Commit graph

9620 commits

Author SHA1 Message Date
Jeff Mitchell 4dfb25927a Make useCache explicit everywhere in lock manager (#6035)
* Make useCache explicit everywhere in lock manager

This also clears up a case where we could insert into the cache when it
wasn't active

* Address feedback
2019-01-14 08:58:03 -08:00
Jeff Mitchell c07c946b7b changelog++ 2019-01-10 20:00:52 -05:00
Jeff Mitchell 28bd394d8b
Fix a couple of instances where we are using LIST verb (#6026)
* Fix a couple of instances where we are using LIST verb

We specify it for the wrapping lookup function but for broader
compatibility with proxies and such we want to filter it to a GET. In a
couple of places we weren't doing that, so this updates those locations.
2019-01-10 19:57:00 -05:00
Jim Kalafut 960eb45014
Remove unnecessary permission 2019-01-10 16:18:10 -08:00
Brian Kassouf ee5730ab59
changelog++ 2019-01-10 11:50:46 -08:00
Seth Vargo e726f13957 Simplify permission requirements for GCP things (#6012) 2019-01-10 10:05:21 -08:00
Matthew Irish 4bb4166276
changelog++ 2019-01-10 11:23:50 -06:00
Matthew Irish fd3f031d41
UI - only look for data.keys if it's not a queryRecord request on secrets (#6023) 2019-01-10 11:18:29 -06:00
Matthew Irish bd284b5868
UI - kv save error (#6022)
* don't prevent model save when the model is in the error state on secrets creation

* add test
2019-01-10 10:37:25 -06:00
Dilan Bellinghoven f9dacbf221 Add docker-credential-vault-login to Third-Party Tools (#6003)
* Added Docker credential helper to list of Third-Party tools

* website/source/api/relatedtools.html.md: Fixed a typo
2019-01-10 10:46:18 -05:00
Yoko 9a4de34dce Allowed characters in paths (#6015) 2019-01-10 10:39:20 -05:00
vishalnayak 09a79422e6 changelog++ 2019-01-10 10:27:28 -05:00
ncabatoff e78ca24d17 Instead of using the (nil) err, use the non-nil newCtErr for ctErr. (#5841) 2019-01-09 17:39:58 -08:00
nathan r. hruby bfcf30fc72 add influx plugin (#6021) 2019-01-09 17:25:40 -08:00
Vishal Nayak 0c30f46587
Add option to configure ec2_alias values (#5846)
* Add option to configure ec2_alias values

* Doc updates

* Fix overwriting of previous config value

* s/configEntry/config

* Fix formatting

* Address review feedback

* Address review feedback
2019-01-09 18:28:29 -05:00
Calvin Leung Huang a13f36049a changelog++ 2019-01-09 12:07:45 -08:00
Vishal Nayak 1119f47e13 Cubbyhole cleanup (#6006)
* fix cubbyhole deletion

* Fix error handling

* Move the cubbyhole tidy logic to token store and track the revocation count

* Move fetching of cubby keys before the tidy loop

* Fix context getting cancelled

* Test the cubbyhole cleanup logic

* Add progress counter for cubbyhole cleanup

* Minor polish

* Use map instead of slice for faster computation

* Add test for cubbyhole deletion

* Add a log statement for deletion

* Add SHA1 hashed tokens into the mix
2019-01-09 10:53:41 -08:00
Matthew Irish c31671ce04
Bug fix - ui context menu (#6018)
* add dot-to-dash helper

* fix context menu on policy page and add test for deletion

* use dot-to-dash where we use confirm component

* fix acceptance test
2019-01-09 12:30:19 -06:00
ncabatoff 3e3498073e Fix #5973 on windows by disregarding errors when querying legacy cert path. (#6013) 2019-01-08 18:08:21 -08:00
Yoko 0a97f95ff4
Document upper limit on Transit encryption size (#6014) 2019-01-08 17:57:43 -08:00
Brian Kassouf b002915af3
remove extra comment 2019-01-08 17:28:07 -08:00
Giacomo Tirabassi 0d3845c537 Influxdb secret engine built-in plugin (#5924)
* intial work for influxdb secret plugin

* fixed typo

* added comment

* added documentation

* added tests

* fixed tests

* added vendoring

* minor testing issue with hardcoded values

* minor fixes
2019-01-08 17:26:16 -08:00
Jim Kalafut 84fe48b6f9
Support for AllowedValues in FieldSchema (#6008)
Currently used for enum output in OpenAPI.
2019-01-08 16:50:24 -08:00
Jim Kalafut d0e2badbae Run goimports across the repository (#6010)
The result will still pass gofmtcheck and won't trigger additional
changes if someone isn't using goimports, but it will avoid the
piecemeal imports changes we've been seeing.
2019-01-08 16:48:57 -08:00
Jim Kalafut deb1c6b10b
changelog++ 2019-01-08 09:05:42 -08:00
Julien Blache 91d432fc85 FoundationDB backend TLS support and housekeeping (#5800)
* Fix typo in documentation

* Update fdb-go-install.sh for new release tags

* Exclude FoundationDB bindings from vendoring, delete vendored copy

FoundationDB bindings are tightly coupled to the server version and
client library version used in a specific deployment. Bindings need
to be installed using the fdb-go-install.sh script, as documented in
the foundationdb backend documentation.

* Add TLS support to FoundationDB backend

TLS support appeared in FoundationDB 5.2.4, raising the minimum API version
for TLS-aware FoundationDB code to 520.

