
This can be helpful for detecting flapping.
Fixes #1544
2016-07-18 13:38:44 -04:00
a3ce0dcb0c
Turn off DynamoDB HA by default.
...
The semantics are wonky and have caused issues from people not reading
docs. It can be enabled but by default is off.
2016-07-18 13:19:58 -04:00
c14235b206
Merge branch 'master-oss' into json-use-number
...
Conflicts:
http/handler.go
logical/framework/field_data.go
logical/framework/wal.go
vault/logical_passthrough.go
2016-07-15 19:21:55 -04:00
9f1e6c7b26
Merge pull request #1607 from hashicorp/standardize-time
...
Remove redundant invocations of UTC() call on `time.Time` objects
2016-07-13 10:19:23 -06:00
8269f323d3
Revert 'risky' changes
2016-07-12 16:38:07 -04:00
5b210b2a1f
Return a duration instead and port a few other places to use it
2016-07-11 18:19:35 +00:00
ab6c2bc5e8
Factor out parsing duration second type and use it for parsing tune values too
2016-07-11 17:53:39 +00:00
fcb0b580ab
Fix broken build
2016-07-08 23:16:58 -04:00
55a667b8cd
Fix broken build
2016-07-08 20:30:27 -04:00
dc690d6233
Place error check before the response check in expiration test
2016-07-08 19:01:36 -04:00
e09b40e155
Remove Unix() invocations on 'time.Time' objects and removed conversion of time to UTC
2016-07-08 18:30:18 -04:00
c7d72fea90
Do some extra checking in the modified renewal check
2016-07-08 10:34:49 -04:00
7023eafc67
Make the API client retry on 5xx errors.
...
This should help with transient issues. Full control over min/max delays
and number of retries (and ability to turn off) is provided in the API
and via env vars.
Fix tests.
2016-07-06 16:50:23 -04:00
ad7cb2c8f1
Added JSON Decode and Encode helpers.
...
Changed all the occurances of Unmarshal to use the helpers.
Fixed http/ package tests.
2016-07-06 12:25:40 -04:00
88c7292023
Fix broken test
2016-07-05 12:54:27 -04:00
8ce13b3f68
Add non-wrapped step
2016-07-05 12:11:40 -04:00
b6ca7e9423
Add response wrapping support to login endpoints.
...
Fixes #1587
2016-07-05 11:46:21 -04:00
90c2f5bb55
Fix some more too-tight timing in the token store tests
2016-07-01 11:59:39 -04:00
f3e6e4ee28
Fix timing in explicit max ttl test
2016-07-01 11:37:27 -04:00
09720bbd8e
Fix picking wrong token lock
2016-06-27 11:17:08 -04:00
2933c5ce08
Made default_lease_ttl and max_lease_ttl as int64 and fixed tests
2016-06-20 20:23:49 -04:00
0bdeea3a33
Fix the test cases
2016-06-20 18:56:19 -04:00
848b479a61
Added 'sys/auth/<path>/tune' endpoints.
...
Displaying 'Default TTL' and 'Max TTL' in the output of 'vault auth -methods'
2016-06-15 13:58:24 -04:00
368a17e978
Add some commenting
2016-06-14 05:54:09 +00:00
e925987cb6
Add token accessor to wrap information if one exists
2016-06-13 23:58:17 +00:00
1de6140d5c
Fix mah broken tests
2016-06-10 14:03:56 -04:00
9f6c5bc02a
cubbyhole-response-wrapping -> response-wrapping
2016-06-10 13:48:46 -04:00
e4ce81afa1
Remove unneeded Fields in passthrough
2016-06-09 10:33:24 -04:00
351f536913
Don't check parsability of a `ttl` key on write.
...
On read we already ignore bad values, so we shouldn't be restricting
this on write; doing so alters expected data-in-data-out behavior. In
addition, don't issue a warning if a given `ttl` value can't be parsed,
as this can quickly get annoying if it's on purpose.
The documentation has been updated/clarified to make it clear that this
is optional behavior that doesn't affect the status of the key as POD
and the `lease_duration` returned will otherwise default to the
system/mount defaults.
Fixes #1505
2016-06-08 20:14:36 -04:00
2b4b6559e3
Merge pull request #1504 from hashicorp/token-store-roles-renewability
...
Add renewable flag to token store roles
2016-06-08 15:56:54 -04:00
8a1bff7c11
Make out-of-bounds explicit max a cap+warning instead of an error
2016-06-08 15:25:17 -04:00
cf8f38bd4c
Add renewable flag to token store roles
2016-06-08 15:17:22 -04:00
65d8973864
Add explicit max TTL capability to token creation API
2016-06-08 14:49:48 -04:00
c0155ac02b
Add renewable flag and API setting for token creation
2016-06-08 11:14:30 -04:00
bb1e8ddaa2
Make token renewable status work properly on lookup
2016-06-08 09:19:39 -04:00
10b218d292
Use time.Time which does RFC3339 across the wire to handle time zones. Arguably we should change the API to always do this...
2016-06-07 16:01:09 -04:00
401456ea50
Add creation time to returned wrapped token info
...
This makes it easier to understand the expected lifetime without a
lookup call that uses the single use left on the token.
This also adds a couple of safety checks and for JSON uses int, rather
than int64, for the TTL for the wrapped token.
2016-06-07 15:00:35 -04:00
f8d70b64a0
Show renewable status for tokens in output
2016-06-01 17:30:31 -04:00
9dd4e5ec5b
Merge pull request #1235 from hashicorp/policies-validation
...
Strip out other policies if root is present
2016-06-01 12:08:22 -04:00
4fea41f7e5
Use entry.Type as a criteria for upgrade
2016-06-01 10:30:11 -04:00
875778a2d9
Modify just the type and not the path
2016-05-31 23:19:13 -04:00
1e4834bd20
Remove addDefault param from ParsePolicies
2016-05-31 13:39:58 -04:00
49b4c83580
Adding default policies while creating tokens
2016-05-31 13:39:58 -04:00
55fbfab4fe
Upgrade 'aws' auth table entry to 'aws-ec2'
2016-05-30 18:58:58 -04:00
8d19b4fb53
Add keyring zeroize function and add some more memzero calls in
...
appropriate places. Known to be best-effort, but may help in some cases.
Fixes #1446
2016-05-27 20:47:40 +00:00
1d94828e45
Re-enable rollback triggers for auth backends
2016-05-26 14:29:41 -04:00
644ac5f5e8
Merge pull request #1456 from hashicorp/consul-lease-renewal
...
Fix the consul secret backends renewal revocation problem
2016-05-26 13:59:45 -04:00
a57996ac08
Add to auth/audit too
2016-05-26 13:38:51 -04:00
475b0e2d33
Add table/type checking to mounts table.
2016-05-26 12:55:00 -04:00
c0e745dbfa
s/logical.ErrorResponse/fmt.Errorf in renewal functions of credential backends
2016-05-26 10:21:03 -04:00
70b8530962
Fix the consul secret backends renewal revocation problem
2016-05-25 23:24:16 -04:00
417a56c42b
Disable rollback on auth for now and add workaround for its auth/ adding to entry paths
2016-05-25 17:53:45 -04:00
05b0e0a866
Enable audit-logging of seal and step-down commands.
...
This pulls the logical request building code into its own function so
that it's accessible from other HTTP handlers, then uses that with some
added logic to the Seal() and StepDown() commands to have meaningful
audit log entries.
2016-05-20 17:03:54 +00:00
0da8762bd5
Add unwrap command, and change how the response is embedded (as a string, not an object)
2016-05-19 11:25:15 -04:00
2e6ac4c37a
Remove wrap specs from backend response
2016-05-19 03:06:09 +00:00
c4431a7e30
Address most review feedback. Change responses to multierror to better return more useful values when there are multiple errors
2016-05-16 16:11:33 -04:00
4c67a739b9
Merge branch 'master-oss' into cubbyhole-the-world
2016-05-16 12:14:40 -04:00
60975bf76e
Revert "Remove a few assumptions regarding bash(1) being located in /bin."
2016-05-15 15:22:21 -04:00
f91114fef5
Remove a few assumptions regarding bash(1) being located in /bin.
