Calvin Leung Huang
3108860d4b
Audit HMAC values on AuthConfig ( #4077 )
...
* Add audit hmac values to AuthConfigInput and AuthConfigOutput, fix docs
* docs: Add ttl params to auth enable endpoint
* Rewording of go string to simply string
* Add audit hmac keys as CLI flags on auth/secrets enable
* Fix copypasta mistake
* Add audit hmac keys to auth and secrets list
* Only set config values if they exist
* Fix http sys/auth tests
* More auth plugin_name test fixes
* Pass API values into MountEntry's config when creating auth/secrets mount
* Update usage wording
2018-03-09 14:32:28 -05:00
Jeff Mitchell
55187255bd
Truncate token store issued token periods when greater than tuned max at ( #4112 )
...
issue time, not just renew time.
2018-03-09 10:53:04 -05:00
Jeff Mitchell
a82b43081c
Fix output in warning displaying nanoseconds instead of seconds
2018-03-08 16:14:20 -05:00
Brian Kassouf
9dba3590ac
Add context to the NewSalt function ( #4102 )
2018-03-08 11:21:11 -08:00
Brian Kassouf
34d958968d
Revert stopoptions ( #4088 )
...
* Use an atomic value instead to communicate whether to give up HA lock
* Remove now-unneeded StopOptions struct
* Add a channel based mutex acquisition function to avoid a deadlock
* Make periodic leader refresh only spawn a single waiting goroutine and
extend logic to the key upgrade check
2018-03-06 21:35:58 -05:00
Jeff Mitchell
6b777dc63e
Rearrange shutdown logic to remove some lock switching ( #4083 )
...
* Rearrange shutdown logic to remove some lock switching and to allow
giving up the HA lock to be skipped.
2018-03-06 18:06:09 -05:00
Calvin Leung Huang
e2fb199ce5
Non-HMAC audit values ( #4033 )
...
* Add non-hmac request keys
* Update comment
* Initial audit request keys implementation
* Add audit_non_hmac_response_keys
* Move where req.NonHMACKeys gets set
* Minor refactor
* Add params to auth tune endpoints
* Sync cache on loadCredentials
* Explicitly unset req.NonHMACKeys
* Do not error if entry is nil
* Add tests
* docs: Add params to api sections
* Refactor audit.Backend and Formatter interfaces, update audit broker methods
* Add audit_broker.go
* Fix method call params in audit backends
* Remove fields from logical.Request and logical.Response, pass keys via LogInput
* Use data.GetOk to allow unsetting existing values
* Remove debug lines
* Add test for unsetting values
* Address review feedback
* Initialize values in FormatRequest and FormatResponse using input values
* Update docs
* Use strutil.StrListContains
* Use strutil.StrListContains
2018-03-02 12:18:39 -05:00
Jeff Mitchell
5034ae2dcb
Add the ability to use multiple paths for capability checking ( #3663 )
...
* Add the ability to use multiple paths for capability checking. WIP
(tests, docs).
Fixes #3336
* Added tests
* added 'paths' field
* Update docs
* return error if paths is not supplied
2018-03-01 11:14:56 -05:00
Jeff Mitchell
f1bd0cbe74
Use atomic values in seal to avoid some data races ( #4040 )
2018-02-23 17:18:48 -05:00
Jeff Mitchell
d4a431b298
Move local cluster parameters to atomic values to fix some potential data races ( #4036 )
2018-02-23 14:47:07 -05:00
Brian Kassouf
cb08fb92d2
Port some replicated cluster changes from ent ( #4037 )
2018-02-23 14:01:15 -05:00
Jeff Mitchell
1a814803d7
Add core object to policy store for some ent uses
2018-02-23 14:00:46 -05:00
Calvin Leung Huang
1bb4d165e7
Add TTL related config options on auth enable ( #4019 )
2018-02-22 10:26:29 -05:00
Jeff Mitchell
4669f37c78
Add four cluster flag
2018-02-22 00:23:37 -05:00
Gobin Sougrakpam
33e22c41ca
Log warnings when too many leases are active ( #3957 )
2018-02-14 09:22:46 -05:00
Kevin Paulisse
2282fcef8a
Decompress data before sending via sys/raw ( #3954 )
2018-02-09 18:43:48 -05:00
Jeff Mitchell
96ea0620fd
Add sealunwrapper to ease OSS downgrades ( #3936 )
2018-02-09 16:37:40 -05:00
Jeff Mitchell
847e499261
Simplify readonly view logic
2018-02-09 15:39:27 -05:00
Vishal Nayak
bf66dc2841
Make mount view read only until after mount persist ( #3910 )
2018-02-09 14:04:25 -05:00
Vishal Nayak
81c66efd6d
AppRole/Identity: Fix for race when creating an entity during login ( #3932 )
...
