Jeff Mitchell
4239f9d243
Add DynamicSystemView. This uses a pointer to a pointer to always have
...
up-to-date information. This allows remount to be implemented with the
same source and dest, allowing mount options to be changed on the fly.
If/when Vault gains the ability to HUP its configuration, this should
just work for the global values as well.
Need specific unit tests for this functionality.
2015-09-10 15:09:54 -04:00
Jeff Mitchell
d435048d9e
Switch StaticSystemView values to pointers, to support updating
2015-09-10 15:09:54 -04:00
Jeff Mitchell
696d0c7b1d
Plumb per-mount config options through API
2015-09-10 15:09:53 -04:00
Jeff Mitchell
9e5e8a8a4d
Whitespace fix
2015-08-27 12:14:51 -07:00
Jeff Mitchell
cdabe6350e
SystemConfig -> SystemView
2015-08-27 11:38:05 -07:00
Jeff Mitchell
b74fa8c888
Make DefaultSystemView StaticSystemView with statically-configured information. Export this from Framework to make it easy to override for testing.
2015-08-27 11:25:07 -07:00
Jeff Mitchell
7c2bbe4c7f
Use a SystemView interface and turn SystemConfig into DefaultSystemView
2015-08-27 10:36:44 -07:00
Jeff Mitchell
e58553e7d5
Plumb the system configuration information up into framework
2015-08-27 09:41:03 -07:00
Jeff Mitchell
2e07106c4b
Add some documentation to SystemConfig
2015-08-27 09:14:03 -07:00
Jeff Mitchell
992e357d07
Add some plumbing to allow specified system configuration information to
...
be retrieved by logical backends. First implemented is default/max TTL.
2015-08-27 08:51:35 -07:00
Jeff Mitchell
5695d57ba0
Merge pull request #561 from hashicorp/fix-wild-cards
...
Allow hyphens in endpoint patterns of most backends
2015-08-21 11:40:42 -07:00
vishalnayak
6c2927ede0
Vault: Fix wild card paths for all backends
2015-08-21 00:56:13 -07:00
Jeff Mitchell
ea9fbb90bc
Rejig Lease terminology internally; also, put a few JSON names back to their original values
2015-08-20 22:27:01 -07:00
Jeff Mitchell
93ef9a54bd
Internally refactor Lease/LeaseGracePeriod into TTL/GracePeriod
2015-08-20 18:00:51 -07:00
Jeff Mitchell
b57ce8e5c2
Change "lease" parameter in the generic backend to be "ttl" to reduce confusion. "lease" is now deprecated but will remain valid until 0.4.
...
Fixes #528 .
2015-08-20 16:41:25 -07:00
Armon Dadgar
4abc488cec
Merge pull request #510 from ctennis/more_descriptive_errors
...
More descriptive errors with specific HTTP return codes
2015-08-11 10:11:26 -07:00
Caleb Tennis
ae990884a6
Add a validation step in field data to error more quickly vs. allowing panics to happen when we go to get the data and convert it
2015-08-11 12:34:14 -04:00
Caleb Tennis
4da080e769
This adds a new error class which can be used by logical backends to
...
specify more concrete error cases to make their way back up the stack.
Over time there is probably a cleaner way of doing this, but that's
looking like a more massive rewrite and this solves some issues in
the meantime.
Use a CodedError to return a more concrete HTTP return code for
operations you want to do so. Returning a regular error leaves
the existing behavior in place.
