Jeff Mitchell
3e71221839
Merge remote-tracking branch 'origin/master' into aws-auth-backend
2016-05-05 10:04:52 -04:00
vishalnayak
92fe94546c
Split SanitizeTTL method to support time.Duration parameters as well
2016-05-05 09:45:48 -04:00
vishalnayak
21854776af
Added cooldown period for periodic tidying operation
2016-04-26 10:22:29 -04:00
vishalnayak
9aa8fb6cc1
Support periodic tidy callback and config endpoints.
2016-04-26 10:22:29 -04:00
Seth Vargo
86455b4720
Only show params if there are fields
2016-04-13 22:15:06 +01:00
vishalnayak
ba9b5b8847
Fix SanitizeTTL check
2016-03-16 14:27:01 -04:00
vishalnayak
3861c88211
Accept params both as part of URL or as part of http body
2016-03-14 19:14:36 -04:00
Jeff Mitchell
f9fb20bbe4
Make SanitizeTTL treat an empty string the same as a "0" string.
...
This causes a 0 TTL to be returned for the value, which is a clue to
other parts of Vault to use appropriate defaults. However, this makes
the defaults be used at lease allocation or extension time instead of
when parsing parameters.
2016-02-18 16:51:36 -05:00
Jeff Mitchell
627082b838
Remove grace periods
2016-01-31 19:33:16 -05:00
Jeff Mitchell
d5584e12bc
invert logic to prefer client increment
2016-01-29 20:02:15 -05:00
Jeff Mitchell
4619473175
Update proposed time
2016-01-29 19:31:37 -05:00
Jeff Mitchell
7353fa3e56
Adjust framework unit tests for new LeaseExtend
2016-01-29 19:31:37 -05:00
Jeff Mitchell
f53136ab09
Update LeaseExtend
2016-01-29 19:31:37 -05:00
Jeff Mitchell
9db22dcfad
Address some more review feedback
2016-01-12 15:09:16 -05:00
Jeff Mitchell
4f4ddbf017
Create more granular ACL capabilities.
...
This commit splits ACL policies into more fine-grained capabilities.
This both drastically simplifies the checking code and makes it possible
to support needed workflows that are not possible with the previous
method. It is backwards compatible; policies containing a "policy"
string are simply converted to a set of capabilities matching previous
behavior.
Fixes #724 (and others).
2016-01-08 13:05:14 -05:00
Jeff Mitchell
f3ce90164f
WriteOperation -> UpdateOperation
2016-01-08 13:03:03 -05:00
Jeff Mitchell
35a7f0de22
Add '.' to GenericNameRegex; it cannot appear as the first or last
...
character. This allows its usage in a number of extra path-based
variables.
Ping #244
2015-10-13 16:04:10 -04:00
Jeff Mitchell
ab7d35b95e
Fix up per-backend timing logic; also fix error in TypeDurationSecond in
...
GetOkErr.
2015-09-21 09:55:03 -04:00
Jeff Mitchell
b655f6b858
Add HMAC capability to salt. Pass a salt into audit backends. Require it for audit.Hash.
2015-09-18 17:38:22 -04:00
vishalnayak
7f640c4374
Error on violating SysView boundaries
2015-09-17 11:24:46 -04:00
vishalnayak
6a4089b2a8
Vault userpass: Enable renewals for login tokens
2015-09-16 23:55:35 -04:00
Jeff Mitchell
77e7379ab5
Implement the cubbyhole backend
...
In order to implement this efficiently, I have introduced the concept of
"singleton" backends -- currently, 'sys' and 'cubbyhole'. There isn't
much reason to allow sys to be mounted at multiple places, and there
isn't much reason you'd need multiple per-token storage areas. By
restricting it to just one, I can store that particular mount instead of
iterating through them in order to call the appropriate revoke function.
Additionally, because revocation on the backend needs to be triggered by
the token store, the token store's salt is kept in the router and
client tokens going to the cubbyhole backend are double-salted by the
router. This allows the token store to drive when revocation happens
using its salted tokens.
2015-09-15 13:50:37 -04:00
Lassi Pölönen
fb07cf9f53
Implement clean up routine to backend as some backends may require
...
e.g closing database connections on unmount to avoud connection
stacking.
