5aaad32af8
vault: ensure upgrades are cleaned up
2015-05-28 16:52:06 -07:00
db0afc9ebe
vault: move upgrade logic out of core
2015-05-28 16:43:44 -07:00
4eb5c63a5d
vault: create upgrade path in HA mode
2015-05-28 16:43:15 -07:00
67ed0a3c16
vault: moving upgrade path into barrier
2015-05-28 16:42:32 -07:00
82ef0b1ac7
vault: handle read of key upgrades
2015-05-28 16:11:31 -07:00
796ae59a89
vault: support keyring reload
2015-05-28 16:09:15 -07:00
2e86fa62d5
vault: adding barrier AddKey
2015-05-28 15:52:26 -07:00
c095861a02
keyring: Add key serialization
2015-05-28 15:49:52 -07:00
c60970e743
vault: prevent rekey on standby
2015-05-28 15:26:35 -07:00
01e890653c
vault: more logging
2015-05-28 14:15:06 -07:00
0877160754
vault: minor rekey cleanups
2015-05-28 12:07:52 -07:00
c5352d14a4
vault: testing rekey
2015-05-28 12:02:30 -07:00
361c722c5c
vault: first pass at rekey
2015-05-28 11:40:01 -07:00
5aed043ea5
vault: ensure master key is copied to avoid memzero issues
2015-05-28 11:38:59 -07:00
4e3f0cddcf
vault: Adding VerifyMaster to Barrier
2015-05-28 11:28:33 -07:00
9f399eb9ff
vault: prevent raw access to protected paths
2015-05-28 10:24:41 -07:00
1a4256c20c
vault: more logging around rotate
2015-05-27 17:56:55 -07:00
d0b93a6164
vault: adding sys/key-status and sys/rotate
2015-05-27 17:53:42 -07:00
26cff2f42f
vault: expose information about keys
2015-05-27 17:25:36 -07:00
3e717907cd
vault: testing barrier rekey
2015-05-27 17:17:03 -07:00
b93feb8a6b
vault: first pass at rekey
2015-05-27 17:13:40 -07:00
9e39fec4a5
vault: testing key rotation
2015-05-27 17:10:08 -07:00
ead96e8c99
vault: first pass at key rotation
2015-05-27 17:05:02 -07:00
3d800fe7be
vault: keyring api changes
2015-05-27 17:04:46 -07:00
490bece0a0
vault: make keyring immutable
2015-05-27 16:58:55 -07:00
28560a612f
vault: test for backwards compatability
2015-05-27 16:42:42 -07:00
e8e9103300
vault: share keyring persistence code
2015-05-27 16:29:59 -07:00
0e9136d14c
vault: first pass at keyring integration
2015-05-27 16:01:25 -07:00
50dc6a471e
vault: adding path for keyring
2015-05-27 15:23:43 -07:00
8c2a767f4f
vault: Adding version to key entry
2015-05-27 15:23:31 -07:00
1903518202
vault: Ensure we always set a key InstallTime
2015-05-27 14:37:40 -07:00
ef2f71e17f
vault: Adding InstallTime to key in keyring
2015-05-27 14:37:40 -07:00
57c763a3fa
vault: Adding keyring
2015-05-27 14:37:40 -07:00
70b3b37ffb
vault: rename key epoch to term for clarity
2015-05-27 14:37:39 -07:00
daa5b9c1b5
vault: physical -> storage for clarity
2015-05-27 14:33:58 -07:00
8ee5aebb3c
vault: testing raw responses
2015-05-27 14:19:12 -07:00
ba7bfed1af
vault: Expose MountPoint to secret backend. Fixes #248
2015-05-27 11:46:42 -07:00
d15eed47ad
vault: reproducing GH-203
2015-05-15 17:48:03 -07:00
3bcd32228d
vault: lease renewal should not create new lease entry
2015-05-15 17:47:39 -07:00
18795a4b26
vault: Adding test based on bug report
2015-05-15 17:19:41 -07:00
0b84e86483
vault: Adding more logging
2015-05-15 17:19:32 -07:00
8f4ddfd904
vault: adding test for e33a904
2015-05-11 11:16:21 -07:00
843d9e6484
vault: verify login endpoint never returns a secret
2015-05-09 11:51:58 -07:00
13ab31f4b5
vault: ensure InternalData is never returned from the core
2015-05-09 11:47:46 -07:00
c849aba53a
vault: Adding InternalData to Auth
2015-05-09 11:39:54 -07:00
c7496772d4
vault: defer barrier initialization until as late as possible
2015-05-08 11:06:39 -07:00
a6eef6bba3
vault: Guard against an invalid seal config
2015-05-08 11:05:31 -07:00
3500535db3
vault: fix detection of missing trailing slash. Fixes #157
2015-05-07 12:18:50 -07:00
727e0e90cd
vault: validate advertise addr is valid URL [GH-106]
2015-05-02 13:28:33 -07:00
c3a793ccdf
Lowercase again
2015-04-30 14:27:32 -04:00
57a7a41a42
Add test that ensure keylength check is working
...
