luxolus/open-vault
2
0
Fork 0
Code Issues 1 Pull requests Releases Activity
open-vault/vault
History
Calvin Leung Huang dd7520459e
Token revocation refactor (#4512) 
* Hand off lease expiration to expiration manager via timers

* Use sync.Map as the cache to track token deletion state

* Add CreateOrFetchRevocationLeaseByToken to hand off token revocation to exp manager

* Update revoke and revoke-self handlers

* Fix tests

* revokeSalted: Move token entry deletion into the deferred func

* Fix test race

* Add blocking lease revocation test

* Remove test log

* Add HandlerFunc on NoopBackend, adjust locks, and add test

* Add sleep to allow for revocations to settle

* Various updates

* Rename some functions and variables to be more clear
* Change step-down and seal to use expmgr for revoke functionality like
during request handling
* Attempt to WAL the token as being invalid as soon as possible so that
further usage will fail even if revocation does not fully complete

* Address feedback

* Return invalid lease on negative TTL

* Revert "Return invalid lease on negative TTL"

This reverts commit a39597ecdc23cf7fc69fe003eef9f10d533551d8.

* Extend sleep on tests
2018-05-10 15:50:02 -04:00
..
acl.go Spelling (#4119) 2018-03-20 14:54:10 -04:00
acl_test.go Spelling (#4119) 2018-03-20 14:54:10 -04:00
audit.go Defer setting views read/write until the end of postUnseal (#4392) 2018-04-19 13:29:43 -04:00
audit_broker.go Errwrap everywhere (#4252) 2018-04-05 11:49:21 -04:00
audit_test.go Move to "github.com/hashicorp/go-hclog" (#4227) 2018-04-02 17:46:59 -07:00
audited_headers.go Errwrap everywhere (#4252) 2018-04-05 11:49:21 -04:00
audited_headers_test.go
auth.go Defer setting views read/write until the end of postUnseal (#4392) 2018-04-19 13:29:43 -04:00
auth_test.go Port some ent mount changes (#4330) 2018-04-11 14:32:55 -04:00
barrier.go Spelling (#4119) 2018-03-20 14:54:10 -04:00
barrier_access.go
barrier_aes_gcm.go Clean up error string formatting (#4304) 2018-04-09 14:35:21 -04:00
barrier_aes_gcm_test.go Move to "github.com/hashicorp/go-hclog" (#4227) 2018-04-02 17:46:59 -07:00
barrier_test.go
barrier_view.go Fix race condition caught by detector in barrier view (#4261) 2018-04-03 21:39:11 -04:00
barrier_view_test.go
capabilities.go Kv preflight (#4430) 2018-04-23 15:00:02 -07:00
capabilities_test.go
cluster.go Errwrap everywhere (#4252) 2018-04-05 11:49:21 -04:00
cluster_test.go Move to "github.com/hashicorp/go-hclog" (#4227) 2018-04-02 17:46:59 -07:00
core.go Token revocation refactor (#4512) 2018-05-10 15:50:02 -04:00
core_test.go Kv preflight (#4430) 2018-04-23 15:00:02 -07:00
cors.go Kv preflight (#4430) 2018-04-23 15:00:02 -07:00
dynamic_system_view.go Core handling of TTLs (#4230) 2018-04-03 12:20:20 -04:00
expiration.go Token revocation refactor (#4512) 2018-05-10 15:50:02 -04:00
expiration_integ_test.go
expiration_test.go Token revocation refactor (#4512) 2018-05-10 15:50:02 -04:00
generate_root.go Token revocation refactor (#4512) 2018-05-10 15:50:02 -04:00
generate_root_test.go
identity_lookup.go Spelling (#4119) 2018-03-20 14:54:10 -04:00
identity_lookup_test.go
identity_store.go disable identity for local mounts (#4407) 2018-04-23 13:46:14 -04:00
identity_store_aliases.go disable identity for local mounts (#4407) 2018-04-23 13:46:14 -04:00
identity_store_aliases_ext_test.go disable identity for local mounts (#4407) 2018-04-23 13:46:14 -04:00
identity_store_aliases_test.go port missed items from identity store to oss (#4242) 2018-04-02 22:17:33 -04:00
identity_store_entities.go Add ability to disable an entity (#4353) 2018-04-13 21:49:40 -04:00
identity_store_entities_ext_test.go Use permission denied for entity disabling 2018-04-23 16:50:04 -04:00
identity_store_entities_test.go port missed items from identity store to oss (#4242) 2018-04-02 22:17:33 -04:00
identity_store_group_aliases.go disable identity for local mounts (#4407) 2018-04-23 13:46:14 -04:00