...
Use sh(1) where appropriate.
2016-05-15 11:41:14 -07:00
792950e16c
Merge pull request #1417 from hashicorp/b-pki-expire-ttl-unset
...
Set entry's TTL before writing out the storage entry's config
2016-05-15 10:02:03 -07:00
7a4b31ce51
Speling police
2016-05-15 09:58:36 -07:00
af4e2feda7
When testing, increase the time we wait for the stepdown to occur.
...
2s -> 5s, no functional change.
2016-05-15 07:30:40 -07:00
53fc941761
Merge pull request #1300 from hashicorp/aws-auth-backend
...
AWS EC2 instances authentication backend
2016-05-14 19:42:03 -04:00
560e9c30a3
Merge branch 'master-oss' into cubbyhole-the-world
2016-05-12 14:59:12 -04:00
99a5213f0b
Merge pull request #1355 from hashicorp/f-vault-service
...
Vault/Consul Service refinement
2016-05-12 11:48:29 -07:00
af222a945a
Fix mount tune bounds checking
2016-05-12 07:22:00 -04:00
ce5614bf9b
Merge branch 'master-oss' into cubbyhole-the-world
2016-05-11 19:29:52 -04:00
6ec1ca05c8
Fix bug around disallowing explicit max greater than sysview max
2016-05-11 18:46:55 -04:00
aecc3ad824
Add explicit maximum TTLs to token store roles.
2016-05-11 16:51:18 -04:00
ddcaf26396
Merge branch 'master-oss' into aws-auth-backend
2016-05-10 14:50:00 -04:00
2295cadbf4
Make WrapInfo a pointer to match secret/auth in response
2016-05-07 19:17:51 -04:00
c5085bc79f
Merge response fix over from mfatw
2016-05-07 16:41:24 -04:00
c52d352332
Merge branch 'master-oss' into cubbyhole-the-world
2016-05-07 16:40:04 -04:00
d77563994c
Merge pull request #1346 from hashicorp/disable-all-caches
...
Disable all caches
2016-05-07 16:33:45 -04:00
3e71221839
Merge remote-tracking branch 'origin/master' into aws-auth-backend
2016-05-05 10:04:52 -04:00
885cc73b2e
Merge branch 'master-oss' into f-vault-service
2016-05-04 17:20:00 -04:00
09f06554cb
Address some review feedback
2016-05-04 16:03:53 -04:00
99a5b4402d
Merge branch 'master-oss' into cubbyhole-the-world
2016-05-04 14:42:14 -04:00
1bc2abecd5
Properly persist auth mount tuning
2016-05-03 14:24:04 -04:00
6f7409bb49
Slightly nicer check for LRU in policy store
2016-05-02 22:36:44 -04:00
fe1f56de40
Make a non-caching but still locking variant of transit for when caches are disabled
2016-05-02 22:36:44 -04:00
8572190b64
Plumb disabling caches through the policy store
2016-05-02 22:36:44 -04:00
1b190c9c62
Don't check if numuses is -1 with a read lock, it shouldn't come in with that from lookup anyways
2016-05-02 15:31:28 -04:00
324bb9cfac
Use a 256-level mutex map instead of 4096, and optimize the case for tokens that are not limited use
2016-05-02 14:57:17 -04:00
642163f8b0
Remove MountPoint from internal wrap object, for now at least
2016-05-02 10:29:51 -04:00
2ebe49d3a1
Change UseToken mechanics.
...
Add locking around UseToken and Lookup. Have UseToken flag an entry that
needs to be revoked so that it can be done at the appropriate time, but
so that Lookup in the interm doesn't return a value.
The locking is a map of 4096 locks keyed off of the first three
characters of the token ID which should provide good distribution.
2016-05-02 03:44:24 -04:00
1ffd5653c6
Add wrap support to API/CLI
2016-05-02 02:03:23 -04:00
aba689a877
Add wrapping through core and change to use TTL instead of Duration.
2016-05-02 00:47:35 -04:00
d81806b446
Add:
...
* Request/Response field extension
* Parsing of header into request object
* Handling of duration/mount point within router
* Tests of router WrapDuration handling
2016-05-02 00:24:32 -04:00
4182d711c3
Merge branch 'master-oss' into aws-auth-backend
2016-04-29 14:23:16 +00:00
81da06de05
Fix fetching parameters in token store when it's optionally in the URL
2016-04-28 15:15:37 -04:00
5068d68a13
Name the output parameters for Leader
2016-04-28 11:05:18 -07:00
0b72906fc3
Change the interface of ServiceDiscovery
...
Instead of passing state, signal that the state has changed and provide a callback handler that can query Core.
2016-04-28 11:05:18 -07:00
4a409ebb81
Fix some rekey testing expected seal type logic
2016-04-28 17:13:03 +00:00
91c41f12d4
minor fix for expected barrier type in rekey test
2016-04-28 16:52:32 +00:00
1027b51d17
Built tag-ify sealtesting
2016-04-28 00:47:44 +00:00
0b8e3457d3
Move TestSeal funcs to sealtesting
2016-04-27 20:59:06 +00:00
9aa8fb6cc1
Support periodic tidy callback and config endpoints.
2016-04-26 10:22:29 -04:00
aeea7628d6
Add a *log.Logger argument to physical.Factory
...
Logging in the backend is a good thing. This is a noisy interface change but should be a functional noop.
2016-04-25 20:10:32 -07:00
7fe0b2c6a1
Persistently retry to update service registration
...
If the local Consul agent is not available while attempting to step down from active or up to active, retry once a second. Allow for concurrent changes to the state with a single registration updater. Fix standby initialization.
2016-04-25 18:01:13 -07:00
230b59f34c
Stub out service discovery functionality
...
Hook asynchronous notifications into Core to change the status of vault based on its active/standby, and sealed/unsealed status.
2016-04-25 18:00:54 -07:00
398ed86d04
Split out TestSeal
2016-04-26 00:14:16 +00:00
98d09b0dc6
Add seal tests and update generate-root and others to handle dualseal.
2016-04-25 19:39:04 +00:00
f293b1bb98
Merge pull request #1328 from hashicorp/sethvargo/path-help
...
Add missing path-helps and clarify subpaths in tables
2016-04-25 13:53:06 -04:00
62058a0ff8
Update tests for change in raw blacklisting
2016-04-19 20:26:26 +00:00
556039344a
There's no good story around accessing any of core via /sys/raw, so blacklist it all
2016-04-19 16:01:15 +00:00
b4620d5d04
Add check against seal type to catch errors before we attempt to use the data
2016-04-15 18:16:48 -04:00
9bc24be343
Move recovery info behind the barrier
2016-04-15 17:04:29 +00:00
119238149b
Add Finalize method to seal.
2016-04-14 20:37:34 +00:00
53773f12e3
Register the token entry's path instead of the request path, to handle role suffixes correctly
2016-04-14 08:08:28 -04:00
ae2d000de4
Make period output nicer -- seconds rather than duration
2016-04-14 06:10:22 -04:00
a4ff72841e
Check for seal status when initing and change logic order to avoid defer
2016-04-14 01:13:59 +00:00
03c09341a4
Add missing path-helps and clarify subpaths in tables
2016-04-13 22:15:54 +01:00
fb07d07ad9
all: Cleanup from running go vet
2016-04-13 14:38:29 -05:00
1db6808912
Construct token path from request to fix displaying TTLs when using
...
create-orphan.
2016-04-07 15:45:38 +00:00
f2880561d1
Ensure we only use sysview's max if it's not zero. It never should be, but safety.
2016-04-07 15:27:14 +00:00
09ad6317ea
Merge pull request #1297 from hashicorp/f-bsd-mlock
...
F bsd mlock
2016-04-06 13:57:34 -07:00
e3a1ee92b5
Utility Enhancements
2016-04-05 20:32:59 -04:00
087e7c94d3
Add Vault support for the *BSDs, including Darwin
...
The `syscall` package has been frozen in favor of `x/sys`. As a result, all of the BSDs are supported and do have `mlockall(2)` support in current versions of Go.
