Commit graph

34 commits

Author SHA1 Message Date
Becca Petrin 4e7237178f
Add a header type field (#4993) 2018-08-13 11:02:44 -07:00
Jeff Mitchell 8916f6b625
Some atomic cleanup (#4732)
Taking inspiration from
https://github.com/golang/go/issues/17604#issuecomment-256384471
suggests that taking the address of a stack variable for use in atomics
works (at least, the race detector doesn't complain) but is doing it
wrong.

The only other change is a change in Leader() detecting if HA is enabled
to fast-path out. This value never changes after NewCore, so we don't
need to grab the read lock to check it.
2018-06-09 15:35:22 -04:00
Chris Hoffman a7ada08b3b
Core handling of TTLs (#4230)
* govet cleanup in token store

* adding general ttl handling to login requests

* consolidating TTL calculation to system view

* deprecate LeaseExtend

* deprecate LeaseExtend

* set the increment to the correct value

* move calculateTTL out of SystemView

* remove unused value

* add back clearing of lease id

* implement core ttl in some backends

* removing increment and issue time from lease options

* adding ttl tests, fixing some compile issue

* adding ttl tests

* fixing some explicit max TTL logic

* fixing up some tests

* removing unneeded test

* off by one errors...

* adding back some logic for bc

* adding period to return on renewal

* tweaking max ttl capping slightly

* use the appropriate precision for ttl calculation

* deprecate proto fields instead of delete

* addressing feedback

* moving TTL handling for backends to core

* mongo is a secret backend not auth

* adding estimated ttl for backends that also manage the expiration time

* set the estimate values before calling the renew request

* moving calculate TTL to framework, revert removal of increment and issue time from logical

* minor edits

* addressing feedback

* address more feedback
2018-04-03 12:20:20 -04:00
Brian Kassouf 2f19de0305 Add context to storage backends and wire it through a lot of places (#3817) 2018-01-19 01:44:44 -05:00
Brian Kassouf 64da50c27c
Update plugin deps to include context changes (#3765)
* Update plugin deps to include context changes

* Fix tests
2018-01-08 12:26:13 -08:00
Brian Kassouf afe53eb862
Database gRPC plugins (#3666)
* Start work on context aware backends

* Start work on moving the database plugins to gRPC in order to pass context

* Add context to builtin database plugins

* use byte slice instead of string

* Context all the things

* Move proto messages to the dbplugin package

* Add a grpc mechanism for running backend plugins

* Serve the GRPC plugin

* Add backwards compatibility to the database plugins

* Remove backend plugin changes

* Remove backend plugin changes

* Cleanup the transport implementations

* If grpc connection is in an unexpected state restart the plugin

* Fix tests

* Fix tests

* Remove context from the request object, replace it with context.TODO

* Add a test to verify netRPC plugins still work

* Remove unused mapstructure call

* Code review fixes

* Code review fixes

* Code review fixes
2017-12-14 14:03:11 -08:00
Jeff Mitchell 679b0144c9 Fix TypeDurationSecond to not panic at runtime if the given default is a string (#2396)
Fix TypeDurationSecond to not panic at runtime if the given default is a string.

