Jeff Mitchell
1db6808912
Construct token path from request to fix displaying TTLs when using
...
create-orphan.
2016-04-07 15:45:38 +00:00
Jeff Mitchell
2fd02b8dca
Remove auth/token/revoke-prefix in favor of sys/revoke-prefix.
2016-03-31 18:04:05 -04:00
Jeff Mitchell
7442867d53
Check for auth/ in the path of the prefix for revoke-prefix in the token
...
store.
2016-03-31 16:21:56 -04:00
Jeff Mitchell
fa2ba47a5c
Merge branch 'master' into token-roles
2016-03-09 17:23:34 -05:00
vishalnayak
0c4d5960a9
In-URL accessor for auth/token/lookup-accessor endpoint
2016-03-09 14:54:52 -05:00
vishalnayak
f478cc57e0
fix all the broken tests
2016-03-09 13:45:36 -05:00
vishalnayak
007142262f
Provide accessor to revove-accessor in the URL itself
2016-03-09 13:08:37 -05:00
vishalnayak
3b302817e5
Added tests for lookup-accessor and revoke-accessor endpoints
2016-03-09 12:50:26 -05:00
Jeff Mitchell
2ecdde1781
Address final feedback
2016-03-09 11:59:54 -05:00
Jeff Mitchell
7c5f810bc0
Address first round of feedback
2016-03-01 15:30:37 -05:00
Jeff Mitchell
54232eb980
Add other token role unit tests and some minor other changes.
2016-03-01 12:41:41 -05:00
Jeff Mitchell
df2e337e4c
Update tests to add expected role parameters
2016-03-01 12:41:40 -05:00
Jeff Mitchell
b8b59560dc
Add token role CRUD tests
2016-03-01 12:41:40 -05:00
Jeff Mitchell
ff3adce39e
Make "ttl" reflect the actual TTL of the token in lookup calls.
...
Add a new value "creation_ttl" which holds the value at creation time.
Fixes #986
2016-02-01 11:16:32 -05:00
Jeff Mitchell
b2bde47b01
Pull out setting the root token ID; use the new ParseUUID method in
...
go-uuid instead, and revoke if there is an error.
2016-01-19 19:44:33 -05:00
Jeff Mitchell
3b994dbc7f
Add the ability to generate root tokens via unseal keys.
2016-01-19 18:28:10 -05:00
Jeff Mitchell
9c5ad28632
Update deps, and adjust usage of go-uuid to match new return values
2016-01-13 13:40:08 -05:00
Jeff Mitchell
f3ce90164f
WriteOperation -> UpdateOperation
2016-01-08 13:03:03 -05:00
Jeff Mitchell
d51d723c1f
Use int64 for converting time values, not int (will be float64 in JSON anyways, so no need to lose precision, plus could hit a 32-bit max in some edge cases)
2016-01-04 17:11:22 -05:00
Jeff Mitchell
e990b77d6e
Address review feedback; move storage of these values to the expiration manager
2016-01-04 16:43:07 -05:00
Jeff Mitchell
5ddd243144
Store a last renewal time in the token entry and return it upon lookup
...
of the token.
Fixes #889
2016-01-04 11:20:49 -05:00
Jeff Mitchell
df68e3bd4c
Filter out duplicate policies during token creation.
2015-12-30 15:18:30 -05:00
Jeff Mitchell
f2da5b639f
Migrate 'uuid' to 'go-uuid' to better fit HC naming convention
2015-12-16 12:56:20 -05:00
Jeff Mitchell
1a45696208
Add no-default-policy flag and API parameter to allow exclusion of the
...
default policy from a token create command.
2015-11-09 17:30:50 -05:00
Jeff Mitchell
5783f547ab
Display whether a token is an orphan on lookup.
2015-11-09 13:19:59 -05:00
Jeff Mitchell
6ccded7a2f
Add ability to create orphan tokens from the API
2015-11-03 15:12:21 -05:00
Jeff Mitchell
636d57a026
Make the token store's Create and RootToken functions non-exported.
...
Nothing requires them to be exported, and I don't want anything in the
future to think it's okay to simply create a root token when it likes.
2015-10-30 10:59:26 -04:00
Jeff Mitchell
a9155ef85e
Use split-out hashicorp/uuid
2015-10-12 14:07:12 -04:00
Jeff Mitchell
4a52de13e3
Add renew-self endpoint.
...
Fixes #455 .
2015-10-07 12:49:13 -04:00
Jeff Mitchell
ca50012017
Format token lease/TTL as int in JSON API when looking up
2015-09-27 22:36:36 -04:00
Jeff Mitchell
62ac518ae7
Switch per-mount values to strings going in and seconds coming out, like other commands. Indicate deprecation of 'lease' in the token backend.
2015-09-25 10:41:21 -04:00
Vishal Nayak
d526c8ce1c
Merge pull request #629 from hashicorp/token-create-sudo
...
TokenStore: Provide access based on sudo permissions and not policy name
2015-09-21 10:12:29 -04:00
vishalnayak
a2799b235e
Using acl.RootPrivilege and rewrote mockTokenStore
2015-09-19 17:53:24 -04:00
vishalnayak
b6d47dd784
fix broken tests
2015-09-19 12:33:52 -04:00
Jeff Mitchell
d775445efe
Store token creation time and TTL. This can be used to properly populate
...
fields in 'lookup-self'. Importantly, this also makes credential
backends use the SystemView per-backend TTL values and fixes unit tests
to expect this.
