mirrors/vault
1
0
Fork 0
mirror of https://github.com/hashicorp/vault.git synced 2025-08-14 18:47:01 +02:00
Code Issues Projects Releases Wiki Activity
10,305 Commits 2,844 Branches 445 Tags 448 MiB
9be1128201
Commit Graph

437 Commits

Author SHA1 Message Date
Jeff Mitchell
839b804e43 Some minor rekey backup fixes 2016-01-08 14:09:40 -05:00
Jeff Mitchell
027c84c62a Add rekey nonce/backup. 2016-01-06 09:54:35 -05:00
Nicki Watt
05c9e5b5ad Make token-lookup functionality available via Vault CLI 2015-12-29 20:18:59 +00:00
Nicki Watt
9db5180803 Corrected HTTP Method for api.TokenAuth.LookupSelf() method 2015-12-28 00:05:15 +00:00
Jeff Mitchell
b38394e456 Use cleanhttp.DefaultTransport rather than instantiating directly to avoid leaked FDs 2015-12-17 15:23:13 -05:00
Jeff Mitchell
583882efdc Update documentation to be consistent with return codes 
Fixes #831
 2015-12-10 10:26:40 -05:00
Jeff Mitchell
49d525ebf3 Reintroduce the ability to look up obfuscated values in the audit log 
with a new endpoint '/sys/audit-hash', which returns the given input
string hashed with the given audit backend's hash function and salt
(currently, always HMAC-SHA256 and a backend-specific salt).

In the process of adding the HTTP handler, this also removes the custom
HTTP handlers for the other audit endpoints, which were simply
forwarding to the logical system backend. This means that the various
audit functions will now redirect correctly from a standby to master.
(Tests all pass.)

Fixes #784
 2015-11-18 20:26:03 -05:00
Jeff Mitchell
f600e3ac29 Add no-default-policy flag and API parameter to allow exclusion of the 
default policy from a token create command.
 2015-11-09 17:30:50 -05:00
Jeff Mitchell
673c6d726a Move environment variable reading logic to API. 
This allows the same environment variables to be read, parsed, and used
from any API client as was previously handled in the CLI. The CLI now
uses the API environment variable reading capability, then overrides any
values from command line flags, if necessary.

Fixes #618
 2015-11-04 10:28:00 -05:00
Jeff Mitchell
b11cb5d964 Implement LookupSelf, RevokeSelf, and RenewSelf in the API client 
Fixes #739
 2015-10-30 17:27:33 -04:00
Jeff Mitchell
d7f528a768 Add reset support to the unseal command. 
Reset clears the provided unseal keys, allowing the process to be begun
again. Includes documentation and unit test changes.

Fixes #695
 2015-10-28 15:59:39 -04:00
Jeff Mitchell
5c0a16b16a Use cleanhttp instead of bare http.Client 2015-10-22 14:37:12 -04:00
Jeff Mitchell
0dbbef1ac0 Don't use http.DefaultClient 
This strips out http.DefaultClient everywhere I could immediately find
it. Too many things use it and then modify it in incompatible ways.

Fixes #700, I believe.
 2015-10-15 17:54:00 -04:00
Jeff Mitchell
27029d9744 Support and use TTL instead of lease for token creation 2015-10-09 19:52:13 -04:00
Jeff Mitchell
c9c8398352 Add 301 redirect checking to the API client. 
Vault doesn't generate these, but in some cases Go's internal HTTP
handler does. For instance, during a mount-tune command, finishing the
mount path with / (as in secret/) would cause the final URL path to
contain .../mounts/secret//tune. The double slash would trigger this
behavior in Go's handler and generate a 301. Since Vault generates 307s,
this would cause the client to think that everything was okay when in
fact nothing had happened.
 2015-10-09 17:11:31 -04:00
Dejan Golja
71615a172c Increase default timeout to 30s which should allow for any operation 
to complete.
 2015-10-09 00:53:35 +11:00
Dejan Golja
4ee297408f added a sensible default timeout for the vault client 2015-10-08 18:44:00 +11:00
Jeff Mitchell
c8af19e9dc Add unit tests 2015-10-07 20:17:06 -04:00
Jeff Mitchell
fd2c0f033e Add the ability for warnings to be added to responses. These are 
marshalled into JSON or displayed from the CLI depending on the output
mode. This allows conferring information such as "no such policy exists"
when creating a token -- not an error, but something the user should be
aware of.

