scottk/vault
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/vault.git synced 2025-11-02 11:38:02 +00:00
Code Issues Packages Projects Releases Wiki Activity
5,867 Commits 2,630 Branches 341 Tags
eb0e7cd0d2ee4dc90d5da99adaa5c3d724c90ed6
Commit Graph

36 Commits

Author SHA1 Message Date
Jeff Mitchell
eb0e7cd0d2 Don't write salts in initialization, look up on demand (#2702) 2017-05-09 17:51:09 -04:00
Jeff Mitchell
5815fc2627 Add salt mutex to app-id (#2690) 2017-05-08 16:15:24 -04:00
Jeff Mitchell
2fbd973001 Add logic to skip initialization in some cases and some invalidation logic 2017-05-05 15:01:52 -04:00
Jeff Mitchell
8acbdefdf2 More porting from rep (#2388) 
* More porting from rep

* Address review feedback
 2017-02-16 16:29:30 -05:00
Jeff Mitchell
c748ff322f Change default TTL from 30 to 32 to accommodate monthly operations (#1942) 2016-09-28 18:32:49 -04:00
Jeff Mitchell
b45da486dc Run appid/cert auth tests always 2016-07-01 14:06:33 -04:00
vishalnayak
80faa2f4ed s/logical.ErrorResponse/fmt.Errorf in renewal functions of credential backends 2016-05-26 10:21:03 -04:00
vishalnayak
5f1829af67 Utility Enhancements 2016-04-05 20:32:59 -04:00
vishalnayak
ac5ceae0bd Added AcceptanceTest boolean to logical.TestCase 2016-04-05 15:10:44 -04:00
Jeff Mitchell
7ce9701800 Properly check for policy equivalency during renewal. 
This introduces a function that compares two string policy sets while
ignoring the presence of "default" (since it's added by core, not the
backend), and ensuring that ordering and/or duplication are not failure
conditions.

Fixes #1256
 2016-03-24 09:41:51 -04:00
Jeff Mitchell
6468cf394f Add the ability to specify the app-id in the login path. 
This makes it easier to use prefix revocation for tokens.

Ping #424
 2016-03-14 16:24:01 -04:00
vishalnayak
fc08007106 check CIDR block for renewal as well 2016-02-24 10:55:31 -05:00
vishalnayak
72b0390c9e Added renewal capability to app-id backend 2016-02-24 10:40:15 -05:00
Jeff Mitchell
c067cdc926 Remove app-id renewal for the moment until verification logic is added 2016-01-31 19:12:20 -05:00
Jeff Mitchell
2eb08d3bde Make backends much more consistent: 
1) Use the new LeaseExtend
2) Use default values controlled by mount tuning/system defaults instead
of a random hard coded value
3) Remove grace periods
 2016-01-29 20:03:37 -05:00
Jeff Mitchell
45e32756ea WriteOperation -> UpdateOperation 2016-01-08 13:03:03 -05:00
Jeff Mitchell
a4ca14cfbc Add HMAC capability to salt. Pass a salt into audit backends. Require it for audit.Hash. 2015-09-18 17:38:22 -04:00
Jeff Mitchell
51e948c8fc Implement the cubbyhole backend 
In order to implement this efficiently, I have introduced the concept of
"singleton" backends -- currently, 'sys' and 'cubbyhole'. There isn't
much reason to allow sys to be mounted at multiple places, and there
isn't much reason you'd need multiple per-token storage areas. By
restricting it to just one, I can store that particular mount instead of
iterating through them in order to call the appropriate revoke function.

Additionally, because revocation on the backend needs to be triggered by
the token store, the token store's salt is kept in the router and
client tokens going to the cubbyhole backend are double-salted by the
router. This allows the token store to drive when revocation happens
using its salted tokens.
 2015-09-15 13:50:37 -04:00
Jeff Mitchell
11cea42ec7 Rename View to StorageView to make it more distinct from SystemView 2015-09-15 13:50:37 -04:00
Rusty Ross
9f9b8a81e2 update doc for app-id 
make clearer in doc that user-id can accept multiple app-id mappngs as comma-separated values
 2015-08-03 09:44:26 -07:00
Armon Dadgar
d54ff83113 auth/app-id: protect against timing attack. Credit @kenbreeman 2015-07-13 14:58:18 +10:00
Armon Dadgar
5151516127 cred/app-id: testing upgrade to salted keys 2015-06-30 18:37:10 -07:00
Armon Dadgar
ae324ce941 cred/app-id: first pass at automatic upgrading to salting 2015-06-30 18:09:08 -07:00
Armon Dadgar
6a9dc00e57 Remove SetLogger, and unify on framework.Setup 2015-06-30 17:45:20 -07:00
Armon Dadgar
22f543f837 Updating for backend API change 2015-06-30 17:36:12 -07:00
Armon Dadgar
087e84d9a9 cred/app-id: ensure consistent error message 2015-05-15 11:45:57 -07:00
Armon Dadgar
f1683f907f cred/app-id: stricter validation and error messaging 2015-05-15 11:40:45 -07:00
Jonathan Sokolowski
a4f9bacb28 credential/app-id: Test DeleteOperation 2015-05-14 22:30:02 +10:00
Mitchell Hashimoto
3a9a1b2738 credential/app-id: add hash of user/app ID to metadata for logs 2015-05-11 10:46:11 -07:00
Armon Dadgar
83dbdf1611 cred/app-id: Add help synopsis to login path 2015-05-07 15:45:43 -07:00
Trevor Pounds
a9367c17d0 Fix documentation typo. 2015-04-28 22:15:56 -07:00
Mitchell Hashimoto
796dbe3481 website: more auth 2015-04-18 13:45:50 -07:00
Mitchell Hashimoto
51093d3d18 credential/app-id: allow restriction by CIDR block [GH-10] 2015-04-17 10:14:39 -07:00
Mitchell Hashimoto
ddd678bf48 credential/app-id: support associating a name with app ID [GH-9] 2015-04-17 10:01:03 -07:00
Mitchell Hashimoto
fe747fbcaa credential/*: adhere to new API 2015-04-17 09:40:28 -07:00
Mitchell Hashimoto
61b7b71dec credential/app-id 2015-04-04 18:41:49 -07:00