Jeff Mitchell
a979f49cd7
Add disable-indexing
2018-10-23 15:03:17 -04:00
Jeff Mitchell
82992d6097
Seal migration (OSS) ( #781 )
2018-10-22 23:34:02 -07:00
Calvin Leung Huang
a08ccbffa7
[Review Only] Autoseal OSS port ( #757 )
...
* Port awskms autoseal
* Rename files
* WIP autoseal
* Fix protobuf conflict
* Expose some structs to properly allow encrypting stored keys
* Update awskms with the latest changes
* Add KeyGuard implementation to abstract encryption/decryption of keys
* Fully decouple seal.Access implementations from sealwrap structs
* Add extra line to proto files, comment update
* Update seal_access_entry.go
* govendor sync
* Add endpoint info to configureAWSKMSSeal
* Update comment
* Refactor structs
* Update make proto
* Remove remove KeyGuard, move encrypt/decrypt to autoSeal
* Add rest of seals, update VerifyRecoveryKeys, add deps
* Fix some merge conflicts via govendor updates
* Rename SealWrapEntry to EncryptedBlobInfo
* Remove barrier type upgrade check in oss
* Add key to EncryptedBlobInfo proto
* Update barrierTypeUpgradeCheck signature
2018-10-19 14:43:57 -07:00
Jim Kalafut
4c80debe63
Add physical backend migrator command ( #5143 )
2018-09-25 16:18:22 -07:00
Jeff Mitchell
43aebacfa8
Fix default_max_request_duration HCL name and update docs ( #5321 )
...
* Fix default_max_request_duration HCL name and update docs
* Update tcp.html.md
2018-09-18 14:30:21 -07:00
Jeff Mitchell
919b968c27
The big one ( #5346 )
2018-09-17 23:03:00 -04:00
Jeff Mitchell
c28ed23972
Allow most parts of Vault's logging to have its level changed on-the-fly ( #5280 )
...
* Allow most parts of Vault's logging to have its level changed on-the-fly
* Use a const for not set
2018-09-05 15:52:54 -04:00
Jeff Mitchell
aec9a689a0
Sync over some stuff
2018-08-24 12:09:03 -04:00
Jeff Mitchell
4261618d10
Add request timeouts in normal request path and to expirations ( #4971 )
...
* Add request timeouts in normal request path and to expirations
* Add ability to adjust default max request duration
* Some test fixes
* Ensure tests have defaults set for max request duration
* Add context cancel checking to inmem/file
* Fix tests
* Fix tests
* Set default max request duration to basically infinity for this release for BC
* Address feedback
2018-07-24 14:50:49 -07:00
Jeff Mitchell
8433bf26e9
Fix printable check key not being valid
2018-07-12 16:59:07 -04:00
Jeff Mitchell
954f6c4ece
Add config flag to disable non-printable character check ( #4917 )
2018-07-12 16:29:36 -04:00
Jeff Mitchell
4a3fe87a39
Allow max request size to be user-specified ( #4824 )
...
* Allow max request size to be user-specified
This turned out to be way more impactful than I'd expected because I
felt like the right granularity was per-listener, since an org may want
to treat external clients differently from internal clients. It's pretty
straightforward though.
This also introduces actually using request contexts for values, which
so far we have not done (using our own logical.Request struct instead),
but this allows non-logical methods to still get this benefit.
* Switch to ioutil.ReadAll()
2018-07-06 15:44:56 -04:00
Calvin Leung Huang
c4abeb9ea5
Move checkHCLKeys into hclutil ( #4749 )
2018-06-12 12:38:08 -04:00
Jeff Mitchell
9e7f381fca
Sync over changes to config.go
2018-05-30 08:34:46 -04:00
Shelby Moore
f8e1f82225
Updated proxy protocol config validation ( #4528 )
2018-05-09 10:53:44 -04:00
Jeff Mitchell
805b5e5160
X-Forwarded-For ( #4380 )
2018-04-17 18:52:09 -04:00
Calvin Leung Huang
fb81016252
Fix output-related tests ( #4288 )
...
* Fix command tests
* More test fixes
* Use backticks to escape quoted strings
* More test fixes
* Fix mismatched error output failures
* Fix mismatched error output failures
2018-04-05 20:43:29 -04:00
Vishal Nayak
28e3eb9e2c
Errwrap everywhere ( #4252 )
...
