luxolus/open-vault
2
0
Fork 0
Code Issues 1 Pull requests Releases Activity
7999 commits 1 branch 0 tags 214 MiB
Commit graph

347 commits

Author SHA1 Message Date
Jeff Mitchell 65f664be47 Make compile 2017-10-23 17:41:44 -04:00
Jeff Mitchell a25dae82dd Final sync 2017-10-23 17:39:21 -04:00
Vishal Nayak f7ed6732a5 Porting identity store (#3419) 
* porting identity to OSS

* changes that glue things together

* add testing bits

* wrapped entity id

* fix mount error

* some more changes to core

* fix storagepacker tests

* fix some more tests

* fix mount tests

* fix http mount tests

* audit changes for identity

* remove upgrade structs on the oss side

* added go-memdb to vendor
 2017-10-11 10:21:20 -07:00
Chris Hoffman fad5544fa0 only inject data into top level for existing sys/ paths (#3426) 2017-10-05 11:17:50 -04:00
Chris Hoffman 1029ad3b33 Rename "generic" secret backend to "kv" (#3292) 2017-09-15 09:02:29 -04:00
Jeff Mitchell dae06d9a0e Simplify a lot of the mount tuning code (#3285) 2017-09-05 10:57:25 -04:00
Brian Kassouf a8d9426d9f Update locking components from DR replication changes (#3283) 
* Update locking components from DR replication changes

* Fix plugin backend test

* Add a comment about needing the statelock:
 2017-09-04 19:38:37 -04:00
Jeff Mitchell 691d00149a Fix exporting stdAllowedHeaders 2017-08-07 15:02:08 -04:00
Aaron Salvo ad1d74cae0 Set allowed headers via API instead of defaulting to wildcard. (#3023) 2017-08-07 10:03:30 -04:00
Jeff Mitchell fdaaaadee2 Migrate physical backends into separate packages (#3106) 2017-08-03 13:24:27 -04:00
Calvin Leung Huang db9d9e6415 Store original request path in WrapInfo (#3100) 
* Store original request path in WrapInfo as CreationPath

* Add wrapping_token_creation_path to CLI output

* Add CreationPath to AuditResponseWrapInfo

* Fix tests

* Add and fix tests, update API docs with new sample responses
 2017-08-02 18:28:58 -04:00
Jeff Mitchell d0f329e124 Add leader cluster address to status/leader output. (#3061) 
* Add leader cluster address to status/leader output. This helps in
identifying a particular node when all share the same redirect address.

Fixes #3042
 2017-07-31 18:25:27 -04:00
Jeff Mitchell 1bfc6d4fe7 Add a -dev-three-node option for devs. (#3081) 2017-07-31 11:28:06 -04:00
Lars Lehtonen 5ee98b9b6e Fix swallowed errors in http package. (#2972) 2017-07-05 09:35:57 -04:00
Jeff Mitchell 753b68fa1b Port TestCluster changes from proxy branch 2017-07-03 14:54:01 -04:00
Jeff Mitchell d169918465 Create and persist human-friendly-ish mount accessors (#2918) 2017-06-26 18:14:36 +01:00
Jeff Mitchell 4936a83310 Fix lease lookup returning properties at top level (#2902) 2017-06-21 16:12:09 +01:00
Jeff Mitchell 069764ea8f Add option to have dev mode generic backend return leases 2017-06-21 10:42:50 -04:00
Chris Hoffman 7e7d766e21 Exclude /sys/leases/renew from registering with expiration manager (#2891) 
* exclude /sys/leases/renew from registering with expiration manager

