mirrors/vault
1
0
Fork 0
mirror of https://github.com/hashicorp/vault.git synced 2025-08-17 12:07:02 +02:00
Code Issues Projects Releases Wiki Activity
2,571 Commits 2,844 Branches 445 Tags 454 MiB
a1d242f18c
Commit Graph

81 Commits

Author SHA1 Message Date
Jeff Mitchell
45b96ed140 Address some more review feedback 2016-01-12 15:09:16 -05:00
Jeff Mitchell
f3ef23318d Create more granular ACL capabilities. 
This commit splits ACL policies into more fine-grained capabilities.
This both drastically simplifies the checking code and makes it possible
to support needed workflows that are not possible with the previous
method. It is backwards compatible; policies containing a "policy"
string are simply converted to a set of capabilities matching previous
behavior.

Fixes #724 (and others).
 2016-01-08 13:05:14 -05:00
Jeff Mitchell
45e32756ea WriteOperation -> UpdateOperation 2016-01-08 13:03:03 -05:00
Jeff Mitchell
97820e2d77 Add '.' to GenericNameRegex; it cannot appear as the first or last 
character. This allows its usage in a number of extra path-based
variables.

Ping #244
 2015-10-13 16:04:10 -04:00
Jeff Mitchell
c2f74828a4 Fix up per-backend timing logic; also fix error in TypeDurationSecond in 
GetOkErr.
 2015-09-21 09:55:03 -04:00
Jeff Mitchell
a4ca14cfbc Add HMAC capability to salt. Pass a salt into audit backends. Require it for audit.Hash. 2015-09-18 17:38:22 -04:00
vishalnayak
fd6a63550c Error on violating SysView boundaries 2015-09-17 11:24:46 -04:00
vishalnayak
586c1a6889 Vault userpass: Enable renewals for login tokens 2015-09-16 23:55:35 -04:00
Jeff Mitchell
51e948c8fc Implement the cubbyhole backend 
In order to implement this efficiently, I have introduced the concept of
"singleton" backends -- currently, 'sys' and 'cubbyhole'. There isn't
much reason to allow sys to be mounted at multiple places, and there
isn't much reason you'd need multiple per-token storage areas. By
restricting it to just one, I can store that particular mount instead of
iterating through them in order to call the appropriate revoke function.

Additionally, because revocation on the backend needs to be triggered by
the token store, the token store's salt is kept in the router and
client tokens going to the cubbyhole backend are double-salted by the
router. This allows the token store to drive when revocation happens
using its salted tokens.
 2015-09-15 13:50:37 -04:00
Lassi Pölönen
750cf5053c Implement clean up routine to backend as some backends may require 
e.g closing database connections on unmount to avoud connection
stacking.
 2015-09-11 11:45:58 +03:00
Jeff Mitchell
dd8ac00daa Rejig how dynamic values are represented in system view and location of some functions in various packages; create mount-tune command and API analogues; update documentation 2015-09-10 15:09:54 -04:00
Jeff Mitchell
aadf039368 Add DynamicSystemView. This uses a pointer to a pointer to always have 
up-to-date information. This allows remount to be implemented with the
same source and dest, allowing mount options to be changed on the fly.
If/when Vault gains the ability to HUP its configuration, this should
just work for the global values as well.