Fixes #676
 2015-10-07 16:18:39 -04:00
Alexey Grachov
923d07b6bf Fix some lint warnings. 2015-09-29 10:35:16 +03:00
Jeff Mitchell
70ce824267 Switch per-mount values to strings going in and seconds coming out, like other commands. Indicate deprecation of 'lease' in the token backend. 2015-09-25 10:41:21 -04:00
Jeff Mitchell
1247459ae1 Ensure that the response body of logical calls is closed, even if there is an error. 2015-09-14 18:22:33 -04:00
Jeff Mitchell
b9a5a137c0 Address items from feedback. Make MountConfig use values rather than 
pointers and change how config is read to compensate.
 2015-09-10 15:09:54 -04:00
Jeff Mitchell
dd8ac00daa Rejig how dynamic values are represented in system view and location of some functions in various packages; create mount-tune command and API analogues; update documentation 2015-09-10 15:09:54 -04:00
Jeff Mitchell
aadf039368 Add DynamicSystemView. This uses a pointer to a pointer to always have 
up-to-date information. This allows remount to be implemented with the
same source and dest, allowing mount options to be changed on the fly.
If/when Vault gains the ability to HUP its configuration, this should
just work for the global values as well.

Need specific unit tests for this functionality.
 2015-09-10 15:09:54 -04:00
Jeff Mitchell
dffcf0548e Plumb per-mount config options through API 2015-09-10 15:09:53 -04:00
Jeff Mitchell
81505f5f97 Rather than use http.DefaultClient, which is simply &http.Client{}, 
create our own. This avoids some potential client race conditions when
they are setting values on the Vault API client while the default client
is being used elsewhere in other goroutines, as was seen in
consul-template.
 2015-09-03 13:47:20 -04:00
Jeff Mitchell
4d6ebab007 Change variable name for clarity 2015-09-03 13:38:24 -04:00
Jeff Mitchell
1a2c44d805 Remove redirect handling code that was never being executed (redirects are manually handled within RawRequest). Add a sync.Once to fix a potential data race with setting the CheckRedirect function on the default http.Client 2015-09-03 13:34:45 -04:00
Jeff Mitchell
566aba71b7 Merge pull request #587 from hashicorp/sethvargo/auth_token_tests 
Add test coverage for auth tokens
 2015-09-03 11:26:14 -04:00
Seth Vargo
8df186fd37 Add test coverage for auth tokens 2015-09-03 10:57:17 -04:00
Seth Vargo
f0b3ad6a2a Update documentation around cookies 2015-09-03 10:36:59 -04:00
Mike Sample
02ac5e1ec6 corrected two typos 2015-08-27 00:05:19 -07:00
Jeff Mitchell
4d877dc4eb Address comments from review. 2015-08-25 15:33:58 -07:00
Jeff Mitchell
e133536b79 Add support for pgp-keys argument to rekey, as well as tests, plus 
refactor common bits out of init.
 2015-08-25 14:52:13 -07:00
Jeff Mitchell
d2023234b9 Add support for "pgp-tokens" parameters to init. 
There are thorough unit tests that read the returned
encrypted tokens, seal the vault, and unseal it
again to ensure all works as expected.
 2015-08-25 14:52:13 -07:00
