Commit graph

393 commits

Author SHA1 Message Date
Jim Kalafut 1274a8d3d4
Update JWT plugin dependency and docs (#6345) 2019-03-05 09:46:04 -08:00
Brian Kassouf ad3605e657
Revert "filtered-path endpoint (#6132)" (#6337)
This reverts commit dfdbb0bad975fab447f49766baaa5a6c956f8e3d.
2019-03-04 14:08:21 -08:00
ncabatoff 8814fe1ba5 filtered-path endpoint (#6132)
* First pass at filtered-path endpoint.  It seems to be working, but there are tests missing, and possibly some optimization to handle large key sets.

* Vendor go-cmp.

* Fix incomplete vendoring of go-cmp.

* Improve test coverage.  Fix bug whereby access to a subtree named X would expose existence of a the key named X at the same level.

* Add benchmarks, which showed that hasNonDenyCapability would be "expensive" to call for every member of a large folder.  Made a couple of minor tweaks so that now it can be done without allocations.

* Comment cleanup.

* Review requested changes: rename some funcs, use routeCommon instead of
querying storage directly.

* Keep the same endpoint for now, but move it from a LIST to a POST and allow multiple paths to be queried in one operation.

* Modify test to pass multiple paths in at once.

* Add endpoint to default policy.

* Move endpoint to /sys/access/filtered-path.
2019-03-04 11:04:29 -08:00
Michel Vocks f2d022ac20
Print warning when 'tls_cipher_suites' includes blacklisted cipher suites (#6300)
* Implemented a warning when tls_cipher_suites includes only cipher suites which are not supprted by the HTTP/2 spec

* Added test for cipher suites

* Added hard fail on startup when all defined cipher suites are blacklisted. Added warning when some ciphers are blacklisted.

* Replaced hard failure with warning. Removed bad cipher util function and replaced it by external library.

* Added missing dependency. Fixed renaming of package name.
2019-03-01 16:48:06 +01:00
Jim Kalafut 8eb4a0c50a Update JWT plugin deps (#6313) 2019-02-28 17:49:50 -08:00
Jeff Mitchell 6208142a71 Update golang-lru dep which has a minor speedbump in the critical path 2019-02-27 17:51:06 -05:00
Brian Kassouf 26d8d318d7 Merge remote-tracking branch 'oss/master' into 1.1-beta 2019-02-19 12:17:15 -08:00
Martin 9044173d6e Prometheus support on v1/sys/metrics endpoint (#5308)
* initial commit for prometheus and sys/metrics support

* Throw an error if prometheusRetentionTime is 0,add prometheus in devmode

* return when format=prometheus is used and prom is disable

* parse prometheus_retention_time from string instead of int

* Initialize config.Telemetry if nil

* address PR issues

* add sys/metrics framework.Path in a factory

* Apply requiredMountTable entries's MountConfig to existing core table

* address pr comments

* enable prometheus sink by default

* Move Metric-related code in a separate metricsutil helper
2019-02-14 12:46:59 -08:00
Jim Kalafut 6aa32db736 Update jwt plugin 2019-02-14 11:03:26 -08:00
madalynrose 625f0c7546
Update OpenAPI responses to include information the UI can use (#6204) 2019-02-14 12:42:44 -05:00
Jim Kalafut 164ca0834b Update vendored JWT plugin 2019-02-12 17:08:04 -08:00
Jeff Mitchell 700ec3a19c Pull in updated plugins 2019-02-12 08:53:40 -05:00
Jim Kalafut df4139df51
Create alias and command for OIDC (#6206) 2019-02-11 13:37:55 -08:00
Jeff Mitchell 17755b8150 Update go-retryablehttp to get bodybytes, and circonus deps as those break without it 2019-02-01 17:13:21 -05:00
Jeff Mitchell bbc1d53a5d Revert "Refactor common token fields and operations into a helper (#5953)"
This reverts commit 66c226c593bb1cd48cfd8364ac8510cb42b7d67a.
2019-02-01 11:23:40 -05:00
Jeff Mitchell b94c29a8a1 Update go-ldap to fix #6135 2019-01-31 17:07:25 -05:00
Jeff Mitchell 85a560abba
Refactor common token fields and operations into a helper (#5953) 2019-01-30 16:23:28 -05:00
Jeff Mitchell 3f1a7d4fdd
Update to latest etcd and use the new repository packages (#6087)
This will be necessary for go mod work

