Brian Kassouf
81a86f48e8
Backport some OSS changes ( #10267 )
...
* Backport some OSS changes
* go mod vendor
2020-10-29 16:47:34 -07:00
Brian Kassouf
84dbca38a1
Revert "Migrate internalshared out ( #9727 )" ( #10141 )
...
This reverts commit ee6391b691ac12ab6ca13c3912404f1d3a842bd6.
2020-10-13 16:38:21 -07:00
Jeff Mitchell
e6881c8147
Migrate internalshared out ( #9727 )
...
* Migrate internalshared out
* fix merge issue
* fix merge issue
* go mod vendor
Co-authored-by: Brian Kassouf <bkassouf@hashicorp.com>
2020-10-12 11:56:24 -07:00
Mark Gritter
c4dbbccef3
Remove namespace from mount_point label. ( #9436 )
...
* Remove namespace from mount_point label.
* Fix the other two places where vault.token.creation is emitted.
2020-07-14 14:28:11 -05:00
Javier Ramos
16070564cb
Calculate percentage when displaying progress in tidy operation ( #9233 )
...
* Calculate percentage when displaying progress in tidy operation
* Update vault/token_store.go
Co-authored-by: Calvin Leung Huang <cleung2010@gmail.com>
* Update vault/token_store.go
Co-authored-by: Calvin Leung Huang <cleung2010@gmail.com>
Co-authored-by: Calvin Leung Huang <cleung2010@gmail.com>
2020-06-26 12:44:45 -07:00
Mark Gritter
97d415d024
Token gauge metrics implementation. ( #9239 )
...
* Token gauge metrics implementation.
* Enable gauges only when interval is nonzero.
* Added count by TTL
* Yandle "in restore mode" error specifically.
* Refactored initialization code for gauge collection processes.
* Fixed for multiple namespaces.
* Ability to disable individual gauges with environment variable.
* changelog++
2020-06-23 18:36:24 -05:00
Mark Gritter
50b388a93c
Changes to expiration manager to walk tokens ( #9182 )
...
* Changes to expiration manager to walk tokens (including non-expiring ones.)
* Count by namespace in token manager.
* Keep a dictionary of policy lists and deduplicate based on it.
2020-06-15 18:54:36 -05:00
Mark Gritter
475fe0eede
Token creation counters ( #9052 )
...
* Add token creation counters.
* Created a utility to change TTL to bucket name.
* Add counter covering token creation for response wrapping.
* Fix namespace label, with a new utility function.
2020-06-02 13:40:54 -05:00
Calvin Leung Huang
ec8448ab56
token: disallow periods on custom token IDs ( #8646 )
...
* token: disallow periods on custom token IDs
* docs: update token API docs
2020-04-27 09:39:33 -07:00
ncabatoff
d3ff2684bb
Fix panic when creating batch tokens for role that doesn't exist. ( #8021 )
2019-12-16 09:31:32 -05:00
Jeff Mitchell
f2f984557e
Add ability to renew by accessor ( #7817 )
...
* Add renewing by accessor
* Add accessor renewing test and fix bug
* Update website docs
* Remove extra newline
* Add command-level test
2019-11-08 11:32:01 -05:00
Brian Kassouf
d05b401cd8
Update token_store.go
2019-10-28 09:31:58 -07:00
Jack Kleeman
65c67dd6f3
Add a counter for root token creation ( #7172 )
...
It would be useful to be able to page on root token creation. This PR
adds a counter which increments on this event.
2019-10-28 09:30:11 -07:00
Lexman
c86fe212c0
oss changes for entropy augmentation feature ( #7670 )
...
* oss changes for entropy augmentation feature
* fix oss command/server/config tests
* update go.sum
* fix logical_system and http/ tests
* adds vendored files
* removes unused variable
2019-10-17 10:33:00 -07:00
Jeff Mitchell
9816963355
Move SudoPrivilege out of SystemView ( #7266 )
...