Jeff Mitchell
f1a301922d Remove cookie authentication. 2015-08-21 19:46:23 -07:00
vishalnayak
440b11c279 Vault SSH: Adding the missed out config file 2015-08-20 11:30:21 -07:00
vishalnayak
d6c5031169 Vault SSH: TLS client creation test 2015-08-18 19:00:27 -07:00
vishalnayak
d63726b41b Vault SSH: Documentation update and minor refactoring changes. 2015-08-17 18:22:03 -07:00
vishalnayak
d1b75e9d28 Vault SSH: Default lease of 5 min for SSH secrets 2015-08-12 17:10:35 -07:00
vishalnayak
f74a0c9bfa Vault SSH: Exposed verify request/response messges to agent 2015-08-12 13:22:48 -07:00
vishalnayak
c008a8d796 Vault SSH: Moved agent's client creation code to Vault's source 2015-08-12 13:09:32 -07:00
vishalnayak
f2e4867555 Vault SSH: Moved SSH agent config to Vault's source 2015-08-12 12:52:21 -07:00
vishalnayak
67b705565e Vault SSH: Added SSHAgent API 2015-08-12 10:48:58 -07:00
vishalnayak
f21c64e874 Vault SSH: Renamed path with mountPoint 2015-08-12 10:30:50 -07:00
vishalnayak
6b86811503 Vault SSH: Fixed constructor of SSH api 2015-08-12 09:56:17 -07:00
vishalnayak
2ac3cabf87 Merging changes from master 2015-08-12 09:28:16 -07:00
Seth Vargo
83bc2692f9 Remove Sys.Login (unused) 2015-08-11 13:04:11 -04:00
vishalnayak
9aa02ad560 Vault SSH: Review Rework 2015-07-29 14:21:36 -04:00
Vishal Nayak
0a4854e542 Vault SSH: Dynamic Key test case fix 2015-07-24 12:13:26 -04:00
Vishal Nayak
3a1eaf1869 Vault SSH: Support OTP key type from CLI 2015-07-23 17:20:28 -04:00
Vishal Nayak
c564f643a4 Merge branch 'master' of https://github.com/hashicorp/vault into vishalvault 2015-07-17 17:22:17 -04:00
Armon Dadgar
3d216c34d0 api: fixing 404 handling of GetPolicy 2015-07-13 19:20:00 +10:00
Vishal Nayak
820e503321 Merge branch 'master' of https://github.com/hashicorp/vault into vishalvault 2015-07-10 16:18:08 -06:00
Jeff Mitchell
4d8b88ef34 Fix nil dereference reading policies with a failing connection (for instance, bad cert) 2015-07-10 14:22:33 -04:00
Vishal Nayak
0a59e84cef Vault SSH: Revoking key after SSH session from CLI 2015-07-06 11:05:02 -04:00
Vishal Nayak
fbaea45101 Vault SSH: PR review rework 2015-07-02 17:23:09 -04:00
Vishal Nayak
13ab7fc40b Vault SSH: PR review rework - 1 2015-07-01 11:58:49 -04:00
Vishal Nayak
756be6976d Refactoring changes 2015-06-29 22:00:08 -04:00
Vishal Nayak
7dbad8386c ssh/lookup implementation and refactoring 2015-06-25 21:47:32 -04:00
Vishal Nayak
4b07eba487 POC: Rework. Doing away with policy file. 2015-06-24 18:13:12 -04:00
Vishal Nayak
fa83fe89f0 Received OTK in SSH client. Forked SSH process from CLI. Added utility file for SSH. 2015-06-17 20:33:03 -04:00
Vishal Nayak
fb866f9059 Added: Ssh CLI command and API, config lease impl, sshConnect path to backend, http handler for Ssh connect 2015-06-17 12:39:49 -04:00
Jeff Mitchell
6f5f247b28 The docs say that if HttpClient is nil, http.DefaultClient will be used. However, the code doesn't do this, resulting in a nil dereference. 2015-06-04 14:01:10 -04:00
