Jeff Mitchell
b6ca7e9423
Add response wrapping support to login endpoints.
...
Fixes #1587
2016-07-05 11:46:21 -04:00
Jeff Mitchell
90c2f5bb55
Fix some more too-tight timing in the token store tests
2016-07-01 11:59:39 -04:00
Jeff Mitchell
f3e6e4ee28
Fix timing in explicit max ttl test
2016-07-01 11:37:27 -04:00
Jeff Mitchell
09720bbd8e
Fix picking wrong token lock
2016-06-27 11:17:08 -04:00
vishalnayak
2933c5ce08
Made default_lease_ttl and max_lease_ttl as int64 and fixed tests
2016-06-20 20:23:49 -04:00
vishalnayak
0bdeea3a33
Fix the test cases
2016-06-20 18:56:19 -04:00
vishalnayak
848b479a61
Added 'sys/auth/<path>/tune' endpoints.
...
Displaying 'Default TTL' and 'Max TTL' in the output of 'vault auth -methods'
2016-06-15 13:58:24 -04:00
Jeff Mitchell
368a17e978
Add some commenting
2016-06-14 05:54:09 +00:00
Jeff Mitchell
e925987cb6
Add token accessor to wrap information if one exists
2016-06-13 23:58:17 +00:00
Jeff Mitchell
1de6140d5c
Fix mah broken tests
2016-06-10 14:03:56 -04:00
Jeff Mitchell
9f6c5bc02a
cubbyhole-response-wrapping -> response-wrapping
2016-06-10 13:48:46 -04:00
Jeff Mitchell
e4ce81afa1
Remove unneeded Fields in passthrough
2016-06-09 10:33:24 -04:00
Jeff Mitchell
351f536913
Don't check parsability of a ttl
key on write.
...
On read we already ignore bad values, so we shouldn't be restricting
this on write; doing so alters expected data-in-data-out behavior. In
addition, don't issue a warning if a given `ttl` value can't be parsed,
as this can quickly get annoying if it's on purpose.
The documentation has been updated/clarified to make it clear that this
is optional behavior that doesn't affect the status of the key as POD
and the `lease_duration` returned will otherwise default to the
system/mount defaults.
Fixes #1505
2016-06-08 20:14:36 -04:00
Jeff Mitchell
2b4b6559e3
Merge pull request #1504 from hashicorp/token-store-roles-renewability
...
Add renewable flag to token store roles
2016-06-08 15:56:54 -04:00
Jeff Mitchell
8a1bff7c11
Make out-of-bounds explicit max a cap+warning instead of an error
2016-06-08 15:25:17 -04:00
Jeff Mitchell
cf8f38bd4c
Add renewable flag to token store roles
2016-06-08 15:17:22 -04:00
Jeff Mitchell
65d8973864
Add explicit max TTL capability to token creation API
2016-06-08 14:49:48 -04:00
Jeff Mitchell
c0155ac02b
Add renewable flag and API setting for token creation
2016-06-08 11:14:30 -04:00
Jeff Mitchell
bb1e8ddaa2
Make token renewable status work properly on lookup
2016-06-08 09:19:39 -04:00
Jeff Mitchell
10b218d292
Use time.Time which does RFC3339 across the wire to handle time zones. Arguably we should change the API to always do this...
2016-06-07 16:01:09 -04:00
Jeff Mitchell
401456ea50
Add creation time to returned wrapped token info
...
This makes it easier to understand the expected lifetime without a
lookup call that uses the single use left on the token.
This also adds a couple of safety checks and for JSON uses int, rather
than int64, for the TTL for the wrapped token.
2016-06-07 15:00:35 -04:00
Jeff Mitchell
f8d70b64a0
Show renewable status for tokens in output
2016-06-01 17:30:31 -04:00
Vishal Nayak
9dd4e5ec5b
Merge pull request #1235 from hashicorp/policies-validation
...
