open-vault/vault
Vishal Nayak 0d077d7945
Recovery Mode (#7559)
* Initial work

* rework

* s/dr/recovery

* Add sys/raw support to recovery mode (#7577)

* Factor the raw paths out so they can be run with a SystemBackend.

# Conflicts:
#	vault/logical_system.go

* Add handleLogicalRecovery which is like handleLogical but is only
sufficient for use with the sys-raw endpoint in recovery mode.  No
authentication is done yet.

* Integrate with recovery-mode.  We now handle unauthenticated sys/raw
requests, albeit on path v1/raw instead v1/sys/raw.

* Use sys/raw instead raw during recovery.

* Don't bother persisting the recovery token.  Authenticate sys/raw
requests with it.

* RecoveryMode: Support generate-root for autounseals (#7591)

* Recovery: Abstract config creation and log settings

* Recovery mode integration test. (#7600)

* Recovery: Touch up (#7607)

* Recovery: Touch up

* revert the raw backend creation changes

* Added recovery operation token prefix

* Move RawBackend to its own file

* Update API path and hit it using CLI flag on generate-root

* Fix a panic triggered when handling a request that yields a nil response. (#7618)

* Improve integ test to actually make changes while in recovery mode and
verify they're still there after coming back in regular mode.

* Refuse to allow a second recovery token to be generated.

* Resize raft cluster to size 1 and start as leader (#7626)

* RecoveryMode: Setup raft cluster post unseal (#7635)

