boundary

Commit Graph

Author	SHA1	Message	Date
Jeff Mitchell	f94f21fd97	Update API codes (#336 )	6 years ago
Todd Knight	99d5456d7a	Scopes type field and types in updates allowed (#335 )	6 years ago
Todd Knight	c3ecea172d	Generate new version of SDK resources and Add Tests (#331 )	6 years ago
Jim	96e4b1cdba	add option db.WithSkipVetForWrite(true) so the db tests don't get intercepted by app validation (#332 )	6 years ago
Todd Knight	1c2c078e0a	Adding Authz checks that support new pathing (#328 )	6 years ago
Jim	3d944a616f	fix name typo (#330 )	6 years ago
Jeff Mitchell	23156afa11	Add in most of the proxy flow (#326 )	6 years ago
Jeff Mitchell	1822c47ef5	Migrate KMS code to the new database DEKs (#324 )	6 years ago
Todd Knight	c55153ff3d	Fix allowed scope checks and added tests for creating in global scope. (#327 )	6 years ago
Michael Gaffney	4ae3a52056	Define session database schema (#322 ) * Define session database schema * Update comments * Add insert trigger for session state * Add canceling state and update foreign keys to 'set null' on delete	6 years ago
Todd Knight	37e56ab46b	Pathing updated to support new and old styles (#323 )	6 years ago
Jim	f29869b715	support for additional deks: oplog, session and token and new CreateKeysTx() (#321 )	6 years ago
Jeff Mitchell	ee35a92f7f	Fix space issue in protobuf that apparently doesn't matter? Also apparently postgres migrations weren't run.	6 years ago
Jim	f3dd62d5d8	database DEKs (#317 )	6 years ago
Todd Knight	544e78b593	Target Handler and SDK CRUDL & add\|set\|remove-host-sets methods. (#310 )	6 years ago
Todd Knight	24ec9620ca	fix: Correct missed name updates to OutgoingInterceptor.	6 years ago
Jeff Mitchell	c4522aa813	Update host sets and auth system to new paradigm (#319 )	6 years ago
Todd Knight	0aba6db720	Enable Split Cookies (#318 )	6 years ago
Jeff Mitchell	a4c20164f3	Add add/remove/set hosts functions to host-sets command (#316 )	6 years ago
Jim	09112d1e96	refactor and remove kms/common pkg (#315 )	6 years ago
Jeff Mitchell	514856c020	Fix broken CLI output	6 years ago
Jeff Mitchell	b8c8d29008	Switch ordering of CLI create/update vs static commands (#314 )	6 years ago
Jeff Mitchell	1f065316ee	Initial (#313 )	6 years ago
Jeff Mitchell	20aef738c4	Add host-catalogs CLI command. (#312 )	6 years ago
Jeff Mitchell	17ecb6f2ce	Separate accounts/host catalogs/host sets into their own packages (#311 )	6 years ago
Jeff Mitchell	936c970635	Remove unneeded and breaking test	6 years ago
Jeff Mitchell	28df6eb7b0	Update config encrypt/decrypt CLI command (#309 ) This updates the command to our emergent standards. It also enables using a separate config file for a config kms, which allows non-string values to be encrypted. This allowed some nice cleanup as well.	6 years ago
Jeff Mitchell	274afa6b02	Shave off an IAM lookup if the user is the anonymous user (#305 ) * Shave off an IAM lookup if the user is the anonymous user * Fix build * If authz failures are turned off, make the token type unknown instead of invalid * Change returned token format when authz failures are disabled * Change logic back * Fix logic	6 years ago
Jeff Mitchell	b53812a5c1	Add ability to skip automatic auth method creation (#306 ) This is useful if you, for instance, want Terraform to be 100% responsible for creation of resources (outside of the static ones that cannot be removed or modified, like u_anon). This will mean using the recovery mechanism for initial setup, but that isn't an issue once TF supports that :-)	6 years ago
Jeff Mitchell	490be8a7e4	Add ability to skip role creation on scope create (#308 ) * Initial work on scope creation skipping * Fix things	6 years ago
Todd Knight	e4da5e9ab5	add\|set\|remove-hosts for host-sets SDK and API (#304 ) * Adding ability to add host set members. * Adding SDK and API for add\|set\|remove hosts.	6 years ago
Jim	fcb61d4b67	targets repo (#298 )	6 years ago
