Merge 'upstream/master' into postgres_physical
This commit is contained in:
commit
93c64375e9
|
@ -70,11 +70,12 @@ IMPROVEMENTS:
|
||||||
`tls_disable` option [GH-802]
|
`tls_disable` option [GH-802]
|
||||||
* credential/token: Add `last_renewal_time` to token lookup calls [GH-896]
|
* credential/token: Add `last_renewal_time` to token lookup calls [GH-896]
|
||||||
* helper/certutil: Add ability to parse PKCS#8 bundles [GH-829]
|
* helper/certutil: Add ability to parse PKCS#8 bundles [GH-829]
|
||||||
|
* logical/aws: You can now get STS tokens instead of IAM users [GH-927]
|
||||||
* logical/cubbyhole: Add cubbyhole access to default policy [GH-936]
|
* logical/cubbyhole: Add cubbyhole access to default policy [GH-936]
|
||||||
* logical/pki: Assign ExtKeyUsageAny to CA certs generated/signed with the
|
* logical/pki: Assign ExtKeyUsageAny to CA certs generated/signed with the
|
||||||
backend; this fixes the non-spec validation logic used in the Windows Crypto
|
backend; this fixes the non-spec validation logic used in the Windows Crypto
|
||||||
API and Go's verification functions [GH-846]
|
API and Go's verification functions [GH-846]
|
||||||
* logical/aws: You can now get STS tokens instead of IAM users [GH-927]
|
* logical/postgres: Add `max_idle_connections` paramter [GH-950]
|
||||||
* physical/cache: Use 2Q cache instead of straight LRU [GH-908]
|
* physical/cache: Use 2Q cache instead of straight LRU [GH-908]
|
||||||
* physical/etcd: Support basic auth [GH-859]
|
* physical/etcd: Support basic auth [GH-859]
|
||||||
|
|
||||||
|
@ -103,7 +104,8 @@ MISC:
|
||||||
documentation](https://vaultproject.io/docs/config/index.html) for details.
|
documentation](https://vaultproject.io/docs/config/index.html) for details.
|
||||||
* Add `vault-java` to libraries [GH-851]
|
* Add `vault-java` to libraries [GH-851]
|
||||||
* Various minor documentation fixes and improvements [GH-839] [GH-854]
|
* Various minor documentation fixes and improvements [GH-839] [GH-854]
|
||||||
[GH-861] [GH-876] [GH-899] [GH-900] [GH-904] [GH-923] [GH-924]
|
[GH-861] [GH-876] [GH-899] [GH-900] [GH-904] [GH-923] [GH-924] [GH-958]
|
||||||
|
[GH-959]
|
||||||
|
|
||||||
## 0.4.1 (January 13, 2016)
|
## 0.4.1 (January 13, 2016)
|
||||||
|
|
||||||
|
|
|
@ -98,6 +98,7 @@ func (b *backend) DB(s logical.Storage) (*sql.DB, error) {
|
||||||
// Set some connection pool settings. We don't need much of this,
|
// Set some connection pool settings. We don't need much of this,
|
||||||
// since the request rate shouldn't be high.
|
// since the request rate shouldn't be high.
|
||||||
b.db.SetMaxOpenConns(connConfig.MaxOpenConnections)
|
b.db.SetMaxOpenConns(connConfig.MaxOpenConnections)
|
||||||
|
b.db.SetMaxIdleConns(connConfig.MaxIdleConnections)
|
||||||
|
|
||||||
return b.db, nil
|
return b.db, nil
|
||||||
}
|
}
|
||||||
|
|
|
@ -19,13 +19,24 @@ func pathConfigConnection(b *backend) *framework.Path {
|
||||||
},
|
},
|
||||||
"value": &framework.FieldSchema{
|
"value": &framework.FieldSchema{
|
||||||
Type: framework.TypeString,
|
Type: framework.TypeString,
|
||||||
Description: `
|
Description: `DB connection string. Use 'connection_url' instead.
|
||||||
DB connection string. Use 'connection_url' instead.
|
This will be deprecated.`,
|
||||||
This will be deprecated.`,
|
|
||||||
},
|
},
|
||||||
"max_open_connections": &framework.FieldSchema{
|
"max_open_connections": &framework.FieldSchema{
|
||||||
Type: framework.TypeInt,
|
Type: framework.TypeInt,
|
||||||
Description: "Maximum number of open connections to the database",
|
Description: `Maximum number of open connections to the database;
|
||||||
|
a zero uses the default value of two and a
|
||||||
|
negative value means unlimited`,
|
||||||
|
},
|
||||||
|
|
||||||
|
// Implementation note:
|
||||||
|
"max_idle_connections": &framework.FieldSchema{
|
||||||
|
Type: framework.TypeInt,
|
||||||
|
Description: `Maximum number of idle connections to the database;
|
||||||
|
a zero uses the value of max_open_connections
|
||||||
|
and a negative value disables idle connections.
