69434fd13e
etcd: Allow disabling sync for load balanced etcd
...
Some etcd configurations (such as that provided by compose.io) place the
etcd cluster behind multiple load balancers or proxies. In this
configuration, calling Sync (or AutoSync) on the etcd client will
replace the load balancer addresses with the underlying etcd server
address.
This will cause the etcd client to bypass the load balancers, and may
cause the connection to fail completely if the etcd servers are
protected by a firewall.
This patch provides a "sync" option for the etcd backend, which defaults
to the current behavior, but which can be used to turn off of sync.
This corresponds to etcdctl's --no-sync option.
2016-01-11 13:56:58 -05:00
287954beef
Replace physical cache with TwoQueue instead of LRU.
2016-01-07 09:21:33 -05:00
bf2bf06997
Use cleanhttp.DefaultTransport rather than instantiating directly to avoid leaked FDs
2015-12-17 15:23:13 -05:00
ade5bf0570
Make S3 act like other parts of vault by prioritizing environment
...
variables over configuration values.
2015-12-17 10:19:42 -05:00
a090caf2c3
Basic Auth support for Etcd.
...
Fixes #859
2015-12-17 12:50:10 +01:00
5a1ea272ce
Merge pull request #857 from hashicorp/issue-836
...
Use an initialized client when using IAM roles with S3 physical backend
2015-12-14 21:25:41 -05:00
b2a0b48a2e
Add test to ensure the right backend was used with separate HA
2015-12-14 20:48:22 -05:00
352bff96c8
Pass in an initialized client into EC2RoleProvider.
...
Fixes #836
2015-12-14 11:14:09 -05:00
5c334293cd
fixing etcd missing key error
2015-12-07 02:29:20 -05:00
3bdbd66f7d
Remove datacenter from Consul configuration, as it cannot actually do
...
anything
Fixes #816
2015-12-03 15:16:37 -05:00
69b522f3ea
Add new Consul API client MonitorRetries option
2015-12-01 00:08:14 -05:00
4a1a02a123
Merge pull request #780 from vicki-c/master
...
Port to new etcd client with TLS support
2015-11-18 10:33:09 -05:00
eb464ed79d
rejecting etcd addresses without url scheme
2015-11-17 15:18:50 -08:00
4a3bcc2adc
adding check in etcd backend to validate machine urls
2015-11-16 14:35:04 -08:00
dfe284af43
adding PermitPool to etcd backend
2015-11-15 22:38:21 -08:00
a21c8fab26
porting to new etcd client
2015-11-15 22:12:06 -08:00
8a594a7f61
Allow s3 bucket to come from config vars
2015-11-06 14:05:29 +01:00
141a71974a
Correct typo in comment
2015-11-06 00:41:14 -08:00
171bd84330
Add support for etcd over TLS
2015-11-06 00:41:14 -08:00
08dbc70c9f
Switch etcd default port to 2379, in line with 2.x.
...
Fixes #753
2015-11-05 09:47:50 -05:00
9fff3a350d
Don't use the semaphore library as it's racy; instead use a simple
...
buffered channel. Passes all tests, including inmem, which uses it.
2015-11-04 12:27:13 -05:00
4ad533a5ba
Add a line to the documentation to describe the new feature
2015-11-04 15:36:24 +01:00
c65b63d152
Add an option to configure the S3 endpoint
...
This enables the use of other (AWS S3 compatible) S3 endpoints.
2015-11-04 15:04:36 +01:00
7f44a1b812
Add configuration parameter for max parallel connections to Consul
2015-11-03 15:26:07 -05:00
1b83eefd97
Address review feedback
2015-11-03 14:48:05 -05:00
bf2e553785
Add a PermitPool to physical and consul/inmem
...
The permit pool controls the number of outstanding operations that can
be queued for Consul (and inmem, for testing purposes). This prevents
possible situations where Vault launches thousands of concurrent
connections to Consul if e.g. a huge number of leases need to be
expired.
Fixes #677
2015-11-03 11:49:20 -05:00
658bc0634a
Fix breaking API changes
2015-10-30 18:22:48 -04:00
cba4e82682
Don't use http.DefaultClient
...
This strips out http.DefaultClient everywhere I could immediately find
it. Too many things use it and then modify it in incompatible ways.
Fixes #700 , I believe.
2015-10-15 17:54:00 -04:00
5e8b3a28e4
Rename error return var
2015-09-15 11:18:43 +03:00
42d3f90e37
Further cleanup, use named return vals
2015-09-14 13:30:15 +03:00
7f384b2312
Cleanup defer func
2015-09-11 16:30:12 +03:00
2652db825a
Use defer to close the channel in case of error
2015-09-11 16:17:23 +03:00
f8ec771cec
Renew the semaphore key periodically
...
The semaphore key is used to determine whether we are the leader or not and is set to expire after TTL of 15 seconds. There was no logic implemented to renew the key before it expired, which caused the leader to step down and change every 15 seconds. A periodic timer is now added to update the key every 5 seconds to renew the TTL of the key.
2015-09-09 19:33:07 +03:00
9f2f79cdf4
Fix tests with AWS changes.
2015-08-18 19:22:17 -07:00
4c84080732
physical/s3: update for new AWS API
2015-08-17 12:19:55 -07:00
83ce6f2e70
Use varbinary instead of varchar for mysql, fixes #512
2015-08-11 15:03:10 -04:00
fc9de56736
Update vault code to match latest aws-sdk-go APIs
2015-08-06 11:37:08 -05:00
f58f46c243
Merge pull request #439 from geckoboard/feature-tls-mysql
...
Using SSL to encrypt connections to MYSQL
2015-08-05 14:52:43 -07:00
2a1dfdab4e
Naming cleanup
2015-07-29 20:19:21 +00:00
a5ad818d8e
only use NewCertPool if there is a ca cert otherwise use host's certificates
2015-07-28 15:31:30 +03:00
280fec2913
fix potential insecure skip verification bug
2015-07-28 15:15:31 +03:00
7b743f12fe
fix identification to go formatting
2015-07-28 15:06:56 +03:00
4146be770c
refactor code
2015-07-28 14:55:33 +03:00
9a51ca341b
Granting S3 backend temporary access
2015-07-18 16:48:23 +10:00
f16a09dc48
Add tls.Config if sslca is provided
2015-07-17 22:33:06 +00:00
26937498f6
physical/zk: Fixing node representation. Fixes #416
2015-07-13 19:33:23 +10:00
bfc0442750
physical/zk: remove recursive delete behavior, still broken
2015-07-13 19:05:17 +10:00
29a5eb35f9
physical: ensure backend does NOT do recursive delete
2015-07-13 18:59:40 +10:00
49b84db4a9
Fix zookeeper break.
...
Fixes #393 .
2015-07-04 16:03:02 -07:00
28ddff305c
physical/mysql: cleanup and documentation
2015-06-18 14:31:00 -07:00
Eric Kidd