Michael Gaffney	58dec98ea2	Rename table from servers to server (#307 )	6 years ago
Michael Gaffney	9ca8a4ec20	Host set members (#301 ) * Update host set member test * Add ListSetMembers method signature and doc * Move repository methods for host set members to new file * Add TestSetMembers * Implement ListSetMembers * Return hosts from ListSetMembers * Implement AddSetMembers * Implement DeleteSetMembers * Use sql.QueryContext not sql.Query * Implement SetSetMembers * Refactor: extract getHosts method * Refactor: extract createMembers method * Refactor: extract common functions * Return correct count of changed In SetSetMembers, retrieving the current list of hosts in the set happens after the transaction to modify the set has completed. This retrieval can result in an error but the number of modified rows is not effected. * Make list set members an unexported method * Get hosts within the same transaction as mutations of the set * Return hosts of set from LookupSet method * Return hosts of set from UpdateSet method * Remove listSetMembers * Fix merge conflict * Add NOTE and TODOs about using new pattern in "SetMembers" methods	6 years ago
Jeff Mitchell	39721047e4	Fix CORS test	6 years ago
Michael Gaffney	de162c5533	Replace and remove ErrNilParameter with ErrInvalidParameter (#295 )	6 years ago
Jeff Mitchell	8f579c75c3	paum -> ampw (#303 )	6 years ago
Jeff Mitchell	74544f6324	Encrypt tokens on the way out and decrypt on the way in (#302 ) * Encrypt tokens on the way out and decrypt on the way in This isn't a security feature related to tokens specifically; it's so that we can discard cryptographically bad tokens before we ever hit the DB. This way we can't pass through a DDoS to the database due to fetching obviously invalid token values. I'm using base58 to encode the resulting value as there aren't great base62 options, and allowing base64 / and + values can hamper usability by creating copying/highlighting breaks.	6 years ago
Jeff Mitchell	647d5502b5	Change ListServers to use SeachWhere (#300 )	6 years ago
Jeff Mitchell	ac4d9fa311	Add nonce storage and replay prevention test (#293 )	6 years ago
Jeff Mitchell	a1490228b8	Add address to worker status tracing	6 years ago
Todd Knight	c4d3414016	Add Host Set CUDLR handler and SDK (#290 )	6 years ago
Todd Knight	e423b6589e	Request Validation logic moved into a helper (#296 ) * Move all the validation logic into a helper tool. * Adding tests for verifier helpers.	6 years ago
Jeff Mitchell	414a2ab2c3	Remove some dead, dead, dead, dead code	6 years ago
Michael Gaffney	14dd7b49b2	Add method signatures for host set operations (#291 ) * Add method signatures for host set operations * Rename ReplaceSetMembers to SetSetMembers	6 years ago
Michael Gaffney	b24fc185a7	Export TestSets helper function (#292 )	6 years ago
Michael Gaffney	3a3cdd7219	Static host set repository methods (#289 ) * Implement CreateSet * Implement UpdateSet * Implement LookupSet * Implement ListSets * Implement DeleteSet * Remove unused parameter from test helper function * Update to use new kms structure * Remove unused parameter for test helper function * Fix resource-type string for host set	6 years ago
Jeff Mitchell	b47cca0329	Add (non-db aspects of) the recovery key workflow (#286 )	6 years ago
Todd Knight	d5678c4f80	Handler for Host CRUDL actions (#287 )	6 years ago
Todd Knight	7474e956dd	List Catalogs for Repo and API Handler (#288 )	6 years ago
Jeff Mitchell	6bf4a5ce38	Add not null checks to wt_private_id, wt_scope_id, and wt_user_id (#284 )	6 years ago
Jim	9570897032	basic keys mgmt repo (#264 )	6 years ago
Michael Gaffney	a413ad7b84	Static Host: Lookup, List and Delete (#283 ) * Implement LookupHost * Implement ListHosts * Implement DeleteHost	6 years ago
Todd Knight	eaae887bbe	Don't require type for children of subtyped resources. (#285 )	6 years ago
Jeff Mitchell	a11ca2e3a8	Make gen	6 years ago
