Commit Graph

270 Commits

Author SHA1 Message Date
vishalnayak fd8b023655 s/TF_ACC/VAULT_ACC 2016-04-05 15:24:59 -04:00
vishalnayak 95abdebb06 Added AcceptanceTest boolean to logical.TestCase 2016-04-05 15:10:44 -04:00
Jeff Mitchell afae46feb7 SealInterface 2016-04-04 10:44:22 -04:00
vishalnayak ba9b5b8847 Fix SanitizeTTL check 2016-03-16 14:27:01 -04:00
vishalnayak 3861c88211 Accept params both as part of URL or as part of http body 2016-03-14 19:14:36 -04:00
vishalnayak 151c932875 AccessorID --> Accessor, accessor_id --> accessor 2016-03-09 06:23:31 -05:00
vishalnayak 913bbe7693 Error text corrections and minor refactoring 2016-03-08 22:27:24 -05:00
vishalnayak 301776012f Introduced AccessorID in TokenEntry and returning it along with token 2016-03-08 14:06:10 -05:00
Jeff Mitchell 7d41607b6e Add "tidy/" which allows removing expired certificates.
A buffer is used to ensure that we only remove certificates that are
both expired and for which the buffer has past. Options allow removal
from revoked/ and/or certs/.
2016-02-24 21:24:48 -05:00
Jeff Mitchell f9fb20bbe4 Make SanitizeTTL treat an empty string the same as a "0" string.
This causes a 0 TTL to be returned for the value, which is a clue to
other parts of Vault to use appropriate defaults. However, this makes
the defaults be used at lease allocation or extension time instead of
when parsing parameters.
2016-02-18 16:51:36 -05:00
Jeff Mitchell eb1deefac1 Introduce a locking inmem storage for unit tests that are doing concurrent things 2016-02-04 09:40:35 -05:00
Jeff Mitchell 627082b838 Remove grace periods 2016-01-31 19:33:16 -05:00
Jeff Mitchell d5584e12bc invert logic to prefer client increment 2016-01-29 20:02:15 -05:00
Jeff Mitchell 4619473175 Update proposed time 2016-01-29 19:31:37 -05:00
Jeff Mitchell 7353fa3e56 Adjust framework unit tests for new LeaseExtend 2016-01-29 19:31:37 -05:00
Jeff Mitchell f53136ab09 Update LeaseExtend 2016-01-29 19:31:37 -05:00
Jeff Mitchell 12c00b97ef Allow backends to see taint status.
This can be seen via System(). In the PKI backend, if the CA is
reconfigured but not fully (e.g. an intermediate CSR is generated but no
corresponding cert set) and there are already leases (issued certs), the
CRL is unable to be built. As a result revocation fails. But in this
case we don't actually need revocation to be successful since the CRL is
useless after unmounting. By checking taint status we know if we can
simply fast-path out of revocation with a success in this case.

Fixes #946
2016-01-22 17:01:22 -05:00
Jeff Mitchell 8069fa7972 Address some listing review feedback 2016-01-22 10:07:32 -05:00
Jeff Mitchell 5341cb69cc Updates and documentation 2016-01-22 10:07:32 -05:00
Jeff Mitchell f9bbe0fb04 Use logical operations instead of strings for comparison 2016-01-12 21:16:31 -05:00
Jeff Mitchell 9db22dcfad Address some more review feedback 2016-01-12 15:09:16 -05:00
Jeff Mitchell 4f4ddbf017 Create more granular ACL capabilities.
This commit splits ACL policies into more fine-grained capabilities.
This both drastically simplifies the checking code and makes it possible
to support needed workflows that are not possible with the previous
method. It is backwards compatible; policies containing a "policy"
string are simply converted to a set of capabilities matching previous
behavior.

Fixes #724 (and others).
2016-01-08 13:05:14 -05:00
Jeff Mitchell f3ce90164f WriteOperation -> UpdateOperation 2016-01-08 13:03:03 -05:00
Jeff Mitchell 2d8e3b35f2 Revoke permissions before dropping user in postgresql.
Currently permissions are not revoked, which can lead revocation to not
actually work properly. This attempts to revoke all permissions and only
then drop the role.

