boundary

Commit Graph

Author	SHA1	Message	Date
Jim	5764b2c70a	return States as a field of Connection repo operations. (#382 )	6 years ago
Jeff Mitchell	edffc7863d	Change connection limit to -1 for unlimited so it works with TF (#383 ) * Migrate connection limit unlimited value to -1 * Fix authorization check	6 years ago
Jeff Mitchell	5214f14105	Work on connection authorization (#381 )	6 years ago
Jim	223591d835	return connection authz info from session.AuthorizeConnection (#380 )	6 years ago
Jim	66400c9cff	changes needed for sessions.AuthorizeConnection (#377 )	6 years ago
Jeff Mitchell	ee7cdde7de	Add trace code for when we add port to controller address	6 years ago
Jeff Mitchell	5bf555cca2	Remove connection idle timeout seconds for now (#379 )	6 years ago
Jeff Mitchell	e002326293	Plumb timeouts to worker and set appropriate deadlines (#378 )	6 years ago
Jeff Mitchell	0a3f9b8357	Rename connection idle timeout duration -> seconds and sessions max duration -> seconds (#376 )	6 years ago
Jeff Mitchell	62baef1b7e	Add multi connection parameters through targets and into session creation (#375 ) * Update protos and gen * Add new values to targets CLI command * Lots more plumbing of new parameters through everything * allow fields to be set to zero value. * Disallow set but empty name/description strings in create/update verifiers Co-authored-by: Jim Lambert <jlambert@hashicorp.com>	6 years ago
Jeff Mitchell	07a7e9750a	Tie together the database-driven session handling with the worker and add relevant CLI comands (#370 )	6 years ago
Jim	e7e70b1b94	new domain functions for the session repo (#368 )	6 years ago
Jim	7e927203e8	schema changes to support multi-connections (#372 )	6 years ago
Jeff Mitchell	ff8ce053e1	Don't try to recreate resources when adding test cluster members	6 years ago
Jeff Mitchell	8bef1d734a	Fix mismatch in default role creation permissions	6 years ago
Jim	611288bdc7	basic sessions (#337 )	6 years ago
Jeff Mitchell	0a44ed3edd	Fix global scope lookup (#367 ) The changed auth logic + verify logic in the scope handler pass the parent ID for validation, which is correct, as a scope lives in its parent ID. However, the global scope has no parent, and the changes resulted in an empty ID being passed in rather than the global scope itself. This fixes that lookup.	6 years ago
Jeff Mitchell	a67d5c8abb	When logging urls, also log method	6 years ago
Jeff Mitchell	37e9fed2e3	Allow not destroying dev databases (#366 ) This also shifts some logic around to better prepare for non-dev-mode workloads, although it does not actually call the KMS creation functions and initial auth method creation from non-dev commands yet.	6 years ago
Jeff Mitchell	c4e2b88022	Add database URL. (#365 ) * Add database URL. This allows specification of either a file://, env://, or other string. If it starts with file:// or env:// the actual value will be read from those resources. * Tidy up the KMS output * Also run migrations in test mode when specifying the URL	6 years ago
Jeff Mitchell	4ef0c57a39	Fix r_default description typo	6 years ago
Jeff Mitchell	3c13e4765d	Verbose isn't actually used right now so don't expose it; fix some wording for scope id flag	6 years ago
Jeff Mitchell	570e52cabb	Add missing set-grants to role command	6 years ago
Todd Knight	f96fa25157	Add Auth Account id to Auth Token response (#363 )	6 years ago
Jeff Mitchell	f4ad22b247	Move default port to a TCP target attribute (#361 )	6 years ago
Jeff Mitchell	eb88d0381a	Fix default port update handling	6 years ago
Jeff Mitchell	a598fdfb13	Fix targets CLI command	6 years ago
Jeff Mitchell	97985883df	Fix token storage	6 years ago
Jeff Mitchell	a00ee7a948	Add Result types to Go SDK and properly populate body/map fields (#358 )	6 years ago
Jeff Mitchell	1b2f73d1d4	Fix some old logic in some CLI commands (#357 )	6 years ago
Jeff Mitchell	6201357902	Use scope-specific token DEKs (#342 )	6 years ago
Todd Knight	b998591add	Adding and updating host address validation checks (#350 )	6 years ago
