Commit graph

9911 commits

Author SHA1 Message Date
Eero Niemi 1238545276 Fixed typo (#6363)
Fixed typo, rolset -> roleset
2019-03-07 09:50:13 -05:00
Vishal Nayak 25b055505a
Avoid redundant client creation (#6361) 2019-03-06 22:09:55 -05:00
Calvin Leung Huang 01af049b98
changelog++ 2019-03-06 18:18:45 -08:00
Calvin Leung Huang e6798347a7
Refactor handleCacheClear input params (#6350)
* Refactor handleCacheClear input params

* address review feedback

* fix handleCacheClear's token_accessor case
2019-03-06 18:08:19 -08:00
Calvin Leung Huang a74b0deac0
agent/caching: proxy redirect and non-json responses; update tests (#6353)
* agent/caching: proxy redirect and non-json responses; update tests

* agent/caching: do not wrap error responses as internal errors, simply proxy them back as-is

* minor refactoring of APIProxy.Send logic

* add test case to ensure error response is not wrapped
2019-03-06 17:23:20 -08:00
Becca Petrin 54c70efd88
update path for mounting plugin (#6351) 2019-03-06 15:57:03 -08:00
Calvin Leung Huang 66734fb03c
docs/agent-caching: update cache-clear endpoint (#6354) 2019-03-06 11:13:43 -08:00
Becca Petrin 1c34a1d21e
update partnership doc (#6352) 2019-03-06 10:27:12 -08:00
Jeff Mitchell c4001cc40d This moves api_test package tests into vault/external_tests
This prevents projects importing Vault's API from then also importing
the rest of Vault.
2019-03-06 11:20:42 -05:00
Brian Kassouf 4ea7f8afa6
Cut version 1.1.0-beta2 2019-03-05 15:09:19 -08:00
Brian Kassouf bfa4b26538
changelog++ 2019-03-05 14:54:56 -08:00
Brian Kassouf 05ea961dbe
release prep 2019-03-05 14:54:12 -08:00
Calvin Leung Huang 0ebce62537 docs/agent-caching: add note about compatibility with older server versions 2019-03-05 14:12:04 -08:00
Joakim Bakke Hellum fe3b6f2745 UI - Add space in enable secrets engine title (#6344)
This adds a space in the title of the enable secrets engine page. Example: "Enable Google Cloud KMSsecrets engine" should be "Enable Google Cloud KMS secrets engine"
2019-03-05 14:41:59 -06:00
Jim Kalafut 9d2e3a4b80
changelog++ 2019-03-05 12:34:14 -08:00
Calvin Leung Huang 05dac99936 changelog++ 2019-03-05 12:30:34 -08:00
Calvin Leung Huang d7d5cd8f6a changelog++ 2019-03-05 12:22:10 -08:00
Calvin Leung Huang ecc95964ea changelog++ 2019-03-05 12:21:16 -08:00
Vishal Nayak 1fca0f7b6f Explicit setting of url fields (#6349) 2019-03-05 12:20:16 -08:00
Vishal Nayak d0b9454518
Agent Cache doc updates (#6331)
* Agent Cache doc updates

* doc update

* Add renewal management section

* doc updates

* paraphrase the orphan token case
2019-03-05 15:19:52 -05:00
ncabatoff cd747c9318
Add code for writing and reading request counters to storage. (#5918)
Increment a counter whenever a request is received. 
The in-memory counter is persisted to counters/requests/YYYY/MM.
When the month wraps around, we reset the in-memory counter to
zero.
Add an endpoint for querying the request counters across all time.
2019-03-05 14:55:07 -05:00
Vishal Nayak d8f39d54c9
Change agent's port to 8007 (#6348) 2019-03-05 12:57:17 -05:00
Vishal Nayak ffcd85e1af
Test request token overriding auto-auth case (#6346) 2019-03-05 12:49:58 -05:00
Jim Kalafut 1274a8d3d4
Update JWT plugin dependency and docs (#6345) 2019-03-05 09:46:04 -08:00
Vishal Nayak 59e8632d2d
Refactor respond error function (#6343) 2019-03-05 11:43:30 -05:00
Matthew Irish ef2cb57b3a
use 'oidc' as the default when it's selected (#6338) 2019-03-05 10:03:54 -06:00
Chris Hoffman 8a57b90b47
Transit Auto Seal Docs (#6332)
* adding transit seal docs

