Commit graph

489 commits

Author SHA1 Message Date
Jeff Mitchell 0425db59ab
Raft chunk snapshotting (#7185)
Support chunking, including snapshot handling
2019-07-24 20:44:13 -04:00
Jeff Mitchell d2a5a3035c Vendor deps 2019-07-24 13:42:50 -04:00
Jeff Mitchell fd376b4bdf Use ChunkingConfigurationStore for raft 2019-07-23 10:59:21 -04:00
Jeff Mitchell 20f2b1097e Updating plugin deps 2019-07-22 12:55:11 -04:00
Jeff Mitchell e88ba8b29b Updating plugin deps 2019-07-19 10:59:39 -04:00
Jeff Mitchell 0811f983be Bump raft and vendoring 2019-07-19 10:40:25 -04:00
Jeff Mitchell 71ea55751b Bump api/sdk 2019-07-09 04:02:10 -04:00
Jeff Mitchell 7144450211 Bump sdk/api 2019-07-08 19:06:16 -04:00
Brian Kassouf 556e8da040
Update vendor directory (#7076) 2019-07-05 17:01:41 -07:00
Brian Kassouf 4d7d0d729a
storage/raft: When restoring a snapshot preseal first (#7011)
* storage/raft: When restoring a snapshot preseal first

* best-effort allow standbys to apply the restoreOp before sealing active node

* Don't cache the raft tls key

* Update physical/raft/raft.go

* Move pending raft peers to core

* Fix race on close bool

* Extend the leaderlease time for tests

* Update raft deps

* Fix audit hashing

* Fix race with auditing
2019-07-03 13:56:30 -07:00
Jeff Mitchell b35aa24c7f Bump auth plugins 2019-07-03 00:47:07 -04:00
Jeff Mitchell 76216398da Bump api/sdk 2019-07-03 00:14:05 -04:00
Jeff Mitchell ab453c0a37 Update api/sdk 2019-07-02 22:18:30 -04:00
Jeff Mitchell 70ee688bbf Bump sdk 2019-07-02 21:02:07 -04:00
Jeff Mitchell 9ca8412add Bump sdk 2019-07-02 21:00:25 -04:00
Jeff Mitchell 9baf59dcdc Update auth plugins 2019-07-02 18:40:41 -04:00
Jeff Mitchell 02120cfe5e Bump api/sdk 2019-07-02 10:25:04 -04:00
Jeff Mitchell 66431f37b0 Bump api/sdk 2019-07-02 09:53:02 -04:00
Jeff Mitchell 3acf65ae12 Bump api/sdk 2019-07-01 18:29:44 -04:00
Jeff Mitchell e691f7a4e9 Bump secrets-ad plugin 2019-07-01 16:14:36 -04:00
Jeff Mitchell bba64f2cca Bump SDK 2019-07-01 16:13:00 -04:00
Jeff Mitchell 369456388e Bump sdk 2019-07-01 08:58:40 -04:00
Jeff Mitchell 09f1b1f483 Bump sdk 2019-06-29 16:36:43 -04:00
Jeff Mitchell eade600ca7 Bump sdk 2019-06-29 14:51:16 -04:00
Jeff Mitchell ff0ba7a926 Bump api/sdk 2019-06-27 18:01:05 -04:00
Michael Gaffney ce9f8a72b6
Bump KV dep 2019-06-27 12:08:11 -04:00
Jeff Mitchell ce9d76c516 Update vendoring 2019-06-23 21:18:45 -04:00
Jeff Mitchell 2dea5185b3 Update vendor 2019-06-23 20:33:45 -04:00
Jeff Mitchell 633a6099f2 Vendor and prep for beta 2019-06-20 23:43:02 -04:00
Jeff Mitchell 3d231d985d Update vendor 2019-06-20 18:12:40 -04:00
Jeff Mitchell 7966231d88
Port some stuff (#6939)
* Port some fixes

* Sync some updates
2019-06-20 16:02:11 -04:00
Jeff Mitchell a68484107e Update vendor 2019-06-20 15:56:24 -04:00
Brian Kassouf ed14061578
Raft Storage Backend (#6888)
* Work on raft backend

* Add logstore locally

* Add encryptor and unsealable interfaces

* Add clustering support to raft

* Remove client and handler

* Bootstrap raft on init

* Cleanup raft logic a bit

* More raft work

* Work on TLS config

* More work on bootstrapping

* Fix build

* More work on bootstrapping

* More bootstrapping work

* fix build

* Remove consul dep

* Fix build

* merged oss/master into raft-storage

* Work on bootstrapping

* Get bootstrapping to work

* Clean up FMS and node-id

* Update local node ID logic

* Cleanup node-id change

* Work on snapshotting

* Raft: Add remove peer API (#906)