* Setup raft cluster post unseal in recovery mode

* Remove marking as unsealed as its not needed

* Address review comments

* Accept only one seal config in recovery mode as there is no scope for migration
2019-10-15 00:55:31 -04:00
..
cluster Add a missing lock to cluster handler 2019-07-09 03:46:08 -04:00
external_tests Recovery Mode (#7559) 2019-10-15 00:55:31 -04:00
replication Create sdk/ and api/ submodules (#6583) 2019-04-12 17:54:35 -04:00
seal core: re-encrypt barrier and recovery keys if the unseal key is updated (#7493) 2019-10-03 16:40:18 -04:00
acl.go Check nil parameter value when processing an ACL. 2019-04-26 15:57:00 -07:00
acl_test.go Check nil parameter value when processing an ACL. 2019-04-26 15:57:00 -07:00
acl_util.go Create sdk/ and api/ submodules (#6583) 2019-04-12 17:54:35 -04:00
audit.go Allow plugins to submit audit requests/responses via extended SystemView (#6777) 2019-05-22 18:52:53 -04:00
audit_broker.go Allow plugins to submit audit requests/responses via extended SystemView (#6777) 2019-05-22 18:52:53 -04:00
audit_test.go audit: log invalid wrapping token request/response (#6541) 2019-07-05 14:15:14 -07:00
audited_headers.go Create sdk/ and api/ submodules (#6583) 2019-04-12 17:54:35 -04:00
audited_headers_test.go Create sdk/ and api/ submodules (#6583) 2019-04-12 17:54:35 -04:00
auth.go Bind entry to initalize locally 2019-07-05 18:37:10 -07:00
auth_test.go AWS upgrade role entries (#7025) 2019-07-05 16:55:40 -07:00
barrier.go Create sdk/ and api/ submodules (#6583) 2019-04-12 17:54:35 -04:00
barrier_access.go Fix compile 2018-01-19 05:31:55 -05:00
barrier_aes_gcm.go Cache whether we've been initialized to reduce load on storage (#7549) 2019-10-08 17:52:38 -04:00
barrier_aes_gcm_test.go Clear the Barrier AEAD cache on keyring reload (#6870) 2019-06-12 08:56:16 -07:00
barrier_test.go Create sdk/ and api/ submodules (#6583) 2019-04-12 17:54:35 -04:00
barrier_view.go Create sdk/ and api/ submodules (#6583) 2019-04-12 17:54:35 -04:00
barrier_view_test.go Create sdk/ and api/ submodules (#6583) 2019-04-12 17:54:35 -04:00
barrier_view_util.go The big one (#5346) 2018-09-17 23:03:00 -04:00
capabilities.go Create sdk/ and api/ submodules (#6583) 2019-04-12 17:54:35 -04:00
capabilities_test.go Create sdk/ and api/ submodules (#6583) 2019-04-12 17:54:35 -04:00
cluster.go http: add handleLogicalNoForward handler for local-only requests (#7482) 2019-09-16 17:50:28 -07:00
cluster_test.go Make clusterListener an atomic.Value to avoid races with getGRPCDialer. (#7408) 2019-09-03 11:59:56 -04:00
core.go Recovery Mode (#7559) 2019-10-15 00:55:31 -04:00
core_test.go audit: log invalid wrapping token request/response (#6541) 2019-07-05 14:15:14 -07:00
core_util.go add counters for active service tokens, and identity entities (#7541) 2019-10-08 13:58:19 -04:00
cors.go Create sdk/ and api/ submodules (#6583) 2019-04-12 17:54:35 -04:00
counters.go add counters for active service tokens, and identity entities (#7541) 2019-10-08 13:58:19 -04:00
counters_test.go add counters for active service tokens, and identity entities (#7541) 2019-10-08 13:58:19 -04:00
dynamic_system_view.go Move SudoPrivilege out of SystemView (#7266) 2019-08-26 10:23:46 -04:00
expiration.go Return a useful error on attempts to renew a token via sys/leases/renew (#7298) 2019-10-02 10:55:20 -04:00
expiration_integ_test.go Create sdk/ and api/ submodules (#6583) 2019-04-12 17:54:35 -04:00
expiration_test.go Switch to go modules (#6585) 2019-04-13 03:44:06 -04:00
expiration_util.go Create sdk/ and api/ submodules (#6583) 2019-04-12 17:54:35 -04:00
generate_root.go Recovery Mode (#7559) 2019-10-15 00:55:31 -04:00
generate_root_recovery.go Recovery Mode (#7559) 2019-10-15 00:55:31 -04:00
generate_root_test.go Update to api 1.0.1 and sdk 0.1.8 2019-04-15 14:10:07 -04:00