2016-04-05 12:18:19 -07:00
afae46feb7
SealInterface
2016-04-04 10:44:22 -04:00
7d20380c42
Merge pull request #1280 from hashicorp/remove-ts-revoke-prefix
...
Remove auth/token/revoke-prefix in favor of sys/revoke-prefix.
2016-04-01 09:48:52 -04:00
2b2541e13f
Merge pull request #1277 from hashicorp/suprious-revoke-timer-logs
...
Keep the expiration manager from keeping old token entries.
2016-03-31 20:16:31 -04:00
2fd02b8dca
Remove auth/token/revoke-prefix in favor of sys/revoke-prefix.
2016-03-31 18:04:05 -04:00
7442867d53
Check for auth/ in the path of the prefix for revoke-prefix in the token
...
store.
2016-03-31 16:21:56 -04:00
75650ec1ad
Keep the expiration manager from keeping old token entries.
...
The expiration manager would never be poked to remove token entries upon
token revocation, if that revocation was initiated in the token store
itself. It might have been to avoid deadlock, since during revocation of
tokens the expiration manager is called, which then calls back into the
token store, and so on.
This adds a way to skip that last call back into the token store if we
know that we're on the revocation path because we're in the middle of
revoking a token. That way the lease is cleaned up. This both prevents
log entries appearing for already-revoked tokens, and it also releases
timer/memory resources since we're not keeping the leases around.
2016-03-31 15:10:25 -04:00
ddce1efd0d
Two items:
...
1: Fix path check in core to handle renew paths from the token store
that aren't simply renew/
2: Use token policy logic if token store role policies are empty
2016-03-31 14:52:49 -04:00
034ffd8af3
Fix capabilities test case
2016-03-18 12:55:18 -04:00
6831e2a8fd
Sort the capabilities before returning
2016-03-18 12:40:17 -04:00
a6f6cbd95a
Tests for capabilites in system backend
2016-03-18 11:58:06 -04:00
d959ffc301
Rename PrepareRequest to PrepareRequestFunc
2016-03-18 10:37:49 -04:00
fbfe72f286
Removed http/sys_capabilties_test.go
2016-03-18 09:48:45 -04:00
55f03b5d25
Add separate path for capabilities-self to enable ACL
2016-03-17 22:52:03 -04:00
68367f60c8
Fix broken testcases
2016-03-17 21:03:32 -04:00
d348735322
Fix help descriptions
2016-03-17 21:03:32 -04:00
f275cd2e9c
Fixed capabilities API to receive logical response
2016-03-17 21:03:32 -04:00
a5d79d587a
Refactoring the capabilities function
2016-03-17 21:03:32 -04:00
dcb7f00bcc
Move sys/capabilities to logical_system along with business logic from core
2016-03-17 21:03:32 -04:00
2b712bc778
Move capabilities accessor logic to logical_system
2016-03-17 21:03:32 -04:00
7db7b47fdd
Merge pull request #1210 from hashicorp/audit-id-path
...
Rename id to path and path to file_path, print audit backend paths
2016-03-15 20:13:21 -04:00
8a5fc6b017
Sort and filter policies going into the create token entry, then use
...
that as the definitive source for the response Auth object.
2016-03-15 14:05:25 -04:00
3861c88211
Accept params both as part of URL or as part of http body
2016-03-14 19:14:36 -04:00
85a888d588
Enable token to be supplied in the body for lookup call
2016-03-14 18:56:00 -04:00
dd94e8e689
Fix broken test case
2016-03-14 18:44:13 -04:00
71fc07833f
Rename id to path and path to file_path, print audit backend paths
2016-03-14 17:15:07 -04:00
04eb6e79f0
Merge pull request #1200 from hashicorp/sethvargo/hcl_errors
...
Show HCL parsing errors and typos
2016-03-10 22:31:55 -05:00
90dd55b1e6
Sort policies before returning/storing, like we do in handleCreateCommon
2016-03-10 22:31:26 -05:00
8094077cd3
Fix broken test case
2016-03-10 20:06:22 -05:00
378db2bc3c
Add default policy to response auth object
2016-03-10 19:55:38 -05:00
f6adea85ce
Preserve pointer
2016-03-10 15:55:47 -05:00
ad7049eed1
Parse policy HCL syntax and keys
2016-03-10 15:25:25 -05:00
cba947b049
Fix path help description for rekey_backup
2016-03-09 21:04:54 -05:00
fa2ba47a5c
Merge branch 'master' into token-roles
2016-03-09 17:23:34 -05:00
d4371d1393
Add accessor to returned auth
2016-03-09 17:15:42 -05:00
6df72e6efd
Merge pull request #1168 from hashicorp/revoke-force
...
Add forced revocation.
2016-03-09 16:59:52 -05:00
d171931e59
Add unit test for forced revocation
2016-03-09 16:47:58 -05:00
0c4d5960a9
In-URL accessor for auth/token/lookup-accessor endpoint
2016-03-09 14:54:52 -05:00
2528ffbc18
Restore old regex expressions for token endpoints
2016-03-09 14:08:52 -05:00
f478cc57e0
fix all the broken tests
2016-03-09 13:45:36 -05:00
007142262f
Provide accessor to revove-accessor in the URL itself
2016-03-09 13:08:37 -05:00
3b302817e5
Added tests for lookup-accessor and revoke-accessor endpoints
2016-03-09 12:50:26 -05:00
2ecdde1781
Address final feedback
2016-03-09 11:59:54 -05:00
c4a2c5b56e
Added tests for 'sys/capabilities-accessor' endpoint
2016-03-09 11:29:09 -05:00
4785bec59d
Address review feedback
2016-03-09 11:07:13 -05:00
2e07f45bfa
Use role's allowed policies if none are given
2016-03-09 10:42:04 -05:00
926e7513d7
Added docs for /sys/capabilities-accessor
2016-03-09 09:48:32 -05:00
7407c27778
Add docs for new token endpoints
2016-03-09 09:31:09 -05:00
6a992272cd
New prefix for accessor indexes
2016-03-09 09:09:09 -05:00
151c932875
AccessorID --> Accessor, accessor_id --> accessor
2016-03-09 06:23:31 -05:00
913bbe7693
Error text corrections and minor refactoring
2016-03-08 22:27:24 -05:00
62777c9f7e
ErrUserInput --> StatusBadRequest
2016-03-08 21:47:24 -05:00
8117996378
Implemented /sys/capabilities-accessor and a way for setting HTTP error code in all the responses
2016-03-08 19:14:29 -05:00
2737c81b39
Lay the foundation for returning proper HTTP status codes
2016-03-08 18:27:03 -05:00
8c6afea1d0
Implemented /auth/token/revoke-accessor in token_store
2016-03-08 18:07:27 -05:00
a7adab25bc
Implemented lookup-accessor as a token_store endpoint
2016-03-08 17:38:19 -05:00
f19ee68fdb
placeholders for revoke-accessor and lookup-accessor
2016-03-08 15:13:29 -05:00
a7c97fcd18
Clear the accessor index during revocation
2016-03-08 14:06:10 -05:00
c0fb69a8b1
Create indexing from Accessor ID to Token ID
2016-03-08 14:06:10 -05:00
301776012f
Introduced AccessorID in TokenEntry and returning it along with token
2016-03-08 14:06:10 -05:00
be1163c64a
Merge pull request #1171 from hashicorp/capabilities-endpoint
...
