Commit graph

1003 commits

Author SHA1 Message Date
Jeff Mitchell f2282247ef Add seal cache purging back into postUnseal 2017-02-28 18:36:28 -05:00
Jeff Mitchell 09543dceeb Rejig core standby logic to check validity of barrier during active transition 2017-02-28 18:17:30 -05:00
Jeff Mitchell 7f0a99e8eb Add max/min wrapping TTL ACL statements (#2411) 2017-02-27 14:42:00 -05:00
Jeff Mitchell 2cc0906b33 Fix breakage for HTTP2 support due to changes in wrapping introduced in 1.8 (#2412) 2017-02-27 12:49:35 -05:00
Jeff Mitchell 8091a10c38 Make rollback attempts trace level instead of debug level 2017-02-27 09:41:56 -05:00
Jeff Mitchell b29861f7bb Do some porting to make diffing easier 2017-02-24 10:45:29 -05:00
Jeff Mitchell 4e045d000c Create upgrade path for cubbyhole's local status 2017-02-24 10:05:44 -05:00
Jeff Mitchell 0e1b1e33be Add comment around not allowing users to create JWT wrapping tokens 2017-02-22 11:13:40 -05:00
Brian Kassouf 9a9b89f16f Update confusing comment 2017-02-21 16:06:00 -08:00
Brian Kassouf dd5b541db6 Added test for the empty values array case 2017-02-21 16:02:00 -08:00
Brian Kassouf a25132cec4 On merge favor values that have additive privileges 2017-02-21 15:53:27 -08:00
Brian Kassouf 9ec8dd3d17 PR feedback 2017-02-21 15:02:39 -08:00
Brian Kassouf f992103615 Merge branch 'master' into acl-parameters-permission 2017-02-21 14:46:06 -08:00
Jeff Mitchell 496420a5ab Make cubbyhole local instead of replicated. (#2397)
This doesn't really change behavior, just what it looks like in the UX.
However, it does make tests more complicated. Most were fixed by adding
a sorting function, which is generally useful anyways.
2017-02-18 13:51:05 -05:00
Jeff Mitchell 4a966726e5 Make reindex a root path as well 2017-02-16 23:36:06 -05:00
Jeff Mitchell f3bee3550c Remove now-unnecessary stanza from default policy 2017-02-16 23:30:38 -05:00
Jeff Mitchell 674a0a48bf Fix rep path fetching method into a function 2017-02-16 23:23:21 -05:00
Jeff Mitchell f37b6492d1 More rep porting (#2391)
* More rep porting

* Add a bit more porting
2017-02-16 23:09:39 -05:00
Brian Kassouf 1c5264c66c ToLower parameter strings 2017-02-16 17:50:10 -08:00
Jeff Mitchell 494b4c844b More porting from rep (#2389)
* More porting from rep

* Address feedback
2017-02-16 20:13:19 -05:00
Brian Kassouf 07799f665d Simplify the merging of two policies 2017-02-16 16:30:08 -08:00
Brian Kassouf 7229bdfd38 Remove debug code 2017-02-16 16:14:30 -08:00
Brian Kassouf 136730cb01 Update logic to fix a few edge cases: 2017-02-16 15:20:11 -08:00
Jeff Mitchell c81582fea0 More porting from rep (#2388)
* More porting from rep

* Address review feedback
2017-02-16 16:29:30 -05:00
Jeff Mitchell 0c39b613c8 Port some replication bits to OSS (#2386) 2017-02-16 15:15:02 -05:00
Jeff Mitchell 0a9a6d3343 Move ReplicationState to consts 2017-02-16 13:37:21 -05:00
Brian Kassouf 13ec9c5dbf Load leases into the expiration manager in parallel (#2370)
* Add a benchmark for exiration.Restore

* Add benchmarks for consul Restore functions

* Add a parallel version of expiration.Restore

* remove debug code

* Up the MaxIdleConnsPerHost

* Add tests for etcd

* Return errors and ensure go routines are exited

* Refactor inmem benchmark

* Add s3 bench and refactor a bit

* Few tweaks

* Fix race with waitgroup.Add()

