luxolus
/
open-vault
2
0
Fork 0
Code Issues 1 Pull Requests Releases Activity

Merge 'upstream/master' into postgres_physical

This commit is contained in:
Devin Christensen 2016-01-25 13:43:16 -07:00
parent 9d776351a3 3761f19932
commit 93c64375e9
10 changed files with 137 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
CHANGELOG.md
View File

@ -70,11 +70,12 @@ IMPROVEMENTS:
`tls_disable` option [GH-802] `tls_disable` option [GH-802]
* credential/token: Add `last_renewal_time` to token lookup calls [GH-896] * credential/token: Add `last_renewal_time` to token lookup calls [GH-896]
* helper/certutil: Add ability to parse PKCS#8 bundles [GH-829] * helper/certutil: Add ability to parse PKCS#8 bundles [GH-829]
* logical/aws: You can now get STS tokens instead of IAM users [GH-927]
* logical/cubbyhole: Add cubbyhole access to default policy [GH-936] * logical/cubbyhole: Add cubbyhole access to default policy [GH-936]
* logical/pki: Assign ExtKeyUsageAny to CA certs generated/signed with the * logical/pki: Assign ExtKeyUsageAny to CA certs generated/signed with the
backend; this fixes the non-spec validation logic used in the Windows Crypto backend; this fixes the non-spec validation logic used in the Windows Crypto
API and Go's verification functions [GH-846] API and Go's verification functions [GH-846]
* logical/aws: You can now get STS tokens instead of IAM users [GH-927] * logical/postgres: Add `max_idle_connections` paramter [GH-950]
* physical/cache: Use 2Q cache instead of straight LRU [GH-908] * physical/cache: Use 2Q cache instead of straight LRU [GH-908]
* physical/etcd: Support basic auth [GH-859] * physical/etcd: Support basic auth [GH-859]
@ -103,7 +104,8 @@ MISC:
documentation](https://vaultproject.io/docs/config/index.html) for details. documentation](https://vaultproject.io/docs/config/index.html) for details.
* Add `vault-java` to libraries [GH-851] * Add `vault-java` to libraries [GH-851]
* Various minor documentation fixes and improvements [GH-839] [GH-854] * Various minor documentation fixes and improvements [GH-839] [GH-854]
[GH-861] [GH-876] [GH-899] [GH-900] [GH-904] [GH-923] [GH-924] [GH-861] [GH-876] [GH-899] [GH-900] [GH-904] [GH-923] [GH-924] [GH-958]
[GH-959]
## 0.4.1 (January 13, 2016) ## 0.4.1 (January 13, 2016)

1
builtin/logical/postgresql/backend.go
View File

@ -98,6 +98,7 @@ func (b *backend) DB(s logical.Storage) (*sql.DB, error) {
// Set some connection pool settings. We don't need much of this, // Set some connection pool settings. We don't need much of this,
// since the request rate shouldn't be high. // since the request rate shouldn't be high.
b.db.SetMaxOpenConns(connConfig.MaxOpenConnections) b.db.SetMaxOpenConns(connConfig.MaxOpenConnections)
b.db.SetMaxIdleConns(connConfig.MaxIdleConnections)
return b.db, nil return b.db, nil
} }

27
builtin/logical/postgresql/path_config_connection.go
View File

@ -19,13 +19,24 @@ func pathConfigConnection(b *backend) *framework.Path {
}, },
"value": &framework.FieldSchema{ "value": &framework.FieldSchema{
Type: framework.TypeString, Type: framework.TypeString,
Description: ` Description: `DB connection string. Use 'connection_url' instead.
DB connection string. Use 'connection_url' instead.
This will be deprecated.`, This will be deprecated.`,
}, },
"max_open_connections": &framework.FieldSchema{ "max_open_connections": &framework.FieldSchema{
Type: framework.TypeInt, Type: framework.TypeInt,
Description: "Maximum number of open connections to the database", Description: `Maximum number of open connections to the database;
a zero uses the default value of two and a
negative value means unlimited`,
},
// Implementation note:
"max_idle_connections": &framework.FieldSchema{
Type: framework.TypeInt,
Description: `Maximum number of idle connections to the database;
a zero uses the value of max_open_connections
and a negative value disables idle connections.
If larger than max_open_connections it will be
reduced to the same size.`,
}, },
}, },
@ -48,6 +59,14 @@ func (b *backend) pathConnectionWrite(
maxOpenConns = 2 maxOpenConns = 2
} }
maxIdleConns := data.Get("max_idle_connections").(int)
if maxIdleConns == 0 {
maxIdleConns = maxOpenConns
}
if maxIdleConns > maxOpenConns {
maxIdleConns = maxOpenConns
}
// Verify the string // Verify the string
db, err := sql.Open("postgres", connString) db, err := sql.Open("postgres", connString)
if err != nil { if err != nil {
@ -65,6 +84,7 @@ func (b *backend) pathConnectionWrite(
ConnectionString: connString, ConnectionString: connString,
ConnectionURL: connURL, ConnectionURL: connURL,
MaxOpenConnections: maxOpenConns, MaxOpenConnections: maxOpenConns,
MaxIdleConnections: maxIdleConns,
}) })
if err != nil { if err != nil {
return nil, err return nil, err
@ -84,6 +104,7 @@ type connectionConfig struct {
// Deprecate "value" in coming releases // Deprecate "value" in coming releases
ConnectionString string `json:"value"` ConnectionString string `json:"value"`
MaxOpenConnections int `json:"max_open_connections"` MaxOpenConnections int `json:"max_open_connections"`
MaxIdleConnections int `json:"max_idle_connections"`
} }
const pathConfigConnectionHelpSyn = ` const pathConfigConnectionHelpSyn = `