* add missing backtick
2019-03-05 08:45:44 -05:00
Jim Kalafut 69dbd2464d Fix failing TokenStore test 2019-03-04 17:44:00 -08:00
Becca Petrin a8ebfef8ef
fix typo 2019-03-04 16:42:48 -08:00
Calvin Leung Huang d73216b5c3
Fix TestLeaseCache_SendCacheable (#6333) 2019-03-04 15:18:52 -08:00
Jim Kalafut a34099b9bb
Use HashTypeMap and remove structs in batch HMAC (#6334) 2019-03-04 14:49:29 -08:00
Calvin Leung Huang 1ae110e59a
core: handleLoginRequest should set resp.Auth.Orphan = true (#6335)
* core: handleLoginRequest should set resp.Auth.Orphan = true

* set auth.Orphan in RegisterAuth dynamically

* update related tests
2019-03-04 14:32:09 -08:00
Jeff Mitchell a83ed04730 Add ability to migrate autoseal to autoseal (#5930)
* Add ability to migrate autoseal to autoseal

This adds the ability to migrate from shamir to autoseal, autoseal to
shamir, or autoseal to autoseal, by allowing multiple seal stanzas. A
disabled stanza will be used as the config being migrated from; this can
also be used to provide an unwrap seal on ent over multiple unseals.

A new test is added to ensure that autoseal to autoseal works as
expected.

* Fix test

* Provide default shamir info if not given in config

* Linting feedback

* Remove context var that isn't used

* Don't run auto unseal watcher when in migration, and move SetCores to SetSealsForMigration func

* Slight logic cleanup

* Fix test build and fix bug

* Updates

* remove GetRecoveryKey function
2019-03-04 14:11:56 -08:00
Brian Kassouf ad3605e657
Revert "filtered-path endpoint (#6132)" (#6337)
This reverts commit dfdbb0bad975fab447f49766baaa5a6c956f8e3d.
2019-03-04 14:08:21 -08:00
martinwaite 04c174214c Batch hmac - (#5850) (#5875) 2019-03-04 12:26:20 -08:00
ncabatoff 8814fe1ba5 filtered-path endpoint (#6132)
* First pass at filtered-path endpoint.  It seems to be working, but there are tests missing, and possibly some optimization to handle large key sets.

* Vendor go-cmp.

* Fix incomplete vendoring of go-cmp.

* Improve test coverage.  Fix bug whereby access to a subtree named X would expose existence of a the key named X at the same level.

* Add benchmarks, which showed that hasNonDenyCapability would be "expensive" to call for every member of a large folder.  Made a couple of minor tweaks so that now it can be done without allocations.

* Comment cleanup.

* Review requested changes: rename some funcs, use routeCommon instead of
querying storage directly.

* Keep the same endpoint for now, but move it from a LIST to a POST and allow multiple paths to be queried in one operation.

* Modify test to pass multiple paths in at once.

* Add endpoint to default policy.

* Move endpoint to /sys/access/filtered-path.
2019-03-04 11:04:29 -08:00
Matthew Irish 47be844a1e
changelog++ 2019-03-04 12:53:56 -06:00
Jeff Mitchell a3a2a3cd04 A few more syncs 2019-03-04 13:53:15 -05:00
Jeff Mitchell 718ae5a010 Minor syncs 2019-03-04 13:35:22 -05:00
Michel Vocks 0c63536d52
changelog++ 2019-03-04 18:51:46 +01:00
Michel Vocks ce832e402a Fixed ignored empty value set on token role update call (#6314)
* Fixed ignored empty value set on token role update call

* Made a pre-check a bit more elegant. Updated tests
2019-03-04 09:39:29 -08:00
Naoki Ainoya 7b395315dd fix doc to add missing permission to use gcpkms seal (#6327) 2019-03-04 11:46:06 -05:00
Jeff Mitchell d71b0e7b10
Add missing consistency param in docs for Cassandra in combined DB (#6330) 2019-03-04 10:21:33 -05:00
Calvin Leung Huang c5aaf8dcb0
agent/caching: simplify orphan check; add orphan token creation tests (#6322) 2019-03-01 17:57:25 -08:00
Vishal Nayak ce42e9ea1f
Add locking around base context (#6321)
Got offline 👍 from Calvin.
2019-03-01 20:30:14 -05:00
Vishal Nayak d514ff573a
Set orphan status in the token creation response (#6320) 2019-03-01 18:55:58 -05:00
Matthew Irish 5a5aa79ab2
allow permissions service to match on glob path that may or may not end in / (#6301) 2019-03-01 15:16:53 -06:00
Vishal Nayak a5195949d9
added client_key and client_cert options to the agent config (#6319) 2019-03-01 15:11:16 -05:00
Calvin Leung Huang 23395891d3
agent/caching: refactor ContextInfo (#6311)
* agent/caching: refactor ContextInfo

* use NewContextInfo in NewLeaseCache
2019-03-01 11:20:36 -08:00
Michel Vocks 55c7b6f10f
changelog++ 2019-03-01 19:17:33 +01:00