Todd Knight	33e7b4538e	WorkerCoordination and GetSession API refactoring (#354 ) * Possible api changes. * Worker API update. * Updating import alias name. * Moving session down a level as a member of the GetSessionResponse. * Marshal the auth flag into the GetSessionResponse proto instead of the session.	6 years ago
Jeff Mitchell	2914b4c14c	Use base58 for a few more user-facing values (#356 )	6 years ago
Jeff Mitchell	1f80edbffc	Add missing default-port flag to targets command (#355 )	6 years ago
Jeff Mitchell	41ed95bdec	Remove old-style pathing (#353 )	6 years ago
Jeff Mitchell	c689af4306	Implement a TOFU mechanism on auth to worker (#348 ) This sets us up to better support multiple connections per session at some future point.	6 years ago
Jim	e119466233	stop oplogging tokens and allow for a time skew (#343 )	6 years ago
Jeff Mitchell	60396e4384	Properly populate ScopeInfo from group member actions (#340 )	6 years ago
Jeff Mitchell	ff0d49b6e4	Use previous method of getting recovery wrapper	6 years ago
Jeff Mitchell	f8237fb945	Move some packages into SDK, out of internal	6 years ago
Jeff Mitchell	36f975a952	Add some recovery KMS functions needed for external clients (#339 )	6 years ago
Jeff Mitchell	f94f21fd97	Update API codes (#336 )	6 years ago
Todd Knight	99d5456d7a	Scopes type field and types in updates allowed (#335 )	6 years ago
Todd Knight	c3ecea172d	Generate new version of SDK resources and Add Tests (#331 )	6 years ago
Jim	96e4b1cdba	add option db.WithSkipVetForWrite(true) so the db tests don't get intercepted by app validation (#332 )	6 years ago
Todd Knight	1c2c078e0a	Adding Authz checks that support new pathing (#328 )	6 years ago
Jim	3d944a616f	fix name typo (#330 )	6 years ago
Jeff Mitchell	23156afa11	Add in most of the proxy flow (#326 )	6 years ago
Jeff Mitchell	1822c47ef5	Migrate KMS code to the new database DEKs (#324 )	6 years ago
Todd Knight	c55153ff3d	Fix allowed scope checks and added tests for creating in global scope. (#327 )	6 years ago
Michael Gaffney	4ae3a52056	Define session database schema (#322 ) * Define session database schema * Update comments * Add insert trigger for session state * Add canceling state and update foreign keys to 'set null' on delete	6 years ago
Todd Knight	37e56ab46b	Pathing updated to support new and old styles (#323 )	6 years ago
Jim	f29869b715	support for additional deks: oplog, session and token and new CreateKeysTx() (#321 )	6 years ago
Jeff Mitchell	ee35a92f7f	Fix space issue in protobuf that apparently doesn't matter? Also apparently postgres migrations weren't run.	6 years ago
Jim	f3dd62d5d8	database DEKs (#317 )	6 years ago
Todd Knight	544e78b593	Target Handler and SDK CRUDL & add\|set\|remove-host-sets methods. (#310 )	6 years ago
Todd Knight	24ec9620ca	fix: Correct missed name updates to OutgoingInterceptor.	6 years ago
Jeff Mitchell	c4522aa813	Update host sets and auth system to new paradigm (#319 )	6 years ago
Todd Knight	0aba6db720	Enable Split Cookies (#318 )	6 years ago
Jeff Mitchell	a4c20164f3	Add add/remove/set hosts functions to host-sets command (#316 )	6 years ago
Jim	09112d1e96	refactor and remove kms/common pkg (#315 )	6 years ago
Jeff Mitchell	514856c020	Fix broken CLI output	6 years ago
Jeff Mitchell	b8c8d29008	Switch ordering of CLI create/update vs static commands (#314 )	6 years ago
Jeff Mitchell	1f065316ee	Initial (#313 )	6 years ago
Jeff Mitchell	20aef738c4	Add host-catalogs CLI command. (#312 )	6 years ago
Jeff Mitchell	17ecb6f2ce	Separate accounts/host catalogs/host sets into their own packages (#311 )	6 years ago
Jeff Mitchell	936c970635	Remove unneeded and breaking test	6 years ago
Jeff Mitchell	28df6eb7b0	Update config encrypt/decrypt CLI command (#309 ) This updates the command to our emergent standards. It also enables using a separate config file for a config kms, which allows non-string values to be encrypted. This allowed some nice cleanup as well.	6 years ago
