mirrors/vault
1
0
Fork 0
mirror of https://github.com/hashicorp/vault.git synced 2025-08-09 08:07:01 +02:00
Code Issues Projects Releases Wiki Activity
14,920 Commits 2,838 Branches 445 Tags 444 MiB
6f6e901b0a
Commit Graph

114 Commits

Author SHA1 Message Date
Jeff Mitchell
0dd5a2a6ba JWT wrapping tokens (#2172) 2017-01-04 16:44:03 -05:00
Vishal Nayak
8f30b4751e Add 'no-store' response header from all the API outlets (#2183) 2016-12-15 17:53:07 -05:00
Thomas Soëte
ebe1cf8081 Use 'http.MaxBytesReader' to limit request size (#2131) 
Fix 'connection reset by peer' error introduced by 300b72e
 2016-12-01 10:59:00 -08:00
Armon Dadgar
f0c59deeb7 http: limit maximum request size 2016-11-17 12:06:43 -08:00
Vishal Nayak
9a60bf2a50 Audit the client token accessors (#2037) 2016-10-29 17:01:49 -04:00
Jeff Mitchell
fd2223b5ea Audit unwrapped response (#1950) 2016-09-29 12:03:47 -07:00
Jeff Mitchell
60deff1bad Wrapping enhancements (#1927) 2016-09-28 21:01:28 -07:00
Jeff Mitchell
bba2ea63f1 Don't use time.Time in responses. (#1912) 
This fixes #1911 but not directly; it doesn't address the cause of the
panic. However, it turns out that this is the correct fix anyways,
because it ensures that the value being logged is RFC3339 format, which
is what the time turns into in JSON but not the normal time string
value, so what we audit log (and HMAC) matches what we are returning.
 2016-09-23 12:32:07 -04:00
Jeff Mitchell
75f792b27e Add response wrapping to list operations (#1814) 2016-09-02 01:13:14 -04:00
Jeff Mitchell
8b18117edb Initial dataonly work. 2016-08-08 11:55:24 -04:00
Laura Bennett
7ae4e1e0da uncomment 2016-07-26 16:44:50 -04:00
Laura Bennett
00c30676c1 fixing id in buildLogicalRequest 2016-07-26 15:50:37 -04:00
Laura Bennett
bcb2f3e962 fixes based proper interpretation of comments 2016-07-26 12:20:27 -04:00
Laura Bennett
f73a6c13cf moving id to http/logical 2016-07-25 15:24:10 -04:00
Jeff Mitchell
47dc1ccd25 Add token accessor to wrap information if one exists 2016-06-13 23:58:17 +00:00
Jeff Mitchell
91053b7471 Add creation time to returned wrapped token info 
This makes it easier to understand the expected lifetime without a
lookup call that uses the single use left on the token.

This also adds a couple of safety checks and for JSON uses int, rather
than int64, for the TTL for the wrapped token.
 2016-06-07 15:00:35 -04:00
Jeff Mitchell
fa08f1f0fe Enable audit-logging of seal and step-down commands. 
This pulls the logical request building code into its own function so
that it's accessible from other HTTP handlers, then uses that with some
added logic to the Seal() and StepDown() commands to have meaningful
audit log entries.
 2016-05-20 17:03:54 +00:00
Jeff Mitchell
1b5e97df42 Fix missing return after respondError in handleLogical 2016-05-20 15:49:48 +00:00
Jeff Mitchell
205ba863ea Add cubbyhole wrapping documentation 2016-05-19 13:33:51 -04:00
Jeff Mitchell
e36f66000e Make WrapInfo a pointer to match secret/auth in response 2016-05-07 19:17:51 -04:00
Jeff Mitchell
a110f6cae6 Merge branch 'master-oss' into cubbyhole-the-world 2016-05-04 14:42:14 -04:00
Jeff Mitchell
491c721a01 Check nil keys and respond internal error if it can't be cast to a []string 2016-05-02 20:00:46 -04:00
Jeff Mitchell
289fd548ca In a list response, if there are no keys, 404 to be consistent with GET 
and with different backend conditions