* Update documentation for FoundationDB TLS support
2019-01-08 09:01:44 -08:00
Seth Vargo 46cbfb0e4b Fix formatting (#6009)
The new markdown parser is less forgiving
2019-01-08 08:51:37 -08:00
Calvin Leung Huang 21dc5a72bf changelog++ 2019-01-07 09:41:34 -08:00
Pierre-Alain TORET f3143d6cc6 Allow to build on DragonFlyBSD (#5950) 2019-01-07 09:06:51 -08:00
Jeff Escalante a22275d4e0 remove extra analytics page call (#5997) 2019-01-07 11:18:55 -05:00
Thomas Kula 4265579aaa Fix small typo in azure.html.md (#6004) 2019-01-07 10:03:22 -05:00
Aric Walker c065b46f42 Remove duplicate "Users can" from policy md (#6002) 2019-01-07 07:02:28 -08:00
Chris Hoffman fd64a9364d
changelog++ 2019-01-04 16:32:04 -05:00
Chris Hoffman 84cfc445c3
changelog++ 2019-01-04 16:31:30 -05:00
Seth Vargo c3f1043c24 Reduce required permissions for the GCPCKMS auto-unsealer (#5999)
This changes the behavior of the GCPCKMS auto-unsealer setup to attempt
encryption instead of a key lookup. Key lookups are a different API
method not covered by roles/cloudkms.cryptoKeyEncrypterDecrypter. This
means users must grant an extended scope to their service account
(granting the ability to read key data) which only seems to be used to
validate the existence of the key.

Worse, the only roles that include this permission are overly verbose
(e.g. roles/viewer which gives readonly access to everything in the
project and roles/cloudkms.admin which gives full control over all key
operations). This leaves the user stuck between choosing to create a
custom IAM role (which isn't fun) or grant overly broad permissions.

By changing to an encrypt call, we get better verification of the unseal
permissions and users can reduce scope to a single role.
2019-01-04 16:29:31 -05:00
Jeff Mitchell 55d25b85ae changelog++ 2019-01-04 15:08:37 -05:00
Jeff Mitchell c8a029210b
Don't read AWS env vars (#5974)
* Don't read AWS env vars

Let AWS SDK env cred chain provider do it for us

Fixes #5965
2019-01-04 15:03:57 -05:00
Jeff Mitchell e11c7966fa
Change credential_types output to credential_type (#5975)
Fixes #5972
2019-01-04 14:49:53 -05:00
Jim Kalafut 347d481930
Add tests for OpenAPI operation ids (#5998) 2019-01-04 11:46:54 -08:00
Seth Vargo 1917bb406d Fix audit docs (#6000)
These appear to have been converted to (bad) HTML. This returns them to
their original markdown format.
2019-01-04 13:45:50 -06:00
Iain Gray ecdacbb90a Update DG to Vault 1.0 (#5855)
* Update DG to Vault 1.0

* as per comments  - chrishoffman

* Removed stray bracket and added quotes

* updated as per conversations with Dan
2019-01-03 10:10:37 -05:00
bjorndolk 4dbe61568a Physical postgres docker test (#5926)
* Docker support for postgres backend testing

* Bug in handling of postgres connection url for non docker testing

* Test should fail if it cannot retrieve pg version

* internal helperfunctions pascalCasing
2019-01-03 09:25:32 -05:00
Mike Wickett 46576acff3 website: add print styles for docs (#5958) 2019-01-03 09:24:10 -05:00
Graham Land 2e92372710 Docs: Add Auto Unseal Rekey example (#5952)
* Add KMS Rekey example

I've had customers looking for AWS KMS rekeying examples today - when using pgp keys.
This example would have clarified what they needed to do.

* Replaced KMS reference with Auto Unseal

``` bash
Rekey an Auto Unseal vault and encrypt the resulting recovery keys with PGP:
```
2019-01-03 09:23:43 -05:00
Chris Hoffman aa59563df5
changelog++ 2019-01-03 09:21:49 -05:00
Becca Petrin d7f31fe5e4
Merge pull request #5892 from jen20/jen20/dynamodb-capacity-doc
docs: Clarify the utility of DynamoDB capacities
2018-12-20 11:54:26 -08:00
Matthew Irish 0b2a63a6a3
UI secret navigation improvements (#5976)
* don't pass id when using createRecord

* add find nearest ancestor mixin

* re-throw the error if we've deleted something and encounter a 404

* use the with-nav-to-nearest-ancestor mixin

* add some comments

* add acceptance test to verify new behavior

* yield final transition in ec task
2018-12-20 13:46:37 -06:00
Pawel Gorczynski 953be252cd Extended info message regarding VAULT_ADDR env variable for Windows when running server -dev (#5970)
* Improved info message for Windows when running `server -dev`

Improvement for https://github.com/hashicorp/vault/issues/3405

* output updated to:

You may need to set the following environment variable:
PowerShell:
    $env:VAULT_ADDR="http://127.0.0.1:8200"
cmd.exe:
    set VAULT_ADDR=http://127.0.0.1:8200
2018-12-20 10:27:21 -08:00
Noelle Daley d74589989c
fix policies sidebar title (#5980) 2018-12-20 09:34:03 -08:00
Becca Petrin d108843a0a
Merge pull request #5947 from hmalphettes/master
Docs: JWT API - List Roles: fix the path
2018-12-20 09:15:57 -08:00