Fixes issue #699
2015-10-30 11:58:52 -04:00
Jeff Mitchell 35a7f0de22 Add '.' to GenericNameRegex; it cannot appear as the first or last
character. This allows its usage in a number of extra path-based
variables.

Ping #244
2015-10-13 16:04:10 -04:00
Jeff Mitchell c7cec2aabc Add unit tests 2015-10-07 20:17:06 -04:00
Jeff Mitchell 10d24779c0 Rename GetWarnings->Warnings for responses 2015-10-07 16:18:39 -04:00
Jeff Mitchell d740fd4a6a Add the ability for warnings to be added to responses. These are
marshalled into JSON or displayed from the CLI depending on the output
mode. This allows conferring information such as "no such policy exists"
when creating a token -- not an error, but something the user should be
aware of.

Fixes #676
2015-10-07 16:18:39 -04:00
Jeff Mitchell 2091842dca Sort policies when checking for equality 2015-10-06 15:48:25 -04:00
Jeff Mitchell 62ac518ae7 Switch per-mount values to strings going in and seconds coming out, like other commands. Indicate deprecation of 'lease' in the token backend. 2015-09-25 10:41:21 -04:00
Vishal Nayak d526c8ce1c Merge pull request #629 from hashicorp/token-create-sudo
TokenStore: Provide access based on sudo permissions and not policy name
2015-09-21 10:12:29 -04:00
vishalnayak 1a01ab3608 Take ClientToken instead of Policies 2015-09-21 10:04:03 -04:00
Jeff Mitchell ab7d35b95e Fix up per-backend timing logic; also fix error in TypeDurationSecond in
GetOkErr.
2015-09-21 09:55:03 -04:00
vishalnayak 02485e7175 Abstraced SudoPrivilege to take list of policies 2015-09-19 18:23:44 -04:00
vishalnayak a2799b235e Using acl.RootPrivilege and rewrote mockTokenStore 2015-09-19 17:53:24 -04:00
vishalnayak b6d47dd784 fix broken tests 2015-09-19 12:33:52 -04:00
vishalnayak fb77ec3623 TokenStore: Provide access based on sudo permissions and not policy name 2015-09-19 11:14:51 -04:00
Jeff Mitchell b655f6b858 Add HMAC capability to salt. Pass a salt into audit backends. Require it for audit.Hash. 2015-09-18 17:38:22 -04:00
Jeff Mitchell 801e531364 Enhance transit backend:
* Remove raw endpoint from transit
* Add multi-key structure
* Add enable, disable, rewrap, and rotate functionality
* Upgrade functionality, and record creation time of keys in metadata. Add flag in config function to control the minimum decryption version, and enforce that in the decrypt function
* Unit tests for everything
2015-09-18 14:41:05 -04:00
vishalnayak 7f640c4374 Error on violating SysView boundaries 2015-09-17 11:24:46 -04:00
vishalnayak 6a4089b2a8 Vault userpass: Enable renewals for login tokens 2015-09-16 23:55:35 -04:00
Jeff Mitchell 77e7379ab5 Implement the cubbyhole backend
In order to implement this efficiently, I have introduced the concept of
"singleton" backends -- currently, 'sys' and 'cubbyhole'. There isn't
much reason to allow sys to be mounted at multiple places, and there
isn't much reason you'd need multiple per-token storage areas. By
restricting it to just one, I can store that particular mount instead of
iterating through them in order to call the appropriate revoke function.