2015-08-10 13:27:25 -04:00
Caleb Tennis
7750af7014
Fix a couple of typos
2015-08-09 15:20:06 -04:00
vishalnayak
4409e704b5
Vault Test: Disabling mlock for logical.testing.Test()
2015-07-31 12:23:50 -04:00
Armon Dadgar
c40cf7fcdf
logical/framework: handle nil duration value. Fixes #408
2015-07-08 16:55:52 -06:00
Armon Dadgar
cf82f4d6d6
logical/testing: Allow factory to be provided instead of Backend
2015-06-30 18:08:43 -07:00
Armon Dadgar
4b27e4d8c5
Remove SetLogger, and unify on framework.Setup
2015-06-30 17:45:20 -07:00
Armon Dadgar
541014e315
logical: remove SetLogger method
2015-06-30 17:39:39 -07:00
Armon Dadgar
5d69e7da90
Updating for backend API change
2015-06-30 17:36:12 -07:00
Armon Dadgar
41b72a4d39
vault: provide view to backend initializer for setup
2015-06-30 17:30:43 -07:00
Armon Dadgar
e892d728a2
logical/framework: support Salt in PathMap
2015-06-30 14:28:45 -07:00
Armon Dadgar
6b23b14773
logical/framework: adding a new duration type to convert to seconds
2015-06-17 15:56:26 -07:00
Armon Dadgar
f39b522681
logical/framework: allow the lease max to come from existing lease
2015-06-17 14:24:12 -07:00
Armon Dadgar
cfab07b19f
logical/framework: simplify calculation of lease renew
2015-06-17 14:16:44 -07:00
Armon Dadgar
ae02203624
logical: remove IncrementedLease, simplify ExpirationTime calculation
2015-06-17 13:59:09 -07:00
Armon Dadgar
784f17a0a8
logical: Adding special fields to do raw HTTP
2015-05-27 14:09:47 -07:00
Armon Dadgar
ba7bfed1af
vault: Expose MountPoint to secret backend. Fixes #248
2015-05-27 11:46:42 -07:00
Armon Dadgar
7131f12fee
logical/testing: Fixing revoke in acceptance tests. Fixes #236
2015-05-27 11:19:15 -07:00
Jonathan Sokolowski
d58512b3f8
logical/framework: Fix help text in PathMap
2015-05-15 07:56:32 +10:00
Jonathan Sokolowski
283e8ccacb
logical/framework: Add delete to PathMap
2015-05-14 22:28:33 +10:00
Jonathan Sokolowski
896f9cd4d3
logical/framework: Add delete to PathStruct
2015-05-14 22:25:30 +10:00
Mitchell Hashimoto
5c63b70eea
logical/framework: PathMap is case insensitive by default
2015-05-11 10:27:04 -07:00
Mitchell Hashimoto
4e861f29bc
credential/github: case insensitive mappings
2015-05-11 10:24:39 -07:00
Armon Dadgar
c849aba53a
vault: Adding InternalData to Auth
2015-05-09 11:39:54 -07:00
Armon Dadgar
8ed48191fb
logical/framework: Generate help output even if no synopsis provided
2015-05-07 15:45:43 -07:00
Mitchell Hashimoto
81b12660c5
logical/framework: PathMap allows hyphens in keys [GH-119]
2015-05-02 13:17:42 -07:00
Mitchell Hashimoto
6287513c30
logical/testing: add return after fatal?
2015-04-28 18:46:56 -07:00
Armon Dadgar
c4a92a276d
logical/framework: Supporting list of path map
2015-04-23 21:44:04 -07:00
Armon Dadgar
af4f9196b8
logical: allow specifying ConnState
2015-04-23 16:36:31 -07:00
Mitchell Hashimoto
f7a1b2ced9
credential/app-id: allow restriction by CIDR block [GH-10]
2015-04-17 10:14:39 -07:00
Mitchell Hashimoto
e643b48235
credential/app-id: support associating a name with app ID [GH-9]
2015-04-17 10:01:03 -07:00
Mitchell Hashimoto
cd3fa3be92
logical/framework: more flexible Pathmap and PolicyMap
2015-04-17 09:35:49 -07:00
Mitchell Hashimoto
910bf9c76d
logical/framework: PathStruct
2015-04-17 09:18:21 -07:00
Armon Dadgar
9d2bd2bf29
logical: Adding a DisplayName for operators
2015-04-15 13:56:42 -07:00
Mitchell Hashimoto
463a32ba56
logical/framework: doc for defaultduration on secret
2015-04-13 20:42:06 -07:00
Mitchell Hashimoto
6272ad75dc
logical/framework: secret lease tests
2015-04-13 15:18:27 -07:00
Mitchell Hashimoto
209b275bfd
logical/framework: allow max session time
2015-04-11 16:41:08 -07:00
Mitchell Hashimoto
33d66f0130
vault: token store allows unlimited renew
2015-04-11 16:28:16 -07:00
Mitchell Hashimoto
d81707a222
logical/framework: more tests
2015-04-11 14:51:00 -07:00
Mitchell Hashimoto
a360ca4928
logical/framework: AuthRenew callback, add LeaseExtend
...
/cc @armon - Going with this "standard library" of callbacks approach
to make extending leases in a customizable way easy. See the docs/tests
above.
