Commit graph

11567 commits

Author SHA1 Message Date
Mike Jarmy 5986ce922d
add counters for active service tokens, and identity entities (#7541) 2019-10-08 13:58:19 -04:00
Calvin Leung Huang d8875b1991
sys/config: config state endpoint (#7424)
* sys/config: initial work on adding config state endpoint

* server/config: add tests, fix Sanitized method

* thread config through NewTestCluster's config to avoid panic on dev modes

* properly guard endpoint against request forwarding

* add http tests, guard against panics on nil RawConfig

* ensure non-nil rawConfig on NewTestCluster cores

* update non-forwarding logic

* fix imports; use no-forward handler

* add missing config test fixture; update gitignore

* return sanitized config as a map

* fix test, use deep.Equal to check for equality

* fix http test

* minor comment fix

* config: change Sanitized to return snake-cased keys, update tests

* core: hold rlock when reading config; add docstring

* update docstring
2019-10-08 10:57:15 -07:00
Jim Kalafut 2e4c9995ac
changelog++ 2019-10-08 08:54:08 -07:00
James Stoker 49c9352f75 Add config parameter to Azure storage backend to allow specifying the ARM endpoint to support Azure Stack. (#7567) 2019-10-08 08:51:36 -07:00
Michel Vocks a0c122926a
Unauth metrics: Fix missing parse form and error response (#7569)
* Unauth metrics: Fix missing parse form and error response

* Change metrics error response to text/plain content type always
2019-10-08 14:55:25 +02:00
Matthew Irish 7f80626162
UI - namespace fixes (#7587)
* check for model in the edit form before rolling back

* make sure namespace service name is consistent in the auth service

* actually tell it what service to inject
2019-10-07 20:41:04 -05:00
Calvin Leung Huang 9622a351ae docs: add sys/pprof API docs (#7562)
* docs: add sys/pprof api docs

* fix header
2019-10-07 11:55:17 -04:00
Calvin Leung Huang dd02d94a41 docs: add sys/host-info API docs (#7563)
* docs: add sys/host-info api docs

* remove extra closing bracket in sample response
2019-10-07 11:54:48 -04:00
Michel Vocks f8c233a63b Docs: Add unauthenticated metrics access docs (#7566) 2019-10-07 11:54:09 -04:00
Aric a2b70c7bc7 Update index.html.md (#7580)
"before storage data at rest" seems like it was intended to read either "before storing data at rest" or "before storage of data at rest".
2019-10-07 11:53:17 -04:00
Brian Shumate 66a3218331 Typo (#7586) 2019-10-07 08:08:18 -07:00
Anton Soroko 1ef95b240c Remove unused code in kv_get.go (#7583) 2019-10-07 10:18:04 -04:00
Brian Shumate 4b5be69252 Docs: update plugin_dir (#7585)
- Add note that plugin_dir value cannot be a symlink
2019-10-07 10:17:12 -04:00
Brian Shumate 41374ecd82 Add note about plugin_directory (#7584)
- Note that plugin_directory cannot be a symbolic link
2019-10-07 09:59:34 -04:00
Noelle Daley 71e2263534
Update CHANGELOG.md 2019-10-04 14:17:41 -07:00
Noelle Daley 899f0dc2cb
do not swallow ControlGroupErrors when viewing or editing kvv2 secrets (#7504)
* do not swallow ControlGroupErrors when viewing or editing kvv2 secrets

* test kv v2 control group workflow

* do not manually clearModelCache when logging out since this already happens when leaving the logout route

* remove pauseTest

* update comments

* wip - looking into why restricted user can see the control group protected secret after it has already been unwrapped once

* strip version from query params so we can unwrap a secret after it is authorized

* use attachCapabilities instead of lazyCapabilities to ensure models are cleaned up properly

* remove comment

* make ControlGroupError extend AdapterError

* fix broken redirect_to test

* one day i will remember to remove my debugger statements; today is not that day

* no need to check for a ControlGroupError since it extends an AdapterError

* see if using EmberError instead of AdapterError fixes the browserstack tests

* Revert "see if using EmberError instead of AdapterError fixes the browserstack tests"

This reverts commit 14ddd67cacbf1ccecb8cc2d1f59a2c273866da72.
2019-10-04 13:15:33 -07:00
Jim Kalafut e9560ea13c
Fix transit docs env var typo (#7572)
Fixes #7570
2019-10-04 12:45:02 -07:00
Brian Shumate 77311bf24f Docs: update Transit Secrets Engine Create Key (#7568)
- Use type that supports derivation in sample payload
2019-10-04 10:56:18 -07:00
Calvin Leung Huang 7a385a7854 update go.mod and sdk/go.mod 2019-10-04 09:40:23 -07:00
Nick Cabatoff 85e387439e go mod vendor and go mod tidy 2019-10-04 09:14:37 -04:00
Michel Vocks a7a6dd55a5
Add config parameter to allow unauthenticated metrics access (#7550)
* Implement config parameter to allow unathenticated metricss access

