scottk/vault
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/vault.git synced 2025-11-01 19:17:58 +00:00
Code Issues Packages Projects Releases Wiki Activity
3,067 Commits 2,630 Branches 341 Tags
bootstrap-pki
Commit Graph

156 Commits

Author SHA1 Message Date
vishalnayak
84809e39ca Refactor fetching sys/health parameters 2016-03-11 09:52:31 -05:00
Jeff Mitchell
ace5dd495b Add query parameters to /sys/health to specify return codes. 
Fixes #1199
 2016-03-11 00:41:25 -05:00
Jeff Mitchell
8b6df2a1a4 Merge branch 'master' into token-roles 2016-03-09 17:23:34 -05:00
vishalnayak
d1d37d5933 fix all the broken tests 2016-03-09 13:45:36 -05:00
vishalnayak
a5468237ed Added tests for 'sys/capabilities-accessor' endpoint 2016-03-09 11:29:09 -05:00
vishalnayak
2a35de81dc AccessorID --> Accessor, accessor_id --> accessor 2016-03-09 06:23:31 -05:00
vishalnayak
edfba16e95 ErrUserInput --> StatusBadRequest 2016-03-08 21:47:24 -05:00
vishalnayak
9da292932e Implemented /sys/capabilities-accessor and a way for setting HTTP error code in all the responses 2016-03-08 19:14:29 -05:00
vishalnayak
048f3b2fe4 Lay the foundation for returning proper HTTP status codes 2016-03-08 18:27:03 -05:00
vishalnayak
38a5d75caa Introduced AccessorID in TokenEntry and returning it along with token 2016-03-08 14:06:10 -05:00
vishalnayak
4e05730e7b Introduced ErrUserInput to distinguish user error from server error 2016-03-07 22:16:09 -05:00
vishalnayak
1b9e486bfd use errwrap to check the type of error message, fix typos 2016-03-07 18:36:26 -05:00
Jeff Mitchell
c4124bc40a Merge branch 'master' into token-roles 2016-03-07 10:03:54 -05:00
vishalnayak
0f82724f1f test cases for capabilities endpoint 2016-03-05 00:03:55 -05:00
vishalnayak
7f832f22aa refactoring changes due to acl.Capabilities 2016-03-04 18:55:48 -05:00
vishalnayak
a7cfc9cc7a Removing the 'Message' field 2016-03-04 10:36:03 -05:00
vishalnayak
42a7bab69e Test files for capabilities endpoint 2016-03-04 10:36:03 -05:00
vishalnayak
894f2ccef1 self review rework 2016-03-04 10:36:03 -05:00
vishalnayak
f00261785a Handled root token use case 2016-03-04 10:36:03 -05:00
vishalnayak
b2f394d779 Added capabilities and capabilities-self endpoints to http muxer 2016-03-04 10:36:03 -05:00
vishalnayak
7dcc48a562 Refactor http/sys_capabilities.go 2016-03-04 10:36:03 -05:00
vishalnayak
ed3e2c6c05 Added sys/capabililties endpoint 2016-03-04 10:36:02 -05:00
Jeff Mitchell
a520728263 Merge pull request #1146 from hashicorp/step-down 
Provide 'sys/step-down' and 'vault step-down'
 2016-03-03 12:30:08 -05:00
Jeff Mitchell
f88c6c16db Remove proxy function as it's unneeded now 2016-03-02 14:55:51 -05:00
Jeff Mitchell
f85c3f48af Remove sys_policy from special handling as it's implemented in 
logical_system too. Clean up the mux handlers.
 2016-03-02 14:16:54 -05:00
Jeff Mitchell
46a71bd648 Add a sleep in the RedirectStandby test to try to fix raciness 2016-03-02 12:06:16 -05:00
Jeff Mitchell
8be467a31a Update tests to add expected role parameters 2016-03-01 12:41:40 -05:00
Jeff Mitchell
6b0c692385 Provide 'sys/step-down' and 'vault step-down' 
This endpoint causes the node it's hit to step down from active duty.
It's a noop if the node isn't active or not running in HA mode. The node
will wait one second before attempting to reacquire the lock, to give
other nodes a chance to grab it.