* adding sys/leases/renew to return full secret object, adding tests to catch renew errors
 2017-06-20 12:34:00 -04:00
Jeff Mitchell 5817a8a5f8 Return error on bad CORS and add Header specification to API request primitive 2017-06-19 18:20:44 -04:00
Aaron Salvo 0303f51b68 Cors headers (#2021) 2017-06-17 00:04:55 -04:00
vishalnayak 7550b79ce8 Fix policy tests 2017-06-01 17:22:34 -04:00
Jeff Mitchell 435f1def27 Have step-down request forward. 
Unlike seal, this command has no meaning other than on the active node,
so when issuing it the expected behavior would be for whichever node is
currently active to step down.
 2017-05-25 11:57:59 -04:00
Jeff Mitchell 0d4e7fba69 Remove non-gRPC request forwarding 2017-05-24 09:34:59 -04:00
emily aa40d2cff6 add gofmt checks to Vault and format existing code (#2745) 2017-05-19 08:34:17 -04:00
Jeff Mitchell f01b413d8d Make path-help request forward (#2677) 2017-05-04 16:58:50 -04:00
Chris Hoffman 3d9cf89ad6 Add the ability to view and list of leases metadata (#2650) 2017-05-03 22:03:42 -04:00
Jeff Mitchell cd73714ff9 Fix error message grammar 2017-03-14 17:10:43 -04:00
Vishal Nayak 5a6193a56e Audit: Add token's use count to audit response (#2437) 
* audit: Added token_num_uses to audit response

* Fixed jsonx tests

* Revert logical auth to NumUses instead of TokenNumUses

* s/TokenNumUses/NumUses

* Audit: Add num uses to audit requests as well

* Added RemainingUses to distinguish NumUses in audit requests
 2017-03-08 17:36:50 -05:00
Jeff Mitchell f03d500808 Add option to disable caching per-backend. (#2455) 2017-03-08 09:20:09 -05:00
Jeff Mitchell 5119b173c4 Rename helper 'duration' to 'parseutil'. (#2449) 
Add a ParseBool function that accepts various kinds of ways of
specifying booleans.

Have config use ParseBool for UI and disabling mlock/cache.
 2017-03-07 11:21:22 -05:00
Jeff Mitchell 2cc0906b33 Fix breakage for HTTP2 support due to changes in wrapping introduced in 1.8 (#2412) 2017-02-27 12:49:35 -05:00
Jeff Mitchell 4ec5937e2d Move http-using API tests into http package 2017-02-24 14:23:21 -05:00
Jeff Mitchell 496420a5ab Make cubbyhole local instead of replicated. (#2397) 
This doesn't really change behavior, just what it looks like in the UX.
However, it does make tests more complicated. Most were fixed by adding
a sorting function, which is generally useful anyways.
 2017-02-18 13:51:05 -05:00
Jeff Mitchell 62e8d0b359 Internally append trailing slash for all LIST operations. (#2390) 
Fixes #2385
 2017-02-16 23:23:32 -05:00
Jeff Mitchell 0c39b613c8 Port some replication bits to OSS (#2386) 2017-02-16 15:15:02 -05:00
Brian Kassouf 6701ba8a10 Configure the request headers that are output to the audit log (#2321) 
* Add /sys/config/audited-headers endpoint for configuring the headers that will be audited

* Remove some debug lines

* Add a persistant layer and refactor a bit

* update the api endpoints to be more restful

* Add comments and clean up a few functions

* Remove unneeded hash structure functionaility

* Fix existing tests

* Add tests

* Add test for Applying the header config

* Add Benchmark for the ApplyConfig method

* ResetTimer on the benchmark:

