Jeff Mitchell
84c67e3f91
Remove noop checks in unmount/remount and restore previous behavior
2015-09-15 13:50:37 -04:00
Jeff Mitchell
51e948c8fc
Implement the cubbyhole backend
...
In order to implement this efficiently, I have introduced the concept of
"singleton" backends -- currently, 'sys' and 'cubbyhole'. There isn't
much reason to allow sys to be mounted at multiple places, and there
isn't much reason you'd need multiple per-token storage areas. By
restricting it to just one, I can store that particular mount instead of
iterating through them in order to call the appropriate revoke function.
Additionally, because revocation on the backend needs to be triggered by
the token store, the token store's salt is kept in the router and
client tokens going to the cubbyhole backend are double-salted by the
router. This allows the token store to drive when revocation happens
using its salted tokens.
2015-09-15 13:50:37 -04:00
Jeff Mitchell
11cea42ec7
Rename View to StorageView to make it more distinct from SystemView
2015-09-15 13:50:37 -04:00
Tuomas Silen
82a04398a3
Rename error return var
2015-09-15 11:18:43 +03:00
Jeff Mitchell
1247459ae1
Ensure that the response body of logical calls is closed, even if there is an error.
2015-09-14 18:22:33 -04:00
Jeff Mitchell
ab4d01e4a3
Merge pull request #607 from lassizci/postgresql-timezone
...
Explicitly set timezone with PostgreSQL timestamps.
2015-09-14 11:55:02 -04:00
Jeff Mitchell
f0f20cb84f
When there is one use left and a Secret is being returned, instead
...
return a descriptive error indicating that the Secret cannot be returned
because when the token was revoked the secret was too. This prevents
confusion where credentials come back but cannot be used.
Fixes #615
2015-09-14 11:07:27 -04:00
Lassi Pölönen
1a6f778623
Define time zone explicitly in postgresql connection string.
2015-09-14 13:43:06 +03:00
Lassi Pölönen
ea2a6361eb
Explicitly set timezone with PostgreSQL timestamps.
2015-09-14 13:43:06 +03:00
Tuomas Silen
e92001ca69
Further cleanup, use named return vals
2015-09-14 13:30:15 +03:00
Vishal Nayak
3a6d9861ca
Merge pull request #613 from hashicorp/doc-token-renewal
...
Improve documentation of token renewal
2015-09-11 21:38:34 -04:00
vishalnayak
cd5da08a62
Typo fix
2015-09-11 21:36:20 -04:00
vishalnayak
ec4f6e59b3
Improve documentation of token renewal
2015-09-11 21:08:32 -04:00
Jeff Mitchell
2c4b346c81
Merge pull request #608 from lassizci/backend-cleanup
...
Provide a cleanup method for backends; if defined, will be run just before unloading.
2015-09-11 10:52:04 -04:00
Tuomas Silen
154aada606
Cleanup defer func
2015-09-11 16:30:12 +03:00
Tuomas Silen
0f8bbb753a
Use defer to close the channel in case of error
2015-09-11 16:17:23 +03:00
Lassi Pölönen
be1b9e5a36
Cleanup routines should now use routeEntry instead of mountEntry.
2015-09-11 13:40:31 +03:00
Lassi Pölönen
a769c1231b
Call ResetDB as Cleanup routine to close existing database connections
...
on backend unmount.
2015-09-11 11:45:58 +03:00
Lassi Pölönen
750cf5053c
Implement clean up routine to backend as some backends may require
...
e.g closing database connections on unmount to avoud connection
stacking.
2015-09-11 11:45:58 +03:00
Vishal Nayak
73416e1a0d
Merge pull request #580 from hashicorp/zeroaddress-path
...
Add root authenticated path to allow default CIDR to select roles
2015-09-10 15:28:49 -04:00
Jeff Mitchell
a1e5777104
Merge pull request #585 from hashicorp/per-backend-ttls
...
Per backend configuration
2015-09-10 15:27:07 -04:00
Jeff Mitchell
4eb9cd4c28
Remove error returns from sysview TTL calls
2015-09-10 15:09:54 -04:00
Jeff Mitchell
58cac79665
Be consistent as both are the same pointer here
2015-09-10 15:09:54 -04:00
Jeff Mitchell
915b8680ac
Implement shallow cloning to allow MountEntry pointers to stay consistent when spread across router/core/system views
2015-09-10 15:09:54 -04:00
Jeff Mitchell
b9a5a137c0
Address items from feedback. Make MountConfig use values rather than
...
pointers and change how config is read to compensate.