Jeff Mitchell	274afa6b02	Shave off an IAM lookup if the user is the anonymous user (#305 ) * Shave off an IAM lookup if the user is the anonymous user * Fix build * If authz failures are turned off, make the token type unknown instead of invalid * Change returned token format when authz failures are disabled * Change logic back * Fix logic	6 years ago
Jeff Mitchell	b53812a5c1	Add ability to skip automatic auth method creation (#306 ) This is useful if you, for instance, want Terraform to be 100% responsible for creation of resources (outside of the static ones that cannot be removed or modified, like u_anon). This will mean using the recovery mechanism for initial setup, but that isn't an issue once TF supports that :-)	6 years ago
Jeff Mitchell	490be8a7e4	Add ability to skip role creation on scope create (#308 ) * Initial work on scope creation skipping * Fix things	6 years ago
Todd Knight	e4da5e9ab5	add\|set\|remove-hosts for host-sets SDK and API (#304 ) * Adding ability to add host set members. * Adding SDK and API for add\|set\|remove hosts.	6 years ago
Jim	fcb61d4b67	targets repo (#298 )	6 years ago
Michael Gaffney	58dec98ea2	Rename table from servers to server (#307 )	6 years ago
Michael Gaffney	9ca8a4ec20	Host set members (#301 ) * Update host set member test * Add ListSetMembers method signature and doc * Move repository methods for host set members to new file * Add TestSetMembers * Implement ListSetMembers * Return hosts from ListSetMembers * Implement AddSetMembers * Implement DeleteSetMembers * Use sql.QueryContext not sql.Query * Implement SetSetMembers * Refactor: extract getHosts method * Refactor: extract createMembers method * Refactor: extract common functions * Return correct count of changed In SetSetMembers, retrieving the current list of hosts in the set happens after the transaction to modify the set has completed. This retrieval can result in an error but the number of modified rows is not effected. * Make list set members an unexported method * Get hosts within the same transaction as mutations of the set * Return hosts of set from LookupSet method * Return hosts of set from UpdateSet method * Remove listSetMembers * Fix merge conflict * Add NOTE and TODOs about using new pattern in "SetMembers" methods	6 years ago
Jeff Mitchell	39721047e4	Fix CORS test	6 years ago
Michael Gaffney	de162c5533	Replace and remove ErrNilParameter with ErrInvalidParameter (#295 )	6 years ago
Jeff Mitchell	8f579c75c3	paum -> ampw (#303 )	6 years ago
Jeff Mitchell	74544f6324	Encrypt tokens on the way out and decrypt on the way in (#302 ) * Encrypt tokens on the way out and decrypt on the way in This isn't a security feature related to tokens specifically; it's so that we can discard cryptographically bad tokens before we ever hit the DB. This way we can't pass through a DDoS to the database due to fetching obviously invalid token values. I'm using base58 to encode the resulting value as there aren't great base62 options, and allowing base64 / and + values can hamper usability by creating copying/highlighting breaks.	6 years ago
Jeff Mitchell	647d5502b5	Change ListServers to use SeachWhere (#300 )	6 years ago
Jeff Mitchell	ac4d9fa311	Add nonce storage and replay prevention test (#293 )	6 years ago
Jeff Mitchell	a1490228b8	Add address to worker status tracing	6 years ago
Todd Knight	c4d3414016	Add Host Set CUDLR handler and SDK (#290 )	6 years ago
Todd Knight	e423b6589e	Request Validation logic moved into a helper (#296 ) * Move all the validation logic into a helper tool. * Adding tests for verifier helpers.	6 years ago
Jeff Mitchell	414a2ab2c3	Remove some dead, dead, dead, dead code	6 years ago
Michael Gaffney	14dd7b49b2	Add method signatures for host set operations (#291 ) * Add method signatures for host set operations * Rename ReplaceSetMembers to SetSetMembers	6 years ago
Michael Gaffney	b24fc185a7	Export TestSets helper function (#292 )	6 years ago