Additionally, the srv api has changed. This adapts to it.
2019-01-23 14:35:03 -05:00
Becca Petrin aac271ed7f swap the forked aliyun sdk for the original (#6024) 2019-01-23 11:24:51 -05:00
Jeff Mitchell f75f4e75c7 Prepare for 1.0.2 2019-01-15 11:25:11 -05:00
Giacomo Tirabassi 0d3845c537 Influxdb secret engine built-in plugin (#5924)
* intial work for influxdb secret plugin

* fixed typo

* added comment

* added documentation

* added tests

* fixed tests

* added vendoring

* minor testing issue with hardcoded values

* minor fixes
2019-01-08 17:26:16 -08:00
Julien Blache 91d432fc85 FoundationDB backend TLS support and housekeeping (#5800)
* Fix typo in documentation

* Update fdb-go-install.sh for new release tags

* Exclude FoundationDB bindings from vendoring, delete vendored copy

FoundationDB bindings are tightly coupled to the server version and
client library version used in a specific deployment. Bindings need
to be installed using the fdb-go-install.sh script, as documented in
the foundationdb backend documentation.

* Add TLS support to FoundationDB backend

TLS support appeared in FoundationDB 5.2.4, raising the minimum API version
for TLS-aware FoundationDB code to 520.

* Update documentation for FoundationDB TLS support
2019-01-08 09:01:44 -08:00
Jeff Mitchell 7cafbb51bf Update plugins 2018-12-14 10:42:11 -05:00
Jeff Mitchell 9066bba70a CL and plugin updates 2018-12-03 11:45:02 -05:00
Jeff Mitchell 0eef70f279 Update x/net deps to pull in some fixes. (#5827) 2018-11-20 13:29:13 -08:00
Brian Kassouf 2b2b69cf0b Update plugins 2018-11-20 11:43:38 -08:00
Brian Kassouf 48dffb9b7c release prep 2018-11-12 11:10:47 -08:00
Vishal Nayak 0244aa4c54
Update KV dependency (#5707) 2018-11-06 14:33:21 -05:00
Jim Kalafut f5fafdf907
Update kv dependency (#5700) 2018-11-05 21:42:44 -08:00
Nicolas Corrarello 0b44a55d22 Adding support for Consul 1.4 ACL system (#5586)
* Adding support for Consul 1.4 ACL system

* Working tests

* Fixed logic gate

* Fixed logical gate that evaluate empty policy or empty list of policy names

* Ensure tests are run against appropiate Consul versions

* Running tests against official container with a 1.4.0-rc1 tag

* policies can never be nil (as even if it is empty will be an empty array)

* addressing feedback, refactoring tests

* removing cast

* converting old lease field to ttl, adding max ttl

* cleanup

* adding missing test

* testing wrong version

* adding support for local tokens

* addressing feedback
2018-11-02 10:44:12 -04:00
Jeff Mitchell 756e4c5f89 Update jwt to pull in groups claim delimiter pattern 2018-10-31 16:04:39 -04:00
Jim Kalafut 3abb1bfaa9
Update Azure Secrets plugin (#5606) 2018-10-25 12:06:55 -07:00
Jeff Mitchell 0406eeb8b7 Check in some generated protos needed by non-native archs 2018-10-23 12:46:47 -04:00
Chris Hoffman dec2eb88b6 adding gcpkms secrets engine (#784) 2018-10-22 23:39:25 -07:00
Matthew Irish 8073ebcd1e Merge branch 'oss-master' into 1.0-beta-oss 2018-10-19 20:40:36 -05:00
Jim Kalafut 6f7b298de4
Update Azure Secrets plugin (#5533) 2018-10-19 16:15:31 -07:00
Calvin Leung Huang a08ccbffa7
[Review Only] Autoseal OSS port (#757)
* Port awskms autoseal