Additionally, because revocation on the backend needs to be triggered by
the token store, the token store's salt is kept in the router and
client tokens going to the cubbyhole backend are double-salted by the
router. This allows the token store to drive when revocation happens
using its salted tokens.
2015-09-15 13:50:37 -04:00
Jeff Mitchell 104b29ab04 Rename View to StorageView to make it more distinct from SystemView 2015-09-15 13:50:37 -04:00
Lassi Pölönen fb07cf9f53 Implement clean up routine to backend as some backends may require
e.g closing database connections on unmount to avoud connection
stacking.
2015-09-11 11:45:58 +03:00
Jeff Mitchell 39cfcccdac Remove error returns from sysview TTL calls 2015-09-10 15:09:54 -04:00
Jeff Mitchell 488d33c70a Rejig how dynamic values are represented in system view and location of some functions in various packages; create mount-tune command and API analogues; update documentation 2015-09-10 15:09:54 -04:00
Jeff Mitchell 4239f9d243 Add DynamicSystemView. This uses a pointer to a pointer to always have
up-to-date information. This allows remount to be implemented with the
same source and dest, allowing mount options to be changed on the fly.
If/when Vault gains the ability to HUP its configuration, this should
just work for the global values as well.

Need specific unit tests for this functionality.
2015-09-10 15:09:54 -04:00
Jeff Mitchell d435048d9e Switch StaticSystemView values to pointers, to support updating 2015-09-10 15:09:54 -04:00
Jeff Mitchell 696d0c7b1d Plumb per-mount config options through API 2015-09-10 15:09:53 -04:00
Jeff Mitchell 9e5e8a8a4d Whitespace fix 2015-08-27 12:14:51 -07:00
Jeff Mitchell cdabe6350e SystemConfig -> SystemView 2015-08-27 11:38:05 -07:00
Jeff Mitchell b74fa8c888 Make DefaultSystemView StaticSystemView with statically-configured information. Export this from Framework to make it easy to override for testing. 2015-08-27 11:25:07 -07:00
Jeff Mitchell 7c2bbe4c7f Use a SystemView interface and turn SystemConfig into DefaultSystemView 2015-08-27 10:36:44 -07:00
Jeff Mitchell e58553e7d5 Plumb the system configuration information up into framework 2015-08-27 09:41:03 -07:00
Jeff Mitchell 2e07106c4b Add some documentation to SystemConfig 2015-08-27 09:14:03 -07:00
Jeff Mitchell 992e357d07 Add some plumbing to allow specified system configuration information to
be retrieved by logical backends. First implemented is default/max TTL.
2015-08-27 08:51:35 -07:00
Jeff Mitchell 5695d57ba0 Merge pull request #561 from hashicorp/fix-wild-cards
Allow hyphens in endpoint patterns of most backends
2015-08-21 11:40:42 -07:00
vishalnayak 6c2927ede0 Vault: Fix wild card paths for all backends 2015-08-21 00:56:13 -07:00
Jeff Mitchell ea9fbb90bc Rejig Lease terminology internally; also, put a few JSON names back to their original values 2015-08-20 22:27:01 -07:00
Jeff Mitchell 93ef9a54bd Internally refactor Lease/LeaseGracePeriod into TTL/GracePeriod 2015-08-20 18:00:51 -07:00
Jeff Mitchell b57ce8e5c2 Change "lease" parameter in the generic backend to be "ttl" to reduce confusion. "lease" is now deprecated but will remain valid until 0.4.
Fixes #528.
2015-08-20 16:41:25 -07:00
Armon Dadgar 4abc488cec Merge pull request #510 from ctennis/more_descriptive_errors
More descriptive errors with specific HTTP return codes
2015-08-11 10:11:26 -07:00
Caleb Tennis ae990884a6 Add a validation step in field data to error more quickly vs. allowing panics to happen when we go to get the data and convert it 2015-08-11 12:34:14 -04:00
Caleb Tennis 4da080e769 This adds a new error class which can be used by logical backends to
specify more concrete error cases to make their way back up the stack.

Over time there is probably a cleaner way of doing this, but that's
looking like a more massive rewrite and this solves some issues in
the meantime.