Capabilities endpoint
2016-03-08 13:12:09 -05:00
419598ede2
Warn on error when in force revoke mode
2016-03-08 11:05:46 -05:00
08c40c9bba
Introduced ErrUserInput to distinguish user error from server error
2016-03-07 22:16:09 -05:00
3b463c2d4e
use errwrap to check the type of error message, fix typos
2016-03-07 18:36:26 -05:00
6b0f79f499
Address review feedback
2016-03-07 10:07:04 -05:00
cc1f5207b3
Merge branch 'master' into token-roles
2016-03-07 10:03:54 -05:00
aab24113b0
test cases for capabilities endpoint
2016-03-05 00:03:55 -05:00
9946a2d8b5
refactoring changes due to acl.Capabilities
2016-03-04 18:55:48 -05:00
402444c002
review rework 2
2016-03-04 18:08:13 -05:00
2f5e65ae24
review rework
2016-03-04 15:35:58 -05:00
35e71f3ebc
Place the response nil check before resp.IsError()
2016-03-04 15:13:04 -05:00
86dca39141
Fix testcase
2016-03-04 15:03:01 -05:00
da9152169b
changed response of expiration manager's renewtoken to logical.response
2016-03-04 14:56:51 -05:00
9217c49184
Adding acl.Capabilities to do the path matching
2016-03-04 12:04:26 -05:00
7fe871e60a
Removing the 'Message' field
2016-03-04 10:36:03 -05:00
b67ab8ab7c
Test files for capabilities endpoint
2016-03-04 10:36:03 -05:00
816f1f8631
self review rework
2016-03-04 10:36:03 -05:00
286e63a648
Handled root token use case
2016-03-04 10:36:03 -05:00
5b1100a84f
remove changes from token_store.go
2016-03-04 10:36:03 -05:00
abfbc74bd4
Remove capabilities changes from logical_system.go
2016-03-04 10:36:03 -05:00
f1fd5247ad
Add vault/capabilities.go
2016-03-04 10:36:02 -05:00
5749a6718c
Added sys/capabililties endpoint
2016-03-04 10:36:02 -05:00
a03ecb64ce
Merge pull request #1172 from hashicorp/sanitize-mount-paths
...
Create a unified function to sanitize mount paths.
2016-03-03 13:46:38 -05:00
7394f97439
Fix out-of-date comment
2016-03-03 13:37:51 -05:00
0d46fb4696
Create a unified function to sanitize mount paths.
...
This allows mount paths to start with '/' in addition to ensuring they
end in '/' before leaving the system backend.
2016-03-03 13:13:47 -05:00
3e7bca82a1
Merge pull request #1146 from hashicorp/step-down
...
Provide 'sys/step-down' and 'vault step-down'
2016-03-03 12:30:08 -05:00
9bf6c40974
Add default case for if the step down channel is blocked
2016-03-03 12:29:30 -05:00
9717ca5931
Strip leading paths in policies.
...
It appears to be a common mistake, but they won't ever match.
Fixes #1167
2016-03-03 11:32:48 -05:00
62f1b3f91c
Remove unneeded sleeps in test code
2016-03-03 11:09:27 -05:00
41dba5dd5d
Move descriptions into const block
2016-03-03 11:04:05 -05:00
cd86226845
Add forced revocation.
...
In some situations, it can be impossible to revoke leases (for instance,
if someone has gone and manually removed users created by Vault). This
can not only cause Vault to cycle trying to revoke them, but it also
prevents mounts from being unmounted, leaving them in a tainted state
where the only operations allowed are to revoke (or rollback), which
will never successfully complete.
This adds a new endpoint that works similarly to `revoke-prefix` but
ignores errors coming from a backend upon revocation (it does not ignore
errors coming from within the expiration manager, such as errors
accessing the data store). This can be used to force Vault to abandon
leases.
Like `revoke-prefix`, this is a very sensitive operation and requires
`sudo`. It is implemented as a separate endpoint, rather than an
argument to `revoke-prefix`, to ensure that control can be delegated
appropriately, as even most administrators should not normally have
this privilege.
Fixes #1135
2016-03-03 10:13:59 -05:00
9c47b8c0a7
Remove sys_policy from special handling as it's implemented in
...
logical_system too. Clean up the mux handlers.
2016-03-02 14:16:54 -05:00
7c5f810bc0
Address first round of feedback
2016-03-01 15:30:37 -05:00
8a500e0181
Add command and token store documentation for roles
2016-03-01 13:02:40 -05:00
54232eb980
Add other token role unit tests and some minor other changes.
2016-03-01 12:41:41 -05:00
df2e337e4c
Update tests to add expected role parameters
2016-03-01 12:41:40 -05:00
b8b59560dc
Add token role CRUD tests
2016-03-01 12:41:40 -05:00
ef990a3681
Initial work on token roles
2016-03-01 12:41:40 -05:00
b5a8e5d724
Fix commenting
2016-02-29 20:29:04 -05:00
6a980b88fd
Address review feedback
2016-02-28 21:51:50 -05:00
11ddd2290b
Provide 'sys/step-down' and 'vault step-down'
...
This endpoint causes the node it's hit to step down from active duty.
It's a noop if the node isn't active or not running in HA mode. The node
will wait one second before attempting to reacquire the lock, to give
other nodes a chance to grab it.
Fixes #1093
2016-02-26 19:43:55 -05:00
4c87c101f7
Fix tests
2016-02-26 16:44:35 -05:00
bc4710eb06
Cert: renewal enhancements
2016-02-24 14:31:38 -05:00
fff201014d
Merge pull request #1021 from hashicorp/vault-seal-1006
...
Sealing vault in standby mode
2016-02-03 15:22:16 -05:00
eeea9710b6
Generalized the error message and updated doc
2016-02-03 15:06:18 -05:00
63d63e8dbc
Oops, we needed that, but for a different reason than the comment said. So put the test back but fix the comment
2016-02-03 14:05:29 -05:00
fd4283b430
Remove some unneeded copied logic from passthrough in cubbyhole
2016-02-03 13:57:34 -05:00
1394555a4d
Add listing of cubbyhole's root to the default policy.
...
This allows `vault list cubbyhole` to behave as expected rather than
requiring `vault list cubbyhole/`. It could be special cased in logic,
but it also serves as a model for the same behavior in e.g. `generic`
mounts where special casing is not possible due to unforeseen mount
paths.
2016-02-03 13:50:47 -05:00
f5fbd12ac3
Test for seal on standby node
2016-02-03 12:28:01 -05:00
a10888f1f1
Added comments to changes the error message
2016-02-03 11:35:47 -05:00
f1facb0f9f
Throw error on sealing vault in standby mode
2016-02-03 10:58:33 -05:00
ff3adce39e
Make "ttl" reflect the actual TTL of the token in lookup calls.
...
Add a new value "creation_ttl" which holds the value at creation time.
Fixes #986
2016-02-01 11:16:32 -05:00
d3a705f17b
Make backends much more consistent:
...
1) Use the new LeaseExtend
2) Use default values controlled by mount tuning/system defaults instead
of a random hard coded value
3) Remove grace periods
2016-01-29 20:03:37 -05:00
dcf844027b
Show entry path in log, not internal view path
2016-01-28 12:34:49 -05:00
8b9fa042fe
If the path is not correct, don't fail due to existence check, fail due to unsupported path
2016-01-23 14:05:09 -05:00
12c00b97ef
Allow backends to see taint status.
...
This can be seen via System(). In the PKI backend, if the CA is
reconfigured but not fully (e.g. an intermediate CSR is generated but no
corresponding cert set) and there are already leases (issued certs), the
CRL is unable to be built. As a result revocation fails. But in this
case we don't actually need revocation to be successful since the CRL is
useless after unmounting. By checking taint status we know if we can
simply fast-path out of revocation with a success in this case.
Fixes #946
2016-01-22 17:01:22 -05:00
9cac7ccd0f
Add some commenting
2016-01-22 10:13:49 -05:00
3955604d3e
Address more list feedback
2016-01-22 10:07:32 -05:00
eb847f4e36
Error out if trying to write to a directory path
2016-01-22 10:07:32 -05:00
be1b4c8a46
Only allow listing on folders and enforce this. Also remove string sorting from Consul backend as it's not a requirement and other backends don't do it.
2016-01-22 10:07:32 -05:00
e412ac8461
Remove bare option, prevent writes ending in slash, and return an exact file match as "."
2016-01-22 10:07:32 -05:00
455931873a
Address some review feedback
2016-01-22 10:07:32 -05:00
5341cb69cc
Updates and documentation
2016-01-22 10:07:32 -05:00
b2bde47b01
Pull out setting the root token ID; use the new ParseUUID method in
...
go-uuid instead, and revoke if there is an error.
2016-01-19 19:44:33 -05:00
7a59af7d18
Fix lost code after rebase
2016-01-19 19:19:07 -05:00
973c888833
RootGeneration->GenerateRoot
2016-01-19 18:28:10 -05:00
3b994dbc7f
Add the ability to generate root tokens via unseal keys.