2015-09-10 15:09:54 -04:00
Jeff Mitchell
3e713c61ac
Push a lot of logic into Router to make a bunch of it nicer and enable a
...
lot of cleanup. Plumb config and calls to framework.Backend.Setup() into
logical_system and elsewhere, including tests.
2015-09-10 15:09:54 -04:00
Jeff Mitchell
76c18762aa
Add more unit tests against backend TTLs, and fix two bugs found by them
...
(yay unit tests!)
2015-09-10 15:09:54 -04:00
Jeff Mitchell
205ef29a59
Fix mount config test by proxying mounts/ in addition to mounts
2015-09-10 15:09:54 -04:00
Jeff Mitchell
0df0df2fcb
Fix typo
2015-09-10 15:09:54 -04:00
Jeff Mitchell
b3422bec2f
A couple bug fixes + most unit tests
2015-09-10 15:09:54 -04:00
Jeff Mitchell
dd8ac00daa
Rejig how dynamic values are represented in system view and location of some functions in various packages; create mount-tune command and API analogues; update documentation
2015-09-10 15:09:54 -04:00
Jeff Mitchell
aadf039368
Add DynamicSystemView. This uses a pointer to a pointer to always have
...
up-to-date information. This allows remount to be implemented with the
same source and dest, allowing mount options to be changed on the fly.
If/when Vault gains the ability to HUP its configuration, this should
just work for the global values as well.
Need specific unit tests for this functionality.
2015-09-10 15:09:54 -04:00
Jeff Mitchell
6e0cee3ef4
Switch StaticSystemView values to pointers, to support updating
2015-09-10 15:09:54 -04:00
Jeff Mitchell
b86f252c77
Allow POST as well as PUT for seal/unseal command, fits in more with how logical handles things
2015-09-10 15:09:53 -04:00
Jeff Mitchell
dffcf0548e
Plumb per-mount config options through API
2015-09-10 15:09:53 -04:00
Jeff Mitchell
bb2a7b4343
Minor cleanup of MountConfig
2015-09-10 15:09:53 -04:00
Jeff Mitchell
0b8c781126
Add logic to core to fetch a SystemView for a given mount entry and use those values for default/max TTL. The SystemView will reflect system defaults if not set for that mount.
2015-09-10 15:09:53 -04:00
vishalnayak
484d854de0
Vault SSH: Testing credential creation on zero address roles
2015-09-10 11:55:07 -04:00
vishalnayak
32fc41cbac
Vault SSH: Expected data for testRoleRead
2015-09-10 10:44:26 -04:00
vishalnayak
cb007ced48
Merge branch 'master' of https://github.com/hashicorp/vault
2015-09-10 10:03:17 -04:00
Tuomas Silen
8d9eaca39a
Renew the semaphore key periodically
...
The semaphore key is used to determine whether we are the leader or not and is set to expire after TTL of 15 seconds. There was no logic implemented to renew the key before it expired, which caused the leader to step down and change every 15 seconds. A periodic timer is now added to update the key every 5 seconds to renew the TTL of the key.
2015-09-09 19:33:07 +03:00
Jeff Mitchell
12521eb87f
Merge pull request #508 from mfischer-zd/webdoc_environment
...
docs: Document environment variables
2015-09-09 11:29:10 -04:00
Jeff Mitchell
a046662842
Merge pull request #592 from blalor/patch-1
...
Remove unused param to 'vault write aws/roles/deploy'
2015-09-09 11:28:15 -04:00
Michael S. Fischer
eb494455ed
docs: Document environment variables
2015-09-08 11:59:58 -07:00
Seth Vargo
2880fac54a
Merge pull request #595 from jeteon/patch-1
...
Typo fix
2015-09-08 14:06:19 -04:00
Neo
315047dca6
Typo fix
2015-09-08 02:43:01 +02:00
Brian Lalor
ade8c31469
Remove unused param to 'vault write aws/roles/deploy'
...
The name is taken from the path, not the request body. Having the duplicate key is confusing.
2015-09-06 06:57:39 -04:00
Armon Dadgar
c3ba4fc147
Merge pull request #590 from MarkVLK/patch-1
...
Update mysql docs markdown to fix grammar error
2015-09-04 19:13:50 -07:00
Armon Dadgar
4e77fd1e04
Merge pull request #591 from MarkVLK/patch-2
...
Update transit docs markdown to add missing word
2015-09-04 19:13:35 -07:00
MarkVLK
ac44229d18
Update transit docs markdown to add missing word
...
Added the presumably missing *decrypt* from "encrypt/data" in the first sentence.
2015-09-04 17:11:34 -07:00