Commit graph

11424 commits

Author SHA1 Message Date
Noelle Daley fadd9d742b
fix security alerts (#7757) 2019-10-29 11:46:59 -07:00
Michel Vocks e5a921d277
Harden mount/auth filter evaluation error handling (#7754) 2019-10-29 17:42:13 +01:00
Jeff Mitchell ee66092b7e changelog++ 2019-10-29 09:11:27 -04:00
Dilan Bellinghoven 5f8528381c Add TLS server name to Vault stanza of Agent configuration (#7519) 2019-10-29 09:11:01 -04:00
Jeff Mitchell 64a0037f7d changelog++ 2019-10-29 09:04:45 -04:00
Brian Kassouf f149bbbdb1 go mod vendor 2019-10-28 22:27:00 -07:00
Brian Kassouf 0bc14636b0 Fix build 2019-10-28 17:40:44 -07:00
Jeff Mitchell 5c3649defe Sync up Agent and API's renewers. (#7733)
* Sync up Agent and API's renewers.

This introduces a new type, LifetimeWatcher, which can handle both
renewable and non-renewable secrets, modeled after the version in Agent.
It allows the user to select behavior, with the new style being the
default when calling Start(), and old style if using the legacy Renew()
call.

No tests have been modified (except for reflect issues) and no other
code has been modified to make sure the changes are backwards
compatible.

Once this is accepted I'll pull the Agent version out.

* Move compat flags to NewRenewer

* Port agent to shared lifetime watcher lib
2019-10-28 17:28:59 -07:00
Jeff Mitchell 698b0dd025 If standbyok/perfstandbyok are provided to sys/health, honor the values (#7749)
Don't just use the presence of it to indicate behavior.

Fixes #7323

Also, fixes a bug where if an error was returned along with a status
code, the status code was being ignored.
2019-10-28 16:55:20 -07:00
Lexman 28aff44616 adds documentation for entropy augmentation (#7721)
* adds documentation for entorpy augmentation

* adds a link to pkcs11 seal configuration from a mention of it
2019-10-28 15:04:27 -07:00
Jeff Mitchell a40d79b396 changelog++ 2019-10-28 15:56:12 -04:00
Joe Dollard 7f843c4c9b support setting the API client retry policy (#7331) 2019-10-28 15:54:59 -04:00
ekow b62cebd325 Update lease concept to use correct command (#7730)
Updated command to reflect on the one that executes successfully on Vault v1.2.3 with server running in dev mode.
2019-10-28 15:53:12 -04:00
Matthew Irish d52de63602 Fix replication test (#7747)
* fix replication acceptance test

* remove unused import

* remove mountType
2019-10-28 16:56:11 +00:00
Jeff Mitchell 6c02f7f616 changelog++ 2019-10-28 12:52:37 -04:00
Jeff Mitchell 4e1470f483
Handpick cluster cipher suites when they're not user-set (#7487)
* Handpick cluster cipher suites when they're not user-set

There is an undocumented way for users to choose cluster cipher suites
but for the most part this is to paper over the fact that there are
undesirable suites in TLS 1.2.

If not explicitly set, have the set of cipher suites for the cluster
port come from a hand-picked list; either the allowed TLS 1.3 set (for
forwards compatibility) or the three identical ones for TLS 1.2.

The 1.2 suites have been supported in Go until at least as far back as
Go 1.9 from two years ago. As a result in cases where no specific suites
have been chosen this _ought_ to have no compatibility issues.

Also includes a useful test script.
2019-10-28 12:51:45 -04:00
Daniel Lohse de2d3073d7 Allow Raft storage to be configured via env variables (#7745)
* Fix unordered imports

* Allow Raft node ID to be set via the environment variable `VAULT_RAFT_NODE_ID`

* Allow Raft path to be set via the environment variable `VAULT_RAFT_PATH`

* Prioritize the environment when fetching the Raft configuration values

Values in environment variables should override the config as per the
documentation as well as common sense.
2019-10-28 09:43:12 -07:00
Jeff Mitchell d9ca6e77eb changelog++ 2019-10-28 12:32:37 -04:00
Brian Kassouf d05b401cd8
Update token_store.go 2019-10-28 09:31:58 -07:00
Denis Subbotin e9cdd451d1 Don't allow duplicate SAN names in PKI-issued certs (#7605)
* fix https://github.com/hashicorp/vault/issues/6571