* package api
* package builtin/credential
* package builtin/logical
* package command
* package helper
* package http and logical
* package physical
* package shamir
* package vault
* package vault
* address feedback
* more fixes
2018-04-05 11:49:21 -04:00
Becca Petrin
03cf302e9a
Move to "github.com/hashicorp/go-hclog" ( #4227 )
...
* logbridge with hclog and identical output
* Initial search & replace
This compiles, but there is a fair amount of TODO
and commented out code, especially around the
plugin logclient/logserver code.
* strip logbridge
* fix majority of tests
* update logxi aliases
* WIP fixing tests
* more test fixes
* Update test to hclog
* Fix format
* Rename hclog -> log
* WIP making hclog and logxi love each other
* update logger_test.go
* clean up merged comments
* Replace RawLogger interface with a Logger
* Add some logger names
* Replace Trace with Debug
* update builtin logical logging patterns
* Fix build errors
* More log updates
* update log approach in command and builtin
* More log updates
* update helper, http, and logical directories
* Update loggers
* Log updates
* Update logging
* Update logging
* Update logging
* Update logging
* update logging in physical
* prefixing and lowercase
* Update logging
* Move phyisical logging name to server command
* Fix som tests
* address jims feedback so far
* incorporate brians feedback so far
* strip comments
* move vault.go to logging package
* update Debug to Trace
* Update go-plugin deps
* Update logging based on review comments
* Updates from review
* Unvendor logxi
* Remove null_logger.go
2018-04-02 17:46:59 -07:00
Josh Soref
73b1fde82f
Spelling ( #4119 )
2018-03-20 14:54:10 -04:00
Bharath B
699f9246e6
Config parameter "tls_disable_client_certs" is wrongly evaluated. ( #4049 )
2018-02-28 10:07:23 -05:00
Jeff Mitchell
642b88c76a
go vet fixes
2018-02-05 14:26:31 -05:00
Chris Hoffman
164849f056
Add support for encrypted TLS key files ( #3685 )
2017-12-15 17:33:55 -05:00
Calvin Leung Huang
882f85740b
Move HA-related config values to top level ( #3550 )
...
* Move HA-related config values to top level
* Add config2.hcl test-fixture
2017-11-08 14:19:41 -05:00
Calvin Leung Huang
0762ac14cf
aws_region->region on awskms config
2017-11-02 16:31:16 -04:00
Jeff Mitchell
a25dae82dd
Final sync
2017-10-23 17:39:21 -04:00
Jeff Mitchell
17a15cd594
Add option to disable client certificate requesting. ( #3373 )
...
Fixes #3372
2017-09-25 14:41:46 -04:00
Vishal Nayak
e99640f462
Add 'pid_file' config option ( #3321 )
...
* add pid_file config option
* address review feedback
* address review comments
2017-09-16 17:09:37 -04:00
Chris Hoffman
9d73c81f38
Disable the sys/raw
endpoint by default ( #3329 )
...
* disable raw endpoint by default
* adding docs
* config option raw -> raw_storage_endpoint
* docs updates
* adding listing on raw endpoint
* reworking tests for enabled raw endpoints
* root protecting base raw endpoint
2017-09-15 00:21:35 -04:00
Jeff Mitchell
3edb337a00
Add option to set cluster TLS cipher suites. ( #3228 )
...
* Add option to set cluster TLS cipher suites.
Fixes #3227
2017-08-30 16:28:23 -04:00
Doyoon Kim
3ffebb7780
Moved PROXY protocol wrap to execute before the TLS wrap ( #3195 )
2017-08-23 12:00:09 -04:00
Gobin Sougrakpam
8e01c994bf
tls_client_ca_file option for verifying client ( #3034 )
2017-08-03 07:33:06 -04:00
Jeff Mitchell
7e3ff5e56c
Add PROXY protocol support ( #3098 )
2017-08-02 18:24:12 -04:00
Jeff Mitchell
1bfc6d4fe7
Add a -dev-three-node option for devs. ( #3081 )
2017-07-31 11:28:06 -04:00
Jeff Mitchell
d55d75a79f
Convert listener arguments to map[string]interface{} ( #2905 )
...
This allows people to use more natural constructs, e.g. for tls_disable
it can be a bool, int, or string.
2017-06-22 20:29:53 +01:00
Jeff Mitchell
33ca94773f
Add DogStatsD metrics output. ( #2883 )
...
