ab7d35b95e
Fix up per-backend timing logic; also fix error in TypeDurationSecond in
...
GetOkErr.
2015-09-21 09:55:03 -04:00
b655f6b858
Add HMAC capability to salt. Pass a salt into audit backends. Require it for audit.Hash.
2015-09-18 17:38:22 -04:00
7f640c4374
Error on violating SysView boundaries
2015-09-17 11:24:46 -04:00
6a4089b2a8
Vault userpass: Enable renewals for login tokens
2015-09-16 23:55:35 -04:00
77e7379ab5
Implement the cubbyhole backend
...
In order to implement this efficiently, I have introduced the concept of
"singleton" backends -- currently, 'sys' and 'cubbyhole'. There isn't
much reason to allow sys to be mounted at multiple places, and there
isn't much reason you'd need multiple per-token storage areas. By
restricting it to just one, I can store that particular mount instead of
iterating through them in order to call the appropriate revoke function.
Additionally, because revocation on the backend needs to be triggered by
the token store, the token store's salt is kept in the router and
client tokens going to the cubbyhole backend are double-salted by the
router. This allows the token store to drive when revocation happens
using its salted tokens.
2015-09-15 13:50:37 -04:00
fb07cf9f53
Implement clean up routine to backend as some backends may require
...
e.g closing database connections on unmount to avoud connection
stacking.
2015-09-11 11:45:58 +03:00
488d33c70a
Rejig how dynamic values are represented in system view and location of some functions in various packages; create mount-tune command and API analogues; update documentation
2015-09-10 15:09:54 -04:00
4239f9d243
Add DynamicSystemView. This uses a pointer to a pointer to always have
...
up-to-date information. This allows remount to be implemented with the
same source and dest, allowing mount options to be changed on the fly.
If/when Vault gains the ability to HUP its configuration, this should
just work for the global values as well.
Need specific unit tests for this functionality.
2015-09-10 15:09:54 -04:00
b74fa8c888
Make DefaultSystemView StaticSystemView with statically-configured information. Export this from Framework to make it easy to override for testing.
2015-08-27 11:25:07 -07:00
7c2bbe4c7f
Use a SystemView interface and turn SystemConfig into DefaultSystemView
2015-08-27 10:36:44 -07:00
e58553e7d5
Plumb the system configuration information up into framework
2015-08-27 09:41:03 -07:00
5695d57ba0
Merge pull request #561 from hashicorp/fix-wild-cards
...
Allow hyphens in endpoint patterns of most backends
2015-08-21 11:40:42 -07:00
6c2927ede0
Vault: Fix wild card paths for all backends
2015-08-21 00:56:13 -07:00
ea9fbb90bc
Rejig Lease terminology internally; also, put a few JSON names back to their original values
2015-08-20 22:27:01 -07:00
93ef9a54bd
Internally refactor Lease/LeaseGracePeriod into TTL/GracePeriod
2015-08-20 18:00:51 -07:00
ae990884a6
Add a validation step in field data to error more quickly vs. allowing panics to happen when we go to get the data and convert it
2015-08-11 12:34:14 -04:00
c40cf7fcdf
logical/framework: handle nil duration value. Fixes #408
2015-07-08 16:55:52 -06:00
4b27e4d8c5
Remove SetLogger, and unify on framework.Setup
2015-06-30 17:45:20 -07:00
e892d728a2
logical/framework: support Salt in PathMap
2015-06-30 14:28:45 -07:00
6b23b14773
logical/framework: adding a new duration type to convert to seconds
2015-06-17 15:56:26 -07:00
f39b522681
logical/framework: allow the lease max to come from existing lease
2015-06-17 14:24:12 -07:00
cfab07b19f
logical/framework: simplify calculation of lease renew
2015-06-17 14:16:44 -07:00
d58512b3f8
logical/framework: Fix help text in PathMap
2015-05-15 07:56:32 +10:00
283e8ccacb
logical/framework: Add delete to PathMap
2015-05-14 22:28:33 +10:00
896f9cd4d3
logical/framework: Add delete to PathStruct
2015-05-14 22:25:30 +10:00
5c63b70eea
logical/framework: PathMap is case insensitive by default
2015-05-11 10:27:04 -07:00
4e861f29bc
credential/github: case insensitive mappings
2015-05-11 10:24:39 -07:00
8ed48191fb
logical/framework: Generate help output even if no synopsis provided
2015-05-07 15:45:43 -07:00
81b12660c5
logical/framework: PathMap allows hyphens in keys [GH-119]
2015-05-02 13:17:42 -07:00
c4a92a276d
logical/framework: Supporting list of path map
2015-04-23 21:44:04 -07:00
cd3fa3be92
logical/framework: more flexible Pathmap and PolicyMap
2015-04-17 09:35:49 -07:00
910bf9c76d
logical/framework: PathStruct
2015-04-17 09:18:21 -07:00
463a32ba56
logical/framework: doc for defaultduration on secret
2015-04-13 20:42:06 -07:00
6272ad75dc
logical/framework: secret lease tests
2015-04-13 15:18:27 -07:00
209b275bfd
logical/framework: allow max session time
2015-04-11 16:41:08 -07:00
33d66f0130
vault: token store allows unlimited renew
2015-04-11 16:28:16 -07:00
d81707a222
logical/framework: more tests
2015-04-11 14:51:00 -07:00
a360ca4928
logical/framework: AuthRenew callback, add LeaseExtend
...
/cc @armon - Going with this "standard library" of callbacks approach
to make extending leases in a customizable way easy. See the docs/tests
above.
2015-04-11 14:46:09 -07:00
f996dcf964
logical: add LeaseOptions.IncrementedLease()
2015-04-10 21:35:17 -07:00
992028e23e
vault: the expiration time should be relative to the issue time
2015-04-10 21:21:06 -07:00
f7dbb6966b
logical: Adding support for renew of Auth
2015-04-10 13:59:49 -07:00
4679febdf3
logical: Refactor LeaseOptions to share between Secret and Auth
2015-04-09 12:14:04 -07:00
569991fcc5
credential/app-id
2015-04-04 18:41:49 -07:00
606b3dbff9
credential/github: improve help
2015-04-04 12:18:33 -07:00
7aee6269f7
vault: pass a logger around to logical backends
2015-04-04 11:39:58 -07:00
8dc9e0e0d5
logical/framework: better string values for types
2015-04-03 21:15:59 -07:00
ec9df0439b
logical/aws: help
2015-04-03 21:10:54 -07:00
246c2839b0
logical/framework: make help look nicer
2015-04-03 21:00:23 -07:00
0bbad03c70
logical/framework: support root help
2015-04-03 20:36:47 -07:00
2e3d6d6a0e
command/help
2015-04-02 22:42:05 -07:00
Jeff Mitchell