mirrors/vault
1
0
Fork 0
mirror of https://github.com/hashicorp/vault.git synced 2025-12-01 23:51:45 +01:00
Code Issues Projects Releases Wiki Activity
14,920 Commits 2,851 Branches 460 Tags
Commit Graph

105 Commits

Author SHA1 Message Date
Jeff Mitchell
8482118ac6 Transit and audit enhancements 2016-09-21 10:49:26 -04:00
Laura Bennett
ce6bc51c23 Merge pull request #1650 from hashicorp/request-uuid 
Added unique identifier to each request. Closes hashicorp/vault#1617
 2016-07-27 09:40:48 -04:00
Laura Bennett
bcb2f3e962 fixes based proper interpretation of comments 2016-07-26 12:20:27 -04:00
Jeff Mitchell
5be8189e72 Use RFC3339Nano for better precision 2016-07-25 14:11:57 -04:00
vishalnayak
5b458db104 Merge branch 'master-oss' into json-use-number 
Conflicts:
	http/handler.go
	logical/framework/field_data.go
	logical/framework/wal.go
	vault/logical_passthrough.go
 2016-07-15 19:21:55 -04:00
vishalnayak
9f208ae8f2 Revert 'risky' changes 2016-07-12 16:38:07 -04:00
vishalnayak
f59a69bc52 Remove Unix() invocations on 'time.Time' objects and removed conversion of time to UTC 2016-07-08 18:30:18 -04:00
vishalnayak
ef97199360 Added JSON Decode and Encode helpers. 
Changed all the occurances of Unmarshal to use the helpers.
Fixed http/ package tests.
 2016-07-06 12:25:40 -04:00
Jeff Mitchell
47dc1ccd25 Add token accessor to wrap information if one exists 2016-06-13 23:58:17 +00:00
Jeff Mitchell
8dffc64388 Use time.Time which does RFC3339 across the wire to handle time zones. Arguably we should change the API to always do this... 2016-06-07 16:01:09 -04:00
Jeff Mitchell
91053b7471 Add creation time to returned wrapped token info 
This makes it easier to understand the expected lifetime without a
lookup call that uses the single use left on the token.

This also adds a couple of safety checks and for JSON uses int, rather
than int64, for the TTL for the wrapped token.
 2016-06-07 15:00:35 -04:00
Jeff Mitchell
53afa06beb Merge branch 'master-oss' into cubbyhole-the-world 2016-05-16 12:14:40 -04:00
Sean Chittenden
339c0a4127
Speling police 2016-05-15 09:58:36 -07:00
Jeff Mitchell
fd67b15bb0 Add more tests 2016-05-07 21:08:13 -04:00
Jeff Mitchell
8672b61bef Implement WrapInfo audit logging 2016-05-07 20:03:56 -04:00
Jeff Mitchell
fdde9e1697 Audit wrap info 2016-05-07 19:19:19 -04:00
Jeff Mitchell
28c1498151 Add DisplayName to request audit object in response audit object 2016-05-07 18:57:38 -04:00
vishalnayak
65bef4014d Remove redundant variables 2016-03-11 21:36:38 -05:00
vishalnayak
ac0639d5bc Added hash_accessor option to audit backends 2016-03-11 19:28:06 -05:00
vishalnayak
c75cb1678d Enable printing of accessor in audit logs 2016-03-09 16:18:36 -05:00
Jeff Mitchell
a9b8148310 Add unit test for audit change 2016-01-26 12:47:04 -05:00
Jeff Mitchell
7876b8b7fe Use reflect.Value.String() rather than a type assertion. 
Fixes a panic in hashstructure/auditing that can occur with custom
string types.

Fixes #973
 2016-01-26 12:32:50 -05:00
Jeff Mitchell
f3ef23318d Create more granular ACL capabilities. 
This commit splits ACL policies into more fine-grained capabilities.
This both drastically simplifies the checking code and makes it possible
to support needed workflows that are not possible with the previous
method. It is backwards compatible; policies containing a "policy"
string are simply converted to a set of capabilities matching previous
behavior.