Not likely to fail, but if it did would result in complete failure, so
probably good to have a test for it.
2015-04-30 13:12:47 -05:00
2de4965598
Use lowercase
2015-04-30 13:37:47 -04:00
ea0c41aa81
Add test to verify unique encrypted values
...
It wasn't immediately clear that the proper random seeding was taking
place. This ensures that the same plaintext encrypted twice does not
result in the same ciphertext. It will also be a good test to keep
around incase of future regressions.
2015-04-30 12:15:41 -05:00
f17d65507f
Use UTC in tests
2015-04-28 22:18:00 -04:00
95c8001388
Disable mlock in tests
2015-04-28 22:18:00 -04:00
eef1a10e8e
vault: fix more test race conditions
2015-04-28 19:17:45 -07:00
e80111502b
vault: way more verbose error if mlock fails [GH-59]
2015-04-28 18:56:16 -07:00
b5f8f3b05a
vault: add helper/mlock for doing mlock
2015-04-28 14:59:43 -07:00
2e55c3de68
vault: ability to toggle mlock on core
2015-04-27 16:40:14 -07:00
a2bd832519
vault: token create should return various metadata for logging
2015-04-25 20:21:35 -07:00
f1d8730c46
vault: restrict mlockall to just linux for now. Fixes #31
2015-04-23 16:10:50 -07:00
2f0995d650
vault: Swap the HAEnabled check with the sealed check
2015-04-20 12:19:09 -07:00
c5f914cb34
vault: Lock memory when possible
2015-04-19 13:42:47 -07:00
a03268bc32
vault: Adding an epoch prefix to keys to support eventual online key rotation
2015-04-17 16:51:13 -07:00
4473abd6ce
vault: core enforcement of limited use tokens
2015-04-17 11:57:56 -07:00
538c795f9b
vault: Adding method to consume a limited use token
2015-04-17 11:51:04 -07:00
fd3948d476
vault: Tokens can have a use count specified
2015-04-17 11:34:25 -07:00
b65e1b3e22
vault: using a constant to make @mitchellh feel better
2015-04-15 17:19:59 -07:00
95c37c1c4d
Clarify Barrier encryption defaults.
...
Declare the defaults in the comments to be what they are now (256 bit
key and default golang NONCE value). Make the key error message more
precise since. It isn't between 16 and 32, it is 16 OR 32.
2015-04-15 18:24:23 -05:00
818ce0a045
vault: token store allows specifying display_name
2015-04-15 14:24:07 -07:00
76b69b2514
vault: thread the display name through
2015-04-15 14:12:34 -07:00
e6fd2f2ce5
vault: Default key size to 256bit.
2015-04-15 13:33:47 -07:00
3ee434a783
vault: Allow AES key to be up to 256 bits. Fixes #7
2015-04-15 13:33:47 -07:00
9f7143cf44
vault: expose the current leader
2015-04-14 16:53:40 -07:00
445f64eb39
vault: leader should advertise address
2015-04-14 16:44:48 -07:00
ec8a41d2d2
vault: rename internal variable
2015-04-14 16:11:39 -07:00
7579cf76ab
vault: testing standby mode
2015-04-14 16:08:14 -07:00
2820bec479
vault: testing standby mode
2015-04-14 16:06:58 -07:00
a0e1b90b81
vault: reject operation if standby
2015-04-14 14:09:11 -07:00
d7102e2661
vault: first pass at HA standby mode
2015-04-14 14:06:15 -07:00
0be49a97b7
vault: stopExpiration should be idempotent
2015-04-14 13:32:56 -07:00
255e0fbda4
vault: enable physical cache in core
2015-04-14 11:08:04 -07:00
0f15aef9bb
vault: fix tests
2015-04-13 20:42:07 -07:00
a44eb0dcd0
http: renew endpoints
2015-04-13 20:42:07 -07:00
209b275bfd
logical/framework: allow max session time
2015-04-11 16:41:08 -07:00
33d66f0130
vault: token store allows unlimited renew
2015-04-11 16:28:16 -07:00
a360ca4928
logical/framework: AuthRenew callback, add LeaseExtend
...