2015-04-11 14:46:09 -07:00
Mitchell Hashimoto
f996dcf964
logical: add LeaseOptions.IncrementedLease()
2015-04-10 21:35:17 -07:00
Mitchell Hashimoto
7139ad427e
logical: lease tests
2015-04-10 21:29:03 -07:00
Mitchell Hashimoto
992028e23e
vault: the expiration time should be relative to the issue time
2015-04-10 21:21:06 -07:00
Mitchell Hashimoto
2c5ac09b23
logical: note time zone of lease
2015-04-10 20:49:17 -07:00
Armon Dadgar
f7dbb6966b
logical: Adding support for renew of Auth
2015-04-10 13:59:49 -07:00
Armon Dadgar
5a3ab973e6
vault: Simplify common lease logic
2015-04-09 12:29:13 -07:00
Armon Dadgar
4679febdf3
logical: Refactor LeaseOptions to share between Secret and Auth
2015-04-09 12:14:04 -07:00
Armon Dadgar
7df486482b
vault: Adding LeaseIssue for renew to allow limiting maximum lease length
2015-04-09 11:54:32 -07:00
Armon Dadgar
466c7575d3
Replace VaultID with LeaseID for terminology simplification
2015-04-08 13:35:32 -07:00
Mitchell Hashimoto
569991fcc5
credential/app-id
2015-04-04 18:41:49 -07:00
Mitchell Hashimoto
606b3dbff9
credential/github: improve help
2015-04-04 12:18:33 -07:00
Mitchell Hashimoto
7aee6269f7
vault: pass a logger around to logical backends
2015-04-04 11:39:58 -07:00
Mitchell Hashimoto
8dc9e0e0d5
logical/framework: better string values for types
2015-04-03 21:15:59 -07:00
Mitchell Hashimoto
ec9df0439b
logical/aws: help
2015-04-03 21:10:54 -07:00
Mitchell Hashimoto
246c2839b0
logical/framework: make help look nicer
2015-04-03 21:00:23 -07:00
Mitchell Hashimoto
0bbad03c70
logical/framework: support root help
2015-04-03 20:36:47 -07:00
Armon Dadgar
b8d69a357c
vault: Use Auth for lease and renewable
2015-04-03 14:04:50 -07:00
Mitchell Hashimoto
2e3d6d6a0e
command/help
2015-04-02 22:42:05 -07:00
Armon Dadgar
745bcb951d
logical: adding lease to auth
2015-04-02 17:25:22 -07:00
Armon Dadgar
faa759ea1d
logical/framework: Panic if routing pattern is blank
2015-04-01 22:12:03 -07:00
Armon Dadgar
c5a5c6e3a6
logical/framework: automatically anchor
2015-04-01 17:53:02 -07:00
Mitchell Hashimoto
04cf4ef093
logical/framework: add PolicyMap
2015-04-01 15:46:37 -07:00
Mitchell Hashimoto
4e94cf1ace
logical/testing: helper to test auth
2015-04-01 15:46:37 -07:00
Mitchell Hashimoto
906f81b588
logical: GoStringer for Auth
2015-04-01 15:46:37 -07:00
Mitchell Hashimoto
5676373742
logical/testing: support unauthenticated requests
2015-04-01 15:46:37 -07:00
Mitchell Hashimoto
83de0fd03d
logical/framework: PathMap can get missing things
2015-04-01 15:46:37 -07:00
Mitchell Hashimoto
856f1e854a
logical: validation should allow 0 leases
2015-03-31 21:11:23 -07:00
Mitchell Hashimoto
67e4bdf1e4
misc typos
2015-03-31 17:27:04 -07:00
Mitchell Hashimoto
af8a9cd2e5
logical/testing: tokens for acceptance tests
2015-03-31 17:26:31 -07:00
Armon Dadgar
0943c2bf45
logical/framework: Added missing case for TypeMap
2015-03-31 16:45:08 -07:00
Armon Dadgar
cb66c93a34
logical/framework: Adding TypeMap
2015-03-31 16:45:08 -07:00
Mitchell Hashimoto
d4509b0ee3
vault: keep the connection info around for auth
2015-03-30 20:55:01 -07:00
Mitchell Hashimoto
c9acfa17cb
vault: get rid of HangleLogin
2015-03-30 20:26:39 -07:00
Mitchell Hashimoto
65145cf435
logical: add Redirect to response
2015-03-30 17:56:24 -07:00
Mitchell Hashimoto
62ee621ea3
logical: move cred stuff over here
2015-03-30 17:46:18 -07:00
Mitchell Hashimoto
2c3657f4fe
logical: add credential info to logical backend structures
2015-03-30 14:23:32 -07:00
Armon Dadgar
cb563b881c
logical: Special error for permission denied
2015-03-24 11:23:59 -07:00
Armon Dadgar
4598e43140
vault: Adding ClientToken
2015-03-24 11:09:25 -07:00
Mitchell Hashimoto
27d33ad9f7
logical/framework: auto-extend leases if requested
2015-03-21 16:20:30 +01:00
Mitchell Hashimoto
f6d5e3f0f4
logical/testing: immediate rollback, ignore RollbackMinAge
2015-03-21 11:18:33 +01:00
Mitchell Hashimoto
17c58633d6
logical/framework: rollback should return error, easier API
2015-03-21 11:08:13 +01:00
Mitchell Hashimoto
a54d90ac1f
logical/framework: rollback needs to have access to request for storage
2015-03-21 11:03:59 +01:00
Mitchell Hashimoto
62d9bec8be
logical/aws
2015-03-20 19:03:20 +01:00
Mitchell Hashimoto
a0f59f682b
logical/framework: can specify InternalData for secret
2015-03-20 17:59:48 +01:00
Mitchell Hashimoto
d43f395050
logical/testing: rollback/revoke secrets, error dangling secrets
2015-03-20 17:20:55 +01:00
Mitchell Hashimoto
c349e97168
vault: clean up VaultID duplications, make secret responses clearer
...