Fixes #724 (and others).
 2016-01-08 13:05:14 -05:00
Jeff Mitchell
45e32756ea WriteOperation -> UpdateOperation 2016-01-08 13:03:03 -05:00
Jeff Mitchell
49d525ebf3 Reintroduce the ability to look up obfuscated values in the audit log 
with a new endpoint '/sys/audit-hash', which returns the given input
string hashed with the given audit backend's hash function and salt
(currently, always HMAC-SHA256 and a backend-specific salt).

In the process of adding the HTTP handler, this also removes the custom
HTTP handlers for the other audit endpoints, which were simply
forwarding to the logical system backend. This means that the various
audit functions will now redirect correctly from a standby to master.
(Tests all pass.)

Fixes #784
 2015-11-18 20:26:03 -05:00
Jeff Mitchell
1cd129015f Write HMAC-SHA256'd client token to audited requests 
Fixes #713
 2015-10-29 13:26:18 -04:00
Jeff Mitchell
743e7f99b6 Use hmac-sha256 for protecting secrets in audit entries 2015-09-19 11:29:31 -04:00
Jeff Mitchell
1a22cb0b12 Expand HMAC support in Salt; require an identifier be passed in to specify type but allow generation with and without. Add a StaticSalt ID for testing functions. Fix bugs; unit tests pass. 2015-09-18 17:38:30 -04:00
Jeff Mitchell
a4ca14cfbc Add HMAC capability to salt. Pass a salt into audit backends. Require it for audit.Hash. 2015-09-18 17:38:22 -04:00
Jeff Mitchell
e7f2a54720 Rejig Lease terminology internally; also, put a few JSON names back to their original values 2015-08-20 22:27:01 -07:00
Jeff Mitchell
97112665e8 Internally refactor Lease/LeaseGracePeriod into TTL/GracePeriod 2015-08-20 18:00:51 -07:00
Erik Kristensen
f3a02a8d13 update tests 2015-08-05 08:44:48 -06:00
Erik Kristensen
79dcffd4ac add a time field to the log entries 2015-08-05 07:47:39 -06:00
Armon Dadgar
1a085c1c89 vault: cleanups for the audit log changes 2015-06-29 15:27:28 -07:00
Armon Dadgar
01dc26bdeb Fixing merge conflict 2015-06-29 15:19:04 -07:00
Mitchell Hashimoto
943d914fec audit: some tests 2015-06-19 03:31:19 -07:00
Nate Brown
f5ebc5cc3b Fixing tests 2015-06-18 20:14:20 -07:00
Nate Brown
55e37392ad Actually not logging auth in the response if nil 2015-06-18 19:48:00 -07:00
Nate Brown
71a738ad7d Logging authentication errors and bad token usage 2015-06-18 18:30:18 -07:00
Nate Brown
314eea7ff0 Adding error and remote_address to audit log lines 2015-06-18 17:17:18 -07:00
Mitchell Hashimoto
7015882b5c audit: add display name to auth [GH-176] 2015-05-11 10:40:32 -07:00
Armon Dadgar
139a8db461 audit: Guard against a few nil pointer cases 2015-04-27 15:56:40 -07:00
Mitchell Hashimoto
4b942e9ccd audit: add more tests for copying 2015-04-27 15:54:14 -07:00
Armon Dadgar
a76cd4c58d audit: Document that arguments must not be modified 2015-04-27 14:24:11 -07:00
Mitchell Hashimoto
d2f85569d4 audit: docs 2015-04-22 07:42:37 +02:00
Mitchell Hashimoto
ccaad36388 audit: separate hashing from formatting to facilitate raw 2015-04-22 07:41:53 +02:00
Mitchell Hashimoto
628d6e4e7a audit: hash all the req/resp structures 2015-04-21 16:20:31 +01:00
Mitchell Hashimoto
7860e95a93 audit: fix failing test 2015-04-21 16:15:04 +01:00
Mitchell Hashimoto
2598dd6441 audit: sanity sha1 test 2015-04-21 16:14:26 +01:00
Mitchell Hashimoto
99036f9e5b audit: add SHA1 hash callback 2015-04-21 16:13:06 +01:00