Fixes #2490
2017-06-16 23:51:46 -04:00
Brian Kassouf
8a3ef906d5
Update the plugin directory logic
2017-04-13 11:22:53 -07:00
Brian Kassouf
8ccf10641b
Merge branch 'master' into database-refactor
2017-04-12 14:29:10 -07:00
Brian Kassouf
e8781b6a2b
Plugin catalog
2017-04-03 17:52:29 -07:00
Jeff Mitchell
5d760d4090
Add option to require valid client certificates ( #2457 )
2017-03-08 10:21:31 -05:00
Jeff Mitchell
b11f92ba5a
Rename physical backend to storage and alias old value ( #2456 )
2017-03-08 09:17:00 -05:00
Jeff Mitchell
5119b173c4
Rename helper 'duration' to 'parseutil'. ( #2449 )
...
Add a ParseBool function that accepts various kinds of ways of
specifying booleans.
Have config use ParseBool for UI and disabling mlock/cache.
2017-03-07 11:21:22 -05:00
Jeff Mitchell
b29861f7bb
Do some porting to make diffing easier
2017-02-24 10:45:29 -05:00
Jeff Mitchell
c81582fea0
More porting from rep ( #2388 )
...
* More porting from rep
* Address review feedback
2017-02-16 16:29:30 -05:00
Roman Vynar
1615280efa
Added tls_cipher_suites, tls_prefer_server_ciphers config options to listener ( #2293 )
2017-01-23 13:48:35 -05:00
Chris Lundquist
9b5ee87929
prevent binding 0.0.0.0 -> ::0 ( #2094 )
2016-11-15 12:00:57 -05:00
matt maier
57925ee863
Vendor circonus ( #2082 )
2016-11-10 16:17:55 -05:00
Jeff Mitchell
2c85fdfeb9
Switch default case of disable cluster. ( #1959 )
2016-10-02 14:54:01 -04:00
Jeff Mitchell
85315ff188
Rejig where the reload functions live
2016-09-30 00:07:22 -04:00
Jeff Mitchell
f0203741ff
Change default TTL from 30 to 32 to accommodate monthly operations ( #1942 )
2016-09-28 18:32:49 -04:00
Evan Phoenix
4214a0199d
Advertise the cluster_(id|name) in the Scada handshake ( #1906 )
2016-09-23 10:55:51 -04:00
Jeff Mitchell
bbe87db913
Force tls_disable on scada connection inside outer TLS connection as it's not currently supported anyways
2016-09-20 14:56:16 -04:00
vishalnayak
5bd665a842
Update atlas listener factory to use version with pre-release info.
2016-09-01 17:21:11 -04:00
Jeff Mitchell
2ce4397deb
Plumb through the ability to set the storage read cache size. ( #1784 )
...
Plumb through the ability to set the storage read cache size.
Fixes #1772
2016-08-26 10:27:06 -04:00
Jeff Mitchell
58b32e5432
Convert to logxi
2016-08-21 18:13:37 -04:00
Jeff Mitchell
37320f8798
Request forwarding ( #1721 )
...
Add request forwarding.
2016-08-15 09:42:42 -04:00
Vishal Nayak
c7bcaa5bb6
Merge pull request #1655 from hashicorp/cluster-id
...
Vault cluster name and ID
2016-07-26 14:12:48 -04:00
Evan Phoenix
41ed3de3b1
Report the simple version string
2016-07-26 10:21:24 -07:00
vishalnayak
6e1d020c3a
Added cluster_name for existing config tests
2016-07-26 11:38:24 -04:00
vishalnayak
7daa92f42c
Update cluster name during config merge
2016-07-26 11:11:12 -04:00
vishalnayak
a3e6400697
Remove global name/id. Make only cluster name configurable.
2016-07-26 10:01:35 -04:00
vishalnayak
c7dabe4def
Storing local and global cluster name/id to storage and returning them in health status
2016-07-26 02:32:42 -04:00
matt maier
6519c224ac
Circonus integration for telemetry metrics
2016-07-22 15:49:23 -04:00
Jeff Mitchell
3ec81debe7
Trim leading/trailing space around PEM bundles.
...
Fixes #1634
2016-07-20 13:57:49 -04:00
vishalnayak
f34f0ef503
Make 'tls_min_version' configurable
2016-07-12 19:32:47 -04:00
Jeff Mitchell
61250157d7
Don't panic on an empty configuration during merge
2016-07-05 16:49:15 -04:00
Jeff Mitchell
6ff0742aa6
Remove unneeded else
2016-06-08 13:55:31 -04:00
Jeff Mitchell
64c180510e
Add a metadata node_id field for Atlas usage and fix tests
2016-06-02 18:19:51 -04:00
Jeff Mitchell
0d9ea2a1a1
Initial Atlas listener implementation
2016-06-02 14:05:47 -04:00
Sean Chittenden
0c23acb818
Comment nits
2016-04-25 18:00:54 -07:00
Jeff Mitchell
528b25c5f4
Merge HA Backend objects
2016-03-21 16:56:13 -04:00
Jeff Mitchell
0e3764832a
Add test for listener reloading, and update website docs.