Todd Knight	d86e58476f	Version can be passed through request body (#281 ) * Scopes inline version into update request body. * Users inline version into update request body. * Group inline version into update and add\|set\|remove member request body. * Role inline version into update and add\|set\|remove grant\|principal request body. * Auth method inline version into update request body. * Auth Account inline version into update request body. * host catalog version is inlined for update. * Gen after merge. * Submitting template changes for version handling.	6 years ago
Jeff Mitchell	adfc5681be	Auth methods CLI (#277 )	6 years ago
Michael Gaffney	041e1f9fd3	Update host (#278 ) * Add IsNotNullError function to db package * Let the database handle default values not gorm * Implement UpdateHost * Remove unnecessary clone	6 years ago
Michael Gaffney	e18cdc52b3	Create host (#276 ) * Change testHostCatalog methods to be like other resource test methods * Implement CreateHost * Make allocHost return a pointer to a Host	6 years ago
Jeff Mitchell	282177afc2	Remove the default org (#270 )	6 years ago
Todd Knight	01059e6ca8	Wrap StartDbInDocker in a mutex. (#275 ) * Wrap StartDbInDocker in a mutex. * Adding TODO to debug further. * Clarifying the TODO to point out a race condition.	6 years ago
Todd Knight	1deea8aa3a	Fixing missed documentation fix from PR 267.	6 years ago
Todd Knight	e14f968fc3	Account (Set\|Change)Passsword (#267 )	6 years ago
Jeff Mitchell	4655f58365	Make gen	6 years ago
Michael Gaffney	7d133878be	Add base types for host catalog, host set, and host (#272 ) * Move static host migrations to higher number * Add wt_host_address domain type * Add base tables for host catalog, host set, and host * Reformat create trigger statements * Add subtype triggers for host catalog, host set, and host * Remove wt_host_address domain type * Rename columns in host_set_member * Add delete trigger functions for base types * Add delete after triggers to static host subtypes * Add protobufs for host base types	6 years ago
Jeff Mitchell	7b36571788	Change auth validity feedback (#273 ) * Change auth validity feedback Move from a bool indicating validity to lack of an error. This allows the error to be directly returned and typed. * Fix erroneous line	6 years ago
Todd Knight	23b437894a	Masks can now update attribute fields. (#271 )	6 years ago
Jeff Mitchell	fff15bc9f3	Rename KMS purpose 'controller' to 'root'	6 years ago
Jeff Mitchell	efaf58b568	Add users CLI command and do some cleanup (#269 )	6 years ago
Jeff Mitchell	6080d93f8f	Add authtokens CLI command (#268 )	6 years ago
Jeff Mitchell	d3a1cd949b	Update password auth method flags to fit current standards	6 years ago
Jeff Mitchell	bb6b189513	Create a default role on new scope creation (#265 )	6 years ago
Jeff Mitchell	e89e9d1349	Add groups CLI command (#266 )	6 years ago
Michael Gaffney	7ac4be51c0	Refactor static host package (#263 ) * Refactor: inline tablename constants * Refactor: move functionality to new files	6 years ago
Jeff Mitchell	b75a6fc5e5	Update scopes CLI command in the model of the roles command (#262 ) * Update scopes CLI command in the model of the roles command * Pull help functions to helper methods	6 years ago
Jeff Mitchell	b0c0129ab2	Add a dummy file to ui package	6 years ago
Jeff Mitchell	5d104a7a01	Migrate off Vault's internalshared folder to the separated-out repo	6 years ago
Jeff Mitchell	c195c4bc9b	Remove disabled property and sync up field ordering and numbering (#259 )	6 years ago
Todd Knight	245c7fbb44	Add Account Update handler (#257 ) * Allow updating accounts (not username or pw). * Updating new field names to LoginName. * Adding creation with password test. * Fixing documentation for WithLoginName	6 years ago
Jeff Mitchell	203e2b5dc2	Initial worker porting steps (#232 )	6 years ago
Jeff Mitchell	73a38b1433	Remove some unneeded resource types and fix the resource typing for default role in global scope (#256 )	6 years ago
Jeff Mitchell	4cfab04307	Migrate user name to login name (#255 )	6 years ago
