| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
| |
Use the term secret and not key to refer to .. well .. secrets.
Store the last response instead of returning it to the caller, this
way there is a consistent way to get access to it and only as needed.
Change the name to CustodiaSimpleClient in preparaion for extending the
support to other Secret types.
Signed-off-by: Simo Sorce <simo@redhat.com>
|
|
|
|
|
|
|
|
| |
The payload was not being set with the provided value when a PUT
operation token was parsed. This resulted in attempting to store
an empty value instead of the provided secret.
Signed-off-by: Simo Sorce <simo@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
| |
All authorization modules need to be executed, we cannot bail at the
first one that returns a positive answer. Some authz modules attach
data to the requst as a side effect and they need to be run even if
others also authorize access.
Additionally if a later module returns an explicit Deny, then that
must override any previous granted access.
Signed-off-by: Simo Sorce <simo@redhat.com>
|
|
|
|
|
|
| |
In the server case auditlog is used in the pipeline too, so make it public.
Signed-off-by: Simo Sorce <simo@redhat.com>
|
|
|
|
| |
Signed-off-by: Simo Sorce <simo@redhat.com>
|
|
|
|
| |
Signed-off-by: Simo Sorce <simo@redhat.com>
|
|
|
|
| |
Signed-off-by: Simo Sorce <simo@redhat.com>
|
|
|
|
| |
Signed-off-by: Christian Heimes <cheimes@redhat.com>
|
|
|
|
|
|
|
|
| |
setup.py no longer installs Custodia's tests files. The test cases are
only shipped in the source distribution.
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
|
|
|
|
|
|
|
|
| |
This plugin takes a nother store to use and ecnrypts all content.
note: it does not encrypt key names nor the containers
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Christian Heimes <cheimes@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch adda an 'origin' argument to the logger formatting that
coms from the configuration parser and ties a log entry to the
implementing class as well as the specific configuration facility
that instantiated it.
Also adds per configuration section debugging unless the global
debug statment is true, in which case all objects have debugging
forcibly turned on.
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Christian Heimes <cheimes@redhat.com>
|
|
|
|
|
|
|
| |
Use custom configuration and databases, do not rely on in-tree data.
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Christian Heimes <cheimes@redhat.com>
|
|
|
|
|
| |
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Christian Heimes <cheimes@redhat.com>
|
|
|
|
|
| |
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Christian Heimes <cheimes@redhat.com>
|
|
|
|
|
| |
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Christian Heimes <cheimes@redhat.com>
|
|
|
|
|
| |
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Christian Heimes <cheimes@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
The code was errnoeously refusing to create containers or keys on
the base directory where there are no parents.
For single component keys always assume / exists in the database.
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Christian Heimes <cheimes@redhat.com>
|
|
|
|
|
| |
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Christian Heimes <cheimes@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
The custom logging and traceback functions as well as the audit logger
are replaced with Python's logging framework. For now the loggers are
hard-coded to use a StreamHandler(sys.stderr) as root handler and a
FileHandler for the audit log.
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
The latter is customized to show Travis' CI build status on Github,
and will have more hosting specific content going forward.
The regular README will be targeted for offline information, and will
not be necessarilya markdown file either.
Signed-off-by: Simo Sorce <simo@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
tox 2.0 has a bug in envsitepackagesdir variable substitution. Install
tox<2.0 for Travis CI.
Custodia now depends on python-requests.
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
|
|
|
|
|
| |
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Christian Heimes <cheimes@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The server can be now configured using a new parameter called
"server_url".
Setting server_url to "http://0.0.0.0:80/" will make the server listen
on TCP port 80, while setting it to "http+unix://%2fsocket" will make
the server listen on the unix socket named "/socket".
The backwards compatible "server_socket" is retained and used if no
server_url is provided.
The request dict has a new field "client_id" that contains either a
PID or a peer name. In the future the field can be augmented with a
TLS client cert DN or other similar identifier.
