luxolus/open-vault
2
0
Fork 0
Code Issues 1 Pull requests Releases Activity
11148 commits 1 branch 0 tags 214 MiB
Commit graph

11148 commits

This branch
This branch
All branches
Author SHA1 Message Date
Jim Kalafut e4be09ead5
changelog++ 2019-08-19 11:57:36 -07:00
Jack Kleeman 1977305ffa Store less data in Cassandra prefix buckets (#7199) 
* Store less data in Cassandra prefix buckets

The Cassandra physical backend relies on storing data for sys/foo/bar
under sys, sys/foo, and sys/foo/bar. This is necessary so that we
can list the sys bucket, get a list of all child keys, and then trim
this down to find child 'folders' eg food. Right now however, we store
the full value of every storage entry in all three buckets. This is
unnecessary as the value will only ever be read out in the leaf bucket
ie sys/foo/bar. We use the intermediary buckets simply for listing keys.

We have seen some issues around compaction where certain buckets,
particularly intermediary buckets that are exclusively for listing,
get really clogged up with data to the point of not being listable.
Buckets like sys/expire/id are huge, combining lease expiry data for
all auth methods, and need to be listed for vault to successfully
become leader. This PR tries to cut down on the amount of data stored
in intermediary buckets.

* Avoid goroutine leak by buffering results channel up to the bucket count
 2019-08-19 11:50:00 -07:00
Jeff Mitchell 47024b4753 changelog++ 2019-08-19 12:33:13 -04:00
ncabatoff 8d4d6921ad
changelog++ 2019-08-19 09:21:39 -04:00
Vishal Nayak 9b878b0717 go fmt on aws path role files 2019-08-16 11:25:33 -04:00
Jim Kalafut 3ce3e40db7
Update role parameters in JWT API docs (#7328) 
This is a temporary revert related to https://github.com/hashicorp/vault-plugin-auth-jwt/issues/66.
Once that change is in a released Vault, this docs change should be reverted back.
 2019-08-16 08:09:15 -07:00
Jim Kalafut eaae12f782
changelog++ 2019-08-15 09:51:06 -07:00
Chris Hoffman 0a23fb8294
changelog++ 2019-08-15 10:32:43 -04:00
ncabatoff fb1dec0b98
changelog++ 2019-08-15 10:11:33 -04:00
ncabatoff fb225428ff
changelog++ 2019-08-15 10:07:43 -04:00
Jeff Mitchell 88e1885c1c Updating plugin deps 2019-08-14 17:23:29 -04:00
Calvin Leung Huang 1eaaea50fb
changelog++ 2019-08-14 14:17:44 -07:00
Jeff Mitchell 8918b2ef76 Use separate env var for Vault commit in plugin update script 2019-08-14 17:02:28 -04:00
Jeff Mitchell 87f649bf99 Prep for 1.2.2 2019-08-14 16:54:16 -04:00
Najib Ben 64936d5038 Remove 512 entity limit for groups (#7317) 
* Consul 1.5.3 has configurable value limit for KV storage
* Integrated Raft
 2019-08-14 13:47:11 -04:00
Matthew Irish 204383b83a
changelog++ 2019-08-14 10:29:11 -05:00
Jim Kalafut 0331a2a3e1
changelog++ 2019-08-14 08:04:46 -07:00
Matthew Irish effe7320d5
change input to textarea and use autosize on them (#7254) 
* change input to textarea and use autosize on them

* fix some tests
 2019-08-14 10:02:16 -05:00
Jeff Mitchell ae45997fe3 Use Go 1.12.8 for building 2019-08-14 10:45:19 -04:00
Calvin Leung Huang 67170b378f command/server: fix TestLoadConfigFile_json2 test, fix hcl tags (#7300) 
* command/server: fix TestLoadConfigFile_json2 test, fix hcl tags

Fixes test to call the equality check, and add missing values to the expected object. Fixes hcl tags in the Telemetry structs.

* fix PrometheusRetentionTime tag
 2019-08-14 10:32:11 -04:00
ncabatoff be7b9c2dc5 Since we run plenty of dockerized tests without requiring an env var to (#7291) 
be set, let's make the Radius tests behave that way too.
 2019-08-14 10:31:23 -04:00
skarsol 073ff32900 Add section for consul 1.4+ (#6366) 2019-08-14 10:19:14 -04:00
Didi Kohen a14b44ee8b Add some more detail for the root generation process (#5720) 
* Add some more detail for the root generation process

* Remove mention of old OTP and OTP provided on the start request
 2019-08-14 10:16:10 -04:00
IPv4v6 8fe861ec04 add examples for ECC key sizes in documentation (#2952) 
* add examples for ECC key sizes in documentation

Signed-off-by: Stefan Pietsch <mail.ipv4v6+gh@gmail.com>

* remove links to Go documentation
 2019-08-14 10:08:41 -04:00
Calvin Leung Huang 522fa83568 sdk/logical: handle empty token type string values as TokenTypeDefault (#7273) 
* sdk/logical: handle empty token type string values as TokenTypeDefault