Michael Gaffney	6f886976e4	Add not null constraint to wt_version domain (#254 )	6 years ago
Jeff Mitchell	61378381c6	Add version to account update (#252 )	6 years ago
Jeff Mitchell	78d7f539c5	Add versioning to host catalogs/sets/hosts and fix up tests (#247 ) * Start adding version to host resources and fixing up tests * Add versioning to host resources and update API tests * Fix nil in test * Add missing update	6 years ago
Jeff Mitchell	565059ed63	Add versioning to auth methods and accounts (#249 )	6 years ago
Michael Gaffney	a7c467bd68	Password - UpdateAccount and SetPassword (#248 ) * Implement UpdateAccount * Implement SetPassword * Add tests for duplicate user names * Fix imports broken after product rename Co-authored-by: Jeff Mitchell <jeffrey.mitchell@gmail.com>	6 years ago
Jeff Mitchell	6661117d4c	The name. The name. The name!	6 years ago
Jim	1c836c430b	support for associating/disassociating an auth account with a user (#233 )	6 years ago
Jeff Mitchell	0c18e35b9d	Fix group service proto for versions	6 years ago
Jeff Mitchell	827d86bef1	Update API role tests and fix the structure of the protos so versioning works	6 years ago
Michael Gaffney	bdb31cf8b5	Bump deps (#245 )	6 years ago
Jeff Mitchell	6a21e8dedb	Fix some speling and a test	6 years ago
Jeff Mitchell	bbd200101f	Move update versioning to query parameter, and fix up scope API tests (#244 ) * Move update versioning to query parameter, and fix up scope API tests * Add version checks for update requests in other services	6 years ago
Jeff Mitchell	0d0660b061	Fix some tests I broke	6 years ago
Jeff Mitchell	f07bb9dae6	Fix breakage after change to template from previous PR	6 years ago
Jeff Mitchell	df4730b1a0	Minor fixes and first API test changeover (#243 )	6 years ago
Jeff Mitchell	d74e30d94a	Minor, easy, linting fixes	6 years ago
Jeff Mitchell	8dd5de49b9	Minor update to default role description text	6 years ago
Jeff Mitchell	5bf307797b	Fix typo and also set default min user name length to 3 because jeff, jim, todd, mike	6 years ago
Todd Knight	f84991c0f1	Use authenticate and Auth Method repo functions (#242 )	6 years ago
Jeff Mitchell	908a299ea3	Convert SDK to the new options API (#238 )	6 years ago
Todd Knight	b5acf6afdf	Connecting the auth method service to the api handler. (#241 )	6 years ago
Todd Knight	b7bf76a9ba	Auth Method API Handler for CRUDL (not updating password specific fields)(#239 )	6 years ago
Michael Gaffney	7fefd5e2fe	Change password (#237 ) * Implement ChangePassword * Refactor: extract authenticate method * Update tests to verify oplog entries * More refactoring * Remove extraneous clones * More refactoring	6 years ago
Todd Knight	e5ec1f48b2	Account API handler for CRDL operations (#228 )	6 years ago
Jeff Mitchell	2ca7e0b88e	Fix some linting complaining	6 years ago
Jeff Mitchell	322b13ae98	Standardize static group -> group naming (#236 )	6 years ago
Todd Knight	3204e54dc2	Add lookup, list, update, and delete methods for auth methods. (#230 )	6 years ago
Todd Knight	41b2d36d98	AuthToken Tests now use recently added TestAuthMethod and TestAccount (#226 )	6 years ago
Michael Gaffney	5ceb335466	Rehash credential during authentication if config has change (#234 )	6 years ago
Michael Gaffney	6c679a9939	Add password authentication using Argon2 (#227 ) * Add argon2 credentials * Verify oplog in tests * Refactor: rename field * Update internal/auth/password/repository_account.go Co-authored-by: Todd Knight <T.Alan.Knight@gmail.com> * Add inline comments to SQL query to doc mapping to structure * Refactor: move authentication query to query.go file * Replace immutable_create_time_func with immutable_columns Co-authored-by: Todd Knight <T.Alan.Knight@gmail.com>	6 years ago
Michael Gaffney	87492816cb	Replace immutable_create_time_func with immutable_columns (#231 )	6 years ago
Jim	cb89422d9d	define immutable fields including PKs. (#205 )	6 years ago