Fixes #myownannoyance
2017-02-17 17:25:53 -05:00
vishalnayak e09b40e155 Remove Unix() invocations on 'time.Time' objects and removed conversion of time to UTC 2016-07-08 18:30:18 -04:00
vishalnayak 6f65d9293a Fix framework rollback manager tests 2016-05-14 19:35:36 -04:00
Jeff Mitchell 7353fa3e56 Adjust framework unit tests for new LeaseExtend 2016-01-29 19:31:37 -05:00
Jeff Mitchell f3ce90164f WriteOperation -> UpdateOperation 2016-01-08 13:03:03 -05:00
Jeff Mitchell ea9fbb90bc Rejig Lease terminology internally; also, put a few JSON names back to their original values 2015-08-20 22:27:01 -07:00
Jeff Mitchell 93ef9a54bd Internally refactor Lease/LeaseGracePeriod into TTL/GracePeriod 2015-08-20 18:00:51 -07:00
Caleb Tennis ae990884a6 Add a validation step in field data to error more quickly vs. allowing panics to happen when we go to get the data and convert it 2015-08-11 12:34:14 -04:00
Armon Dadgar 6b23b14773 logical/framework: adding a new duration type to convert to seconds 2015-06-17 15:56:26 -07:00
Armon Dadgar f39b522681 logical/framework: allow the lease max to come from existing lease 2015-06-17 14:24:12 -07:00
Mitchell Hashimoto 6272ad75dc logical/framework: secret lease tests 2015-04-13 15:18:27 -07:00
Mitchell Hashimoto a360ca4928 logical/framework: AuthRenew callback, add LeaseExtend
/cc @armon - Going with this "standard library" of callbacks approach
to make extending leases in a customizable way easy. See the docs/tests
above.
2015-04-11 14:46:09 -07:00
Mitchell Hashimoto 0bbad03c70 logical/framework: support root help 2015-04-03 20:36:47 -07:00
Armon Dadgar c5a5c6e3a6 logical/framework: automatically anchor 2015-04-01 17:53:02 -07:00
Mitchell Hashimoto 27d33ad9f7 logical/framework: auto-extend leases if requested 2015-03-21 16:20:30 +01:00
Mitchell Hashimoto 17c58633d6 logical/framework: rollback should return error, easier API 2015-03-21 11:08:13 +01:00
Mitchell Hashimoto a54d90ac1f logical/framework: rollback needs to have access to request for storage 2015-03-21 11:03:59 +01:00
Mitchell Hashimoto a0f59f682b logical/framework: can specify InternalData for secret 2015-03-20 17:59:48 +01:00
Mitchell Hashimoto c349e97168 vault: clean up VaultID duplications, make secret responses clearer
/cc @armon - This is a reasonably major refactor that I think cleans up
a lot of the logic with secrets in responses. The reason for the
refactor is that while implementing Renew/Revoke in logical/framework I
found the existing API to be really awkward to work with.

Primarily, we needed a way to send down internal data for Vault core to
store since not all the data you need to revoke a key is always sent
down to the user (for example the user than AWS key belongs to).

At first, I was doing this manually in logical/framework with
req.Storage, but this is going to be such a common event that I think
its something core should assist with. Additionally, I think the added
context for secrets will be useful in the future when we have a Vault
API for returning orphaned out keys: we can also return the internal
data that might help an operator.

So this leads me to this refactor. I've removed most of the fields in
`logical.Response` and replaced it with a single `*Secret` pointer. If
this is non-nil, then the response represents a secret. The Secret
struct encapsulates all the lease info and such.

It also has some fields on it that are only populated at _request_ time
for Revoke/Renew operations. There is precedent for this sort of
behavior in the Go stdlib where http.Request/http.Response have fields
that differ based on client/server. I copied this style.

All core unit tests pass. The APIs fail for obvious reasons but I'll fix
that up in the next commit.
2015-03-19 23:11:42 +01:00
Mitchell Hashimoto 8039fc5c63 logical/framework: support renew 2015-03-19 20:20:57 +01:00
Mitchell Hashimoto d4b284fba4 logical/framework: revoke support 2015-03-19 19:41:41 +01:00
Mitchell Hashimoto c7ed24282b logical/framework: add methods to look up secret and gen response 2015-03-19 14:59:01 +01:00
Mitchell Hashimoto c21bc26731 logical/framework: use custom request wrapper 2015-03-19 14:39:25 +01:00
Mitchell Hashimoto 7d03852f7c logical/framework: test for minimum age 2015-03-17 20:42:35 -05:00
Mitchell Hashimoto 14a48f6e92 logical/framework: only rollback old enough WAL entries 2015-03-17 20:39:46 -05:00
Mitchell Hashimoto 378968d56e logical/framework: WAL entry supports "kind" 2015-03-17 20:39:46 -05:00
Mitchell Hashimoto b8e2272421 logical/framework: rollback support 2015-03-17 20:39:46 -05:00
Mitchell Hashimoto 11f8423b4f logical/framework, logical/testing 2015-03-15 16:39:49 -07:00
Renamed from helper/backend/backend_test.go (Browse further)