mirrors/vault
1
0
Fork 0
mirror of https://github.com/hashicorp/vault.git synced 2025-08-14 18:47:01 +02:00
Code Issues Projects Releases Wiki Activity
7,543 Commits 2,844 Branches 445 Tags 448 MiB
29551c0b1b
Commit Graph

20 Commits

Author SHA1 Message Date
Calvin Leung Huang
01eecf9d1a
Non-HMAC audit values (#4033) 
* Add non-hmac request keys

* Update comment

* Initial audit request keys implementation

* Add audit_non_hmac_response_keys

* Move where req.NonHMACKeys gets set

* Minor refactor

* Add params to auth tune endpoints

* Sync cache on loadCredentials

* Explicitly unset req.NonHMACKeys

* Do not error if entry is nil

* Add tests

* docs: Add params to api sections

* Refactor audit.Backend and Formatter interfaces, update audit broker methods

* Add audit_broker.go

* Fix method call params in audit backends

* Remove fields from logical.Request and logical.Response, pass keys via LogInput

* Use data.GetOk to allow unsetting existing values

* Remove debug lines

* Add test for unsetting values

* Address review feedback

* Initialize values in FormatRequest and FormatResponse using input values

* Update docs

* Use strutil.StrListContains

* Use strutil.StrListContains
 2018-03-02 12:18:39 -05:00
Jeff Mitchell
c77196cea2
Port over bits (#3575) 2017-11-13 15:31:32 -05:00
Jeff Mitchell
a829b125e1 Don't hash time.Time values in return data maps, they may be useful for reconciling values and are not generally secret 2017-05-08 14:19:42 -04:00
Mitchell Hashimoto
4dc061e923 audit: hash time.Time values in map fields (#2689) 
This enables audit.Hash to hash time.Time values that may exist as
direct fields in the map. This will error (instead of panic) for any
time.Time values that don't occur within map values. For example, this
does not support a time.Time within a slice. If that needs to be
supported then modifications will need to be made.

This also requires an update to reflectwalk (included in this PR). This
is a minimal change that allows SkipEntry to signal to skip an entire
struct. We do this because we don't want to walk any of time.Time since
we handle it directly.
 2017-05-08 14:06:08 -04:00
Brian Kassouf
4cda9ea3fe Update the ResponseWrapData function to return a wrapping.ResponseWrapInfo object 2017-04-24 12:15:01 -07:00
Jeff Mitchell
0dd5a2a6ba JWT wrapping tokens (#2172) 2017-01-04 16:44:03 -05:00
Vishal Nayak
9a60bf2a50 Audit the client token accessors (#2037) 2016-10-29 17:01:49 -04:00
Jeff Mitchell
47dc1ccd25 Add token accessor to wrap information if one exists 2016-06-13 23:58:17 +00:00
Jeff Mitchell
8672b61bef Implement WrapInfo audit logging 2016-05-07 20:03:56 -04:00
vishalnayak
65bef4014d Remove redundant variables 2016-03-11 21:36:38 -05:00
vishalnayak
ac0639d5bc Added hash_accessor option to audit backends 2016-03-11 19:28:06 -05:00
Jeff Mitchell
7876b8b7fe Use reflect.Value.String() rather than a type assertion. 
Fixes a panic in hashstructure/auditing that can occur with custom
string types.

Fixes #973
 2016-01-26 12:32:50 -05:00
Jeff Mitchell
49d525ebf3 Reintroduce the ability to look up obfuscated values in the audit log 
with a new endpoint '/sys/audit-hash', which returns the given input
string hashed with the given audit backend's hash function and salt
(currently, always HMAC-SHA256 and a backend-specific salt).

In the process of adding the HTTP handler, this also removes the custom
HTTP handlers for the other audit endpoints, which were simply
forwarding to the logical system backend. This means that the various
audit functions will now redirect correctly from a standby to master.
(Tests all pass.)

Fixes #784
 2015-11-18 20:26:03 -05:00
Jeff Mitchell
1cd129015f Write HMAC-SHA256'd client token to audited requests 
Fixes #713
 2015-10-29 13:26:18 -04:00
Jeff Mitchell
1a22cb0b12 Expand HMAC support in Salt; require an identifier be passed in to specify type but allow generation with and without. Add a StaticSalt ID for testing functions. Fix bugs; unit tests pass. 2015-09-18 17:38:30 -04:00
Jeff Mitchell
a4ca14cfbc Add HMAC capability to salt. Pass a salt into audit backends. Require it for audit.Hash. 2015-09-18 17:38:22 -04:00
Armon Dadgar
139a8db461 audit: Guard against a few nil pointer cases 2015-04-27 15:56:40 -07:00
Mitchell Hashimoto
ccaad36388 audit: separate hashing from formatting to facilitate raw 2015-04-22 07:41:53 +02:00
Mitchell Hashimoto
99036f9e5b audit: add SHA1 hash callback 2015-04-21 16:13:06 +01:00
Mitchell Hashimoto
3f301d7995 audit: add hashstructure 2015-04-21 16:02:03 +01:00