|
||||||
|
If larger than max_open_connections it will be
|
||||||
|
reduced to the same size.`,
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
|
||||||
|
@ -48,6 +59,14 @@ func (b *backend) pathConnectionWrite(
|
||||||
maxOpenConns = 2
|
maxOpenConns = 2
|
||||||
}
|
}
|
||||||
|
|
||||||
|
maxIdleConns := data.Get("max_idle_connections").(int)
|
||||||
|
if maxIdleConns == 0 {
|
||||||
|
maxIdleConns = maxOpenConns
|
||||||
|
}
|
||||||
|
if maxIdleConns > maxOpenConns {
|
||||||
|
maxIdleConns = maxOpenConns
|
||||||
|
}
|
||||||
|
|
||||||
// Verify the string
|
// Verify the string
|
||||||
db, err := sql.Open("postgres", connString)
|
db, err := sql.Open("postgres", connString)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
@ -65,6 +84,7 @@ func (b *backend) pathConnectionWrite(
|
||||||
ConnectionString: connString,
|
ConnectionString: connString,
|
||||||
ConnectionURL: connURL,
|
ConnectionURL: connURL,
|
||||||
MaxOpenConnections: maxOpenConns,
|
MaxOpenConnections: maxOpenConns,
|
||||||
|
MaxIdleConnections: maxIdleConns,
|
||||||
})
|
})
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
|
@ -84,6 +104,7 @@ type connectionConfig struct {
|
||||||
// Deprecate "value" in coming releases
|
// Deprecate "value" in coming releases
|
||||||
ConnectionString string `json:"value"`
|
ConnectionString string `json:"value"`
|
||||||
MaxOpenConnections int `json:"max_open_connections"`
|
MaxOpenConnections int `json:"max_open_connections"`
|
||||||
|
MaxIdleConnections int `json:"max_idle_connections"`
|
||||||
}
|
}
|
||||||
|
|
||||||
const pathConfigConnectionHelpSyn = `
|
const pathConfigConnectionHelpSyn = `
|
||||||
|
|
38
scripts/cross/Dockerfile-patched-1.5.3
Normal file
38
scripts/cross/Dockerfile-patched-1.5.3
Normal file
|
@ -0,0 +1,38 @@
|
||||||
|
# Adapted from tcnksm/dockerfile-gox -- thanks!
|
||||||
|
|
||||||
|
FROM debian:jessie
|
||||||
|
|
||||||
|
RUN apt-get update -y && apt-get install --no-install-recommends -y -q \
|
||||||
|
curl \
|
||||||
|
zip \
|
||||||
|
build-essential \
|
||||||
|
ca-certificates \
|
||||||
|
git mercurial bzr \
|
||||||
|
&& rm -rf /var/lib/apt/lists/*
|
||||||
|
|
||||||
|
ENV GOVERSION 1.5.3
|
||||||
|
RUN mkdir /goroot-upstream && mkdir /gopath-upstream && mkdir /gopath
|
||||||
|
RUN curl https://storage.googleapis.com/golang/go${GOVERSION}.linux-amd64.tar.gz \
|
||||||
|
| tar xvzf - -C /goroot-upstream --strip-components=1
|
||||||
|
|
||||||
|
ENV GOROOT_BOOTSTRAP /goroot-upstream
|
||||||
|
RUN git clone https://github.com/golang/go /goroot
|
||||||
|
WORKDIR /goroot/src
|
||||||
|
RUN git config user.email "jeff@hashicorp.com"
|
||||||
|
RUN git config user.name "Jeff Mitchell"
|
||||||
|
RUN git checkout -b go1.5.3-fixed-x509 go1.5.3
|
||||||
|
RUN git cherry-pick e78e654c1de0a7bfe0314d6954d42b046f14f1bb
|
||||||
|
RUN git cherry-pick a0ea93dea5f5741addc8c96b7ed037d0e359e33f
|
||||||
|
RUN ./all.bash
|
||||||
|
|
||||||
|
ENV GOPATH /gopath
|
||||||
|
ENV GOROOT /goroot
|
||||||
|
ENV PATH $GOROOT/bin:$GOPATH/bin:$PATH
|
||||||
|
|
||||||
|
RUN go get github.com/mitchellh/gox
|
||||||
|
RUN go get github.com/tools/godep
|
||||||
|
|
||||||
|
RUN mkdir -p /gopath/src/github.com/hashicorp/vault
|
||||||
|
WORKDIR /gopath/src/github.com/hashicorp/vault
|
||||||
|
ENV CGO_ENABLED=0
|
||||||
|
CMD make bin
|
|
@ -762,7 +762,13 @@ func (c *Core) checkToken(req *logical.Request) (*logical.Auth, *TokenEntry, err
|
||||||
// or creation as appropriate.
|
// or creation as appropriate.