* add test case for missing token_type value
 2019-08-14 09:45:40 -04:00
Calvin Leung Huang 675593bd18 docs: add 1.2.1 upgrade guide (#7274) 2019-08-14 09:45:09 -04:00
Jim Kalafut 3e7a2211bf Update PCF Auth plugin (#7306) 2019-08-14 09:43:04 -04:00
Jim Kalafut 38e2815d1a
changelog++ 2019-08-13 21:43:21 -07:00
ncabatoff fab0f3298c Fix regression that causes panic when logging in via Radius. (#7290) 2019-08-13 17:11:24 -07:00
Matthew Irish a4b6bb8626
kv v2 display bugs (#7307) 
* fix switch css

* allow breadcrumbs container to grow if it's overflowed so that it's still usable

* close the dropdowns on destructive actions that cause a route refresh

* use new attachCapabilities for context menus on auth methods to get rid of an error
 2019-08-13 16:54:51 -05:00
Madalyn d3bc388b31
remove double slash from generated api endopints in generated adapter (#7299) 
remove double slash from generated api endopints
 2019-08-12 14:27:37 -04:00
Jim Kalafut 4653861333
Fix PCF API docs field names (#7302) 2019-08-12 10:55:23 -07:00
Michel Boucey badb089ffb Add gothic, a Haskell KVv2 engine API client (#7301) 2019-08-12 13:30:25 -04:00
Jason O'Donnell ac16dec5c4
docs: update k8s helm doc (#7279) 2019-08-08 17:05:01 -04:00
Joel Thompson e4b9efd37f logical/aws: Refactor role validation (#7276) 
This refactors role validation for the AWS secrets engine to be in a
separate method. Previously, all validation was interspersed with the
parsing of parameters when creating/updating a role, which led to a high
degree of complexity. Now, all validation is centralized which makes it
easier to understand and also easier to test (and so a number of test
cases have been added).
 2019-08-08 11:53:06 -07:00
Brian Kassouf baed23d816
changelog++ 2019-08-07 14:53:46 -07:00
Jim Kalafut 72a15422d5
Fix identity store 'key not found' response (#7267) 
The existing custom response results in a 400 instead of the typical
404 which confuses the Terraform provider (and is inconsistent).
 2019-08-07 09:46:45 -07:00
ncabatoff e1f8a82d81
Create test cores with an error injector. (#7243) 
It's created with a 0% error rate, which means it's a no-op, but tests can opt-in to errors when
needed via core.underlyingPhysical.
 2019-08-06 15:21:23 -04:00
Jeff Mitchell 9aadecb074 changelog++ 2019-08-05 22:13:19 -04:00
ncabatoff c1d557144c
Eliminate a race stemming from each core's monitoring goroutine sharing the client for the active node. (#7255) 2019-08-05 21:39:38 -04:00
Jeff Mitchell f7358e66bb Bump sdk/api 2019-08-05 18:03:40 -04:00
Jeff Mitchell a8e9bdaaf4 Bump api's sdk 2019-08-05 18:02:15 -04:00
Jeff Mitchell c9d4e83350 Bump some versions to prep 2019-08-05 17:43:12 -04:00
Matthew Irish 3af3dbd4db
changelog++ 2019-08-05 16:16:59 -05:00
Jason O'Donnell 13ffbcd984
doc: add k8s vault-helm doc (#7193) 
* doc: add k8s vault-helm doc

* Replace TODO with security warning

* Add TLS example

* Add production deployment checklist

* Add kube hardening guide

* Fix link to configuration values

* Update website/source/docs/platform/k8s/helm.html.md

Co-Authored-By: Jim Kalafut <jkalafut@hashicorp.com>

* Update website/source/docs/platform/k8s/helm.html.md

Co-Authored-By: Jim Kalafut <jkalafut@hashicorp.com>

* Update website/source/docs/platform/k8s/helm.html.md

Co-Authored-By: Jim Kalafut <jkalafut@hashicorp.com>

* Update website/source/docs/platform/k8s/helm.html.md

Co-Authored-By: Jim Kalafut <jkalafut@hashicorp.com>

* Fix typo in example

* Update website/source/docs/platform/k8s/helm.html.md

Co-Authored-By: Jim Kalafut <jkalafut@hashicorp.com>

* Update website/source/docs/platform/k8s/helm.html.md

Co-Authored-By: Jim Kalafut <jkalafut@hashicorp.com>

* Update website/source/docs/platform/k8s/helm.html.md

Co-Authored-By: Jim Kalafut <jkalafut@hashicorp.com>

* Remove anchors, add tolerations/selector

* Fix rendering of global configuration

* Fix sidebar navigation and update links

* Add sidebar title to run doc

* Add platform index.html

* Add relative links

* Rename file

* Fix titles

* Add syntax highlighting to examples

* Move platforms in navigation bar
 2019-08-05 17:15:28 -04:00
ncabatoff ffc1b5a9ae
changelog++ 2019-08-05 17:05:26 -04:00
ncabatoff 64b779cfaf
changelog++ 2019-08-05 17:02:37 -04:00
Jeff Mitchell 3126f730a7 changelog++ 2019-08-05 16:58:22 -04:00
ncabatoff f7690d1f6a
Handle TokenType serialized as string or as uint8. (#7233) 2019-08-05 16:51:14 -04:00
ncabatoff 439ea99c83
Follow what documentation says we should do if we're a perf standby and perfstandbyok=true (#7241) 
Follow what documentation says we should do if we're a perf standby and perfstandbyok=true, i.e. return 200 instead of 429.
 2019-08-05 16:44:41 -04:00