* Update the headers comment

* Add test for audit broker

* Use hyphens instead of camel case

* Add size paramater to the allocation of the result map

* Fix the tests for the audit broker

* PR feedback

* update the path and permissions on config/* paths

* Add docs file

* Fix TestSystemBackend_RootPaths test
 2017-02-02 11:49:20 -08:00
Vishal Nayak fa7d61baa3 Merge pull request #2202 from fcantournet/fix_govet_fatalf 
all: test: Fix govet warnings
 2017-01-17 16:45:35 -05:00
Jeff Mitchell 69eb5066dd Multi value test seal (#2281) 2017-01-17 15:43:10 -05:00
Jeff Mitchell dd0e44ca10 Add nonce to unseal to allow seeing if the operation has reset (#2276) 2017-01-17 11:47:06 -05:00
vishalnayak ba180a8e2b rekey: pgp keys input validation 2017-01-12 00:05:41 -05:00
vishalnayak adb6ac749f init: pgp-keys input validations 2017-01-11 23:32:38 -05:00
Jeff Mitchell 3129187dc2 JWT wrapping tokens (#2172) 2017-01-04 16:44:03 -05:00
Félix Cantournet 103b7ceab2 all: test: Fix govet warnings 
Fix calls to t.Fatal() with formatting.
Fixed some calls to Fatalf() with wrong formatting
 2016-12-21 19:44:07 +01:00
Vishal Nayak e3f56f375c Add 'no-store' response header from all the API outlets (#2183) 2016-12-15 17:53:07 -05:00
Jeff Mitchell f6a84cb84e Don't unilaterally fail with internal status error when help fails, use the given response. Fixes #2153. 2016-12-02 11:22:13 -05:00
Thomas Soëte c29e5c8bad Use 'http.MaxBytesReader' to limit request size (#2131) 
Fix 'connection reset by peer' error introduced by 300b72e
 2016-12-01 10:59:00 -08:00
Armon Dadgar 57ad75071c http: increase request limit from 8MB to 32MB 2016-11-17 12:15:37 -08:00
Armon Dadgar c8dadb46ec http: limit maximum request size 2016-11-17 12:06:43 -08:00
Jeff Mitchell 97ca3292a4 Set number of pester retries to zero by default and make seal command… (#2093) 
* Set number of pester retries to zero by default and make seal command return 403 if unauthorized instead of 500

* Fix build

* Use 403 instead and update test

* Change another 500 to 403
 2016-11-16 14:08:09 -05:00
Vishal Nayak b3c805e662 Audit the client token accessors (#2037) 2016-10-29 17:01:49 -04:00
vishalnayak 6d1e1a3ba5 Pulled out transit's lock manager and policy structs into a helper 2016-10-26 19:52:31 -04:00
Jeff Mitchell 5657789627 Audit unwrapped response (#1950) 2016-09-29 12:03:47 -07:00
Jeff Mitchell b45a481365 Wrapping enhancements (#1927) 2016-09-28 21:01:28 -07:00
Jeff Mitchell f0203741ff Change default TTL from 30 to 32 to accommodate monthly operations (#1942) 2016-09-28 18:32:49 -04:00
Jeff Mitchell 6bf871995b Don't use time.Time in responses. (#1912) 
This fixes #1911 but not directly; it doesn't address the cause of the
panic. However, it turns out that this is the correct fix anyways,
because it ensures that the value being logged is RFC3339 format, which
is what the time turns into in JSON but not the normal time string
value, so what we audit log (and HMAC) matches what we are returning.
 2016-09-23 12:32:07 -04:00
Jeff Mitchell 722e26f27a Add support for PGP encrypting the initial root token. (#1883) 2016-09-13 18:42:24 -04:00
Jeff Mitchell 5b79e5c115 Redirect rekey operation from standby to master (#1868) 2016-09-13 11:59:12 -04:00
Jeff Mitchell 7ba006acd9 Remove too-verbose log 2016-09-04 07:43:54 -04:00
Jeff Mitchell 1c6f2fd82b Add response wrapping to list operations (#1814) 2016-09-02 01:13:14 -04:00
vishalnayak 9c78c58948 Remove the string 'Vault' from version information 2016-09-01 14:54:04 -04:00
Jeff Mitchell 7e41d5ab45 Pass headers back when request forwarding (#1795) 2016-08-26 17:53:47 -04:00
Jeff Mitchell 1dbc06029d Remove outdated comment. 2016-08-24 14:16:02 -04:00
Jeff Mitchell b89073f7e6 Error when an invalid (as opposed to incorrect) unseal key is given. (#1782) 
Fixes #1777
 2016-08-24 14:15:25 -04:00
Jeff Mitchell 58b32e5432 Convert to logxi 2016-08-21 18:13:37 -04:00
Jeff Mitchell bdcfe05517 Clustering enhancements (#1747) 2016-08-19 11:03:53 -04:00
Jeff Mitchell c349e697f5 Change uninit/sealed status codes from health endpoint 2016-08-18 12:10:23 -04:00
Jeff Mitchell 5c33356d14 Protobuf for forwarding (#1743) 2016-08-17 16:15:15 -04:00
Jeff Mitchell 62c69f8e19 Provide base64 keys in addition to hex encoded. (#1734) 
* Provide base64 keys in addition to hex encoded.

Accept these at unseal/rekey time.

