Commit graph

312 commits

Author SHA1 Message Date
Devin Christensen fc94487f55 Add support for PostgreSQL as a physical backend 2016-01-19 17:00:09 -07:00
Eric Kidd 69434fd13e etcd: Allow disabling sync for load balanced etcd
Some etcd configurations (such as that provided by compose.io) place the
etcd cluster behind multiple load balancers or proxies.  In this
configuration, calling Sync (or AutoSync) on the etcd client will
replace the load balancer addresses with the underlying etcd server
address.

This will cause the etcd client to bypass the load balancers, and may
cause the connection to fail completely if the etcd servers are
protected by a firewall.

This patch provides a "sync" option for the etcd backend, which defaults
to the current behavior, but which can be used to turn off of sync.
This corresponds to etcdctl's --no-sync option.
2016-01-11 13:56:58 -05:00
Paul Seiffert 99f7659bb4 Add recovery option to DynamoDB backend
When Vault is killed without the chance to clean up the lock
entry in DynamoDB, no further Vault nodes can become leaders after
that.

To recover from this situation, this commit adds an environment
variable and a configuration flag that when set to "1" causes Vault
to delete the lock entry from DynamoDB.
2016-01-08 17:31:37 +01:00
Paul Seiffert 8853e50691 Explicitly read AWS credentials from environment 2016-01-08 17:31:37 +01:00
Paul Seiffert 277de77256 Add tests for DynamoDB backend 2016-01-08 17:31:37 +01:00
Paul Seiffert 870bc6c5b4 Implement DynamoDB physical HA backend 2016-01-08 17:31:37 +01:00
Jeff Mitchell 287954beef Replace physical cache with TwoQueue instead of LRU. 2016-01-07 09:21:33 -05:00
Jeff Mitchell bf2bf06997 Use cleanhttp.DefaultTransport rather than instantiating directly to avoid leaked FDs 2015-12-17 15:23:13 -05:00
Jeff Mitchell ade5bf0570 Make S3 act like other parts of vault by prioritizing environment
variables over configuration values.
2015-12-17 10:19:42 -05:00
Chi Vinh Le a090caf2c3 Basic Auth support for Etcd.
Fixes #859
2015-12-17 12:50:10 +01:00
Jeff Mitchell 5a1ea272ce Merge pull request #857 from hashicorp/issue-836
Use an initialized client when using IAM roles with S3 physical backend
2015-12-14 21:25:41 -05:00
Jeff Mitchell b2a0b48a2e Add test to ensure the right backend was used with separate HA 2015-12-14 20:48:22 -05:00
Jeff Mitchell 352bff96c8 Pass in an initialized client into EC2RoleProvider.
Fixes #836
2015-12-14 11:14:09 -05:00
Vicki Cheung 5c334293cd fixing etcd missing key error 2015-12-07 02:29:20 -05:00
Jeff Mitchell 3bdbd66f7d Remove datacenter from Consul configuration, as it cannot actually do
anything

Fixes #816
2015-12-03 15:16:37 -05:00
Jeff Mitchell 69b522f3ea Add new Consul API client MonitorRetries option 2015-12-01 00:08:14 -05:00
Jeff Mitchell 4a1a02a123 Merge pull request #780 from vicki-c/master
Port to new etcd client with TLS support
2015-11-18 10:33:09 -05:00
Vicki Cheung eb464ed79d rejecting etcd addresses without url scheme 2015-11-17 15:18:50 -08:00
Vicki Cheung 4a3bcc2adc adding check in etcd backend to validate machine urls 2015-11-16 14:35:04 -08:00
Vicki Cheung dfe284af43 adding PermitPool to etcd backend 2015-11-15 22:38:21 -08:00
Vicki Cheung a21c8fab26 porting to new etcd client 2015-11-15 22:12:06 -08:00
Yannick 8a594a7f61 Allow s3 bucket to come from config vars 2015-11-06 14:05:29 +01:00
Greg Brockman 141a71974a Correct typo in comment 2015-11-06 00:41:14 -08:00
Greg Brockman 171bd84330 Add support for etcd over TLS 2015-11-06 00:41:14 -08:00
Jeff Mitchell 08dbc70c9f Switch etcd default port to 2379, in line with 2.x.
Fixes #753
2015-11-05 09:47:50 -05:00
Jeff Mitchell 9fff3a350d Don't use the semaphore library as it's racy; instead use a simple
buffered channel. Passes all tests, including inmem, which uses it.
2015-11-04 12:27:13 -05:00
Sander van Harmelen 4ad533a5ba Add a line to the documentation to describe the new feature 2015-11-04 15:36:24 +01:00
Sander van Harmelen c65b63d152 Add an option to configure the S3 endpoint
This enables the use of other (AWS S3 compatible) S3 endpoints.
2015-11-04 15:04:36 +01:00
Jeff Mitchell 7f44a1b812 Add configuration parameter for max parallel connections to Consul 2015-11-03 15:26:07 -05:00
Jeff Mitchell 1b83eefd97 Address review feedback 2015-11-03 14:48:05 -05:00
Jeff Mitchell bf2e553785 Add a PermitPool to physical and consul/inmem
The permit pool controls the number of outstanding operations that can
be queued for Consul (and inmem, for testing purposes). This prevents
possible situations where Vault launches thousands of concurrent
connections to Consul if e.g. a huge number of leases need to be
expired.