Fixes #1093
 2016-02-26 19:43:55 -05:00
Jeff Mitchell
5f9c3e6837 We treat put/post the same, so allow init to use POST 2016-02-22 20:22:31 -05:00
Jeff Mitchell
a8a227b97a Add the server's time in UTC to the health response. 2016-02-22 19:51:18 -05:00
Jeff Mitchell
2e2d5252c3 Verify that nonces are non-empty in tests 2016-02-12 15:35:26 -05:00
Jeff Mitchell
58a2c4d9a0 Return status for rekey/root generation at init time. This mitigates a 
(very unlikely) potential timing attack between init-ing and fetching
status.

Fixes #1054
 2016-02-12 14:24:36 -05:00
Jeff Mitchell
1a1d8a8d85 Make "ttl" reflect the actual TTL of the token in lookup calls. 
Add a new value "creation_ttl" which holds the value at creation time.

Fixes #986
 2016-02-01 11:16:32 -05:00
Jeff Mitchell
a80481792e Fix up unit tests to expect new values 2016-01-29 19:36:56 -05:00
Jeff Mitchell
9eaef0a2a1 Update documentation and use ParseBool for list query param checking 2016-01-22 10:07:32 -05:00
Jeff Mitchell
f8e569ae0a Address some review feedback 2016-01-22 10:07:32 -05:00
Jeff Mitchell
2613343c3d Updates and documentation 2016-01-22 10:07:32 -05:00
Jeff Mitchell
fdc7e717ee Add handling of LIST verb to logical router 2016-01-22 10:07:32 -05:00
Jeff Mitchell
e9538f1441 RootGeneration->GenerateRoot 2016-01-19 18:28:10 -05:00
Jeff Mitchell
4cc7694a3a Add the ability to generate root tokens via unseal keys. 2016-01-19 18:28:10 -05:00
Jeff Mitchell
887085afbf Remove need for PUT in rekey. We've decided that POST and PUT are to 
stay as synonyms for writes, so there's no reason to limit it for this
operation.
 2016-01-14 16:52:34 -05:00
Jeff Mitchell
f3ef23318d Create more granular ACL capabilities. 
This commit splits ACL policies into more fine-grained capabilities.
This both drastically simplifies the checking code and makes it possible
to support needed workflows that are not possible with the previous
method. It is backwards compatible; policies containing a "policy"
string are simply converted to a set of capabilities matching previous
behavior.

Fixes #724 (and others).
 2016-01-08 13:05:14 -05:00
Jeff Mitchell
45e32756ea WriteOperation -> UpdateOperation 2016-01-08 13:03:03 -05:00
Jeff Mitchell
336550cb7c Have 'sys/renew' return the value provided in Secret. 
Fixes a regression introduced in 0.3.
 2016-01-07 11:35:09 -05:00
Jeff Mitchell
027c84c62a Add rekey nonce/backup. 2016-01-06 09:54:35 -05:00
Jeff Mitchell
214d3e259d Fix StandbyRedirect test 2015-12-17 13:58:16 -05:00
Jeff Mitchell
b1f815d7f8 Address review feedback 2015-12-14 17:58:30 -05:00
Jeff Mitchell
4f51b6e3c9 Allow separate HA physical backend. 
With no separate backend specified, HA will be attempted on the normal
physical backend.

Fixes #395.
 2015-12-14 07:59:58 -05:00
Jeff Mitchell
49d525ebf3 Reintroduce the ability to look up obfuscated values in the audit log 
with a new endpoint '/sys/audit-hash', which returns the given input
string hashed with the given audit backend's hash function and salt
(currently, always HMAC-SHA256 and a backend-specific salt).

In the process of adding the HTTP handler, this also removes the custom
HTTP handlers for the other audit endpoints, which were simply
forwarding to the logical system backend. This means that the various
audit functions will now redirect correctly from a standby to master.
(Tests all pass.)

Fixes #784
 2015-11-18 20:26:03 -05:00
Jeff Mitchell
8cd1161b59 Create a "default" policy with sensible rules. 
It is forced to be included with each token, but can be changed (but not
deleted).

Fixes #732
 2015-11-09 15:44:09 -05:00