2016-03-14 14:05:47 -04:00
Jeff Mitchell
84af6ec8ac
Don't generate an ID; use address for the ID. Generally speaking we'll need to sane against what's in the config
2016-03-11 17:28:03 -05:00
Jeff Mitchell
996c584192
Don't inline factory
2016-03-11 17:02:44 -05:00
Jeff Mitchell
d75ce9de9b
Retool to have reloading logic run in command/server
2016-03-11 16:47:03 -05:00
Jeff Mitchell
c6066af4c1
Add tests. This actually adds the initial tests for the TLS listener,
...
then layers reloading tests on top.
2016-03-11 14:05:52 -05:00
Jeff Mitchell
baf0763b3c
Add reload capability for Vault listener certs. No tests (other than
...
manual) yet, and no documentation yet.
2016-03-11 14:05:52 -05:00
Seth Vargo
b207fc403c
Fix failing config test
2016-03-10 17:36:10 -05:00
Seth Vargo
0adab4182f
Fix test fixtures
2016-03-10 16:51:08 -05:00
Seth Vargo
f916ed349d
Print errors on extra keys in server config
...
This does NOT apply to the backend config, since each backend config
could have a variation of options that differ based off of the
configured backend itself. This may be an optimization that can be made
in the future, but I think each backend should be responsible for
performing its own configuration validation instead of overloading the
config itself with this functionality.
2016-03-10 15:25:25 -05:00
Jeff Mitchell
0998e1cdf9
Update help text exporting dev mode listen address.
...
Ping #1160
2016-03-03 18:10:14 -05:00
Jeff Mitchell
6cdb8aeb4f
Merge branch 'master' into f-disable-tls
2015-12-29 12:59:02 -05:00
Jeff Mitchell
ced0835574
Allow separate HA physical backend.
...
With no separate backend specified, HA will be attempted on the normal
physical backend.
Fixes #395 .
2015-12-14 07:59:58 -05:00
Armon Dadgar
985717b428
server: sanity check value for 'tls_disable'
2015-11-25 11:37:57 -08:00
Jeff Mitchell
9f0b1547bb
Allow disabling the physical storage cache with 'disable_cache'.
...
Fixes #674 .
2015-10-12 13:00:32 -04:00
Jeff Mitchell
3f45f3f41b
Rename config lease_duration parameters to lease_ttl in line with current standardization efforts
2015-08-27 07:50:24 -07:00
vishalnayak
e5080a7f32
Merging with master
2015-08-06 18:44:40 -04:00
vishalnayak
c7ef0b95c2
Vault SSH: CRUD test case for OTP Role
2015-07-31 13:24:23 -04:00
Karl Gutwin
4bad987e58
PR review updates
2015-07-30 13:21:41 -04:00
Karl Gutwin
151ec72d00
Add configuration options for default lease duration and max lease duration.
2015-07-30 09:42:49 -04:00
Armon Dadgar
ae28087f67
server: import sha512. Fixes #448
2015-07-23 13:51:45 -07:00
Karl Gutwin
1096f5a53e
Avoid unnecessary abbreviation
2015-07-22 23:28:46 -04:00
Karl Gutwin
2e81d9047d
Allow specifying a TLS minimum version
2015-07-22 23:19:41 -04:00
Nate Brown
dec99f2bf6
Git ignore getting in the way
2015-07-14 15:57:06 -07:00
Nate Brown
5804c4a872
Fix travis build
2015-07-14 15:50:29 -07:00
Nate Brown
0ec0b41aa3
Telemetry object in config
2015-07-14 15:36:28 -07:00
Armon Dadgar
268db24819
command/listener: Request TLS client cert. Fixes #214
2015-05-20 16:01:40 -07:00
Mitchell Hashimoto
3d3274a66b
command/server: fix one race condition
2015-04-28 19:11:46 -07:00
Mitchell Hashimoto
d29ada47eb
command/server: disable mlock in dev mode
2015-04-28 15:11:39 -07:00
Mitchell Hashimoto
006d4fccfd
command/server: allow disabling mlock
2015-04-28 15:09:30 -07:00