diff --git a/CHANGELOG.md b/CHANGELOG.md index cf413a0ee..f209d3bf6 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -70,11 +70,12 @@ IMPROVEMENTS: `tls_disable` option [GH-802] * credential/token: Add `last_renewal_time` to token lookup calls [GH-896] * helper/certutil: Add ability to parse PKCS#8 bundles [GH-829] + * logical/aws: You can now get STS tokens instead of IAM users [GH-927] * logical/cubbyhole: Add cubbyhole access to default policy [GH-936] * logical/pki: Assign ExtKeyUsageAny to CA certs generated/signed with the backend; this fixes the non-spec validation logic used in the Windows Crypto API and Go's verification functions [GH-846] - * logical/aws: You can now get STS tokens instead of IAM users [GH-927] + * logical/postgres: Add `max_idle_connections` paramter [GH-950] * physical/cache: Use 2Q cache instead of straight LRU [GH-908] * physical/etcd: Support basic auth [GH-859] @@ -103,7 +104,8 @@ MISC: documentation](https://vaultproject.io/docs/config/index.html) for details. * Add `vault-java` to libraries [GH-851] * Various minor documentation fixes and improvements [GH-839] [GH-854] - [GH-861] [GH-876] [GH-899] [GH-900] [GH-904] [GH-923] [GH-924] + [GH-861] [GH-876] [GH-899] [GH-900] [GH-904] [GH-923] [GH-924] [GH-958] + [GH-959] ## 0.4.1 (January 13, 2016) diff --git a/builtin/logical/postgresql/backend.go b/builtin/logical/postgresql/backend.go index 7e4b004e8..3dce5974e 100644 --- a/builtin/logical/postgresql/backend.go +++ b/builtin/logical/postgresql/backend.go @@ -98,6 +98,7 @@ func (b *backend) DB(s logical.Storage) (*sql.DB, error) { // Set some connection pool settings. We don't need much of this, // since the request rate shouldn't be high. b.db.SetMaxOpenConns(connConfig.MaxOpenConnections) + b.db.SetMaxIdleConns(connConfig.MaxIdleConnections) return b.db, nil } diff --git a/builtin/logical/postgresql/path_config_connection.go b/builtin/logical/postgresql/path_config_connection.go index 6a27328d6..ee5cd2634 100644 --- a/builtin/logical/postgresql/path_config_connection.go +++ b/builtin/logical/postgresql/path_config_connection.go @@ -19,13 +19,24 @@ func pathConfigConnection(b *backend) *framework.Path { }, "value": &framework.FieldSchema{ Type: framework.TypeString, - Description: ` - DB connection string. Use 'connection_url' instead. - This will be deprecated.`, + Description: `DB connection string. Use 'connection_url' instead. +This will be deprecated.`, }, "max_open_connections": &framework.FieldSchema{ - Type: framework.TypeInt, - Description: "Maximum number of open connections to the database", + Type: framework.TypeInt, + Description: `Maximum number of open connections to the database; +a zero uses the default value of two and a +negative value means unlimited`, + }, + + // Implementation note: + "max_idle_connections": &framework.FieldSchema{ + Type: framework.TypeInt, + Description: `Maximum number of idle connections to the database; +a zero uses the value of max_open_connections +and a negative value disables idle connections. +If larger than max_open_connections it will be +reduced to the same size.`, }, }, @@ -48,6 +59,14 @@ func (b *backend) pathConnectionWrite( maxOpenConns = 2 } + maxIdleConns := data.Get("max_idle_connections").(int) + if maxIdleConns == 0 { + maxIdleConns = maxOpenConns + } + if maxIdleConns > maxOpenConns { + maxIdleConns = maxOpenConns + } + // Verify the string db, err := sql.Open("postgres", connString) if err != nil { @@ -65,6 +84,7 @@ func (b *backend) pathConnectionWrite( ConnectionString: connString, ConnectionURL: connURL, MaxOpenConnections: maxOpenConns, + MaxIdleConnections: maxIdleConns, }) if err != nil { return nil, err @@ -84,6 +104,7 @@ type connectionConfig struct { // Deprecate "value" in coming releases ConnectionString string `json:"value"` MaxOpenConnections int `json:"max_open_connections"` + MaxIdleConnections int `json:"max_idle_connections"` } const pathConfigConnectionHelpSyn = ` diff --git a/scripts/cross/Dockerfile-patched-1.5.3 b/scripts/cross/Dockerfile-patched-1.5.3 new file mode 100644 index 000000000..0296ac3c9 --- /dev/null +++ b/scripts/cross/Dockerfile-patched-1.5.3 @@ -0,0 +1,38 @@ +# Adapted from tcnksm/dockerfile-gox -- thanks! + +FROM debian:jessie + +RUN apt-get update -y && apt-get install --no-install-recommends -y -q \ + curl \ + zip \ + build-essential \ + ca-certificates \ + git mercurial bzr \ + && rm -rf /var/lib/apt/lists/* + +ENV GOVERSION 1.5.3 +RUN mkdir /goroot-upstream && mkdir /gopath-upstream && mkdir /gopath +RUN curl