Mitchell Hashimoto
|
5eff7f1b57
|
vault: upper bound on test
|
2015-04-10 21:22:17 -07:00 |
|
Mitchell Hashimoto
|
992028e23e
|
vault: the expiration time should be relative to the issue time
|
2015-04-10 21:21:06 -07:00 |
|
Armon Dadgar
|
f2c0f79435
|
vault: Split SecurityBarrier interface to BarrierStorage
|
2015-04-10 16:43:35 -07:00 |
|
Armon Dadgar
|
a6d974c74e
|
vault: revoking a token should revoke all secrets it has generated
|
2015-04-10 15:12:04 -07:00 |
|
Armon Dadgar
|
c22d18a5be
|
vault: re-use revokeSalted to share logic
|
2015-04-10 15:06:54 -07:00 |
|
Armon Dadgar
|
1e2863e2b8
|
vault: remove unused RevokeAll method
|
2015-04-10 14:59:49 -07:00 |
|
Armon Dadgar
|
b10fbc4d83
|
vault: Adding token based revocation
|
2015-04-10 14:48:08 -07:00 |
|
Armon Dadgar
|
98679ee7b8
|
vault: Split expiration manager views to index by token
|
2015-04-10 14:21:23 -07:00 |
|
Armon Dadgar
|
39c51ede2e
|
vault: testing renewAuthEntry
|
2015-04-10 14:07:06 -07:00 |
|
Armon Dadgar
|
13836e8612
|
vault: groundwork to allow auth renew
|
2015-04-10 13:59:49 -07:00 |
|
Armon Dadgar
|
e7fe48c33f
|
vault: refactor expiration timer management
|
2015-04-09 12:39:12 -07:00 |
|
Armon Dadgar
|
5a3ab973e6
|
vault: Simplify common lease logic
|
2015-04-09 12:29:13 -07:00 |
|
Armon Dadgar
|
4679febdf3
|
logical: Refactor LeaseOptions to share between Secret and Auth
|
2015-04-09 12:14:04 -07:00 |
|
Armon Dadgar
|
7df486482b
|
vault: Adding LeaseIssue for renew to allow limiting maximum lease length
|
2015-04-09 11:54:32 -07:00 |
|
Mitchell Hashimoto
|
9a034c4ab8
|
vault: lookup-self should allow unauthenticated requests
|
2015-04-08 22:09:47 -07:00 |
|
Armon Dadgar
|
8ebc29d1b9
|
vault: audit broker profiles each backend
|
2015-04-08 17:09:36 -07:00 |
|
Armon Dadgar
|
e25886859e
|
vault: router generates metrics per operation
|
2015-04-08 17:09:10 -07:00 |
|
Armon Dadgar
|
82c5d9c478
|
vault: Enforce non-renewability
|
2015-04-08 17:03:46 -07:00 |
|
Armon Dadgar
|
512b3d7afd
|
vault: Adding metrics profiling
|
2015-04-08 16:43:17 -07:00 |
|
Armon Dadgar
|
429ad7e5cb
|
vault: Handle auth entry without lease
|
2015-04-08 15:43:26 -07:00 |
|
Armon Dadgar
|
466c7575d3
|
Replace VaultID with LeaseID for terminology simplification
|
2015-04-08 13:35:32 -07:00 |
|
Mitchell Hashimoto
|
7e4f47a9e6
|
vault: proper meta parameter for vaultstorage (tests pass now)
|
2015-04-07 14:37:50 -07:00 |
|
Mitchell Hashimoto
|
9378d0388a
|
vault: token store inehrits policies by default
|
2015-04-07 14:19:52 -07:00 |
|
Mitchell Hashimoto
|
8dce065972
|
vault: use mapstructure to decode token args
JSON sends as interface{}, so we can't decode directly into types.