identity_store_group_aliases_ext_test.go disable identity for local mounts (#4407) 2018-04-23 13:46:14 -04:00
identity_store_group_aliases_test.go Update group alias by ID (#4237) 2018-04-02 10:42:01 -04:00
identity_store_groups.go Add missing entries in path-help (#4370) 2018-04-17 13:54:04 -04:00
identity_store_groups_ext_test.go external identity groups across mounts (#4365) 2018-04-17 12:01:43 -04:00
identity_store_groups_test.go
identity_store_schema.go
identity_store_structs.go port missed items from identity store to oss (#4242) 2018-04-02 22:17:33 -04:00
identity_store_test.go
identity_store_upgrade.go
identity_store_util.go Add identity store nil checks 2018-04-24 23:10:22 -04:00
init.go Errwrap everywhere (#4252) 2018-04-05 11:49:21 -04:00
init_test.go Move to "github.com/hashicorp/go-hclog" (#4227) 2018-04-02 17:46:59 -07:00
keyring.go Errwrap everywhere (#4252) 2018-04-05 11:49:21 -04:00
keyring_test.go Spelling (#4119) 2018-03-20 14:54:10 -04:00
logical_cubbyhole.go Errwrap everywhere (#4252) 2018-04-05 11:49:21 -04:00
logical_cubbyhole_test.go
logical_passthrough.go Errwrap everywhere (#4252) 2018-04-05 11:49:21 -04:00
logical_passthrough_test.go
logical_system.go Token revocation refactor (#4512) 2018-05-10 15:50:02 -04:00
logical_system_helpers.go Port some ent mount changes (#4330) 2018-04-11 14:32:55 -04:00
logical_system_integ_test.go Resultant acl (#4386) 2018-04-20 14:19:04 -04:00
logical_system_test.go Rename up path to internal/ui/mounts/<path> (#4435) 2018-04-23 18:16:10 -04:00
mount.go Defer setting views read/write until the end of postUnseal (#4392) 2018-04-19 13:29:43 -04:00
mount_test.go Port some ent mount changes (#4330) 2018-04-11 14:32:55 -04:00
plugin_catalog.go Errwrap everywhere (#4252) 2018-04-05 11:49:21 -04:00
plugin_catalog_test.go Spelling (#4119) 2018-03-20 14:54:10 -04:00
plugin_reload.go Errwrap everywhere (#4252) 2018-04-05 11:49:21 -04:00
policy.go Errwrap everywhere (#4252) 2018-04-05 11:49:21 -04:00
policy_store.go Resultant acl (#4386) 2018-04-20 14:19:04 -04:00
policy_store_test.go Fix output-related tests (#4288) 2018-04-05 20:43:29 -04:00
policy_test.go Fix output-related tests (#4288) 2018-04-05 20:43:29 -04:00
rekey.go Errwrap everywhere (#4252) 2018-04-05 11:49:21 -04:00
rekey_test.go Move to "github.com/hashicorp/go-hclog" (#4227) 2018-04-02 17:46:59 -07:00
request_forwarding.go Move to "github.com/hashicorp/go-hclog" (#4227) 2018-04-02 17:46:59 -07:00
request_forwarding_service.pb.go Revert "proto changes (#4503)" (#4504) 2018-05-03 15:38:53 -04:00
request_forwarding_service.proto
request_handling.go Token revocation refactor (#4512) 2018-05-10 15:50:02 -04:00
request_handling_test.go
rollback.go Move to "github.com/hashicorp/go-hclog" (#4227) 2018-04-02 17:46:59 -07:00
rollback_test.go Move to "github.com/hashicorp/go-hclog" (#4227) 2018-04-02 17:46:59 -07:00
router.go Kv preflight (#4430) 2018-04-23 15:00:02 -07:00
router_access.go
router_ext_test.go Remove old workaround for a rollback error (#4206) 2018-03-27 16:34:06 -04:00
router_test.go Token revocation refactor (#4512) 2018-05-10 15:50:02 -04:00
seal.go Errwrap everywhere (#4252) 2018-04-05 11:49:21 -04:00
seal_access.go
seal_test.go
seal_testing.go
sealunwrapper.go Errwrap everywhere (#4252) 2018-04-05 11:49:21 -04:00
sealunwrapper_test.go Move to "github.com/hashicorp/go-hclog" (#4227) 2018-04-02 17:46:59 -07:00
testing.go Clean up error string formatting (#4304) 2018-04-09 14:35:21 -04:00
token_store.go Token revocation refactor (#4512) 2018-05-10 15:50:02 -04:00
token_store_ext_test.go Add the ability to restrict token usage by IP. Add to token roles. (#4412) 2018-04-21 10:49:16 -04:00
token_store_test.go Token revocation refactor (#4512) 2018-05-10 15:50:02 -04:00
ui.go adds ability to override default CSP with warning (#395) 2018-04-03 09:34:14 -05:00
ui_test.go Fix compilation and tests failures (#4254) 2018-04-03 14:07:43 -04:00
util.go
util_test.go
wrapping.go Token revocation refactor (#4512) 2018-05-10 15:50:02 -04:00