Michael Gaffney	3a3cdd7219	Static host set repository methods (#289 ) * Implement CreateSet * Implement UpdateSet * Implement LookupSet * Implement ListSets * Implement DeleteSet * Remove unused parameter from test helper function * Update to use new kms structure * Remove unused parameter for test helper function * Fix resource-type string for host set	6 years ago
Jeff Mitchell	b47cca0329	Add (non-db aspects of) the recovery key workflow (#286 )	6 years ago
Todd Knight	d5678c4f80	Handler for Host CRUDL actions (#287 )	6 years ago
Todd Knight	7474e956dd	List Catalogs for Repo and API Handler (#288 )	6 years ago
Jeff Mitchell	6bf4a5ce38	Add not null checks to wt_private_id, wt_scope_id, and wt_user_id (#284 )	6 years ago
Jim	9570897032	basic keys mgmt repo (#264 )	6 years ago
Michael Gaffney	a413ad7b84	Static Host: Lookup, List and Delete (#283 ) * Implement LookupHost * Implement ListHosts * Implement DeleteHost	6 years ago
Todd Knight	eaae887bbe	Don't require type for children of subtyped resources. (#285 )	6 years ago
Jeff Mitchell	a11ca2e3a8	Make gen	6 years ago
Todd Knight	d86e58476f	Version can be passed through request body (#281 ) * Scopes inline version into update request body. * Users inline version into update request body. * Group inline version into update and add\|set\|remove member request body. * Role inline version into update and add\|set\|remove grant\|principal request body. * Auth method inline version into update request body. * Auth Account inline version into update request body. * host catalog version is inlined for update. * Gen after merge. * Submitting template changes for version handling.	6 years ago
Jeff Mitchell	adfc5681be	Auth methods CLI (#277 )	6 years ago
Michael Gaffney	041e1f9fd3	Update host (#278 ) * Add IsNotNullError function to db package * Let the database handle default values not gorm * Implement UpdateHost * Remove unnecessary clone	6 years ago
Michael Gaffney	e18cdc52b3	Create host (#276 ) * Change testHostCatalog methods to be like other resource test methods * Implement CreateHost * Make allocHost return a pointer to a Host	6 years ago
Jeff Mitchell	282177afc2	Remove the default org (#270 )	6 years ago
Todd Knight	01059e6ca8	Wrap StartDbInDocker in a mutex. (#275 ) * Wrap StartDbInDocker in a mutex. * Adding TODO to debug further. * Clarifying the TODO to point out a race condition.	6 years ago
Todd Knight	1deea8aa3a	Fixing missed documentation fix from PR 267.	6 years ago
Todd Knight	e14f968fc3	Account (Set\|Change)Passsword (#267 )	6 years ago
Jeff Mitchell	4655f58365	Make gen	6 years ago
Michael Gaffney	7d133878be	Add base types for host catalog, host set, and host (#272 ) * Move static host migrations to higher number * Add wt_host_address domain type * Add base tables for host catalog, host set, and host * Reformat create trigger statements * Add subtype triggers for host catalog, host set, and host * Remove wt_host_address domain type * Rename columns in host_set_member * Add delete trigger functions for base types * Add delete after triggers to static host subtypes * Add protobufs for host base types	6 years ago
Jeff Mitchell	7b36571788	Change auth validity feedback (#273 ) * Change auth validity feedback Move from a bool indicating validity to lack of an error. This allows the error to be directly returned and typed. * Fix erroneous line	6 years ago
Todd Knight	23b437894a	Masks can now update attribute fields. (#271 )	6 years ago
Jeff Mitchell	fff15bc9f3	Rename KMS purpose 'controller' to 'root'	6 years ago
Jeff Mitchell	efaf58b568	Add users CLI command and do some cleanup (#269 )	6 years ago
Jeff Mitchell	6080d93f8f	Add authtokens CLI command (#268 )	6 years ago
Jeff Mitchell	d3a1cd949b	Update password auth method flags to fit current standards	6 years ago
Jeff Mitchell	bb6b189513	Create a default role on new scope creation (#265 )	6 years ago
Jeff Mitchell	e89e9d1349	Add groups CLI command (#266 )	6 years ago
Michael Gaffney	7ac4be51c0	Refactor static host package (#263 ) * Refactor: inline tablename constants * Refactor: move functionality to new files	6 years ago
