Commit graph

10154 commits

Author SHA1 Message Date
Jeff Mitchell 2f9a7c6203
Add more perf standby guards (#6149) 2019-02-01 16:56:57 -05:00
Brian Kassouf aaca35be94
Updates to recovery keys (#6152) 2019-02-01 11:29:55 -08:00
Yoko a9392f9840
Adding a mention for 'kv-v2' as type (#6151) 2019-02-01 11:26:08 -08:00
Jeff Mitchell bbc1d53a5d Revert "Refactor common token fields and operations into a helper (#5953)"
This reverts commit 66c226c593bb1cd48cfd8364ac8510cb42b7d67a.
2019-02-01 11:23:40 -05:00
Jeff Mitchell adccccae69 Update example output for PKI serial -> serial_number
Fixes #6146
2019-02-01 10:29:34 -05:00
Jeff Mitchell b2cc9ebd3a Remove regenerate-key docs as it no longer exists 2019-02-01 09:29:40 -05:00
Jeff Mitchell b94c29a8a1 Update go-ldap to fix #6135 2019-01-31 17:07:25 -05:00
Jeff Mitchell 1a6580039c Add npm to apt-get command 2019-01-31 15:56:04 -05:00
Joel Thompson 33400e6e99 Fix typo in help text (#6136)
Small typo introduced in #6133
2019-01-31 08:53:54 -08:00
Jeff Mitchell 27c960d8df
Split SubView functionality into logical.StorageView (#6141)
This lets other parts of Vault that can't depend on the vault package
take advantage of the subview functionality.

This also allows getting rid of BarrierStorage and vault.Entry, two
totally redundant abstractions.
2019-01-31 09:25:18 -05:00
Jim Kalafut b98cc2e2cf
Add json.Number handling to TypeHeader (#6134)
Fixes #6131
2019-01-30 15:24:39 -08:00
Jeff Mitchell 85a560abba
Refactor common token fields and operations into a helper (#5953) 2019-01-30 16:23:28 -05:00
Jeff Mitchell 3592bfdcb0 changelog++ 2019-01-30 16:22:25 -05:00
Jeff Mitchell d8b0015d71 Add role ID to token metadata and internal data 2019-01-30 16:17:31 -05:00
Jeff Mitchell 47accf8086 Add role_id as an alias name source for AWS and change the defaults 2019-01-30 15:51:45 -05:00
Donald Guy 4363453017 Docs: Azure auth example using metadata service (#6124)
There are probably better ways to massage this but I think it would be helpful to have something like this included
2019-01-30 12:13:39 -08:00
nathan r. hruby ef43617efd
Merge pull request #6130 from hashicorp/nrh/website-gems
Fix Website Gems
2019-01-30 11:58:49 -07:00
nathan r. hruby a643664c5b bump dato and rack to fix website builds 2019-01-30 11:10:49 -07:00
Jim Kalafut 7842e320aa
Add fields to support UI/display uses, along with OpenAPI mappings (#6082) 2019-01-29 15:35:37 -08:00
Matthias Bartelmeß 0cb766d4dd Typo in mongodb engine (#6125) 2019-01-29 11:44:45 -08:00
Jeff Mitchell 553fd083d2 Bump Dockerfile Go version 2019-01-29 13:43:29 -05:00
Jeff Mitchell 3bb381720f Allow devel in go version check and bump to 1.11 2019-01-29 11:27:04 -05:00
Matthew Irish 81f52d3c7f
changelog++ 2019-01-29 09:45:54 -06:00
Matthew Irish b777906fee
add entity lookup to the default policy (#6105)
* add entity lookup to the default policy

* only use id for lookup

* back in with name
2019-01-29 09:43:59 -06:00
Jeff Mitchell 4b3e611fd6 changelog++ 2019-01-29 00:53:01 -05:00
Noelle Daley 0aa0e0fe1d
UI/gate wizard (#6094)
* check for capabilities when finding matching paths