* Add remove peer API

* Add some comments

* Fix existing snapshotting (#909)

* Raft get peers API (#912)

* Read raft configuration

* address review feedback

* Use the Leadership Transfer API to step-down the active node (#918)

* Raft join and unseal using Shamir keys (#917)

* Raft join using shamir

* Store AEAD instead of master key

* Split the raft join process to answer the challenge after a successful unseal

* get the follower to standby state

* Make unseal work

* minor changes

* Some input checks

* reuse the shamir seal access instead of new default seal access

* refactor joinRaftSendAnswer function

* Synchronously send answer in auto-unseal case

* Address review feedback

* Raft snapshots (#910)

* Fix existing snapshotting

* implement the noop snapshotting

* Add comments and switch log libraries

* add some snapshot tests

* add snapshot test file

* add TODO

* More work on raft snapshotting

* progress on the ConfigStore strategy

* Don't use two buckets

* Update the snapshot store logic to hide the file logic

* Add more backend tests

* Cleanup code a bit

* [WIP] Raft recovery (#938)

* Add recovery functionality

* remove fmt.Printfs

* Fix a few fsm bugs

* Add max size value for raft backend (#942)

* Add max size value for raft backend

* Include physical.ErrValueTooLarge in the message

* Raft snapshot Take/Restore API  (#926)

* Inital work on raft snapshot APIs

* Always redirect snapshot install/download requests

* More work on the snapshot APIs

* Cleanup code a bit

* On restore handle special cases

* Use the seal to encrypt the sha sum file

* Add sealer mechanism and fix some bugs

* Call restore while state lock is held

* Send restore cb trigger through raft log

* Make error messages nicer

* Add test helpers

* Add snapshot test

* Add shamir unseal test

* Add more raft snapshot API tests

* Fix locking

* Change working to initalize

* Add underlying raw object to test cluster core

* Move leaderUUID to core

* Add raft TLS rotation logic (#950)

* Add TLS rotation logic

* Cleanup logic a bit

* Add/Remove from follower state on add/remove peer

* add comments

* Update more comments

* Update request_forwarding_service.proto

* Make sure we populate all nodes in the followerstate obj

* Update times

* Apply review feedback

* Add more raft config setting (#947)

* Add performance config setting

* Add more config options and fix tests

* Test Raft Recovery (#944)

* Test raft recovery

* Leave out a node during recovery

* remove unused struct

* Update physical/raft/snapshot_test.go

* Update physical/raft/snapshot_test.go

* fix vendoring

* Switch to new raft interface

* Remove unused files

* Switch a gogo -> proto instance

* Remove unneeded vault dep in go.sum

* Update helper/testhelpers/testhelpers.go

Co-Authored-By: Calvin Leung Huang <cleung2010@gmail.com>

* Update vault/cluster/cluster.go

* track active key within the keyring itself (#6915)

* track active key within the keyring itself

* lookup and store using the active key ID

* update docstring

* minor refactor

* Small text fixes (#6912)

* Update physical/raft/raft.go

Co-Authored-By: Calvin Leung Huang <cleung2010@gmail.com>

* review feedback

* Move raft logical system into separate file

* Update help text a bit

* Enforce cluster addr is set and use it for raft bootstrapping

* Fix tests

* fix http test panic

* Pull in latest raft-snapshot library

* Add comment
2019-06-20 12:14:58 -07:00
Becca Petrin 8782f2f8bb revert more unnecessary dep changes 2019-06-19 10:47:25 -07:00
Becca Petrin 75d15ae627 revert unnecessary dep updates from bad merge 2019-06-19 10:43:09 -07:00
Becca Petrin ab156603bd merge master 2019-06-19 10:24:45 -07:00
Becca Petrin 8bbf6e6fc3 update to latest plugin dependencies 2019-06-19 10:04:49 -07:00
Jeff Mitchell 659f97a0b7 Update api and sdk to remove direct gogo dep 2019-06-18 14:51:13 -04:00
Jeff Mitchell 1e5398efb3 Update api/sdk in main repo 2019-06-18 12:24:15 -04:00
Jeff Mitchell 6ddac3ad33 Bump api/sdk dep 2019-06-18 11:19:15 -04:00
Becca Petrin 17a682da40 Merge branch 'opensource-master' into add-elasticsearch-auth 2019-06-17 11:12:51 -07:00
Jeff Mitchell 51f3d3137f Update vendoring and api/sdk 2019-06-14 14:29:16 -04:00
Jeff Mitchell 402ba1b0f0
Tokenhelper v2 (#6662)
This provides an sdk util for common token fields and parsing and plumbs it into token store roles.
2019-06-14 10:17:04 -04:00
Jeff Mitchell 4c9125c4e6 Update vendoring 2019-06-13 13:41:18 -04:00
Becca Petrin 5b9d49fc2d add elasticsearch database engine 2019-06-10 09:19:11 -07:00
Becca Petrin 66aaa46588 add PCF auth method, agent, and cli handler 2019-06-06 12:26:04 -07:00
Jeff Mitchell 6d71da0401 Update vendoring 2019-06-06 13:51:34 -04:00
Lexman 9aa4662cec transit cache is an Interface implemented by wrapped versions of sync… (#6225)
* transit cache is an Interface implemented by wrapped versions of syncmap and golang-lru

