Commit Graph

9004 Commits

Author SHA1 Message Date
Jeff Mitchell 4895ff2f9a changelog++ 2018-10-04 09:51:41 -04:00
Konstantinos Tsanaktsidis fb90854233 Fix a panic in MongoDB backend with concurrent create/revoke (#5463)
When Vault is concurrently creating and revoking leases for MongoDB
users as part of the database secrets engine, and then loses connection
to MongoDB, it can panic. This occurrs because the RevokeUser path does
_not_ lock the mutex, but the CreateUser path does. Both threads of
execution can concurently decide to call c.session.Close() in
mongodb/connection_producer.go:119, and then mgo panics when the second
close attempt occurs.
2018-10-04 09:51:08 -04:00
Jeff Mitchell 10d9009eba Remove incorrect api docs text around metadata being supported for identity aliases 2018-10-04 09:09:41 -04:00
Becca Petrin 072d56be95 vendor the desired version of go.uuid (#5458) 2018-10-03 15:30:05 -07:00
Brian Kassouf 2995c06a53
Fix build (#5457) 2018-10-03 14:53:08 -07:00
Jeff 45f3297739 fix doc typo (#5455) 2018-10-03 11:25:57 -07:00
Brian Kassouf 9307ba4b0b
Update Deps (#5454) 2018-10-03 09:55:26 -07:00
Martins Sipenko 2e27e96441 Fix missing > (#5452) 2018-10-03 09:16:36 -04:00
Brian Kassouf fc2e32df7c
Fix identity link (#5449) 2018-10-02 17:45:17 -07:00
Brian Kassouf 6d4346f602
mailto link (#5448) 2018-10-02 17:41:04 -07:00
Becca Petrin 8bfb2a335b alicloud auto-unseal docs (#5446) 2018-10-02 17:21:26 -07:00
Chris Hoffman 6639d015e9
adding upgrade guide (#5447) 2018-10-02 20:18:59 -04:00
Brian Kassouf 8ee9548458
changelog++ 2018-10-02 15:15:46 -07:00
Jeff Mitchell f259e67873
Cut version 0.11.2 2018-10-02 14:43:13 -04:00
Jeff Mitchell 2d908d6962 Fix compile on 32-bit platforms 2018-10-02 14:42:50 -04:00
Jeff Mitchell ec2ab502fc make fmt 2018-10-02 14:30:10 -04:00
Brian Kassouf e44ee5181d prepare for release 2018-10-02 11:21:22 -07:00
Jeff Mitchell 3e981d8802 Update Dockerfile go version 2018-10-02 14:16:05 -04:00
Brian Kassouf bc36d78df1 Update plugins 2018-10-02 11:14:15 -07:00
Chris Hoffman a4a688764a
changelog++ 2018-10-02 13:50:36 -04:00
Matthew Irish 76bb00c5c4
Update yarn version in the cross Dockerfile 2018-10-02 10:56:51 -05:00
Chris Hoffman 8154500255
changelog++ 2018-10-02 11:23:20 -04:00
sk4ry 0fab335eec Add ability to configure the NotBefore property of certificates in role api (#5325)
* Add ability to configure the NotBefore property of certificates in role api

* Update index.html.md

* converting field to time.Duration

* setting default back to 30s

* renaming the parameter not_before_duration to differentiate between the NotBefore datetime on the cert

* Update description
2018-10-02 11:10:43 -04:00
Matthew Irish a105664141
UI - ent fixes (#5430)
* re-add performancestandycode for health api call

* update debounce timeout for namespace input on the auth page

* re-fetch cluster model on successful init

* 500ms for the debounce

* swap auth methods after successful api call so that the auth box doesn't jump around

* move list capability fetch to namespace component and don't use computed queryRecord to fetch it

* convert ed models to JSON so that they're unaffected by store unloading

* serialize with the id for the auth method models

* speed tests back up with different polling while loop

* login flash isn't in the same run loop so no longer needs withFlash
2018-10-02 10:05:34 -05:00
Joel Thompson 6a9e6cc474 Allow specifying role-default TTLs in AWS secret engine (#5138)
* Allow specifying role-default TTLs in AWS secret engine

* Add an acceptance test

* Add docs for AWS secret role-default TTLs

* Rename default_ttl to default_sts_ttl

* Return default_ttl as int64 instead of time.Duration

* Fix broken tests

The merge of #5383 broke the tests due to some changes in the test style
that didn't actually cause a git merge conflict. This updates the tests
to the new style.
2018-10-02 10:14:16 -04:00
Matthew Irish 9f213c976c
changelog++ 2018-10-02 08:59:45 -05:00
Matthew Irish 42d1047a74
UI - token expiration calculation (#5435)
* fix token expiration calculation

