Commit graph

10615 commits

Author SHA1 Message Date
Jeff Mitchell 18a4ab1db5
Update github to tokenutil (#7031)
* Update github to tokenutil

* Update phrasing
2019-07-01 16:31:30 -04:00
Jeff Mitchell e8f9ea2857
Tokenutilize radius (#7034) 2019-07-01 16:30:39 -04:00
Jeff Mitchell 9c81f88623
Tokenutilize Okta (#7032) 2019-07-01 16:30:30 -04:00
Jeff Mitchell 2bca5f439f
AppRole TokenUtil conversion (#7020) 2019-07-01 16:30:08 -04:00
Jeff Mitchell d5d2414b4b
Tokenutilize the AWS auth backend (#7027) 2019-07-01 16:29:34 -04:00
Jeff Mitchell 4e226a7c0e
Tokenutilize ldap (#7036) 2019-07-01 16:16:23 -04:00
Jeff Mitchell e691f7a4e9 Bump secrets-ad plugin 2019-07-01 16:14:36 -04:00
Jeff Mitchell bba64f2cca Bump SDK 2019-07-01 16:13:00 -04:00
Jeff Mitchell 26f371633c
Update ldaputil to allow for modifying an existing config (#7038) 2019-07-01 16:12:32 -04:00
Jeff Mitchell 2055299156 changelog++ 2019-07-01 16:07:43 -04:00
Jeff Mitchell ebc1e64c62
Format requests/responses ahead of time in file audit (#7024)
This was inspired by #7022 but has the advantage of avoiding
double-locking and needing to perform lock upgrades while also
simplifying the logic and being faster.

Original, #7022, this:

goos: linux
goarch: amd64
pkg: github.com/hashicorp/vault/builtin/audit/file
BenchmarkAuditFile_request-4       30000             60734 ns/op
PASS
ok      github.com/hashicorp/vault/builtin/audit/file   2.428s

goos: linux
goarch: amd64
pkg: github.com/hashicorp/vault/builtin/audit/file
BenchmarkAuditFile_request-4       50000             34772 ns/op
PASS
ok      github.com/hashicorp/vault/builtin/audit/file   2.086s

goos: linux
goarch: amd64
pkg: github.com/hashicorp/vault/builtin/audit/file
BenchmarkAuditFile_request-4       50000             25302 ns/op
PASS
ok      github.com/hashicorp/vault/builtin/audit/file   1.542s

Fixes #7014
Closes #7022
2019-07-01 16:07:03 -04:00
Jeff Mitchell edf0f3cbbd Use metrics helper from base in test cluster cores 2019-07-01 12:08:55 -04:00
Jason O'Donnell 20e485a9d3
Add leeway parameters to JWT auth doc (#6947)
* Add leeway parameters to JWT auth doc

* Clarify leeway doc

* Apply suggestions from code review

Co-Authored-By: Jim Kalafut <jim@kalafut.net>

* Add note about only being applicable to JWT

* Update for negative values
2019-07-01 10:12:53 -04:00
Jeff Mitchell 369456388e Bump sdk 2019-07-01 08:58:40 -04:00
Jeff Mitchell 69d2a5cb4e
Add DisplayAttributes to tokenutil fields (#7029) 2019-07-01 08:57:57 -04:00
Jeff Mitchell 45c0afa582 Fix up some displayattr text 2019-07-01 08:47:13 -04:00
Michel Vocks e9e0a276e6 Changelog: Added Token identity support 2019-07-01 11:46:49 +02:00
Michel Vocks 2b5aca4300
Token identity support (#6267)
* Implemented token backend support for identity

* Fixed tests

* Refactored a few checks for the token entity overwrite. Fixed tests.

* Moved entity alias check up so that the entity and entity alias is only created when it has been specified in allowed_entity_aliases list

* go mod vendor

* Added glob pattern

* Optimized allowed entity alias check

* Added test for asterisk only

* Changed to glob pattern anywhere

* Changed response code in case of failure. Changed globbing pattern check. Added docs.

* Added missing token role get parameter. Added more samples

* Fixed failing tests

* Corrected some cosmetical review points

* Changed response code for invalid provided entity alias

* Fixed minor things

* Fixed failing test
2019-07-01 11:39:54 +02:00
Jeff Mitchell e18866498d Fix tests 2019-06-30 21:03:36 -04:00
Mike Ruth ee705088be Include Daytona as a third party tool (#6999)
* Include Daytona as third party tool

This is to include [Cruise's Daytona](https://github.com/cruise-automation/daytona) to the list of third party tools.
2019-06-30 20:49:11 -04:00
Jeff Mitchell 5435645bb6
Fix upgrade logic with tokenutil (#7026)
If only a non-_token field is provided we don't want to clear out the
Token version of the params, we want to set both. Otherwise we can't
rely on using the Token version of the parameter when creating the Auth
struct.
2019-06-30 14:24:41 -04:00
Jeff Mitchell 09f1b1f483 Bump sdk 2019-06-29 16:36:43 -04:00
Jeff Mitchell c3b7d35ecc
When using tokenutil, return []string not nil for empty slices (#7019)
This conveys type information instead of being a JSON null.
2019-06-29 16:36:21 -04:00
Jeff Mitchell eade600ca7 Bump sdk 2019-06-29 14:51:16 -04:00
Jeff Mitchell ee87ea8600 Fix m'mistakes 2019-06-29 14:50:34 -04:00
Jeff Mitchell 9c90e2e840 Add some extra checks to tokenutil 2019-06-29 14:48:17 -04:00
Jeff Mitchell 2e71ed0be2
Update userpass to use tokenutil's TokenParams (#6907)
* Update userpass to use tokenutil's TokenParams

