Merge 'upstream/master' into postgres_physical
This commit is contained in:
commit
93c64375e9
|
@ -70,11 +70,12 @@ IMPROVEMENTS:
|
|||
`tls_disable` option [GH-802]
|
||||
* credential/token: Add `last_renewal_time` to token lookup calls [GH-896]
|
||||
* helper/certutil: Add ability to parse PKCS#8 bundles [GH-829]
|
||||
* logical/aws: You can now get STS tokens instead of IAM users [GH-927]
|
||||
* logical/cubbyhole: Add cubbyhole access to default policy [GH-936]
|
||||
* logical/pki: Assign ExtKeyUsageAny to CA certs generated/signed with the
|
||||
backend; this fixes the non-spec validation logic used in the Windows Crypto
|
||||
API and Go's verification functions [GH-846]
|
||||
* logical/aws: You can now get STS tokens instead of IAM users [GH-927]
|
||||
* logical/postgres: Add `max_idle_connections` paramter [GH-950]
|
||||
* physical/cache: Use 2Q cache instead of straight LRU [GH-908]
|
||||
* physical/etcd: Support basic auth [GH-859]
|
||||
|
||||
|
@ -103,7 +104,8 @@ MISC:
|
|||
documentation](https://vaultproject.io/docs/config/index.html) for details.
|
||||
* Add `vault-java` to libraries [GH-851]
|
||||
* Various minor documentation fixes and improvements [GH-839] [GH-854]
|
||||
[GH-861] [GH-876] [GH-899] [GH-900] [GH-904] [GH-923] [GH-924]
|
||||
[GH-861] [GH-876] [GH-899] [GH-900] [GH-904] [GH-923] [GH-924] [GH-958]
|
||||
[GH-959]
|
||||
|
||||
## 0.4.1 (January 13, 2016)
|
||||
|
||||
|
|
|
@ -98,6 +98,7 @@ func (b *backend) DB(s logical.Storage) (*sql.DB, error) {
|
|||
// Set some connection pool settings. We don't need much of this,
|
||||
// since the request rate shouldn't be high.
|
||||
b.db.SetMaxOpenConns(connConfig.MaxOpenConnections)
|
||||
b.db.SetMaxIdleConns(connConfig.MaxIdleConnections)
|
||||
|
||||
return b.db, nil
|
||||
}
|
||||
|
|
|
@ -19,13 +19,24 @@ func pathConfigConnection(b *backend) *framework.Path {
|
|||
},
|
||||
"value": &framework.FieldSchema{
|
||||
Type: framework.TypeString,
|
||||
Description: `
|
||||
DB connection string. Use 'connection_url' instead.
|
||||
This will be deprecated.`,
|
||||
Description: `DB connection string. Use 'connection_url' instead.
|
||||
This will be deprecated.`,
|
||||
},
|
||||
"max_open_connections": &framework.FieldSchema{
|
||||
Type: framework.TypeInt,
|
||||
Description: "Maximum number of open connections to the database",
|
||||
Description: `Maximum number of open connections to the database;
|
||||
a zero uses the default value of two and a
|
||||
negative value means unlimited`,
|
||||
},
|
||||
|
||||
// Implementation note:
|
||||
"max_idle_connections": &framework.FieldSchema{
|
||||
Type: framework.TypeInt,
|
||||
Description: `Maximum number of idle connections to the database;
|
||||
a zero uses the value of max_open_connections
|
||||
and a negative value disables idle connections.