boncheff
89a75bac51 Update SPEC.md 2015-06-02 14:51:43 +01:00
Armon Dadgar
a7ebd51391 api: Support the rekey endpoints 2015-05-28 14:37:20 -07:00
Armon Dadgar
0d22532537 api: Adding Rotate and KeyStatus 2015-05-27 18:05:23 -07:00
Seth Vargo
f0520916d6 Improve error message when TLS is disabled 
Fixes #198
 2015-05-14 10:33:38 -04:00
Mitchell Hashimoto
4f2b244d72 api: human friendly error for TLS [GH-123] 2015-05-02 13:08:35 -07:00
Seth Vargo
5ee6b5edfa Use lowercase JSON keys for client_token 2015-04-24 12:00:00 -04:00
Seth Vargo
6a104b22db Remove api dependency on http package 2015-04-23 19:58:44 -04:00
Seth Vargo
25962851ba Use VAULT_ADDR instead 2015-04-23 11:46:22 -04:00
Seth Vargo
b3cc97d71f Add docs 2015-04-23 11:45:37 -04:00
Seth Vargo
aa94080ad8 Read environment variables for VAULT_HTTP_ADDR and VAULT_TOKEN 2015-04-23 11:43:20 -04:00
Seth Vargo
d19aa41b21 Use a pointer config instead 2015-04-23 11:13:52 -04:00
Armon Dadgar
3fd6a7f12a api: Support sys/leader endpoint 2015-04-20 12:04:13 -07:00
Armon Dadgar
462ff7f374 api: Support redirect for HA 2015-04-20 11:30:35 -07:00
Armon Dadgar
0454e1f48e api: Allow reseting of request body 2015-04-20 10:44:51 -07:00
Mitchell Hashimoto
6e9a966e77 command/token-create: add display name and one time use 2015-04-19 18:08:08 -07:00
Mitchell Hashimoto
be5d8d0a29 command/token-renew 2015-04-19 18:04:01 -07:00
Mitchell Hashimoto
42743eb109 command/policy-delete 2015-04-19 16:36:11 -07:00
Mitchell Hashimoto
96f7d05e4b api: update docs 2015-04-13 20:42:07 -07:00
Mitchell Hashimoto
4faf951f03 command/renew 2015-04-13 20:42:07 -07:00
Armon Dadgar
9f577b39b4 Replace VaultID with LeaseID for terminology simplification 2015-04-08 13:35:32 -07:00
Mitchell Hashimoto
7a54437355 command/delete 2015-04-07 11:15:20 -07:00
Mitchell Hashimoto
23a8cdc92a api: Logical delete 2015-04-07 11:04:56 -07:00
Mitchell Hashimoto
6c6480dc4f command/remount 2015-04-07 10:46:47 -07:00
Mitchell Hashimoto
e4f0563dd4 credential/github: CLI handler 2015-04-06 09:53:43 -07:00
Mitchell Hashimoto
935101ed86 api: make API a bit nicer 2015-04-04 17:54:16 -07:00
Mitchell Hashimoto
3111c2396e api: client library methods to get tokens 2015-04-04 17:53:59 -07:00
Mitchell Hashimoto
a9bd83b4ef http: fix tests 2015-04-04 17:42:19 -07:00
Mitchell Hashimoto
7ac32b5da5 api: add auth information to results 2015-04-04 15:40:41 -07:00
Mitchell Hashimoto
8e39a1e7d8 command/help 2015-04-02 22:42:05 -07:00
Mitchell Hashimoto
3ad31ea6e2 api: help 2015-04-02 22:26:45 -07:00
Mitchell Hashimoto
ce9ed56be6 http: help 2015-04-02 22:26:45 -07:00
Mitchell Hashimoto
933e790ad0 api: audit methods 2015-04-01 18:38:25 -07:00
Mitchell Hashimoto
a8390aa2db api: SPEC 2015-04-01 18:16:31 -07:00
Mitchell Hashimoto
4cf15d5195 api: policy methods 2015-04-01 17:59:50 -07:00
Mitchell Hashimoto
d8f9d61453 http: all policy endpoints 2015-04-01 17:59:50 -07:00
Mitchell Hashimoto
9e7ea8a4ef http: list policies 2015-04-01 17:43:58 -07:00
