mirrors/vault
1
0
Fork 0
mirror of https://github.com/hashicorp/vault.git synced 2025-08-10 16:47:01 +02:00
Code Issues Projects Releases Wiki Activity
14,920 Commits 2,838 Branches 445 Tags 444 MiB
6f6e901b0a
Commit Graph

179 Commits

Author SHA1 Message Date
Jeff Mitchell
80a242118e Remove too-verbose log 2016-09-04 07:43:54 -04:00
Jeff Mitchell
9f0226eaa3 Pass headers back when request forwarding (#1795) 2016-08-26 17:53:47 -04:00
Jeff Mitchell
68345eb770 Convert to logxi 2016-08-21 18:13:37 -04:00
Jeff Mitchell
edd6379466 Clustering enhancements (#1747) 2016-08-19 11:03:53 -04:00
Jeff Mitchell
645540012f Request forwarding (#1721) 
Add request forwarding.
 2016-08-15 09:42:42 -04:00
Jeff Mitchell
bf63d3a7c0 Add HTTP test for renew and fix muxing 2016-08-08 20:01:08 -04:00
Jeff Mitchell
7f13c4bcff Add ability to specify renew lease ID in POST body. 2016-08-08 18:00:44 -04:00
Jeff Mitchell
6cae013f7d Fix nil panic in certain error conditions 2016-08-02 14:57:11 -04:00
vishalnayak
5b458db104 Merge branch 'master-oss' into json-use-number 
Conflicts:
	http/handler.go
	logical/framework/field_data.go
	logical/framework/wal.go
	vault/logical_passthrough.go
 2016-07-15 19:21:55 -04:00
Jeff Mitchell
58efdcba47 Return a duration instead and port a few other places to use it 2016-07-11 18:19:35 +00:00
vishalnayak
ef97199360 Added JSON Decode and Encode helpers. 
Changed all the occurances of Unmarshal to use the helpers.
Fixed http/ package tests.
 2016-07-06 12:25:40 -04:00
Jeff Mitchell
ebbcc170c8 Fix up error detection regression to return correct status codes 2016-06-22 17:47:05 -04:00
Jeff Mitchell
91053b7471 Add creation time to returned wrapped token info 
This makes it easier to understand the expected lifetime without a
lookup call that uses the single use left on the token.

This also adds a couple of safety checks and for JSON uses int, rather
than int64, for the TTL for the wrapped token.
 2016-06-07 15:00:35 -04:00
Jeff Mitchell
b626bfa725 Address most review feedback. Change responses to multierror to better return more useful values when there are multiple errors 2016-05-16 16:11:33 -04:00
Jeff Mitchell
51af903891 Address some review feedback 2016-05-04 16:03:53 -04:00
Jeff Mitchell
21c0e4ee42 Add wrapping through core and change to use TTL instead of Duration. 2016-05-02 00:47:35 -04:00
Jeff Mitchell
778d000b5f Add: 
* Request/Response field extension
* Parsing of header into request object
* Handling of duration/mount point within router
* Tests of router WrapDuration handling
 2016-05-02 00:24:32 -04:00
Jeff Mitchell
ab93e3aa63 SealInterface 2016-04-04 10:44:22 -04:00
vishalnayak
506c34783a Removed http/sys_capabilties_test.go 2016-03-18 09:48:45 -04:00
vishalnayak
289a2a2661 Add separate path for capabilities-self to enable ACL 2016-03-17 22:52:03 -04:00
vishalnayak
0ac4aa123d Deleted http/sys_capabilities.go since the requests are directly going to system backend 2016-03-17 22:44:48 -04:00
vishalnayak
f97b2e5648 Enable callbacks for handling logical.Request changes before processing requests 2016-03-17 22:29:53 -04:00
vishalnayak
edfba16e95 ErrUserInput --> StatusBadRequest 2016-03-08 21:47:24 -05:00
vishalnayak
9da292932e Implemented /sys/capabilities-accessor and a way for setting HTTP error code in all the responses 2016-03-08 19:14:29 -05:00
vishalnayak
048f3b2fe4 Lay the foundation for returning proper HTTP status codes 2016-03-08 18:27:03 -05:00
vishalnayak
b2f394d779 Added capabilities and capabilities-self endpoints to http muxer 2016-03-04 10:36:03 -05:00
Jeff Mitchell
a520728263 Merge pull request #1146 from hashicorp/step-down 
Provide 'sys/step-down' and 'vault step-down'
 2016-03-03 12:30:08 -05:00
Jeff Mitchell
f88c6c16db Remove proxy function as it's unneeded now 2016-03-02 14:55:51 -05:00
Jeff Mitchell
f85c3f48af Remove sys_policy from special handling as it's implemented in 
logical_system too. Clean up the mux handlers.
 2016-03-02 14:16:54 -05:00
Jeff Mitchell
6b0c692385 Provide 'sys/step-down' and 'vault step-down' 
This endpoint causes the node it's hit to step down from active duty.
It's a noop if the node isn't active or not running in HA mode. The node
will wait one second before attempting to reacquire the lock, to give
other nodes a chance to grab it.