/cc @armon - This is a reasonably major refactor that I think cleans up
a lot of the logic with secrets in responses. The reason for the
refactor is that while implementing Renew/Revoke in logical/framework I
found the existing API to be really awkward to work with.
Primarily, we needed a way to send down internal data for Vault core to
store since not all the data you need to revoke a key is always sent
down to the user (for example the user than AWS key belongs to).
At first, I was doing this manually in logical/framework with
req.Storage, but this is going to be such a common event that I think
its something core should assist with. Additionally, I think the added
context for secrets will be useful in the future when we have a Vault
API for returning orphaned out keys: we can also return the internal
data that might help an operator.
So this leads me to this refactor. I've removed most of the fields in
`logical.Response` and replaced it with a single `*Secret` pointer. If
this is non-nil, then the response represents a secret. The Secret
struct encapsulates all the lease info and such.
It also has some fields on it that are only populated at _request_ time
for Revoke/Renew operations. There is precedent for this sort of
behavior in the Go stdlib where http.Request/http.Response have fields
that differ based on client/server. I copied this style.
All core unit tests pass. The APIs fail for obvious reasons but I'll fix
that up in the next commit.
2015-03-19 23:11:42 +01:00
Mitchell Hashimoto
8039fc5c63
logical/framework: support renew
2015-03-19 20:20:57 +01:00
Mitchell Hashimoto
d4b284fba4
logical/framework: revoke support
2015-03-19 19:41:41 +01:00
Mitchell Hashimoto
b655a78b78
logical/framework: can specify renew/revoke functins for secret
2015-03-19 15:07:45 +01:00
Mitchell Hashimoto
c7ed24282b
logical/framework: add methods to look up secret and gen response
2015-03-19 14:59:01 +01:00
Mitchell Hashimoto
c21bc26731
logical/framework: use custom request wrapper
2015-03-19 14:39:25 +01:00
Armon Dadgar
21b9bdaf37
vault: Allow passing in credential backends
2015-03-18 15:21:41 -07:00
Mitchell Hashimoto
7d03852f7c
logical/framework: test for minimum age
2015-03-17 20:42:35 -05:00
Mitchell Hashimoto
14a48f6e92
logical/framework: only rollback old enough WAL entries
2015-03-17 20:39:46 -05:00
Mitchell Hashimoto
378968d56e
logical/framework: WAL entry supports "kind"
2015-03-17 20:39:46 -05:00
Mitchell Hashimoto
b8e2272421
logical/framework: rollback support
2015-03-17 20:39:46 -05:00
Mitchell Hashimoto
4016aba7ad
logical/framework: WAL should live here
2015-03-17 20:39:45 -05:00
Mitchell Hashimoto
4e905d2850
logical: WAL methods
2015-03-17 20:39:45 -05:00
Mitchell Hashimoto
c7b9148841
vault: RollbackManager
...
There are some major TODO items here, and it isn't hooked into the core
yet, but the basic functionality is there.
2015-03-17 20:39:45 -05:00
Armon Dadgar
e85cd66b30
all: Removing fields from Lease
2015-03-16 13:29:51 -07:00
Mitchell Hashimoto
9f0d59d03f
vault: system using the framework
2015-03-15 17:35:59 -07:00
Mitchell Hashimoto
5fbe17e8df
logical/testing: acceptance testttttttt
2015-03-15 16:52:19 -07:00
Mitchell Hashimoto
11f8423b4f
logical/framework, logical/testing
2015-03-15 16:39:49 -07:00
Mitchell Hashimoto
d1d1929192
vault: convert to logical.Request and friends
2015-03-15 14:53:41 -07:00
Mitchell Hashimoto
c3ae1b59a1
vault: Passthrough backend uses logical.Backend
2015-03-15 14:27:06 -07:00
Mitchell Hashimoto
63a9eb321a
logical: put structs here, vault uses them
2015-03-15 14:27:06 -07:00
Armon Dadgar
10afebabdd
vault: Moving generic backend into package
2015-03-11 15:50:42 -07:00
Armon Dadgar
51cc19e92f
logical: Adding generic backend
2015-03-05 16:35:09 -08:00