Mitchell Hashimoto
1e6bc65763 command/auth-enable 2015-04-01 17:09:11 -07:00
Mitchell Hashimoto
a7f4f636ec api: fix compile 2015-03-31 20:29:20 -07:00
Mitchell Hashimoto
772fa8dbf0 api: fix auth API 2015-03-31 20:28:05 -07:00
Mitchell Hashimoto
2e80156641 http: auth handlers 2015-03-31 20:24:51 -07:00
Mitchell Hashimoto
56dd1dbea0 api: RevokePrefix 2015-03-31 19:23:52 -07:00
Mitchell Hashimoto
ea234d9cbf command/revoke: revoke 2015-03-31 19:21:02 -07:00
Mitchell Hashimoto
edde6ed160 command/seal: test should use the token 2015-03-31 11:46:55 -07:00
Mitchell Hashimoto
9784fc18f2 api: SetToken 2015-03-30 21:20:23 -07:00
Mitchell Hashimoto
5a4eb13750 api: update the SPEC 2015-03-30 12:22:34 -07:00
Mitchell Hashimoto
f547b717a7 api: re-use proper token constant 2015-03-30 11:14:51 -07:00
Mitchell Hashimoto
b89ac8e3c5 command/init: show root token 2015-03-29 16:25:53 -07:00
Mitchell Hashimoto
06e06cde9c http: support auth 2015-03-29 16:14:54 -07:00
Armon Dadgar
e69df0e947 all: Removing fields from Lease 2015-03-16 13:29:51 -07:00
Mitchell Hashimoto
fe4fe231f8 http: fix mount endpoints 2015-03-16 10:51:13 -07:00
Mitchell Hashimoto
8093f94c65 command/write 2015-03-15 20:35:33 -07:00
Mitchell Hashimoto
fb32e64f74 api: logical Read/Write 2015-03-15 19:47:32 -07:00
Mitchell Hashimoto
05d37bf9f1 http: generic read/write endpoint for secrets 2015-03-15 19:35:04 -07:00
Mitchell Hashimoto
722a3875cf api: use /v1 prefix 2015-03-13 12:53:08 -07:00
Mitchell Hashimoto
cee2928616 api: add init 2015-03-12 12:42:40 -07:00
Mitchell Hashimoto
637b939113 http: init endpoints 2015-03-12 12:37:54 -07:00
Mitchell Hashimoto
019f9ae5b9 api: update mount API 2015-03-11 22:34:54 -07:00
Mitchell Hashimoto
aa0f561723 api: lease renew should parse the secret 2015-03-11 19:48:32 -05:00
Mitchell Hashimoto
440b537c77 api: secret parsing and leasing 2015-03-11 19:48:31 -05:00
Mitchell Hashimoto
c15ba2f71d api: mount API client 2015-03-11 19:48:31 -05:00
Mitchell Hashimoto
78ef15d413 api: store token cookie, tests 2015-03-11 17:46:42 -05:00
Mitchell Hashimoto
7c8f723c57 api: separate sys out further 2015-03-11 17:46:41 -05:00
Mitchell Hashimoto
8894987d0b api: document jar requirement 2015-03-11 17:46:41 -05:00
Mitchell Hashimoto
a32e3a3ca1 api: auth methods 2015-03-11 17:46:41 -05:00
Mitchell Hashimoto
6f48a19c44 api: automatically get errors in RawRequest 2015-03-11 17:46:41 -05:00
Mitchell Hashimoto
ca13e2501e api: Response can decode errors 2015-03-11 17:46:41 -05:00
Mitchell Hashimoto
f0c804e42a api: sys methods 2015-03-11 17:46:41 -05:00
Mitchell Hashimoto
da6210d3c1 api: start the groundwork API stuff 2015-03-09 11:38:50 -07:00
Mitchell Hashimoto
36b7b84ec4 api: update spec 2015-03-04 15:41:21 -08:00
Mitchell Hashimoto
c24137e914 api: SPEC 2015-03-04 15:03:06 -08:00
Mitchell Hashimoto
c2cecb713e api: update SPEC 2015-03-04 13:17:12 -08:00
Mitchell Hashimoto
cbf2d74670 api: spec 2015-03-04 13:10:10 -08:00