Fixes #1093
 2016-02-26 19:43:55 -05:00
Jeff Mitchell
e9538f1441 RootGeneration->GenerateRoot 2016-01-19 18:28:10 -05:00
Jeff Mitchell
4cc7694a3a Add the ability to generate root tokens via unseal keys. 2016-01-19 18:28:10 -05:00
Jeff Mitchell
336550cb7c Have 'sys/renew' return the value provided in Secret. 
Fixes a regression introduced in 0.3.
 2016-01-07 11:35:09 -05:00
Jeff Mitchell
027c84c62a Add rekey nonce/backup. 2016-01-06 09:54:35 -05:00
Jeff Mitchell
49d525ebf3 Reintroduce the ability to look up obfuscated values in the audit log 
with a new endpoint '/sys/audit-hash', which returns the given input
string hashed with the given audit backend's hash function and salt
(currently, always HMAC-SHA256 and a backend-specific salt).

In the process of adding the HTTP handler, this also removes the custom
HTTP handlers for the other audit endpoints, which were simply
forwarding to the logical system backend. This means that the various
audit functions will now redirect correctly from a standby to master.
(Tests all pass.)

Fixes #784
 2015-11-18 20:26:03 -05:00
Jeff Mitchell
51e948c8fc Implement the cubbyhole backend 
In order to implement this efficiently, I have introduced the concept of
"singleton" backends -- currently, 'sys' and 'cubbyhole'. There isn't
much reason to allow sys to be mounted at multiple places, and there
isn't much reason you'd need multiple per-token storage areas. By
restricting it to just one, I can store that particular mount instead of
iterating through them in order to call the appropriate revoke function.

Additionally, because revocation on the backend needs to be triggered by
the token store, the token store's salt is kept in the router and
client tokens going to the cubbyhole backend are double-salted by the
router. This allows the token store to drive when revocation happens
using its salted tokens.
 2015-09-15 13:50:37 -04:00
Jeff Mitchell
205ef29a59 Fix mount config test by proxying mounts/ in addition to mounts 2015-09-10 15:09:54 -04:00
Jeff Mitchell
bf66a4d15d Remove custom http/sys_auth handler in favor of logical. Unit tests 
pass.
 2015-08-28 13:42:01 -07:00
Jeff Mitchell
ea6cd25d78 Use logical passthrough for renew API calls 2015-08-26 13:22:16 -07:00
Jeff Mitchell
29ef1a2167 If JSON decoding fails, make it clear that the problem is failing to 
parse the JSON, rather than returning the possibly confusing error from
the JSON decoder.

Fixes #553.
 2015-08-26 07:03:33 -07:00
Jeff Mitchell
f1a301922d Remove cookie authentication. 2015-08-21 19:46:23 -07:00
Jeff Mitchell
2920cddc9c Send sys mounting logic directly to logical backend. Unit tests run. 2015-08-20 13:59:57 -07:00
Jeff Mitchell
b81fcab150 Begin factoring out sys paths into logical routes. Also, standardize on 307 as redirect code. 2015-08-20 13:20:35 -07:00
Caleb Tennis
1621f5e405 This adds a new error class which can be used by logical backends to 
specify more concrete error cases to make their way back up the stack.

Over time there is probably a cleaner way of doing this, but that's
looking like a more massive rewrite and this solves some issues in
the meantime.

