upstream/vault
1
0
Fork 0
mirror of https://github.com/hashicorp/vault.git synced 2026-06-29 02:50:32 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 2
7497 commits 2882 branches 482 tags 658 MiB
Commit graph

330 commits

Author SHA1 Message Date
Jeff Mitchell
5be95b01a1 Add option to have dev mode generic backend return leases 2017-06-21 10:42:50 -04:00
Chris Hoffman
31579fc5d1 Exclude /sys/leases/renew from registering with expiration manager (#2891) 
* exclude /sys/leases/renew from registering with expiration manager

* adding sys/leases/renew to return full secret object, adding tests to catch renew errors
 2017-06-20 12:34:00 -04:00
Jeff Mitchell
7e16fffd2f Return error on bad CORS and add Header specification to API request primitive 2017-06-19 18:20:44 -04:00
Aaron Salvo
362227c632 Cors headers (#2021) 2017-06-17 00:04:55 -04:00
vishalnayak
5adcb9c220 Fix policy tests 2017-06-01 17:22:34 -04:00
Jeff Mitchell
20eadd350b Have step-down request forward. 
Unlike seal, this command has no meaning other than on the active node,
so when issuing it the expected behavior would be for whichever node is
currently active to step down.
 2017-05-25 11:57:59 -04:00
Jeff Mitchell
0828b565c3 Remove non-gRPC request forwarding 2017-05-24 09:34:59 -04:00
emily
38ffde5a9d add gofmt checks to Vault and format existing code (#2745) 2017-05-19 08:34:17 -04:00
Jeff Mitchell
fe97641769 Make path-help request forward (#2677) 2017-05-04 16:58:50 -04:00
Chris Hoffman
4490e93395 Add the ability to view and list of leases metadata (#2650) 2017-05-03 22:03:42 -04:00
Jeff Mitchell
63e66d09f4 Fix error message grammar 2017-03-14 17:10:43 -04:00
Vishal Nayak
3026b00da6 Audit: Add token's use count to audit response (#2437) 
* audit: Added token_num_uses to audit response

* Fixed jsonx tests

* Revert logical auth to NumUses instead of TokenNumUses

* s/TokenNumUses/NumUses

* Audit: Add num uses to audit requests as well

* Added RemainingUses to distinguish NumUses in audit requests
 2017-03-08 17:36:50 -05:00
Jeff Mitchell
8681311b7c Add option to disable caching per-backend. (#2455) 2017-03-08 09:20:09 -05:00
Jeff Mitchell
df575f0b3a Rename helper 'duration' to 'parseutil'. (#2449) 
Add a ParseBool function that accepts various kinds of ways of
specifying booleans.

Have config use ParseBool for UI and disabling mlock/cache.
 2017-03-07 11:21:22 -05:00
Jeff Mitchell
7c4e5a775c Fix breakage for HTTP2 support due to changes in wrapping introduced in 1.8 (#2412) 2017-02-27 12:49:35 -05:00
Jeff Mitchell
615945a6b0 Move http-using API tests into http package 2017-02-24 14:23:21 -05:00
Jeff Mitchell
a4a27e7c3a Make cubbyhole local instead of replicated. (#2397) 
This doesn't really change behavior, just what it looks like in the UX.
However, it does make tests more complicated. Most were fixed by adding
a sorting function, which is generally useful anyways.
 2017-02-18 13:51:05 -05:00
Jeff Mitchell
185ead5a13 Internally append trailing slash for all LIST operations. (#2390) 
Fixes #2385
 2017-02-16 23:23:32 -05:00
Jeff Mitchell
98c7bd6c03 Port some replication bits to OSS (#2386) 2017-02-16 15:15:02 -05:00
Brian Kassouf
590b5681cd Configure the request headers that are output to the audit log (#2321) 
* Add /sys/config/audited-headers endpoint for configuring the headers that will be audited

* Remove some debug lines

* Add a persistant layer and refactor a bit

* update the api endpoints to be more restful

* Add comments and clean up a few functions

* Remove unneeded hash structure functionaility

* Fix existing tests

* Add tests

* Add test for Applying the header config

* Add Benchmark for the ApplyConfig method

* ResetTimer on the benchmark:

