Commit Graph

161 Commits

Author SHA1 Message Date
Michael Golowka 9c3e4daa33
Improve error outputs (#8740)
Makes "ldap operation failed" error messages a little more useful. Also
makes the errors unique so it's easier to debug where an error is coming
from when one occurs.
2020-04-14 14:08:07 -06:00
Jorge Heleno a9e864f5e3
Add LDAP anonymous group search and client certs (#8365) 2020-03-06 10:27:09 -08:00
Michel Vocks 985acc4ce5
Fix ldap client upndomain (#8333) 2020-02-14 10:26:30 -08:00
Calvin Leung Huang 67c0773df9
ldap, okta: fix renewal when login policies are empty (#8072)
* ldap, okta: fix renewal when login policies are empty

* test/policy: add test for login renewal without configured policy

* test/policy: remove external dependency on tests, refactor lease duration check
2020-01-16 09:42:35 -08:00
Calvin Leung Huang 7009dcc432
sdk/ldaputil: add request_timeout configuration option (#7909)
* sdk/ldaputil: add request_timeout configuration option

* go mod vendor
2019-11-20 11:26:13 -08:00
ncabatoff 13c00dfa38
Use docker instead of an external LDAP server that sometimes goes down (#7522) 2019-10-22 13:37:41 -04:00
Madalyn 977af116c8 Enable generated items for more auth methods (#7513)
* enable auth method item configuration in go code

* properly parse and list generated items

* make sure we only set name on attrs if a label comes from openAPI

* correctly construct paths object for method index route

* set sensitive property on password for userpass

* remove debugger statements

* pass method model to list route template to use paths on model for tabs

* update tab generation in generated item list, undo enabling userpass users

* enable openapi generated itams for certs and userpass, update ldap to no longer have action on list endpoint

* add editType to DisplayAttributes, pull tokenutil fields into field group

* show sensitive message for sensitive fields displayed in fieldGroupShow component

* grab sensitive and editType fields from displayAttrs in openapi-to-attrs util

* make sure we don't ask for paths for secret backends since that isn't setup yet

* fix styling of sensitive text for fieldGroupShow component

* update openapi-to-attrs util test to no longer include label by default, change debugger to console.err in path-help, remove dynamic ui auth methods from tab count test

* properly log errors to the console

* capitalize This value is sensitive...

* get rid of extra padding on bottom of fieldgroupshow

* make auth methods clickable and use new confirm ux

* Update sdk/framework/path.go

Co-Authored-By: Jim Kalafut <jkalafut@hashicorp.com>

* Update sdk/framework/path.go

Co-Authored-By: Jim Kalafut <jkalafut@hashicorp.com>

* add whitespace

* return intErr instead of err

* uncomment out helpUrl because we need it

* remove extra box class

* use const instead of let

* remove extra conditional since we already split the pathName later on

* ensure we request the correct url when listing generated items

* use const

* link to list and show pages

* remove dead code

* show nested item name instead of id

* add comments

* show tooltip for text-file inputs

* fix storybook

* remove extra filter

* add TODOs

* add comments

* comment out unused variables but leave them in function signature

* only link to auth methods that can be fully managed in the ui

* clean up comments

* only render tooltip if there is helpText

* rename id authMethodPath

* remove optionsForQuery since we don't need it

* add indentation

* standardize ConfirmMessage and show model name instead of id when editing

* standardize ConfirmMessage and show model name instead of id when editing

* add comments

* post to the correct updateUrl so we can edit users and groups

* use pop instead of slice

* add TODO for finding a better way to store ids

* ensure ids are handled the same way on list and show pages; fix editing and deleting

