Commit Graph

7539 Commits

Author SHA1 Message Date
Jeff Mitchell 74fb5ccdbc changelog++ 2018-03-07 23:27:30 -05:00
Brian Nuszkowski 40e7e24c04 Return value when reading a SSH CA Role (#4098) 2018-03-07 23:26:33 -05:00
Jeff Mitchell b83f61f20c
Make grpc plugin client use an atomic server value to fix a data race. (#4089)
Also add some coordination to ensure we don't try to clean up the grpc
server before it's created/started
2018-03-07 09:09:37 -05:00
Brian Kassouf 34d958968d Revert stopoptions (#4088)
* Use an atomic value instead to communicate whether to give up HA lock

* Remove now-unneeded StopOptions struct

* Add a channel based mutex acquisition function to avoid a deadlock

* Make periodic leader refresh only spawn a single waiting goroutine and
extend logic to the key upgrade check
2018-03-06 21:35:58 -05:00
Jeff Mitchell 6b777dc63e
Rearrange shutdown logic to remove some lock switching (#4083)
* Rearrange shutdown logic to remove some lock switching and to allow
giving up the HA lock to be skipped.
2018-03-06 18:06:09 -05:00
Jeff Mitchell 7042398f5f changelog++ 2018-03-05 08:33:32 -05:00
Aleksandar a8304e5d4d Add the chunk_size optional parameter to gcs storage (#4060) 2018-03-05 08:32:48 -05:00
Mike eb1c2b0732 Correct endpoint's path in Doc (#4074)
Fix typo in endpoint's path
2018-03-05 07:41:53 -05:00
Lukasz Jagiello 6530a5e396 Vault status formatting (#4073)
```
:~# vault status
Key                     Value
---                     -----
Seal Type               shamir
Sealed                  false
Total Shares            8
Threshold               2
Version                 0.9.5
Cluster Name            vault-cluster-8c85f1aa
Cluster ID              aaaaaaaa-1111-2222-3333-444444444444
HA Enabled              true
HA Cluster              https://10.0.0.1:8201
HA Mode                 standby
Active Node Address:    https://10.0.0.1:8200
```

`Active Node Address:` - is the only one with a colon at the end.

This PR fix that output style issue.
2018-03-05 07:40:59 -05:00
Jeff Mitchell 379b05d281 Add the ability for make dev to honor XC_OSARCH 2018-03-03 12:35:36 -05:00
Brian Kassouf 1638ce6204
logical/framework: add a field data type for parsing integer arrays (#4064)
* logical/framework: add a field data type for parsing integer arrays

* Fix comment

* Add zero value
2018-03-02 15:01:13 -08:00
Jim Kalafut ff45d61207
Merge pull request #4063 from hashicorp/update-mount-docs
Change "mount" to "secrets enable" in docs
2018-03-02 14:25:55 -08:00
Jim Kalafut ef4537e5d4 Change "mount" to "secrets enable" in docs 2018-03-02 12:54:28 -08:00
Jeff Mitchell f59aff18a7 Update gitignore 2018-03-02 14:06:36 -05:00
Calvin Leung Huang e2fb199ce5
Non-HMAC audit values (#4033)
* Add non-hmac request keys

* Update comment

* Initial audit request keys implementation

* Add audit_non_hmac_response_keys

* Move where req.NonHMACKeys gets set

* Minor refactor

* Add params to auth tune endpoints

* Sync cache on loadCredentials

* Explicitly unset req.NonHMACKeys

* Do not error if entry is nil

* Add tests

* docs: Add params to api sections

* Refactor audit.Backend and Formatter interfaces, update audit broker methods

* Add audit_broker.go

* Fix method call params in audit backends

* Remove fields from logical.Request and logical.Response, pass keys via LogInput

* Use data.GetOk to allow unsetting existing values

* Remove debug lines

* Add test for unsetting values

* Address review feedback

* Initialize values in FormatRequest and FormatResponse using input values

* Update docs

* Use strutil.StrListContains

* Use strutil.StrListContains
2018-03-02 12:18:39 -05:00
Jeff Mitchell 49068a42be Document primary_email in Okta mfa path 2018-03-02 11:54:21 -05:00
Jeff Mitchell 8fe24dec0a Actually add PingID to the index of API pages 2018-03-02 11:49:48 -05:00
Jeff Mitchell b8ed822cc0 changelog++ 2018-03-02 11:11:36 -05:00
Joel Thompson e4949d644b auth/aws: Allow lists in binds (#3907)
* auth/aws: Allow lists in binds

In the aws auth method, allow a number of binds to take in lists
instead of a single string value. The intended semantic is that, for
each bind type set, clients must match at least one of each of the bind
types set in order to authenticate.
2018-03-02 11:09:14 -05:00
Jeff Mitchell e073e7fc68 Don't output warning about not storing the token if the user uses
-token-only during `vault login`.
2018-03-01 21:02:54 -05:00
Vishal Nayak 2646ed5e2a
update sys/capabilities docs (#4059) 2018-03-01 11:42:39 -05:00
vishalnayak 62b8e89b22 changelog++ 2018-03-01 11:17:30 -05:00
Jeff Mitchell 5034ae2dcb Add the ability to use multiple paths for capability checking (#3663)
* Add the ability to use multiple paths for capability checking. WIP
(tests, docs).

