919b968c27
The big one ( #5346 )
2018-09-17 23:03:00 -04:00
716fb03ab7
perform policy templating on each path ( #5229 )
2018-08-30 18:45:11 -04:00
f5024770dc
Allow comment key in policies
2018-08-24 09:42:47 -04:00
ba0d029247
Restricts ACL templating to paths but allows failures ( #5167 )
...
When a templating failure happens, we now simply ignore that path,
rather than fail all access to all policies
2018-08-23 12:15:02 -04:00
71d92ef093
ACL Templating ( #4994 )
...
* Initial work on templating
* Add check for unbalanced closing in front
* Add missing templated assignment
* Add first cut of end-to-end test on templating.
* Make template errors be 403s and finish up testing
* Review feedback
2018-08-15 11:42:56 -07:00
c4abeb9ea5
Move checkHCLKeys into hclutil ( #4749 )
2018-06-12 12:38:08 -04:00
28e3eb9e2c
Errwrap everywhere ( #4252 )
...
* package api
* package builtin/credential
* package builtin/logical
* package command
* package helper
* package http and logical
* package physical
* package shamir
* package vault
* package vault
* address feedback
* more fixes
2018-04-05 11:49:21 -04:00
3d8d887676
Add ability to require parameters in ACLs ( #3510 )
2017-11-02 07:18:49 -04:00
8e9317792d
Fix some merge/update bugs
2017-10-23 16:49:46 -04:00
47dae8ffc7
Sync
2017-10-23 14:59:37 -04:00
ab5014534e
Clone policy permissions and then use existing values rather than policy values for modifications ( #2826 )
...
Should fix #2804
2017-06-07 13:49:51 -04:00
5119b173c4
Rename helper 'duration' to 'parseutil'. ( #2449 )
...
Add a ParseBool function that accepts various kinds of ways of
specifying booleans.
Have config use ParseBool for UI and disabling mlock/cache.
2017-03-07 11:21:22 -05:00
7f0a99e8eb
Add max/min wrapping TTL ACL statements ( #2411 )
2017-02-27 14:42:00 -05:00
1c5264c66c
ToLower parameter strings
2017-02-16 17:50:10 -08:00
da9e62bc24
Remove "permissions" from ACL
2017-02-15 21:12:26 -05:00
7ec19459a7
Remove extra comments
2017-01-20 11:38:40 -08:00
df800198e0
Remove some extra comments
2017-01-20 11:32:58 -08:00
37f393ff94
Remove unneeded comment block
2017-01-19 18:18:06 -08:00
f3870061ee
fix some of the tests and rename allowed/dissallowed paramaters
2017-01-19 16:40:19 -08:00
907e735541
Permissions were changed from a structure to and array of interfaces. Code optimization for acl.go. Fixed bug where multiple parameters would allow if second or following parameters were denied and there was a wildcard in allow.
2016-12-06 18:14:15 -08:00
2ea4caeffb
Update acl and policy tests to use Permissions.
2016-10-21 23:45:39 -07:00
ed982675a1
permissions structure now holds a map of strings to empty structs. Modified acl.go to acommidate these changes
2016-10-21 19:35:55 -07:00
c6b63b5312
Implemented AllowOperation parameter permission checking for request data.
2016-10-21 18:38:05 -07:00
c2b512cf46
Changed AllowOperation to take logical.Request
2016-10-16 16:29:52 -07:00
bd7711bebf
Merge allowed and disallowed parameters maps.
2016-10-16 15:24:32 -07:00
93bb52b733
policy now includes whether a certain parameter can be updated
2016-10-15 16:44:57 -07:00
231d3e7758
policy now includes whether a certain parameter can be updated
2016-10-15 16:43:55 -07:00
119dd9653e
Adding permissions to hcl config and decoding it.
2016-10-14 14:24:45 -07:00
bd5235960c
Fixed permission conflicts
2016-10-14 10:33:12 -07:00
d480df7141
Fixed Policy Permissions intergration and spelling.
2016-10-14 10:22:00 -07:00
eb8b8a1def
created structure for permissions and modified parsePaths in policy.go and newAcl/AllowOperation in acl.go
2016-10-14 10:17:25 -07:00
6aa9a1d165
updated policy.go to include an expanded structure to add the ability to track allowed and disallowed params in the PathCapabilities structure. Updating Acl.go to interface with the updated PathCapabilites structure
2016-10-09 15:39:58 -07:00
f6adea85ce
Preserve pointer
2016-03-10 15:55:47 -05:00
ad7049eed1
Parse policy HCL syntax and keys
2016-03-10 15:25:25 -05:00
9946a2d8b5
refactoring changes due to acl.Capabilities
2016-03-04 18:55:48 -05:00
9717ca5931
Strip leading paths in policies.
...
It appears to be a common mistake, but they won't ever match.
Fixes #1167
2016-03-03 11:32:48 -05:00
87fba5dad0
Convert map to bitmap
2016-01-12 17:08:10 -05:00
4f4ddbf017
Create more granular ACL capabilities.
...
This commit splits ACL policies into more fine-grained capabilities.
This both drastically simplifies the checking code and makes it possible
to support needed workflows that are not possible with the previous
method. It is backwards compatible; policies containing a "policy"
string are simply converted to a set of capabilities matching previous
behavior.
Fixes #724 (and others).
2016-01-08 13:05:14 -05:00
6ef455af89
Fix warnings returned by `make vet`
...
$GOPATH/src/github.com/hashicorp/vault/vault/policy.go:69: unreachable code
$GOPATH/src/github.com/hashicorp/vault/vault/policy_store_test.go:139: github.com/hashicorp/vault/logical.StorageEntry composite literal uses unkeyed fields
2015-09-26 21:17:39 -07:00
eda88c18ff
vault: Adding precedence logic for conflicting policy
2015-07-05 17:30:19 -06:00
27d01270c8
vault: look for glob character in policy
2015-07-05 14:58:38 -07:00
f40ed182c4
vault: Support policy CRUD
2015-03-23 14:43:31 -07:00
061b6b24f1
vault: Refactor to use CollectKeys
2015-03-18 12:06:18 -07:00
99abc11ec5
vault: Adding ACL representation
2015-03-17 18:31:20 -07:00
ddab671bf4
vault: Adding policy parsing
2015-03-17 15:53:29 -07:00
Jeff Mitchell