Jeff Mitchell	b75a6fc5e5	Update scopes CLI command in the model of the roles command (#262 ) * Update scopes CLI command in the model of the roles command * Pull help functions to helper methods	6 years ago
Jeff Mitchell	b0c0129ab2	Add a dummy file to ui package	6 years ago
Jeff Mitchell	5d104a7a01	Migrate off Vault's internalshared folder to the separated-out repo	6 years ago
Jeff Mitchell	c195c4bc9b	Remove disabled property and sync up field ordering and numbering (#259 )	6 years ago
Todd Knight	245c7fbb44	Add Account Update handler (#257 ) * Allow updating accounts (not username or pw). * Updating new field names to LoginName. * Adding creation with password test. * Fixing documentation for WithLoginName	6 years ago
Jeff Mitchell	203e2b5dc2	Initial worker porting steps (#232 )	6 years ago
Jeff Mitchell	73a38b1433	Remove some unneeded resource types and fix the resource typing for default role in global scope (#256 )	6 years ago
Jeff Mitchell	4cfab04307	Migrate user name to login name (#255 )	6 years ago
Michael Gaffney	6f886976e4	Add not null constraint to wt_version domain (#254 )	6 years ago
Jeff Mitchell	61378381c6	Add version to account update (#252 )	6 years ago
Jeff Mitchell	78d7f539c5	Add versioning to host catalogs/sets/hosts and fix up tests (#247 ) * Start adding version to host resources and fixing up tests * Add versioning to host resources and update API tests * Fix nil in test * Add missing update	6 years ago
Jeff Mitchell	565059ed63	Add versioning to auth methods and accounts (#249 )	6 years ago
Michael Gaffney	a7c467bd68	Password - UpdateAccount and SetPassword (#248 ) * Implement UpdateAccount * Implement SetPassword * Add tests for duplicate user names * Fix imports broken after product rename Co-authored-by: Jeff Mitchell <jeffrey.mitchell@gmail.com>	6 years ago
Jeff Mitchell	6661117d4c	The name. The name. The name!	6 years ago
Jim	1c836c430b	support for associating/disassociating an auth account with a user (#233 )	6 years ago
Jeff Mitchell	0c18e35b9d	Fix group service proto for versions	6 years ago
Jeff Mitchell	827d86bef1	Update API role tests and fix the structure of the protos so versioning works	6 years ago
Michael Gaffney	bdb31cf8b5	Bump deps (#245 )	6 years ago
Jeff Mitchell	6a21e8dedb	Fix some speling and a test	6 years ago
Jeff Mitchell	bbd200101f	Move update versioning to query parameter, and fix up scope API tests (#244 ) * Move update versioning to query parameter, and fix up scope API tests * Add version checks for update requests in other services	6 years ago
Jeff Mitchell	0d0660b061	Fix some tests I broke	6 years ago
Jeff Mitchell	f07bb9dae6	Fix breakage after change to template from previous PR	6 years ago
Jeff Mitchell	df4730b1a0	Minor fixes and first API test changeover (#243 )	6 years ago
Jeff Mitchell	d74e30d94a	Minor, easy, linting fixes	6 years ago
Jeff Mitchell	8dd5de49b9	Minor update to default role description text	6 years ago
Jeff Mitchell	5bf307797b	Fix typo and also set default min user name length to 3 because jeff, jim, todd, mike	6 years ago
Todd Knight	f84991c0f1	Use authenticate and Auth Method repo functions (#242 )	6 years ago
Jeff Mitchell	908a299ea3	Convert SDK to the new options API (#238 )	6 years ago
Todd Knight	b5acf6afdf	Connecting the auth method service to the api handler. (#241 )	6 years ago
Todd Knight	b7bf76a9ba	Auth Method API Handler for CRUDL (not updating password specific fields)(#239 )	6 years ago
Michael Gaffney	7fefd5e2fe	Change password (#237 ) * Implement ChangePassword * Refactor: extract authenticate method * Update tests to verify oplog entries * More refactoring * Remove extraneous clones * More refactoring	6 years ago
Todd Knight	e5ec1f48b2	Account API handler for CRDL operations (#228 )	6 years ago
Jeff Mitchell	2ca7e0b88e	Fix some linting complaining	6 years ago
Jeff Mitchell	322b13ae98	Standardize static group -> group naming (#236 )	6 years ago

1 2 3 4 5 ...

443 Commits (jeff-error-cli-update)