f0203741ff
Change default TTL from 30 to 32 to accommodate monthly operations ( #1942 )
2016-09-28 18:32:49 -04:00
6bf871995b
Don't use time.Time in responses. ( #1912 )
...
This fixes #1911 but not directly; it doesn't address the cause of the
panic. However, it turns out that this is the correct fix anyways,
because it ensures that the value being logged is RFC3339 format, which
is what the time turns into in JSON but not the normal time string
value, so what we audit log (and HMAC) matches what we are returning.
2016-09-23 12:32:07 -04:00
722e26f27a
Add support for PGP encrypting the initial root token. ( #1883 )
2016-09-13 18:42:24 -04:00
5b79e5c115
Redirect rekey operation from standby to master ( #1868 )
2016-09-13 11:59:12 -04:00
7ba006acd9
Remove too-verbose log
2016-09-04 07:43:54 -04:00
1c6f2fd82b
Add response wrapping to list operations ( #1814 )
2016-09-02 01:13:14 -04:00
9c78c58948
Remove the string 'Vault' from version information
2016-09-01 14:54:04 -04:00
7e41d5ab45
Pass headers back when request forwarding ( #1795 )
2016-08-26 17:53:47 -04:00
1dbc06029d
Remove outdated comment.
2016-08-24 14:16:02 -04:00
b89073f7e6
Error when an invalid (as opposed to incorrect) unseal key is given. ( #1782 )
...
Fixes #1777
2016-08-24 14:15:25 -04:00
58b32e5432
Convert to logxi
2016-08-21 18:13:37 -04:00
bdcfe05517
Clustering enhancements ( #1747 )
2016-08-19 11:03:53 -04:00
c349e697f5
Change uninit/sealed status codes from health endpoint
2016-08-18 12:10:23 -04:00
5c33356d14
Protobuf for forwarding ( #1743 )
2016-08-17 16:15:15 -04:00
62c69f8e19
Provide base64 keys in addition to hex encoded. ( #1734 )
...
* Provide base64 keys in addition to hex encoded.
Accept these at unseal/rekey time.
Also fix a bug where backup would not be honored when doing a rekey with
no operation currently ongoing.
2016-08-15 16:01:15 -04:00
37320f8798
Request forwarding ( #1721 )
...
Add request forwarding.
2016-08-15 09:42:42 -04:00
bcb4ab5422
Add periodic support for root/sudo tokens to auth/token/create
2016-08-12 21:14:12 -04:00
3895ea4c2b
Address review feedback from @jefferai
2016-08-10 15:22:12 -04:00
95f9c62523
Fix Cluster object being returned as nil when unsealed
2016-08-10 15:09:16 -04:00
5a1ca832af
Merge pull request #1699 from hashicorp/dataonly
...
Return sys values in top level normal api.Secret
2016-08-09 07:17:02 -04:00
5771a539a5
Add HTTP test for renew and fix muxing
2016-08-08 20:01:08 -04:00
ab71b981ad
Add ability to specify renew lease ID in POST body.
2016-08-08 18:00:44 -04:00
3c2aae215c
Fix tests and update mapstructure
2016-08-08 16:00:31 -04:00
3e6b48cca3
Initial `dataonly` work.
2016-08-08 11:55:24 -04:00
82b3d136e6
Don't mark never-expiring root tokens as renewable
2016-08-05 11:15:25 -04:00
1fc837c22a
Fix nil panic in certain error conditions
2016-08-02 14:57:11 -04:00
4e25e729ee
Removed duplicated check in tests
2016-07-29 14:18:53 -04:00
8b0b0d5922
Add cluster information to 'vault status'
2016-07-29 14:13:53 -04:00
e5e0431393
Added Vault version informationto the 'status' command
2016-07-28 17:37:35 -04:00
4d9c909ae4
Merge pull request #1650 from hashicorp/request-uuid
...
