Commit graph

10817 commits

Author SHA1 Message Date
Calvin Leung Huang ce829655a1
docs: update kmip scope delete api section (#7140)
* docs: update kmip scope delete api section

* fix wording in force param

* update scope delete example
2019-07-18 11:25:01 -07:00
Calvin Leung Huang f4022101e0
changelog++ 2019-07-18 10:54:33 -07:00
Calvin Leung Huang e869893df3
logical: add support for passing data to delete (#7139)
* logical: add support for passing data to delete

* add back raft bit

* add back raft bit

* update error message

* fix command delete tests
2019-07-18 10:42:36 -07:00
Jeff Mitchell 304c6cabdf
Bump cross Dockerfile to 1.12.7 (#7126)
This version fixes a bug that is bad, but hard to say whether it might
affect us or not -- or more crucially, any of our dependencies. It's
almost certainly worth updating just in case. See
https://github.com/golang/go/issues/32560
2019-07-17 06:32:08 -04:00
Jeff Mitchell f522dd8f35
Add backwards compat support for API env vars (#7135)
Several env vars got renamed in
https://github.com/hashicorp/vault/pull/6306. This re-adds support for
those.

Indirectly addresses
https://github.com/hashicorp/consul-template/pull/1233 although they
should still update to the new values.
2019-07-17 06:29:25 -04:00
Noelle Daley 4ac26156c8
Ui/http request fixes (#7128)
* ensure dropdown updates selected item

* ensure no duplicate ticks

* handle case where counters are Dates instead of strings so bar chart filters in Storybook
2019-07-16 16:26:49 -07:00
Calvin Leung Huang f6d57042a1
docs: update kmip scope delete api section (#7127) 2019-07-16 14:05:48 -07:00
Michel Vocks 24e4f7eaaf
Added operator raft and operator raft snapshot descriptions (#7106) 2019-07-16 09:31:00 +02:00
Lexman 119854a865
adds Cache-Control header to oidc .well-known endpoints (#7108) 2019-07-15 11:04:45 -07:00
Becca Petrin 974c381c7a
Fix "internal/specs/openapi" endpoint (#7097)
* fix panic generating openapi docs

* fmt
2019-07-09 15:10:39 -07:00
Calvin Leung Huang 44a69bec01
changelog++ 2019-07-09 13:26:00 -07:00
Brian Kassouf e83d7b82eb
changelog++ 2019-07-09 13:18:54 -07:00
Calvin Leung Huang 3f29bcc43d
changelog++ 2019-07-09 11:24:07 -07:00
Jeff Mitchell 563e346575
Cut version 1.2.0-beta2 2019-07-09 04:16:47 -04:00
Jeff Mitchell ec12124c6b Revert "Migrate build to use go modules"
This reverts commit 3439a34989b082ebc3d711853fdc2372798ff121.

For the moment with bad wifi this is just taking too, too long. We may
be able to figure out an approach that bind mounts the cache in which
should help drastically.
2019-07-09 04:15:03 -04:00
Jeff Mitchell 71ea55751b Bump api/sdk 2019-07-09 04:02:10 -04:00
Jeff Mitchell b12a49f19f Bump api's sdk 2019-07-09 04:01:32 -04:00
Jeff Mitchell 7f1a9d8dd3 Bump version in sdk 2019-07-09 03:54:28 -04:00
Jeff Mitchell 8b93119f39 Update CHANGELOG for release 2019-07-09 03:53:17 -04:00
Jeff Mitchell 49371ff945 Buster is released, so switch off testing for Dockerfile 2019-07-09 03:51:05 -04:00
Jeff Mitchell ff40dd30e0 Add a missing lock to cluster handler 2019-07-09 03:46:08 -04:00
Jeff Mitchell 7144450211 Bump sdk/api 2019-07-08 19:06:16 -04:00
Jeff Mitchell b86c920b6c Bump sdk in api 2019-07-08 19:04:47 -04:00
Jeff Mitchell 9e143be494 changelog++ 2019-07-08 19:04:02 -04:00
Mark Gritter 6ac5ba8945 Escape SQL username and password parameters before substituting them in to a URL. (#7089) 2019-07-09 01:02:54 +02:00
Jeff Mitchell d810758ca2
Rerun proto gen as some got gen'd with old proto version (#7090) 2019-07-09 01:02:20 +02:00
Brian Kassouf 94a263dcdf
Don't run Initialize on plugins on postUnseal (#7087)
* Don't run Initialize on plugins on postUnseal