Fixes #1365
 2016-05-02 19:38:06 -04:00
Jeff Mitchell
21c0e4ee42 Add wrapping through core and change to use TTL instead of Duration. 2016-05-02 00:47:35 -04:00
Jeff Mitchell
778d000b5f Add: 
* Request/Response field extension
* Parsing of header into request object
* Handling of duration/mount point within router
* Tests of router WrapDuration handling
 2016-05-02 00:24:32 -04:00
vishalnayak
9504a12d40 Rename PrepareRequest to PrepareRequestFunc 2016-03-18 10:37:49 -04:00
vishalnayak
f97b2e5648 Enable callbacks for handling logical.Request changes before processing requests 2016-03-17 22:29:53 -04:00
vishalnayak
2a35de81dc AccessorID --> Accessor, accessor_id --> accessor 2016-03-09 06:23:31 -05:00
vishalnayak
38a5d75caa Introduced AccessorID in TokenEntry and returning it along with token 2016-03-08 14:06:10 -05:00
Jeff Mitchell
9eaef0a2a1 Update documentation and use ParseBool for list query param checking 2016-01-22 10:07:32 -05:00
Jeff Mitchell
f8e569ae0a Address some review feedback 2016-01-22 10:07:32 -05:00
Jeff Mitchell
2613343c3d Updates and documentation 2016-01-22 10:07:32 -05:00
Jeff Mitchell
fdc7e717ee Add handling of LIST verb to logical router 2016-01-22 10:07:32 -05:00
Jeff Mitchell
f3ef23318d Create more granular ACL capabilities. 
This commit splits ACL policies into more fine-grained capabilities.
This both drastically simplifies the checking code and makes it possible
to support needed workflows that are not possible with the previous
method. It is backwards compatible; policies containing a "policy"
string are simply converted to a set of capabilities matching previous
behavior.

Fixes #724 (and others).
 2016-01-08 13:05:14 -05:00
Jeff Mitchell
45e32756ea WriteOperation -> UpdateOperation 2016-01-08 13:03:03 -05:00
Jeff Mitchell
9126ddb4de Rename GetWarnings->Warnings for responses 2015-10-07 16:18:39 -04:00
Jeff Mitchell
fd2c0f033e Add the ability for warnings to be added to responses. These are 
marshalled into JSON or displayed from the CLI depending on the output
mode. This allows conferring information such as "no such policy exists"
when creating a token -- not an error, but something the user should be
aware of.

Fixes #676
 2015-10-07 16:18:39 -04:00
Jeff Mitchell
f1a301922d Remove cookie authentication. 2015-08-21 19:46:23 -07:00
Jeff Mitchell
97112665e8 Internally refactor Lease/LeaseGracePeriod into TTL/GracePeriod 2015-08-20 18:00:51 -07:00
Jeff Mitchell
b81fcab150 Begin factoring out sys paths into logical routes. Also, standardize on 307 as redirect code. 2015-08-20 13:20:35 -07:00
Armon Dadgar
1a085c1c89 vault: cleanups for the audit log changes 2015-06-29 15:27:28 -07:00
Nate Brown
314eea7ff0 Adding error and remote_address to audit log lines 2015-06-18 17:17:18 -07:00
Armon Dadgar
aa548cf901 http: support raw HTTP output 2015-05-27 14:10:00 -07:00
Jonathan Sokolowski
c022d109dd http: Extract IP from RemoteAddr correctly 2015-05-20 15:23:41 +10:00
Armon Dadgar
7240a3e62c http: avoid authenticating as new token for auth/token/create 2015-04-27 15:17:59 -07:00
Seth Vargo
5ee6b5edfa Use lowercase JSON keys for client_token 2015-04-24 12:00:00 -04:00
Armon Dadgar
273da85e85 http: pass raw request through 2015-04-19 14:36:50 -07:00
Armon Dadgar
92dadc4dca http: support standby redirects 2015-04-19 13:47:57 -07:00
Mitchell Hashimoto
4ee0222411 http: renew endpoints 2015-04-13 20:42:07 -07:00
Armon Dadgar
9f577b39b4 Replace VaultID with LeaseID for terminology simplification 2015-04-08 13:35:32 -07:00
Mitchell Hashimoto
b5a6960744 http: handle errors better 2015-04-08 11:19:03 -07:00
Mitchell Hashimoto
160aeccb03 command/token-revoke 2015-04-07 14:36:17 -07:00
Mitchell Hashimoto
706e914ebf command/token-create 2015-04-07 14:20:18 -07:00
Mitchell Hashimoto
33afc05aaa http: make POST to WriteOperation 2015-04-07 14:00:09 -07:00
Mitchell Hashimoto
95c9fabbe2 http: logical delete support 2015-04-07 11:04:06 -07:00
Mitchell Hashimoto
7ac32b5da5 api: add auth information to results 2015-04-04 15:40:41 -07:00
Mitchell Hashimoto
8c707df4bc http: respondCommon to do common responses 2015-03-31 21:29:53 -07:00
Mitchell Hashimoto
fd1d9b1631 http: detect errors in logical and return them properly 2015-03-31 21:24:20 -07:00
Mitchell Hashimoto
f874268550 http: handle redirects and set auth cookies 2015-03-30 21:06:15 -07:00
Mitchell Hashimoto
06e06cde9c http: support auth 2015-03-29 16:14:54 -07:00
Mitchell Hashimoto
2c7343854f http: passing tests 2015-03-19 23:28:49 +01:00
Armon Dadgar
e69df0e947 all: Removing fields from Lease 2015-03-16 13:29:51 -07:00
Mitchell Hashimoto
dba2b5d315 http: 404 if reading secret that doesn't exist 2015-03-15 19:42:24 -07:00
Mitchell Hashimoto
05d37bf9f1 http: generic read/write endpoint for secrets 2015-03-15 19:35:04 -07:00