|
2015-04-07 14:16:35 -07:00 |
|
Armon Dadgar
|
a8d4319ad5
|
vault: Update LRU on GetPolicy
|
2015-04-06 16:43:05 -07:00 |
|
Armon Dadgar
|
f022ec97c4
|
vault: Adding policy LRU cache
|
2015-04-06 16:41:48 -07:00 |
|
Armon Dadgar
|
493ee49e4d
|
vault: unify the token renew response
|
2015-04-06 16:35:39 -07:00 |
|
Mitchell Hashimoto
|
7aee6269f7
|
vault: pass a logger around to logical backends
|
2015-04-04 11:39:58 -07:00 |
|
Mitchell Hashimoto
|
246c2839b0
|
logical/framework: make help look nicer
|
2015-04-03 21:00:23 -07:00 |
|
Mitchell Hashimoto
|
8ff435ba1a
|
vault: fix issue with wrong path getting passed through
|
2015-04-03 20:48:04 -07:00 |
|
Mitchell Hashimoto
|
df8dbe9677
|
vault: allow mount point queries without trailing /
|
2015-04-03 20:45:00 -07:00 |
|
Armon Dadgar
|
148fe3d864
|
vault: Adding Hash function to MountTable
|
2015-04-03 17:46:57 -07:00 |
|
Armon Dadgar
|
d74c4c1c33
|
vault: Remove log about rollback
|
2015-04-03 17:11:24 -07:00 |
|
Armon Dadgar
|
3250bfad0a
|
vault: test credential unmount does cleanup
|
2015-04-03 16:15:34 -07:00 |
|
Armon Dadgar
|
82eda2b169
|
vault: Do early check for missing backend
|
2015-04-03 16:09:06 -07:00 |
|
Armon Dadgar
|
0dee7d29ec
|
vault: disable credential backend revokes tokens
|
2015-04-03 16:07:45 -07:00 |
|
Armon Dadgar
|
56d0b51be0
|
vault: Reuse mount table methods
|
2015-04-03 16:00:46 -07:00 |
|
Armon Dadgar
|
683d01e984
|
vault: Refactor common methods
|
2015-04-03 15:59:30 -07:00 |
|
Armon Dadgar
|
eaa483ff87
|
vault: Enforce default and max length leasing
|
2015-04-03 15:42:34 -07:00 |
|
Armon Dadgar
|
0ba7c64c0f
|
vault: Verify client token is not passed through in the plain
|
2015-04-03 15:39:56 -07:00 |
|
Armon Dadgar
|
002b2ad589
|
vault: Provide salted client token to logical backends
|
2015-04-03 14:42:39 -07:00 |
|
Armon Dadgar
|
e4854ca59b
|
vault: Allow deep paths for audit backends
|
2015-04-03 14:27:33 -07:00 |
|
Armon Dadgar
|
2f3e511507
|
vault: Allow deep paths for auth mounting
|
2015-04-03 14:24:00 -07:00 |
|
Armon Dadgar
|
b8d69a357c
|
vault: Use Auth for lease and renewable
|
2015-04-03 14:04:50 -07:00 |
|
Armon Dadgar
|
2feba52f40
|
vault: Adding auth/token/renew endpoint
|
2015-04-03 12:11:49 -07:00 |
|
Armon Dadgar
|
adaa83b48c
|
vault: Adding RenewToken to expiration manager
|
2015-04-03 11:58:10 -07:00 |
|
Armon Dadgar
|
c82fbbb8c3
|
vault: Support prefix based token revocation
|
2015-04-03 11:40:08 -07:00 |
|
Armon Dadgar
|
eec6c27fae
|
vault: Special case auth/token/create
|
2015-04-02 18:05:23 -07:00 |
|
Armon Dadgar
|
c6479642e9
|
vault: integrate login with expiration manager
|
2015-04-02 17:52:11 -07:00 |
|
Armon Dadgar
|
1b19a8ee1b
|
vault: Rename RegisterLogin to RegisterAuth
|
2015-04-02 17:45:42 -07:00 |
|
Armon Dadgar
|
d0ac9e5711
|
vault: Expose SaltID from token store
|
2015-04-02 17:39:38 -07:00 |
|
Armon Dadgar
|
c54534875a
|
vault: testing remount cleanup
|
2015-04-02 12:04:37 -07:00 |
|
Armon Dadgar
|
f397cd3fb1
|
vault: remount does appropriate cleanup
|
2015-04-02 12:03:00 -07:00 |
|
Armon Dadgar
|
3a8dc4dff9
|
vault: Adding Untaint to router
|
2015-04-02 12:01:53 -07:00 |
|
Armon Dadgar
|
bfe7a1e901
|
vault: testing unmount cleanup
|
2015-04-02 11:47:44 -07:00 |
|
Armon Dadgar
|
0b5572a2f7
|
vault: ensure unmount properly cleans up state
|
2015-04-02 11:18:06 -07:00 |
|
Armon Dadgar
|
3e427910fb
|
vault: Support tainting router paths
|
2015-04-02 11:18:06 -07:00 |
|
Armon Dadgar
|
c718408055
|
vault: Added MatchingView method
|
2015-04-02 11:18:06 -07:00 |
|
Armon Dadgar
|
d5e5499ddd
|
vault: Adding ClearView method
|
2015-04-02 11:18:05 -07:00 |
|
Armon Dadgar
|
d5403d6673
|
vault: TODO cleanups
|
2015-04-01 22:13:08 -07:00 |
|
Armon Dadgar
|
f231a6c67d
|
vault: rollback supports joining an inflight operation
|
2015-04-01 22:12:03 -07:00 |
|
Armon Dadgar
|
c3aed5589e
|
vault: Adding intermediate taint step to unmount
|
2015-04-01 22:12:03 -07:00 |
|
Mitchell Hashimoto
|
6218c2729d