Use a CodedError to return a more concrete HTTP return code for
operations you want to do so.  Returning a regular error leaves
the existing behavior in place.
2015-08-10 13:27:25 -04:00
Caleb Tennis 7750af7014 Fix a couple of typos 2015-08-09 15:20:06 -04:00
vishalnayak 4409e704b5 Vault Test: Disabling mlock for logical.testing.Test() 2015-07-31 12:23:50 -04:00
Armon Dadgar c40cf7fcdf logical/framework: handle nil duration value. Fixes #408 2015-07-08 16:55:52 -06:00
Armon Dadgar cf82f4d6d6 logical/testing: Allow factory to be provided instead of Backend 2015-06-30 18:08:43 -07:00
Armon Dadgar 4b27e4d8c5 Remove SetLogger, and unify on framework.Setup 2015-06-30 17:45:20 -07:00
Armon Dadgar 541014e315 logical: remove SetLogger method 2015-06-30 17:39:39 -07:00
Armon Dadgar 5d69e7da90 Updating for backend API change 2015-06-30 17:36:12 -07:00
Armon Dadgar 41b72a4d39 vault: provide view to backend initializer for setup 2015-06-30 17:30:43 -07:00
Armon Dadgar e892d728a2 logical/framework: support Salt in PathMap 2015-06-30 14:28:45 -07:00
Armon Dadgar 6b23b14773 logical/framework: adding a new duration type to convert to seconds 2015-06-17 15:56:26 -07:00
Armon Dadgar f39b522681 logical/framework: allow the lease max to come from existing lease 2015-06-17 14:24:12 -07:00
Armon Dadgar cfab07b19f logical/framework: simplify calculation of lease renew 2015-06-17 14:16:44 -07:00
Armon Dadgar ae02203624 logical: remove IncrementedLease, simplify ExpirationTime calculation 2015-06-17 13:59:09 -07:00
Armon Dadgar 784f17a0a8 logical: Adding special fields to do raw HTTP 2015-05-27 14:09:47 -07:00
Armon Dadgar ba7bfed1af vault: Expose MountPoint to secret backend. Fixes #248 2015-05-27 11:46:42 -07:00
Armon Dadgar 7131f12fee logical/testing: Fixing revoke in acceptance tests. Fixes #236 2015-05-27 11:19:15 -07:00
Jonathan Sokolowski d58512b3f8 logical/framework: Fix help text in PathMap 2015-05-15 07:56:32 +10:00
Jonathan Sokolowski 283e8ccacb logical/framework: Add delete to PathMap 2015-05-14 22:28:33 +10:00
Jonathan Sokolowski 896f9cd4d3 logical/framework: Add delete to PathStruct 2015-05-14 22:25:30 +10:00
Mitchell Hashimoto 5c63b70eea logical/framework: PathMap is case insensitive by default 2015-05-11 10:27:04 -07:00
Mitchell Hashimoto 4e861f29bc credential/github: case insensitive mappings 2015-05-11 10:24:39 -07:00
Armon Dadgar c849aba53a vault: Adding InternalData to Auth 2015-05-09 11:39:54 -07:00
Armon Dadgar 8ed48191fb logical/framework: Generate help output even if no synopsis provided 2015-05-07 15:45:43 -07:00
Mitchell Hashimoto 81b12660c5 logical/framework: PathMap allows hyphens in keys [GH-119] 2015-05-02 13:17:42 -07:00
Mitchell Hashimoto 6287513c30 logical/testing: add return after fatal? 2015-04-28 18:46:56 -07:00
Armon Dadgar c4a92a276d logical/framework: Supporting list of path map 2015-04-23 21:44:04 -07:00
Armon Dadgar af4f9196b8 logical: allow specifying ConnState 2015-04-23 16:36:31 -07:00
Mitchell Hashimoto f7a1b2ced9 credential/app-id: allow restriction by CIDR block [GH-10] 2015-04-17 10:14:39 -07:00
Mitchell Hashimoto e643b48235 credential/app-id: support associating a name with app ID [GH-9] 2015-04-17 10:01:03 -07:00
Mitchell Hashimoto cd3fa3be92 logical/framework: more flexible Pathmap and PolicyMap 2015-04-17 09:35:49 -07:00
Mitchell Hashimoto 910bf9c76d logical/framework: PathStruct 2015-04-17 09:18:21 -07:00
Armon Dadgar 9d2bd2bf29 logical: Adding a DisplayName for operators 2015-04-15 13:56:42 -07:00
