Commit Graph

173 Commits

Author SHA1 Message Date
Jeff Mitchell f3ab4971a6 Follow Vault convention on `DELETE` being idempotent (#1903)
* Follow Vault convention on `DELETE` being idempotent with
audit/auth/mounts deletes (a.k.a. disabling/unmounting).
2016-09-19 13:02:25 -04:00
Jeff Mitchell fffee5611a Rejig locks during unmount/remount. (#1855) 2016-09-13 11:50:14 -04:00
Jeff Mitchell 58b32e5432 Convert to logxi 2016-08-21 18:13:37 -04:00
vishalnayak b43cc03f0e Address review feedback from @jefferai 2016-08-09 10:47:55 -04:00
vishalnayak 5866cee5b4 Added utilities to compress the data 2016-08-09 00:50:19 -04:00
Jeff Mitchell 4b2b5363d4 Switch some errors that ought to be 500 to 500 2016-08-04 09:11:24 -04:00
vishalnayak ad7cb2c8f1 Added JSON Decode and Encode helpers.
Changed all the occurances of Unmarshal to use the helpers.
Fixed http/ package tests.
2016-07-06 12:25:40 -04:00
Jeff Mitchell a57996ac08 Add to auth/audit too 2016-05-26 13:38:51 -04:00
Jeff Mitchell 475b0e2d33 Add table/type checking to mounts table. 2016-05-26 12:55:00 -04:00
Jeff Mitchell dcf844027b Show entry path in log, not internal view path 2016-01-28 12:34:49 -05:00
Jeff Mitchell 9c5ad28632 Update deps, and adjust usage of go-uuid to match new return values 2016-01-13 13:40:08 -05:00
Jeff Mitchell f2da5b639f Migrate 'uuid' to 'go-uuid' to better fit HC naming convention 2015-12-16 12:56:20 -05:00
Jeff Mitchell bc4c18a1cf Rearchitect MountTable locking and fix rollback.
The rollback manager was using a saved MountTable rather than the
current table, causing it to attempt to rollback unmounted mounts, and
never rollback new mounts.

In fixing this, it became clear that bad things could happen to the
mount table...the table itself could be locked, but the table pointer
(which is what the rollback manager needs) could be modified at any time
without locking. This commit therefore also returns locking to a mutex
outside the table instead of inside, and plumbs RLock/RUnlock through to
the various places that are reading the table but not holding a write
lock.

Both unit tests and race detection pass.

Fixes #771
2015-11-11 11:54:52 -05:00
Jeff Mitchell a9155ef85e Use split-out hashicorp/uuid 2015-10-12 14:07:12 -04:00
Jeff Mitchell 8f27c250d6 Fix problematic logging statements.
Fixes #665.
2015-10-02 18:31:46 -07:00
Jeff Mitchell c694c7d31d Fix situation where a new required singleton backend would not be activated upon upgrade. 2015-09-21 17:54:36 -04:00
Jeff Mitchell 68c268a6f0 Allow tuning of auth mounts, to set per-mount default/max lease times 2015-09-19 11:50:50 -04:00
Jeff Mitchell e7d5a18e94 Directly pass the cubbyhole backend to the token store and bypass logic in router 2015-09-15 13:50:37 -04:00
Jeff Mitchell 849b78daee Move more cubby logic outside of router into auth setup 2015-09-15 13:50:37 -04:00
Jeff Mitchell b50f7ec1b5 Remove noop checks in unmount/remount and restore previous behavior 2015-09-15 13:50:37 -04:00
Jeff Mitchell 77e7379ab5 Implement the cubbyhole backend
In order to implement this efficiently, I have introduced the concept of
"singleton" backends -- currently, 'sys' and 'cubbyhole'. There isn't
much reason to allow sys to be mounted at multiple places, and there
isn't much reason you'd need multiple per-token storage areas. By
restricting it to just one, I can store that particular mount instead of
iterating through them in order to call the appropriate revoke function.