* Fix waitgroup race condition

* Move wait above the info log

* Add helper/consts package to store consts that are needed in cyclic packages

* Remove not used benchmarks
2017-02-16 10:16:06 -08:00
Brian Kassouf 8d880f5181 Remove duplicate test case 2017-02-15 22:38:33 -08:00
Brian Kassouf f1d5b60b97 s/has/has been/ 2017-02-15 22:19:35 -08:00
Brian Kassouf c80593387c Remove unnecessary else condition 2017-02-15 22:18:20 -08:00
Brian Kassouf c9ae260cdf Merge branch 'acl-parameters-permission' of github.com:hashicorp/vault into acl-parameters-permission 2017-02-15 22:13:28 -08:00
Brian Kassouf 24d8710233 Fix the issue of returning on the first paramater check. Added tests for this case. 2017-02-15 22:13:18 -08:00
Jeff Mitchell 978772a47a Merge branch 'master-oss' into acl-parameters-permission 2017-02-16 00:46:40 -05:00
Jeff Mitchell e60b24431a Fix audit test and make audited headers more robust in map checks 2017-02-16 00:44:20 -05:00
Jeff Mitchell da9e62bc24 Remove "permissions" from ACL 2017-02-15 21:12:26 -05:00
Jeff Mitchell 51f7114648 Merge branch 'master-oss' into acl-parameters-permission 2017-02-15 20:37:58 -05:00
Jeff Mitchell acb7391b12 Compare headers case-insensitively for auditing
Fixes #2362
2017-02-15 20:35:35 -05:00
Jeff Mitchell 2fd59ad308 Merge branch 'master-oss' into acl-parameters-permission 2017-02-08 01:59:52 -05:00
Jeff Mitchell 4b2b28e085 Push test functions to a var for overriding 2017-02-07 20:44:31 -05:00
Jeff Mitchell f1cfb060f6 Remove errant unlock of state lock 2017-02-07 11:08:52 -05:00
Jeff Mitchell ddc977ba52 Add debug (#2341) 2017-02-06 18:30:13 -05:00
Jeff Mitchell 67f96bc64e Rejig check for HA/Sealed in Leader to check for sealed first. (#2342)
Fixes #2334
2017-02-06 18:29:56 -05:00
Brian Kassouf 8ef4bc32dd Update the help text for auditing headers (#2330)
* Update the help text for auditing headers

* Update help name
2017-02-03 10:08:31 -08:00
Jeff Mitchell 6c02e9357a Update protos 2017-02-02 16:20:32 -05:00
Brian Kassouf 6701ba8a10 Configure the request headers that are output to the audit log (#2321)
* Add /sys/config/audited-headers endpoint for configuring the headers that will be audited

* Remove some debug lines

* Add a persistant layer and refactor a bit

* update the api endpoints to be more restful

* Add comments and clean up a few functions

* Remove unneeded hash structure functionaility

* Fix existing tests

* Add tests

* Add test for Applying the header config

* Add Benchmark for the ApplyConfig method

* ResetTimer on the benchmark:

* Update the headers comment

* Add test for audit broker

* Use hyphens instead of camel case

* Add size paramater to the allocation of the result map

* Fix the tests for the audit broker

* PR feedback

* update the path and permissions on config/* paths

* Add docs file

* Fix TestSystemBackend_RootPaths test
2017-02-02 11:49:20 -08:00
Jeff Mitchell 47274eca88 Add cleanup functions to multiple DB backends. (#2313)
Ensure it's called on unmount, not just for seal.
2017-02-01 14:05:25 -05:00
Jeff Mitchell 67410ab230 Make TLS 1.2 *explicitly* required for cluster communications 2017-01-31 13:30:25 -05:00
Brian Kassouf 3c0de664a4 Fix keyring test 2017-01-24 12:58:14 -08:00
Jeff Mitchell 061bd6012d Fix keyring copypasta test failure 2017-01-24 14:00:13 -05:00
Jeff Mitchell 31ce37188b Fix keyring tests, working around Go nil timezone bug in DeepEqual
See https://github.com/golang/go/issues/10089
2017-01-24 12:33:28 -05:00