Michael Gaffney	5e8179c6fb	Allow lookupAfterWrite for resources with Private Ids (#229 )	6 years ago
Michael Gaffney	c163d790a4	Add configuration settings for Argon2 password KDF (#217 ) * Bump generated proto code * Add argon2 conf sql and proto files * Add generated code for argon2 conf * Add Resources for Argon2 configuration * Add get and set Configuration to repository * Add current config reference to AuthMethod * Fix authmethod_test * Fix TestAccount_New * Add WithConfiguration to options * Add sql views for current configuration * Fix SetTableName * Remove duplicate testAccounts function * Make tests clearer * Fix comment * Rename test variable * Use NewPrivateId function for private Ids * Refactor: rename public_id to private_id for password_conf and password_credential * Remove bad comment * Check if embedded argon2 configuration is nil * Add checks around the WithConfiguration option * Use spaces not tabs in proto file * Add doc to explain choice of oplog ticket * Verify oplog in test	6 years ago
Todd Knight	e943220468	Add Delete Password Accounts to repo. (#220 )	6 years ago
Michael Gaffney	76abd4f3b4	Update comments to use "base type" instead of "abstract" (#222 )	6 years ago
Todd Knight	a0bed2b5d7	Truncate instead of round timestamps so our tests that require a time to pass can succeed. (#224 )	6 years ago
Todd Knight	25514fb553	Fix a failing test due to time resolutions mismatch. (#221 ) * Round generated expiration timestamps to the nearest second.	6 years ago
Jeff Mitchell	194db3a6d8	make proto	6 years ago
Todd Knight	37d8f78091	Lookup and List Repo Methods for Password Auth Accounts (#216 )	6 years ago
Michael Gaffney	7897c1cf52	Add base resources for password authentication (#213 ) * Add base SQL and protobuf files * Add options and public Ids * Add AuthMethod and Account resources * Add repository * Add CreateAuthMethod to repository * Add CreateAccount method to repository * Remove redundant foreign keys * Document relationships between iam and auth tables * Document relationships between auth and auth_password tables * Add documentation for subtype triggers * Use wt_scope_id domain type for scope_id * Refactor: move test helper function * Remove check from SetTableName * Remove check from another SetTableName * Use org scope in tests * Remove handling of CreateTime and UpdateTime from docs	6 years ago
Michael Gaffney	e03a0ff9d7	Simplify SetTableName pattern (#214 )	6 years ago
Todd Knight	f47046f158	Update Watchtower to use grpc-gateway v2 (#204 ) * Migration to grpc gateway v2.	6 years ago
Todd Knight	6de1f7ee16	Auth Token Read/List/Delete handler and Go SDK (#199 ) * Creating Auth Token Get List and Delete API.	6 years ago
Todd Knight	ed05652729	Add Handlers for Add/Set/Remove Group Members (#209 ) * Adding members to groups. * Adding Group membership handler and API methods. * Adding custom methods to permision actions list.	6 years ago
Michael Gaffney	799242fce4	Bump deps and run 'make gen' (#212 )	6 years ago
Todd Knight	078376da07	Fixing some errors.	6 years ago
Jeff Mitchell	e8325a9f59	Don't rely on token for scopes collection actions (#210 ) Don't rely on token for scopes collection actions This requires `scope_id` to be passed (via query param) for actions on the scopes collection; that is, listing or creating. However, it removes the dependency on using the token for the scope of the command. For actions on a specific scope, we use the given ID to determine the scope we should be operating at, doing a lookup if necessary. Existing tests have been updated. Of particular note, the CORS test was already operating on the scopes collection so served as a good test to ensure that from an API level the scope_id parameter was being parsed and passed through (the tests fail without adding that query parameter in).	6 years ago
Jeff Mitchell	2bbc1163c4	Save the entire token, not just the ID (#211 ) This allows us to use the token's scope to set the default scope for an action in the client instead of relying on env vars.	6 years ago