* Move SudoPrivilege out of SystemView
We only use this in token store and it literally doesn't work anything
that isn't the token store or system mount, so we should stop exposing
something that doesn't work.
* Reconcile extended system view with sdk/logical a bit and put an explanation for why SudoPrivilege isn't moved over
2019-08-26 10:23:46 -04:00
Jeff Mitchell
16479c503d
Fix another backwards compat issue
2019-07-03 00:11:51 -04:00
Jeff Mitchell
fd856bdd24
Fix some compatibility ( #7048 )
2019-07-02 23:29:42 -04:00
Michel Vocks
2b5aca4300
Token identity support ( #6267 )
...
* Implemented token backend support for identity
* Fixed tests
* Refactored a few checks for the token entity overwrite. Fixed tests.
* Moved entity alias check up so that the entity and entity alias is only created when it has been specified in allowed_entity_aliases list
* go mod vendor
* Added glob pattern
* Optimized allowed entity alias check
* Added test for asterisk only
* Changed to glob pattern anywhere
* Changed response code in case of failure. Changed globbing pattern check. Added docs.
* Added missing token role get parameter. Added more samples
* Fixed failing tests
* Corrected some cosmetical review points
* Changed response code for invalid provided entity alias
* Fixed minor things
* Fixed failing test
2019-07-01 11:39:54 +02:00
Jeff Mitchell
5435645bb6
Fix upgrade logic with tokenutil ( #7026 )
...
If only a non-_token field is provided we don't want to clear out the
Token version of the params, we want to set both. Otherwise we can't
rely on using the Token version of the parameter when creating the Auth
struct.
2019-06-30 14:24:41 -04:00
Jeff Mitchell
fe7bb0b630
Standardize how we format deprecated values in traditional path-help ( #7007 )
2019-06-27 14:52:52 -04:00
Jeff Mitchell
8ae4149703
Update description field for some token store role values to be accurate
2019-06-18 11:33:56 -04:00
Jeff Mitchell
402ba1b0f0
Tokenhelper v2 ( #6662 )
...
This provides an sdk util for common token fields and parsing and plumbs it into token store roles.
2019-06-14 10:17:04 -04:00
Jeff Mitchell
213b9fd1cf
Update to api 1.0.1 and sdk 0.1.8
2019-04-15 14:10:07 -04:00
Jeff Mitchell
9ebc57581d
Switch to go modules ( #6585 )
...
* Switch to go modules
* Make fmt
2019-04-13 03:44:06 -04:00
Jeff Mitchell
8d6ce1ffb5
Move policyutil to sdk
2019-04-12 18:08:46 -04:00
Jeff Mitchell
8bcb533a1b
Create sdk/ and api/ submodules ( #6583 )
2019-04-12 17:54:35 -04:00
Jeff Mitchell
9193792773
Sync over
2019-03-18 09:33:01 -04:00
Michel Vocks
ce832e402a
Fixed ignored empty value set on token role update call ( #6314 )
...
* Fixed ignored empty value set on token role update call
* Made a pre-check a bit more elegant. Updated tests
2019-03-04 09:39:29 -08:00
Vishal Nayak
d514ff573a
Set orphan status in the token creation response ( #6320 )
2019-03-01 18:55:58 -05:00
Jeff Mitchell
bbc1d53a5d
Revert "Refactor common token fields and operations into a helper ( #5953 )"
...
This reverts commit 66c226c593bb1cd48cfd8364ac8510cb42b7d67a.
2019-02-01 11:23:40 -05:00
Jeff Mitchell
85a560abba
Refactor common token fields and operations into a helper ( #5953 )
2019-01-30 16:23:28 -05:00
Jeff Mitchell
440ef3b42e
Fix bound cidrs propagation
2019-01-15 10:55:36 -05:00
Jeff Mitchell
78b4ff570f
Expose error so warning about not decoding accessors is more useful ( #6034 )
2019-01-14 09:55:49 -08:00
Vishal Nayak
1119f47e13
Cubbyhole cleanup ( #6006 )
...
