Commit graph

32 commits

Author SHA1 Message Date
Jeff Mitchell f7147025dd
Migrate to sdk/internalshared libs in go-secure-stdlib (#12090)
* Swap sdk/helper libs to go-secure-stdlib

* Migrate to go-secure-stdlib reloadutil

* Migrate to go-secure-stdlib kv-builder

* Migrate to go-secure-stdlib gatedwriter
2021-07-15 20:17:31 -04:00
Brian Kassouf 303c2aee7c
Run a more strict formatter over the code (#11312)
* Update tooling

* Run gofumpt

* go mod vendor
2021-04-08 09:43:39 -07:00
Jeff Mitchell 213b9fd1cf Update to api 1.0.1 and sdk 0.1.8 2019-04-15 14:10:07 -04:00
Jeff Mitchell 9ebc57581d
Switch to go modules (#6585)
* Switch to go modules

* Make fmt
2019-04-13 03:44:06 -04:00
Jeff Mitchell 8bcb533a1b
Create sdk/ and api/ submodules (#6583) 2019-04-12 17:54:35 -04:00
Jim Kalafut d0e2badbae Run goimports across the repository (#6010)
The result will still pass gofmtcheck and won't trigger additional
changes if someone isn't using goimports, but it will avoid the
piecemeal imports changes we've been seeing.
2019-01-08 16:48:57 -08:00
Becca Petrin b3b7fba67e
Release database resources on each iteration of a loop (#4305) 2018-04-17 16:31:09 -07:00
Chris Hoffman a7ada08b3b
Core handling of TTLs (#4230)
* govet cleanup in token store

* adding general ttl handling to login requests

* consolidating TTL calculation to system view

* deprecate LeaseExtend

* deprecate LeaseExtend

* set the increment to the correct value

* move calculateTTL out of SystemView

* remove unused value

* add back clearing of lease id

* implement core ttl in some backends

* removing increment and issue time from lease options

* adding ttl tests, fixing some compile issue

* adding ttl tests

* fixing some explicit max TTL logic

* fixing up some tests

* removing unneeded test

* off by one errors...

* adding back some logic for bc

* adding period to return on renewal

* tweaking max ttl capping slightly

* use the appropriate precision for ttl calculation

* deprecate proto fields instead of delete

* addressing feedback

* moving TTL handling for backends to core

* mongo is a secret backend not auth

* adding estimated ttl for backends that also manage the expiration time

* set the estimate values before calling the renew request

* moving calculate TTL to framework, revert removal of increment and issue time from logical

* minor edits

* addressing feedback

* address more feedback
2018-04-03 12:20:20 -04:00
Josh Soref 73b1fde82f Spelling (#4119) 2018-03-20 14:54:10 -04:00
Brian Kassouf 2f19de0305 Add context to storage backends and wire it through a lot of places (#3817) 2018-01-19 01:44:44 -05:00
Jeff Mitchell c231479a18
Fix max_ttl not being honored in database backend when default_ttl is zero (#3814)
Fixes #3812
2018-01-18 01:43:38 -05:00
Brian Kassouf 1c190d4bda
Pass context to backends (#3750)
* Start work on passing context to backends

* More work on passing context

* Unindent logical system

* Unindent token store

* Unindent passthrough

* Unindent cubbyhole

* Fix tests

* use requestContext in rollback and expiration managers
2018-01-08 10:31:38 -08:00
Jim Weber a2d6624a69 renamed rolname to role 2016-10-03 15:57:47 -04:00
Jim Weber dbb00534d9 saving role name to the Secret Internal data. Default revoke query added
The rolename is now saved to the secret internal data for fetching
later during the user revocation process. No longer deriving the role
name from request path

Added support for default revoke SQL statements that will provide the
same functionality as before. If not revoke SQL statements are provided
the default statements are used.

Cleaned up personal ignores from the .gitignore file
2016-10-02 18:53:16 -04:00
Jeff Mitchell 9e204bd88c Add arbitrary string slice parsing.
Like the KV function, this supports either separated strings or JSON
strings, base64-encoded or not.

Fixes #1619 in theory.
2016-08-03 14:24:16 -04:00
Nathan J. Mehl ea294f1d27 use both role name and token display name to form mysql username 2016-07-20 10:17:00 -07:00
Nathan J. Mehl 0483457ad2 respond to feedback from @vishalnayak
- split out usernameLength and displaynameLength truncation values,
  as they are different things

- fetch username and displayname lengths from the role, not from
  the request parameters

- add appropriate defaults for username and displayname lengths
2016-07-20 06:36:51 -07:00
Nathan J. Mehl 314a5ecec0 allow overriding the default truncation length for mysql usernames
see https://github.com/hashicorp/vault/issues/1605
2016-07-12 17:05:43 -07:00
Nathan J. Mehl 2cf4490b37 use role name rather than token displayname in generated mysql usernames
If a single token generates multiple myself roles, the generated mysql
username was previously prepended with the displayname of the vault
user; this makes the output of `show processlist` in mysql potentially
difficult to correlate with the roles actually in use without cross-
checking against the vault audit log.

See https://github.com/hashicorp/vault/pull/1603 for further discussion.
2016-07-10 15:57:47 -07:00
Jeff Mitchell 934e60c3c9 Add stmt close calls 2016-06-29 17:39:47 -04:00
Jeff Mitchell a56f79adcb Run prepare on the transaction, not the db 2016-06-29 17:20:41 -04:00
Jeff Mitchell d3a705f17b Make backends much more consistent:
1) Use the new LeaseExtend
2) Use default values controlled by mount tuning/system defaults instead
of a random hard coded value
3) Remove grace periods
2016-01-29 20:03:37 -05:00
Jeff Mitchell 9c5ad28632 Update deps, and adjust usage of go-uuid to match new return values 2016-01-13 13:40:08 -05:00
Jeff Mitchell f2da5b639f Migrate 'uuid' to 'go-uuid' to better fit HC naming convention 2015-12-16 12:56:20 -05:00
Jeff Mitchell a9155ef85e Use split-out hashicorp/uuid 2015-10-12 14:07:12 -04:00
Jeff Mitchell 5695d57ba0 Merge pull request #561 from hashicorp/fix-wild-cards
Allow hyphens in endpoint patterns of most backends
2015-08-21 11:40:42 -07:00
vishalnayak 6c2927ede0 Vault: Fix wild card paths for all backends 2015-08-21 00:56:13 -07:00
Jeff Mitchell 93ef9a54bd Internally refactor Lease/LeaseGracePeriod into TTL/GracePeriod 2015-08-20 18:00:51 -07:00
Armon Dadgar 8bc99f8c23 helper/uuid: single generateUUID definition 2015-06-30 12:38:32 -07:00
Armon Dadgar 50879eb2e5 mysql: cleanup 2015-04-27 11:31:11 -07:00
Armon Dadgar e378f5c4a2 secret/mysql: fixing mysql oddities 2015-04-25 12:56:11 -07:00
Armon Dadgar 57e66f3b6c secret/mysql: initial pass at mysql secret backend 2015-04-25 12:05:26 -07:00