* Add unit test for unauthenticated metrics access parameter

* go mod tidy
2019-10-04 09:29:51 +02:00
Calvin Leung Huang 8239612352
sys/pprof: fix pprof index description (#7564) 2019-10-03 17:02:41 -07:00
Calvin Leung Huang 920fa1452b
sys/host-info: fix host-info description typo (#7565) 2019-10-03 17:02:19 -07:00
Chris Hoffman cd4fd558b9
changelog++ 2019-10-03 18:49:43 -04:00
Chris Hoffman a61ca9d311
changelog++ 2019-10-03 18:48:51 -04:00
Michael Gaffney 6b1e1909e9
core: re-encrypt barrier and recovery keys if the unseal key is updated (#7493)
Seal keys can be rotated. When this happens, the barrier and recovery
keys should be re-encrypted with the new seal key. This change
automatically re-encrypts the barrier and recovery keys with the latest
seal key on the active node during the 'postUnseal' phase.
2019-10-03 16:40:18 -04:00
Jeff Mitchell 49f7e290ff changelog++ 2019-10-03 16:12:17 -04:00
Jeff Mitchell 4252f5c9e4
Add AES128-GCM96 support to transit (#7555) 2019-10-03 16:11:43 -04:00
Calvin Leung Huang f714060c47
changelog++ 2019-10-03 10:46:02 -07:00
Calvin Leung Huang 3f1c7c86a0
sys: add host-info endpoint (#7330)
* sys: add host-info endpoint, add client API method

* remove old commented handler

* add http tests, fix bugs

* query all partitions for disk usage

* fix Timestamp decoding

* add comments for clarification

* dont append a nil entry on disk usage query error

* remove HostInfo from the sdk api

We can use Logical().Read(...) to query this endpoint since the payload is contained with the data object. All warnings are preserved under Secret.Warnings.

* ensure that we're testing failure case against a standby node

* add and use TestWaitStandby to ensure core is on standby

* remove TestWaitStandby

* respond with local-only error

* move HostInfo into its own helper package

* fix imports; use new no-forward handler

* add cpu times to collection

* emit clearer multierrors/warnings by collection type

* add comments on HostInfo fields
2019-10-03 09:43:52 -07:00
Jeff Mitchell a726e71e20 changelog++ 2019-10-03 12:36:07 -04:00
ncabatoff 31d2224f6e
changelog++ 2019-10-03 12:34:32 -04:00
ncabatoff 4613fc4e7f
changelog++ 2019-10-03 12:33:20 -04:00
Jeff Mitchell 6d1e804a22
Add P384 and P521 support to Transit (#7551) 2019-10-03 12:32:43 -04:00
ncabatoff 71cb7cbf18
Fix issue with rotateCredentials deadlocking with itself (#7518) 2019-10-03 12:28:29 -04:00
Matthew Irish a9b208793c
Update CHANGELOG.md 2019-10-02 11:59:47 -05:00
Jim Kalafut fbf0eed21a
changelog++ 2019-10-02 09:31:07 -07:00
David Adams 98a6a428c0 Add response_types_supported to OIDC configuration (#7533)
The OIDC Discovery standard requires the response_types_supported field
to be returned in the .well-known/openid-configuration response.

Also, the AWS IAM OIDC consumer won't accept Vault as an identity
provider without this field.

Based on examples in the OIDC Core documentation, it appears Vault
supports only the `id_token` flow, and thus that is the only value that
makes sense to be set in this field. See:

https://openid.net/specs/openid-connect-core-1_0.html#AuthorizationExamples
2019-10-02 08:59:57 -07:00
ncabatoff e7fe4b6d92
Return a useful error on attempts to renew a token via sys/leases/renew (#7298) 2019-10-02 10:55:20 -04:00
Jim Kalafut 9c80c3770a
Fix identity token API docs (#7545) 2019-10-01 16:13:21 -07:00
Vu Pham 2176b5f701 Update oci-object-storage.html.md (#7543) 2019-10-01 16:08:34 -07:00
Jim Kalafut 153c4cc80e
Add 1.2+ role parameters back to JWT API docs (#7544)
This reverts 24c2f8c2ad76, which pulled the parameters while there were
outstanding bugs when using them with JWT auth.
2019-10-01 16:07:52 -07:00
Matthew Irish 8d9d8e3d0e
UI wrapped token fix (#7398)
* default to token auth method

* pass in selectedValue to the AuthForm

* adjust when and if tasks are called so there's no race condition with wrapped_token query param

* add some tests for wrapped_token

* adjust redirect_to behavior so that it also works with the logout route and the wrapped_token query param

* fix linting
2019-10-01 15:30:56 -05:00
Matthew Irish c5ade0897e
UI CI exit 1 if there's an error (#7399)
* exit 1 if there's an error

* fix failing confirm tests

* still need to exit the process 😂
2019-10-01 14:57:37 -05:00
Jim Kalafut 63393ea1cc
Update vendor dir (#7539) 2019-10-01 08:03:32 -07:00
Vishal Nayak 464cd91fd5 changelog++ 2019-09-30 17:52:10 -04:00
Jim Kalafut 7fb092e00b
changelog++ 2019-09-30 13:55:05 -07:00
Jim Kalafut 9a05e95760
Log proxy settings from environment on startup (#7528) 2019-09-30 08:46:42 -07:00
Vishal Nayak dbf5b9b956 changelog++ 2019-09-30 10:51:07 -04:00
Vishal Nayak c84f804f48
Fix identity case sensitivity loading in secondary cluster (#7327)
* Fix identity case sensitivity loading in secondary cluster

* Add nil check
2019-09-30 10:27:25 -04:00