Chris Baker
34e100cc96
server vault client: use two vault clients, one with namespace, one without for /sys calls
2019-04-10 10:34:10 -05:00
Chris Baker
0eaeef872f
config/docs: added `namespace` to vault config
...
server/client: process `namespace` config, setting on the instantiated vault client
2019-04-10 10:34:10 -05:00
Mahmood Ali
f4560d8a2a
server/vault: tweak error messages
...
Closes #5139
2019-01-25 10:33:54 -05:00
Mahmood Ali
5827438983
Renew past recorded expiry till unrecoverable error
...
Keep attempting to renew Vault token past locally recorded expiry, just
in case the token was renewed out of band, e.g. on another Nomad server,
until Vault returns an unrecoverable error.
2018-11-20 17:10:55 -05:00
Mahmood Ali
4a0544b369
Track renewal expiration properly
2018-11-20 17:10:55 -05:00
Mahmood Ali
e1994e59bd
address review comments
2018-11-20 17:10:54 -05:00
Mahmood Ali
55456fc823
Set a 1s floor for Vault renew operation backoff
2018-11-20 17:10:54 -05:00
Alex Dadgar
3c19d01d7a
server
2018-09-15 16:23:13 -07:00
Alex Dadgar
300b1a7a15
Tests only use testlog package logger
2018-06-13 15:40:56 -07:00
Chelsea Holland Komlo
dcc9cdfeb7
fixup! comment and move to always log server reload operation
2018-06-07 17:12:36 -04:00
Chelsea Holland Komlo
9f6bd7bf3a
move logic for testing equality for vault config
2018-06-07 16:23:50 -04:00
Alex Dadgar
c152774997
Allow and recommend Orphaned Vault tokens
...
This PR removes enforcement that the Vault token role disallows orphaned
tokens and recommends orphaned tokens to simplify the
bootstrapping/upgrading of Nomad clusters. The requirement that Nomad's
Vault token never expire and be shared by all instances of Nomad servers
is not operationally friendly.
2018-03-15 15:32:08 -07:00
Michael Schurter
7dd7fbcda2
non-Existent -> nonexistent
...
Reverting from #3963
https://www.merriam-webster.com/dictionary/existent
2018-03-12 11:59:33 -07:00
Josh Soref
7f6e4012a0
spelling: existent
2018-03-11 18:30:37 +00:00
Preetha Appan
0b3754c05e
Fix error message string in test
2018-03-09 15:07:52 -06:00
Preetha Appan
c6b975428b
Always retry on token validation instead of special casing vault sealing
2018-03-08 20:27:49 -06:00
Alex Dadgar
10a07c525f
fix flaky vault test
2017-10-23 16:48:20 -07:00
Michael Schurter
a66c53d45a
Remove `structs` import from `api`
...
Goes a step further and removes structs import from api's tests as well
by moving GenerateUUID to its own package.
2017-09-29 10:36:08 -07:00
Alex Dadgar
4173834231
Enable more linters
2017-09-26 15:26:33 -07:00
Luke Farnell
f0ced87b95
fixed all spelling mistakes for goreport
2017-08-07 17:13:05 -04:00
Alex Dadgar
a9c786a4fe
Make test Vault pick random ports
2017-07-25 17:40:59 -07:00
Alex Dadgar
06eddf243c
parallel nomad tests
2017-07-25 17:39:36 -07:00
Alex Dadgar
d3012f1447
Fix Vault Client panic when given nonexistant role
...
The Vault API returns a nil secret and nil error when reading an object
that doesn't exist. The old code assumed an error would be returned and
thus will panic when trying to validate a non-existant role.
2017-05-16 12:59:58 -04:00
Michael Schurter
2d07b75308
Recoverable struct field must be exported
2017-03-28 12:18:57 -07:00
Michael Schurter
0e6c564406
Improve artifact download error message
...
Fixes #2289
Unfortunately took more RecoverableError hijinx than I would have liked.
There might be a better way.
2017-03-24 15:26:05 -07:00
Alex Dadgar
5be806a3df
Fix vet script and fix vet problems
...
This PR fixes our vet script and fixes all the missed vet changes.
It also fixes pointers being printed in `nomad stop <job>` and `nomad
node-status <node>`.
2017-02-27 16:00:19 -08:00
Alex Dadgar
8bfc4255eb
Add server metrics
2017-02-14 16:02:18 -08:00
Alex Dadgar
15ffdff497
Vault Client on Server handles SIGHUP
...
This PR allows the Vault client on the server to handle a SIGHUP. This
allows updating the Vault token and any other configuration without
downtime.
2017-02-01 14:24:10 -08:00
Alex Dadgar
83106de217
Merge branch 'master' into d-vault
2017-01-27 15:19:34 -08:00
Alex Dadgar
f11dedbfc6
explain the skip
2017-01-27 15:19:22 -08:00
Alex Dadgar
183d0bdd15
Cleanup and skip test
2017-01-27 15:06:01 -08:00
Alex Dadgar
1f6d9a0e4a
Fix flaky test
2017-01-26 13:02:13 -08:00
Alex Dadgar
faf9745256
Fix blacklist test
2017-01-23 10:40:28 -08:00
Alex Dadgar
442d775fb2
Test new functionality
2017-01-21 17:33:35 -08:00
Alex Dadgar
7d1ec25d09
Test pass
2017-01-20 10:06:47 -08:00
Alex Dadgar
ace50cfa19
closer on the tests
2017-01-19 17:21:46 -08:00
Alex Dadgar
822e32de6d
Fix error checking
2016-11-08 11:04:11 -08:00
Alex Dadgar
981fabdb26
Add unrecoverable test
2016-11-08 10:38:54 -08:00
Alex Dadgar
8f365bfbbf
Update vault_test to use minimal set of policies + start of Vault documentation
2016-11-01 10:39:15 -07:00
Alex Dadgar
3d04efb21f
Validate the Vault role being used
2016-10-24 16:53:47 -07:00
Alex Dadgar
0070178741
Thread through whether DeriveToken error is recoverable or not
2016-10-22 18:08:30 -07:00
Alex Dadgar
82960c46d8
Tests
2016-10-11 13:28:18 -07:00
Alex Dadgar
48696ba0cc
Use tomb to shutdown
...
Token revocation
Remove from the statestore
Revoke tokens
Don't error when Vault is disabled as this could cause issue if the operator ever goes from enabled to disabled
update server interface to allow enable/disable and config loading
test the new functions
Leader revoke
Use active
2016-08-28 14:06:25 -07:00
Alex Dadgar
19be6b57b2
fixes
2016-08-19 20:02:32 -07:00
Alex Dadgar
c394a45b72
create token tests
2016-08-19 16:40:37 -07:00
Alex Dadgar
123a26ffea
Rate limiting
2016-08-19 16:40:37 -07:00
Alex Dadgar
f9f019fa62
LookupToken
2016-08-17 16:25:38 -07:00
Alex Dadgar
a981fb4e0e
test renewal
2016-08-17 16:25:38 -07:00
Alex Dadgar
a8efce874f
Token renewal and beginning of tests
2016-08-17 16:25:38 -07:00