2016-01-19 18:28:10 -05:00
1ac2faa136
Implement existence check for cubbyhole
2016-01-16 19:35:11 -05:00
b830e29449
Use capabilities rather than policies in default policy. Also add cubbyhole to it.
2016-01-16 18:02:31 -05:00
9857da207c
Move rekey to its own files for cleanliness
2016-01-14 17:01:04 -05:00
9c5ad28632
Update deps, and adjust usage of go-uuid to match new return values
2016-01-13 13:40:08 -05:00
f9bbe0fb04
Use logical operations instead of strings for comparison
2016-01-12 21:16:31 -05:00
d949043cac
Merge pull request #914 from hashicorp/acl-rework
...
More granular ACL capabilities
2016-01-12 21:11:52 -05:00
4253299dfe
Store uint32s in radix
2016-01-12 17:24:01 -05:00
e58705b34c
Cleanup
2016-01-12 17:10:48 -05:00
87fba5dad0
Convert map to bitmap
2016-01-12 17:08:10 -05:00
da87d490eb
Add some commenting around create/update
2016-01-12 15:13:54 -05:00
9db22dcfad
Address some more review feedback
2016-01-12 15:09:16 -05:00
ce5bd64244
Clean up HelpOperation
2016-01-12 14:34:49 -05:00
a99787afeb
Don't allow a policy with no name, even though it is a valid slice member
2016-01-08 21:23:40 -05:00
f6d2271a3c
Use an array of keys so that if the same fingerprint is used none are lost when using PGP key backup
2016-01-08 14:29:23 -05:00
4f4ddbf017
Create more granular ACL capabilities.
...
This commit splits ACL policies into more fine-grained capabilities.
This both drastically simplifies the checking code and makes it possible
to support needed workflows that are not possible with the previous
method. It is backwards compatible; policies containing a "policy"
string are simply converted to a set of capabilities matching previous
behavior.
Fixes #724 (and others).
2016-01-08 13:05:14 -05:00
f3ce90164f
WriteOperation -> UpdateOperation
2016-01-08 13:03:03 -05:00
2412c078ac
Also convert policy store cache to 2q.
...
Ping #908
2016-01-07 09:26:08 -05:00
85509e7ba5
Simplify some logic and ensure that if key share backup fails, we fail
...
the operation as well.
Ping #907
2016-01-06 13:14:23 -05:00
a094eedce2
Add rekey nonce/backup.
2016-01-06 09:54:35 -05:00
d51d723c1f
Use int64 for converting time values, not int (will be float64 in JSON anyways, so no need to lose precision, plus could hit a 32-bit max in some edge cases)
2016-01-04 17:11:22 -05:00
e990b77d6e
Address review feedback; move storage of these values to the expiration manager
2016-01-04 16:43:07 -05:00
5ddd243144
Store a last renewal time in the token entry and return it upon lookup
...
of the token.
Fixes #889
2016-01-04 11:20:49 -05:00
df68e3bd4c
Filter out duplicate policies during token creation.
2015-12-30 15:18:30 -05:00
96cb7d0051
Commenting/format update
2015-12-18 10:34:54 -05:00
4482fdacfd
If we have not yet completed post-unseal when running in single-node
...
mode, don't advertise that we are active.
Ping #872
2015-12-17 13:48:08 -05:00
f2da5b639f
Migrate 'uuid' to 'go-uuid' to better fit HC naming convention
2015-12-16 12:56:20 -05:00
b2a0b48a2e
Add test to ensure the right backend was used with separate HA
2015-12-14 20:48:22 -05:00
7ce8aff906
Address review feedback
2015-12-14 17:58:30 -05:00
ced0835574
Allow separate HA physical backend.
...
With no separate backend specified, HA will be attempted on the normal
physical backend.
Fixes #395 .
2015-12-14 07:59:58 -05:00
900b3d8882
Return 400 instead of 500 if generic backend is written to without data.
...
Fixes #825
2015-12-09 10:39:22 -05:00
1c7157e632
Reintroduce the ability to look up obfuscated values in the audit log
...
with a new endpoint '/sys/audit-hash', which returns the given input
string hashed with the given audit backend's hash function and salt
(currently, always HMAC-SHA256 and a backend-specific salt).
In the process of adding the HTTP handler, this also removes the custom
HTTP handlers for the other audit endpoints, which were simply
forwarding to the logical system backend. This means that the various
audit functions will now redirect correctly from a standby to master.
(Tests all pass.)
Fixes #784
2015-11-18 20:26:03 -05:00
bece637eb7
Address feedback from review
2015-11-15 17:32:57 -05:00
bc4c18a1cf
Rearchitect MountTable locking and fix rollback.
...
The rollback manager was using a saved MountTable rather than the
current table, causing it to attempt to rollback unmounted mounts, and
never rollback new mounts.
In fixing this, it became clear that bad things could happen to the
mount table...the table itself could be locked, but the table pointer
(which is what the rollback manager needs) could be modified at any time
without locking. This commit therefore also returns locking to a mutex
outside the table instead of inside, and plumbs RLock/RUnlock through to
the various places that are reading the table but not holding a write
lock.
Both unit tests and race detection pass.
Fixes #771
2015-11-11 11:54:52 -05:00
1a45696208
Add no-default-policy flag and API parameter to allow exclusion of the
...
default policy from a token create command.
2015-11-09 17:30:50 -05:00
d6693129de
Create a "default" policy with sensible rules.
...
It is forced to be included with each token, but can be changed (but not
deleted).
Fixes #732
2015-11-09 15:44:09 -05:00
1a621b7000
Minor test fix
2015-11-09 15:37:30 -05:00
8673f36b34
Don't require root tokens for mount and policy endpoints.
2015-11-09 15:29:21 -05:00
5783f547ab
Display whether a token is an orphan on lookup.
2015-11-09 13:19:59 -05:00
7aa3faa626
Rename core's 'policy' to 'policyStore' for clarification
2015-11-06 12:07:42 -05:00
7d8371c4a3
Remove warning about nonexistent root policy by using GetPolicy instead
...
of the listing function.
2015-11-06 11:36:40 -05:00
395d6bead4
Fix removing secondary index from exp manager.
...
Due to a typo, revoking ensures that index entries are created rather
than removed. This adds a failing, then fixed test case (and helper
function) to ensure that index entries are properly removed on revoke.
Fixes #749
2015-11-04 10:50:31 -05:00
6ccded7a2f
Add ability to create orphan tokens from the API
2015-11-03 15:12:21 -05:00
a9db12670a
errwrap -> go-multierror + errwrap
2015-11-02 13:29:33 -05:00
7e9918ec8e
Run preSeal if postUnseal fails.
...
This also ensures that every error path out of postUnseal returns an
error.
Fixes #733
2015-11-02 13:29:33 -05:00
1899bd8ef0
Merge pull request #730 from hashicorp/issue-713
...
Write HMAC-SHA256'd client token to audited requests
2015-10-30 13:36:22 -04:00
94b7be702b
Return data on a token with one use left if there is no Lease ID
...
Fixes #615
2015-10-30 12:35:42 -04:00
636d57a026
Make the token store's Create and RootToken functions non-exported.
...
Nothing requires them to be exported, and I don't want anything in the
future to think it's okay to simply create a root token when it likes.
2015-10-30 10:59:26 -04:00
cf4b88c196
Write HMAC-SHA256'd client token to audited requests
...
Fixes #713
2015-10-29 13:26:18 -04:00
85d4dd6a1d
Check TTL provided to generic backend on write
...
If existing entries have unparseable TTLs, return the value plus a
warning, rather than an error.
Fixes #718
2015-10-29 11:05:21 -04:00
c1d8b97342
Add reset support to the unseal command.
...
Reset clears the provided unseal keys, allowing the process to be begun
again. Includes documentation and unit test changes.
Fixes #695
2015-10-28 15:59:39 -04:00
fffcfc668b
Fixed comment spelling mistake and removed unnecessary variable allocation
2015-10-15 14:51:30 -04:00
78b5fcdf51
Serialize changing the state of the expiration manager pointer and
...
calling emitMetrics from its own goroutine.
