Commit 6f8424ad38
added an public function so we can import redoctober's NewServer
function in external test packages to create an RO server without having
to actually install the binary in test environments.
This used to work until 0f06d0a051,
which makes it impossible to import main package in external packages.
This change moves `NewServer` and its related code to a non-main
package so other packages can still import it in tests or any other
places.
Signed-off-by: Daniel Dao <dqminh89@gmail.com>
This commit adds basic sentry reporting. If enabled by setting the
appropriate configuration value, it will report panics and errors.
Certain functions in the core package (Delegate, Encrypt, Decrypt,
Restore, and ResetPersisted) have additional Sentry reporting as
these are the most common errors.
This change addresses several points:
1. The integration tests didn't verify that delegations could be used
for decryption following a restore. The integration tests now
verify this.
2. There was no functionality for clearing persisted delegations if
needed. The vault admin can now do this via the command line tool.
3. Restoring active delegations wasn't storing the key with the
delegation. Keys are now serialised properly.
4. [Minor] The MSP package now reports the name of the offending user
when it can't find a user name in the database.
+ Add the relevant parts to the command line tool and the client
package.
+ Small improvements to cryptor's restore function:
+ Don't try to restore if the store is already active.
+ Flush the persistence key cache once the restoration occurs.
+ The redoctober program now explicitly mentions that a config file is
invalid when that's the case.
This simplifies our deployment process, allowing us to use existing
configuration management tools designed for templating command-line
parameters to template the config files in a straightforward manner.
This pull request adds a status endpoint to the Red October server; as
of this pull request, the status endpoint only returns the current
delegation persistence state. The HTTP UI has not been updated, as
this is scoped out for a future request; however, the CLI utility now
features a status command to fetch this information.
Remove the unexported type used in the NewServer func so that it may be
used outside this package, which allows for integration style tests that
start an instance of a RO server.
The channel based request locking has been replaced with LimitListener,
which prevents simultaneous handling of TCP connections.
Don't assume that the creator of the order wants the delegations.
Instead it's much nicer with our current scheme to take in a big
slice of people who want delegations, so that each person who ne
eds a delegation doesn't need to make an order.
Supports MSP and requires several arguments to add hipchat integration to
red october. RedOctober will then alert on creation of an order, any new
delegation, or several other states.
The idea is to create a new type (to avoid ugly string parsing) and
then, instead of iterating through delegations with the username, iterate
through the delegations and look for your username and matching slot. Also
in cases we don't have the slot (everything but delegation), find the slot
when we match a user.
This fixes a bug introduced by the new socket activation/systemd-brokered listening whereby Red October speaks HTTP rather than HTTPS over that socket.
This allows a single Red October instance to have multiple names,
which is useful for load-balancing across multiple instances (e.g.,
one can have a fleet of instances (ro1, ro2, ...) and also a logical
name (redoctober.example.com) and have working access via both names
thanks to the magic of SNI.
Add a new flag, -systemdfds, which causes Red October to expect to be
provisioned on launch with file descriptors for sockets opened by
systemd. This is useful for socket activation, but also allows systemd
to bind privileged ports for us. I've included example systemd
configuration files that successfully start Red October as a service
user without admin rights but bound to 443 in a Jessie VM for me. They
need to be installed where systemd expects them, which on Jessie is
/etc/systemd/system/redoctober.service and
/etc/systemd/system/sockets.target.wants/redoctober.socket.
're-encrypt' allows us to re-encrypt an RO encryption to a different set
of owners and labels. Currently two delegations are sufficient to carry
out this operation.
