Jeff Mitchell
a585f709d3
Understand local when persisting mount tables, to avoid invalidations when not necessary ( #2427 )
2017-03-02 14:37:59 -05:00
Jeff Mitchell
f37b6492d1
More rep porting ( #2391 )
...
* More rep porting
* Add a bit more porting
2017-02-16 23:09:39 -05:00
Jeff Mitchell
2052e406d2
Move router mount back below table persistence
2017-01-17 15:15:28 -05:00
Jeff Mitchell
8e62acbd59
Sync the locking behavior between logical/auth backend ( #2280 )
2017-01-17 13:02:29 -05:00
Jeff Mitchell
9e5d1eaac9
Port some updates
2017-01-06 15:42:18 -05:00
Jeff Mitchell
0ed2dece6d
Don't panic if postUnseal calls preSeal due to audit table never being set up. Also call cleanup funcs on auth backends. ( #2043 )
2016-10-28 15:32:32 -04:00
Jeff Mitchell
f3ab4971a6
Follow Vault convention on DELETE
being idempotent ( #1903 )
...
* Follow Vault convention on `DELETE` being idempotent with
audit/auth/mounts deletes (a.k.a. disabling/unmounting).
2016-09-19 13:02:25 -04:00
Jeff Mitchell
fffee5611a
Rejig locks during unmount/remount. ( #1855 )
2016-09-13 11:50:14 -04:00
vishalnayak
aec05fdf02
Remove the upgrade code to update the mount table from 'aws' to 'aws-ec2'
2016-08-29 11:53:52 -04:00
Jeff Mitchell
58b32e5432
Convert to logxi
2016-08-21 18:13:37 -04:00
vishalnayak
a6907769b0
AppRole authentication backend
2016-07-26 09:32:41 -04:00
vishalnayak
ad7cb2c8f1
Added JSON Decode and Encode helpers.
...
Changed all the occurances of Unmarshal to use the helpers.
Fixed http/ package tests.
2016-07-06 12:25:40 -04:00
vishalnayak
4fea41f7e5
Use entry.Type as a criteria for upgrade
2016-06-01 10:30:11 -04:00
vishalnayak
875778a2d9
Modify just the type and not the path
2016-05-31 23:19:13 -04:00
vishalnayak
55fbfab4fe
Upgrade 'aws' auth table entry to 'aws-ec2'
2016-05-30 18:58:58 -04:00
Jeff Mitchell
a57996ac08
Add to auth/audit too
2016-05-26 13:38:51 -04:00
Jeff Mitchell
417a56c42b
Disable rollback on auth for now and add workaround for its auth/ adding to entry paths
2016-05-25 17:53:45 -04:00
Jeff Mitchell
9c5ad28632
Update deps, and adjust usage of go-uuid to match new return values
2016-01-13 13:40:08 -05:00
Jeff Mitchell
f2da5b639f
Migrate 'uuid' to 'go-uuid' to better fit HC naming convention
2015-12-16 12:56:20 -05:00
Jeff Mitchell
bc4c18a1cf
Rearchitect MountTable locking and fix rollback.
...
The rollback manager was using a saved MountTable rather than the
current table, causing it to attempt to rollback unmounted mounts, and
never rollback new mounts.
In fixing this, it became clear that bad things could happen to the
mount table...the table itself could be locked, but the table pointer
(which is what the rollback manager needs) could be modified at any time
without locking. This commit therefore also returns locking to a mutex
outside the table instead of inside, and plumbs RLock/RUnlock through to
the various places that are reading the table but not holding a write
lock.
Both unit tests and race detection pass.
Fixes #771
2015-11-11 11:54:52 -05:00
Jeff Mitchell
7e9918ec8e
Run preSeal if postUnseal fails.
...
This also ensures that every error path out of postUnseal returns an
error.
Fixes #733
2015-11-02 13:29:33 -05:00
Jeff Mitchell
a9155ef85e
Use split-out hashicorp/uuid
2015-10-12 14:07:12 -04:00
Jeff Mitchell
8f27c250d6
Fix problematic logging statements.