* possible fix for race in approle login while creating entity
* Add a test that hits the login request concurrently
* address review comments
2018-02-09 10:40:56 -05:00
seanjfellows
4739342fdb
Create audit failure metrics unconditionally ( #3937 )
2018-02-07 15:57:00 -05:00
Jeff Mitchell
1a8a843588
Change grpc's max sent/recv size to a very large value. ( #3912 )
2018-02-06 13:52:35 -05:00
Jeff Mitchell
642b88c76a
go vet fixes
2018-02-05 14:26:31 -05:00
Jeff Mitchell
05723e1229
Revert cluster.go change
2018-02-04 20:42:45 -05:00
Jeff Mitchell
f33563f667
Some vet fixes
2018-02-04 20:37:57 -05:00
Jeff Mitchell
fc6564e4ee
Don't run rollback and upgrade functionality if we are a replication secondary ( #3900 )
...
* Don't run rollback and upgrade functionality if we are a replication
secondary, but do if the mount is local.
2018-02-02 20:28:25 -05:00
Jeff Mitchell
676b302dbf
Add a sysview call to determine if a mount is local. ( #3899 )
...
This is useful for deciding when to run upgrade logic, e.g. if on a
performance secondary but local it's fine to run.
2018-02-02 18:17:12 -05:00
Calvin Leung Huang
848ce6427b
Handle period's zero value in token store's token creation ( #3880 )
...
* Handle period's zero value on handleCreateCommon
* Add test for period zero value
2018-02-01 12:01:46 -05:00
Jeff Mitchell
60e2209532
Remove core restriction in cache and turn it into an active/standby restriction instead ( #3849 )
2018-01-25 22:21:51 -05:00
Vishal Nayak
150ad8405b
Remove logical.Initialize() method ( #3848 )
...
* Remove logical.Initialize() method
* More cleanup
* Fix test
2018-01-25 20:19:27 -05:00
Jeff Mitchell
ad9da2e0b8
Fix intermittent panic by storing a reference to the grpc server ( #3842 )
...
* Fix intermittent panic by storing a reference to the grpc server and
using that to ensure it will never be nil.
* Just get rid of c.rpcServer
2018-01-24 20:23:08 -05:00
Jeff Mitchell
cf87cc54fc
Fix build
2018-01-22 21:45:22 -05:00
Jeff Mitchell
8e8675053b
Sync some bits over
2018-01-22 21:44:49 -05:00
Jeff Mitchell
7d6fed2e86
Use a separate var for active node replication state ( #3819 )
2018-01-19 19:24:04 -05:00
Jeff Mitchell
43617619ad
Embed derived contexts into replication clients
2018-01-19 07:22:31 -05:00
Jeff Mitchell
123e22cd7e
Fix compile
2018-01-19 05:31:55 -05:00
Jeff Mitchell
b4be030d07
Add context to barrier encryptor interface
2018-01-19 05:28:47 -05:00
Jeff Mitchell
31a7eb1168
Add context to barrier encryptor access
2018-01-19 05:24:40 -05:00
Jeff Mitchell
69aead14f0
A bit more context plumbing
2018-01-19 04:11:59 -05:00
Jeff Mitchell
33b68ebf3d
Remove context from a few extraneous places
2018-01-19 03:44:06 -05:00
Jeff Mitchell
6be5b8e8a1
Don't use context in barrier type/recovery type
2018-01-19 03:17:36 -05:00
Jeff Mitchell
0f7e3bb79b
Add context to performPolicyChecks
2018-01-19 02:43:39 -05:00
Jeff Mitchell
c97e73ce70
Don't check recovery seal in Initialized()
...
It doesn't actually matter and can give false positives.
2018-01-19 01:55:33 -05:00
Brian Kassouf
2f19de0305
Add context to storage backends and wire it through a lot of places ( #3817 )
2018-01-19 01:44:44 -05:00
Jeff Mitchell
842a3a4a05
Remove RegisterLicense from logical.Backend
...
It's almost certainly the wrong signature and nothing uses it currently
anyways.
2018-01-18 13:44:29 -05:00
Calvin Leung Huang
f59069c22f
Don't call LeaseExtend on login renewal paths when period is provided ( #3803 )
...
* Don't call LeaseExtend on login renewal paths when period is provided
* WIP tests
* NoopBackend accept backend ttl values
* Test period value on credentials backend
* Use t.Fatalf instead
* Remove mockCoreExpiration
* Add login renewal test for approle backend
* Add resp.Auth.Period check on aws and cert backend tests
* Pass in approle's period via role's period
* Correctly set period in valid-role's role
* Add period renewal test using TestCluster and approle backend
* Check for ttl values after renewals on test
2018-01-18 12:19:18 -05:00
Jeff Mitchell
cf895fc19a
Actually print out forwarded stacktrace
2018-01-18 11:40:59 -05:00
Calvin Leung Huang
bffaf9b0c3
Remove vlogger, add log.Logger to PolicyStore struct ( #3813 )
2018-01-18 01:01:51 -05:00
Jeff Mitchell
5371b0489f
Rename var from last commit
2018-01-17 23:08:35 -05:00
Jeff Mitchell
307a177540
Make heartbeatInterval a package var to allow tests to modify it
2018-01-17 23:05:11 -05:00