Commit graph

6294 commits

Author SHA1 Message Date
Calvin Leung Huang 40c1c93937 Fix gob register issue when using tls certs on plugins (#3060) 2017-07-26 13:44:07 -04:00
Jeff Mitchell ba9bd5a2c7 Bump timeout in testrace to match that of test to stop Travis errorring. 2017-07-26 13:03:04 -04:00
Lars Lehtonen 72ee5e573c Handle dropped checkok pattern in postgresql package (#3046) 2017-07-26 12:28:02 -04:00
James Phillips 0ab5b0e26b Fixes a typo in the VSI doc. (#3047) 2017-07-26 12:18:52 -04:00
Lars Lehtonen b851d88d68 fix swallowed error in vault package. (#2993) 2017-07-26 12:15:54 -04:00
Xiang Li 7c761b8414 physical: add default timeout for etcd3 requests (#3053) 2017-07-26 12:10:12 -04:00
Jeremy Voorhis 87d4014b6b s/alterate/alternate/ (#3056) 2017-07-26 11:44:06 -04:00
Vishal Nayak a80d7fb9c8 docs: Identity Store (#3055) 2017-07-25 18:33:17 -04:00
Jeff Mitchell 867cbcf965
Cut version 0.8.0-beta1 2017-07-25 17:44:33 -04:00
Calvin Leung Huang c00741d587 Do not send storage on HandleRequest and HandleExistenceCheck on plugins 2017-07-25 16:57:26 -04:00
Jeff Mitchell c18a4faeff Update dockerfile to use debian stable 2017-07-25 16:44:31 -04:00
Jeff Mitchell 87bc982256 Sirupsen->sirupsen 2017-07-25 15:49:10 -04:00
Jeff Mitchell c7e6410c75 Remove uppercase Sirupsen logrus dep 2017-07-25 15:36:14 -04:00
Jeff Mitchell c46d6f1d93 Update version and changelog for 0.8 beta 2017-07-25 15:21:35 -04:00
Chris Hoffman 5fc402ce86 changelog++ 2017-07-25 13:25:21 -04:00
Chris Hoffman b89114b011 root protect /sys/revoke-force/* (#2876) 2017-07-25 11:59:43 -04:00
Chris Hoffman 5cb87e26ef moving client calls to new endpoint (#2867) 2017-07-25 11:58:33 -04:00
Chris Hoffman 62a97ff232 changelog++ 2017-07-23 09:01:34 -04:00
Chris Hoffman 2aa02fb3f0 CockroachDB Physical Backend (#2713) 2017-07-23 08:54:33 -04:00
Calvin Leung Huang 43736b9b19 changelog++ 2017-07-20 14:18:52 -04:00
Calvin Leung Huang c14e7cb8f6 changelog++ 2017-07-20 14:17:00 -04:00
Calvin Leung Huang bb54e9c131 Backend plugin system (#2874)
* Add backend plugin changes

* Fix totp backend plugin tests

* Fix logical/plugin InvalidateKey test

* Fix plugin catalog CRUD test, fix NoopBackend

* Clean up commented code block

* Fix system backend mount test

* Set plugin_name to omitempty, fix handleMountTable config parsing

* Clean up comments, keep shim connections alive until cleanup

* Include pluginClient, disallow LookupPlugin call from within a plugin

* Add wrapper around backendPluginClient for proper cleanup

* Add logger shim tests

* Add logger, storage, and system shim tests

* Use pointer receivers for system view shim

* Use plugin name if no path is provided on mount

* Enable plugins for auth backends

* Add backend type attribute, move builtin/plugin/package

* Fix merge conflict

* Fix missing plugin name in mount config

* Add integration tests on enabling auth backend plugins

* Remove dependency cycle on mock-plugin

* Add passthrough backend plugin, use logical.BackendType to determine lease generation

* Remove vault package dependency on passthrough package

* Add basic impl test for passthrough plugin

* Incorporate feedback; set b.backend after shims creation on backendPluginServer

* Fix totp plugin test

* Add plugin backends docs

* Fix tests

* Fix builtin/plugin tests

* Remove flatten from PluginRunner fields

* Move mock plugin to logical/plugin, remove totp and passthrough plugins

* Move pluginMap into newPluginClient

* Do not create storage RPC connection on HandleRequest and HandleExistenceCheck

* Change shim logger's Fatal to no-op

* Change BackendType to uint32, match UX backend types

* Change framework.Backend Setup signature

* Add Setup func to logical.Backend interface

* Move OptionallyEnableMlock call into plugin.Serve, update docs and comments

* Remove commented var in plugin package

* RegisterLicense on logical.Backend interface (#3017)