Fixes #677
2015-11-03 11:49:20 -05:00
Seth Vargo 658bc0634a Fix breaking API changes 2015-10-30 18:22:48 -04:00
Jeff Mitchell cba4e82682 Don't use http.DefaultClient
This strips out http.DefaultClient everywhere I could immediately find
it. Too many things use it and then modify it in incompatible ways.

Fixes #700, I believe.
2015-10-15 17:54:00 -04:00
Tuomas Silen 5e8b3a28e4 Rename error return var 2015-09-15 11:18:43 +03:00
Tuomas Silen 42d3f90e37 Further cleanup, use named return vals 2015-09-14 13:30:15 +03:00
Tuomas Silen 7f384b2312 Cleanup defer func 2015-09-11 16:30:12 +03:00
Tuomas Silen 2652db825a Use defer to close the channel in case of error 2015-09-11 16:17:23 +03:00
Tuomas Silen f8ec771cec Renew the semaphore key periodically
The semaphore key is used to determine whether we are the leader or not and is set to expire after TTL of 15 seconds. There was no logic implemented to renew the key before it expired, which caused the leader to step down and change every 15 seconds. A periodic timer is now added to update the key every 5 seconds to renew the TTL of the key.
2015-09-09 19:33:07 +03:00
Jeff Mitchell 9f2f79cdf4 Fix tests with AWS changes. 2015-08-18 19:22:17 -07:00
Armon Dadgar 4c84080732 physical/s3: update for new AWS API 2015-08-17 12:19:55 -07:00
Daniel Rampelt 83ce6f2e70 Use varbinary instead of varchar for mysql, fixes #512 2015-08-11 15:03:10 -04:00
Paul Hinze fc9de56736 Update vault code to match latest aws-sdk-go APIs 2015-08-06 11:37:08 -05:00
Armon Dadgar f58f46c243 Merge pull request #439 from geckoboard/feature-tls-mysql
Using SSL to encrypt connections to MYSQL
2015-08-05 14:52:43 -07:00
Vivien Schilis 2a1dfdab4e Naming cleanup 2015-07-29 20:19:21 +00:00
Daniel Kaffee a5ad818d8e only use NewCertPool if there is a ca cert otherwise use host's certificates 2015-07-28 15:31:30 +03:00
Daniel Kaffee 280fec2913 fix potential insecure skip verification bug 2015-07-28 15:15:31 +03:00
Daniel Kaffee 7b743f12fe fix identification to go formatting 2015-07-28 15:06:56 +03:00
Daniel Kaffee 4146be770c refactor code 2015-07-28 14:55:33 +03:00
Lauro Balderas 9a51ca341b Granting S3 backend temporary access 2015-07-18 16:48:23 +10:00
Vivien Schilis f16a09dc48 Add tls.Config if sslca is provided 2015-07-17 22:33:06 +00:00
Armon Dadgar 26937498f6 physical/zk: Fixing node representation. Fixes #416 2015-07-13 19:33:23 +10:00
Armon Dadgar bfc0442750 physical/zk: remove recursive delete behavior, still broken 2015-07-13 19:05:17 +10:00
Armon Dadgar 29a5eb35f9 physical: ensure backend does NOT do recursive delete 2015-07-13 18:59:40 +10:00
Joe Beda 49b84db4a9 Fix zookeeper break.
Fixes #393.
2015-07-04 16:03:02 -07:00
Armon Dadgar 28ddff305c physical/mysql: cleanup and documentation 2015-06-18 14:31:00 -07:00
Pradeep Chhetri 53748c8c63 Fixed a failing test and drop table after running tests 2015-06-13 08:24:27 +05:45
Pradeep Chhetri 5fe59f4b8d Fixing List command behaviour 2015-06-12 23:16:46 +05:45
Pradeep Chhetri 0bf52546af Added the test as per suggestion 2015-06-12 15:32:45 +05:45