* Update the headers comment

* Add test for audit broker

* Use hyphens instead of camel case

* Add size paramater to the allocation of the result map

* Fix the tests for the audit broker

* PR feedback

* update the path and permissions on config/* paths

* Add docs file

* Fix TestSystemBackend_RootPaths test
 2017-02-02 11:49:20 -08:00
Vishal Nayak
0645606f84 Merge pull request #2202 from fcantournet/fix_govet_fatalf 
all: test: Fix govet warnings
 2017-01-17 16:45:35 -05:00
Jeff Mitchell
d51b13fca6 Multi value test seal (#2281) 2017-01-17 15:43:10 -05:00
Jeff Mitchell
ac0f45e45c Add nonce to unseal to allow seeing if the operation has reset (#2276) 2017-01-17 11:47:06 -05:00
vishalnayak
3cd4cb1381 rekey: pgp keys input validation 2017-01-12 00:05:41 -05:00
vishalnayak
089cb4f9c0 init: pgp-keys input validations 2017-01-11 23:32:38 -05:00
Jeff Mitchell
0dd5a2a6ba JWT wrapping tokens (#2172) 2017-01-04 16:44:03 -05:00
Félix Cantournet
0d6d4211b8 all: test: Fix govet warnings 
Fix calls to t.Fatal() with formatting.
Fixed some calls to Fatalf() with wrong formatting
 2016-12-21 19:44:07 +01:00
Vishal Nayak
8f30b4751e Add 'no-store' response header from all the API outlets (#2183) 2016-12-15 17:53:07 -05:00
Jeff Mitchell
184ac30e5a Don't unilaterally fail with internal status error when help fails, use the given response. Fixes #2153. 2016-12-02 11:22:13 -05:00
Thomas Soëte
ebe1cf8081 Use 'http.MaxBytesReader' to limit request size (#2131) 
Fix 'connection reset by peer' error introduced by 300b72e
 2016-12-01 10:59:00 -08:00
Armon Dadgar
a786ac4120 http: increase request limit from 8MB to 32MB 2016-11-17 12:15:37 -08:00
Armon Dadgar
f0c59deeb7 http: limit maximum request size 2016-11-17 12:06:43 -08:00
Jeff Mitchell
d9f97198bd Set number of pester retries to zero by default and make seal command… (#2093) 
* Set number of pester retries to zero by default and make seal command return 403 if unauthorized instead of 500

* Fix build

* Use 403 instead and update test

* Change another 500 to 403
 2016-11-16 14:08:09 -05:00
Vishal Nayak
9a60bf2a50 Audit the client token accessors (#2037) 2016-10-29 17:01:49 -04:00
vishalnayak
b30d5f5c57 Pulled out transit's lock manager and policy structs into a helper 2016-10-26 19:52:31 -04:00
Jeff Mitchell
fd2223b5ea Audit unwrapped response (#1950) 2016-09-29 12:03:47 -07:00
Jeff Mitchell
60deff1bad Wrapping enhancements (#1927) 2016-09-28 21:01:28 -07:00
Jeff Mitchell
c748ff322f Change default TTL from 30 to 32 to accommodate monthly operations (#1942) 2016-09-28 18:32:49 -04:00
Jeff Mitchell
bba2ea63f1 Don't use time.Time in responses. (#1912) 
This fixes #1911 but not directly; it doesn't address the cause of the
panic. However, it turns out that this is the correct fix anyways,
because it ensures that the value being logged is RFC3339 format, which
is what the time turns into in JSON but not the normal time string
value, so what we audit log (and HMAC) matches what we are returning.
 2016-09-23 12:32:07 -04:00
Jeff Mitchell
941b066780 Add support for PGP encrypting the initial root token. (#1883) 2016-09-13 18:42:24 -04:00
Jeff Mitchell
e1706fdfec Redirect rekey operation from standby to master (#1868) 2016-09-13 11:59:12 -04:00
Jeff Mitchell
80a242118e Remove too-verbose log 2016-09-04 07:43:54 -04:00
Jeff Mitchell
75f792b27e Add response wrapping to list operations (#1814) 2016-09-02 01:13:14 -04:00
vishalnayak
ee26c7e7b6 Remove the string 'Vault' from version information 2016-09-01 14:54:04 -04:00
Jeff Mitchell
9f0226eaa3 Pass headers back when request forwarding (#1795) 2016-08-26 17:53:47 -04:00
Jeff Mitchell
c22e616999 Remove outdated comment. 2016-08-24 14:16:02 -04:00
Jeff Mitchell
a82b44df3d Error when an invalid (as opposed to incorrect) unseal key is given. (#1782) 
Fixes #1777
 2016-08-24 14:15:25 -04:00
Jeff Mitchell
68345eb770 Convert to logxi 2016-08-21 18:13:37 -04:00
Jeff Mitchell
edd6379466 Clustering enhancements (#1747) 2016-08-19 11:03:53 -04:00
Jeff Mitchell
58a7c8999e Change uninit/sealed status codes from health endpoint 2016-08-18 12:10:23 -04:00
Jeff Mitchell
86ac08ba8b Protobuf for forwarding (#1743) 2016-08-17 16:15:15 -04:00
Jeff Mitchell
ed48b008ce Provide base64 keys in addition to hex encoded. (#1734) 
* Provide base64 keys in addition to hex encoded.