* transit cache is an Interface implemented by wrapped versions of syncmap and golang-lru

* changed some import paths to point to sdk

* Apply suggestions from code review

Co-Authored-By: Lexman42 <Lexman42@users.noreply.github.com>

* updates docs with information on transit/cache-config endpoint

* updates vendored files

* fixes policy tests to actually use a cache where expected and renames the struct and storage path used for cache configurations to be more generic

* updates document links

* fixed a typo in a documentation link

* changes cache_size to just size for the cache-config endpoint
2019-06-04 15:40:56 -07:00
Jeff Mitchell 51eae6c3c1 Bump AWS plugin again 2019-05-28 17:37:47 -04:00
Joel Thompson 98ee4b84b4 Bump AWS SDK dependency to latest (#6788)
Also pull the latest into the local vendor
2019-05-28 16:36:32 -05:00
tonyd 0570966cb9 Allow logical backends access to the disabled state of an entity (#6791)
* Allow logical backends access to the disabled state of an entity via SystemView.EntityInfo().

* Add generated file in vendor directory.
2019-05-28 16:31:50 -05:00
Jeff Mitchell 1943cc7380 Update vendor 2019-05-23 10:44:19 -04:00
Patrick Hayes 359dbfc092 Maximum typo in Vault UI (#6743) 2019-05-16 08:44:34 +02:00
Jeff Mitchell 87cb8a032f Update to use newer sdk 2019-05-15 09:22:48 -04:00
Jeff Mitchell c4075fffc0 Vendoring updated grpc 2019-05-13 16:20:10 -04:00
Jeff Mitchell f09ddbc30b Update mod vendor
Closes #6711
2019-05-09 21:14:28 -04:00
Lexman fedc1a29fe
fixes circle_ci_go-mod-vendor-check (#6704) 2019-05-08 17:04:26 -07:00
mgritter 39ca69b3bc Update vendor directory with SDK changes. 2019-05-06 13:50:56 -07:00
Jim Kalafut a4755ec076
Update SDK vendor (#6669) 2019-05-01 18:48:12 -07:00
Jeff Mitchell e8a9d47aca
Port over some SP v2 bits (#6516)
* Port over some SP v2 bits

Specifically:

* Add too-large handling to Physical (Consul only for now)
* Contextify some identity funcs
* Update SP protos

* Add size limiting to inmem storage
2019-05-01 13:47:41 -04:00
Brian Kassouf 04d0ddfdae
Add mount UUID to the secret and auth list API responses (#6633) 2019-04-24 12:27:43 -07:00
Jeff Mitchell fe8ead5f2d go mod tidy and go mod vendor 2019-04-23 20:58:55 -04:00
Jeff Mitchell 9a7eb54a68 Merge branch '1.1.2' into master-oss 2019-04-18 18:49:49 -04:00
Brian Kassouf 43783a5dca
Move cluster logic out of vault package (#6601)
* Move cluster logic out of vault package

* Dedup heartbeat and fix tests

* Fix test
2019-04-17 13:50:31 -07:00
Brian Kassouf 4372625411 Update kv deps 2019-04-16 09:43:52 -07:00
Jeff Mitchell 6eaab11ab4 Bump secrets-gcp version 2019-04-15 17:54:29 -04:00
Jeff Mitchell b2bbd32f3b Update vendoring 2019-04-15 14:59:52 -04:00
Jeff Mitchell 1442cb8912 Update vendor 2019-04-15 09:29:25 -04:00
Jeff Mitchell 9ebc57581d
Switch to go modules (#6585)
* Switch to go modules

* Make fmt
2019-04-13 03:44:06 -04:00
Jeff Mitchell e922b70e89 Remove unneeded consul dep 2019-04-13 02:22:03 -04:00
Jeff Mitchell b9d4209280 Remove consul lib dep 2019-04-13 02:12:31 -04:00
Jeff Mitchell 80c303ac83 Move ldaputil and tlsutil over to sdk 2019-04-12 18:26:54 -04:00
Jeff Mitchell 371db36ede Move useragent to sdk 2019-04-12 18:17:49 -04:00
Jeff Mitchell a1796b3ece Move password to sdk 2019-04-12 18:12:13 -04:00
Jeff Mitchell 8d6ce1ffb5 Move policyutil to sdk 2019-04-12 18:08:46 -04:00
Jeff Mitchell 7ca424e8d2 Move cidrutil to sdk 2019-04-12 18:03:59 -04:00
Jeff Mitchell 8bcb533a1b
Create sdk/ and api/ submodules (#6583) 2019-04-12 17:54:35 -04:00
Jeff Mitchell 4e7ce6f42b
Update deps (#6580)
* Update deps