* Use tokenutil deprecation helper
2019-06-28 18:20:53 -04:00
Jeff Mitchell 297a233b82 This breaks build (for a moment) because I want to pull this change out
of the tokenutil-userpass PR so that stands alone as a template.
2019-06-28 18:19:48 -04:00
Matthew Irish 887e2febf8
UI - dynamic related capabilities (#7013)
* lay groundwork for application serializer to setup capabilities relationships

* add api path util and tests, and attach-capabilites fn

* make attach-capabilities work with array responses, add tests
2019-06-28 16:07:45 -05:00
Vishal Nayak 2fcac90052
Raft Docs (#6966)
* Raft configuration doc

* API docs

* join sample

* Fix the Join API

* Add snapshot-force

* Update sys/storage subsection

* Use actual certs in examples

* Add sample configuration response

* Fix link

* remove TLS config options
2019-06-28 14:09:14 -04:00
Vishal Nayak 6dbd8c228f
Raft tests (#7008)
* Add join test

* Add configuration test

* Add remove peer test

* Test join with and without client certs
2019-06-28 14:08:53 -04:00
Calvin Leung Huang 21059820d2
KMIP docs (#6969)
* docs: add docs/secrets/kmip

* Add KMIP API docs.

* small typo fix

* Update website/source/api/secret/kmip/index.html.md

Co-Authored-By: Calvin Leung Huang <cleung2010@gmail.com>

* Update website/source/api/secret/kmip/index.html.md

Co-Authored-By: Calvin Leung Huang <cleung2010@gmail.com>

* Update website/source/api/secret/kmip/index.html.md

Co-Authored-By: Calvin Leung Huang <cleung2010@gmail.com>

* Update website/source/api/secret/kmip/index.html.md

Co-Authored-By: Calvin Leung Huang <cleung2010@gmail.com>

* format tables in api docs

* fix table formatting

* Fix wording.

* Remove references to tls_max_path_length.
2019-06-28 11:05:00 -07:00
Jeff Mitchell 14303c475b Check ctx again after getting state lock when forwarding 2019-06-27 20:36:16 -04:00
Jeff Mitchell ff0ba7a926 Bump api/sdk 2019-06-27 18:01:05 -04:00
Vishal Nayak 4484de3ea6
Fix raft config response (#6975) 2019-06-27 17:39:52 -04:00
Jeff Mitchell fe7bb0b630
Standardize how we format deprecated values in traditional path-help (#7007) 2019-06-27 14:52:52 -04:00
Brian Kassouf 62e14c280d
storage/raft: fix races in tests (#6996)
* storage/raft: fix races in tests

* Fix another test race
2019-06-27 10:00:03 -07:00
Jeff Mitchell 5175a0473e changelog++ 2019-06-27 12:57:15 -04:00
Jeff Mitchell 346a31fddf
Add a deprecated helper to tokenutil and JSON output to path-help (#7006) 2019-06-27 12:56:31 -04:00
Michael Gaffney ce9f8a72b6
Bump KV dep 2019-06-27 12:08:11 -04:00
Jim Kalafut 15b68c35c3
Support EC and EdDSA in identity tokens (#6992) 2019-06-27 08:34:48 -07:00
Jeff Mitchell f27e73c61c changelog++ 2019-06-27 11:07:20 -04:00
Aaron Donovan 09acded420 Allow configuration of nonce for ec2 authentication (#6953)
* Allow configuration of nonce for ec2 authentication

* Addressing pull request comment
2019-06-27 11:06:20 -04:00
Thomas Kula be998aeeac Cert auth method examples need to use https (#6961)
In order to present a client certificate to use the certificate
auth method, you must use https.
2019-06-27 11:04:09 -04:00
Jeff Mitchell 8fe9c2c163 Add deprecation notices for policymap/pathmap
External plugin authors keep using it :-(
2019-06-27 10:17:05 -04:00
dr-db 720db0ffbc Fix the doc string for IsFatalError (#7000) 2019-06-27 12:50:47 +02:00
Mark Gritter de92ecedfa
Revert "Merge StoragePackerV2 implementation (#6874)" (#6997)
This reverts commit 6cf9efbd750600b230a777fbee0fe9187f592a8a.
2019-06-26 19:26:06 -05:00
Mark Gritter 02b18b5926
Merge StoragePackerV2 implementation (#6874)
StoragePackerV2 rewrite based on variadic API instead of bucket-based API.
 * Working variadic functions
 * Invalidate method for replciation
 * Unit tests
2019-06-26 17:54:25 -05:00
Alex Dadgar 831a3afca9
API Response returns specialized error type (#6984)
* Return specialized error type

* Add a helper for extracting gRPC codes from errors

* Fix spacing in example

* Drop grpc codes

* Fix storing of decoded errors
2019-06-26 11:35:08 -07:00
Michael Gaffney 76208eaf84
sdk/framework: add TypeSignedDurationSecond FieldType (#6989)
* Refactor table driven tests to use subtests

* sdk/framework: add TypeSignedDurationSecond FieldType

Adds the TypeSignedDurationSecond FieldType which accepts positive and
negative durations. The existing TypeDurationSecond FieldType does not
accept negative durations.

* Add tests for 0 for TypeDurationSecond and TypeSignedDurationSecond
2019-06-26 13:15:36 -04:00