Fixes #694
2015-10-12 16:33:54 -04:00
ed6ce1c53e
Fix a logic bug around setting both a mount default and max at the same time. Ping #688 .
2015-10-12 14:57:43 -04:00
a9155ef85e
Use split-out hashicorp/uuid
2015-10-12 14:07:12 -04:00
5fbaa0e64d
Apply mount-tune properties to the token authentication backend.
...
Fixes #688 .
2015-10-09 20:26:39 -04:00
e02517ae42
Rename tune functions
2015-10-09 20:00:17 -04:00
b5d674d94e
Add 301 redirect checking to the API client.
...
Vault doesn't generate these, but in some cases Go's internal HTTP
handler does. For instance, during a mount-tune command, finishing the
mount path with / (as in secret/) would cause the final URL path to
contain .../mounts/secret//tune. The double slash would trigger this
behavior in Go's handler and generate a 301. Since Vault generates 307s,
this would cause the client to think that everything was okay when in
fact nothing had happened.
2015-10-09 17:11:31 -04:00
bd1dce7f95
Address review feedback for #684
2015-10-08 14:34:10 -04:00
d58a3b601c
Add a cleanLeaderPrefix function to clean up stale leader entries in core/leader
...
Fixes #679 .
2015-10-08 14:04:58 -04:00
d740fd4a6a
Add the ability for warnings to be added to responses. These are
...
marshalled into JSON or displayed from the CLI depending on the output
mode. This allows conferring information such as "no such policy exists"
when creating a token -- not an error, but something the user should be
aware of.
Fixes #676
2015-10-07 16:18:39 -04:00
50b9129e65
Normalize policy names to lowercase on write. They are not currently
...
normalized when reading or deleting, for backwards compatibility.
Ping #676 .
2015-10-07 13:52:21 -04:00
4a52de13e3
Add renew-self endpoint.
...
Fixes #455 .
2015-10-07 12:49:13 -04:00
3c914f7fa8
Add revocation/renewal functions in all cases in the generic backend.
...
Fixes #673 .
2015-10-07 11:42:23 -04:00
21644751ed
Fix the key rotation upgrade check error message
2015-10-05 18:23:32 -04:00
145aee229e
Merge branch 'master' of https://github.com/hashicorp/vault
2015-10-03 00:07:34 -04:00
8f27c250d6
Fix problematic logging statements.
...
Fixes #665 .
2015-10-02 18:31:46 -07:00
3dd84446ab
Github backend: enable auth renewals
2015-10-02 13:33:19 -04:00
ca50012017
Format token lease/TTL as int in JSON API when looking up
2015-09-27 22:36:36 -04:00
6ef455af89
Fix warnings returned by `make vet`
...
$GOPATH/src/github.com/hashicorp/vault/vault/policy.go:69: unreachable code
$GOPATH/src/github.com/hashicorp/vault/vault/policy_store_test.go:139: github.com/hashicorp/vault/logical.StorageEntry composite literal uses unkeyed fields
2015-09-26 21:17:39 -07:00
62ac518ae7
Switch per-mount values to strings going in and seconds coming out, like other commands. Indicate deprecation of 'lease' in the token backend.
2015-09-25 10:41:21 -04:00
c694c7d31d
Fix situation where a new required singleton backend would not be activated upon upgrade.
2015-09-21 17:54:36 -04:00
81e535dc2d
Minor updates to passthrough and additional tests
2015-09-21 16:57:41 -04:00
47e8c0070a
Don't use leases on the generic backend...with a caveat.
...
You can now turn on and off the lease behavior in the generic backend by
using one of two factories. Core uses the normal one if it's not already
set, so unit tests can use the custom one and all stay working.
This also adds logic into core to check, when the response is coming
from a generic backend, whether that backend has leases enabled. This
adds some slight overhead.
2015-09-21 16:37:37 -04:00
d526c8ce1c
Merge pull request #629 from hashicorp/token-create-sudo
...
TokenStore: Provide access based on sudo permissions and not policy name
2015-09-21 10:12:29 -04:00
1a01ab3608
Take ClientToken instead of Policies
2015-09-21 10:04:03 -04:00
ab7d35b95e
Fix up per-backend timing logic; also fix error in TypeDurationSecond in
...
GetOkErr.
2015-09-21 09:55:03 -04:00
3b51ee1c48
Using core's logger
2015-09-19 19:01:36 -04:00
02485e7175
Abstraced SudoPrivilege to take list of policies
2015-09-19 18:23:44 -04:00
a2799b235e
Using acl.RootPrivilege and rewrote mockTokenStore
2015-09-19 17:53:24 -04:00
c5ddfbc391
Bump AESGCM version; include path in the GCM tags.
2015-09-19 17:04:37 -04:00
b6d47dd784
fix broken tests
2015-09-19 12:33:52 -04:00
68c268a6f0
Allow tuning of auth mounts, to set per-mount default/max lease times
2015-09-19 11:50:50 -04:00
c8a0eda224
Use hmac-sha256 for protecting secrets in audit entries
2015-09-19 11:29:31 -04:00
fb77ec3623
TokenStore: Provide access based on sudo permissions and not policy name
2015-09-19 11:14:51 -04:00
5dde76fa1c
Expand HMAC support in Salt; require an identifier be passed in to specify type but allow generation with and without. Add a StaticSalt ID for testing functions. Fix bugs; unit tests pass.
2015-09-18 17:38:30 -04:00
b655f6b858
Add HMAC capability to salt. Pass a salt into audit backends. Require it for audit.Hash.
2015-09-18 17:38:22 -04:00
d775445efe
Store token creation time and TTL. This can be used to properly populate
...
fields in 'lookup-self'. Importantly, this also makes credential
backends use the SystemView per-backend TTL values and fixes unit tests
to expect this.
Fully fixes #527
2015-09-18 16:39:35 -04:00
8f79e8be82
Add revoke-self endpoint.
...
Fixes #620 .
2015-09-17 13:22:30 -04:00
047ba90a44
Restrict orphan revocation to root tokens
2015-09-16 09:22:15 -04:00
e7d5a18e94
Directly pass the cubbyhole backend to the token store and bypass logic in router
2015-09-15 13:50:37 -04:00
849b78daee
Move more cubby logic outside of router into auth setup
2015-09-15 13:50:37 -04:00
bdb8cf128d
Cleanup; remove everything but double-salting from the router and give
...
the token store cubby backend information for direct calling.
2015-09-15 13:50:37 -04:00
b50f7ec1b5
Remove noop checks in unmount/remount and restore previous behavior
2015-09-15 13:50:37 -04:00
77e7379ab5
Implement the cubbyhole backend
...
In order to implement this efficiently, I have introduced the concept of
"singleton" backends -- currently, 'sys' and 'cubbyhole'. There isn't
much reason to allow sys to be mounted at multiple places, and there
isn't much reason you'd need multiple per-token storage areas. By
restricting it to just one, I can store that particular mount instead of
iterating through them in order to call the appropriate revoke function.
Additionally, because revocation on the backend needs to be triggered by
the token store, the token store's salt is kept in the router and
client tokens going to the cubbyhole backend are double-salted by the
router. This allows the token store to drive when revocation happens
using its salted tokens.
2015-09-15 13:50:37 -04:00
104b29ab04
Rename View to StorageView to make it more distinct from SystemView
2015-09-15 13:50:37 -04:00
699e12a1c6
When there is one use left and a Secret is being returned, instead
...
return a descriptive error indicating that the Secret cannot be returned
because when the token was revoked the secret was too. This prevents
confusion where credentials come back but cannot be used.
Fixes #615
2015-09-14 11:07:27 -04:00
142cb563a6
Improve documentation of token renewal
2015-09-11 21:08:32 -04:00
d3aec0ba31
Cleanup routines should now use routeEntry instead of mountEntry.
2015-09-11 13:40:31 +03:00
fb07cf9f53
Implement clean up routine to backend as some backends may require
...
e.g closing database connections on unmount to avoud connection
stacking.