ha.go core: Don't shutdown if key upgrades fail due to canceled context (#7070) 2019-07-05 14:19:15 -07:00
identity_lookup.go Switch to go modules (#6585) 2019-04-13 03:44:06 -04:00
identity_lookup_test.go Create sdk/ and api/ submodules (#6583) 2019-04-12 17:54:35 -04:00
identity_store.go Fix identity case sensitivity loading in secondary cluster (#7327) 2019-09-30 10:27:25 -04:00
identity_store_aliases.go Prevent entity alias creation when entity is in different NS than mount (#943) (#6886) 2019-06-14 12:53:00 -04:00
identity_store_aliases_test.go Prevent entity alias creation when entity is in different NS than mount (#943) (#6886) 2019-06-14 12:53:00 -04:00
identity_store_entities.go Change regexes for reading entity/group names (#7055) 2019-07-03 08:56:01 -04:00
identity_store_entities_test.go Storage packer V1 updates (#6531) 2019-05-07 15:29:51 -04:00
identity_store_group_aliases.go Update group alias handling to better protect against namespace differences 2019-06-18 16:43:30 -04:00
identity_store_group_aliases_test.go Update group alias handling to better protect against namespace differences 2019-06-18 16:43:30 -04:00
identity_store_groups.go Remove 512 entity limit for groups (#7317) 2019-08-14 13:47:11 -04:00
identity_store_groups_test.go Fix some tests 2019-06-17 17:02:34 -04:00
identity_store_oidc.go Add response_types_supported to OIDC configuration (#7533) 2019-10-02 08:59:57 -07:00
identity_store_oidc_test.go also flush nilNamespace when a namespace is flushed in the identity/oidc backend (#7203) 2019-07-26 19:53:40 -07:00
identity_store_oidc_util.go Remove unneeded context parameter (#7057) 2019-07-03 07:12:46 -07:00
identity_store_schema.go Storage packer V1 updates (#6531) 2019-05-07 15:29:51 -04:00
identity_store_structs.go Fix identity case sensitivity loading in secondary cluster (#7327) 2019-09-30 10:27:25 -04:00
identity_store_test.go Storage packer V1 updates (#6531) 2019-05-07 15:29:51 -04:00
identity_store_upgrade.go Prevent entity alias creation when entity is in different NS than mount (#943) (#6886) 2019-06-14 12:53:00 -04:00
identity_store_util.go add counters for active service tokens, and identity entities (#7541) 2019-10-08 13:58:19 -04:00
init.go Recovery Mode (#7559) 2019-10-15 00:55:31 -04:00
init_test.go Create sdk/ and api/ submodules (#6583) 2019-04-12 17:54:35 -04:00
keyring.go Create sdk/ and api/ submodules (#6583) 2019-04-12 17:54:35 -04:00
keyring_test.go Spelling (#4119) 2018-03-20 14:54:10 -04:00
logical_cubbyhole.go Switch to go modules (#6585) 2019-04-13 03:44:06 -04:00
logical_cubbyhole_test.go Create sdk/ and api/ submodules (#6583) 2019-04-12 17:54:35 -04:00
logical_passthrough.go Switch to go modules (#6585) 2019-04-13 03:44:06 -04:00
logical_passthrough_test.go Create sdk/ and api/ submodules (#6583) 2019-04-12 17:54:35 -04:00
logical_raw.go Recovery Mode (#7559) 2019-10-15 00:55:31 -04:00
logical_system.go Recovery Mode (#7559) 2019-10-15 00:55:31 -04:00
logical_system_helpers.go Switch to go modules (#6585) 2019-04-13 03:44:06 -04:00
logical_system_integ_test.go Add maximum amount of random entropy requested (#7144) 2019-07-24 18:22:23 -07:00
logical_system_paths.go add counters for active service tokens, and identity entities (#7541) 2019-10-08 13:58:19 -04:00
logical_system_pprof.go sys/pprof: fix pprof index description (#7564) 2019-10-03 17:02:41 -07:00
logical_system_raft.go OSS portions of raft non-voters (#7634) 2019-10-11 11:56:59 -07:00
logical_system_test.go Add maximum amount of random entropy requested (#7144) 2019-07-24 18:22:23 -07:00
mount.go Move SudoPrivilege out of SystemView (#7266) 2019-08-26 10:23:46 -04:00
mount_test.go AWS upgrade role entries (#7025) 2019-07-05 16:55:40 -07:00
mount_util.go Add new license callback init step for logical backends. (#6887) 2019-06-17 14:11:35 -04:00
