Commit Graph

16 Commits

Author SHA1 Message Date
Vishal Nayak f7907c2809 Agent: Listener refactoring and socket file system permissions (#6397)
* Listener refactoring and file system permissions

* added listenerutil and move some common code there

* Added test for verifying socket file permissions

* Change default port of agent to 8200

* address review feedback

* Address review feedback

* Read socket options from listener config
2019-03-14 11:53:14 -07:00
Vishal Nayak 25b055505a
Avoid redundant client creation (#6361) 2019-03-06 22:09:55 -05:00
Vishal Nayak a5195949d9
added client_key and client_cert options to the agent config (#6319) 2019-03-01 15:11:16 -05:00
Vishal Nayak ac2b499fc9
Support reading Vault's address from Agent's config file (#6306)
* Support reading Vault's address from Agent's config file

* use consts and switch

* Add tls options to agent config vault block

* Update command/agent/config/config.go

Co-Authored-By: vishalnayak <vishalnayak@users.noreply.github.com>

* remove fmt.Printfs
2019-02-28 17:29:28 -05:00
Calvin Leung Huang c07253999c
agent/caching: enable caching of leases generated by autoauth token (#6293)
* agent/caching: enable caching of leases generated by autoauth token

* add test for auth/token/create path

* update error message log

* Some minor updates

* add sleep timer for renewal logic to process
2019-02-27 13:14:58 -08:00
Calvin Leung Huang fda590f538
agent/caching: use const for cache-clear path (#6271) 2019-02-21 14:53:34 -08:00
Vishal Nayak 779d49bab5
AgentCache: Properly compute auto-auth token (#6264)
* Properly compute auto-auth token

* Use inmem sink to track auto-auth token

* update debug statement

* Only add inmem sink if using auto-auth token is allowed
2019-02-20 02:11:05 -05:00
Vishal Nayak 5037185d5d
Agent Cache: Some review feedback (#6257)
* Revamp agent cache client

* Update command/agent.go

Co-Authored-By: vishalnayak <vishalnayak@users.noreply.github.com>

* Agent cache auto auth token lookup case (#6258)

* agent cache auto auth token lookup case

* Use Blake2b256Hash instead of SHA256

* agent/cache: update cache-clear endpoint; use bytes.NewReader instead (#6259)

* agent/cache: update cache-clear endpoint; use bytes.NewReader instead

* agent/cache: Fix TestCache_ComputeIndexID after switching to blake2b

* agent/cache: Only parse response body if it's non-nil (#6260)

* Differently disable agent address in the API client

* Remove DisableAgent
2019-02-19 16:53:29 -05:00
Vishal Nayak feb235d5f8
Vault Agent Cache (#6220)
* vault-agent-cache: squashed 250+ commits

* Add proper token revocation validations to the tests

* Add more test cases

* Avoid leaking by not closing request/response bodies; add comments

* Fix revoke orphan use case; update tests

* Add CLI test for making request over unix socket

* agent/cache: remove namespace-related tests

* Strip-off the auto-auth token from the lookup response

* Output listener details along with configuration

* Add scheme to API address output

* leasecache: use IndexNameLease for prefix lease revocations

* Make CLI accept the fully qualified unix address

* export VAULT_AGENT_ADDR=unix://path/to/socket

* unix:/ to unix://
2019-02-14 20:10:36 -05:00
Jim Kalafut d0e2badbae Run goimports across the repository (#6010)
The result will still pass gofmtcheck and won't trigger additional
changes if someone isn't using goimports, but it will avoid the
piecemeal imports changes we've been seeing.
2019-01-08 16:48:57 -08:00
Aleksey Zhukov 5361205d5b WIP Agent AppRole auto-auth (#5621) 2018-10-30 12:17:19 -04:00
Jeff Mitchell 2c17930aaf
Remove agent reauthentication on new credentials. (#5615)
Functionality is left in for use in testing (where it is indeed quite
useful).

Fixes #5522
2018-10-27 10:45:55 -07:00
Jeff Mitchell 1837c571ec
Fix authhandler-based wrapping in agent (#5316) 2018-09-11 13:10:11 -04:00
Becca Petrin 7e0e49656a Add AliCloud auth to the Vault Agent (#5179) 2018-09-05 11:56:30 -04:00
Jeff Mitchell a6d0ae5890
Add exit-after-auth functionality to agent (#5013)
This allows it to authenticate once, then exit once all sinks have
reported success. Useful for things like an init container vs. a
sidecard container.

Also adds command-level testing of it.
2018-07-30 10:37:04 -04:00
Jeff Mitchell e72890e83f
VSI (#4985) 2018-07-24 22:02:27 -04:00