mirrors/vault
1
0
Fork 0
mirror of https://github.com/hashicorp/vault.git synced 2026-02-14 20:31:41 +01:00
Code Issues Projects Releases Wiki Activity
vault/http
History
Christopher Swenson f0a23e117f
events: Continuously verify policies (#22705) 
Previously, when a user initiated a websocket subscription,
the access to the `sys/events/subscribe` endpoint was checked then,
and only once.

Now, perform continuous policy checks:

* We check access to the `sys/events/subscribe` endpoint every five
  minutes. If this check fails, then the websocket is terminated.
* Upon receiving any message, we verify that the `subscribe`
  capability is present for that namespace, data path, and event type.
  If it is not, then the message is not delivered. If the message is
  allowed, we cache that result for five minutes.

Tests for this are in a separate enterprise PR.

Documentation will be updated in another PR.

Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com>
Co-authored-by: Nick Cabatoff <ncabatoff@hashicorp.com>
2023-09-05 16:28:09 -07:00
..
web_ui
Make web_ui complient with Go's native embedding (#14246)
2022-02-24 09:12:36 -05:00
assets_stub.go
[COMPLIANCE] License changes (#22290)
2023-08-10 18:14:03 -07:00
assets.go
[COMPLIANCE] License changes (#22290)
2023-08-10 18:14:03 -07:00
auth_token_test.go
[COMPLIANCE] License changes (#22290)
2023-08-10 18:14:03 -07:00
cors.go
[COMPLIANCE] License changes (#22290)
2023-08-10 18:14:03 -07:00
custom_header_test.go
[COMPLIANCE] License changes (#22290)
2023-08-10 18:14:03 -07:00
events_test.go
events: Continuously verify policies (#22705)
2023-09-05 16:28:09 -07:00
events.go
events: Continuously verify policies (#22705)
2023-09-05 16:28:09 -07:00
forwarded_for_test.go
[COMPLIANCE] License changes (#22290)
2023-08-10 18:14:03 -07:00
forwarding_bench_test.go
[COMPLIANCE] License changes (#22290)
2023-08-10 18:14:03 -07:00
forwarding_test.go
[COMPLIANCE] License changes (#22290)
2023-08-10 18:14:03 -07:00
handler_stubs_oss.go
Chroot Listener (#22304)
2023-08-14 12:35:34 -07:00
handler_test.go
[COMPLIANCE] License changes (#22290)
2023-08-10 18:14:03 -07:00
handler.go
Add vault community changes for the Seal HA project. (#22515)
2023-08-24 11:40:01 -04:00
help_test.go
[COMPLIANCE] License changes (#22290)
2023-08-10 18:14:03 -07:00
help.go
[COMPLIANCE] License changes (#22290)
2023-08-10 18:14:03 -07:00
http_test.go
events: Continuously verify policies (#22705)
2023-09-05 16:28:09 -07:00
logical_test.go
VAULT-19046: Audit eventlogger escape hatch (#22344)
2023-08-17 21:20:30 +01:00
logical.go
[COMPLIANCE] License changes (#22290)
2023-08-10 18:14:03 -07:00
plugin_test.go
[COMPLIANCE] License changes (#22290)
2023-08-10 18:14:03 -07:00
sys_audit_test.go
[COMPLIANCE] License changes (#22290)
2023-08-10 18:14:03 -07:00
sys_auth_test.go
[COMPLIANCE] License changes (#22290)
2023-08-10 18:14:03 -07:00
sys_config_cors_test.go
[COMPLIANCE] License changes (#22290)
2023-08-10 18:14:03 -07:00
sys_config_state_test.go
Add config value that gives users options to skip calculating role for each lease (#22651)
2023-09-01 07:01:41 -05:00
sys_feature_flags.go
[COMPLIANCE] License changes (#22290)
2023-08-10 18:14:03 -07:00
sys_generate_root_test.go
VAULT-19046: Audit eventlogger escape hatch (#22344)
2023-08-17 21:20:30 +01:00
sys_generate_root.go
[COMPLIANCE] License changes (#22290)
2023-08-10 18:14:03 -07:00
sys_health_test.go
[COMPLIANCE] License changes (#22290)
2023-08-10 18:14:03 -07:00
sys_health.go
[COMPLIANCE] License changes (#22290)
2023-08-10 18:14:03 -07:00
sys_hostinfo_test.go
[COMPLIANCE] License changes (#22290)
2023-08-10 18:14:03 -07:00
sys_in_flight_requests_test.go
[COMPLIANCE] License changes (#22290)
2023-08-10 18:14:03 -07:00
sys_in_flight_requests.go
[COMPLIANCE] License changes (#22290)
2023-08-10 18:14:03 -07:00
sys_init_test.go
Add vault community changes for the Seal HA project. (#22515)
2023-08-24 11:40:01 -04:00
sys_init.go
Add vault community changes for the Seal HA project. (#22515)
2023-08-24 11:40:01 -04:00
sys_internal_test.go
[COMPLIANCE] License changes (#22290)
2023-08-10 18:14:03 -07:00
sys_leader_test.go
[COMPLIANCE] License changes (#22290)
2023-08-10 18:14:03 -07:00
sys_leader.go
[COMPLIANCE] License changes (#22290)
2023-08-10 18:14:03 -07:00
sys_lease_test.go
[COMPLIANCE] License changes (#22290)
2023-08-10 18:14:03 -07:00
sys_metrics_test.go
[COMPLIANCE] License changes (#22290)
2023-08-10 18:14:03 -07:00
sys_metrics.go
[COMPLIANCE] License changes (#22290)
2023-08-10 18:14:03 -07:00
sys_monitor_test.go
[COMPLIANCE] License changes (#22290)
2023-08-10 18:14:03 -07:00
sys_mount_test.go
[COMPLIANCE] License changes (#22290)
2023-08-10 18:14:03 -07:00
sys_mounts_test.go
[COMPLIANCE] License changes (#22290)
2023-08-10 18:14:03 -07:00
sys_policy_test.go
[COMPLIANCE] License changes (#22290)
2023-08-10 18:14:03 -07:00
sys_raft.go
[COMPLIANCE] License changes (#22290)
2023-08-10 18:14:03 -07:00
sys_rekey_test.go
[COMPLIANCE] License changes (#22290)
2023-08-10 18:14:03 -07:00
sys_rekey.go
[COMPLIANCE] License changes (#22290)
2023-08-10 18:14:03 -07:00
sys_rotate_test.go
[COMPLIANCE] License changes (#22290)
2023-08-10 18:14:03 -07:00
sys_seal_test.go
[COMPLIANCE] License changes (#22290)
2023-08-10 18:14:03 -07:00
sys_seal.go
Add vault community changes for the Seal HA project. (#22515)
2023-08-24 11:40:01 -04:00
sys_wrapping_test.go
[COMPLIANCE] License changes (#22290)
2023-08-10 18:14:03 -07:00
testing.go
[COMPLIANCE] License changes (#22290)
2023-08-10 18:14:03 -07:00
unwrapping_raw_body_test.go
[COMPLIANCE] License changes (#22290)
2023-08-10 18:14:03 -07:00
util.go
Add config value that gives users options to skip calculating role for each lease (#22651)
2023-09-01 07:01:41 -05:00