* Rename files

* WIP autoseal

* Fix protobuf conflict

* Expose some structs to properly allow encrypting stored keys

* Update awskms with the latest changes

* Add KeyGuard implementation to abstract encryption/decryption of keys

* Fully decouple seal.Access implementations from sealwrap structs

* Add extra line to proto files, comment update

* Update seal_access_entry.go

* govendor sync

* Add endpoint info to configureAWSKMSSeal

* Update comment

* Refactor structs

* Update make proto

* Remove remove KeyGuard, move encrypt/decrypt to autoSeal

* Add rest of seals, update VerifyRecoveryKeys, add deps

* Fix some merge conflicts via govendor updates

* Rename SealWrapEntry to EncryptedBlobInfo

* Remove barrier type upgrade check in oss

* Add key to EncryptedBlobInfo proto

* Update barrierTypeUpgradeCheck signature
2018-10-19 14:43:57 -07:00
Brian Kassouf 48ee3650a3
Update deps (#5521) 2018-10-15 15:25:08 -07:00
Brian Kassouf d987a3c230
Update deps (#5520) 2018-10-15 14:36:55 -07:00
Becca Petrin 072d56be95 vendor the desired version of go.uuid (#5458) 2018-10-03 15:30:05 -07:00
Brian Kassouf 2995c06a53
Fix build (#5457) 2018-10-03 14:53:08 -07:00
Brian Kassouf 9307ba4b0b
Update Deps (#5454) 2018-10-03 09:55:26 -07:00
Brian Kassouf bc36d78df1 Update plugins 2018-10-02 11:14:15 -07:00
Becca Petrin 3da8d38e7d point at a fork of aliyun-oss-go-sdk (#5358) 2018-10-01 10:05:08 -07:00
Jeff Mitchell 56aaaac944
Add lz4 to compressutil (#5403) 2018-09-26 09:20:33 -05:00
Rob Playford 3998942f04 fix typo in vault-plugin-auth-jwt path (#5385)
* fix typo in vault-plugin-auth-jwt path

* remove duplicate vault-plugin-auth-jwt entry
2018-09-25 10:55:45 -05:00
Becca Petrin 74d4d0ccc0
add alicloud secrets engine (#5352) 2018-09-19 08:42:28 -07:00
Clint 5882156f53
Translate AWS Rate limiting errors to 502 errors (#5270)
* Initial implemntation of returning 529 for rate limits

- bump aws iam and sts packages to v1.14.31 to get mocking interface
- promote the iam and sts clients to the aws backend struct, for mocking in tests
- this also promotes some functions to methods on the Backend struct, so
  that we can use the injected client

Generating creds requires reading config/root for credentials to contact
IAM. Here we make pathConfigRoot a method on aws/backend so we can clear
the clients on successful update of config/root path. Adds a mutex to
safely clear the clients

* refactor locking and unlocking into methods on *backend

* refactor/simply the locking

* check client after grabbing lock
2018-09-18 15:26:06 -05:00
Jeff Mitchell cdd08cba58 Bump for release 2018-09-05 13:17:37 -04:00
Becca Petrin 7e0e49656a Add AliCloud auth to the Vault Agent (#5179) 2018-09-05 11:56:30 -04:00
Jeff Mitchell a001021d51 Sync plugin updates 2018-08-28 02:39:13 -04:00
Brian Kassouf 20a58d68df
Update kv plugin (#5187) 2018-08-25 14:56:40 -07:00
Jeff Mitchell d35f6e23fd Add json-iterator to vendor file 2018-08-22 16:16:19 -04:00
Jeff Mitchell 64660afee2 Get reflect2 into vendoring 2018-08-22 16:11:51 -04:00
Jeff Mitchell 31dbc52183 Add concurrent 2018-08-22 15:50:08 -04:00
Jeff Mitchell f42201ac64 Add ali deps to vendor 2018-08-22 15:39:18 -04:00
Jim Kalafut d8dc68495d
Update Azure Secrets plugin (#5154) 2018-08-21 21:05:05 -07:00
Jeff Mitchell 167817a068 Pull in jwt auth update 2018-08-21 15:11:18 -04:00
Jeff Mitchell fcc2cd7356 Pull in go-ldap update that fixes comparison with AD 2018-08-20 18:16:47 -04:00
Jeff Mitchell 6604bff9f0 Remove non existent vendored files 2018-08-16 16:23:28 -04:00
Jeff Mitchell bb9b4bcf08 Sync plugins 2018-08-16 16:21:38 -04:00
Jim Kalafut a8e81ce393 Initial import of Azure Secrets (#5120)
* Initial import of Azure Secrets