Fixes #3336

* Added tests

* added 'paths' field

* Update docs

* return error if paths is not supplied
2018-03-01 11:14:56 -05:00
Jeff Mitchell ff99c8420e changelog++ 2018-03-01 11:09:30 -05:00
Jeff Mitchell ba459d238e
Fix confusing error messages around help for 'vault auth' (#4058)
Fixes #4056
2018-03-01 10:55:24 -05:00
Paddy 2b2bc2a911 Create a new command/config subpackage. (#4055)
* Create a new command/config subpackage.

This PR extracts the functions associated with loading and parsing
configs, and the DefaultTokenHelper, into a command/config subpackage,
just like TokenHelpers are in the command/token subpackage. The goal is
to allow other clients (in this case, the Vault and Nomad Terraform
providers, but in theory any client that wants to lean on Vault's
default behaviour) to reuse this logic and not drift from Vault, without
vendoring the entirety of Vault.

To retain backwards compatibility, I didn't remove any functions from
the command package; I just copied them into the command/config package,
and update the functions in the command package to call through to the
config package.
2018-02-28 20:09:21 -05:00
Andy Manoske 942aa9bbdc
Update index.html.md
Updated for Unbound
2018-02-28 16:20:54 -08:00
Jeff Mitchell 3d7b2d98fa changelog++ 2018-02-28 10:08:28 -05:00
Bharath B 699f9246e6 Config parameter "tls_disable_client_certs" is wrongly evaluated. (#4049) 2018-02-28 10:07:23 -05:00
Jeff Mitchell 121d5718ea Remove structs/mapstructure tags from auth/aws 2018-02-27 15:27:49 -05:00
Jeff Mitchell c695023bab Remove structs package from auth/aws 2018-02-27 13:22:47 -05:00
Jeff Mitchell 6cd6a7b773 Go 1.9.4 breaks Solaris builds 2018-02-26 18:55:02 -05:00
Jeff Mitchell 81fcd1f028 Fix the version of Go in the Dockerfile 2018-02-26 18:34:14 -05:00
Jeff Mitchell c62927bc4a changelog++ 2018-02-26 17:20:23 -05:00
Jeff Mitchell 20157fd56a Fix broken link on Consul docs 2018-02-26 13:28:15 -05:00
Jeff Mitchell 7873088126
Cut version 0.9.5 2018-02-26 12:41:14 -05:00
Jeff Mitchell 259e425beb It's not a 1.10 thing apparently.
Revert "Revert "Remove netbsd/arm as it won't compile""

This reverts commit 8b43db120c5b3f15723e7ea61edcf0d4c2c7fc9f.
2018-02-26 12:40:49 -05:00
Jeff Mitchell fb41cf74d7 Revert "Remove netbsd/arm as it won't compile"
This reverts commit 3d4bd6f3cb083e8ee5dac980db58474382a99834.
2018-02-26 12:27:25 -05:00
Jeff Mitchell ba40b1bd07 Sync plugins 2018-02-26 12:24:04 -05:00
Jeff Mitchell abeb0fd45c Bump versions in preparation for release 2018-02-26 12:20:19 -05:00
Jeff Mitchell 9b086e45a8 changelog++ 2018-02-26 12:17:43 -05:00
Jeff Mitchell e42033a566 Minor fixes from vet 2018-02-26 02:23:24 -05:00
Jeff Mitchell 7b1a793d6f Migrate Dockerfile back down to 1.9 2018-02-25 20:29:01 -05:00
vishalnayak 4b0f27923f ssh: clarify optional behavior of cidr_list 2018-02-24 06:55:55 -05:00
vishalnayak e3aceecb78 changelog++ 2018-02-23 21:30:51 -05:00
Jason 865cb8786b Update CHANGELOG.md (#4035) 2018-02-23 21:28:56 -05:00
Jeff Mitchell f1bd0cbe74
Use atomic values in seal to avoid some data races (#4040) 2018-02-23 17:18:48 -05:00
Brian Kassouf c82d39c77e helper/gpgkeys: fix for vault 1.10 (#4038) 2018-02-23 14:47:25 -05:00
Jeff Mitchell d4a431b298
Move local cluster parameters to atomic values to fix some potential data races (#4036) 2018-02-23 14:47:07 -05:00
Brian Kassouf cb08fb92d2 Port some replicated cluster changes from ent (#4037) 2018-02-23 14:01:15 -05:00