|
http: audit endpoints
|
2015-04-01 18:36:13 -07:00 |
|
Armon Dadgar
|
114c1e1dea
|
vault: Adding the raw/ endpoints to sys
|
2015-04-01 17:45:00 -07:00 |
|
Armon Dadgar
|
28bc849fd9
|
vault: Attach policy name if missing
|
2015-04-01 17:45:00 -07:00 |
|
Armon Dadgar
|
6933f94acd
|
vault: Prevent UUID injection on sys mount path
|
2015-04-01 17:45:00 -07:00 |
|
Mitchell Hashimoto
|
a8912e82d8
|
enable github
|
2015-04-01 15:48:56 -07:00 |
|
Armon Dadgar
|
4138e43f00
|
vault: Adding audit trail for login
|
2015-04-01 14:48:37 -07:00 |
|
Armon Dadgar
|
3d3e18793b
|
vault: Integrate audit logging with core
|
2015-04-01 14:33:48 -07:00 |
|
Armon Dadgar
|
b657b74a97
|
vault: Minor rework for clarity
|
2015-04-01 14:11:26 -07:00 |
|
Armon Dadgar
|
c83f46606b
|
vault: Simpify token checking logic
|
2015-04-01 14:03:17 -07:00 |
|
Armon Dadgar
|
cd681d7226
|
vault: Extending AuditBroker to support new audit methods
|
2015-04-01 13:55:07 -07:00 |
|
Mitchell Hashimoto
|
08a9216aa7
|
vault: register vault ID even fi no lease
|
2015-03-31 21:04:10 -07:00 |
|
Mitchell Hashimoto
|
2c9ebecda7
|
vault: register zero lease entries with the expiration manager
/cc @armon - would appreciate a review on this one
|
2015-03-31 21:01:12 -07:00 |
|
Mitchell Hashimoto
|
aba7fc1910
|
http: auth handlers
|
2015-03-31 20:24:51 -07:00 |
|
Armon Dadgar
|
dda8dec5bf
|
vault: Adding sys/ paths to enable/disable audit backends
|
2015-03-31 16:45:08 -07:00 |
|
Armon Dadgar
|
7ca462c028
|
vault: Adding enable/disable audit methods
|
2015-03-31 15:26:07 -07:00 |
|
Armon Dadgar
|
d817e31d67
|
vault: Sanity check keys in the barrier view
|
2015-03-31 13:32:24 -07:00 |
|
Armon Dadgar
|
a6bc60c7d6
|
vault: Adding AuditBroker and basic tests
|
2015-03-31 13:22:40 -07:00 |
|
Armon Dadgar
|
0a7df0b3d4
|
vault: Adding options to mount table
|
2015-03-31 13:14:08 -07:00 |
|
Mitchell Hashimoto
|
1dcb37c6b6
|
vault: lookup-self for TokenStore to look up your own store
|
2015-03-31 12:51:00 -07:00 |
|
Mitchell Hashimoto
|
63f259cc8d
|
vault: lookup without a token looks up self
|
2015-03-31 12:50:07 -07:00 |
|
Mitchell Hashimoto
|
6a72ea61d5
|
vault: convert TokenStore to logical/framework
|
2015-03-31 12:48:19 -07:00 |
|
Mitchell Hashimoto
|
c8294170cc
|
vault: test bad key to seal
|
2015-03-31 10:00:04 -07:00 |
|
Mitchell Hashimoto
|
0666bda865
|
vault: require root token for seal
|
2015-03-31 09:59:02 -07:00 |
|
Mitchell Hashimoto
|
04c80a81bc
|
vault: add seal to the sys backend
|
2015-03-31 09:36:13 -07:00 |
|
Mitchell Hashimoto
|
d4509b0ee3
|
vault: keep the connection info around for auth
|
2015-03-30 20:55:01 -07:00 |
|
Mitchell Hashimoto
|
c9acfa17cb
|
vault: get rid of HangleLogin
|
2015-03-30 20:26:39 -07:00 |
|
Mitchell Hashimoto
|
69593cde56
|
remove credential/ lots of tests faililng
|
2015-03-30 18:07:05 -07:00 |
|
Mitchell Hashimoto
|
62ee621ea3
|
logical: move cred stuff over here
|
2015-03-30 17:46:18 -07:00 |
|
Mitchell Hashimoto
|
e9a3a34c27
|
vault: tests passing
|
2015-03-29 16:18:08 -07:00 |
|
Mitchell Hashimoto
|
4cacaf62f0
|
http: support auth
|
2015-03-29 16:14:54 -07:00 |
|
Armon Dadgar
|
5517910829
|
vault: Make audit/ a protected path
|
2015-03-27 14:00:57 -07:00 |
|
Armon Dadgar
|
042db7798e
|
vault: Adding basic audit table load/unload
|
2015-03-27 14:00:38 -07:00 |
|
Armon Dadgar
|
609ac4c562
|
vault: Allow passing in audit factory methods
|
2015-03-27 13:45:13 -07:00 |
|
Armon Dadgar
|
9a4946f115
|
vault: Testing core ACL enforcement
|
2015-03-24 15:55:27 -07:00 |
|
Armon Dadgar
|
23864839bb
|
vault: testing root privilege restrictions
|
2015-03-24 15:52:07 -07:00 |
|
Armon Dadgar
|
fe402cdd87
|
vault: ignore a nil policy object, as it has no permissions
|
2015-03-24 15:49:17 -07:00 |
|
Armon Dadgar
|
b354f03cb2
|
vault: adding auth/token/lookup/ support
|
2015-03-24 15:39:33 -07:00 |
|
Armon Dadgar
|
4a4d1d3e45
|
vault: adding auth/token/revoke/ and auth/token/revoke-orphan/
|
2015-03-24 15:30:09 -07:00 |
|