James Nugent
618b52d72d
docs: Add correct method for mlock on systemd ( #3704 )
...
Although the previously described method of running setcap works if
setcap is available, the built-in LimitMEMLOCK directive is better.
2017-12-18 09:29:37 -05:00
Raja Nadar
446b87ee0e
added the missing nonce and type fields ( #3694 )
2017-12-17 16:26:07 -05:00
Calvin Leung Huang
685b4a27e4
Use cleanhttp.PrintablePathCheckHandler to handle non-printable chara… ( #3697 )
2017-12-15 20:19:37 -05:00
Chris Hoffman
164849f056
Add support for encrypted TLS key files ( #3685 )
2017-12-15 17:33:55 -05:00
Calvin Leung Huang
57bc19c169
Defer reader.Close that is used to determine sha256
2017-12-15 14:04:09 -05:00
Jeff Mitchell
bc282a2e8d
changelog++
2017-12-15 13:32:30 -05:00
Calvin Leung Huang
7c0b4f1333
Avoid unseal failure if plugin backends fail to setup during postUnseal ( #3686 )
2017-12-15 13:31:57 -05:00
Calvin Leung Huang
79cb82e133
Add logic for using Auth.Period when handling auth login/renew requests ( #3677 )
...
* Add logic for using Auth.Period when handling auth login/renew requests
* Set auth.TTL if not set in handleLoginRequest
* Always set auth.TTL = te.TTL on handleLoginRequest, check TTL and period against sys values on RenewToken
* Get sysView from le.Path, revert tests
* Add back auth.Policies
* Fix TokenStore tests, add resp warning when capping values
* Use switch for ttl/period check on RenewToken
* Move comments around
2017-12-15 13:30:05 -05:00
Brian Kassouf
9358540d50
plugins/database: use context with plugins that use database/sql package ( #3691 )
2017-12-15 10:26:17 -08:00
Jeff Mitchell
6e318c450f
changelog++
2017-12-15 09:56:06 -05:00
Brian Kassouf
ccb7cdc3f5
Fix plaintext backup in transit ( #3692 )
2017-12-15 09:08:28 -05:00
Brian Kassouf
afe53eb862
Database gRPC plugins ( #3666 )
...
* Start work on context aware backends
* Start work on moving the database plugins to gRPC in order to pass context
* Add context to builtin database plugins
* use byte slice instead of string
* Context all the things
* Move proto messages to the dbplugin package
* Add a grpc mechanism for running backend plugins
* Serve the GRPC plugin
* Add backwards compatibility to the database plugins
* Remove backend plugin changes
* Remove backend plugin changes
* Cleanup the transport implementations
* If grpc connection is in an unexpected state restart the plugin
* Fix tests
* Fix tests
* Remove context from the request object, replace it with context.TODO
* Add a test to verify netRPC plugins still work
* Remove unused mapstructure call
* Code review fixes
* Code review fixes
* Code review fixes
2017-12-14 14:03:11 -08:00
Jeff Mitchell
829f2c38dc
changelog++
2017-12-14 13:31:58 -05:00
Jeff Mitchell
d752da3648
Update Consul to use the role's configured lease on renew. ( #3684 )
2017-12-14 13:28:19 -05:00
Vishal Nayak
15b3d8738e
Transit: backup/restore ( #3637 )
2017-12-14 12:51:50 -05:00
Brian Kassouf
de9b7d779d
Fix leaking connections on cluster port ( #3680 )
2017-12-12 17:18:04 -08:00
Chris Hoffman
822ce95dc4
adding ability to override temp dir in dev cluster ( #3673 )
2017-12-11 18:02:35 -05:00
Jeff Mitchell
d979eae715
changelog++
2017-12-11 16:57:40 -05:00
Jeff Mitchell
c7b8233216
changelog++
2017-12-11 16:52:17 -05:00
lemondrank
255212af23
Non-recursive DFS token tree revoke ( #2478 )
2017-12-11 16:51:37 -05:00
Jeff Mitchell
fcc0c24f4a
changelog++
2017-12-11 16:44:17 -05:00
Vishal Nayak
513d12ab7c
Fix the casing problem in approle ( #3665 )
2017-12-11 16:41:17 -05:00
Jeff Mitchell
1060ee6705
changelog++
2017-12-11 14:06:12 -05:00
Jeff Mitchell
894f2f2401
changelog++
2017-12-11 13:45:45 -05:00
Florent H. CARRÉ
539d86ab2d
Hardening RSA keys for PKI and SSH ( #3593 )
2017-12-11 13:43:56 -05:00
Brian Shumate
d5d265956d
Docs: fix typo in libtool ltdl name and link to avoid confusion and note about arch ( #3644 )
2017-12-11 13:42:19 -05:00
Chris Hoffman
94d119d979
changelog++
2017-12-11 13:29:12 -05:00
Brian Shumate
a8932fbcbd
Docs: Update PKI URL config examples to FQDN — addresses #3606 ( #3647 )
2017-12-11 13:25:59 -05:00
Chris Hoffman
3b0ba609b2
Converting key_usage and allowed_domains in PKI to CommaStringSlice ( #3621 )
2017-12-11 13:13:35 -05:00
Paulo Ribeiro
0ee55dde52
Remove duplicate link in ToC ( #3671 )
2017-12-11 12:52:58 -05:00
Brian Shumate
07a0d25aeb
Docs: Update PKI output examples - addresses #3606 ( #3628 )
2017-12-11 11:57:07 -05:00
Jeff Mitchell
b5d21ebdae
Cross reference pki/cert in a few places.
