mirrors/vault
1
0
Fork 0
mirror of https://github.com/hashicorp/vault.git synced 2025-12-09 19:41:37 +01:00
Code Issues Projects Releases Wiki Activity
15,224 Commits 2,851 Branches 460 Tags
Commit Graph

15224 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Armon Dadgar
ed5d347aec vault: Allow passing in audit factory methods 2015-03-27 13:45:13 -07:00
Armon Dadgar
3d0242c714 audit: Basic interface 2015-03-27 13:43:23 -07:00
Armon Dadgar
06e30b425e Fixing compilation errors due to API change 2015-03-24 16:20:05 -07:00
Armon Dadgar
2b72e23cb5 vault: Testing core ACL enforcement 2015-03-24 15:55:27 -07:00
Armon Dadgar
dfe7d7308e vault: testing root privilege restrictions 2015-03-24 15:52:07 -07:00
Armon Dadgar
0f39544930 vault: ignore a nil policy object, as it has no permissions 2015-03-24 15:49:17 -07:00
Armon Dadgar
e6c3405f2c vault: adding auth/token/lookup/ support 2015-03-24 15:39:33 -07:00
Armon Dadgar
8758410671 vault: adding auth/token/revoke/ and auth/token/revoke-orphan/ 2015-03-24 15:30:09 -07:00
Armon Dadgar
e9af589010 vault: Passthrough of client token to token store 2015-03-24 15:12:52 -07:00
Armon Dadgar
f1e7cd05c4 vault: Adding auth/token/create endpoint 2015-03-24 15:10:46 -07:00
Armon Dadgar
d21d08e079 vault: Allow providing token ID during creation 2015-03-24 14:22:50 -07:00
Armon Dadgar
f1e97cb72a vault: utility string set methods 2015-03-24 13:56:07 -07:00
Armon Dadgar
faedba0be8 vault: utility string search methods 2015-03-24 13:44:47 -07:00
Armon Dadgar
475f8766c5 vault: test missing and invalid tokens 2015-03-24 11:57:08 -07:00
Armon Dadgar
4def415f3b vault: Adding ACL enforcement 2015-03-24 11:37:07 -07:00
Armon Dadgar
ca962aeb03 vault: Special case root policy 2015-03-24 11:27:21 -07:00
Armon Dadgar
5cbecba333 logical: Special error for permission denied 2015-03-24 11:23:59 -07:00
Armon Dadgar
db2e1388fc vault: Adding ClientToken 2015-03-24 11:09:25 -07:00
Armon Dadgar
3ccd20cb58 vault: wire tokens into expiration manager 2015-03-23 18:11:15 -07:00
Armon Dadgar
32ef2c4a32 vault: Give expiration manager a token store reference 2015-03-23 18:00:14 -07:00
Armon Dadgar
f4bde1d5a2 vault: Generate a root token when initializing 2015-03-23 17:31:30 -07:00
Armon Dadgar
dd3ca5f70e vault: Remove core reference 2015-03-23 17:29:36 -07:00
Armon Dadgar
3b5f8c1e66 vault: only log expiration notice if useful 2015-03-23 17:27:46 -07:00
Armon Dadgar
0bc92207fb vault: Adding method to generate root token 2015-03-23 17:16:37 -07:00
Armon Dadgar
200bc60e71 vault: Support policy CRUD 2015-03-23 14:43:31 -07:00
Armon Dadgar
f781193704 vault: first pass at HandleLogin 2015-03-23 13:56:43 -07:00
Armon Dadgar
e3f8956850 vault: Track the token store in core 2015-03-23 13:41:05 -07:00
Armon Dadgar
50098306ee vault: token tracks generation path and meta data 2015-03-23 13:39:43 -07:00
Armon Dadgar
5b663aa148 credential: simplify interface 2015-03-23 13:39:16 -07:00
Armon Dadgar
3615eca722 vault: extend router to handle login routing 2015-03-23 11:47:55 -07:00
Mitchell Hashimoto
b08606b8fd main: hook up consul backend 2015-03-21 17:25:12 +01:00
Mitchell Hashimoto
3b702cc14d logical/consul: actual test that the token works 2015-03-21 17:23:44 +01:00
Mitchell Hashimoto
07f8e262fe logical/consul 2015-03-21 17:19:37 +01:00
Mitchell Hashimoto
26583fb05f logical/framework: auto-extend leases if requested 2015-03-21 16:20:30 +01:00
Mitchell Hashimoto
c3342cd344 logical/aws: refactor access key create to the secret file 2015-03-21 11:49:56 +01:00
Mitchell Hashimoto
f08879971e logical/aws: remove debug I was using to test rollback :) 2015-03-21 11:20:22 +01:00
Mitchell Hashimoto
f99f6c910e logical/aws: WAL entry for users, rollback 2015-03-21 11:18:46 +01:00
Mitchell Hashimoto
a04df95177 logical/testing: immediate rollback, ignore RollbackMinAge 2015-03-21 11:18:33 +01:00
Mitchell Hashimoto
c872e0f788 logical/framework: rollback should return error, easier API 2015-03-21 11:08:13 +01:00
Mitchell Hashimoto
c9e64725d7 logical/framework: rollback needs to have access to request for storage 2015-03-21 11:03:59 +01:00
Armon Dadgar
e7648877c5 vault: playing with credential store interface 2015-03-20 13:54:57 -07:00
Armon Dadgar
972fc8238b vault: implement the sys/auth* endpoints 2015-03-20 12:48:19 -07:00
Mitchell Hashimoto
ac8570c809 main: enable AWS backend 2015-03-20 19:32:18 +01:00
Mitchell Hashimoto
3456d9276c logical/aws 2015-03-20 19:03:20 +01:00
Mitchell Hashimoto
2ce92edd0f logical/framework: can specify InternalData for secret 2015-03-20 17:59:48 +01:00
Mitchell Hashimoto
92e200f150 logical/testing: rollback/revoke secrets, error dangling secrets 2015-03-20 17:20:55 +01:00
Mitchell Hashimoto
2c7343854f http: passing tests 2015-03-19 23:28:49 +01:00
Mitchell Hashimoto
e6ab3a3771 vault: clean up VaultID duplications, make secret responses clearer 
/cc @armon - This is a reasonably major refactor that I think cleans up
a lot of the logic with secrets in responses. The reason for the
refactor is that while implementing Renew/Revoke in logical/framework I
found the existing API to be really awkward to work with.

Primarily, we needed a way to send down internal data for Vault core to
store since not all the data you need to revoke a key is always sent
down to the user (for example the user than AWS key belongs to).

At first, I was doing this manually in logical/framework with
req.Storage, but this is going to be such a common event that I think
its something core should assist with. Additionally, I think the added
context for secrets will be useful in the future when we have a Vault
API for returning orphaned out keys: we can also return the internal
data that might help an operator.

So this leads me to this refactor. I've removed most of the fields in
`logical.Response` and replaced it with a single `*Secret` pointer. If
this is non-nil, then the response represents a secret. The Secret
struct encapsulates all the lease info and such.

It also has some fields on it that are only populated at _request_ time
for Revoke/Renew operations. There is precedent for this sort of
behavior in the Go stdlib where http.Request/http.Response have fields
that differ based on client/server. I copied this style.

All core unit tests pass. The APIs fail for obvious reasons but I'll fix
that up in the next commit.
 2015-03-19 23:11:42 +01:00
Mitchell Hashimoto
163bfa62a6 logical/framework: support renew 2015-03-19 20:20:57 +01:00
Mitchell Hashimoto
b54dc20aff logical/framework: revoke support 2015-03-19 19:41:41 +01:00