Commit graph

31 commits

Author SHA1 Message Date
Jeff Mitchell 4f4ddbf017 Create more granular ACL capabilities.
This commit splits ACL policies into more fine-grained capabilities.
This both drastically simplifies the checking code and makes it possible
to support needed workflows that are not possible with the previous
method. It is backwards compatible; policies containing a "policy"
string are simply converted to a set of capabilities matching previous
behavior.

Fixes #724 (and others).
2016-01-08 13:05:14 -05:00
Jeff Mitchell f3ce90164f WriteOperation -> UpdateOperation 2016-01-08 13:03:03 -05:00
Jeff Mitchell 10d24779c0 Rename GetWarnings->Warnings for responses 2015-10-07 16:18:39 -04:00
Jeff Mitchell d740fd4a6a Add the ability for warnings to be added to responses. These are
marshalled into JSON or displayed from the CLI depending on the output
mode. This allows conferring information such as "no such policy exists"
when creating a token -- not an error, but something the user should be
aware of.

Fixes #676
2015-10-07 16:18:39 -04:00
Jeff Mitchell a8ef0e8a80 Remove cookie authentication. 2015-08-21 19:46:23 -07:00
Jeff Mitchell 93ef9a54bd Internally refactor Lease/LeaseGracePeriod into TTL/GracePeriod 2015-08-20 18:00:51 -07:00
Jeff Mitchell 15f57082e0 Begin factoring out sys paths into logical routes. Also, standardize on 307 as redirect code. 2015-08-20 13:20:35 -07:00
Armon Dadgar 496ebe561c vault: cleanups for the audit log changes 2015-06-29 15:27:28 -07:00
Nate Brown c55f103c58 Adding error and remote_address to audit log lines 2015-06-18 17:17:18 -07:00
Armon Dadgar 11c625fea2 http: support raw HTTP output 2015-05-27 14:10:00 -07:00
Jonathan Sokolowski be2538aca3 http: Extract IP from RemoteAddr correctly 2015-05-20 15:23:41 +10:00
Armon Dadgar d258be6093 http: avoid authenticating as new token for auth/token/create 2015-04-27 15:17:59 -07:00
Seth Vargo ee6963ee01 Use lowercase JSON keys for client_token 2015-04-24 12:00:00 -04:00
Armon Dadgar c7d521b2be http: pass raw request through 2015-04-19 14:36:50 -07:00
Armon Dadgar 6f5b4637fb http: support standby redirects 2015-04-19 13:47:57 -07:00
Mitchell Hashimoto a44eb0dcd0 http: renew endpoints 2015-04-13 20:42:07 -07:00
Armon Dadgar 466c7575d3 Replace VaultID with LeaseID for terminology simplification 2015-04-08 13:35:32 -07:00
Mitchell Hashimoto 6015a8d7c2 http: handle errors better 2015-04-08 11:19:03 -07:00
Mitchell Hashimoto d97d9b928a command/token-revoke 2015-04-07 14:36:17 -07:00
Mitchell Hashimoto ee690ee3b3 command/token-create 2015-04-07 14:20:18 -07:00
Mitchell Hashimoto 065650b88d http: make POST to WriteOperation 2015-04-07 14:00:09 -07:00
Mitchell Hashimoto 37f58dec59 http: logical delete support 2015-04-07 11:04:06 -07:00
Mitchell Hashimoto aabcaee0c0 api: add auth information to results 2015-04-04 15:40:41 -07:00
Mitchell Hashimoto 4e8efbbd48 http: respondCommon to do common responses 2015-03-31 21:29:53 -07:00
Mitchell Hashimoto 795e117867 http: detect errors in logical and return them properly 2015-03-31 21:24:20 -07:00
Mitchell Hashimoto e9b20c7ae3 http: handle redirects and set auth cookies 2015-03-30 21:06:15 -07:00
Mitchell Hashimoto 4cacaf62f0 http: support auth 2015-03-29 16:14:54 -07:00
Mitchell Hashimoto 1ff229ca68 http: passing tests 2015-03-19 23:28:49 +01:00
Armon Dadgar e85cd66b30 all: Removing fields from Lease 2015-03-16 13:29:51 -07:00
Mitchell Hashimoto 341d71c91d http: 404 if reading secret that doesn't exist 2015-03-15 19:42:24 -07:00
Mitchell Hashimoto 742923452b http: generic read/write endpoint for secrets 2015-03-15 19:35:04 -07:00