* fix test TestBackend_OID_SANs because now SANs are alphabetic sorted
2019-10-28 12:31:56 -04:00
Jack Kleeman 65c67dd6f3 Add a counter for root token creation (#7172)
It would be useful to be able to page on root token creation. This PR
adds a counter which increments on this event.
2019-10-28 09:30:11 -07:00
Jeff Mitchell 69bb72da53 changelog++ 2019-10-28 12:17:48 -04:00
Jeff Mitchell 0c88218dd4 Port some changes that got out of sync 2019-10-28 11:38:14 -04:00
Jeff Mitchell df43802f14 Vendor 2019-10-28 11:34:28 -04:00
ncabatoff 4d82540683
Restore changelog entries lost in 319fe8ea37ec9b89eb3c529d4bdb236f3eb7fdb1 (#7746) 2019-10-28 10:09:52 -04:00
Brian Kassouf caad02412a
changelog++ 2019-10-27 23:07:55 -07:00
Brian Kassouf ba6b8528b5
changelog++ 2019-10-27 23:06:55 -07:00
Brian Kassouf a20e73c2da
Port filtered paths changes back to OSS (#7741)
* Port filtered paths changes back to OSS

* Fix build
2019-10-27 13:30:38 -07:00
Matthew Irish f982899f1e
embed yarn (#7740)
* embed yarn binary using yarn policies set-version and loosen the restriction on yarn in the dockerfile and the package.json

* don't lint the embedded yarn package
2019-10-25 16:00:45 -05:00
Matthew Irish eae5e114ba
UI - replication path filtering (#7620)
* rename mount-filter-config models, components, serializer, adapters to path-filter-config

* move search-select component to core addon

* add js class for search-select-placeholder and sort out power-select deps for moving to the core component

* expose oninput from powerselect through search-select

* don't fetch mounts in the replication routes

* remove toggle from add template

* start cross-namespace fetching

* group options and set up for namespace fetch via power-select search prop

* add and style up radio-card CSS component

* add xlm size for icons between l and xl

* copy defaults so they're not getting mutated

* finalize cross-namespace fetching and getting that to work with power-select

* when passing options but no models, format the options in search select so that they render properly in the list

* tint the background of a selected radio card

* default to null mode and uniq options in search-select

* finish styling radio-card

* format inputValues when first rendering the component if options are being passed from outside

* treat mode:null as deleting existing config which simplifies save logic

* correctly prune the auto complete list since path-filter-config-list handles all of that and finish styling

* remove old component

* add search debounce and fix linting

* update search-select docs

* updating tests

* support grouped options for when to show the create prompt

* update and add tests for path-filter-config-list

* fix tests for search-select and path-filter-config-list

* the new api uses allow/deny instead of whitelist/blacklist
2019-10-25 13:16:45 -05:00
Mike Jarmy ee2e3fd75d
add docs for new replication metrics (#7729)
* add docs for new replication metrics

* add docs for new replication metrics
2019-10-25 12:46:56 -04:00
Matt Morrison 1e7acd0800 path-help missing or incorrect for raft paths (#7326) 2019-10-25 12:37:48 -04:00
Brian Shumate a83160617e Docs: Add version command (#7719)
* Docs: Add version command

* adding to
2019-10-25 12:25:04 -04:00
spiff efb2751e00 Change "Generate Intermediate" example to exported (#7515)
The example request for "Generate Intermediate" was type "internal", but the example response contained the private key, which "internal" doesn't do. This patch fixes the example request to be type "exported" to match the example response.
2019-10-25 12:21:55 -04:00
Jim Kalafut b6952df1b8
changelog++ 2019-10-25 09:03:22 -07:00
will-quan-bird 6456fd6222 allows emails@sign to be within the aws secrets engine path (#7553) 2019-10-25 09:01:01 -07:00
Chris Hoffman 0d3054d80a
changelog++ 2019-10-25 11:45:32 -04:00
Chris Hoffman 17569c95f9
changelog++ 2019-10-25 11:41:25 -04:00
Mike Jarmy 56725e694f
fix token counter test so the token won't time out (#7737) 2019-10-25 10:55:38 -04:00
Chris Hoffman 714ba931e5
changelog++ 2019-10-25 09:50:17 -04:00
Chris Hoffman c640a2c6fb
changelog++ 2019-10-25 09:45:27 -04:00
Chris Hoffman ca2935c519
changelog++ 2019-10-25 09:40:21 -04:00
Chris Hoffman 6298c03dfd
changelog++ 2019-10-25 09:33:52 -04:00
Sam Salisbury 8f0c38f78d
run go mod vendor (#7736) 2019-10-25 13:35:22 +01:00
Matthew Irish e3450dddeb
update yarn to 1.19.1 (#7731) 2019-10-24 17:08:23 -05:00
Jeff Escalante 00564a77a1 Update ruby dependencies (#7720)
* update ruby dependencies

* add specific version bundler dep

* remove ruby-version

* remove extra gemfile dep
2019-10-24 17:41:40 -04:00
Chris Hoffman 70468e4cbf
changelog++ 2019-10-24 15:14:45 -04:00
Chris Hoffman d1441ecad0
changelog++ 2019-10-24 14:58:40 -04:00
Chris Hoffman 85ee5decb7
changelog++ 2019-10-24 14:54:09 -04:00
Noelle Daley c87ec96b8e
indicate that secret version is deleted even when it is the current version (#7714) 2019-10-24 11:35:25 -07:00