Added unique identifier to each request. Closes hashicorp/vault#1617
2016-07-27 09:40:48 -04:00
c17534d527
Fix request_id test failures
2016-07-26 18:30:13 -04:00
9d4a1b03bc
Fix broken tests
2016-07-26 16:53:59 -04:00
67801bcf64
uncomment
2016-07-26 16:44:50 -04:00
fb1b032040
fixing id in buildLogicalRequest
2016-07-26 15:50:37 -04:00
86446ff67e
Error out if cluster information is nil when Vault is unsealed
2016-07-26 15:30:38 -04:00
6145bed088
Added omitempty to ClusterName and ClusterID
2016-07-26 14:11:32 -04:00
669bbdfa48
Address review feedback from @jefferai
2016-07-26 14:05:27 -04:00
ad66bd7502
fixes based proper interpretation of comments
2016-07-26 12:20:27 -04:00
a3e6400697
Remove global name/id. Make only cluster name configurable.
2016-07-26 10:01:35 -04:00
c7dabe4def
Storing local and global cluster name/id to storage and returning them in health status
2016-07-26 02:32:42 -04:00
6c393cf17a
Fix tests
2016-07-25 17:05:54 -04:00
8d52a96df5
moving id to http/logical
2016-07-25 15:24:10 -04:00
43d352a942
Add version information to health status
2016-07-22 18:28:16 -04:00
c14235b206
Merge branch 'master-oss' into json-use-number
...
Conflicts:
http/handler.go
logical/framework/field_data.go
logical/framework/wal.go
vault/logical_passthrough.go
2016-07-15 19:21:55 -04:00
9f1e6c7b26
Merge pull request #1607 from hashicorp/standardize-time
...
Remove redundant invocations of UTC() call on `time.Time` objects
2016-07-13 10:19:23 -06:00
8269f323d3
Revert 'risky' changes
2016-07-12 16:38:07 -04:00
5b210b2a1f
Return a duration instead and port a few other places to use it
2016-07-11 18:19:35 +00:00
e09b40e155
Remove Unix() invocations on 'time.Time' objects and removed conversion of time to UTC
2016-07-08 18:30:18 -04:00
ad7cb2c8f1
Added JSON Decode and Encode helpers.
...
Changed all the occurances of Unmarshal to use the helpers.
Fixed http/ package tests.
2016-07-06 12:25:40 -04:00
889ff24ccf
Fix up error detection regression to return correct status codes
2016-06-22 17:47:05 -04:00
0bdeea3a33
Fix the test cases
2016-06-20 18:56:19 -04:00
e925987cb6
Add token accessor to wrap information if one exists
2016-06-13 23:58:17 +00:00
1de6140d5c
Fix mah broken tests
2016-06-10 14:03:56 -04:00
9f6c5bc02a
cubbyhole-response-wrapping -> response-wrapping
2016-06-10 13:48:46 -04:00
8b1da1a105
Support HEAD requests to /v1/sys/health
...
Some load balancers send HTTP HEAD requests to extract the status code.
2016-06-09 18:16:28 +02:00
401456ea50
Add creation time to returned wrapped token info
...
This makes it easier to understand the expected lifetime without a
lookup call that uses the single use left on the token.
This also adds a couple of safety checks and for JSON uses int, rather
than int64, for the TTL for the wrapped token.
2016-06-07 15:00:35 -04:00
05b0e0a866
Enable audit-logging of seal and step-down commands.
...
This pulls the logical request building code into its own function so
that it's accessible from other HTTP handlers, then uses that with some
added logic to the Seal() and StepDown() commands to have meaningful
audit log entries.
2016-05-20 17:03:54 +00:00
c9aaabe235
Fix missing return after respondError in handleLogical
2016-05-20 15:49:48 +00:00
caf77109ba
Add cubbyhole wrapping documentation
2016-05-19 13:33:51 -04:00
c4431a7e30
Address most review feedback. Change responses to multierror to better return more useful values when there are multiple errors
2016-05-16 16:11:33 -04:00
ce5614bf9b
Merge branch 'master-oss' into cubbyhole-the-world
2016-05-11 19:29:52 -04:00
aecc3ad824
Add explicit maximum TTLs to token store roles.
