luxolus/open-vault
2
0
Fork 0
Code Issues 1 Pull requests Releases Activity
4014 commits 1 branch 0 tags 214 MiB
Commit graph

156 commits

Author SHA1 Message Date
vishalnayak c14235b206 Merge branch 'master-oss' into json-use-number 
Conflicts:
	http/handler.go
	logical/framework/field_data.go
	logical/framework/wal.go
	vault/logical_passthrough.go
 2016-07-15 19:21:55 -04:00
vishalnayak 8269f323d3 Revert 'risky' changes 2016-07-12 16:38:07 -04:00
vishalnayak e09b40e155 Remove Unix() invocations on 'time.Time' objects and removed conversion of time to UTC 2016-07-08 18:30:18 -04:00
vishalnayak ad7cb2c8f1 Added JSON Decode and Encode helpers. 
Changed all the occurances of Unmarshal to use the helpers.
Fixed http/ package tests.
 2016-07-06 12:25:40 -04:00
Jeff Mitchell 09720bbd8e Fix picking wrong token lock 2016-06-27 11:17:08 -04:00
Jeff Mitchell 2b4b6559e3 Merge pull request #1504 from hashicorp/token-store-roles-renewability 
Add renewable flag to token store roles
 2016-06-08 15:56:54 -04:00
Jeff Mitchell 8a1bff7c11 Make out-of-bounds explicit max a cap+warning instead of an error 2016-06-08 15:25:17 -04:00
Jeff Mitchell cf8f38bd4c Add renewable flag to token store roles 2016-06-08 15:17:22 -04:00
Jeff Mitchell 65d8973864 Add explicit max TTL capability to token creation API 2016-06-08 14:49:48 -04:00
Jeff Mitchell c0155ac02b Add renewable flag and API setting for token creation 2016-06-08 11:14:30 -04:00
Jeff Mitchell f8d70b64a0 Show renewable status for tokens in output 2016-06-01 17:30:31 -04:00
vishalnayak 1e4834bd20 Remove addDefault param from ParsePolicies 2016-05-31 13:39:58 -04:00
vishalnayak 49b4c83580 Adding default policies while creating tokens 2016-05-31 13:39:58 -04:00
vishalnayak c0e745dbfa s/logical.ErrorResponse/fmt.Errorf in renewal functions of credential backends 2016-05-26 10:21:03 -04:00
Jeff Mitchell c4431a7e30 Address most review feedback. Change responses to multierror to better return more useful values when there are multiple errors 2016-05-16 16:11:33 -04:00
Jeff Mitchell 4c67a739b9 Merge branch 'master-oss' into cubbyhole-the-world 2016-05-16 12:14:40 -04:00
Sean Chittenden 7a4b31ce51
Speling police 2016-05-15 09:58:36 -07:00
Jeff Mitchell ce5614bf9b Merge branch 'master-oss' into cubbyhole-the-world 2016-05-11 19:29:52 -04:00
Jeff Mitchell 6ec1ca05c8 Fix bug around disallowing explicit max greater than sysview max 2016-05-11 18:46:55 -04:00
Jeff Mitchell aecc3ad824 Add explicit maximum TTLs to token store roles. 2016-05-11 16:51:18 -04:00
Jeff Mitchell 1b190c9c62 Don't check if numuses is -1 with a read lock, it shouldn't come in with that from lookup anyways 2016-05-02 15:31:28 -04:00
Jeff Mitchell 324bb9cfac Use a 256-level mutex map instead of 4096, and optimize the case for tokens that are not limited use 2016-05-02 14:57:17 -04:00
Jeff Mitchell 2ebe49d3a1 Change UseToken mechanics. 
Add locking around UseToken and Lookup. Have UseToken flag an entry that
needs to be revoked so that it can be done at the appropriate time, but
so that Lookup in the interm doesn't return a value.