/cc @armon - Going with this "standard library" of callbacks approach
to make extending leases in a customizable way easy. See the docs/tests
above.
2015-04-11 14:46:09 -07:00
5eff7f1b57
vault: upper bound on test
2015-04-10 21:22:17 -07:00
992028e23e
vault: the expiration time should be relative to the issue time
2015-04-10 21:21:06 -07:00
f2c0f79435
vault: Split SecurityBarrier interface to BarrierStorage
2015-04-10 16:43:35 -07:00
a6d974c74e
vault: revoking a token should revoke all secrets it has generated
2015-04-10 15:12:04 -07:00
c22d18a5be
vault: re-use revokeSalted to share logic
2015-04-10 15:06:54 -07:00
1e2863e2b8
vault: remove unused RevokeAll method
2015-04-10 14:59:49 -07:00
b10fbc4d83
vault: Adding token based revocation
2015-04-10 14:48:08 -07:00
98679ee7b8
vault: Split expiration manager views to index by token
2015-04-10 14:21:23 -07:00
39c51ede2e
vault: testing renewAuthEntry
2015-04-10 14:07:06 -07:00
13836e8612
vault: groundwork to allow auth renew
2015-04-10 13:59:49 -07:00
e7fe48c33f
vault: refactor expiration timer management
2015-04-09 12:39:12 -07:00
5a3ab973e6
vault: Simplify common lease logic
2015-04-09 12:29:13 -07:00
4679febdf3
logical: Refactor LeaseOptions to share between Secret and Auth
2015-04-09 12:14:04 -07:00
7df486482b
vault: Adding LeaseIssue for renew to allow limiting maximum lease length
2015-04-09 11:54:32 -07:00
9a034c4ab8
vault: lookup-self should allow unauthenticated requests
2015-04-08 22:09:47 -07:00
8ebc29d1b9
vault: audit broker profiles each backend
2015-04-08 17:09:36 -07:00
e25886859e
vault: router generates metrics per operation
2015-04-08 17:09:10 -07:00
82c5d9c478
vault: Enforce non-renewability
2015-04-08 17:03:46 -07:00
512b3d7afd
vault: Adding metrics profiling
2015-04-08 16:43:17 -07:00
429ad7e5cb
vault: Handle auth entry without lease
2015-04-08 15:43:26 -07:00
466c7575d3
Replace VaultID with LeaseID for terminology simplification
2015-04-08 13:35:32 -07:00
7e4f47a9e6
vault: proper meta parameter for vaultstorage (tests pass now)
2015-04-07 14:37:50 -07:00
9378d0388a
vault: token store inehrits policies by default
2015-04-07 14:19:52 -07:00
8dce065972
vault: use mapstructure to decode token args
...
JSON sends as interface{}, so we can't decode directly into types.
