luxolus
/
open-vault
2
0
Fork 0
Code Issues 1 Pull Requests Releases Activity
6,568 Commits 1 Branch 0 Tags 214 MiB
Commit Graph

41 Commits

Author SHA1 Message Date
Chris Hoffman e4065e33d2 copying general purpose tools from transit backend to /sys/tools (#3391) 2017-10-20 10:59:17 -04:00
Brian Kassouf a8d9426d9f Update locking components from DR replication changes (#3283) 
* Update locking components from DR replication changes

* Fix plugin backend test

* Add a comment about needing the statelock:
 2017-09-04 19:38:37 -04:00
Jeff Mitchell 654e7d92ac Properly lowercase policy names. (#3210) 
Previously we lowercased names on ingress but not on lookup or delete
which could cause unexpected results. Now, just unilaterally lowercase
policy names on write and delete. On get, to avoid the performance hit
of always lowercasing when not necessary since it's in the critical
path, we have a minor optimization -- we check the LRU first before
normalizing. For tokens, because they're already normalized when adding
policies during creation, this should always work; it might just be
slower for API calls.

Fixes #3187
 2017-08-18 19:47:23 -04:00
Jeff Mitchell a9b1d699d0 Make sys/wrapping/lookup unauthenticated. (#3084) 
We still perform validation on the token, so if the call makes it
through to this endpoint it's got a valid token (either explicitly
specified in data or as the request token). But this allows
introspection for sanity/safety checking without revoking the token in
the process.
 2017-07-31 16:16:16 -04:00
Jeff Mitchell f3f4452334 Revert "Remove wrapping/wrap from default policy and add a note about guarantees (#2957)" (#3008) 
This reverts commit b2d2459711d9cb7552daf1cc2330c07d31ef4f51.
 2017-07-13 18:47:29 -04:00
Jeff Mitchell 2c6b7db279 Remove wrapping/wrap from default policy and add a note about guarantees (#2957) 2017-07-13 15:29:04 -07:00
Jeff Mitchell 7250b3d01e Fix comment typo 2017-05-03 20:25:55 -04:00
Jeff Mitchell b7128f53a8 Add sys/leases/lookup and sys/leases/renew to the default policy 2017-05-03 20:22:16 -04:00
Jeff Mitchell f3bee3550c Remove now-unnecessary stanza from default policy 2017-02-16 23:30:38 -05:00
Jeff Mitchell 494b4c844b More porting from rep (#2389) 
* More porting from rep

* Address feedback
 2017-02-16 20:13:19 -05:00
Jeff Mitchell 9e5d1eaac9 Port some updates 2017-01-06 15:42:18 -05:00
Jeff Mitchell b45a481365 Wrapping enhancements (#1927) 2016-09-28 21:01:28 -07:00
Jeff Mitchell 065da5fd69 Migrate default policy to a const 2016-08-08 18:33:31 -04:00
Jeff Mitchell ab71b981ad Add ability to specify renew lease ID in POST body. 2016-08-08 18:00:44 -04:00
Jeff Mitchell 796c93a8b0 Add sys/renew to default policy 2016-08-08 17:32:30 -04:00
Jeff Mitchell ac62b18d56 Make `capabilities-self` part of the default policy. 
Fixes #1695
 2016-08-08 10:00:01 -04:00
Laura Bennett eb75afe54d minor edit for error statement 2016-07-25 13:29:57 -04:00
Laura Bennett 7e29cf1cae edits based on comments in PR 2016-07-25 09:46:10 -04:00
Laura Bennett 395f052870 minor error correction 2016-07-24 22:35:54 -04:00
Laura Bennett 9ea1c8b801 initial commit for nonAssignablePolicies 2016-07-24 22:27:41 -04:00
Jeff Mitchell 9f6c5bc02a cubbyhole-response-wrapping -> response-wrapping 2016-06-10 13:48:46 -04:00
Jeff Mitchell c4431a7e30 Address most review feedback. Change responses to multierror to better return more useful values when there are multiple errors 2016-05-16 16:11:33 -04:00
Jeff Mitchell c52d352332 Merge branch 'master-oss' into cubbyhole-the-world 2016-05-07 16:40:04 -04:00
Jeff Mitchell 6f7409bb49 Slightly nicer check for LRU in policy store 2016-05-02 22:36:44 -04:00
Jeff Mitchell fe1f56de40 Make a non-caching but still locking variant of transit for when caches are disabled 2016-05-02 22:36:44 -04:00
Jeff Mitchell 8572190b64 Plumb disabling caches through the policy store 2016-05-02 22:36:44 -04:00
Jeff Mitchell aba689a877 Add wrapping through core and change to use TTL instead of Duration. 2016-05-02 00:47:35 -04:00
Jeff Mitchell 1394555a4d Add listing of cubbyhole's root to the default policy. 
This allows `vault list cubbyhole` to behave as expected rather than
requiring `vault list cubbyhole/`. It could be special cased in logic,
but it also serves as a model for the same behavior in e.g. `generic`
mounts where special casing is not possible due to unforeseen mount
paths.
 2016-02-03 13:50:47 -05:00
Jeff Mitchell b830e29449 Use capabilities rather than policies in default policy. Also add cubbyhole to it. 2016-01-16 18:02:31 -05:00
Jeff Mitchell 2412c078ac Also convert policy store cache to 2q. 
Ping #908
 2016-01-07 09:26:08 -05:00
Jeff Mitchell d6693129de Create a "default" policy with sensible rules. 
It is forced to be included with each token, but can be changed (but not
deleted).

Fixes #732
 2015-11-09 15:44:09 -05:00
Jeff Mitchell 7aa3faa626 Rename core's 'policy' to 'policyStore' for clarification 2015-11-06 12:07:42 -05:00
Jeff Mitchell c460ff10ca Push a lot of logic into Router to make a bunch of it nicer and enable a 
lot of cleanup. Plumb config and calls to framework.Backend.Setup() into
logical_system and elsewhere, including tests.
 2015-09-10 15:09:54 -04:00
Armon Dadgar 03be7a5999 vault: upgrade old policies with implicit glob 2015-07-05 19:14:15 -06:00
Armon Dadgar 512b3d7afd vault: Adding metrics profiling 2015-04-08 16:43:17 -07:00
Armon Dadgar a8d4319ad5 vault: Update LRU on GetPolicy 2015-04-06 16:43:05 -07:00
Armon Dadgar f022ec97c4 vault: Adding policy LRU cache 2015-04-06 16:41:48 -07:00
Armon Dadgar 28bc849fd9 vault: Attach policy name if missing 2015-04-01 17:45:00 -07:00
Armon Dadgar 43a99aec93 vault: Special case root policy 2015-03-24 11:27:21 -07:00
Armon Dadgar 6e22ca50eb vault: integrate policy and token store into core 2015-03-18 14:00:42 -07:00
Armon Dadgar 51ce336753 vault: Adding PolicyStore 2015-03-18 12:17:03 -07:00