Accept these at unseal/rekey time.

Also fix a bug where backup would not be honored when doing a rekey with
no operation currently ongoing.
 2016-08-15 16:01:15 -04:00
Jeff Mitchell
645540012f Request forwarding (#1721) 
Add request forwarding.
 2016-08-15 09:42:42 -04:00
Jeff Mitchell
146cdc69eb Add periodic support for root/sudo tokens to auth/token/create 2016-08-12 21:14:12 -04:00
vishalnayak
baa1a1c9cf Address review feedback from @jefferai 2016-08-10 15:22:12 -04:00
vishalnayak
a9155e8038 Fix Cluster object being returned as nil when unsealed 2016-08-10 15:09:16 -04:00
Jeff Mitchell
558ba440d4 Merge pull request #1699 from hashicorp/dataonly 
Return sys values in top level normal api.Secret
 2016-08-09 07:17:02 -04:00
Jeff Mitchell
bf63d3a7c0 Add HTTP test for renew and fix muxing 2016-08-08 20:01:08 -04:00
Jeff Mitchell
7f13c4bcff Add ability to specify renew lease ID in POST body. 2016-08-08 18:00:44 -04:00
Jeff Mitchell
593954d40c Fix tests and update mapstructure 2016-08-08 16:00:31 -04:00
Jeff Mitchell
8b18117edb Initial dataonly work. 2016-08-08 11:55:24 -04:00
Jeff Mitchell
f1fb3edede Don't mark never-expiring root tokens as renewable 2016-08-05 11:15:25 -04:00
Jeff Mitchell
6cae013f7d Fix nil panic in certain error conditions 2016-08-02 14:57:11 -04:00
vishalnayak
e5e02332c5 Removed duplicated check in tests 2016-07-29 14:18:53 -04:00
vishalnayak
8f1ccc6eff Add cluster information to 'vault status' 2016-07-29 14:13:53 -04:00
vishalnayak
5c38276598 Added Vault version informationto the 'status' command 2016-07-28 17:37:35 -04:00
Laura Bennett
ce6bc51c23 Merge pull request #1650 from hashicorp/request-uuid 
Added unique identifier to each request. Closes hashicorp/vault#1617
 2016-07-27 09:40:48 -04:00
vishalnayak
05214fa19c Fix request_id test failures 2016-07-26 18:30:13 -04:00
vishalnayak
a1123558cf Fix broken tests 2016-07-26 16:53:59 -04:00
Laura Bennett
7ae4e1e0da uncomment 2016-07-26 16:44:50 -04:00
Laura Bennett
00c30676c1 fixing id in buildLogicalRequest 2016-07-26 15:50:37 -04:00
vishalnayak
ebbbe8edcb Error out if cluster information is nil when Vault is unsealed 2016-07-26 15:30:38 -04:00
vishalnayak
415c463a87 Added omitempty to ClusterName and ClusterID 2016-07-26 14:11:32 -04:00
vishalnayak
a64fa19a0e Address review feedback from @jefferai 2016-07-26 14:05:27 -04:00
Laura Bennett
bcb2f3e962 fixes based proper interpretation of comments 2016-07-26 12:20:27 -04:00
vishalnayak
e5c61509d6 Remove global name/id. Make only cluster name configurable. 2016-07-26 10:01:35 -04:00
vishalnayak
55cf44bc91 Storing local and global cluster name/id to storage and returning them in health status 2016-07-26 02:32:42 -04:00
Jeff Mitchell
edc7baab02 Fix tests 2016-07-25 17:05:54 -04:00
Laura Bennett
f73a6c13cf moving id to http/logical 2016-07-25 15:24:10 -04:00
vishalnayak
96155753c4 Add version information to health status 2016-07-22 18:28:16 -04:00
vishalnayak
5b458db104 Merge branch 'master-oss' into json-use-number 
Conflicts:
	http/handler.go
	logical/framework/field_data.go
	logical/framework/wal.go
	vault/logical_passthrough.go
 2016-07-15 19:21:55 -04:00
Vishal Nayak
64bdeec926 Merge pull request #1607 from hashicorp/standardize-time 
Remove redundant invocations of UTC() call on `time.Time` objects
 2016-07-13 10:19:23 -06:00
vishalnayak
9f208ae8f2 Revert 'risky' changes 2016-07-12 16:38:07 -04:00
Jeff Mitchell
58efdcba47 Return a duration instead and port a few other places to use it 2016-07-11 18:19:35 +00:00
vishalnayak
f59a69bc52 Remove Unix() invocations on 'time.Time' objects and removed conversion of time to UTC 2016-07-08 18:30:18 -04:00
vishalnayak
ef97199360 Added JSON Decode and Encode helpers. 
Changed all the occurances of Unmarshal to use the helpers.
Fixed http/ package tests.
 2016-07-06 12:25:40 -04:00
Jeff Mitchell
ebbcc170c8 Fix up error detection regression to return correct status codes 2016-06-22 17:47:05 -04:00
vishalnayak
5fb706f2d6 Fix the test cases 2016-06-20 18:56:19 -04:00
Jeff Mitchell
47dc1ccd25 Add token accessor to wrap information if one exists 2016-06-13 23:58:17 +00:00
Jeff Mitchell
117200c88a Fix mah broken tests 2016-06-10 14:03:56 -04:00
Jeff Mitchell
c6ded383cb cubbyhole-response-wrapping -> response-wrapping 2016-06-10 13:48:46 -04:00
Daniel Stelter-Gliese
f63098bb21 Support HEAD requests to /v1/sys/health 
Some load balancers send HTTP HEAD requests to extract the status code.
 2016-06-09 18:16:28 +02:00
Jeff Mitchell
91053b7471 Add creation time to returned wrapped token info 
This makes it easier to understand the expected lifetime without a
lookup call that uses the single use left on the token.