* Add RegisterLicense to logical.Backend interface

* Update RegisterLicense to use callback func on framework.Backend

* Refactor framework.Backend.RegisterLicense

* plugin: Prevent plugin.SystemViewClient.ResponseWrapData from getting JWTs

* plugin: Revert BackendType to remove TypePassthrough and related references

* Fix typo in plugin backends docs
2017-07-20 13:28:40 -04:00
Jeff Mitchell 64f9edc5b0 changelog++ 2017-07-18 15:16:14 -04:00
Brian Kassouf b04e0a7a2a Dynamically load and invalidate the token store salt (#3021)
* Dynaically load and invalidate the token store salt

* Pass salt function into the router
2017-07-18 09:02:03 -07:00
Jeff Mitchell e553fe0d99 Bump deps 2017-07-18 10:15:54 -04:00
Joel Thompson 3704751a8f Improve sts header parsing (#3013) 2017-07-18 09:51:45 -04:00
Jeff Mitchell 86fad990da changelog++ 2017-07-18 09:49:48 -04:00
Gobin Sougrakpam 2ddbc4a939 Adding option to set custom vault client timeout using env variable VAULT_CLIENT_TIMEOUT (#3022) 2017-07-18 09:48:31 -04:00
Joel Thompson 53003a5e66 Let AWS auth CLI helper only generate login data (#3015)
* Let AWS auth CLI helper only generate login data

This will be useful to other golang clients so they can manage the login
process themselves.

Also helps for #2855

* Respond to PR feedback
2017-07-18 08:34:48 -04:00
vishalnayak 22bb35b020 doc fix 2017-07-18 04:55:00 -04:00
Chris Hoffman 52a5d1a8e7 fixing Validate() for field data on TypeNameString (#3030) 2017-07-17 13:44:47 -07:00
Calvin Leung Huang 85e82a5070 changelog++ 2017-07-17 15:03:04 -04:00
Calvin Leung Huang c93baed5fe Enforce alphanumeric requirement in RandomAlphaNumeric (#3010)
* Enforce alphanumeric requirement in RandomAlphaNumeric

* credsutil: Update comments and tests from feedback
2017-07-17 14:51:27 -04:00
Chris Hoffman b1b17cc387 Add field type TypeNameString (#3028) 2017-07-17 11:39:58 -07:00
Andy Manoske d82f231753 Update configuration.html.md (#3029) 2017-07-17 14:37:32 -04:00
Jeff Mitchell 77f59142ec changelog++ 2017-07-17 13:06:04 -04:00
Jeff Mitchell 4387871bca Add max_parallel to mssql and postgresql (#3026)
For storage backends, set max open connections to value of max_parallel.
2017-07-17 13:04:49 -04:00
Jeff Mitchell 80eceac6be changelog++ 2017-07-17 11:09:29 -04:00
Joel Thompson de419a6c99 Properly store iam_server_id_header_value (#3014)
In auth/aws/config/client, when only the iam_server_id_header_value was
being updated on an existing config, it wouldn't get stored because I
was trying to avoid unnecessarily flushing the cache of AWS clients, and
the flag to not flush the cache also meant that the updated entry didn't
get written back to the storage. This now adds a new flag for when
other changes occur that don't require flushing the cache but do require
getting written to the storage. It also adds a test for this explicitly.

Fixes #3004
2017-07-17 11:08:57 -04:00
Jeff Mitchell 2c020a0e07 changelog++ 2017-07-17 11:00:02 -04:00
Joel Thompson 06dda97445 Look up proper AWS account ID on aws token renew (#3012)
Also properly handle renewing tokens when bound_iam_principal_arn has a
path component.

Fixes #2990
2017-07-17 10:59:18 -04:00
Jeff Mitchell 9a8d7a76b1 changelog++ 2017-07-17 10:51:18 -04:00
Gobin Sougrakpam 048f2c3ca4 Adding validation for certificates to be proper x509 PEM encoded (#3016) 2017-07-17 10:49:50 -04:00
Seth Vargo ce1808f77d Update Policies and Auth concepts pages (#3011) 2017-07-14 11:15:22 -04:00
Jeff Mitchell ccd782e763 changelog++ 2017-07-14 11:05:51 -04:00
Jeff Mitchell 96dbc98815 Add metrics counters for audit log failures (#3001)
Fixes #2863
2017-07-14 11:03:56 -04:00
Jeff Mitchell 0c77305c6b changelog++ 2017-07-14 11:03:41 -04:00
Jeff Mitchell 98f64e5154 Opportunistically try re-opening file audit fd on error (#2999)
Addresses a pain point from
https://github.com/hashicorp/vault/issues/2863#issuecomment-309434605
2017-07-14 11:03:01 -04:00
Jeff Mitchell cbf48d4e8c changelog++ 2017-07-13 19:07:54 -04:00
Jeff Mitchell 6adee19987 Add approle role name to metadata (#2985) 2017-07-13 19:07:15 -04:00