|
||||
If larger than max_open_connections it will be
|
||||
reduced to the same size.`,
|
||||
},
|
||||
},
|
||||
|
||||
|
@ -48,6 +59,14 @@ func (b *backend) pathConnectionWrite(
|
|||
maxOpenConns = 2
|
||||
}
|
||||
|
||||
maxIdleConns := data.Get("max_idle_connections").(int)
|
||||
if maxIdleConns == 0 {
|
||||
maxIdleConns = maxOpenConns
|
||||
}
|
||||
if maxIdleConns > maxOpenConns {
|
||||
maxIdleConns = maxOpenConns
|
||||
}
|
||||
|
||||
// Verify the string
|
||||
db, err := sql.Open("postgres", connString)
|
||||
if err != nil {
|
||||
|
@ -65,6 +84,7 @@ func (b *backend) pathConnectionWrite(
|
|||
ConnectionString: connString,
|
||||
ConnectionURL: connURL,
|
||||
MaxOpenConnections: maxOpenConns,
|
||||
MaxIdleConnections: maxIdleConns,
|
||||
})
|
||||
if err != nil {
|
||||
return nil, err
|
||||
|
@ -84,6 +104,7 @@ type connectionConfig struct {
|
|||
// Deprecate "value" in coming releases
|
||||
ConnectionString string `json:"value"`
|
||||
MaxOpenConnections int `json:"max_open_connections"`
|
||||
MaxIdleConnections int `json:"max_idle_connections"`
|
||||
}
|
||||
|
||||
const pathConfigConnectionHelpSyn = `
|
||||
|
|
38
scripts/cross/Dockerfile-patched-1.5.3
Normal file
38
scripts/cross/Dockerfile-patched-1.5.3
Normal file
|
@ -0,0 +1,38 @@
|
|||
# Adapted from tcnksm/dockerfile-gox -- thanks!
|
||||
|
||||
FROM debian:jessie
|
||||
|
||||
RUN apt-get update -y && apt-get install --no-install-recommends -y -q \
|
||||
curl \
|
||||
zip \
|
||||
build-essential \
|
||||
ca-certificates \
|
||||
git mercurial bzr \
|
||||
&& rm -rf /var/lib/apt/lists/*
|
||||
|
||||
ENV GOVERSION 1.5.3
|
||||
RUN mkdir /goroot-upstream && mkdir /gopath-upstream && mkdir /gopath
|
||||
RUN curl https://storage.googleapis.com/golang/go${GOVERSION}.linux-amd64.tar.gz \
|
||||
| tar xvzf - -C /goroot-upstream --strip-components=1
|
||||
|
||||
ENV GOROOT_BOOTSTRAP /goroot-upstream
|
||||
RUN git clone https://github.com/golang/go /goroot
|
||||
WORKDIR /goroot/src
|
||||
RUN git config user.email "jeff@hashicorp.com"
|
||||
RUN git config user.name "Jeff Mitchell"
|
||||
RUN git checkout -b go1.5.3-fixed-x509 go1.5.3
|
||||
RUN git cherry-pick e78e654c1de0a7bfe0314d6954d42b046f14f1bb
|
||||
RUN git cherry-pick a0ea93dea5f5741addc8c96b7ed037d0e359e33f
|
||||
RUN ./all.bash
|
||||
|
||||
ENV GOPATH /gopath
|
||||
ENV GOROOT /goroot
|
||||
ENV PATH $GOROOT/bin:$GOPATH/bin:$PATH
|
||||
|
||||
RUN go get github.com/mitchellh/gox
|
||||
RUN go get github.com/tools/godep
|
||||
|
||||
RUN mkdir -p /gopath/src/github.com/hashicorp/vault
|
||||
WORKDIR /gopath/src/github.com/hashicorp/vault
|
||||
ENV CGO_ENABLED=0
|
||||
CMD make bin
|
|
@ -762,7 +762,13 @@ func (c *Core) checkToken(req *logical.Request) (*logical.Auth, *TokenEntry, err
|
|||
// or creation as appropriate.
|
||||
if req.Operation == logical.CreateOperation || req.Operation == logical.UpdateOperation {
|
||||
checkExists, resourceExists, err := c.router.RouteExistenceCheck(req)
|
||||
if err != nil {
|
||||
switch err {
|
||||
case logical.ErrUnsupportedPath:
|
||||
// fail later via bad path to avoid confusing items in the log
|
||||
checkExists = false
|
||||
case nil:
|
||||
// Continue on
|
||||
default:
|
||||
c.logger.Printf("[ERR] core: failed to run existence check: %v", err)
|
||||
return nil, nil, ErrInternalError
|
||||
}
|
||||
|
|
BIN
website/source/assets/images/logo_large.png
(Stored with Git LFS)
Normal file
BIN
website/source/assets/images/logo_large.png
(Stored with Git LFS)
Normal file
Binary file not shown.
