luxolus/open-vault
2
0
Fork 0
Code Issues 1 Pull requests Releases Activity
16779 commits 1 branch 0 tags 214 MiB
Commit graph

144 commits

Author SHA1 Message Date
Jeff Mitchell 636d57a026 Make the token store's Create and RootToken functions non-exported. 
Nothing requires them to be exported, and I don't want anything in the
future to think it's okay to simply create a root token when it likes.
 2015-10-30 10:59:26 -04:00
Jeff Mitchell a9155ef85e Use split-out hashicorp/uuid 2015-10-12 14:07:12 -04:00
Jeff Mitchell c460ff10ca Push a lot of logic into Router to make a bunch of it nicer and enable a 
lot of cleanup. Plumb config and calls to framework.Backend.Setup() into
logical_system and elsewhere, including tests.
 2015-09-10 15:09:54 -04:00
Jeff Mitchell ea9fbb90bc Rejig Lease terminology internally; also, put a few JSON names back to their original values 2015-08-20 22:27:01 -07:00
Jeff Mitchell 93ef9a54bd Internally refactor Lease/LeaseGracePeriod into TTL/GracePeriod 2015-08-20 18:00:51 -07:00
Armon Dadgar 8bc99f8c23 helper/uuid: single generateUUID definition 2015-06-30 12:38:32 -07:00
Armon Dadgar e2b0f5dae8 vault: improve lease error message. Fixes #338 2015-06-18 15:37:08 -07:00
Armon Dadgar c849aba53a vault: Adding InternalData to Auth 2015-05-09 11:39:54 -07:00
Seth Vargo f17d65507f Use UTC in tests 2015-04-28 22:18:00 -04:00
Seth Vargo 95c8001388 Disable mlock in tests 2015-04-28 22:18:00 -04:00
Mitchell Hashimoto eef1a10e8e vault: fix more test race conditions 2015-04-28 19:17:45 -07:00
Mitchell Hashimoto 992028e23e vault: the expiration time should be relative to the issue time 2015-04-10 21:21:06 -07:00
Armon Dadgar 1e2863e2b8 vault: remove unused RevokeAll method 2015-04-10 14:59:49 -07:00
Armon Dadgar b10fbc4d83 vault: Adding token based revocation 2015-04-10 14:48:08 -07:00
Armon Dadgar 39c51ede2e vault: testing renewAuthEntry 2015-04-10 14:07:06 -07:00
Armon Dadgar 13836e8612 vault: groundwork to allow auth renew 2015-04-10 13:59:49 -07:00
Armon Dadgar 4679febdf3 logical: Refactor LeaseOptions to share between Secret and Auth 2015-04-09 12:14:04 -07:00
Armon Dadgar 7df486482b vault: Adding LeaseIssue for renew to allow limiting maximum lease length 2015-04-09 11:54:32 -07:00
Armon Dadgar 82c5d9c478 vault: Enforce non-renewability 2015-04-08 17:03:46 -07:00
Armon Dadgar 429ad7e5cb vault: Handle auth entry without lease 2015-04-08 15:43:26 -07:00
Armon Dadgar 466c7575d3 Replace VaultID with LeaseID for terminology simplification 2015-04-08 13:35:32 -07:00
Armon Dadgar 493ee49e4d vault: unify the token renew response 2015-04-06 16:35:39 -07:00
Armon Dadgar 002b2ad589 vault: Provide salted client token to logical backends 2015-04-03 14:42:39 -07:00
Armon Dadgar adaa83b48c vault: Adding RenewToken to expiration manager 2015-04-03 11:58:10 -07:00
Armon Dadgar c82fbbb8c3 vault: Support prefix based token revocation 2015-04-03 11:40:08 -07:00
Armon Dadgar 1b19a8ee1b vault: Rename RegisterLogin to RegisterAuth 2015-04-02 17:45:42 -07:00
Mitchell Hashimoto 69593cde56 remove credential/ lots of tests faililng 2015-03-30 18:07:05 -07:00
Armon Dadgar 6fd3cae2c2 vault: Adding auth/token/create endpoint 2015-03-24 15:10:46 -07:00
Armon Dadgar 65ef4f1032 vault: wire tokens into expiration manager 2015-03-23 18:11:15 -07:00
Armon Dadgar 86c9bd9083 vault: Give expiration manager a token store reference 2015-03-23 18:00:14 -07:00
Mitchell Hashimoto c349e97168 vault: clean up VaultID duplications, make secret responses clearer 
/cc @armon - This is a reasonably major refactor that I think cleans up
a lot of the logic with secrets in responses. The reason for the
refactor is that while implementing Renew/Revoke in logical/framework I
found the existing API to be really awkward to work with.

Primarily, we needed a way to send down internal data for Vault core to
store since not all the data you need to revoke a key is always sent
down to the user (for example the user than AWS key belongs to).

At first, I was doing this manually in logical/framework with
req.Storage, but this is going to be such a common event that I think
its something core should assist with. Additionally, I think the added
context for secrets will be useful in the future when we have a Vault
API for returning orphaned out keys: we can also return the internal
data that might help an operator.

So this leads me to this refactor. I've removed most of the fields in
`logical.Response` and replaced it with a single `*Secret` pointer. If
this is non-nil, then the response represents a secret. The Secret
struct encapsulates all the lease info and such.

It also has some fields on it that are only populated at _request_ time
for Revoke/Renew operations. There is precedent for this sort of
behavior in the Go stdlib where http.Request/http.Response have fields
that differ based on client/server. I copied this style.

All core unit tests pass. The APIs fail for obvious reasons but I'll fix
that up in the next commit.
 2015-03-19 23:11:42 +01:00
Mitchell Hashimoto 8039fc5c63 logical/framework: support renew 2015-03-19 20:20:57 +01:00
Armon Dadgar 421f73d332 vault: Removing mtype from router 2015-03-18 15:48:14 -07:00
Armon Dadgar 5f1e3e5986 vault: Testing restore 2015-03-16 15:11:47 -07:00
Armon Dadgar 703bcd8190 vault: Testing revoke and renew 2015-03-16 15:11:47 -07:00
Armon Dadgar b203c27326 vault: testing internal expiration manager methods 2015-03-16 15:11:47 -07:00
Armon Dadgar 11552f132b vault: testing expiration manager persistence 2015-03-16 15:11:46 -07:00
Armon Dadgar e85cd66b30 all: Removing fields from Lease 2015-03-16 13:29:51 -07:00
Armon Dadgar bdfa320e01 vault: First pass at expiration manager 2015-03-16 11:35:43 -07:00
Mitchell Hashimoto 12b12e578c vault: fix merge conflict + pass tests 2015-03-15 19:38:23 -07:00
Mitchell Hashimoto d1d1929192 vault: convert to logical.Request and friends 2015-03-15 14:53:41 -07:00
Armon Dadgar 9d5db1286d vault: Track the renew time 2015-03-13 11:36:24 -07:00
Armon Dadgar f0d00e77ec vault: Adding start/stop to expiration manager 2015-03-13 11:31:43 -07:00
Armon Dadgar 5ce63ea7cd vault: Adding lease registration 2015-03-13 10:56:03 -07:00