The locking is a map of 4096 locks keyed off of the first three
characters of the token ID which should provide good distribution.
 2016-05-02 03:44:24 -04:00
Jeff Mitchell 81da06de05 Fix fetching parameters in token store when it's optionally in the URL 2016-04-28 15:15:37 -04:00
Jeff Mitchell 98d09b0dc6 Add seal tests and update generate-root and others to handle dualseal. 2016-04-25 19:39:04 +00:00
Jeff Mitchell ae2d000de4 Make period output nicer -- seconds rather than duration 2016-04-14 06:10:22 -04:00
Jeff Mitchell 1db6808912 Construct token path from request to fix displaying TTLs when using 
create-orphan.
 2016-04-07 15:45:38 +00:00
Jeff Mitchell f2880561d1 Ensure we only use sysview's max if it's not zero. It never should be, but safety. 2016-04-07 15:27:14 +00:00
vishalnayak e3a1ee92b5 Utility Enhancements 2016-04-05 20:32:59 -04:00
Jeff Mitchell 7d20380c42 Merge pull request #1280 from hashicorp/remove-ts-revoke-prefix 
Remove auth/token/revoke-prefix in favor of sys/revoke-prefix.
 2016-04-01 09:48:52 -04:00
Jeff Mitchell 2b2541e13f Merge pull request #1277 from hashicorp/suprious-revoke-timer-logs 
Keep the expiration manager from keeping old token entries.
 2016-03-31 20:16:31 -04:00
Jeff Mitchell 2fd02b8dca Remove auth/token/revoke-prefix in favor of sys/revoke-prefix. 2016-03-31 18:04:05 -04:00
Jeff Mitchell 7442867d53 Check for auth/ in the path of the prefix for revoke-prefix in the token 
store.
 2016-03-31 16:21:56 -04:00
Jeff Mitchell 75650ec1ad Keep the expiration manager from keeping old token entries. 
The expiration manager would never be poked to remove token entries upon
token revocation, if that revocation was initiated in the token store
itself. It might have been to avoid deadlock, since during revocation of
tokens the expiration manager is called, which then calls back into the
token store, and so on.

This adds a way to skip that last call back into the token store if we
know that we're on the revocation path because we're in the middle of
revoking a token. That way the lease is cleaned up. This both prevents
log entries appearing for already-revoked tokens, and it also releases
timer/memory resources since we're not keeping the leases around.
 2016-03-31 15:10:25 -04:00
Jeff Mitchell ddce1efd0d Two items: 
1: Fix path check in core to handle renew paths from the token store
that aren't simply renew/
2: Use token policy logic if token store role policies are empty
 2016-03-31 14:52:49 -04:00
vishalnayak 3861c88211 Accept params both as part of URL or as part of http body 2016-03-14 19:14:36 -04:00
vishalnayak 85a888d588 Enable token to be supplied in the body for lookup call 2016-03-14 18:56:00 -04:00
Jeff Mitchell fa2ba47a5c Merge branch 'master' into token-roles 2016-03-09 17:23:34 -05:00
vishalnayak 0c4d5960a9 In-URL accessor for auth/token/lookup-accessor endpoint 2016-03-09 14:54:52 -05:00
vishalnayak 2528ffbc18 Restore old regex expressions for token endpoints 2016-03-09 14:08:52 -05:00
vishalnayak f478cc57e0 fix all the broken tests 2016-03-09 13:45:36 -05:00
vishalnayak 007142262f Provide accessor to revove-accessor in the URL itself 2016-03-09 13:08:37 -05:00
Jeff Mitchell 2ecdde1781 Address final feedback 2016-03-09 11:59:54 -05:00
vishalnayak c4a2c5b56e Added tests for 'sys/capabilities-accessor' endpoint 2016-03-09 11:29:09 -05:00
Jeff Mitchell 4785bec59d Address review feedback 2016-03-09 11:07:13 -05:00
Jeff Mitchell 2e07f45bfa Use role's allowed policies if none are given 2016-03-09 10:42:04 -05:00
vishalnayak 926e7513d7 Added docs for /sys/capabilities-accessor 2016-03-09 09:48:32 -05:00
vishalnayak 7407c27778 Add docs for new token endpoints 2016-03-09 09:31:09 -05:00
vishalnayak 6a992272cd New prefix for accessor indexes 2016-03-09 09:09:09 -05:00
vishalnayak 151c932875 AccessorID --> Accessor, accessor_id --> accessor 2016-03-09 06:23:31 -05:00