Mitchell Hashimoto 463a32ba56 logical/framework: doc for defaultduration on secret 2015-04-13 20:42:06 -07:00
Mitchell Hashimoto 6272ad75dc logical/framework: secret lease tests 2015-04-13 15:18:27 -07:00
Mitchell Hashimoto 209b275bfd logical/framework: allow max session time 2015-04-11 16:41:08 -07:00
Mitchell Hashimoto 33d66f0130 vault: token store allows unlimited renew 2015-04-11 16:28:16 -07:00
Mitchell Hashimoto d81707a222 logical/framework: more tests 2015-04-11 14:51:00 -07:00
Mitchell Hashimoto a360ca4928 logical/framework: AuthRenew callback, add LeaseExtend
/cc @armon - Going with this "standard library" of callbacks approach
to make extending leases in a customizable way easy. See the docs/tests
above.
2015-04-11 14:46:09 -07:00
Mitchell Hashimoto f996dcf964 logical: add LeaseOptions.IncrementedLease() 2015-04-10 21:35:17 -07:00
Mitchell Hashimoto 7139ad427e logical: lease tests 2015-04-10 21:29:03 -07:00
Mitchell Hashimoto 992028e23e vault: the expiration time should be relative to the issue time 2015-04-10 21:21:06 -07:00
Mitchell Hashimoto 2c5ac09b23 logical: note time zone of lease 2015-04-10 20:49:17 -07:00
Armon Dadgar f7dbb6966b logical: Adding support for renew of Auth 2015-04-10 13:59:49 -07:00
Armon Dadgar 5a3ab973e6 vault: Simplify common lease logic 2015-04-09 12:29:13 -07:00
Armon Dadgar 4679febdf3 logical: Refactor LeaseOptions to share between Secret and Auth 2015-04-09 12:14:04 -07:00
Armon Dadgar 7df486482b vault: Adding LeaseIssue for renew to allow limiting maximum lease length 2015-04-09 11:54:32 -07:00
Armon Dadgar 466c7575d3 Replace VaultID with LeaseID for terminology simplification 2015-04-08 13:35:32 -07:00
Mitchell Hashimoto 569991fcc5 credential/app-id 2015-04-04 18:41:49 -07:00
Mitchell Hashimoto 606b3dbff9 credential/github: improve help 2015-04-04 12:18:33 -07:00
Mitchell Hashimoto 7aee6269f7 vault: pass a logger around to logical backends 2015-04-04 11:39:58 -07:00
Mitchell Hashimoto 8dc9e0e0d5 logical/framework: better string values for types 2015-04-03 21:15:59 -07:00
Mitchell Hashimoto ec9df0439b logical/aws: help 2015-04-03 21:10:54 -07:00
Mitchell Hashimoto 246c2839b0 logical/framework: make help look nicer 2015-04-03 21:00:23 -07:00
Mitchell Hashimoto 0bbad03c70 logical/framework: support root help 2015-04-03 20:36:47 -07:00
Armon Dadgar b8d69a357c vault: Use Auth for lease and renewable 2015-04-03 14:04:50 -07:00
Mitchell Hashimoto 2e3d6d6a0e command/help 2015-04-02 22:42:05 -07:00
Armon Dadgar 745bcb951d logical: adding lease to auth 2015-04-02 17:25:22 -07:00
Armon Dadgar faa759ea1d logical/framework: Panic if routing pattern is blank 2015-04-01 22:12:03 -07:00
Armon Dadgar c5a5c6e3a6 logical/framework: automatically anchor 2015-04-01 17:53:02 -07:00
Mitchell Hashimoto 04cf4ef093 logical/framework: add PolicyMap 2015-04-01 15:46:37 -07:00
Mitchell Hashimoto 4e94cf1ace logical/testing: helper to test auth 2015-04-01 15:46:37 -07:00
Mitchell Hashimoto 906f81b588 logical: GoStringer for Auth 2015-04-01 15:46:37 -07:00
Mitchell Hashimoto 5676373742 logical/testing: support unauthenticated requests 2015-04-01 15:46:37 -07:00
Mitchell Hashimoto 83de0fd03d logical/framework: PathMap can get missing things 2015-04-01 15:46:37 -07:00
Mitchell Hashimoto 856f1e854a logical: validation should allow 0 leases 2015-03-31 21:11:23 -07:00
Mitchell Hashimoto 67e4bdf1e4 misc typos 2015-03-31 17:27:04 -07:00
