Commit 6f8424ad38
added an public function so we can import redoctober's NewServer
function in external test packages to create an RO server without having
to actually install the binary in test environments.
This used to work until 0f06d0a051,
which makes it impossible to import main package in external packages.
This change moves `NewServer` and its related code to a non-main
package so other packages can still import it in tests or any other
places.
Signed-off-by: Daniel Dao <dqminh89@gmail.com>
The diff for this is a bit ugly due to indentation changes, but
essentially each navbar tag that exists, was converted into a tab. From
there, only one tab is shown at a time- this makes navigation generally
suck less, and is visually less painful.
In parallel, the markup for each tab was adjusted to be more consistent.
This commit adds basic sentry reporting. If enabled by setting the
appropriate configuration value, it will report panics and errors.
Certain functions in the core package (Delegate, Encrypt, Decrypt,
Restore, and ResetPersisted) have additional Sentry reporting as
these are the most common errors.
+ If a valid hipchat configuration is provided, send a message when
Red October has restarted.
+ If persistence is inactive, alert the channel that this is the case.
+ Add a lock to the keycache.
+ Ensure that all instantiations of keycaches use New, rather
than the old keycache.Cache{make()} construct. This no longer
works with the lock in place.
+ Update travis to run the race detector on a few specific packages
that should help identify this type of problem in the future.
* disable endless retry logic
- we should do the retry logic at application cmd/ro, cmd/ro will need to
deal with keyboard interrupts as well
* update test self-signed certificate with a expiry of 100 years
* ro tool supports retries after getting delegation errors
* make docker: build a docker image for redoctober
* add a convenient entrypoint to generate certificates out of the box
* add detection based on RO_CERTS and RO_KEYS
instead of detection based on the presence of RO_DATA, add RO_CERTS and RO_KEYS
which are paths to the ceritificates and keys so we can generate them more
effectively.
Signed-off-by: Daniel Dao <dqminh@cloudflare.com>
* dockerfile: bump golang to 1.7.1
When delegating to a group of users, Red October will return the
error "User not found" if the user can't be found. This makes it
difficult to figure out the user that couldn't be found. This change
goes through the list of users and includes all usernames that
couldn't be found in the error message.
This change addresses several points:
1. The integration tests didn't verify that delegations could be used
for decryption following a restore. The integration tests now
verify this.
2. There was no functionality for clearing persisted delegations if
needed. The vault admin can now do this via the command line tool.
3. Restoring active delegations wasn't storing the key with the
delegation. Keys are now serialised properly.
4. [Minor] The MSP package now reports the name of the offending user
when it can't find a user name in the database.