Pradeep Chhetri 30cef9fe77 Changes done as per feedback 2015-06-12 13:24:41 +05:45
Pradeep Chhetri ace36da4ce Physical MySQL backend implementation - First Cut 2015-06-09 01:37:25 +05:45
Seth Vargo a02f62ee77 AWS moved from labs to official 2015-06-03 15:02:49 -04:00
Eric Buth e2957ef463 etcd HA physical backend: added documention + style updates 2015-06-02 18:00:06 -04:00
Eric Buth 8c78cdddb1 etcd HA physical backend: stopchannel style, held state remote-only, lock value stored in semaphore key 2015-06-02 13:18:55 -04:00
Eric Buth baaa9bd10c etcd HA + tests 2015-06-01 18:29:54 -04:00
Armon Dadgar 9b79d43370 Merge pull request #252 from kenbreeman/physical_zookeeper_ha
Physical zookeeper ha
2015-06-01 13:03:27 +02:00
Ken Breeman c72dd5a38c Cleaned up error handling and HA lock monitoring for zookeeper physical backend based on PR feedback. 2015-05-28 00:39:12 -04:00
Eric Buth e4e4253d65 added etcd as a non-HA storage backend, updated documentation 2015-05-26 13:38:25 -04:00
Ken Breeman f6292eb441 Cleaned up zookeeper_ha locking, added tests and cleanup. 2015-05-26 00:12:16 -04:00
Ken Breeman efb455e5e8 Improvements based on PR feedback: removed empty detectAddress function, moved anonymous functions to named ones, added localLock mutex around i.held 2015-05-25 22:14:00 -04:00
Ken Breeman 13d47c11ab Merge branch 'master' into physical_zookeeper_ha 2015-05-25 21:01:59 -04:00
Jeff Mitchell bb866b0140 AWS changed their error interface; fix compile breakage. 2015-05-21 16:15:21 -04:00
Ken Breeman fa50ca026a Restore backwards compatibility for zookeeper physical backend. Vault already prevents locks and data from overlapping internally. 2015-05-20 23:15:31 -04:00
Ken Breeman a26882ebd4 Merge branch 'master' into physical_zookeeper_ha
Conflicts:
	physical/zookeeper.go
2015-05-20 22:59:37 -04:00
Ken Breeman ae74837e55 Implement HA lock loss detection for zookeeper physical backend 2015-05-20 22:54:35 -04:00
Armon Dadgar 1851434407 physical/s3: skip unit test if missing ENV vars 2015-05-20 17:42:41 -07:00
James Stremick 6726fcf7bc Removed erroneous mutex and tests. Delete operates on a single key now 2015-05-20 19:53:35 -04:00
James Stremick 53979d6f30 Physical S3 backend implementation 2015-05-20 10:59:03 -04:00
Spencer Herzberg 3a6a060b2e recursive zk delete 2015-05-12 11:50:32 -05:00
Spencer Herzberg f3f6466730 fixes #189; zk version conflict
* multiple Puts to the same node causes zk errors
2015-05-12 09:12:00 -05:00
Ken Breeman f6de41c31d Rough implementation of Zookeeper HA physical backend. Contains breaking changes to 'path' config. Has unresolved TODO's. 2015-05-12 00:37:08 -04:00
Armon Dadgar 47cfc85079 physical/consul: Fixing read of leader when standby. Fixes #178 2015-05-11 10:54:29 -07:00
Brandon Philips 3d3d725fc5 pysical: minor doc error in consul
ot -> to
2015-05-08 23:37:16 -07:00
Armon Dadgar ad3cfa206b physical/consul: Fixing path for locks 2015-05-08 15:34:29 -07:00
Armon Dadgar 0af92bdd2c physical/zk: Style changes and more error checking 2015-05-06 11:08:26 -07:00