* Add comments explaining that we do not want to initalize
2019-07-08 14:54:24 -07:00
Martin Lee 6e672d398e Explain the dev server mounts a KV store (#7083)
Resolves #7081
2019-07-08 08:56:39 -07:00
Matthew Irish 96eea4f7f9
update handlebars (#7084) 2019-07-08 08:20:12 -05:00
Jeff Mitchell 2cb16e3a9c
Fix nil pointer panic in wrapping validation (#7077)
Wrapping validation was deferring the function to audit log before
actually checking if we were sealed or standby, and without having the
read lock grabbed.
2019-07-05 22:31:03 -04:00
Brian Kassouf b0cfcc003d Bind entry to initalize locally 2019-07-05 18:37:10 -07:00
Jeff Mitchell 03c6090b95 Mod tidy 2019-07-05 20:26:12 -04:00
Brian Kassouf 556e8da040
Update vendor directory (#7076) 2019-07-05 17:01:41 -07:00
Jeff Mitchell cec8f6a32b Migrate build to use go modules 2019-07-05 19:59:04 -04:00
Mike Jarmy e0ce2195cc AWS upgrade role entries (#7025)
* upgrade aws roles

* test upgrade aws roles

* Initialize aws credential backend at mount time

* add a TODO

* create end-to-end test for builtin/credential/aws

* fix bug in initializer

* improve comments

* add Initialize() to logical.Backend

* use Initialize() in Core.enableCredentialInternal()

* use InitializeRequest to call Initialize()

* improve unit testing for framework.Backend

* call logical.Backend.Initialize() from all of the places that it needs to be called.

* implement backend.proto changes for logical.Backend.Initialize()

* persist current role storage version when upgrading aws roles

* format comments correctly

* improve comments

* use postUnseal funcs to initialize backends

* simplify test suite

* improve test suite

* simplify logic in aws role upgrade

* simplify aws credential initialization logic

* simplify logic in aws role upgrade

* use the core's activeContext for initialization

* refactor builtin/plugin/Backend

* use a goroutine to upgrade the aws roles

* misc improvements and cleanup

* do not run AWS role upgrade on DR Secondary

* always call logical.Backend.Initialize() when loading a plugin.

* improve comments

* on standbys and DR secondaries we do not want to run any kind of upgrade logic

* fix awsVersion struct

* clarify aws version upgrade

* make the upgrade logic for aws auth more explicit

* aws upgrade is now called from a switch

* fix fallthrough bug

* simplify logic

* simplify logic

* rename things

* introduce currentAwsVersion const to track aws version

* improve comments

* rearrange things once more

* conglomerate things into one function

* stub out aws auth initialize e2e test

* improve aws auth initialize e2e test

* finish aws auth initialize e2e test

* tinker with aws auth initialize e2e test

* tinker with aws auth initialize e2e test

* tinker with aws auth initialize e2e test

* fix typo in test suite

* simplify logic a tad

* rearrange assignment

* Fix a few lifecycle related issues in #7025 (#7075)

* Fix panic when plugin fails to load
2019-07-05 16:55:40 -07:00
Tim Arenz 54aaf8a87d Update tokens.html.md (#6697)
Fixing miner typo by adding dot.
2019-07-05 15:39:16 -07:00
Brian Shumate 39676b0b74 Update API docs for Create Token — resolves #7053 (#7056)
- Update sample `payload.json`
- Update sample response
2019-07-05 15:38:37 -07:00
Justin Weissig a5e762d36a docs: spelling (#6838)
Fixed minor spelling error: sychronized/synchronized.
2019-07-05 15:36:58 -07:00
Brian Shumate c041e7134c Update Cert Auth Login API docs — resolves #7039 (#7058)
- Add `--cert` and `--key` options to `curl` example so that it is
  clearer that the certificate and key must also be passed in
2019-07-05 15:36:20 -07:00
Daniel Mangum 3a6d8dbdd1 plugin docs: update example code snippet with correct imports and link to developing plugin backends tutorial (#6843)
Signed-off-by: hasheddan <georgedanielmangum@gmail.com>
2019-07-05 15:35:36 -07:00
Jeff Mitchell ffce5ca702 Fix various read only storage errors
* Fix various read only storage errors

A mistake we've seen multiple times in our own plugins and that we've
seen in the GCP plugin now is that control flow (how the code is
structured, helper functions, etc.) can obfuscate whether an error came
from storage or some other Vault-core location (in which case likely it
needs to be a 5XX message) or because of user input (thus 4XX). Error
handling for functions therefore often ends up always treating errors as
either user related or internal.

