mirrors/vault
1
0
Fork 0
mirror of https://github.com/hashicorp/vault.git synced 2025-08-15 19:17:02 +02:00
Code Issues Projects Releases Wiki Activity
10,305 Commits 2,844 Branches 445 Tags 454 MiB
9be1128201
Commit Graph

57 Commits

Author SHA1 Message Date
Jeff Mitchell
170521481d
Create sdk/ and api/ submodules (#6583) 2019-04-12 17:54:35 -04:00
Jim Kalafut
a54603039d Run goimports across the repository (#6010) 
The result will still pass gofmtcheck and won't trigger additional
changes if someone isn't using goimports, but it will avoid the
piecemeal imports changes we've been seeing.
 2019-01-08 16:48:57 -08:00
Jim Kalafut
71473405f0
Switch to strings.EqualFold (#5284) 2018-09-11 16:22:29 -07:00
Vishal Nayak
e2bb2ec3b9
Errwrap everywhere (#4252) 
* package api

* package builtin/credential

* package builtin/logical

* package command

* package helper

* package http and logical

* package physical

* package shamir

* package vault

* package vault

* address feedback

* more fixes
 2018-04-05 11:49:21 -04:00
Brian Kassouf
c0815bd2b0
Add context to the NewSalt function (#4102) 2018-03-08 11:21:11 -08:00
Calvin Leung Huang
01eecf9d1a
Non-HMAC audit values (#4033) 
* Add non-hmac request keys

* Update comment

* Initial audit request keys implementation

* Add audit_non_hmac_response_keys

* Move where req.NonHMACKeys gets set

* Minor refactor

* Add params to auth tune endpoints

* Sync cache on loadCredentials

* Explicitly unset req.NonHMACKeys

* Do not error if entry is nil

* Add tests

* docs: Add params to api sections

* Refactor audit.Backend and Formatter interfaces, update audit broker methods

* Add audit_broker.go

* Fix method call params in audit backends

* Remove fields from logical.Request and logical.Response, pass keys via LogInput

* Use data.GetOk to allow unsetting existing values

* Remove debug lines

* Add test for unsetting values

* Address review feedback

* Initialize values in FormatRequest and FormatResponse using input values

* Update docs

* Use strutil.StrListContains

* Use strutil.StrListContains
 2018-03-02 12:18:39 -05:00
Brian Kassouf
8142b42d95 Add context to storage backends and wire it through a lot of places (#3817) 2018-01-19 01:44:44 -05:00
Brian Shumate
c767dc4ed6 Conditionally set file audit log mode (#3649) 2017-12-07 11:44:15 -05:00
Jeff Mitchell
22528daac6 Add 'discard' target to file audit backend (#3262) 
Fixes #seth
 2017-08-30 19:16:47 -04:00
Christopher Pauley
f2d452b5e1 stdout support for file backend via logger (#3235) 2017-08-29 14:51:16 -04:00
Jeff Mitchell
ba649324f7 Opportunistically try re-opening file audit fd on error (#2999) 
Addresses a pain point from
https://github.com/hashicorp/vault/issues/2863#issuecomment-309434605
 2017-07-14 11:03:01 -04:00
Lars Lehtonen
730bb03c77 Fix swallowed errors in builtin (#2977) 2017-07-07 08:23:12 -04:00
Jeff Mitchell
4efff56640 Don't dial on backend startup; retry dials at log time so that transient (#2934) 
network failures are worked around. Also, during a reconnect always
close the existing connection.

Fixes #2931
 2017-07-06 10:18:18 -04:00
Jeff Mitchell
dd26071875 Delay salt initialization for audit backends 2017-05-23 20:36:20 -04:00
Jeff Mitchell
df575f0b3a Rename helper 'duration' to 'parseutil'. (#2449) 
Add a ParseBool function that accepts various kinds of ways of
specifying booleans.

Have config use ParseBool for UI and disabling mlock/cache.
 2017-03-07 11:21:22 -05:00
Jeff Mitchell
64d63ba55a Add some repcluster handling to audit and add some tests (#2384) 
* Add some repcluster handling to audit and add some tests

* Fix incorrect assumption about nil auth
 2017-02-16 13:09:53 -05:00
Tommy Murphy
57aac16cd2 audit: support a configurable prefix string to write before each message (#2359) 
A static token at the beginning of a log line can help systems parse
logs better. For example, rsyslog and syslog-ng will recognize the
'@cee: ' prefix and will parse the rest of the line as a valid json message.
This is useful in environments where there is a mix of structured and
unstructured logs.
 2017-02-10 16:56:28 -08:00
Brian Kassouf
541c53d354 Added a single retry after a reconnection 2017-02-06 11:38:38 -08:00
Brian Kassouf
aa32568aa9 Update the docs and move the logic for reconnecting into its own function 2017-02-04 16:55:17 -08:00
Brian Kassouf
b32cb4bedf Add write deadline and a Reload function 2017-02-02 15:44:56 -08:00
Harrison Harnisch
6da4806582 add socket audit backend 2017-02-02 14:21:48 -08:00
Brian Kassouf
590b5681cd Configure the request headers that are output to the audit log (#2321) 
* Add /sys/config/audited-headers endpoint for configuring the headers that will be audited