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Signed-off-by: Simo Sorce <simo@redhat.com>
|
|
|
|
|
|
|
|
| |
This pugin allows to mangle and forward requests to another custodia
server, locally or on the network.
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Christian Heimes <cheimes@redhat.com>
|
|
|
|
|
| |
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Christian Heimes <cheimes@redhat.com>
|
|
|
|
|
| |
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Christian Heimes <cheimes@redhat.com>
|
|
|
|
|
|
|
|
| |
This makes it simpler to use a custodia server, whether exposed over
HTTP, HTTPS or a unix socket with the http+unix schema.
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Christian Heimes <cheimes@redhat.com>
|
|
|
|
|
| |
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Christian Heimes <cheimes@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
A new internal method _absolute_key() is used to join key name and name
space. etcd treats the key space like a file system so the method checks
the key for '//', '.', and '..' to prevent invalid paths and path traversal
attacks.
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Signed-off-by: Simo Sorce <simo@redhat.com>
|
|
|
|
|
| |
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Christian Heimes <cheimes@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
Use a new verb, "span" to create namespaces/containers.
This will be needed for the Etcd plugin which need to distinguish between
a directory and a key.
The sqlite/enclite just pass the request to their set() method.
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Christian Heimes <cheimes@redhat.com>
|
|
|
|
|
|
|
|
| |
Moves the secrets.Namespaces plugin to the proper authorizers file and
fixes it to properly enforce the user-named namespace is being used.
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Christian Heimes <cheimes@redhat.com>
|
|
|
|
|
| |
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Christian Heimes <cheimes@redhat.com>
|
|
|
|
|
|
|
|
|
| |
The store as throwing an exception in case of an unesisting key.
Now it returns None as expected on missing keys, and properly
wraps encoding exceptions if the JWE can't be decoded.
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Christian Heimes <cheimes@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
This commit removes the option to pas a filter parameter.
It also changes the way database plugins are expected to return
results, results are now expected to be relative to the path
requested.
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Christian Heimes <cheimes@redhat.com>
|
|
|
|
|
| |
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Christian Heimes <cheimes@redhat.com>
|
|
|
|
|
| |
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Christian Heimes <cheimes@redhat.com>
|
|
|
|
|
| |
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Christian Heimes <cheimes@redhat.com>
|
|
|
|
|
| |
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Christian Heimes <cheimes@redhat.com>
|
|
|
|
|
|
|
|
| |
With this env var we force the local /bin/coverage to still source locally
unavailable modules from the .tox directory.
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Christian Heimes <cheimes@redhat.com>
|
|
|
|
|
| |
Reviewed-by: Simo Sorce <simo@redhat.com>
Closes #9
|
|
|
|
|
| |
Reviewed-by: Simo Sorce <simo@redhat.com>
Closes #8
|
|
|
|
| |
Signed-off-by: Simo Sorce <simo@redhat.com>
|
|
|
|
| |
Signed-off-by: Simo Sorce <simo@redhat.com>
|
|
|
|
| |
Signed-off-by: Simo Sorce <simo@redhat.com>
|
| |
|
|
|
|
|
|
| |
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
Closes #7
|
|
|
|
|
|
|
|
|
|
|
| |
The .travis.yml configures Travis CI. We only need Python 2.7 as the
rest is handled by different tox environments. In order to enable Travis
CI, please read http://docs.travis-ci.com/user/getting-started/ and
do step 1) and step 2).
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
Closes #6
|
|
|
|
|
|
|
|
|
|
| |
The test suite leaves child processes behind. The teardown class method
now call Popen.kill() and Popen.wait() to kill and wait for its child
process.
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
Closes #5
|
|
|
|
|
|
|
|
|
| |
Uses the same method as the server, the request and response are quite
symmetrical here.
also fix a bug with the subject name missing in the replies.
Adapt tests.
Signed-off-by: Simo Sorce <simo@redhat.com>
|