...
Fixes #665 .
2015-10-02 18:31:46 -07:00
Jeff Mitchell
c694c7d31d
Fix situation where a new required singleton backend would not be activated upon upgrade.
2015-09-21 17:54:36 -04:00
Jeff Mitchell
e7d5a18e94
Directly pass the cubbyhole backend to the token store and bypass logic in router
2015-09-15 13:50:37 -04:00
Jeff Mitchell
849b78daee
Move more cubby logic outside of router into auth setup
2015-09-15 13:50:37 -04:00
Jeff Mitchell
77e7379ab5
Implement the cubbyhole backend
...
In order to implement this efficiently, I have introduced the concept of
"singleton" backends -- currently, 'sys' and 'cubbyhole'. There isn't
much reason to allow sys to be mounted at multiple places, and there
isn't much reason you'd need multiple per-token storage areas. By
restricting it to just one, I can store that particular mount instead of
iterating through them in order to call the appropriate revoke function.
Additionally, because revocation on the backend needs to be triggered by
the token store, the token store's salt is kept in the router and
client tokens going to the cubbyhole backend are double-salted by the
router. This allows the token store to drive when revocation happens
using its salted tokens.
2015-09-15 13:50:37 -04:00
Jeff Mitchell
104b29ab04
Rename View to StorageView to make it more distinct from SystemView
2015-09-15 13:50:37 -04:00
Jeff Mitchell
5de736e69c
Implement shallow cloning to allow MountEntry pointers to stay consistent when spread across router/core/system views
2015-09-10 15:09:54 -04:00
Jeff Mitchell
c460ff10ca
Push a lot of logic into Router to make a bunch of it nicer and enable a
...
lot of cleanup. Plumb config and calls to framework.Backend.Setup() into
logical_system and elsewhere, including tests.
2015-09-10 15:09:54 -04:00
Caleb Tennis
688df0be6d
See if this clears build error
2015-08-13 13:17:09 -04:00
Caleb Tennis
323b49f03d
Fix #392 by giving a more specific error
2015-08-11 20:18:52 -04:00
Armon Dadgar
41b72a4d39
vault: provide view to backend initializer for setup
2015-06-30 17:30:43 -07:00
Armon Dadgar
8bc99f8c23
helper/uuid: single generateUUID definition
2015-06-30 12:38:32 -07:00
Armon Dadgar
82eda2b169
vault: Do early check for missing backend
2015-04-03 16:09:06 -07:00
Armon Dadgar
0dee7d29ec
vault: disable credential backend revokes tokens
2015-04-03 16:07:45 -07:00
Armon Dadgar
002b2ad589
vault: Provide salted client token to logical backends
2015-04-03 14:42:39 -07:00
Armon Dadgar
2f3e511507
vault: Allow deep paths for auth mounting
2015-04-03 14:24:00 -07:00
Mitchell Hashimoto
69593cde56
remove credential/ lots of tests faililng
2015-03-30 18:07:05 -07:00
Armon Dadgar
879a0501f8
vault: Track the token store in core
2015-03-23 13:41:05 -07:00
Armon Dadgar
ca44529c9d
vault: Change constant name
2015-03-19 09:56:39 -07:00
Armon Dadgar
d88a41944e
vault: Switch AuthTable to using MountTable
2015-03-19 09:54:57 -07:00
Armon Dadgar
bb8a014b6a
vault: first pass at enable/disable auth backends
2015-03-18 19:36:17 -07:00
Armon Dadgar
8cc88981d6
vault: token store is a credential implementation
2015-03-18 19:11:52 -07:00
Armon Dadgar
421f73d332
vault: Removing mtype from router
2015-03-18 15:48:14 -07:00
Armon Dadgar
b8da9c2ee2
vault: first pass at initializing credential backends
2015-03-18 15:46:07 -07:00
Armon Dadgar
d2d1822931
vault: Adding hooks for auth loading
2015-03-18 15:30:31 -07:00