* Remove some debug lines

* Add a persistant layer and refactor a bit

* update the api endpoints to be more restful

* Add comments and clean up a few functions

* Remove unneeded hash structure functionaility

* Fix existing tests

* Add tests

* Add test for Applying the header config

* Add Benchmark for the ApplyConfig method

* ResetTimer on the benchmark:

* Update the headers comment

* Add test for audit broker

* Use hyphens instead of camel case

* Add size paramater to the allocation of the result map

* Fix the tests for the audit broker

* PR feedback

* update the path and permissions on config/* paths

* Add docs file

* Fix TestSystemBackend_RootPaths test
 2017-02-02 11:49:20 -08:00
Brian Nuszkowski
787c3de3fe Minor cleanup in audit backend (#2194) 2016-12-19 15:35:55 -05:00
Laura Bennett
6770545cfd test updates to address feedback 2016-10-10 12:58:30 -04:00
Laura Bennett
7def50799b address latest feedback 2016-10-10 11:58:26 -04:00
Laura Bennett
18028ffcd6 minor fix 2016-10-10 10:05:36 -04:00
Laura Bennett
3bf0520bbb address feedback 2016-10-09 22:23:30 -04:00
Laura Bennett
bef5a625d6 adding unit tests for file mode 2016-10-09 00:33:24 -04:00
Laura Bennett
a8813c4ff2 changes for 'mode' 2016-10-08 19:52:49 -04:00
Laura Bennett
635873cf4a initial commit for adding audit file permission changes 2016-10-07 15:09:32 -04:00
Jeff Mitchell
81cdd76a5c Adds HUP support for audit log files to close and reopen. (#1953) 
Adds HUP support for audit log files to close and reopen. This makes it
much easier to deal with normal log rotation methods.

As part of testing this I noticed that HUP and other items that come out
of command/server.go are going to stderr, which is where our normal log
lines go. This isn't so much problematic with our normal output but as
we officially move to supporting other formats this can cause
interleaving issues, so I moved those to stdout instead.
 2016-09-30 12:04:50 -07:00
Jeff Mitchell
8482118ac6 Transit and audit enhancements 2016-09-21 10:49:26 -04:00
Jeff Mitchell
e65b48a7e4 Actually show the error occurring if a file audit log can't be opened 2016-08-15 16:26:36 -04:00
Jeff Mitchell
47dc1ccd25 Add token accessor to wrap information if one exists 2016-06-13 23:58:17 +00:00
vishalnayak
4d28fa38c4 Read from 'path' to retain backward compatibility 2016-03-15 20:05:51 -04:00
vishalnayak
bac4fe0799 Rename id to path and path to file_path, print audit backend paths 2016-03-14 17:15:07 -04:00
Jeff Mitchell
9609f4bb78 s/hash_accessor/hmac_accessor/g 2016-03-14 14:52:29 -04:00
vishalnayak
51847a6b25 Use accessor being set as the condition to restore non-hashed values 2016-03-14 11:23:30 -04:00
vishalnayak
ac0639d5bc Added hash_accessor option to audit backends 2016-03-11 19:28:06 -05:00
Jeff Mitchell
49d525ebf3 Reintroduce the ability to look up obfuscated values in the audit log 
with a new endpoint '/sys/audit-hash', which returns the given input
string hashed with the given audit backend's hash function and salt
(currently, always HMAC-SHA256 and a backend-specific salt).

In the process of adding the HTTP handler, this also removes the custom
HTTP handlers for the other audit endpoints, which were simply
forwarding to the logical system backend. This means that the various
audit functions will now redirect correctly from a standby to master.
(Tests all pass.)

Fixes #784
 2015-11-18 20:26:03 -05:00
Jeff Mitchell
8cf0d1444a If we fail to open a file path, show which it is in the error output 2015-10-30 14:30:21 -04:00
Jeff Mitchell
1a22cb0b12 Expand HMAC support in Salt; require an identifier be passed in to specify type but allow generation with and without. Add a StaticSalt ID for testing functions. Fix bugs; unit tests pass. 2015-09-18 17:38:30 -04:00
Jeff Mitchell
a4ca14cfbc Add HMAC capability to salt. Pass a salt into audit backends. Require it for audit.Hash. 2015-09-18 17:38:22 -04:00
Jeff Mitchell
989b33483b Ensure that the 'file' audit backend can successfully open its given path before returning success. Fixes #550. 2015-08-26 09:13:10 -07:00
Armon Dadgar
b8754e740c audit: properly restore TLS state 2015-07-08 16:45:15 -06:00
Armon Dadgar
b49683a40b audit: fixing panic caused by tls connection state. Fixes #322 2015-06-29 17:16:17 -07:00
Nate Brown
71a738ad7d Logging authentication errors and bad token usage 2015-06-18 18:30:18 -07:00
Armon Dadgar
70ae9323e2 audit/file: Create file if it does not exist. Fixes #148 2015-05-06 11:33:06 -07:00
Armon Dadgar
1530403a04 audit/file: add log_raw parameter and default to hashing 2015-04-27 15:56:41 -07:00
Armon Dadgar
9c019d3f20 audit/syslog: switch defaults 2015-04-27 15:56:41 -07:00