mirrors/vault
1
0
Fork 0
mirror of https://github.com/hashicorp/vault.git synced 2025-09-03 21:11:10 +02:00
Code Issues Projects Releases Wiki Activity
10,305 Commits 2,840 Branches 446 Tags
Commit Graph

90 Commits

Author SHA1 Message Date
Jeff Mitchell
fdde9e1697 Audit wrap info 2016-05-07 19:19:19 -04:00
Jeff Mitchell
28c1498151 Add DisplayName to request audit object in response audit object 2016-05-07 18:57:38 -04:00
vishalnayak
65bef4014d Remove redundant variables 2016-03-11 21:36:38 -05:00
vishalnayak
ac0639d5bc Added hash_accessor option to audit backends 2016-03-11 19:28:06 -05:00
vishalnayak
c75cb1678d Enable printing of accessor in audit logs 2016-03-09 16:18:36 -05:00
Jeff Mitchell
a9b8148310 Add unit test for audit change 2016-01-26 12:47:04 -05:00
Jeff Mitchell
7876b8b7fe Use reflect.Value.String() rather than a type assertion. 
Fixes a panic in hashstructure/auditing that can occur with custom
string types.

Fixes #973
 2016-01-26 12:32:50 -05:00
Jeff Mitchell
f3ef23318d Create more granular ACL capabilities. 
This commit splits ACL policies into more fine-grained capabilities.
This both drastically simplifies the checking code and makes it possible
to support needed workflows that are not possible with the previous
method. It is backwards compatible; policies containing a "policy"
string are simply converted to a set of capabilities matching previous
behavior.

Fixes #724 (and others).
 2016-01-08 13:05:14 -05:00
Jeff Mitchell
45e32756ea WriteOperation -> UpdateOperation 2016-01-08 13:03:03 -05:00
Jeff Mitchell
49d525ebf3 Reintroduce the ability to look up obfuscated values in the audit log 
with a new endpoint '/sys/audit-hash', which returns the given input
string hashed with the given audit backend's hash function and salt
(currently, always HMAC-SHA256 and a backend-specific salt).

In the process of adding the HTTP handler, this also removes the custom
HTTP handlers for the other audit endpoints, which were simply
forwarding to the logical system backend. This means that the various
audit functions will now redirect correctly from a standby to master.
(Tests all pass.)

Fixes #784
 2015-11-18 20:26:03 -05:00
Jeff Mitchell
1cd129015f Write HMAC-SHA256'd client token to audited requests 
Fixes #713
 2015-10-29 13:26:18 -04:00
Jeff Mitchell
743e7f99b6 Use hmac-sha256 for protecting secrets in audit entries 2015-09-19 11:29:31 -04:00
Jeff Mitchell
1a22cb0b12 Expand HMAC support in Salt; require an identifier be passed in to specify type but allow generation with and without. Add a StaticSalt ID for testing functions. Fix bugs; unit tests pass. 2015-09-18 17:38:30 -04:00
Jeff Mitchell
a4ca14cfbc Add HMAC capability to salt. Pass a salt into audit backends. Require it for audit.Hash. 2015-09-18 17:38:22 -04:00
Jeff Mitchell
e7f2a54720 Rejig Lease terminology internally; also, put a few JSON names back to their original values 2015-08-20 22:27:01 -07:00
Jeff Mitchell
97112665e8 Internally refactor Lease/LeaseGracePeriod into TTL/GracePeriod 2015-08-20 18:00:51 -07:00
Erik Kristensen
f3a02a8d13 update tests 2015-08-05 08:44:48 -06:00
Erik Kristensen
79dcffd4ac add a time field to the log entries 2015-08-05 07:47:39 -06:00
Armon Dadgar
1a085c1c89 vault: cleanups for the audit log changes 2015-06-29 15:27:28 -07:00
Armon Dadgar
01dc26bdeb Fixing merge conflict 2015-06-29 15:19:04 -07:00
Mitchell Hashimoto
943d914fec audit: some tests 2015-06-19 03:31:19 -07:00
Nate Brown
f5ebc5cc3b Fixing tests 2015-06-18 20:14:20 -07:00
Nate Brown
55e37392ad Actually not logging auth in the response if nil 2015-06-18 19:48:00 -07:00
Nate Brown
71a738ad7d Logging authentication errors and bad token usage 2015-06-18 18:30:18 -07:00
Nate Brown
314eea7ff0 Adding error and remote_address to audit log lines 2015-06-18 17:17:18 -07:00
Mitchell Hashimoto
7015882b5c audit: add display name to auth [GH-176] 2015-05-11 10:40:32 -07:00
Armon Dadgar
139a8db461 audit: Guard against a few nil pointer cases 2015-04-27 15:56:40 -07:00
Mitchell Hashimoto
4b942e9ccd audit: add more tests for copying 2015-04-27 15:54:14 -07:00
Armon Dadgar
a76cd4c58d audit: Document that arguments must not be modified 2015-04-27 14:24:11 -07:00
Mitchell Hashimoto
d2f85569d4 audit: docs 2015-04-22 07:42:37 +02:00
Mitchell Hashimoto
ccaad36388 audit: separate hashing from formatting to facilitate raw 2015-04-22 07:41:53 +02:00
Mitchell Hashimoto
628d6e4e7a audit: hash all the req/resp structures 2015-04-21 16:20:31 +01:00
Mitchell Hashimoto
7860e95a93 audit: fix failing test 2015-04-21 16:15:04 +01:00
Mitchell Hashimoto
2598dd6441 audit: sanity sha1 test 2015-04-21 16:14:26 +01:00
Mitchell Hashimoto
99036f9e5b audit: add SHA1 hash callback 2015-04-21 16:13:06 +01:00
Mitchell Hashimoto
3f301d7995 audit: add hashstructure 2015-04-21 16:02:03 +01:00
Mitchell Hashimoto
8cab481400 audit/file: append 2015-04-19 22:43:39 -07:00
Mitchell Hashimoto
f7fa1df974 audit: JSON formatter 2015-04-13 14:12:03 -07:00
Armon Dadgar
104c252283 audit: Adding basic interface methods 2015-04-01 13:54:50 -07:00
Armon Dadgar
3d0242c714 audit: Basic interface 2015-03-27 13:43:23 -07:00