namespaces.go The big one (#5346) 2018-09-17 23:03:00 -04:00
plugin_catalog.go Typo (#7586) 2019-10-07 08:08:18 -07:00
plugin_catalog_test.go Create sdk/ and api/ submodules (#6583) 2019-04-12 17:54:35 -04:00
plugin_reload.go Sync plugin reload file 2019-04-23 10:22:56 -04:00
policy.go Add OIDC token generation to Identity (#6900) 2019-06-21 10:23:39 -07:00
policy_store.go Add maximum amount of random entropy requested (#7144) 2019-07-24 18:22:23 -07:00
policy_store_test.go Switch to go modules (#6585) 2019-04-13 03:44:06 -04:00
policy_store_util.go Create sdk/ and api/ submodules (#6583) 2019-04-12 17:54:35 -04:00
policy_test.go Fix hasMountPath for segment wildcard mounts; introduce priority order (#6532) 2019-04-10 17:46:17 -04:00
policy_util.go The big one (#5346) 2018-09-17 23:03:00 -04:00
raft.go OSS portions of raft non-voters (#7634) 2019-10-11 11:56:59 -07:00
rekey.go Raft Storage Backend (#6888) 2019-06-20 12:14:58 -07:00
rekey_test.go Create sdk/ and api/ submodules (#6583) 2019-04-12 17:54:35 -04:00
request_forwarding.go Make clusterListener an atomic.Value to avoid races with getGRPCDialer. (#7408) 2019-09-03 11:59:56 -04:00
request_forwarding_rpc.go Fixed a bunch of typos (#7146) 2019-07-18 21:10:15 -04:00
request_forwarding_rpc_util.go The big one (#5346) 2018-09-17 23:03:00 -04:00
request_forwarding_service.pb.go Rerun proto gen as some got gen'd with old proto version (#7090) 2019-07-09 01:02:20 +02:00
request_forwarding_service.proto Raft Storage Backend (#6888) 2019-06-20 12:14:58 -07:00
request_handling.go Recovery Mode (#7559) 2019-10-15 00:55:31 -04:00
request_handling_test.go Create sdk/ and api/ submodules (#6583) 2019-04-12 17:54:35 -04:00
request_handling_util.go Fix various read only storage errors 2019-07-05 18:13:49 -04:00
rollback.go Fixed a bunch of typos (#7146) 2019-07-18 21:10:15 -04:00
rollback_test.go Switch to go modules (#6585) 2019-04-13 03:44:06 -04:00
router.go Fix batch token test (#7047) 2019-07-02 22:16:43 -04:00
router_access.go The big one (#5346) 2018-09-17 23:03:00 -04:00
router_test.go Fix a deadlock if a panic happens during request handling (#6920) 2019-06-19 09:40:57 -04:00
router_testing.go AWS upgrade role entries (#7025) 2019-07-05 16:55:40 -07:00
seal.go Raft Storage Backend (#6888) 2019-06-20 12:14:58 -07:00
seal_access.go Send initialized information via sys/seal-status (#5424) 2018-09-27 14:03:37 -07:00
seal_autoseal.go core: re-encrypt barrier and recovery keys if the unseal key is updated (#7493) 2019-10-03 16:40:18 -04:00
seal_autoseal_test.go core: re-encrypt barrier and recovery keys if the unseal key is updated (#7493) 2019-10-03 16:40:18 -04:00
seal_test.go Raft Storage Backend (#6888) 2019-06-20 12:14:58 -07:00
seal_testing.go Raft Storage Backend (#6888) 2019-06-20 12:14:58 -07:00
seal_testing_util.go Fix test 2019-06-23 23:05:51 -04:00
sealunwrapper.go Create sdk/ and api/ submodules (#6583) 2019-04-12 17:54:35 -04:00
sealunwrapper_test.go Create sdk/ and api/ submodules (#6583) 2019-04-12 17:54:35 -04:00
testing.go Recovery Mode (#7559) 2019-10-15 00:55:31 -04:00
testing_util.go Fix leader info repopulation (#6167) 2019-02-05 21:01:18 -05:00
token_store.go Move SudoPrivilege out of SystemView (#7266) 2019-08-26 10:23:46 -04:00
token_store_test.go Fix token_store_test.go (#7490) 2019-09-18 14:18:08 -07:00
token_store_util.go The big one (#5346) 2018-09-17 23:03:00 -04:00
ui.go UI - raft config and snapshotting (#7410) 2019-10-14 13:23:29 -05:00
ui_test.go Create sdk/ and api/ submodules (#6583) 2019-04-12 17:54:35 -04:00
util.go
util_test.go
wrapping.go Fix nil pointer panic in wrapping validation (#7077) 2019-07-05 22:31:03 -04:00
wrapping_util.go Create sdk/ and api/ submodules (#6583) 2019-04-12 17:54:35 -04:00