This also adds a couple of safety checks and for JSON uses int, rather
than int64, for the TTL for the wrapped token.
 2016-06-07 15:00:35 -04:00
Jeff Mitchell
fa08f1f0fe Enable audit-logging of seal and step-down commands. 
This pulls the logical request building code into its own function so
that it's accessible from other HTTP handlers, then uses that with some
added logic to the Seal() and StepDown() commands to have meaningful
audit log entries.
 2016-05-20 17:03:54 +00:00
Jeff Mitchell
1b5e97df42 Fix missing return after respondError in handleLogical 2016-05-20 15:49:48 +00:00
Jeff Mitchell
205ba863ea Add cubbyhole wrapping documentation 2016-05-19 13:33:51 -04:00
Jeff Mitchell
b626bfa725 Address most review feedback. Change responses to multierror to better return more useful values when there are multiple errors 2016-05-16 16:11:33 -04:00
Jeff Mitchell
0cf1dc7f4d Merge branch 'master-oss' into cubbyhole-the-world 2016-05-11 19:29:52 -04:00
Jeff Mitchell
67a746be30 Add explicit maximum TTLs to token store roles. 2016-05-11 16:51:18 -04:00
Jeff Mitchell
fd67b15bb0 Add more tests 2016-05-07 21:08:13 -04:00