Jeff Mitchell
4f4ddbf017
Create more granular ACL capabilities.
...
This commit splits ACL policies into more fine-grained capabilities.
This both drastically simplifies the checking code and makes it possible
to support needed workflows that are not possible with the previous
method. It is backwards compatible; policies containing a "policy"
string are simply converted to a set of capabilities matching previous
behavior.
Fixes #724 (and others).
2016-01-08 13:05:14 -05:00
Jeff Mitchell
f3ce90164f
WriteOperation -> UpdateOperation
2016-01-08 13:03:03 -05:00
Jeff Mitchell
10d24779c0
Rename GetWarnings->Warnings for responses
2015-10-07 16:18:39 -04:00
Jeff Mitchell
d740fd4a6a
Add the ability for warnings to be added to responses. These are
...
marshalled into JSON or displayed from the CLI depending on the output
mode. This allows conferring information such as "no such policy exists"
when creating a token -- not an error, but something the user should be
aware of.
Fixes #676
2015-10-07 16:18:39 -04:00
Jeff Mitchell
a8ef0e8a80
Remove cookie authentication.
2015-08-21 19:46:23 -07:00
Jeff Mitchell
93ef9a54bd
Internally refactor Lease/LeaseGracePeriod into TTL/GracePeriod
2015-08-20 18:00:51 -07:00
Jeff Mitchell
15f57082e0
Begin factoring out sys paths into logical routes. Also, standardize on 307 as redirect code.
2015-08-20 13:20:35 -07:00
Armon Dadgar
496ebe561c
vault: cleanups for the audit log changes
2015-06-29 15:27:28 -07:00
Nate Brown
c55f103c58
Adding error and remote_address to audit log lines
2015-06-18 17:17:18 -07:00
Armon Dadgar
11c625fea2
http: support raw HTTP output
2015-05-27 14:10:00 -07:00
Jonathan Sokolowski
be2538aca3
http: Extract IP from RemoteAddr correctly
2015-05-20 15:23:41 +10:00
Armon Dadgar
d258be6093
http: avoid authenticating as new token for auth/token/create
2015-04-27 15:17:59 -07:00
Seth Vargo
ee6963ee01
Use lowercase JSON keys for client_token
2015-04-24 12:00:00 -04:00
Armon Dadgar
c7d521b2be
http: pass raw request through
2015-04-19 14:36:50 -07:00
Armon Dadgar
6f5b4637fb
http: support standby redirects
2015-04-19 13:47:57 -07:00
Mitchell Hashimoto
a44eb0dcd0
http: renew endpoints
2015-04-13 20:42:07 -07:00
Armon Dadgar
466c7575d3
Replace VaultID with LeaseID for terminology simplification
2015-04-08 13:35:32 -07:00
Mitchell Hashimoto
6015a8d7c2
http: handle errors better
2015-04-08 11:19:03 -07:00
Mitchell Hashimoto
d97d9b928a
command/token-revoke
2015-04-07 14:36:17 -07:00
Mitchell Hashimoto
ee690ee3b3
command/token-create
2015-04-07 14:20:18 -07:00
Mitchell Hashimoto
065650b88d
http: make POST to WriteOperation
2015-04-07 14:00:09 -07:00
Mitchell Hashimoto
37f58dec59
http: logical delete support
2015-04-07 11:04:06 -07:00
Mitchell Hashimoto
aabcaee0c0
api: add auth information to results
2015-04-04 15:40:41 -07:00
Mitchell Hashimoto
4e8efbbd48
http: respondCommon to do common responses
2015-03-31 21:29:53 -07:00
Mitchell Hashimoto
795e117867
http: detect errors in logical and return them properly
2015-03-31 21:24:20 -07:00
Mitchell Hashimoto
e9b20c7ae3
http: handle redirects and set auth cookies
2015-03-30 21:06:15 -07:00
Mitchell Hashimoto
4cacaf62f0
http: support auth
2015-03-29 16:14:54 -07:00
Mitchell Hashimoto
1ff229ca68
http: passing tests
2015-03-19 23:28:49 +01:00
Armon Dadgar
e85cd66b30
all: Removing fields from Lease
2015-03-16 13:29:51 -07:00
Mitchell Hashimoto
341d71c91d
http: 404 if reading secret that doesn't exist
2015-03-15 19:42:24 -07:00
Mitchell Hashimoto
742923452b
http: generic read/write endpoint for secrets
2015-03-15 19:35:04 -07:00