* fix cubbyhole deletion
* Fix error handling
* Move the cubbyhole tidy logic to token store and track the revocation count
* Move fetching of cubby keys before the tidy loop
* Fix context getting cancelled
* Test the cubbyhole cleanup logic
* Add progress counter for cubbyhole cleanup
* Minor polish
* Use map instead of slice for faster computation
* Add test for cubbyhole deletion
* Add a log statement for deletion
* Add SHA1 hashed tokens into the mix
2019-01-09 10:53:41 -08:00
Jim Kalafut
2547d7fb6a
Simplify base62.Random ( #5982 )
...
Also move existing base62 encode/decode operations to their only points
of use.
2018-12-20 07:40:01 -08:00
Jeff Mitchell
127413461b
Remove token store paths with token/accessors in URLs ( #5773 )
2018-11-19 16:58:19 -05:00
Vishal Nayak
b4836575fb
Test for issue 5729 ( #5750 )
...
* Test for 5729
* Remove unneeded space
Co-Authored-By: vishalnayak <vishalnayak@users.noreply.github.com>
2018-11-13 11:16:10 -05:00
Jeff Mitchell
8b6b344d86
Add `default-service`/`default-batch` to token store roles ( #5711 )
2018-11-07 09:45:09 -05:00
Becca Petrin
7bd22e6779
Run all builtins as plugins ( #5536 )
2018-11-06 17:21:24 -08:00
Jim Kalafut
b1bc2a6b2b
Fix a few vet warnings ( #5674 )
2018-11-02 13:21:44 -07:00
Vishal Nayak
5818977dca
Deprecate SHA1 in token store ( #770 )
...
* Deprecate SHA1 in token store
* Fallback to SHA1 for user selected IDs
* Fix existing tests
* Added warning
* Address some review feedback and remove root token prefix
* Tests for service token prefixing
* Salting utility tests
* Adjust OTP length for root token generation
* Fix tests
* Address review feedback
2018-10-17 13:23:04 -07:00
Jeff Mitchell
a64fc7d7cb
Batch tokens ( #755 )
2018-10-15 12:56:24 -04:00
Brian Kassouf
8f212d702d
replication: Fix DR API checks when using a token ( #5398 )
2018-09-25 13:27:57 -07:00
Jim Kalafut
343c72dbe1
Detect and bypass cycles during token revocation ( #5364 )
...
Fixes #4803
2018-09-20 14:56:38 -07:00
Jeff Mitchell
919b968c27
The big one ( #5346 )
2018-09-17 23:03:00 -04:00
Jeff Mitchell
f692c1e3a9
Revert "Detect and bypass cycles during token revocation ( #5335 )"
...
This reverts commit 00314eb4d1c5609a1935f653dc6f2fc83c0bfcc0.
2018-09-17 14:10:57 -04:00
Jim Kalafut
0ae6ec52b8
Detect and bypass cycles during token revocation ( #5335 )
...
Fixes #4803
2018-09-17 08:55:12 -07:00
Becca Petrin
b2ff87c9c2
Poll for new creds in the AWS auth agent ( #5300 )
2018-09-12 13:30:57 -07:00
Jeff Mitchell
c28ed23972
Allow most parts of Vault's logging to have its level changed on-the-fly ( #5280 )
...
* Allow most parts of Vault's logging to have its level changed on-the-fly
* Use a const for not set
2018-09-05 15:52:54 -04:00
Chris Hoffman
d8b1d19ed6
Plumbing request context through to expiration manager ( #5021 )
...
* plumbing request context to expiration manager
* moar context
* address feedback
* only using active context for revoke prefix
* using active context for revoke commands
* cancel tidy on active context
* address feedback
2018-08-01 21:39:39 -04:00