e3f56f375c
Add 'no-store' response header from all the API outlets ( #2183 )
2016-12-15 17:53:07 -05:00
c29e5c8bad
Use 'http.MaxBytesReader' to limit request size ( #2131 )
...
Fix 'connection reset by peer' error introduced by 300b72e
2016-12-01 10:59:00 -08:00
c8dadb46ec
http: limit maximum request size
2016-11-17 12:06:43 -08:00
b3c805e662
Audit the client token accessors ( #2037 )
2016-10-29 17:01:49 -04:00
5657789627
Audit unwrapped response ( #1950 )
2016-09-29 12:03:47 -07:00
b45a481365
Wrapping enhancements ( #1927 )
2016-09-28 21:01:28 -07:00
6bf871995b
Don't use time.Time in responses. ( #1912 )
...
This fixes #1911 but not directly; it doesn't address the cause of the
panic. However, it turns out that this is the correct fix anyways,
because it ensures that the value being logged is RFC3339 format, which
is what the time turns into in JSON but not the normal time string
value, so what we audit log (and HMAC) matches what we are returning.
2016-09-23 12:32:07 -04:00
1c6f2fd82b
Add response wrapping to list operations ( #1814 )
2016-09-02 01:13:14 -04:00
3e6b48cca3
Initial `dataonly` work.
2016-08-08 11:55:24 -04:00
67801bcf64
uncomment
2016-07-26 16:44:50 -04:00
fb1b032040
fixing id in buildLogicalRequest
2016-07-26 15:50:37 -04:00
ad66bd7502
fixes based proper interpretation of comments
2016-07-26 12:20:27 -04:00
8d52a96df5
moving id to http/logical
2016-07-25 15:24:10 -04:00
e925987cb6
Add token accessor to wrap information if one exists
2016-06-13 23:58:17 +00:00
401456ea50
Add creation time to returned wrapped token info
...
This makes it easier to understand the expected lifetime without a
lookup call that uses the single use left on the token.
This also adds a couple of safety checks and for JSON uses int, rather
than int64, for the TTL for the wrapped token.
2016-06-07 15:00:35 -04:00
05b0e0a866
Enable audit-logging of seal and step-down commands.
...
This pulls the logical request building code into its own function so
that it's accessible from other HTTP handlers, then uses that with some
added logic to the Seal() and StepDown() commands to have meaningful
audit log entries.
2016-05-20 17:03:54 +00:00
c9aaabe235
Fix missing return after respondError in handleLogical
2016-05-20 15:49:48 +00:00
caf77109ba
Add cubbyhole wrapping documentation
2016-05-19 13:33:51 -04:00
2295cadbf4
Make WrapInfo a pointer to match secret/auth in response
2016-05-07 19:17:51 -04:00
99a5b4402d
Merge branch 'master-oss' into cubbyhole-the-world
2016-05-04 14:42:14 -04:00
7e462e566b
Check nil keys and respond internal error if it can't be cast to a []string
2016-05-02 20:00:46 -04:00
16b717022b
In a list response, if there are no keys, 404 to be consistent with GET
...
and with different backend conditions
Fixes #1365
2016-05-02 19:38:06 -04:00
aba689a877
Add wrapping through core and change to use TTL instead of Duration.
2016-05-02 00:47:35 -04:00
d81806b446
Add:
...
* Request/Response field extension
* Parsing of header into request object
* Handling of duration/mount point within router
* Tests of router WrapDuration handling
2016-05-02 00:24:32 -04:00
d959ffc301
Rename PrepareRequest to PrepareRequestFunc
2016-03-18 10:37:49 -04:00
4e6dcfd6d0
Enable callbacks for handling logical.Request changes before processing requests
2016-03-17 22:29:53 -04:00
151c932875
AccessorID --> Accessor, accessor_id --> accessor
2016-03-09 06:23:31 -05:00
301776012f
Introduced AccessorID in TokenEntry and returning it along with token
2016-03-08 14:06:10 -05:00
7d1d003ba0
Update documentation and use ParseBool for list query param checking
2016-01-22 10:07:32 -05:00
455931873a
Address some review feedback
2016-01-22 10:07:32 -05:00
5341cb69cc
Updates and documentation
2016-01-22 10:07:32 -05:00
9042315973
Add handling of LIST verb to logical router
2016-01-22 10:07:32 -05:00
4f4ddbf017
Create more granular ACL capabilities.
...
This commit splits ACL policies into more fine-grained capabilities.
This both drastically simplifies the checking code and makes it possible
to support needed workflows that are not possible with the previous
method. It is backwards compatible; policies containing a "policy"
string are simply converted to a set of capabilities matching previous
behavior.
Fixes #724 (and others).
2016-01-08 13:05:14 -05:00
f3ce90164f
WriteOperation -> UpdateOperation
2016-01-08 13:03:03 -05:00
10d24779c0
Rename GetWarnings->Warnings for responses
2015-10-07 16:18:39 -04:00
d740fd4a6a
Add the ability for warnings to be added to responses. These are
...
marshalled into JSON or displayed from the CLI depending on the output
mode. This allows conferring information such as "no such policy exists"
when creating a token -- not an error, but something the user should be
aware of.
Fixes #676
2015-10-07 16:18:39 -04:00
a8ef0e8a80
Remove cookie authentication.
2015-08-21 19:46:23 -07:00
93ef9a54bd
Internally refactor Lease/LeaseGracePeriod into TTL/GracePeriod
2015-08-20 18:00:51 -07:00
15f57082e0
Begin factoring out sys paths into logical routes. Also, standardize on 307 as redirect code.
2015-08-20 13:20:35 -07:00
496ebe561c
vault: cleanups for the audit log changes
2015-06-29 15:27:28 -07:00
c55f103c58
Adding error and remote_address to audit log lines
2015-06-18 17:17:18 -07:00
11c625fea2
http: support raw HTTP output
2015-05-27 14:10:00 -07:00
be2538aca3
http: Extract IP from RemoteAddr correctly
2015-05-20 15:23:41 +10:00
d258be6093
http: avoid authenticating as new token for auth/token/create
2015-04-27 15:17:59 -07:00
ee6963ee01
Use lowercase JSON keys for client_token
2015-04-24 12:00:00 -04:00
c7d521b2be
http: pass raw request through
2015-04-19 14:36:50 -07:00
6f5b4637fb
http: support standby redirects
2015-04-19 13:47:57 -07:00
a44eb0dcd0
http: renew endpoints
2015-04-13 20:42:07 -07:00
466c7575d3
Replace VaultID with LeaseID for terminology simplification
2015-04-08 13:35:32 -07:00
6015a8d7c2
http: handle errors better
2015-04-08 11:19:03 -07:00
Vishal Nayak