2015-04-07 14:16:35 -07:00
a8d4319ad5
vault: Update LRU on GetPolicy
2015-04-06 16:43:05 -07:00
f022ec97c4
vault: Adding policy LRU cache
2015-04-06 16:41:48 -07:00
493ee49e4d
vault: unify the token renew response
2015-04-06 16:35:39 -07:00
7aee6269f7
vault: pass a logger around to logical backends
2015-04-04 11:39:58 -07:00
246c2839b0
logical/framework: make help look nicer
2015-04-03 21:00:23 -07:00
8ff435ba1a
vault: fix issue with wrong path getting passed through
2015-04-03 20:48:04 -07:00
df8dbe9677
vault: allow mount point queries without trailing /
2015-04-03 20:45:00 -07:00
148fe3d864
vault: Adding Hash function to MountTable
2015-04-03 17:46:57 -07:00
d74c4c1c33
vault: Remove log about rollback
2015-04-03 17:11:24 -07:00
3250bfad0a
vault: test credential unmount does cleanup
2015-04-03 16:15:34 -07:00
82eda2b169
vault: Do early check for missing backend
2015-04-03 16:09:06 -07:00
0dee7d29ec
vault: disable credential backend revokes tokens
2015-04-03 16:07:45 -07:00
56d0b51be0
vault: Reuse mount table methods
2015-04-03 16:00:46 -07:00
683d01e984
vault: Refactor common methods
2015-04-03 15:59:30 -07:00
eaa483ff87
vault: Enforce default and max length leasing
2015-04-03 15:42:34 -07:00
0ba7c64c0f
vault: Verify client token is not passed through in the plain
2015-04-03 15:39:56 -07:00
002b2ad589
vault: Provide salted client token to logical backends
2015-04-03 14:42:39 -07:00
e4854ca59b
vault: Allow deep paths for audit backends
2015-04-03 14:27:33 -07:00
2f3e511507
vault: Allow deep paths for auth mounting
2015-04-03 14:24:00 -07:00
b8d69a357c
vault: Use Auth for lease and renewable
2015-04-03 14:04:50 -07:00
2feba52f40
vault: Adding auth/token/renew endpoint
2015-04-03 12:11:49 -07:00
adaa83b48c
vault: Adding RenewToken to expiration manager
2015-04-03 11:58:10 -07:00
c82fbbb8c3
vault: Support prefix based token revocation
2015-04-03 11:40:08 -07:00
eec6c27fae
vault: Special case auth/token/create
2015-04-02 18:05:23 -07:00
c6479642e9
vault: integrate login with expiration manager
2015-04-02 17:52:11 -07:00
1b19a8ee1b
vault: Rename RegisterLogin to RegisterAuth
2015-04-02 17:45:42 -07:00
d0ac9e5711
vault: Expose SaltID from token store
2015-04-02 17:39:38 -07:00
c54534875a
vault: testing remount cleanup
2015-04-02 12:04:37 -07:00
f397cd3fb1
vault: remount does appropriate cleanup
2015-04-02 12:03:00 -07:00
3a8dc4dff9
vault: Adding Untaint to router
2015-04-02 12:01:53 -07:00
bfe7a1e901
vault: testing unmount cleanup
2015-04-02 11:47:44 -07:00
0b5572a2f7
vault: ensure unmount properly cleans up state
2015-04-02 11:18:06 -07:00
3e427910fb
vault: Support tainting router paths
2015-04-02 11:18:06 -07:00
c718408055
vault: Added MatchingView method
2015-04-02 11:18:06 -07:00
d5e5499ddd
vault: Adding ClearView method
2015-04-02 11:18:05 -07:00
d5403d6673
vault: TODO cleanups
2015-04-01 22:13:08 -07:00
f231a6c67d
vault: rollback supports joining an inflight operation
2015-04-01 22:12:03 -07:00
c3aed5589e
vault: Adding intermediate taint step to unmount
2015-04-01 22:12:03 -07:00
6218c2729d
http: audit endpoints
2015-04-01 18:36:13 -07:00
114c1e1dea
vault: Adding the raw/ endpoints to sys
2015-04-01 17:45:00 -07:00
28bc849fd9
vault: Attach policy name if missing
2015-04-01 17:45:00 -07:00
6933f94acd
vault: Prevent UUID injection on sys mount path
2015-04-01 17:45:00 -07:00
a8912e82d8
enable github
2015-04-01 15:48:56 -07:00
4138e43f00
vault: Adding audit trail for login
2015-04-01 14:48:37 -07:00
3d3e18793b
vault: Integrate audit logging with core
2015-04-01 14:33:48 -07:00
b657b74a97
vault: Minor rework for clarity
2015-04-01 14:11:26 -07:00
c83f46606b
vault: Simpify token checking logic
2015-04-01 14:03:17 -07:00
cd681d7226
vault: Extending AuditBroker to support new audit methods
2015-04-01 13:55:07 -07:00
08a9216aa7
vault: register vault ID even fi no lease
2015-03-31 21:04:10 -07:00
2c9ebecda7
vault: register zero lease entries with the expiration manager
...
