Commit graph

76 commits

Author SHA1 Message Date
Jeff Mitchell aecc3ad824 Add explicit maximum TTLs to token store roles. 2016-05-11 16:51:18 -04:00
Jeff Mitchell 81da06de05 Fix fetching parameters in token store when it's optionally in the URL 2016-04-28 15:15:37 -04:00
Jeff Mitchell 53773f12e3 Register the token entry's path instead of the request path, to handle role suffixes correctly 2016-04-14 08:08:28 -04:00
Jeff Mitchell 1db6808912 Construct token path from request to fix displaying TTLs when using
create-orphan.
2016-04-07 15:45:38 +00:00
Jeff Mitchell 2fd02b8dca Remove auth/token/revoke-prefix in favor of sys/revoke-prefix. 2016-03-31 18:04:05 -04:00
Jeff Mitchell 7442867d53 Check for auth/ in the path of the prefix for revoke-prefix in the token
store.
2016-03-31 16:21:56 -04:00
Jeff Mitchell fa2ba47a5c Merge branch 'master' into token-roles 2016-03-09 17:23:34 -05:00
vishalnayak 0c4d5960a9 In-URL accessor for auth/token/lookup-accessor endpoint 2016-03-09 14:54:52 -05:00
vishalnayak f478cc57e0 fix all the broken tests 2016-03-09 13:45:36 -05:00
vishalnayak 007142262f Provide accessor to revove-accessor in the URL itself 2016-03-09 13:08:37 -05:00
vishalnayak 3b302817e5 Added tests for lookup-accessor and revoke-accessor endpoints 2016-03-09 12:50:26 -05:00
Jeff Mitchell 2ecdde1781 Address final feedback 2016-03-09 11:59:54 -05:00
Jeff Mitchell 7c5f810bc0 Address first round of feedback 2016-03-01 15:30:37 -05:00
Jeff Mitchell 54232eb980 Add other token role unit tests and some minor other changes. 2016-03-01 12:41:41 -05:00
Jeff Mitchell df2e337e4c Update tests to add expected role parameters 2016-03-01 12:41:40 -05:00
Jeff Mitchell b8b59560dc Add token role CRUD tests 2016-03-01 12:41:40 -05:00
Jeff Mitchell ff3adce39e Make "ttl" reflect the actual TTL of the token in lookup calls.
Add a new value "creation_ttl" which holds the value at creation time.

Fixes #986
2016-02-01 11:16:32 -05:00
Jeff Mitchell b2bde47b01 Pull out setting the root token ID; use the new ParseUUID method in
go-uuid instead, and revoke if there is an error.
2016-01-19 19:44:33 -05:00
Jeff Mitchell 3b994dbc7f Add the ability to generate root tokens via unseal keys. 2016-01-19 18:28:10 -05:00
Jeff Mitchell 9c5ad28632 Update deps, and adjust usage of go-uuid to match new return values 2016-01-13 13:40:08 -05:00
Jeff Mitchell f3ce90164f WriteOperation -> UpdateOperation 2016-01-08 13:03:03 -05:00
Jeff Mitchell d51d723c1f Use int64 for converting time values, not int (will be float64 in JSON anyways, so no need to lose precision, plus could hit a 32-bit max in some edge cases) 2016-01-04 17:11:22 -05:00
Jeff Mitchell e990b77d6e Address review feedback; move storage of these values to the expiration manager 2016-01-04 16:43:07 -05:00
Jeff Mitchell 5ddd243144 Store a last renewal time in the token entry and return it upon lookup
of the token.

Fixes #889
2016-01-04 11:20:49 -05:00
Jeff Mitchell df68e3bd4c Filter out duplicate policies during token creation. 2015-12-30 15:18:30 -05:00
Jeff Mitchell f2da5b639f Migrate 'uuid' to 'go-uuid' to better fit HC naming convention 2015-12-16 12:56:20 -05:00
Jeff Mitchell 1a45696208 Add no-default-policy flag and API parameter to allow exclusion of the
default policy from a token create command.
2015-11-09 17:30:50 -05:00
Jeff Mitchell 5783f547ab Display whether a token is an orphan on lookup. 2015-11-09 13:19:59 -05:00
Jeff Mitchell 6ccded7a2f Add ability to create orphan tokens from the API 2015-11-03 15:12:21 -05:00
Jeff Mitchell 636d57a026 Make the token store's Create and RootToken functions non-exported.
Nothing requires them to be exported, and I don't want anything in the
future to think it's okay to simply create a root token when it likes.
2015-10-30 10:59:26 -04:00
Jeff Mitchell a9155ef85e Use split-out hashicorp/uuid 2015-10-12 14:07:12 -04:00
Jeff Mitchell 4a52de13e3 Add renew-self endpoint.
Fixes #455.
2015-10-07 12:49:13 -04:00
Jeff Mitchell ca50012017 Format token lease/TTL as int in JSON API when looking up 2015-09-27 22:36:36 -04:00
Jeff Mitchell 62ac518ae7 Switch per-mount values to strings going in and seconds coming out, like other commands. Indicate deprecation of 'lease' in the token backend. 2015-09-25 10:41:21 -04:00
Vishal Nayak d526c8ce1c Merge pull request #629 from hashicorp/token-create-sudo
TokenStore: Provide access based on sudo permissions and not policy name
2015-09-21 10:12:29 -04:00
vishalnayak a2799b235e Using acl.RootPrivilege and rewrote mockTokenStore 2015-09-19 17:53:24 -04:00
vishalnayak b6d47dd784 fix broken tests 2015-09-19 12:33:52 -04:00
Jeff Mitchell d775445efe Store token creation time and TTL. This can be used to properly populate
fields in 'lookup-self'. Importantly, this also makes credential
backends use the SystemView per-backend TTL values and fixes unit tests
to expect this.

Fully fixes #527
2015-09-18 16:39:35 -04:00
Jeff Mitchell 8f79e8be82 Add revoke-self endpoint.
Fixes #620.
2015-09-17 13:22:30 -04:00
Jeff Mitchell 047ba90a44 Restrict orphan revocation to root tokens 2015-09-16 09:22:15 -04:00
Jeff Mitchell c460ff10ca Push a lot of logic into Router to make a bunch of it nicer and enable a
lot of cleanup. Plumb config and calls to framework.Backend.Setup() into
logical_system and elsewhere, including tests.
2015-09-10 15:09:54 -04:00
Jeff Mitchell 93ef9a54bd Internally refactor Lease/LeaseGracePeriod into TTL/GracePeriod 2015-08-20 18:00:51 -07:00
Armon Dadgar ffeb6ea76c vault: allow increment to be duration string. Fixes #340 2015-06-17 15:58:20 -07:00
Armon Dadgar ae421f75b7 vault: fixing issues with token renewal 2015-06-17 14:28:13 -07:00
Armon Dadgar 538c795f9b vault: Adding method to consume a limited use token 2015-04-17 11:51:04 -07:00
Armon Dadgar fd3948d476 vault: Tokens can have a use count specified 2015-04-17 11:34:25 -07:00
Armon Dadgar 818ce0a045 vault: token store allows specifying display_name 2015-04-15 14:24:07 -07:00
Mitchell Hashimoto 5eff7f1b57 vault: upper bound on test 2015-04-10 21:22:17 -07:00
Mitchell Hashimoto 992028e23e vault: the expiration time should be relative to the issue time 2015-04-10 21:21:06 -07:00
Armon Dadgar a6d974c74e vault: revoking a token should revoke all secrets it has generated 2015-04-10 15:12:04 -07:00