Fully fixes #527
2015-09-18 16:39:35 -04:00
Jeff Mitchell
8f79e8be82
Add revoke-self endpoint.
...
Fixes #620 .
2015-09-17 13:22:30 -04:00
Jeff Mitchell
047ba90a44
Restrict orphan revocation to root tokens
2015-09-16 09:22:15 -04:00
Jeff Mitchell
c460ff10ca
Push a lot of logic into Router to make a bunch of it nicer and enable a
...
lot of cleanup. Plumb config and calls to framework.Backend.Setup() into
logical_system and elsewhere, including tests.
2015-09-10 15:09:54 -04:00
Jeff Mitchell
93ef9a54bd
Internally refactor Lease/LeaseGracePeriod into TTL/GracePeriod
2015-08-20 18:00:51 -07:00
Armon Dadgar
ffeb6ea76c
vault: allow increment to be duration string. Fixes #340
2015-06-17 15:58:20 -07:00
Armon Dadgar
ae421f75b7
vault: fixing issues with token renewal
2015-06-17 14:28:13 -07:00
Armon Dadgar
538c795f9b
vault: Adding method to consume a limited use token
2015-04-17 11:51:04 -07:00
Armon Dadgar
fd3948d476
vault: Tokens can have a use count specified
2015-04-17 11:34:25 -07:00
Armon Dadgar
818ce0a045
vault: token store allows specifying display_name
2015-04-15 14:24:07 -07:00
Mitchell Hashimoto
5eff7f1b57
vault: upper bound on test
2015-04-10 21:22:17 -07:00
Mitchell Hashimoto
992028e23e
vault: the expiration time should be relative to the issue time
2015-04-10 21:21:06 -07:00
Armon Dadgar
a6d974c74e
vault: revoking a token should revoke all secrets it has generated
2015-04-10 15:12:04 -07:00
Armon Dadgar
1e2863e2b8
vault: remove unused RevokeAll method
2015-04-10 14:59:49 -07:00
Armon Dadgar
13836e8612
vault: groundwork to allow auth renew
2015-04-10 13:59:49 -07:00
Armon Dadgar
4679febdf3
logical: Refactor LeaseOptions to share between Secret and Auth
2015-04-09 12:14:04 -07:00
Armon Dadgar
82c5d9c478
vault: Enforce non-renewability
2015-04-08 17:03:46 -07:00
Mitchell Hashimoto
9378d0388a
vault: token store inehrits policies by default
2015-04-07 14:19:52 -07:00
Armon Dadgar
493ee49e4d
vault: unify the token renew response
2015-04-06 16:35:39 -07:00
Armon Dadgar
b8d69a357c
vault: Use Auth for lease and renewable
2015-04-03 14:04:50 -07:00
Armon Dadgar
2feba52f40
vault: Adding auth/token/renew endpoint
2015-04-03 12:11:49 -07:00
Armon Dadgar
c82fbbb8c3
vault: Support prefix based token revocation
2015-04-03 11:40:08 -07:00
Mitchell Hashimoto
1dcb37c6b6
vault: lookup-self for TokenStore to look up your own store
2015-03-31 12:51:00 -07:00
Mitchell Hashimoto
63f259cc8d
vault: lookup without a token looks up self
2015-03-31 12:50:07 -07:00
Mitchell Hashimoto
6a72ea61d5
vault: convert TokenStore to logical/framework
2015-03-31 12:48:19 -07:00
Mitchell Hashimoto
c9acfa17cb
vault: get rid of HangleLogin
2015-03-30 20:26:39 -07:00
Mitchell Hashimoto
e9a3a34c27
vault: tests passing
2015-03-29 16:18:08 -07:00
Armon Dadgar
23864839bb
vault: testing root privilege restrictions
2015-03-24 15:52:07 -07:00
Armon Dadgar
b354f03cb2
vault: adding auth/token/lookup/ support
2015-03-24 15:39:33 -07:00
Armon Dadgar
4a4d1d3e45
vault: adding auth/token/revoke/ and auth/token/revoke-orphan/
2015-03-24 15:30:09 -07:00
Armon Dadgar
26f05f7a20
vault: Passthrough of client token to token store
2015-03-24 15:12:52 -07:00
Armon Dadgar
6fd3cae2c2
vault: Adding auth/token/create endpoint
2015-03-24 15:10:46 -07:00
Armon Dadgar
b5332404d1
vault: Allow providing token ID during creation
2015-03-24 14:22:50 -07:00
Armon Dadgar
cd3ee5cc03
vault: Remove core reference
2015-03-23 17:29:36 -07:00
Armon Dadgar
3607eae208
vault: Adding method to generate root token
2015-03-23 17:16:37 -07:00
Armon Dadgar
56d99fe580
vault: token tracks generation path and meta data
2015-03-23 13:39:43 -07:00
Armon Dadgar
8cc88981d6
vault: token store is a credential implementation
2015-03-18 19:11:52 -07:00
Armon Dadgar
481a3a2a91
vault: testing token revocation
2015-03-18 13:50:36 -07:00
Armon Dadgar
ded5dc71e9
vault: First pass token store
2015-03-18 13:19:19 -07:00