Use a CodedError to return a more concrete HTTP return code for
operations you want to do so.  Returning a regular error leaves
the existing behavior in place.
 2015-08-10 13:27:25 -04:00
Nate Brown
ed0853ce18 Doing a little better with http response codes 2015-06-19 14:00:48 -07:00
Armon Dadgar
24ed178f44 http: adding rekey handlers 2015-05-28 14:28:50 -07:00
Armon Dadgar
2091907ab1 http: adding key-status and rotate handlers 2015-05-27 18:02:50 -07:00
Ian Unruh
3ca704bdbb HTTP should return 503 when sealed 2015-05-19 00:59:19 -07:00
Mitchell Hashimoto
ec4fcd39eb http: allow header for auth token [GH-124] 2015-05-11 10:56:58 -07:00
Armon Dadgar
19c8557786 Merge pull request #29 from hashicorp/f-health 
Adding sys/health for Consul HTTP health monitoring
 2015-04-23 11:58:58 -07:00
Armon Dadgar
253ebffe78 http: adding sys/health endpoint 2015-04-23 11:53:31 -07:00
Mitchell Hashimoto
1340715a1a http: fix redirect issues with trailing slashes 2015-04-22 07:55:40 +02:00
Armon Dadgar
6be765b6c5 http: Adding sys/leader endpoint 2015-04-20 11:59:24 -07:00
Armon Dadgar
273da85e85 http: pass raw request through 2015-04-19 14:36:50 -07:00
Armon Dadgar
92dadc4dca http: support standby redirects 2015-04-19 13:47:57 -07:00
Mitchell Hashimoto
4ee0222411 http: renew endpoints 2015-04-13 20:42:07 -07:00
Mitchell Hashimoto
b5a6960744 http: handle errors better 2015-04-08 11:19:03 -07:00
Mitchell Hashimoto
23af1d03f1 http: remount 2015-04-07 10:54:58 -07:00
Mitchell Hashimoto
ce9ed56be6 http: help 2015-04-02 22:26:45 -07:00
Mitchell Hashimoto
47d52be3ae http: audit endpoints 2015-04-01 18:36:13 -07:00
Mitchell Hashimoto
d8f9d61453 http: all policy endpoints 2015-04-01 17:59:50 -07:00
Mitchell Hashimoto
9e7ea8a4ef http: list policies 2015-04-01 17:43:58 -07:00
Mitchell Hashimoto
8c707df4bc http: respondCommon to do common responses 2015-03-31 21:29:53 -07:00
Mitchell Hashimoto
fd1d9b1631 http: detect errors in logical and return them properly 2015-03-31 21:24:20 -07:00
Mitchell Hashimoto
2e80156641 http: auth handlers 2015-03-31 20:24:51 -07:00
Mitchell Hashimoto
f87089bcab http: revoke-prefix 2015-03-31 19:23:32 -07:00
Mitchell Hashimoto
ea234d9cbf command/revoke: revoke 2015-03-31 19:21:02 -07:00
Mitchell Hashimoto
f874268550 http: handle redirects and set auth cookies 2015-03-30 21:06:15 -07:00
Mitchell Hashimoto
983db25262 http: remove /sys/login 2015-03-30 20:28:52 -07:00
Mitchell Hashimoto
ea3057d950 http: start implementing /sys/login (incomplete) 2015-03-30 12:21:06 -07:00
Mitchell Hashimoto
06e06cde9c http: support auth 2015-03-29 16:14:54 -07:00
Mitchell Hashimoto
fe4fe231f8 http: fix mount endpoints 2015-03-16 10:51:13 -07:00
Mitchell Hashimoto
3f85dcba10 http: /v1/sys/mount DELETE 2015-03-16 10:41:08 -07:00
Mitchell Hashimoto
920938a862 http: /v1/sys/mount endpoint 2015-03-16 10:36:43 -07:00
Mitchell Hashimoto
c32a825568 http: /sys/mounts 2015-03-15 21:18:25 -07:00
Mitchell Hashimoto
05d37bf9f1 http: generic read/write endpoint for secrets 2015-03-15 19:35:04 -07:00
Mitchell Hashimoto
637b939113 http: init endpoints 2015-03-12 12:37:54 -07:00
Mitchell Hashimoto
549631a896 http: prefix with v1 2015-03-12 10:47:31 -07:00
Mitchell Hashimoto
59ce4265de http: start the API server 2015-03-11 23:05:16 -07:00