|
@ -26,7 +26,40 @@ $ vault auth -method=github token=<api token>
|
|||
|
||||
#### Via the API
|
||||
|
||||
The endpoint for the GitHub login is `/login`.
|
||||
The endpoint for the GitHub login is `auth/github/login`.
|
||||
|
||||
The `github` mountpoint value in the url is the default mountpoint value. If you have mounted the `github` backend with a different mountpoint, use that value.
|
||||
|
||||
The `token` should be sent in the POST body encoded as JSON.
|
||||
|
||||
```shell
|
||||
$ curl $VAULT_ADDR/v1/auth/github/login \
|
||||
-d '{ "token": "your_github_personal_access_token" }'
|
||||
```
|
||||
|
||||
The response will be in JSON. For example:
|
||||
|
||||
```javascript
|
||||
{
|
||||
"lease_id": "",
|
||||
"renewable": false,
|
||||
"lease_duration": 0,
|
||||
"data": null,
|
||||
"warnings": null,
|
||||
"auth": {
|
||||
"client_token": "c4f280f6-fdb2-18eb-89d3-589e2e834cdb",
|
||||
"policies": [
|
||||
"root"
|
||||
],
|
||||
"metadata": {
|
||||
"org": "test_org",
|
||||
"username": "rajanadar",
|
||||
},
|
||||
"lease_duration": 0,
|
||||
"renewable": false
|
||||
}
|
||||
}
|
||||
```
|
||||
|
||||
## Configuration
|
||||
|
||||
|
|
|
@ -11,7 +11,7 @@ description: |-
|
|||
<dl>
|
||||
<dt>Description</dt>
|
||||
<dd>
|
||||
Returns the seal status of the Vault.
|
||||
Returns the seal status of the Vault.<br/><br/>This is an unauthenticated endpoint.
|
||||
</dd>
|
||||
|
||||
<dt>Method</dt>
|
||||
|
|
|
@ -140,9 +140,15 @@ subpath for interactive help output.
|
|||
<li>
|
||||
<span class="param">max_open_connections</span>
|
||||
<span class="param-flags">optional</span>
|
||||
Maximum number of open connections to the database.
|
||||
Defaults to 2.
|
||||
Maximum number of open connections to the database. A zero uses the
|
||||
default value of 2 and a negative value means unlimited.
|
||||
</li>
|
||||
<span class="param">max_idle_connections</span>
|
||||
<span class="param-flags">optional</span>
|
||||
Maximum number of idle connections to the database. A zero uses the
|
||||
value of `max_open_connections` and a negative value disables idle
|
||||
connections. If larger than `max_open_connections` it will be reduced
|
||||
to be equal.
|
||||
</ul>
|
||||
</dd>
|
||||
|
||||
|
|
|
@ -67,5 +67,20 @@ window.onload = function(){
|
|||
|
||||
<%= javascript_include_tag "application" %>
|
||||
|
||||
<script type="application/ld+json">
|
||||
{
|
||||
"@context": "http://schema.org",
|
||||
"@type": "Product",
|
||||
"name": "Vault",
|
||||
"alternateName": "Vault by HashiCorp",
|
||||
"manufacturer": "HashiCorp",
|
||||
"url": "https://www.vaultproject.io",
|
||||
"logo": "<%= File.join(base_url, image_path("logo_large.png")) %>",
|
||||
"sameAs": [
|
||||
"https://github.com/hashicorp/vault"
|
||||
]
|
||||
}
|
||||
</script>
|
||||
|
||||
</body>
|
||||
</html>
|
||||
|
|
Loading…
Reference in a new issue