38
scripts/cross/Dockerfile-patched-1.5.3 Normal file
View File

@ -0,0 +1,38 @@
# Adapted from tcnksm/dockerfile-gox -- thanks!
FROM debian:jessie
RUN apt-get update -y && apt-get install --no-install-recommends -y -q \
curl \
zip \
build-essential \
ca-certificates \
git mercurial bzr \
&& rm -rf /var/lib/apt/lists/*
ENV GOVERSION 1.5.3
RUN mkdir /goroot-upstream && mkdir /gopath-upstream && mkdir /gopath
RUN curl https://storage.googleapis.com/golang/go${GOVERSION}.linux-amd64.tar.gz \
| tar xvzf - -C /goroot-upstream --strip-components=1
ENV GOROOT_BOOTSTRAP /goroot-upstream
RUN git clone https://github.com/golang/go /goroot
WORKDIR /goroot/src
RUN git config user.email "jeff@hashicorp.com"
RUN git config user.name "Jeff Mitchell"
RUN git checkout -b go1.5.3-fixed-x509 go1.5.3
RUN git cherry-pick e78e654c1de0a7bfe0314d6954d42b046f14f1bb
RUN git cherry-pick a0ea93dea5f5741addc8c96b7ed037d0e359e33f
RUN ./all.bash
ENV GOPATH /gopath
ENV GOROOT /goroot
ENV PATH $GOROOT/bin:$GOPATH/bin:$PATH
RUN go get github.com/mitchellh/gox
RUN go get github.com/tools/godep
RUN mkdir -p /gopath/src/github.com/hashicorp/vault
WORKDIR /gopath/src/github.com/hashicorp/vault
ENV CGO_ENABLED=0
CMD make bin

8
vault/core.go
View File

@ -762,7 +762,13 @@ func (c *Core) checkToken(req *logical.Request) (*logical.Auth, *TokenEntry, err
// or creation as appropriate. // or creation as appropriate.
if req.Operation == logical.CreateOperation || req.Operation == logical.UpdateOperation { if req.Operation == logical.CreateOperation || req.Operation == logical.UpdateOperation {
checkExists, resourceExists, err := c.router.RouteExistenceCheck(req) checkExists, resourceExists, err := c.router.RouteExistenceCheck(req)
if err != nil { switch err {
case logical.ErrUnsupportedPath:
// fail later via bad path to avoid confusing items in the log
checkExists = false
case nil:
// Continue on
default:
c.logger.Printf("[ERR] core: failed to run existence check: %v", err) c.logger.Printf("[ERR] core: failed to run existence check: %v", err)
return nil, nil, ErrInternalError return nil, nil, ErrInternalError
} }

BIN
website/source/assets/images/logo_large.png (Stored with Git LFS) Normal file
View File

Binary file not shown.

35
website/source/docs/auth/github.html.md
View File

@ -26,7 +26,40 @@ $ vault auth -method=github token=<api token>
#### Via the API #### Via the API
The endpoint for the GitHub login is `/login`. The endpoint for the GitHub login is `auth/github/login`.
The `github` mountpoint value in the url is the default mountpoint value. If you have mounted the `github` backend with a different mountpoint, use that value.
The `token` should be sent in the POST body encoded as JSON.
```shell
$ curl $VAULT_ADDR/v1/auth/github/login \
-d '{ "token": "your_github_personal_access_token" }'
```
The response will be in JSON. For example:
```javascript
{
"lease_id": "",
"renewable": false,
"lease_duration": 0,
"data": null,
"warnings": null,
"auth": {
"client_token": "c4f280f6-fdb2-18eb-89d3-589e2e834cdb",
"policies": [
"root"
],
"metadata": {
"org": "test_org",
"username": "rajanadar",
},
"lease_duration": 0,
"renewable": false
}
}
```
## Configuration ## Configuration

2
website/source/docs/http/sys-seal-status.html.md
View File

@ -11,7 +11,7 @@ description: |-
<dl> <dl>
<dt>Description</dt> <dt>Description</dt>
<dd> <dd>
Returns the seal status of the Vault. Returns the seal status of the Vault.<br/><br/>This is an unauthenticated endpoint.
</dd> </dd>
<dt>Method</dt> <dt>Method</dt>

10
website/source/docs/secrets/postgresql/index.html.md
View File

@ -140,9 +140,15 @@ subpath for interactive help output.
<li> <li>
<span class="param">max_open_connections</span> <span class="param">max_open_connections</span>
<span class="param-flags">optional</span> <span class="param-flags">optional</span>
Maximum number of open connections to the database. Maximum number of open connections to the database. A zero uses the
Defaults to 2. default value of 2 and a negative value means unlimited.
</li> </li>
<span class="param">max_idle_connections</span>
<span class="param-flags">optional</span>
Maximum number of idle connections to the database. A zero uses the
value of `max_open_connections` and a negative value disables idle
connections. If larger than `max_open_connections` it will be reduced
to be equal.
</ul> </ul>
</dd> </dd>

15
website/source/layouts/_footer.erb
View File

@ -67,5 +67,20 @@ window.onload = function(){
<%= javascript_include_tag "application" %> <%= javascript_include_tag "application" %>
<script type="application/ld+json">
{
"@context": "http://schema.org",
"@type": "Product",
"name": "Vault",
"alternateName": "Vault by HashiCorp",
"manufacturer": "HashiCorp",
"url": "https://www.vaultproject.io",
"logo": "<%= File.join(base_url, image_path("logo_large.png")) %>",
"sameAs": [
"https://github.com/hashicorp/vault"
]
}
</script>
</body> </body>
</html> </html>