* add comment about difference between list and show urls

* use model.id instead of name since we do not need it

* remove dead code

* ensure list pages have page headers

* standardize using authMethodPath instead of method and remove dead code

* i love indentation

* remove more dead code

* use new Confirm

* show correct flash message when deleting an item

* update flash message for creating and updating

* use plus icon for creating group/user instead of an arrow
2019-10-17 16:19:14 -07:00
Jeff Mitchell 8cec74e256 Fix tests 2019-07-29 17:40:04 -04:00
Jeff Mitchell 022eaf1f5d
Port LDAP getCN changes to 1.2 branch (#7209) 2019-07-29 15:43:34 -04:00
Sam Salisbury e211a081ce
ci: remove travis config + all refs (#7122) 2019-07-25 11:10:31 +01:00
Jeff Mitchell dbb25cfae4
Add req.Connection check in front of bound cidrs (#7163) 2019-07-22 12:44:34 -04:00
Jeff Mitchell e36f626e75 Fix import cycle 2019-07-02 21:01:34 -04:00
Jeff Mitchell 7b672fee99
Add bound cidr checking at login time for remaining auths (#7046) 2019-07-02 17:44:38 -04:00
Jeff Mitchell 81770a4fe5 Fix some missing Period statements in recently tokenutilified auth method renewal funcs 2019-07-01 19:36:27 -04:00
Madalyn 910f615bf5
UI: Clean up Dynamic UI for CRUD (#6994) 2019-07-01 16:35:18 -04:00
Jeff Mitchell 4e226a7c0e
Tokenutilize ldap (#7036) 2019-07-01 16:16:23 -04:00
Madalyn a2606ddccf
update OpenAPI output to use DisplayAttributes struct (#6928) 2019-06-21 11:08:08 -04:00
Jim Kalafut 6d08c94866
Update LDAP "groups" parameter to use TypeCommaStringSlice (#6942)
No functional change, but the updated type plays nicer with the
OpenAPI-driven UI.
2019-06-20 15:36:54 -07:00
Jim Kalafut 8bc9fa4583
Fix Okta auth to allow group names containing slashes (#6665)
This PR also adds CollectKeysPrefix which allows a more memory efficient
key scan for those cases where the result is immediately filtered by
prefix.
2019-05-01 14:56:18 -07:00
Jeff Mitchell 213b9fd1cf Update to api 1.0.1 and sdk 0.1.8 2019-04-15 14:10:07 -04:00
Jeff Mitchell 9ebc57581d
Switch to go modules (#6585)
* Switch to go modules

* Make fmt
2019-04-13 03:44:06 -04:00
Jeff Mitchell 28e2ce8577 Fix build breakages 2019-04-12 22:01:13 -04:00
Jeff Mitchell 80c303ac83 Move ldaputil and tlsutil over to sdk 2019-04-12 18:26:54 -04:00
Jeff Mitchell a1796b3ece Move password to sdk 2019-04-12 18:12:13 -04:00
Jeff Mitchell 8d6ce1ffb5 Move policyutil to sdk 2019-04-12 18:08:46 -04:00
Jeff Mitchell 8bcb533a1b
Create sdk/ and api/ submodules (#6583) 2019-04-12 17:54:35 -04:00
Martin 1b9327fe3f Fix inverted description for ldap/users$ and ldap/groups$ endpoints (#6406) 2019-03-13 11:02:45 -07:00
Jeff Mitchell 2f9a7c6203
Add more perf standby guards (#6149) 2019-02-01 16:56:57 -05:00
Jeff Mitchell bbc1d53a5d Revert "Refactor common token fields and operations into a helper (#5953)"
This reverts commit 66c226c593bb1cd48cfd8364ac8510cb42b7d67a.
2019-02-01 11:23:40 -05:00
Jeff Mitchell 85a560abba
Refactor common token fields and operations into a helper (#5953) 2019-01-30 16:23:28 -05:00
Jim Kalafut d0e2badbae Run goimports across the repository (#6010)
The result will still pass gofmtcheck and won't trigger additional
changes if someone isn't using goimports, but it will avoid the
piecemeal imports changes we've been seeing.
2019-01-08 16:48:57 -08:00
Becca Petrin 7bd22e6779
Run all builtins as plugins (#5536) 2018-11-06 17:21:24 -08:00
Vishal Nayak 4c8aa842ad
Return absolute paths while listing in LDAP backend (#5537) 2018-10-17 14:56:51 -07:00
Becca Petrin 937cfff21a
Make builtin auth and secret plugins buildable (#5456) 2018-10-09 09:29:20 -07:00
Jeff Mitchell d144f2935e Two-pronged fix for renew policy checking (#4960)
1) In backends, ensure they are now using TokenPolicies
2) Don't reassign auth.Policies until after expmgr registration as we
don't need them at that point

Fixes #4829
2018-07-24 12:03:11 -07:00
Calvin Leung Huang ac4be8d44d Do not fail login if no policies are mapped to the user or group (#4798)
* Do not fail login if no policies are mapped to the user or group