Mitchell Hashimoto af8a9cd2e5 logical/testing: tokens for acceptance tests 2015-03-31 17:26:31 -07:00
Armon Dadgar 0943c2bf45 logical/framework: Added missing case for TypeMap 2015-03-31 16:45:08 -07:00
Armon Dadgar cb66c93a34 logical/framework: Adding TypeMap 2015-03-31 16:45:08 -07:00
Mitchell Hashimoto d4509b0ee3 vault: keep the connection info around for auth 2015-03-30 20:55:01 -07:00
Mitchell Hashimoto c9acfa17cb vault: get rid of HangleLogin 2015-03-30 20:26:39 -07:00
Mitchell Hashimoto 65145cf435 logical: add Redirect to response 2015-03-30 17:56:24 -07:00
Mitchell Hashimoto 62ee621ea3 logical: move cred stuff over here 2015-03-30 17:46:18 -07:00
Mitchell Hashimoto 2c3657f4fe logical: add credential info to logical backend structures 2015-03-30 14:23:32 -07:00
Armon Dadgar cb563b881c logical: Special error for permission denied 2015-03-24 11:23:59 -07:00
Armon Dadgar 4598e43140 vault: Adding ClientToken 2015-03-24 11:09:25 -07:00
Mitchell Hashimoto 27d33ad9f7 logical/framework: auto-extend leases if requested 2015-03-21 16:20:30 +01:00
Mitchell Hashimoto f6d5e3f0f4 logical/testing: immediate rollback, ignore RollbackMinAge 2015-03-21 11:18:33 +01:00
Mitchell Hashimoto 17c58633d6 logical/framework: rollback should return error, easier API 2015-03-21 11:08:13 +01:00
Mitchell Hashimoto a54d90ac1f logical/framework: rollback needs to have access to request for storage 2015-03-21 11:03:59 +01:00
Mitchell Hashimoto 62d9bec8be logical/aws 2015-03-20 19:03:20 +01:00
Mitchell Hashimoto a0f59f682b logical/framework: can specify InternalData for secret 2015-03-20 17:59:48 +01:00
Mitchell Hashimoto d43f395050 logical/testing: rollback/revoke secrets, error dangling secrets 2015-03-20 17:20:55 +01:00
Mitchell Hashimoto c349e97168 vault: clean up VaultID duplications, make secret responses clearer
/cc @armon - This is a reasonably major refactor that I think cleans up
a lot of the logic with secrets in responses. The reason for the
refactor is that while implementing Renew/Revoke in logical/framework I
found the existing API to be really awkward to work with.

Primarily, we needed a way to send down internal data for Vault core to
store since not all the data you need to revoke a key is always sent
down to the user (for example the user than AWS key belongs to).

At first, I was doing this manually in logical/framework with
req.Storage, but this is going to be such a common event that I think
its something core should assist with. Additionally, I think the added
context for secrets will be useful in the future when we have a Vault
API for returning orphaned out keys: we can also return the internal
data that might help an operator.

So this leads me to this refactor. I've removed most of the fields in
`logical.Response` and replaced it with a single `*Secret` pointer. If
this is non-nil, then the response represents a secret. The Secret
struct encapsulates all the lease info and such.

It also has some fields on it that are only populated at _request_ time
for Revoke/Renew operations. There is precedent for this sort of
behavior in the Go stdlib where http.Request/http.Response have fields
that differ based on client/server. I copied this style.

All core unit tests pass. The APIs fail for obvious reasons but I'll fix
that up in the next commit.
2015-03-19 23:11:42 +01:00
Mitchell Hashimoto 8039fc5c63 logical/framework: support renew 2015-03-19 20:20:57 +01:00
Mitchell Hashimoto d4b284fba4 logical/framework: revoke support 2015-03-19 19:41:41 +01:00