Additionally, because revocation on the backend needs to be triggered by
the token store, the token store's salt is kept in the router and
client tokens going to the cubbyhole backend are double-salted by the
router. This allows the token store to drive when revocation happens
using its salted tokens.
2015-09-15 13:50:37 -04:00
Jeff Mitchell 104b29ab04 Rename View to StorageView to make it more distinct from SystemView 2015-09-15 13:50:37 -04:00
Lassi Pölönen d3aec0ba31 Cleanup routines should now use routeEntry instead of mountEntry. 2015-09-11 13:40:31 +03:00
Lassi Pölönen fb07cf9f53 Implement clean up routine to backend as some backends may require
e.g closing database connections on unmount to avoud connection
stacking.
2015-09-11 11:45:58 +03:00
Jeff Mitchell 5de736e69c Implement shallow cloning to allow MountEntry pointers to stay consistent when spread across router/core/system views 2015-09-10 15:09:54 -04:00
Jeff Mitchell ace611d56d Address items from feedback. Make MountConfig use values rather than
pointers and change how config is read to compensate.
2015-09-10 15:09:54 -04:00
Jeff Mitchell c460ff10ca Push a lot of logic into Router to make a bunch of it nicer and enable a
lot of cleanup. Plumb config and calls to framework.Backend.Setup() into
logical_system and elsewhere, including tests.
2015-09-10 15:09:54 -04:00
Jeff Mitchell eff1c331ad Add more unit tests against backend TTLs, and fix two bugs found by them
(yay unit tests!)
2015-09-10 15:09:54 -04:00
Jeff Mitchell 775dfe38a2 A couple bug fixes + most unit tests 2015-09-10 15:09:54 -04:00
Jeff Mitchell 488d33c70a Rejig how dynamic values are represented in system view and location of some functions in various packages; create mount-tune command and API analogues; update documentation 2015-09-10 15:09:54 -04:00
Jeff Mitchell 4239f9d243 Add DynamicSystemView. This uses a pointer to a pointer to always have
up-to-date information. This allows remount to be implemented with the
same source and dest, allowing mount options to be changed on the fly.
If/when Vault gains the ability to HUP its configuration, this should
just work for the global values as well.

Need specific unit tests for this functionality.
2015-09-10 15:09:54 -04:00
Jeff Mitchell d435048d9e Switch StaticSystemView values to pointers, to support updating 2015-09-10 15:09:54 -04:00
Jeff Mitchell 696d0c7b1d Plumb per-mount config options through API 2015-09-10 15:09:53 -04:00
Jeff Mitchell 893d2d9b00 Minor cleanup of MountConfig 2015-09-10 15:09:53 -04:00
Jeff Mitchell 17c60d3e78 Add logic to core to fetch a SystemView for a given mount entry and use those values for default/max TTL. The SystemView will reflect system defaults if not set for that mount. 2015-09-10 15:09:53 -04:00
Jeff Mitchell b74fa8c888 Make DefaultSystemView StaticSystemView with statically-configured information. Export this from Framework to make it easy to override for testing. 2015-08-27 11:25:07 -07:00
Jeff Mitchell 7c2bbe4c7f Use a SystemView interface and turn SystemConfig into DefaultSystemView 2015-08-27 10:36:44 -07:00
Jeff Mitchell e58553e7d5 Plumb the system configuration information up into framework 2015-08-27 09:41:03 -07:00
Jeff Mitchell 992e357d07 Add some plumbing to allow specified system configuration information to
be retrieved by logical backends. First implemented is default/max TTL.
2015-08-27 08:51:35 -07:00
Caleb Tennis 4da080e769 This adds a new error class which can be used by logical backends to
specify more concrete error cases to make their way back up the stack.

Over time there is probably a cleaner way of doing this, but that's
looking like a more massive rewrite and this solves some issues in
the meantime.