|
||||||
if req.Operation == logical.CreateOperation || req.Operation == logical.UpdateOperation {
|
if req.Operation == logical.CreateOperation || req.Operation == logical.UpdateOperation {
|
||||||
checkExists, resourceExists, err := c.router.RouteExistenceCheck(req)
|
checkExists, resourceExists, err := c.router.RouteExistenceCheck(req)
|
||||||
if err != nil {
|
switch err {
|
||||||
|
case logical.ErrUnsupportedPath:
|
||||||
|
// fail later via bad path to avoid confusing items in the log
|
||||||
|
checkExists = false
|
||||||
|
case nil:
|
||||||
|
// Continue on
|
||||||
|
default:
|
||||||
c.logger.Printf("[ERR] core: failed to run existence check: %v", err)
|
c.logger.Printf("[ERR] core: failed to run existence check: %v", err)
|
||||||
return nil, nil, ErrInternalError
|
return nil, nil, ErrInternalError
|
||||||
}
|
}
|
||||||
|
|
BIN
website/source/assets/images/logo_large.png
(Stored with Git LFS)
Normal file
BIN
website/source/assets/images/logo_large.png
(Stored with Git LFS)
Normal file
Binary file not shown.
|
@ -26,7 +26,40 @@ $ vault auth -method=github token=<api token>
|
||||||
|
|
||||||
#### Via the API
|
#### Via the API
|
||||||
|
|
||||||
The endpoint for the GitHub login is `/login`.
|
The endpoint for the GitHub login is `auth/github/login`.
|
||||||
|
|
||||||
|
The `github` mountpoint value in the url is the default mountpoint value. If you have mounted the `github` backend with a different mountpoint, use that value.
|
||||||
|
|
||||||
|
The `token` should be sent in the POST body encoded as JSON.
|
||||||
|
|
||||||
|
```shell
|
||||||
|
$ curl $VAULT_ADDR/v1/auth/github/login \
|
||||||
|
-d '{ "token": "your_github_personal_access_token" }'
|
||||||
|
```
|
||||||
|
|
||||||
|
The response will be in JSON. For example:
|
||||||
|
|
||||||
|
```javascript
|
||||||
|
{
|
||||||
|
"lease_id": "",
|
||||||
|
"renewable": false,
|
||||||
|
"lease_duration": 0,
|
||||||
|
"data": null,
|
||||||
|
"warnings": null,
|
||||||
|
"auth": {
|
||||||
|
"client_token": "c4f280f6-fdb2-18eb-89d3-589e2e834cdb",
|
||||||
|
"policies": [
|
||||||
|
"root"
|
||||||
|
],
|
||||||
|
"metadata": {
|
||||||
|
"org": "test_org",
|
||||||
|
"username": "rajanadar",
|
||||||
|
},
|
||||||
|
"lease_duration": 0,
|
||||||
|
"renewable": false
|
||||||
|
}
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
||||||
## Configuration
|
## Configuration
|
||||||
|
|
||||||
|
|
|
@ -11,7 +11,7 @@ description: |-
|
||||||
<dl>
|
<dl>
|
||||||
<dt>Description</dt>
|
<dt>Description</dt>
|
||||||
<dd>
|
<dd>
|
||||||
Returns the seal status of the Vault.
|
Returns the seal status of the Vault.<br/><br/>This is an unauthenticated endpoint.
|
||||||
</dd>
|
</dd>
|
||||||
|
|
||||||
<dt>Method</dt>
|
<dt>Method</dt>
|
||||||
|
|
|
@ -140,9 +140,15 @@ subpath for interactive help output.
|
||||||
<li>
|
<li>
|
||||||
<span class="param">max_open_connections</span>
|
<span class="param">max_open_connections</span>
|
||||||
<span class="param-flags">optional</span>
|
<span class="param-flags">optional</span>
|
||||||
Maximum number of open connections to the database.
|
Maximum number of open connections to the database. A zero uses the
|
||||||
Defaults to 2.
|
default value of 2 and a negative value means unlimited.
|
||||||
</li>
|
</li>
|
||||||
|
<span class="param">max_idle_connections</span>
|
||||||
|
<span class="param-flags">optional</span>
|
||||||
|
Maximum number of idle connections to the database. A zero uses the
|
||||||
|
value of `max_open_connections` and a negative value disables idle
|
||||||
|
connections. If larger than `max_open_connections` it will be reduced
|
||||||
|
to be equal.
|
||||||
</ul>
|
</ul>
|
||||||
</dd>
|
</dd>
|
||||||
|
|
||||||
|
|
|
@ -67,5 +67,20 @@ window.onload = function(){
|
||||||
|
|
||||||
<%= javascript_include_tag "application" %>
|
<%= javascript_include_tag "application" %>
|
||||||
|
|
||||||
|
<script type="application/ld+json">
|
||||||
|
{
|
||||||
|
"@context": "http://schema.org",
|
||||||
|
"@type": "Product",
|
||||||
|
"name": "Vault",
|
||||||
|
"alternateName": "Vault by HashiCorp",
|
||||||
|
"manufacturer": "HashiCorp",
|
||||||
|
"url": "https://www.vaultproject.io",
|
||||||
|
"logo": "<%= File.join(base_url, image_path("logo_large.png")) %>",
|
||||||
|
"sameAs": [
|
||||||
|
"https://github.com/hashicorp/vault"
|
||||||
|
]
|
||||||
|
}
|
||||||
|
</script>
|
||||||
|
|
||||||
</body>
|
</body>
|
||||||
</html>
|
</html>
|
||||||
|
|
Loading…
Reference in a new issue