2015-09-11 11:45:58 +03:00
Jeff Mitchell
488d33c70a
Rejig how dynamic values are represented in system view and location of some functions in various packages; create mount-tune command and API analogues; update documentation
2015-09-10 15:09:54 -04:00
Jeff Mitchell
4239f9d243
Add DynamicSystemView. This uses a pointer to a pointer to always have
...
up-to-date information. This allows remount to be implemented with the
same source and dest, allowing mount options to be changed on the fly.
If/when Vault gains the ability to HUP its configuration, this should
just work for the global values as well.
Need specific unit tests for this functionality.
2015-09-10 15:09:54 -04:00
Jeff Mitchell
b74fa8c888
Make DefaultSystemView StaticSystemView with statically-configured information. Export this from Framework to make it easy to override for testing.
2015-08-27 11:25:07 -07:00
Jeff Mitchell
7c2bbe4c7f
Use a SystemView interface and turn SystemConfig into DefaultSystemView
2015-08-27 10:36:44 -07:00
Jeff Mitchell
e58553e7d5
Plumb the system configuration information up into framework
2015-08-27 09:41:03 -07:00
Jeff Mitchell
5695d57ba0
Merge pull request #561 from hashicorp/fix-wild-cards
...
Allow hyphens in endpoint patterns of most backends
2015-08-21 11:40:42 -07:00
vishalnayak
6c2927ede0
Vault: Fix wild card paths for all backends
2015-08-21 00:56:13 -07:00
Jeff Mitchell
ea9fbb90bc
Rejig Lease terminology internally; also, put a few JSON names back to their original values
2015-08-20 22:27:01 -07:00
Jeff Mitchell
93ef9a54bd
Internally refactor Lease/LeaseGracePeriod into TTL/GracePeriod
2015-08-20 18:00:51 -07:00
Caleb Tennis
ae990884a6
Add a validation step in field data to error more quickly vs. allowing panics to happen when we go to get the data and convert it
2015-08-11 12:34:14 -04:00
Armon Dadgar
c40cf7fcdf
logical/framework: handle nil duration value. Fixes #408
2015-07-08 16:55:52 -06:00
Armon Dadgar
4b27e4d8c5
Remove SetLogger, and unify on framework.Setup
2015-06-30 17:45:20 -07:00
Armon Dadgar
e892d728a2
logical/framework: support Salt in PathMap
2015-06-30 14:28:45 -07:00
Armon Dadgar
6b23b14773
logical/framework: adding a new duration type to convert to seconds
2015-06-17 15:56:26 -07:00
Armon Dadgar
f39b522681
logical/framework: allow the lease max to come from existing lease
2015-06-17 14:24:12 -07:00
Armon Dadgar
cfab07b19f
logical/framework: simplify calculation of lease renew
2015-06-17 14:16:44 -07:00
Jonathan Sokolowski
d58512b3f8
logical/framework: Fix help text in PathMap
2015-05-15 07:56:32 +10:00
Jonathan Sokolowski
283e8ccacb
logical/framework: Add delete to PathMap
2015-05-14 22:28:33 +10:00
Jonathan Sokolowski
896f9cd4d3
logical/framework: Add delete to PathStruct
2015-05-14 22:25:30 +10:00
Mitchell Hashimoto
5c63b70eea
logical/framework: PathMap is case insensitive by default
2015-05-11 10:27:04 -07:00
Mitchell Hashimoto
4e861f29bc
credential/github: case insensitive mappings
2015-05-11 10:24:39 -07:00
Armon Dadgar
8ed48191fb
logical/framework: Generate help output even if no synopsis provided
2015-05-07 15:45:43 -07:00
Mitchell Hashimoto
81b12660c5
logical/framework: PathMap allows hyphens in keys [GH-119]
2015-05-02 13:17:42 -07:00
Armon Dadgar
c4a92a276d
logical/framework: Supporting list of path map
2015-04-23 21:44:04 -07:00
Mitchell Hashimoto
cd3fa3be92
logical/framework: more flexible Pathmap and PolicyMap
2015-04-17 09:35:49 -07:00
Mitchell Hashimoto
910bf9c76d
logical/framework: PathStruct
2015-04-17 09:18:21 -07:00
Mitchell Hashimoto
463a32ba56
logical/framework: doc for defaultduration on secret
2015-04-13 20:42:06 -07:00