Use a CodedError to return a more concrete HTTP return code for
operations you want to do so.  Returning a regular error leaves
the existing behavior in place.
2015-08-10 13:27:25 -04:00
Armon Dadgar 41b72a4d39 vault: provide view to backend initializer for setup 2015-06-30 17:30:43 -07:00
Armon Dadgar 8bc99f8c23 helper/uuid: single generateUUID definition 2015-06-30 12:38:32 -07:00
Mitchell Hashimoto 7aee6269f7 vault: pass a logger around to logical backends 2015-04-04 11:39:58 -07:00
Armon Dadgar 148fe3d864 vault: Adding Hash function to MountTable 2015-04-03 17:46:57 -07:00
Armon Dadgar 0dee7d29ec vault: disable credential backend revokes tokens 2015-04-03 16:07:45 -07:00
Armon Dadgar 56d0b51be0 vault: Reuse mount table methods 2015-04-03 16:00:46 -07:00
Armon Dadgar 683d01e984 vault: Refactor common methods 2015-04-03 15:59:30 -07:00
Armon Dadgar 002b2ad589 vault: Provide salted client token to logical backends 2015-04-03 14:42:39 -07:00
Armon Dadgar f397cd3fb1 vault: remount does appropriate cleanup 2015-04-02 12:03:00 -07:00
Armon Dadgar 0b5572a2f7 vault: ensure unmount properly cleans up state 2015-04-02 11:18:06 -07:00
Armon Dadgar d5403d6673 vault: TODO cleanups 2015-04-01 22:13:08 -07:00
Armon Dadgar c3aed5589e vault: Adding intermediate taint step to unmount 2015-04-01 22:12:03 -07:00
Armon Dadgar 6933f94acd vault: Prevent UUID injection on sys mount path 2015-04-01 17:45:00 -07:00
Armon Dadgar 0a7df0b3d4 vault: Adding options to mount table 2015-03-31 13:14:08 -07:00
Armon Dadgar 5517910829 vault: Make audit/ a protected path 2015-03-27 14:00:57 -07:00
Armon Dadgar 421f73d332 vault: Removing mtype from router 2015-03-18 15:48:14 -07:00
Armon Dadgar b8da9c2ee2 vault: first pass at initializing credential backends 2015-03-18 15:46:07 -07:00
Armon Dadgar 21b9bdaf37 vault: Allow passing in credential backends 2015-03-18 15:21:41 -07:00
Armon Dadgar 10a67592cd vault: more protection of protected mount points 2015-03-18 15:16:52 -07:00
Mitchell Hashimoto abe0859aa5 vault: use RWMutex on MountTable itself 2015-03-17 20:39:45 -05:00
Mitchell Hashimoto d4f54be927 vault: can pass in the backends 2015-03-15 16:25:38 -07:00
Mitchell Hashimoto ece0be434e vault: rename SystemBackend2 to SystemBackend 2015-03-15 14:54:49 -07:00
Mitchell Hashimoto d1d1929192 vault: convert to logical.Request and friends 2015-03-15 14:53:41 -07:00
Mitchell Hashimoto 92910d18d1 vault: make mount functions private again, going to try something else 2015-03-14 18:31:31 -07:00
Mitchell Hashimoto b2af154fb4 vault: make Mount related core functions public
/cc @armon - So I know the conversation we had related to this about
auth, but I think we still need to export these and do auth only at the
external API layer. If you're writing to the internal API, then all bets
are off.

The reason is simply that if you have access to the code, you can
already work around it anyways (you can disable auth or w/e), so a
compromised Vault source/binary is already a failure, and that is the
only thing that our previous unexported methods were protecting against.

If you write an external tool to access a Vault, it still needs to be
unsealed so _that_ is the primary security mechanism from an API
perspective. Once it is unsealed then the core API has full access to
the Vault, and identity/auth is only done at the external API layer, not
at the internal API layer.

The benefits of this approach is that it lets us still treat the "sys"
mount specially but at least have sys adopt helper/backend and use that
machinery and it can still be the only backend which actually has a
reference to *vault.Core to do core things (a key difference). So, an
AWS backend still will never be able to muck with things it can't, but
we're explicitly giving Sys (via struct initialization in Go itself)
a reference to *vault.Core.
2015-03-14 17:26:59 -07:00
Armon Dadgar d0380e553d vault: Support a pre-seal teardown 2015-03-13 11:16:24 -07:00
Armon Dadgar 6c759416d0 vault: special view path for system 2015-03-12 12:44:30 -07:00
Armon Dadgar b17607e51f vault: support remount 2015-03-12 12:09:30 -07:00
Armon Dadgar 719eded495 vault: testing mount/unmount 2015-03-11 18:29:49 -07:00
Armon Dadgar 0ca093fb2d vault: First pass at mount/unmount 2015-03-11 18:19:45 -07:00
Armon Dadgar b212890043 vault: Setup the mount tables after load 2015-03-11 15:50:42 -07:00
Armon Dadgar c6009345d1 vault: Testing mount table setup 2015-03-11 15:33:25 -07:00
Armon Dadgar f54e4e0f6a vault: Loading mount tables on start 2015-03-11 15:19:41 -07:00