Commit graph

50 commits

Author SHA1 Message Date
Jeff Mitchell 4a3fe87a39
Allow max request size to be user-specified (#4824)
* Allow max request size to be user-specified

This turned out to be way more impactful than I'd expected because I
felt like the right granularity was per-listener, since an org may want
to treat external clients differently from internal clients. It's pretty
straightforward though.

This also introduces actually using request contexts for values, which
so far we have not done (using our own logical.Request struct instead),
but this allows non-logical methods to still get this benefit.

* Switch to ioutil.ReadAll()
2018-07-06 15:44:56 -04:00
Jeff Mitchell 5d44c54947
Changes the way policies are reported in audit logs (#4747)
* This changes the way policies are reported in audit logs.

Previously, only policies tied to tokens would be reported. This could
make it difficult to perform after-the-fact analysis based on both the
initial response entry and further requests. Now, the full set of
applicable policies from both the token and any derived policies from
Identity are reported.

To keep things consistent, token authentications now also return the
full set of policies in api.Secret.Auth responses, so this both makes it
easier for users to understand their actual full set, and it matches
what the audit logs now report.
2018-06-14 09:49:33 -04:00
Becca Petrin 03cf302e9a Move to "github.com/hashicorp/go-hclog" (#4227)
* logbridge with hclog and identical output

* Initial search & replace

This compiles, but there is a fair amount of TODO
and commented out code, especially around the
plugin logclient/logserver code.

* strip logbridge

* fix majority of tests

* update logxi aliases

* WIP fixing tests

* more test fixes

* Update test to hclog

* Fix format

* Rename hclog -> log

* WIP making hclog and logxi love each other

* update logger_test.go

* clean up merged comments

* Replace RawLogger interface with a Logger

* Add some logger names

* Replace Trace with Debug

* update builtin logical logging patterns

* Fix build errors

* More log updates

* update log approach in command and builtin

* More log updates

* update helper, http, and logical directories

* Update loggers

* Log updates

* Update logging

* Update logging

* Update logging

* Update logging

* update logging in physical

* prefixing and lowercase

* Update logging

* Move phyisical logging name to server command

* Fix som tests

* address jims feedback so far

* incorporate brians feedback so far

* strip comments

* move vault.go to logging package

* update Debug to Trace

* Update go-plugin deps

* Update logging based on review comments

* Updates from review

* Unvendor logxi

* Remove null_logger.go
2018-04-02 17:46:59 -07:00
Brian Kassouf c5cfb8eea1
http: Add a method for returning a 404 with data (#3994)
* Add a method for returning a 404 with data

* Pass the full resp object through to respond raw

* Add comment

* Refactor so it works across plugin gRPC

* Handle some review comments

* Pass request object instead of request ID
2018-02-21 14:22:21 -08:00
Vishal Nayak f7ed6732a5 Porting identity store (#3419)
* porting identity to OSS