Jeff Mitchell	388a13b10d	Convert scopes to the new paradigm (#206 )	6 years ago
Michael Gaffney	ebf69bbd27	Fix error string for lookupAfterWrite (#208 ) The following error string was the end result of an error in lookupAfterWrite: `set password configuration: update: lookup error lookup after write: failed record not found` The error string with this change applied would be: `set password configuration: update: lookup after write: record not found`	6 years ago
Todd Knight	168ae3a726	Create MaskManager to guarantee wire/storage update mask consistency (#121 ) * Feature: Create MaskManager logic to handle project -> scope update mask logic. * Updating resource protos and services to use new mask manager setup. Co-authored-by: Jeff Mitchell <jeffrey.mitchell@gmail.com>	6 years ago
Jeff Mitchell	982693d8f5	Update tests	6 years ago
Jeff Mitchell	dec1f07266	Update deps and make proto	6 years ago
Jim	c83e90ed38	implement SetTableName patttern that allows table name to be set back to the default for the storage type. (#196 )	6 years ago
Todd Knight	5bb13e71fe	Include Principals and Grants on Roles When Updating the Role. (#203 )	6 years ago
Jeff Mitchell	99653727bb	Migrate grants to more structured output (#194 )	6 years ago
Jeff Mitchell	1a1d3058c9	Move verification to a shared package (#197 ) * Move verification to a shared package The verifier is constructed at HTTP request time and added to the context. It can then be called from appropriate handlers with standardized error handling after all the routing. I intentionally did not add to the handlers yet as I am a good distance into the scope updates and didn't want to cause even more merge conflicts. So at the moment authz is again disabled, but once the scope updates are done, this will be integrated back in.	6 years ago
Jim	4dfc41514b	refactor direct sql into query.go (#192 )	6 years ago
Jim	1bebe7a261	Convert option db.WithVersion to *uint32 (#195 )	6 years ago
Todd Knight	28dbcd84bd	Authenticate Handler API and SDK, and much more (#183 )	6 years ago
Jeff Mitchell	acce195dcb	Organizations -> orgs consistency (#189 ) * Organizations -> orgs consistency * Fix up some tests and some mistaken substitutions	6 years ago
Jim	e1afed75ff	fix dbMask and role tests... (#188 ) * fix up tests. * case sensitive dbMask	6 years ago
Todd Knight	847ca1cc78	Grant management added to Roles API and SDK (#185 ) * Adding grants related methods to Roles. * Adding grants back after the merge of Principals. * Adding tests for Grant related custom methods. * Improving api handler methods. * Fixing tests and sdk field. * Adding todos for adding principals and grants to List and Update Role responses. * Fix up Set* tests and fix SetPrincipals bug. * Making AddPrincipals and RemovePrincipals similar to the tests for AddGrants and RemoveGrants. * Add JSON grants to output (#187) I also changed canonical_grants to grants_canonical and used grants_json. I believe that when members are simply different formats of other members this is the preferred way to have it in the API. Let me know if you disagree and we can dig in more. * Regenerate the API role resource. Co-authored-by: Jeff Mitchell <jeffrey.mitchell@gmail.com>	6 years ago
Jim	260703febe	add group member capabilities (#178 ) * add group member capabilities Co-authored-by: Jeff Mitchell <jeffrey.mitchell@gmail.com>	6 years ago
Jeff Mitchell	c657e4b9fc	Fix test broken through various merges (#186 ) Co-authored-by: Jim Lambert <jlambert@hashicorp.com>	6 years ago
Jeff Mitchell	f30d4d08ef	Pass grant scope ID through API handlers (#184 )	6 years ago
Jeff Mitchell	bcdcaffa6f	Port over 162 and 165 to master (#176 ) Co-authored-by: Jim Lambert <jlambert@hashicorp.com> Co-authored-by: Michael Gaffney <mgaffney@users.noreply.github.com>	6 years ago

1 2 3 4 5 ...

401 Commits (cli-labels)