2015-09-11 11:45:58 +03:00
39cfcccdac
Remove error returns from sysview TTL calls
2015-09-10 15:09:54 -04:00
65ceb3439d
Be consistent as both are the same pointer here
2015-09-10 15:09:54 -04:00
5de736e69c
Implement shallow cloning to allow MountEntry pointers to stay consistent when spread across router/core/system views
2015-09-10 15:09:54 -04:00
ace611d56d
Address items from feedback. Make MountConfig use values rather than
...
pointers and change how config is read to compensate.
2015-09-10 15:09:54 -04:00
c460ff10ca
Push a lot of logic into Router to make a bunch of it nicer and enable a
...
lot of cleanup. Plumb config and calls to framework.Backend.Setup() into
logical_system and elsewhere, including tests.
2015-09-10 15:09:54 -04:00
eff1c331ad
Add more unit tests against backend TTLs, and fix two bugs found by them
...
(yay unit tests!)
2015-09-10 15:09:54 -04:00
86ccae7bd5
Fix mount config test by proxying mounts/ in addition to mounts
2015-09-10 15:09:54 -04:00
775dfe38a2
A couple bug fixes + most unit tests
2015-09-10 15:09:54 -04:00
488d33c70a
Rejig how dynamic values are represented in system view and location of some functions in various packages; create mount-tune command and API analogues; update documentation
2015-09-10 15:09:54 -04:00
4239f9d243
Add DynamicSystemView. This uses a pointer to a pointer to always have
...
up-to-date information. This allows remount to be implemented with the
same source and dest, allowing mount options to be changed on the fly.
If/when Vault gains the ability to HUP its configuration, this should
just work for the global values as well.
Need specific unit tests for this functionality.
2015-09-10 15:09:54 -04:00
d435048d9e
Switch StaticSystemView values to pointers, to support updating
2015-09-10 15:09:54 -04:00
696d0c7b1d
Plumb per-mount config options through API
2015-09-10 15:09:53 -04:00
893d2d9b00
Minor cleanup of MountConfig
2015-09-10 15:09:53 -04:00
17c60d3e78
Add logic to core to fetch a SystemView for a given mount entry and use those values for default/max TTL. The SystemView will reflect system defaults if not set for that mount.
2015-09-10 15:09:53 -04:00
98d0d23d70
Ensure token store is available when looking up token
2015-09-01 08:21:47 -04:00
b74fa8c888
Make DefaultSystemView StaticSystemView with statically-configured information. Export this from Framework to make it easy to override for testing.
2015-08-27 11:25:07 -07:00
7c2bbe4c7f
Use a SystemView interface and turn SystemConfig into DefaultSystemView
2015-08-27 10:36:44 -07:00
e58553e7d5
Plumb the system configuration information up into framework
2015-08-27 09:41:03 -07:00
992e357d07
Add some plumbing to allow specified system configuration information to
...
be retrieved by logical backends. First implemented is default/max TTL.
2015-08-27 08:51:35 -07:00
3f45f3f41b
Rename config lease_duration parameters to lease_ttl in line with current standardization efforts
2015-08-27 07:50:24 -07:00
cc232e6f79
Address comments from review.
2015-08-25 15:33:58 -07:00
c887df93cc
Add support for pgp-keys argument to rekey, as well as tests, plus
...
refactor common bits out of init.
2015-08-25 14:52:13 -07:00
f57e7892e7
Don't store the given public keys in the seal config
2015-08-25 14:52:13 -07:00
2f3e245b0b
Add support for "pgp-tokens" parameters to init.
...
There are thorough unit tests that read the returned
encrypted tokens, seal the vault, and unseal it
again to ensure all works as expected.
2015-08-25 14:52:13 -07:00
ea9fbb90bc
Rejig Lease terminology internally; also, put a few JSON names back to their original values
2015-08-20 22:27:01 -07:00
93ef9a54bd
Internally refactor Lease/LeaseGracePeriod into TTL/GracePeriod
2015-08-20 18:00:51 -07:00
0fa783f850
Update help text for TTL values in generic backend
2015-08-20 17:59:30 -07:00
b57ce8e5c2
Change "lease" parameter in the generic backend to be "ttl" to reduce confusion. "lease" is now deprecated but will remain valid until 0.4.
...
Fixes #528 .
2015-08-20 16:41:25 -07:00
15f57082e0
Begin factoring out sys paths into logical routes. Also, standardize on 307 as redirect code.
2015-08-20 13:20:35 -07:00
46d06144a8
Merge pull request #552 from hashicorp/fix-uselimit-decrement
...
Fix #461 properly by defering potential revocation of a token until a…
2015-08-20 10:39:24 -07:00
db79dd8c22
Don't defer revocation when sealing, and clear out response/auth if there is a token use error
2015-08-20 10:37:42 -07:00
0e8e3660ff
Fix #461 properly by defering potential revocation of a token until after the request is fully handled.
2015-08-20 10:14:13 -07:00
1f5062a6e1
Merge branch 'master' of https://github.com/hashicorp/vault into vishalvault
2015-08-19 12:16:37 -07:00
fe8c1c514d
Add -no-verify option to CLI auth command, to avoid decrementing the token use count during auth.
2015-08-18 19:22:17 -07:00
9324db7979
Vault SSH: verify echo test
2015-08-18 16:48:50 -07:00
688df0be6d
See if this clears build error
2015-08-13 13:17:09 -04:00
93dfa67039
Merging changes from master
2015-08-12 09:28:16 -07:00
323b49f03d
Fix #392 by giving a more specific error
2015-08-11 20:18:52 -04:00
4da080e769
This adds a new error class which can be used by logical backends to
...
specify more concrete error cases to make their way back up the stack.
Over time there is probably a cleaner way of doing this, but that's
looking like a more massive rewrite and this solves some issues in
the meantime.
Use a CodedError to return a more concrete HTTP return code for
operations you want to do so. Returning a regular error leaves
the existing behavior in place.
2015-08-10 13:27:25 -04:00
e5080a7f32
Merging with master
2015-08-06 18:44:40 -04:00
151ec72d00
Add configuration options for default lease duration and max lease duration.
2015-07-30 09:42:49 -04:00
27e66e175f
Merge branch 'master' of https://github.com/hashicorp/vault into vishalvault
2015-07-17 17:22:17 -04:00
ef770e371a
vault: guard against potentially missing keyring
2015-07-13 18:18:22 +10:00
ed258f80c6
Vault SSH: Refactoring and fixes
2015-07-10 18:44:31 -06:00
89a0e37a89
Vault SSH: Backend and CLI testing
2015-07-10 16:18:02 -06:00
2901890df2
Merge branch 'master' of https://github.com/hashicorp/vault into vishalvault
2015-07-10 09:56:21 -06:00
3c7dd8611c
Vault SSH: Test case skeleton
2015-07-10 09:56:14 -06:00
7ecd8f05d1
nomad: fixing issue with keyring upgrade
2015-07-07 16:02:49 -06:00
03be7a5999
vault: upgrade old policies with implicit glob
2015-07-05 19:14:15 -06:00
3d2fa8818e
vault: adding another ACL test
2015-07-05 17:34:34 -06:00
dc8cc308af
vault: fixing test with glob change
2015-07-05 17:31:41 -06:00
05b3fa836e
vault: Handle exact vs glob match, deny has highest precedence
2015-07-05 17:31:30 -06:00
eda88c18ff
vault: Adding precedence logic for conflicting policy
2015-07-05 17:30:19 -06:00
27d01270c8
vault: look for glob character in policy
2015-07-05 14:58:38 -07:00
541014e315
logical: remove SetLogger method
2015-06-30 17:39:39 -07:00
41b72a4d39
vault: provide view to backend initializer for setup
2015-06-30 17:30:43 -07:00
579c1433a2
vault: use helper/salt library to share code
2015-06-30 14:08:21 -07:00
8bc99f8c23
helper/uuid: single generateUUID definition
2015-06-30 12:38:32 -07:00
3bc388f30d
Merge pull request #366 from nbrownus/http_responses
...