When the error is logical.ErrReadOnly this means that treating errors as
user errors skips the check that triggers forwarding, instead returning
a read only view error to the user.

While it's obviously more correct to fix that code, it's not always
immediately apparent to reviewers or fixers what the issue is and fixing
it when it's found both requires someone to hit the problem and report
it (thus exposing bugs to users) and selective targeted refactoring that
only helps that one specific case.

If instead we check whether the logical.Response is an error and, if so,
whether it contains the error value, we work around this in all of these
cases automatically. It feels hacky since it's a coding mistake, but
it's one we've made too multiple times, and avoiding bugs altogether is
better for our users.
2019-07-05 18:13:49 -04:00
Brian Kassouf 19910f6c77
core: Don't shutdown if key upgrades fail due to canceled context (#7070)
* core: Don't shutdown if key upgrades fail due to canceled context

* Continue if we are not shutting down
2019-07-05 14:19:15 -07:00
Calvin Leung Huang 5428ab50ee audit: log invalid wrapping token request/response (#6541)
* audit: log invalid wrapping token request/response

* Update helper/consts/error.go

Co-Authored-By: calvn <cleung2010@gmail.com>

* update error comments

* Update vault/wrapping.go

Co-Authored-By: calvn <cleung2010@gmail.com>

* update comment

* move validateWrappingToken out of http and into logical

* minor refactor, add test cases

* comment rewording

* refactor validateWrappingToken to perform audit logging

* move ValidateWrappingToken back to wrappingVerificationFunc

* Fix tests

* Review feedback
2019-07-05 14:15:14 -07:00
Becca Petrin 0663a2665c
add a reader that takes stdin (#7074) 2019-07-05 13:36:44 -07:00
Clint f27dc7d5f8 Combined Database backend: Add Static Account support to MongoDB (#7003)
* Implement SetCredentials for MongoDB, adding support for static accounts

* rework SetCredentials to split from CreateUser, and to parse the url for database

* Add integration test for mongodb static account rotation

* check the length of the password results to avoid out-of-bounds

* remove unused method

* use the pre-existing test helper for this. Add parse method to helper

* remove unused command
2019-07-05 14:57:01 -04:00
Clint 28447e00a3 Combined Database backend: Add Static Account support to MySQL (#6970)
* temp support for mysql+static accounts

* remove create/update database user for static accounts

* update tests after create/delete removed

* small cleanups

* update postgresql setcredentials test

* temp support for mysql+static accounts

* Add Static Account support to MySQL

* add note that MySQL supports static roles

* remove code comment

* tidy up tests

* Update plugins/database/mysql/mysql_test.go

Co-Authored-By: Calvin Leung Huang <cleung2010@gmail.com>

* Update plugins/database/mysql/mysql.go

Co-Authored-By: Calvin Leung Huang <cleung2010@gmail.com>

* update what password we test

* refactor CreateUser and SetCredentials to use a common helper

* add close statements for statements in loops

* remove some redundant checks in the mysql test

* use root rotation statements as default for static accounts

* missed a file save
2019-07-05 14:52:56 -04:00
Clint cd6b0b2de5 Combined Database backend: Add GenerateCredentials to the CredentialsProducer Interface (#7010)
* Add GenerateCredentials to the CredentialsProducer Interface, add default implementation

* Remove GenerateCredentials implementation from database plugins
2019-07-05 14:34:47 -04:00
Matthew Irish d23bef606a
Actually lazy load swagger ui (#7067)
* switch to dynamic imports so that bundling doesn't include swagger-ui-dist in its vendor file

* remove ember-ajax

* delete comment

* update comment about lazy loading in the engine index.js
2019-07-05 10:28:41 -05:00
Jim Kalafut 150d75756a
changelog++ 2019-07-03 15:56:19 -07:00
Brian Kassouf 4d7d0d729a
storage/raft: When restoring a snapshot preseal first (#7011)
* storage/raft: When restoring a snapshot preseal first

* best-effort allow standbys to apply the restoreOp before sealing active node

* Don't cache the raft tls key

* Update physical/raft/raft.go

* Move pending raft peers to core

* Fix race on close bool

* Extend the leaderlease time for tests

* Update raft deps

* Fix audit hashing

* Fix race with auditing
2019-07-03 13:56:30 -07:00