Need specific unit tests for this functionality.
 2015-09-10 15:09:54 -04:00
Jeff Mitchell
84be5cff30 Make DefaultSystemView StaticSystemView with statically-configured information. Export this from Framework to make it easy to override for testing. 2015-08-27 11:25:07 -07:00
Jeff Mitchell
003d53106a Use a SystemView interface and turn SystemConfig into DefaultSystemView 2015-08-27 10:36:44 -07:00
Jeff Mitchell
80ce0ae041 Plumb the system configuration information up into framework 2015-08-27 09:41:03 -07:00
Jeff Mitchell
99041b5b6d Merge pull request #561 from hashicorp/fix-wild-cards 
Allow hyphens in endpoint patterns of most backends
 2015-08-21 11:40:42 -07:00
vishalnayak
41678f18ae Vault: Fix wild card paths for all backends 2015-08-21 00:56:13 -07:00
Jeff Mitchell
e7f2a54720 Rejig Lease terminology internally; also, put a few JSON names back to their original values 2015-08-20 22:27:01 -07:00
Jeff Mitchell
97112665e8 Internally refactor Lease/LeaseGracePeriod into TTL/GracePeriod 2015-08-20 18:00:51 -07:00
Caleb Tennis
d8d76a5304 Add a validation step in field data to error more quickly vs. allowing panics to happen when we go to get the data and convert it 2015-08-11 12:34:14 -04:00
Armon Dadgar
9515bf32de logical/framework: handle nil duration value. Fixes #408 2015-07-08 16:55:52 -06:00
Armon Dadgar
6a9dc00e57 Remove SetLogger, and unify on framework.Setup 2015-06-30 17:45:20 -07:00
Armon Dadgar
7b090ae1d6 logical/framework: support Salt in PathMap 2015-06-30 14:28:45 -07:00
Armon Dadgar
dcb45874bf logical/framework: adding a new duration type to convert to seconds 2015-06-17 15:56:26 -07:00
Armon Dadgar
daf94d6721 logical/framework: allow the lease max to come from existing lease 2015-06-17 14:24:12 -07:00
Armon Dadgar
2a894171ca logical/framework: simplify calculation of lease renew 2015-06-17 14:16:44 -07:00
Jonathan Sokolowski
3a2ad814bb logical/framework: Fix help text in PathMap 2015-05-15 07:56:32 +10:00
Jonathan Sokolowski
31d7426863 logical/framework: Add delete to PathMap 2015-05-14 22:28:33 +10:00
Jonathan Sokolowski
8d0ef0db75 logical/framework: Add delete to PathStruct 2015-05-14 22:25:30 +10:00
Mitchell Hashimoto
11a009d5ab logical/framework: PathMap is case insensitive by default 2015-05-11 10:27:04 -07:00
Mitchell Hashimoto
5d1baaace4 credential/github: case insensitive mappings 2015-05-11 10:24:39 -07:00
Armon Dadgar
68a99a8806 logical/framework: Generate help output even if no synopsis provided 2015-05-07 15:45:43 -07:00
Mitchell Hashimoto
33dfaaf88f logical/framework: PathMap allows hyphens in keys [GH-119] 2015-05-02 13:17:42 -07:00
Armon Dadgar
13d47848c1 logical/framework: Supporting list of path map 2015-04-23 21:44:04 -07:00
Mitchell Hashimoto
d76814e0f3 logical/framework: more flexible Pathmap and PolicyMap 2015-04-17 09:35:49 -07:00
Mitchell Hashimoto
81436dc871 logical/framework: PathStruct 2015-04-17 09:18:21 -07:00
Mitchell Hashimoto
0c8084c31f logical/framework: doc for defaultduration on secret 2015-04-13 20:42:06 -07:00
Mitchell Hashimoto
9af81182f0 logical/framework: secret lease tests 2015-04-13 15:18:27 -07:00
Mitchell Hashimoto
40027e22d3 logical/framework: allow max session time 2015-04-11 16:41:08 -07:00
Mitchell Hashimoto
cd8216c726 vault: token store allows unlimited renew 2015-04-11 16:28:16 -07:00
Mitchell Hashimoto
333d60f675 logical/framework: more tests 2015-04-11 14:51:00 -07:00
Mitchell Hashimoto
0822286acb logical/framework: AuthRenew callback, add LeaseExtend 
/cc @armon - Going with this "standard library" of callbacks approach
to make extending leases in a customizable way easy. See the docs/tests
above.
 2015-04-11 14:46:09 -07:00
Mitchell Hashimoto
a81e3bbe6a logical: add LeaseOptions.IncrementedLease() 2015-04-10 21:35:17 -07:00
Mitchell Hashimoto
333bdac62d vault: the expiration time should be relative to the issue time 2015-04-10 21:21:06 -07:00
Armon Dadgar
e15b8426b1 logical: Adding support for renew of Auth 2015-04-10 13:59:49 -07:00
Armon Dadgar
64ef2a6269 logical: Refactor LeaseOptions to share between Secret and Auth 2015-04-09 12:14:04 -07:00
Mitchell Hashimoto
61b7b71dec credential/app-id 2015-04-04 18:41:49 -07:00
Mitchell Hashimoto
8fd956391a credential/github: improve help 2015-04-04 12:18:33 -07:00
Mitchell Hashimoto
0109031e63 vault: pass a logger around to logical backends 2015-04-04 11:39:58 -07:00
Mitchell Hashimoto
d9e38470a8 logical/framework: better string values for types 2015-04-03 21:15:59 -07:00