Spencer Herzberg 985600a986 fixing default zookeeper port 2015-05-06 08:57:24 -05:00
Spencer Herzberg 2869efd6fb be optimistic on zk paths operations
* zk requires paths to be set or the client returns an error
* catch these errors instead of creating the full path
2015-05-05 21:23:24 -05:00
Spencer Herzberg 8a4c2eb691 cleanup zk HA leftover docs 2015-05-05 17:22:43 -05:00
Spencer Herzberg 9793986357 properly default zk address to localhost 2015-05-05 17:20:38 -05:00
Spencer Herzberg f10d993fb5 limit round trips on zk delete 2015-05-05 17:14:41 -05:00
Spencer Herzberg 7d16da4174 fixing comment; bad copy-paste-edit 2015-05-05 16:56:49 -05:00
Spencer Herzberg 966204d73f initial implementation of non-ha zookeeper 2015-05-05 16:49:18 -05:00
Armon Dadgar 5dad76d5a1 physical/consul: Support address detection using the agent 2015-05-02 15:34:39 -07:00
Armon Dadgar 06f3e498f0 physical: Adding optional interface for addr detection 2015-05-02 15:34:29 -07:00
Mitchell Hashimoto 1d7f78d3f3 physical/file: open for writing 2015-04-29 11:31:59 -07:00
jjshoe 3b53334d87 Sensible permissions on creating a file
Open a file, create it if it doesn't exist, and for gods sake don't leave it 0666.
2015-04-29 13:27:44 -05:00
Mitchell Hashimoto e9621cdfe3 physical: more sorting to make tests deterministic 2015-04-28 19:01:01 -07:00
Mitchell Hashimoto 68b3dd1a4b physical: sort strings in test 2015-04-28 18:51:21 -07:00
Paul Hinze 16d1c1f284 Fix comment typo
It's time to get my first vault commit in! :D
2015-04-22 16:59:16 -05:00
Armon Dadgar a2c22f6b3c physical: fix negative cache issue for core keys 2015-04-15 13:48:49 -07:00
Armon Dadgar b28dac7cb2 physical: Support association of value with lock 2015-04-14 16:36:53 -07:00
Armon Dadgar 5150091a6b physical: Adding inmem HA for testing 2015-04-14 12:04:15 -07:00
Armon Dadgar cd6db0a637 physical: First pass at HABackend 2015-04-14 11:49:46 -07:00
Armon Dadgar 9aec9fe577 physical: Add profiling to Consul backend 2015-04-14 11:09:24 -07:00
Armon Dadgar 6f7e5faf31 physical: rename cache 2015-04-14 11:03:18 -07:00
Armon Dadgar 30dcb99ba3 physical: Adding simple LRU write-through cache 2015-04-14 11:00:51 -07:00
Armon Dadgar 4bc10930b3 physical: Default consul path to vault/ 2015-04-03 17:05:18 -07:00
Armon Dadgar 1d839d033c physical: Adding Consul backend 2015-04-03 16:44:32 -07:00
Mitchell Hashimoto 1e36ef252d physical: finish super naive file backend
This thing is SUPER slow and has some dumb edge cases. It is only really
meant for development at this point and is commented as such. We won't
document it publicly unless we make it good.
2015-03-15 20:15:27 -07:00
Mitchell Hashimoto 39b42bb862 physical: fix failing test 2015-03-12 14:30:31 -07:00
Armon Dadgar 455291671e physical: Expose the Inmem implementation 2015-03-05 13:57:30 -08:00
Armon Dadgar 001bf70c68 physical: Factory constructor style for backends 2015-03-05 13:47:10 -08:00
Armon Dadgar 4060860194 physical: Adding interface, in-mem implementation, and skeleton for Consul/File 2015-03-02 10:48:53 -08:00