* changes that glue things together

* add testing bits

* wrapped entity id

* fix mount error

* some more changes to core

* fix storagepacker tests

* fix some more tests

* fix mount tests

* fix http mount tests

* audit changes for identity

* remove upgrade structs on the oss side

* added go-memdb to vendor
2017-10-11 10:21:20 -07:00
Jeff Mitchell fdaaaadee2 Migrate physical backends into separate packages (#3106) 2017-08-03 13:24:27 -04:00
Chris Hoffman 3d9cf89ad6 Add the ability to view and list of leases metadata (#2650) 2017-05-03 22:03:42 -04:00
Jeff Mitchell 62e8d0b359 Internally append trailing slash for all LIST operations. (#2390)
Fixes #2385
2017-02-16 23:23:32 -05:00
Jeff Mitchell 0c39b613c8 Port some replication bits to OSS (#2386) 2017-02-16 15:15:02 -05:00
Jeff Mitchell 69eb5066dd Multi value test seal (#2281) 2017-01-17 15:43:10 -05:00
Armon Dadgar c8dadb46ec http: limit maximum request size 2016-11-17 12:06:43 -08:00
Jeff Mitchell f0203741ff Change default TTL from 30 to 32 to accommodate monthly operations (#1942) 2016-09-28 18:32:49 -04:00
Jeff Mitchell 58b32e5432 Convert to logxi 2016-08-21 18:13:37 -04:00
Jeff Mitchell 37320f8798 Request forwarding (#1721)
Add request forwarding.
2016-08-15 09:42:42 -04:00
Jeff Mitchell bcb4ab5422 Add periodic support for root/sudo tokens to auth/token/create 2016-08-12 21:14:12 -04:00
Jeff Mitchell 82b3d136e6 Don't mark never-expiring root tokens as renewable 2016-08-05 11:15:25 -04:00
vishalnayak c17534d527 Fix request_id test failures 2016-07-26 18:30:13 -04:00
vishalnayak ad7cb2c8f1 Added JSON Decode and Encode helpers.
Changed all the occurances of Unmarshal to use the helpers.
Fixed http/ package tests.
2016-07-06 12:25:40 -04:00
Jeff Mitchell 889ff24ccf Fix up error detection regression to return correct status codes 2016-06-22 17:47:05 -04:00
Jeff Mitchell ce5614bf9b Merge branch 'master-oss' into cubbyhole-the-world 2016-05-11 19:29:52 -04:00
Jeff Mitchell aecc3ad824 Add explicit maximum TTLs to token store roles. 2016-05-11 16:51:18 -04:00
Jeff Mitchell aba689a877 Add wrapping through core and change to use TTL instead of Duration. 2016-05-02 00:47:35 -04:00
Sean Chittenden aeea7628d6 Add a *log.Logger argument to physical.Factory
Logging in the backend is a good thing.  This is a noisy interface change but should be a functional noop.
2016-04-25 20:10:32 -07:00
Jeff Mitchell fa2ba47a5c Merge branch 'master' into token-roles 2016-03-09 17:23:34 -05:00
vishalnayak f478cc57e0 fix all the broken tests 2016-03-09 13:45:36 -05:00
Jeff Mitchell cc1f5207b3 Merge branch 'master' into token-roles 2016-03-07 10:03:54 -05:00
Jeff Mitchell 7b4478faba Add a sleep in the RedirectStandby test to try to fix raciness 2016-03-02 12:06:16 -05:00
Jeff Mitchell df2e337e4c Update tests to add expected role parameters 2016-03-01 12:41:40 -05:00
Jeff Mitchell ff3adce39e Make "ttl" reflect the actual TTL of the token in lookup calls.
Add a new value "creation_ttl" which holds the value at creation time.

Fixes #986
2016-02-01 11:16:32 -05:00
Jeff Mitchell 88310ca538 Fix up unit tests to expect new values 2016-01-29 19:36:56 -05:00
Jeff Mitchell f6ff39ffb0 Fix StandbyRedirect test 2015-12-17 13:58:16 -05:00
Jeff Mitchell 7ce8aff906 Address review feedback 2015-12-14 17:58:30 -05:00
Jeff Mitchell ced0835574 Allow separate HA physical backend.
With no separate backend specified, HA will be attempted on the normal
physical backend.

Fixes #395.
2015-12-14 07:59:58 -05:00
Jeff Mitchell 5783f547ab Display whether a token is an orphan on lookup. 2015-11-09 13:19:59 -05:00
Jeff Mitchell 7aa3faa626 Rename core's 'policy' to 'policyStore' for clarification 2015-11-06 12:07:42 -05:00
Jeff Mitchell c7cec2aabc Add unit tests 2015-10-07 20:17:06 -04:00
Jeff Mitchell d775445efe Store token creation time and TTL. This can be used to properly populate
fields in 'lookup-self'. Importantly, this also makes credential
backends use the SystemView per-backend TTL values and fixes unit tests
to expect this.

Fully fixes #527
2015-09-18 16:39:35 -04:00
Jeff Mitchell a8ef0e8a80 Remove cookie authentication. 2015-08-21 19:46:23 -07:00
Armon Dadgar 8ee5aebb3c vault: testing raw responses 2015-05-27 14:19:12 -07:00
Seth Vargo 95c8001388 Disable mlock in tests 2015-04-28 22:18:00 -04:00
Armon Dadgar d258be6093 http: avoid authenticating as new token for auth/token/create 2015-04-27 15:17:59 -07:00
Armon Dadgar 6f5b4637fb http: support standby redirects 2015-04-19 13:47:57 -07:00
Armon Dadgar 466c7575d3 Replace VaultID with LeaseID for terminology simplification 2015-04-08 13:35:32 -07:00
Mitchell Hashimoto 37f58dec59 http: logical delete support 2015-04-07 11:04:06 -07:00
Mitchell Hashimoto 2c1d334156 http: fix tests 2015-04-04 17:42:19 -07:00
Mitchell Hashimoto 4e8efbbd48 http: respondCommon to do common responses 2015-03-31 21:29:53 -07:00
Mitchell Hashimoto 4cacaf62f0 http: support auth 2015-03-29 16:14:54 -07:00
Armon Dadgar e85cd66b30 all: Removing fields from Lease 2015-03-16 13:29:51 -07:00
Mitchell Hashimoto 341d71c91d http: 404 if reading secret that doesn't exist 2015-03-15 19:42:24 -07:00
Mitchell Hashimoto 742923452b http: generic read/write endpoint for secrets 2015-03-15 19:35:04 -07:00