* Remove debug line

* Remove restriction in radius
2018-06-19 23:00:22 -04:00
Jeff Mitchell 0138351ea4
Return generic messages if pre-login ldap operations fail (#4700)
This avoids leaking any information about valid usernames.
2018-06-05 11:23:10 -04:00
Jeff Mitchell c4b53bc805 Block travis from running ldap tests as the test server is often failing 2018-05-30 08:46:25 -04:00
Becca Petrin 4c1d8013f3
move fields and field parsing to helper (#4603) 2018-05-21 17:04:26 -07:00
Becca Petrin 910925457f
Move LDAP client and config code to helper (#4532) 2018-05-10 14:12:42 -07:00
Becca Petrin da1cfb86e9 run make fmt 2018-04-11 14:25:09 -07:00
Becca Petrin dab933ccaf deviate from snake case 2018-04-11 13:03:33 -07:00
Becca Petrin fcfe036e60 fix 2 minor struct tag issues 2018-04-10 16:11:44 -07:00
Becca Petrin abb621752f Clean up error string formatting (#4304) 2018-04-09 14:35:21 -04:00
Vishal Nayak 28e3eb9e2c
Errwrap everywhere (#4252)
* package api

* package builtin/credential

* package builtin/logical

* package command

* package helper

* package http and logical

* package physical

* package shamir

* package vault

* package vault

* address feedback

* more fixes
2018-04-05 11:49:21 -04:00
Chris Hoffman a7ada08b3b
Core handling of TTLs (#4230)
* govet cleanup in token store

* adding general ttl handling to login requests

* consolidating TTL calculation to system view

* deprecate LeaseExtend

* deprecate LeaseExtend

* set the increment to the correct value

* move calculateTTL out of SystemView

* remove unused value

* add back clearing of lease id

* implement core ttl in some backends

* removing increment and issue time from lease options

* adding ttl tests, fixing some compile issue

* adding ttl tests

* fixing some explicit max TTL logic

* fixing up some tests

* removing unneeded test

* off by one errors...

* adding back some logic for bc

* adding period to return on renewal

* tweaking max ttl capping slightly

* use the appropriate precision for ttl calculation

* deprecate proto fields instead of delete

* addressing feedback

* moving TTL handling for backends to core

* mongo is a secret backend not auth

* adding estimated ttl for backends that also manage the expiration time

* set the estimate values before calling the renew request

* moving calculate TTL to framework, revert removal of increment and issue time from logical

* minor edits

* addressing feedback

* address more feedback
2018-04-03 12:20:20 -04:00
Jeff Mitchell f5ba4796f5
Case insensitive behavior for LDAP (#4238) 2018-04-03 09:52:43 -04:00
Becca Petrin 03cf302e9a Move to "github.com/hashicorp/go-hclog" (#4227)
* logbridge with hclog and identical output

* Initial search & replace

This compiles, but there is a fair amount of TODO
and commented out code, especially around the
plugin logclient/logserver code.

* strip logbridge

* fix majority of tests

* update logxi aliases

* WIP fixing tests

* more test fixes

* Update test to hclog

* Fix format

* Rename hclog -> log

* WIP making hclog and logxi love each other

* update logger_test.go

* clean up merged comments

* Replace RawLogger interface with a Logger

* Add some logger names

* Replace Trace with Debug

* update builtin logical logging patterns

* Fix build errors

* More log updates

* update log approach in command and builtin

* More log updates

* update helper, http, and logical directories

* Update loggers

* Log updates

* Update logging

* Update logging

* Update logging

* Update logging

* update logging in physical

* prefixing and lowercase

* Update logging

* Move phyisical logging name to server command

* Fix som tests

* address jims feedback so far

* incorporate brians feedback so far

* strip comments

* move vault.go to logging package

* update Debug to Trace

* Update go-plugin deps

* Update logging based on review comments

* Updates from review

* Unvendor logxi

* Remove null_logger.go
2018-04-02 17:46:59 -07:00
Calvin Leung Huang 610c137a3d
Remove sensitive fields when reading config data (#4216)
* Remove sensitive fields when reading config data

* Do not use structs; build and return map explicitly

* Revert tag in postgresql

* Fix tests
2018-03-30 10:17:39 -04:00
Jeff Mitchell 487cb7a41a
We don't need to limit the size of ldap queries, so set a high limit (#4169)
Fixes #4162
2018-03-20 16:06:39 -04:00