luxolus/open-vault
2
0
Fork 0
Code Issues 1 Pull requests Releases Activity
3161 commits 1 branch 0 tags 214 MiB
Commit graph

121 commits

Author SHA1 Message Date
vishalnayak 3861c88211 Accept params both as part of URL or as part of http body 2016-03-14 19:14:36 -04:00
vishalnayak 85a888d588 Enable token to be supplied in the body for lookup call 2016-03-14 18:56:00 -04:00
Jeff Mitchell fa2ba47a5c Merge branch 'master' into token-roles 2016-03-09 17:23:34 -05:00
vishalnayak 0c4d5960a9 In-URL accessor for auth/token/lookup-accessor endpoint 2016-03-09 14:54:52 -05:00
vishalnayak 2528ffbc18 Restore old regex expressions for token endpoints 2016-03-09 14:08:52 -05:00
vishalnayak f478cc57e0 fix all the broken tests 2016-03-09 13:45:36 -05:00
vishalnayak 007142262f Provide accessor to revove-accessor in the URL itself 2016-03-09 13:08:37 -05:00
Jeff Mitchell 2ecdde1781 Address final feedback 2016-03-09 11:59:54 -05:00
vishalnayak c4a2c5b56e Added tests for 'sys/capabilities-accessor' endpoint 2016-03-09 11:29:09 -05:00
Jeff Mitchell 4785bec59d Address review feedback 2016-03-09 11:07:13 -05:00
Jeff Mitchell 2e07f45bfa Use role's allowed policies if none are given 2016-03-09 10:42:04 -05:00
vishalnayak 926e7513d7 Added docs for /sys/capabilities-accessor 2016-03-09 09:48:32 -05:00
vishalnayak 7407c27778 Add docs for new token endpoints 2016-03-09 09:31:09 -05:00
vishalnayak 6a992272cd New prefix for accessor indexes 2016-03-09 09:09:09 -05:00
vishalnayak 151c932875 AccessorID --> Accessor, accessor_id --> accessor 2016-03-09 06:23:31 -05:00
vishalnayak 913bbe7693 Error text corrections and minor refactoring 2016-03-08 22:27:24 -05:00
vishalnayak 62777c9f7e ErrUserInput --> StatusBadRequest 2016-03-08 21:47:24 -05:00
vishalnayak 2737c81b39 Lay the foundation for returning proper HTTP status codes 2016-03-08 18:27:03 -05:00
vishalnayak 8c6afea1d0 Implemented /auth/token/revoke-accessor in token_store 2016-03-08 18:07:27 -05:00
vishalnayak a7adab25bc Implemented lookup-accessor as a token_store endpoint 2016-03-08 17:38:19 -05:00
vishalnayak f19ee68fdb placeholders for revoke-accessor and lookup-accessor 2016-03-08 15:13:29 -05:00
vishalnayak a7c97fcd18 Clear the accessor index during revocation 2016-03-08 14:06:10 -05:00
vishalnayak c0fb69a8b1 Create indexing from Accessor ID to Token ID 2016-03-08 14:06:10 -05:00
vishalnayak 301776012f Introduced AccessorID in TokenEntry and returning it along with token 2016-03-08 14:06:10 -05:00
Jeff Mitchell 6b0f79f499 Address review feedback 2016-03-07 10:07:04 -05:00
Jeff Mitchell cc1f5207b3 Merge branch 'master' into token-roles 2016-03-07 10:03:54 -05:00
vishalnayak da9152169b changed response of expiration manager's renewtoken to logical.response 2016-03-04 14:56:51 -05:00
Jeff Mitchell 41dba5dd5d Move descriptions into const block 2016-03-03 11:04:05 -05:00
Jeff Mitchell 7c5f810bc0 Address first round of feedback 2016-03-01 15:30:37 -05:00
Jeff Mitchell 8a500e0181 Add command and token store documentation for roles 2016-03-01 13:02:40 -05:00
Jeff Mitchell 54232eb980 Add other token role unit tests and some minor other changes. 2016-03-01 12:41:41 -05:00
Jeff Mitchell df2e337e4c Update tests to add expected role parameters 2016-03-01 12:41:40 -05:00
Jeff Mitchell b8b59560dc Add token role CRUD tests 2016-03-01 12:41:40 -05:00
Jeff Mitchell ef990a3681 Initial work on token roles 2016-03-01 12:41:40 -05:00
vishalnayak bc4710eb06 Cert: renewal enhancements 2016-02-24 14:31:38 -05:00
Jeff Mitchell ff3adce39e Make "ttl" reflect the actual TTL of the token in lookup calls. 
Add a new value "creation_ttl" which holds the value at creation time.

Fixes #986
 2016-02-01 11:16:32 -05:00
Jeff Mitchell d3a705f17b Make backends much more consistent: 
1) Use the new LeaseExtend
2) Use default values controlled by mount tuning/system defaults instead
of a random hard coded value
3) Remove grace periods
 2016-01-29 20:03:37 -05:00
Jeff Mitchell 9c5ad28632 Update deps, and adjust usage of go-uuid to match new return values 2016-01-13 13:40:08 -05:00
Jeff Mitchell a99787afeb Don't allow a policy with no name, even though it is a valid slice member 2016-01-08 21:23:40 -05:00
Jeff Mitchell f3ce90164f WriteOperation -> UpdateOperation 2016-01-08 13:03:03 -05:00
Jeff Mitchell d51d723c1f Use int64 for converting time values, not int (will be float64 in JSON anyways, so no need to lose precision, plus could hit a 32-bit max in some edge cases) 2016-01-04 17:11:22 -05:00
Jeff Mitchell e990b77d6e Address review feedback; move storage of these values to the expiration manager 2016-01-04 16:43:07 -05:00
Jeff Mitchell 5ddd243144 Store a last renewal time in the token entry and return it upon lookup 
of the token.

Fixes #889
 2016-01-04 11:20:49 -05:00
Jeff Mitchell df68e3bd4c Filter out duplicate policies during token creation. 2015-12-30 15:18:30 -05:00
Jeff Mitchell f2da5b639f Migrate 'uuid' to 'go-uuid' to better fit HC naming convention 2015-12-16 12:56:20 -05:00
Jeff Mitchell 1a45696208 Add no-default-policy flag and API parameter to allow exclusion of the 
default policy from a token create command.
 2015-11-09 17:30:50 -05:00
Jeff Mitchell d6693129de Create a "default" policy with sensible rules. 
It is forced to be included with each token, but can be changed (but not
deleted).

Fixes #732
 2015-11-09 15:44:09 -05:00
Jeff Mitchell 5783f547ab Display whether a token is an orphan on lookup. 2015-11-09 13:19:59 -05:00
Jeff Mitchell 7aa3faa626 Rename core's 'policy' to 'policyStore' for clarification 2015-11-06 12:07:42 -05:00
Jeff Mitchell 7d8371c4a3 Remove warning about nonexistent root policy by using GetPolicy instead 
of the listing function.
 2015-11-06 11:36:40 -05:00