Armon Dadgar
879a0501f8
vault: Track the token store in core
2015-03-23 13:41:05 -07:00
Armon Dadgar
56d99fe580
vault: token tracks generation path and meta data
2015-03-23 13:39:43 -07:00
Armon Dadgar
2c42b8b364
credential: simplify interface
2015-03-23 13:39:16 -07:00
Armon Dadgar
10e64d1e90
vault: extend router to handle login routing
2015-03-23 11:47:55 -07:00
Mitchell Hashimoto
af2fe5681a
main: hook up consul backend
2015-03-21 17:25:12 +01:00
Mitchell Hashimoto
3270349456
logical/consul: actual test that the token works
2015-03-21 17:23:44 +01:00
Mitchell Hashimoto
55a3423c60
logical/consul
2015-03-21 17:19:37 +01:00
Mitchell Hashimoto
27d33ad9f7
logical/framework: auto-extend leases if requested
2015-03-21 16:20:30 +01:00
Mitchell Hashimoto
05246433bb
logical/aws: refactor access key create to the secret file
2015-03-21 11:49:56 +01:00
Mitchell Hashimoto
665cbaa3e4
logical/aws: remove debug I was using to test rollback :)
2015-03-21 11:20:22 +01:00
Mitchell Hashimoto
9e4b9d593b
logical/aws: WAL entry for users, rollback
2015-03-21 11:18:46 +01:00
Mitchell Hashimoto
f6d5e3f0f4
logical/testing: immediate rollback, ignore RollbackMinAge
2015-03-21 11:18:33 +01:00
Mitchell Hashimoto
17c58633d6
logical/framework: rollback should return error, easier API
2015-03-21 11:08:13 +01:00
Mitchell Hashimoto
a54d90ac1f
logical/framework: rollback needs to have access to request for storage
2015-03-21 11:03:59 +01:00
Armon Dadgar
a78b7207b9
vault: playing with credential store interface
2015-03-20 13:54:57 -07:00
Armon Dadgar
82e13e3c41
vault: implement the sys/auth* endpoints
2015-03-20 12:48:19 -07:00
Mitchell Hashimoto
86a6062ba2
main: enable AWS backend
2015-03-20 19:32:18 +01:00
Mitchell Hashimoto
62d9bec8be
logical/aws
2015-03-20 19:03:20 +01:00
Mitchell Hashimoto
a0f59f682b
logical/framework: can specify InternalData for secret
2015-03-20 17:59:48 +01:00
Mitchell Hashimoto
d43f395050
logical/testing: rollback/revoke secrets, error dangling secrets
2015-03-20 17:20:55 +01:00
Mitchell Hashimoto
1ff229ca68
http: passing tests
2015-03-19 23:28:49 +01:00
Mitchell Hashimoto
c349e97168
vault: clean up VaultID duplications, make secret responses clearer
...
/cc @armon - This is a reasonably major refactor that I think cleans up
a lot of the logic with secrets in responses. The reason for the
refactor is that while implementing Renew/Revoke in logical/framework I
found the existing API to be really awkward to work with.
Primarily, we needed a way to send down internal data for Vault core to
store since not all the data you need to revoke a key is always sent
down to the user (for example the user than AWS key belongs to).
At first, I was doing this manually in logical/framework with
req.Storage, but this is going to be such a common event that I think
its something core should assist with. Additionally, I think the added
context for secrets will be useful in the future when we have a Vault
API for returning orphaned out keys: we can also return the internal
data that might help an operator.
So this leads me to this refactor. I've removed most of the fields in
`logical.Response` and replaced it with a single `*Secret` pointer. If
this is non-nil, then the response represents a secret. The Secret
struct encapsulates all the lease info and such.
It also has some fields on it that are only populated at _request_ time
for Revoke/Renew operations. There is precedent for this sort of
behavior in the Go stdlib where http.Request/http.Response have fields
that differ based on client/server. I copied this style.
All core unit tests pass. The APIs fail for obvious reasons but I'll fix
that up in the next commit.
2015-03-19 23:11:42 +01:00
Mitchell Hashimoto
8039fc5c63
logical/framework: support renew
2015-03-19 20:20:57 +01:00
Mitchell Hashimoto
d4b284fba4
logical/framework: revoke support
2015-03-19 19:41:41 +01:00
Armon Dadgar
7170bff4f9
vault: testing credential enable/disable
2015-03-19 10:39:47 -07:00
Armon Dadgar
ca44529c9d
vault: Change constant name
2015-03-19 09:56:39 -07:00
Armon Dadgar
d88a41944e
vault: Switch AuthTable to using MountTable
2015-03-19 09:54:57 -07:00
Mitchell Hashimoto
b655a78b78
logical/framework: can specify renew/revoke functins for secret
2015-03-19 15:07:45 +01:00
Mitchell Hashimoto
2a1ae18877
vault: convert to new callback style
2015-03-19 15:05:22 +01:00
Mitchell Hashimoto
c7ed24282b
logical/framework: add methods to look up secret and gen response
2015-03-19 14:59:01 +01:00
Mitchell Hashimoto
c21bc26731
logical/framework: use custom request wrapper
2015-03-19 14:39:25 +01:00
Armon Dadgar
bb8a014b6a
vault: first pass at enable/disable auth backends
2015-03-18 19:36:17 -07:00
Armon Dadgar
8cc88981d6
vault: token store is a credential implementation
2015-03-18 19:11:52 -07:00
Armon Dadgar
421f73d332
vault: Removing mtype from router
2015-03-18 15:48:14 -07:00
Armon Dadgar
b8da9c2ee2
vault: first pass at initializing credential backends
2015-03-18 15:46:07 -07:00
Armon Dadgar
d2d1822931
vault: Adding hooks for auth loading
2015-03-18 15:30:31 -07:00
Armon Dadgar
21b9bdaf37
vault: Allow passing in credential backends
2015-03-18 15:21:41 -07:00
Armon Dadgar
b879c5aaf8
credential: Base interface
2015-03-18 15:21:25 -07:00
Armon Dadgar
10a67592cd
vault: more protection of protected mount points
2015-03-18 15:16:52 -07:00
Armon Dadgar
6e22ca50eb
vault: integrate policy and token store into core
2015-03-18 14:00:42 -07:00
Armon Dadgar
481a3a2a91
vault: testing token revocation
2015-03-18 13:50:36 -07:00
Armon Dadgar
4d0700d12f
vault: Guard against blank tokens
2015-03-18 13:21:16 -07:00
Armon Dadgar
ded5dc71e9
vault: First pass token store
2015-03-18 13:19:19 -07:00
Armon Dadgar
51ce336753
vault: Adding PolicyStore
2015-03-18 12:17:03 -07:00
Armon Dadgar
061b6b24f1
vault: Refactor to use CollectKeys
2015-03-18 12:06:18 -07:00
Mitchell Hashimoto
d9bff7b674
vault: TODOs
2015-03-17 20:54:38 -05:00
Mitchell Hashimoto
6f9d63dea5
vault: comment mounts mapping in rollback manager
2015-03-17 20:53:28 -05:00
Mitchell Hashimoto
05f86ca957
vault: put uint32 at top of struct to avoid alignment issues
2015-03-17 20:46:10 -05:00
Mitchell Hashimoto
7d03852f7c
logical/framework: test for minimum age
2015-03-17 20:42:35 -05:00
Mitchell Hashimoto
14a48f6e92
logical/framework: only rollback old enough WAL entries
2015-03-17 20:39:46 -05:00