* Change azure dep to match plugin
2019-04-12 11:51:37 -04:00
Jeff Mitchell 673dcfe49f Update gcp plugin and changelog 2019-04-09 16:42:25 -04:00
Jeff Mitchell ab49700759 Update gcp secrets plugin 2019-04-09 16:39:29 -04:00
Jim Kalafut 540cb8b288
Update jwt plugin dep (#6556) 2019-04-09 12:49:44 -07:00
Jim Kalafut a2fb526a38
Update jwt plugin dep (#6543) 2019-04-05 15:42:15 -07:00
Jeff Mitchell 900bbf5113 Pull JWT auth plugin and update CL 2019-04-05 09:24:43 -04:00
Jeff Mitchell a2c6022010 Update kv dep 2019-04-04 17:27:13 -04:00
Jeff Mitchell c076c8429f Update kv deps 2019-04-04 16:54:10 -04:00
Brian Kassouf 4b5092b375 Pull in updates 2019-04-02 16:37:44 -07:00
Jeff Mitchell 312a4c4702 Update go-jose 2019-04-01 17:55:07 -04:00
Jeff Mitchell f8db986144 Update plugins 2019-04-01 16:31:15 -04:00
Jim Kalafut 6e9faa74cd
Fix OpenAPI cleanResponse and test (#6454)
Add missing Headers field, along with a test to detect changes.

The custom decoder test should be ensuring only that the resulting
OpenAPI JSON outputs are equal. Updating the go-test deep library
reveals the error.
2019-03-26 11:08:56 -05:00
Jeff Mitchell 112fb393b8 Bump plugins now that they don't need Sermo 2019-03-20 17:50:06 -04:00
Jeff Mitchell 6797e21f54
Migrate from SermoDigital go Square JOSE (#6445) 2019-03-20 14:54:03 -04:00
Brian Kassouf 90ba293a53 Update kv plugin 2019-03-18 11:14:41 -07:00
Brian Kassouf 609076ae4b update kv plugin 2019-03-15 12:49:31 -07:00
Brian Kassouf 9acbebd376 Upgrade kv plugin 2019-03-15 12:06:17 -07:00
Brian Kassouf 777e7766ca Update plugins 2019-03-15 10:19:26 -07:00
Jim Kalafut 868b73bd8d
Update JWT plugin (#6415) 2019-03-14 14:18:09 -07:00
Jim Kalafut 1274a8d3d4
Update JWT plugin dependency and docs (#6345) 2019-03-05 09:46:04 -08:00
Brian Kassouf ad3605e657
Revert "filtered-path endpoint (#6132)" (#6337)
This reverts commit dfdbb0bad975fab447f49766baaa5a6c956f8e3d.
2019-03-04 14:08:21 -08:00
ncabatoff 8814fe1ba5 filtered-path endpoint (#6132)
* First pass at filtered-path endpoint.  It seems to be working, but there are tests missing, and possibly some optimization to handle large key sets.

* Vendor go-cmp.

* Fix incomplete vendoring of go-cmp.

* Improve test coverage.  Fix bug whereby access to a subtree named X would expose existence of a the key named X at the same level.

* Add benchmarks, which showed that hasNonDenyCapability would be "expensive" to call for every member of a large folder.  Made a couple of minor tweaks so that now it can be done without allocations.

* Comment cleanup.

* Review requested changes: rename some funcs, use routeCommon instead of
querying storage directly.

* Keep the same endpoint for now, but move it from a LIST to a POST and allow multiple paths to be queried in one operation.

* Modify test to pass multiple paths in at once.

* Add endpoint to default policy.

* Move endpoint to /sys/access/filtered-path.
2019-03-04 11:04:29 -08:00
Michel Vocks f2d022ac20
Print warning when 'tls_cipher_suites' includes blacklisted cipher suites (#6300)
* Implemented a warning when tls_cipher_suites includes only cipher suites which are not supprted by the HTTP/2 spec

* Added test for cipher suites

* Added hard fail on startup when all defined cipher suites are blacklisted. Added warning when some ciphers are blacklisted.

* Replaced hard failure with warning. Removed bad cipher util function and replaced it by external library.

* Added missing dependency. Fixed renaming of package name.
2019-03-01 16:48:06 +01:00