/cc @armon - would appreciate a review on this one
2015-03-31 21:01:12 -07:00
aba7fc1910
http: auth handlers
2015-03-31 20:24:51 -07:00
dda8dec5bf
vault: Adding sys/ paths to enable/disable audit backends
2015-03-31 16:45:08 -07:00
7ca462c028
vault: Adding enable/disable audit methods
2015-03-31 15:26:07 -07:00
d817e31d67
vault: Sanity check keys in the barrier view
2015-03-31 13:32:24 -07:00
a6bc60c7d6
vault: Adding AuditBroker and basic tests
2015-03-31 13:22:40 -07:00
0a7df0b3d4
vault: Adding options to mount table
2015-03-31 13:14:08 -07:00
1dcb37c6b6
vault: lookup-self for TokenStore to look up your own store
2015-03-31 12:51:00 -07:00
63f259cc8d
vault: lookup without a token looks up self
2015-03-31 12:50:07 -07:00
6a72ea61d5
vault: convert TokenStore to logical/framework
2015-03-31 12:48:19 -07:00
c8294170cc
vault: test bad key to seal
2015-03-31 10:00:04 -07:00
0666bda865
vault: require root token for seal
2015-03-31 09:59:02 -07:00
04c80a81bc
vault: add seal to the sys backend
2015-03-31 09:36:13 -07:00
d4509b0ee3
vault: keep the connection info around for auth
2015-03-30 20:55:01 -07:00
c9acfa17cb
vault: get rid of HangleLogin
2015-03-30 20:26:39 -07:00
69593cde56
remove credential/ lots of tests faililng
2015-03-30 18:07:05 -07:00
62ee621ea3
logical: move cred stuff over here
2015-03-30 17:46:18 -07:00
e9a3a34c27
vault: tests passing
2015-03-29 16:18:08 -07:00
4cacaf62f0
http: support auth
2015-03-29 16:14:54 -07:00
5517910829
vault: Make audit/ a protected path
2015-03-27 14:00:57 -07:00
042db7798e
vault: Adding basic audit table load/unload
2015-03-27 14:00:38 -07:00
609ac4c562
vault: Allow passing in audit factory methods
2015-03-27 13:45:13 -07:00
9a4946f115
vault: Testing core ACL enforcement
2015-03-24 15:55:27 -07:00
23864839bb
vault: testing root privilege restrictions
2015-03-24 15:52:07 -07:00
fe402cdd87
vault: ignore a nil policy object, as it has no permissions
2015-03-24 15:49:17 -07:00
b354f03cb2
vault: adding auth/token/lookup/ support
2015-03-24 15:39:33 -07:00
4a4d1d3e45
vault: adding auth/token/revoke/ and auth/token/revoke-orphan/
2015-03-24 15:30:09 -07:00
26f05f7a20
vault: Passthrough of client token to token store
2015-03-24 15:12:52 -07:00
6fd3cae2c2
vault: Adding auth/token/create endpoint
2015-03-24 15:10:46 -07:00
b5332404d1
vault: Allow providing token ID during creation
2015-03-24 14:22:50 -07:00
b41d2e6368
vault: utility string set methods
2015-03-24 13:56:07 -07:00
493fbc12fc
vault: utility string search methods
2015-03-24 13:44:47 -07:00
49df1570d6
vault: test missing and invalid tokens
2015-03-24 11:57:08 -07:00
20c2375352
vault: Adding ACL enforcement
2015-03-24 11:37:07 -07:00
43a99aec93
vault: Special case root policy
2015-03-24 11:27:21 -07:00
4598e43140
vault: Adding ClientToken
2015-03-24 11:09:25 -07:00
65ef4f1032
vault: wire tokens into expiration manager
2015-03-23 18:11:15 -07:00
86c9bd9083
vault: Give expiration manager a token store reference
2015-03-23 18:00:14 -07:00
6481ff9e34
vault: Generate a root token when initializing
2015-03-23 17:31:30 -07:00
cd3ee5cc03
vault: Remove core reference
2015-03-23 17:29:36 -07:00
Armon Dadgar