Also fix a bug where backup would not be honored when doing a rekey with
no operation currently ongoing.
 2016-08-15 16:01:15 -04:00
Jeff Mitchell 37320f8798 Request forwarding (#1721) 
Add request forwarding.
 2016-08-15 09:42:42 -04:00
Jeff Mitchell bcb4ab5422 Add periodic support for root/sudo tokens to auth/token/create 2016-08-12 21:14:12 -04:00
vishalnayak 3895ea4c2b Address review feedback from @jefferai 2016-08-10 15:22:12 -04:00
vishalnayak 95f9c62523 Fix Cluster object being returned as nil when unsealed 2016-08-10 15:09:16 -04:00
Jeff Mitchell 5a1ca832af Merge pull request #1699 from hashicorp/dataonly 
Return sys values in top level normal api.Secret
 2016-08-09 07:17:02 -04:00
Jeff Mitchell 5771a539a5 Add HTTP test for renew and fix muxing 2016-08-08 20:01:08 -04:00
Jeff Mitchell ab71b981ad Add ability to specify renew lease ID in POST body. 2016-08-08 18:00:44 -04:00
Jeff Mitchell 3c2aae215c Fix tests and update mapstructure 2016-08-08 16:00:31 -04:00
Jeff Mitchell 3e6b48cca3 Initial dataonly work. 2016-08-08 11:55:24 -04:00
Jeff Mitchell 82b3d136e6 Don't mark never-expiring root tokens as renewable 2016-08-05 11:15:25 -04:00
Jeff Mitchell 1fc837c22a Fix nil panic in certain error conditions 2016-08-02 14:57:11 -04:00
vishalnayak 4e25e729ee Removed duplicated check in tests 2016-07-29 14:18:53 -04:00
vishalnayak 8b0b0d5922 Add cluster information to 'vault status' 2016-07-29 14:13:53 -04:00
vishalnayak e5e0431393 Added Vault version informationto the 'status' command 2016-07-28 17:37:35 -04:00
Laura Bennett 4d9c909ae4 Merge pull request #1650 from hashicorp/request-uuid 
Added unique identifier to each request. Closes hashicorp/vault#1617
 2016-07-27 09:40:48 -04:00
vishalnayak c17534d527 Fix request_id test failures 2016-07-26 18:30:13 -04:00
vishalnayak 9d4a1b03bc Fix broken tests 2016-07-26 16:53:59 -04:00
Laura Bennett 67801bcf64 uncomment 2016-07-26 16:44:50 -04:00
Laura Bennett fb1b032040 fixing id in buildLogicalRequest 2016-07-26 15:50:37 -04:00
vishalnayak 86446ff67e Error out if cluster information is nil when Vault is unsealed 2016-07-26 15:30:38 -04:00
vishalnayak 6145bed088 Added omitempty to ClusterName and ClusterID 2016-07-26 14:11:32 -04:00
vishalnayak 669bbdfa48 Address review feedback from @jefferai 2016-07-26 14:05:27 -04:00
Laura Bennett ad66bd7502 fixes based proper interpretation of comments 2016-07-26 12:20:27 -04:00
vishalnayak a3e6400697 Remove global name/id. Make only cluster name configurable. 2016-07-26 10:01:35 -04:00
vishalnayak c7dabe4def Storing local and global cluster name/id to storage and returning them in health status 2016-07-26 02:32:42 -04:00
Jeff Mitchell 6c393cf17a Fix tests 2016-07-25 17:05:54 -04:00
Laura Bennett 8d52a96df5 moving id to http/logical 2016-07-25 15:24:10 -04:00
vishalnayak 43d352a942 Add version information to health status 2016-07-22 18:28:16 -04:00
vishalnayak c14235b206 Merge branch 'master-oss' into json-use-number 
Conflicts:
	http/handler.go
	logical/framework/field_data.go
	logical/framework/wal.go
	vault/logical_passthrough.go
 2016-07-15 19:21:55 -04:00
Vishal Nayak 9f1e6c7b26 Merge pull request #1607 from hashicorp/standardize-time 
Remove redundant invocations of UTC() call on `time.Time` objects
 2016-07-13 10:19:23 -06:00
vishalnayak 8269f323d3 Revert 'risky' changes 2016-07-12 16:38:07 -04:00