https://storage.googleapis.com/golang/go${GOVERSION}.linux-amd64.tar.gz \ + | tar xvzf - -C /goroot-upstream --strip-components=1 + +ENV GOROOT_BOOTSTRAP /goroot-upstream +RUN git clone https://github.com/golang/go /goroot +WORKDIR /goroot/src +RUN git config user.email "jeff@hashicorp.com" +RUN git config user.name "Jeff Mitchell" +RUN git checkout -b go1.5.3-fixed-x509 go1.5.3 +RUN git cherry-pick e78e654c1de0a7bfe0314d6954d42b046f14f1bb +RUN git cherry-pick a0ea93dea5f5741addc8c96b7ed037d0e359e33f +RUN ./all.bash + +ENV GOPATH /gopath +ENV GOROOT /goroot +ENV PATH $GOROOT/bin:$GOPATH/bin:$PATH + +RUN go get github.com/mitchellh/gox +RUN go get github.com/tools/godep + +RUN mkdir -p /gopath/src/github.com/hashicorp/vault +WORKDIR /gopath/src/github.com/hashicorp/vault +ENV CGO_ENABLED=0 +CMD make bin diff --git a/vault/core.go b/vault/core.go index a904c4658..e3adb5d2a 100644 --- a/vault/core.go +++ b/vault/core.go @@ -762,7 +762,13 @@ func (c *Core) checkToken(req *logical.Request) (*logical.Auth, *TokenEntry, err // or creation as appropriate. if req.Operation == logical.CreateOperation || req.Operation == logical.UpdateOperation { checkExists, resourceExists, err := c.router.RouteExistenceCheck(req) - if err != nil { + switch err { + case logical.ErrUnsupportedPath: + // fail later via bad path to avoid confusing items in the log + checkExists = false + case nil: + // Continue on + default: c.logger.Printf("[ERR] core: failed to run existence check: %v", err) return nil, nil, ErrInternalError } diff --git a/website/source/assets/images/logo_large.png b/website/source/assets/images/logo_large.png new file mode 100644 index 000000000..11a571142 --- /dev/null +++ b/website/source/assets/images/logo_large.png @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:16966122febf3e058aa38a88d17ea5d213468d9da360e818c5e2b5b92392943c +size 70480 diff --git a/website/source/docs/auth/github.html.md b/website/source/docs/auth/github.html.md index 5e5b99e04..d94cc9977 100644 --- a/website/source/docs/auth/github.html.md +++ b/website/source/docs/auth/github.html.md @@ -26,7 +26,40 @@ $ vault auth -method=github token= #### Via the API -The endpoint for the GitHub login is `/login`. +The endpoint for the GitHub login is `auth/github/login`. + +The `github` mountpoint value in the url is the default mountpoint value. If you have mounted the `github` backend with a different mountpoint, use that value. + +The `token` should be sent in the POST body encoded as JSON. + +```shell +$ curl $VAULT_ADDR/v1/auth/github/login \ + -d '{ "token": "your_github_personal_access_token" }' +``` + +The response will be in JSON. For example: + +```javascript +{ + "lease_id": "", + "renewable": false, + "lease_duration": 0, + "data": null, + "warnings": null, + "auth": { + "client_token": "c4f280f6-fdb2-18eb-89d3-589e2e834cdb", + "policies": [ + "root" + ], + "metadata": { + "org": "test_org", + "username": "rajanadar", + }, + "lease_duration": 0, + "renewable": false + } +} +``` ## Configuration diff --git a/website/source/docs/http/sys-seal-status.html.md b/website/source/docs/http/sys-seal-status.html.md index fa996f343..6d97e5475 100644 --- a/website/source/docs/http/sys-seal-status.html.md +++ b/website/source/docs/http/sys-seal-status.html.md @@ -11,7 +11,7 @@ description: |-
Description
- Returns the seal status of the Vault. + Returns the seal status of the Vault.

This is an unauthenticated endpoint.
Method
diff --git a/website/source/docs/secrets/postgresql/index.html.md b/website/source/docs/secrets/postgresql/index.html.md index f59666e32..8fdc3f62d 100644 --- a/website/source/docs/secrets/postgresql/index.html.md +++ b/website/source/docs/secrets/postgresql/index.html.md @@ -140,9 +140,15 @@ subpath for interactive help output.
  • max_open_connections optional - Maximum number of open connections to the database. - Defaults to 2. + Maximum number of open connections to the database. A zero uses the + default value of 2 and a negative value means unlimited.
    • + max_idle_connections + optional + Maximum number of idle connections to the database. A zero uses the + value of `max_open_connections` and a negative value disables idle + connections. If larger than `max_open_connections` it will be reduced + to be equal. diff --git a/website/source/layouts/_footer.erb b/website/source/layouts/_footer.erb index 7a31cf246..2213d3610 100644 --- a/website/source/layouts/_footer.erb +++ b/website/source/layouts/_footer.erb @@ -67,5 +67,20 @@ window.onload = function(){ <%= javascript_include_tag "application" %> + +