2017-12-11 11:10:28 -05:00
Jeff Mitchell
98faa8e406
changelog++
2017-12-09 10:47:35 -05:00
Jeff Mitchell
a5d93cbc43
changelog++
2017-12-09 10:45:48 -05:00
Jeff Mitchell
d70db5df9b
Update go-ldap with our patch for control packets. ( #3670 )
...
Fixes #3656
Fixes #3625
Fixes #3402
2017-12-09 10:45:03 -05:00
Jeff Mitchell
87154b1562
changelog++
2017-12-07 14:19:40 -05:00
Brad Sickles
295e11d40d
Adding mfa support to okta auth backend. ( #3653 )
2017-12-07 14:17:42 -05:00
Brian Shumate
a0d1092420
Conditionally set file audit log mode ( #3649 )
2017-12-07 11:44:15 -05:00
Mohsen
2aa576149c
Small typo relating to no_store in pki secret backend ( #3662 )
...
* Removed typo :)
* Corrected typo in the website related to no_store
2017-12-07 10:40:21 -05:00
Vishal Nayak
0928a65c38
remove unused function ( #3657 )
2017-12-06 18:55:43 -05:00
Vishal Nayak
48ac5caaa9
Transit: Refactor internal representation of key entry map ( #3652 )
...
* convert internal map to index by string
* Add upgrade test for internal key entry map
* address review feedback
2017-12-06 18:24:00 -05:00
Jeff Mitchell
3e64757013
changelog++
2017-12-06 16:51:08 -05:00
Dominik Müller
bc523fc294
add allowed_names to cert-response ( #3654 )
2017-12-06 16:50:02 -05:00
Brian Kassouf
34f5d1e637
Remove the note about GKE from the Kubernetes docs ( #3658 )
2017-12-06 13:38:00 -05:00
Chris Hoffman
8732603a4f
changelog++
2017-12-06 12:32:00 -05:00
Chris Hoffman
f966d20225
Adding ability to cache core values, cache transaction improvements ( #3640 )
2017-12-06 12:25:17 -05:00
Calvin Leung Huang
02706d62db
changelog++
2017-12-05 15:44:08 -05:00
Calvin Leung Huang
41f03b466a
Support MongoDB session-wide write concern ( #3646 )
...
* Initial work on write concern support, set for the lifetime of the session
* Add base64 encoded value support, include docs and tests
* Handle error from json.Unmarshal, fix test and docs
* Remove writeConcern struct, move JSON unmarshal to Initialize
* Return error on empty mapping of write_concern into mgo.Safe struct
2017-12-05 15:31:01 -05:00
Calvin Leung Huang
8f87854b86
Clarify api_addr related errors on VaultPluginTLSProvider ( #3620 )
...
* Mention api_addr on VaultPluginTLSProvider logs, update docs
* Clarify message and mention automatic api_address detection
* Change error message to use api_addr
* Change error messages to use api_addr
2017-12-05 12:01:35 -05:00
Jeff Mitchell
8f159b12b1
allowed/disallowed_policies as TypeCommaStringSlice ( #3641 )
...
Our docs apparently claim that this is a list, but the code is
string-only. This fixes that discrepancy.
2017-12-04 12:47:05 -05:00