* disable wizard items that user does not have access to

* make hasPermissions accept an array of capabilities

* refactor features-selection

* fix tests

* implement feedback
2019-01-28 14:49:25 -08:00
Brian Shumate 2337df4b2b Update documentation for command operator unseal (#6117)
- Add migrate command option
2019-01-28 10:27:51 -05:00
Jeff Mitchell 39e14b9083 Force circonus v2 as directed by them 2019-01-28 10:27:02 -05:00
Jeff Mitchell 928698fce5 Update update deps script 2019-01-26 18:43:35 -05:00
Jeff Mitchell 40ff476664 changelog++ 2019-01-26 16:48:53 -05:00
Gordon Shankman cd2f7bbde8 Adding support for SSE in the S3 storage backend. (#5996) 2019-01-26 16:48:08 -05:00
Jeff Mitchell 3032dfd5c3 changelog++ 2019-01-25 14:11:58 -05:00
Jeff Mitchell e781ea3ac4
First part of perf standby entity race fix (#6106) 2019-01-25 14:08:42 -05:00
Jeff Mitchell 1f57e3674a Move a common block up a level 2019-01-24 18:29:22 -05:00
Calvin Leung Huang 34af3daeb0 docs: update agent sample config (#6096) 2019-01-24 07:25:03 -05:00
Becca Petrin df24d204ba Convert MSSQL tests to Docker (#6095)
* create working mssql docker container

* update tests
2019-01-24 07:24:31 -05:00
Jeff Mitchell 6d22f3fc2e minor linting change 2019-01-23 17:19:06 -05:00
Jeff Mitchell 94e56d964f Fix build 2019-01-23 16:52:51 -05:00
Jeff Mitchell 0874b552cb Fix build 2019-01-23 16:52:06 -05:00
Jeff Mitchell 42253deac3 changelog++ 2019-01-23 16:35:56 -05:00
Seth Vargo 98ad431d6d Continuously attempt to unseal if sealed keys are supported (#6039)
* Add helper for checking if an error is a fatal error

The double-double negative was really confusing, and this pattern is used a few places in Vault. This negates the double negative, making the devx a bit easier to follow.

* Check return value of UnsealWithStoredKeys in sys/init

* Return proper error types when attempting unseal with stored key

Prior to this commit, "nil" could have meant unsupported auto-unseal, a transient error, or success. This updates the function to return the correct error type, signaling to the caller whether they should retry or fail.

* Continuously attempt to unseal if sealed keys are supported

This fixes a bug that occurs on bootstrapping an initial cluster. Given a collection of Vault nodes and an initialized storage backend, they will all go into standby waiting for initialization. After one node is initialized, the other nodes had no mechanism by which they "re-check" to see if unseal keys are present. This adds a goroutine to the server command which continually waits for unseal keys to exist. It exits in the following conditions:

- the node is unsealed
- the node does not support stored keys
- a fatal error occurs (as defined by Vault)
- the server is shutting down

In all other situations, the routine wakes up at the specified interval and attempts to unseal with the stored keys.
2019-01-23 16:34:34 -05:00
Jeff Mitchell c5d8391c38
Prefix path rename (#6089)
* Rename Prefix -> Path in internal struct

* Update test
2019-01-23 15:04:49 -05:00
Jeff Mitchell 4a76aa0f12 changelog++ 2019-01-23 14:35:51 -05:00
Jeff Mitchell 3f1a7d4fdd
Update to latest etcd and use the new repository packages (#6087)
This will be necessary for go mod work

Additionally, the srv api has changed. This adapts to it.
2019-01-23 14:35:03 -05:00
Jeff Mitchell a11f2a3ba2
Rename glob -> prefix in ACL internals (#6086)
Really, it's a prefix
2019-01-23 13:55:40 -05:00
Jeff Mitchell 59bc9dd361 Add missing value to policy ShallowClone
Not related to a bug, just happened to notice it.
2019-01-23 13:20:04 -05:00
Jeff Mitchell 155fa5114b changelog++ 2019-01-23 12:33:10 -05:00
Jeff Mitchell 5e126f6de8
Implement JWS-compatible signature marshaling (#6077)
This currently only applies to ECDSA signatures, and is a toggleable
option.
2019-01-23 12:31:34 -05:00
Noel Cower 4f05192be3 Merge all configuration fields (#6028)
This changes (*Config).Merge to merge all fields of a Config.
Previously, when merging Configs, some configuration fields were
ignored and completely lost, including APIAddr, ClusterAddr, and
a couple boolean fields. This only occurs when using multiple config
files and does not affect single config files (even when loading from
a directory -- Merge is only called after a second file is loaded).

- Fix APIAddr not being merged.
- Fix ClusterAddr not being merged.
- Fix DisablePrintableCheck not being merged.
- Fix DisableClustering not being merged. The DisableClusteringRaw
  value is also preserved so that it can be used in overrides for
  storage fields.
- Use merged top-level config as storage field overrides.
- Update config dir test fixtures to set some fields missed by
  (*Config).Merge previously.
2019-01-23 11:27:21 -05:00
Jim Kalafut f097b8d934
Update existing alias metadata during authentication (#6068) 2019-01-23 08:26:50 -08:00