* move authenticate to an ember concurrency task

* don't show logged in nav while still on the auth route

* move current tests to integration folder, add unit test for expiration calculation

* fix auth form tests
2018-10-02 08:53:39 -05:00
Nageswara Rao Podilapu e12948593b Update page content with a generic noun (#5444)
This might be a typo, It says `A user may have a client token sent to her` instead it should say `A user may have a client token sent to them`
2018-10-02 09:31:01 -04:00
Brian Kassouf 2ec54c3a0b
Fix seal status tests (#5443) 2018-10-01 18:09:20 -07:00
Calvin Leung Huang 74c50adb58 logical/nomad: Reduce flakiness in prepareTestContainer (#5440) 2018-10-01 17:46:37 -07:00
JohnVonNeumann eba56f3f23 Update operator_init.go (#5441)
Minor grammar fix.
2018-10-01 17:19:13 -07:00
Brian Kassouf 813230ed96
changelog++ 2018-10-01 14:41:30 -07:00
Jim Kalafut 43d498983c
Retry failing migration check instead of exiting (#5427) 2018-10-01 14:35:35 -07:00
Matthew Irish 5a8a12aa58
tweak warning about force promoting replication clusters (#5439) 2018-10-01 16:21:00 -05:00
Brian Kassouf e41b388edd
Update CHANGELOG.md 2018-10-01 14:15:00 -07:00
Saurabh Pal 77e635f7e1 Enable TLS based communication with Zookeeper Backend (#4856)
* The added method customTLSDial() creates a tls connection to the zookeeper backend when 'tls_enabled' is set to true in config

* Update to the document for TLS configuration that is  required to enable TLS connection to Zookeeper backend

* Minor formatting update

* Minor update to the description for example config

* As per review comments from @kenbreeman, additional property description indicating support for multiple Root CAs in a single file has been added

* minor formatting
2018-10-01 14:12:08 -07:00
Brian Kassouf 5f34bbbe6d
Update replication-performance.html.md 2018-10-01 13:59:50 -07:00
Brian Kassouf 45c8894c0d
Update replication-dr.html.md 2018-10-01 13:59:17 -07:00
Matthew Irish 87ed1e4f52
ui - add force option when promoting a replication secondary (#5438) 2018-10-01 15:58:43 -05:00
Brian Kassouf 03cf7958ad
Update replication-dr.html.md 2018-10-01 12:53:20 -07:00
Brian Kassouf e6b337b06f
Update replication-performance.html.md 2018-10-01 12:52:44 -07:00
Calvin Leung Huang 4f1af61bda changelog++ 2018-10-01 12:25:11 -07:00
Becca Petrin d1904e972f Discuss ambient credentials in namespaces (#5431)
* discuss ambient credentials in namespaces

* update aws cred chain description
2018-10-01 15:23:54 -04:00
Calvin Leung Huang 37c0b83669
Add denylist check when filtering passthrough headers (#5436)
* Add denylist check when filtering passthrough headers

* Minor comment update
2018-10-01 12:20:31 -07:00
Brian Kassouf ac8816a7a9
changelog++ 2018-10-01 11:55:27 -07:00
vishalnayak 8e52790db5 Fix PR number for a CL entry 2018-10-01 14:48:05 -04:00
Matthew Irish 984462f22b
UI - fix the top level polling and use ember-concurrency (#5433)
* fix the top level pollling and use ember-concurrency

* make suggested changes
2018-10-01 13:04:34 -05:00
Brian Kassouf 8bf1598bff
changelog++ 2018-10-01 10:49:04 -07:00
Martin 03fb39033f Add support for token passed Authorization Bearer header (#5397)
* Support Authorization Bearer as token header

* add requestAuth test

* remove spew debug output in test

* Add Authorization in CORS Allowed headers

* use const where applicable

* use less allocations in bearer token checking

* address PR comments on tests and apply last commit

* reorder error checking in a TestHandler_requestAuth
2018-10-01 10:33:21 -07:00
Chris Pick 36c20e8e2d Note that GCP auth method needs iam API enabled (#5339)
In addition to the specific permissions that are already mentioned, the project also needs the `iam.googleapis.com` API enabled, otherwise authenticating will fail with an error similar to:

```
Error authenticating: Error making API request.

URL: PUT https://localhost:8200/v1/auth/gcp/login
Code: 400. Errors:

* could not find service account key or Google Oauth cert with given 'kid' id
```
2018-10-01 10:09:32 -07:00