Strip out other policies if root is present
2016-06-01 12:08:22 -04:00
vishalnayak
4fea41f7e5
Use entry.Type as a criteria for upgrade
2016-06-01 10:30:11 -04:00
vishalnayak
875778a2d9
Modify just the type and not the path
2016-05-31 23:19:13 -04:00
vishalnayak
1e4834bd20
Remove addDefault param from ParsePolicies
2016-05-31 13:39:58 -04:00
vishalnayak
49b4c83580
Adding default policies while creating tokens
2016-05-31 13:39:58 -04:00
vishalnayak
55fbfab4fe
Upgrade 'aws' auth table entry to 'aws-ec2'
2016-05-30 18:58:58 -04:00
Jeff Mitchell
8d19b4fb53
Add keyring zeroize function and add some more memzero calls in
...
appropriate places. Known to be best-effort, but may help in some cases.
Fixes #1446
2016-05-27 20:47:40 +00:00
vishalnayak
1d94828e45
Re-enable rollback triggers for auth backends
2016-05-26 14:29:41 -04:00
Vishal Nayak
644ac5f5e8
Merge pull request #1456 from hashicorp/consul-lease-renewal
...
Fix the consul secret backends renewal revocation problem
2016-05-26 13:59:45 -04:00
Jeff Mitchell
a57996ac08
Add to auth/audit too
2016-05-26 13:38:51 -04:00
Jeff Mitchell
475b0e2d33
Add table/type checking to mounts table.
2016-05-26 12:55:00 -04:00
vishalnayak
c0e745dbfa
s/logical.ErrorResponse/fmt.Errorf in renewal functions of credential backends
2016-05-26 10:21:03 -04:00
vishalnayak
70b8530962
Fix the consul secret backends renewal revocation problem
2016-05-25 23:24:16 -04:00
Jeff Mitchell
417a56c42b
Disable rollback on auth for now and add workaround for its auth/ adding to entry paths
2016-05-25 17:53:45 -04:00
Jeff Mitchell
05b0e0a866
Enable audit-logging of seal and step-down commands.
...
This pulls the logical request building code into its own function so
that it's accessible from other HTTP handlers, then uses that with some
added logic to the Seal() and StepDown() commands to have meaningful
audit log entries.
2016-05-20 17:03:54 +00:00
Jeff Mitchell
0da8762bd5
Add unwrap command, and change how the response is embedded (as a string, not an object)
2016-05-19 11:25:15 -04:00
Jeff Mitchell
2e6ac4c37a
Remove wrap specs from backend response
2016-05-19 03:06:09 +00:00
Jeff Mitchell
c4431a7e30
Address most review feedback. Change responses to multierror to better return more useful values when there are multiple errors
2016-05-16 16:11:33 -04:00
Jeff Mitchell
4c67a739b9
Merge branch 'master-oss' into cubbyhole-the-world
2016-05-16 12:14:40 -04:00
Jeff Mitchell
60975bf76e
Revert "Remove a few assumptions regarding bash(1) being located in /bin."
2016-05-15 15:22:21 -04:00
Sean Chittenden
f91114fef5
Remove a few assumptions regarding bash(1) being located in /bin.
...
Use sh(1) where appropriate.
2016-05-15 11:41:14 -07:00
Sean Chittenden
792950e16c
Merge pull request #1417 from hashicorp/b-pki-expire-ttl-unset
...
Set entry's TTL before writing out the storage entry's config
2016-05-15 10:02:03 -07:00
Sean Chittenden
7a4b31ce51
Speling police
2016-05-15 09:58:36 -07:00
Sean Chittenden
af4e2feda7
When testing, increase the time we wait for the stepdown to occur.
...
2s -> 5s, no functional change.
2016-05-15 07:30:40 -07:00
Vishal Nayak
53fc941761
Merge pull request #1300 from hashicorp/aws-auth-backend
...
AWS EC2 instances authentication backend
2016-05-14 19:42:03 -04:00
Jeff Mitchell
560e9c30a3
Merge branch 'master-oss' into cubbyhole-the-world
2016-05-12 14:59:12 -04:00
Sean Chittenden
99a5213f0b
Merge pull request #1355 from hashicorp/f-vault-service
...
Vault/Consul Service refinement
2016-05-12 11:48:29 -07:00
vishalnayak
af222a945a
Fix mount tune bounds checking
2016-05-12 07:22:00 -04:00