2016-05-11 16:51:18 -04:00
c5008bcaac
Add more tests
2016-05-07 21:08:13 -04:00
2295cadbf4
Make WrapInfo a pointer to match secret/auth in response
2016-05-07 19:17:51 -04:00
09f06554cb
Address some review feedback
2016-05-04 16:03:53 -04:00
99a5b4402d
Merge branch 'master-oss' into cubbyhole-the-world
2016-05-04 14:42:14 -04:00
7e462e566b
Check nil keys and respond internal error if it can't be cast to a []string
2016-05-02 20:00:46 -04:00
16b717022b
In a list response, if there are no keys, 404 to be consistent with GET
...
and with different backend conditions
Fixes #1365
2016-05-02 19:38:06 -04:00
aba689a877
Add wrapping through core and change to use TTL instead of Duration.
2016-05-02 00:47:35 -04:00
d81806b446
Add:
...
* Request/Response field extension
* Parsing of header into request object
* Handling of duration/mount point within router
* Tests of router WrapDuration handling
2016-05-02 00:24:32 -04:00
aeea7628d6
Add a *log.Logger argument to physical.Factory
...
Logging in the backend is a good thing. This is a noisy interface change but should be a functional noop.
2016-04-25 20:10:32 -07:00
98d09b0dc6
Add seal tests and update generate-root and others to handle dualseal.
2016-04-25 19:39:04 +00:00
a4ff72841e
Check for seal status when initing and change logic order to avoid defer
2016-04-14 01:13:59 +00:00
afae46feb7
SealInterface
2016-04-04 10:44:22 -04:00
d959ffc301
Rename PrepareRequest to PrepareRequestFunc
2016-03-18 10:37:49 -04:00
fbfe72f286
Removed http/sys_capabilties_test.go
2016-03-18 09:48:45 -04:00
55f03b5d25
Add separate path for capabilities-self to enable ACL
2016-03-17 22:52:03 -04:00
a70d4d5c9f
Deleted http/sys_capabilities.go since the requests are directly going to system backend
2016-03-17 22:44:48 -04:00
4e6dcfd6d0
Enable callbacks for handling logical.Request changes before processing requests
2016-03-17 22:29:53 -04:00
f1feee9b53
Fix http capabilities tests
2016-03-17 21:03:32 -04:00
68367f60c8
Fix broken testcases
2016-03-17 21:03:32 -04:00
d348735322
Fix help descriptions
2016-03-17 21:03:32 -04:00
f275cd2e9c
Fixed capabilities API to receive logical response
2016-03-17 21:03:32 -04:00
a5d79d587a
Refactoring the capabilities function
2016-03-17 21:03:32 -04:00
dcb7f00bcc
Move sys/capabilities to logical_system along with business logic from core
2016-03-17 21:03:32 -04:00
2b712bc778
Move capabilities accessor logic to logical_system
2016-03-17 21:03:32 -04:00
dd94e8e689
Fix broken test case
2016-03-14 18:44:13 -04:00
ba50a14736
Refactor fetching sys/health parameters
2016-03-11 09:52:31 -05:00
77b90c6745
Add query parameters to `/sys/health` to specify return codes.
...
Fixes #1199
2016-03-11 00:41:25 -05:00
fa2ba47a5c
Merge branch 'master' into token-roles
2016-03-09 17:23:34 -05:00
f478cc57e0
fix all the broken tests
2016-03-09 13:45:36 -05:00
c4a2c5b56e
Added tests for 'sys/capabilities-accessor' endpoint
2016-03-09 11:29:09 -05:00
151c932875
AccessorID --> Accessor, accessor_id --> accessor
2016-03-09 06:23:31 -05:00
62777c9f7e
ErrUserInput --> StatusBadRequest
2016-03-08 21:47:24 -05:00
8117996378
Implemented /sys/capabilities-accessor and a way for setting HTTP error code in all the responses
2016-03-08 19:14:29 -05:00
2737c81b39
Lay the foundation for returning proper HTTP status codes
2016-03-08 18:27:03 -05:00
301776012f
Introduced AccessorID in TokenEntry and returning it along with token
2016-03-08 14:06:10 -05:00
08c40c9bba
Introduced ErrUserInput to distinguish user error from server error
2016-03-07 22:16:09 -05:00
3b463c2d4e
use errwrap to check the type of error message, fix typos
2016-03-07 18:36:26 -05:00
cc1f5207b3
Merge branch 'master' into token-roles
2016-03-07 10:03:54 -05:00
Jeff Mitchell