Better http responses
2015-06-29 15:31:45 -07:00
496ebe561c
vault: cleanups for the audit log changes
2015-06-29 15:27:28 -07:00
add8e1a3fd
Fixing merge conflict
2015-06-29 15:19:04 -07:00
deeb611ab2
vault: handle a panic while generating audit output
2015-06-29 15:11:35 -07:00
a0be7af858
Fixing key-status if audit logging is on
2015-06-24 10:57:05 -07:00
94e89537a1
Fixing tests
2015-06-19 14:04:32 -07:00
31ab086063
Doing a little better with http response codes
2015-06-19 14:00:48 -07:00
91611a32c9
Fixing tests
2015-06-18 20:14:20 -07:00
b667ef4c71
Collapsing audit response logging to a single point
2015-06-18 19:48:26 -07:00
4ec685dc1a
Logging authentication errors and bad token usage
2015-06-18 18:30:18 -07:00
c55f103c58
Adding error and remote_address to audit log lines
2015-06-18 17:17:18 -07:00
e2b0f5dae8
vault: improve lease error message. Fixes #338
2015-06-18 15:37:08 -07:00
dbf6cf6e6d
vault: support core shutdown
2015-06-17 18:23:59 -07:00
ffeb6ea76c
vault: allow increment to be duration string. Fixes #340
2015-06-17 15:58:20 -07:00
5c75a6c5c7
vault: ensure token renew does not double register
2015-06-17 15:22:50 -07:00
ae421f75b7
vault: fixing issues with token renewal
2015-06-17 14:28:13 -07:00
a0cf8f1793
vault: attempt to resolve #303
2015-06-02 22:55:18 +02:00
0f933df76e
vault: fixing a typo
2015-06-02 16:04:05 +02:00
daffef08db
vault: reload master key before keyring
2015-05-29 14:30:03 -07:00
f6729b29f8
vault: adding ability to reload master key
2015-05-29 14:29:55 -07:00
716f8d9979
core: adding tests for HA rekey and rotate
2015-05-29 12:16:34 -07:00
4f5fde039f
vault: all rekey commands should fail as standby
2015-05-29 11:52:37 -07:00
5aaad32af8
vault: ensure upgrades are cleaned up
2015-05-28 16:52:06 -07:00
db0afc9ebe
vault: move upgrade logic out of core
2015-05-28 16:43:44 -07:00
4eb5c63a5d
vault: create upgrade path in HA mode
2015-05-28 16:43:15 -07:00
67ed0a3c16
vault: moving upgrade path into barrier
2015-05-28 16:42:32 -07:00
82ef0b1ac7
vault: handle read of key upgrades
2015-05-28 16:11:31 -07:00
796ae59a89
vault: support keyring reload
2015-05-28 16:09:15 -07:00
2e86fa62d5
vault: adding barrier AddKey
2015-05-28 15:52:26 -07:00
c095861a02
keyring: Add key serialization
2015-05-28 15:49:52 -07:00
c60970e743
vault: prevent rekey on standby
2015-05-28 15:26:35 -07:00
01e890653c
vault: more logging
2015-05-28 14:15:06 -07:00
0877160754
vault: minor rekey cleanups
2015-05-28 12:07:52 -07:00
c5352d14a4
vault: testing rekey
2015-05-28 12:02:30 -07:00
361c722c5c
vault: first pass at rekey
2015-05-28 11:40:01 -07:00
5aed043ea5
vault: ensure master key is copied to avoid memzero issues
2015-05-28 11:38:59 -07:00
4e3f0cddcf
vault: Adding VerifyMaster to Barrier
2015-05-28 11:28:33 -07:00
9f399eb9ff
vault: prevent raw access to protected paths
2015-05-28 10:24:41 -07:00
1a4256c20c
vault: more logging around rotate
2015-05-27 17:56:55 -07:00
d0b93a6164
vault: adding sys/key-status and sys/rotate
2015-05-27 17:53:42 -07:00
26cff2f42f
vault: expose information about keys
2015-05-27 17:25:36 -07:00
3e717907cd
vault: testing barrier rekey
2015-05-27 17:17:03 -07:00
b93feb8a6b
vault: first pass at rekey
2015-05-27 17:13:40 -07:00
9e39fec4a5
vault: testing key rotation
2015-05-27 17:10:08 -07:00
ead96e8c99
vault: first pass at key rotation
2015-05-27 17:05:02 -07:00
3d800fe7be
vault: keyring api changes
2015-05-27 17:04:46 -07:00
490bece0a0
vault: make keyring immutable
2015-05-27 16:58:55 -07:00
28560a612f
vault: test for backwards compatability
2015-05-27 16:42:42 -07:00
e8e9103300
vault: share keyring persistence code
2015-05-27 16:29:59 -07:00
0e9136d14c
vault: first pass at keyring integration
2015-05-27 16:01:25 -07:00
50dc6a471e
vault: adding path for keyring
2015-05-27 15:23:43 -07:00
8c2a767f4f
vault: Adding version to key entry
2015-05-27 15:23:31 -07:00
1903518202
vault: Ensure we always set a key InstallTime
2015-05-27 14:37:40 -07:00
ef2f71e17f
vault: Adding InstallTime to key in keyring
2015-05-27 14:37:40 -07:00
57c763a3fa
vault: Adding keyring
2015-05-27 14:37:40 -07:00
70b3b37ffb
vault: rename key epoch to term for clarity
2015-05-27 14:37:39 -07:00
daa5b9c1b5
vault: physical -> storage for clarity
2015-05-27 14:33:58 -07:00
8ee5aebb3c
vault: testing raw responses
2015-05-27 14:19:12 -07:00
ba7bfed1af
vault: Expose MountPoint to secret backend. Fixes #248
2015-05-27 11:46:42 -07:00
d15eed47ad
vault: reproducing GH-203
2015-05-15 17:48:03 -07:00
3bcd32228d
vault: lease renewal should not create new lease entry
2015-05-15 17:47:39 -07:00
18795a4b26
vault: Adding test based on bug report
2015-05-15 17:19:41 -07:00
0b84e86483
vault: Adding more logging
2015-05-15 17:19:32 -07:00
8f4ddfd904
vault: adding test for e33a904
2015-05-11 11:16:21 -07:00
843d9e6484
vault: verify login endpoint never returns a secret
2015-05-09 11:51:58 -07:00
13ab31f4b5
vault: ensure InternalData is never returned from the core
2015-05-09 11:47:46 -07:00
c849aba53a
vault: Adding InternalData to Auth
2015-05-09 11:39:54 -07:00
c7496772d4
vault: defer barrier initialization until as late as possible
2015-05-08 11:06:39 -07:00
a6eef6bba3
vault: Guard against an invalid seal config
2015-05-08 11:05:31 -07:00
3500535db3
vault: fix detection of missing trailing slash. Fixes #157
2015-05-07 12:18:50 -07:00
727e0e90cd
vault: validate advertise addr is valid URL [GH-106]
2015-05-02 13:28:33 -07:00
c3a793ccdf
Lowercase again
2015-04-30 14:27:32 -04:00
57a7a41a42
Add test that ensure keylength check is working
...
Not likely to fail, but if it did would result in complete failure, so
probably good to have a test for it.
2015-04-30 13:12:47 -05:00
2de4965598
Use lowercase
2015-04-30 13:37:47 -04:00
ea0c41aa81
Add test to verify unique encrypted values
...
It wasn't immediately clear that the proper random seeding was taking
place. This ensures that the same plaintext encrypted twice does not
result in the same ciphertext. It will also be a good test to keep
around incase of future regressions.
2015-04-30 12:15:41 -05:00
f17d65507f
Use UTC in tests
2015-04-28 22:18:00 -04:00
95c8001388
Disable mlock in tests
2015-04-28 22:18:00 -04:00
eef1a10e8e
vault: fix more test race conditions
2015-04-28 19:17:45 -07:00
e80111502b
vault: way more verbose error if mlock fails [GH-59]
2015-04-28 18:56:16 -07:00
b5f8f3b05a
vault: add helper/mlock for doing mlock
2015-04-28 14:59:43 -07:00
2e55c3de68
vault: ability to toggle mlock on core
2015-04-27 16:40:14 -07:00
a2bd832519
vault: token create should return various metadata for logging
2015-04-25 20:21:35 -07:00
vishalnayak