* Update vendor folder
2018-08-16 12:18:06 -07:00
Becca Petrin 8e8095163e Add alicloud auth (#5123)
* add alicloud auth commands

* add dependencies
2018-08-16 12:17:49 -07:00
Nándor István Krácser b9fab6375b Alibaba Object Storage support (#4783) 2018-08-13 17:03:24 -04:00
Brian Kassouf 735287bd6a
Update k8s auth (#5059) 2018-08-07 10:45:40 -07:00
Joel Thompson eb322bbbc5 Vendor AWS ARN parser (#5048)
This adds the AWS ARN parser into the vendor as suggested by
https://github.com/hashicorp/vault/pull/4360#discussion_r186744987
2018-08-06 09:51:06 -07:00
Jim Kalafut 2a8f368ef8 Update GCP auth plugin (#5043)
Fixes #5037
2018-08-03 14:56:02 -07:00
Brian Kassouf 215d4404e0
Update ad plugin (#5008) 2018-07-27 14:52:38 -06:00
Jeff Mitchell 09ac94a59f Update plugins 2018-07-24 22:19:38 -04:00
Chris Hoffman 1cd2509065
updating azure plugin (#4989) 2018-07-24 22:13:23 -04:00
Jeff Mitchell e72890e83f
VSI (#4985) 2018-07-24 22:02:27 -04:00
Jim Kalafut ca8dd26374
Update Azure auth plugin (#4978) 2018-07-23 15:00:46 -07:00
Chris Hoffman b37c05cf64
updating azure auth plugin and docs (#4975) 2018-07-23 10:00:44 -04:00
Jeff Mitchell bb057dd1df Update go-retryablehttp and affected deps 2018-07-19 08:50:18 -04:00
Jeff Mitchell 4b354e1110
Re-add dockertest and fix up imports and update script (#4909) 2018-07-11 17:49:13 -04:00
Jeff Mitchell a371bd7e7b Minor dep sync 2018-07-11 16:04:02 -04:00
Jeff Mitchell f05e132c91 Sync jwt auth plugin 2018-07-10 11:14:36 -04:00
Jeff Mitchell 1011f61bf2 Add JWT plugin 2018-07-09 16:21:47 -04:00
Jeff Mitchell 2821ccd6a3 Bump hclog 2018-07-09 12:54:13 -04:00
Jeff Mitchell 94486a6650 Bump deps 2018-07-09 12:41:21 -04:00
Chris Hoffman a1c8c8459b
Bump Deps (#4868)
* bump deps

* revert script changes

* adding govendor miss
2018-07-06 12:09:34 -04:00
Becca Petrin 90f567b985 fetch the runes and text encoding packages (#4831) 2018-06-25 12:44:10 -07:00
Jeff Mitchell 00673fe197 Update kubernetes auth plugin 2018-06-19 23:03:22 -04:00
Jeff Mitchell 961d24d89a Update ad plugin 2018-06-19 12:16:20 -04:00
Jeff Mitchell bef7db5711 Bump Kube auth dep 2018-06-18 12:24:41 -04:00
Jeff Mitchell fccf7204b8 Bump plugins and changelog 2018-06-18 11:54:23 -04:00
Becca Petrin e285915915
update go-ldap (#4776) 2018-06-15 10:13:57 -07:00
Jim Kalafut 88102708a2
Update aws-sdk-go/service/dynamodb/dynamodbattribute (#4744)
Fixes #4721, Fixes #4742
2018-06-12 06:07:15 -07:00
Jeff Mitchell 2ac5c2cdac Pull in kv fix for 4726 2018-06-08 13:48:25 -04:00
Jeff Mitchell 9fce6c0c0c Update plugins 2018-06-05 22:57:35 -04:00
Becca Petrin 2e8a3e6d59 update ad dependency (#4692) 2018-06-04 15:09:41 -04:00
Jeff Mitchell b9ea7ae7cd Bump retryablehttp dep 2018-05-31 17:14:04 -04:00
Jim Kalafut 2528a261bf
Add gzip compression to UI static content responses (#4664) 2018-05-31 09:42:08 -07:00
Jeff Mitchell 53c6ffcb75 Update kv plugin 2018-05-30 09:07:19 -04:00
Jeff Mitchell 0e396cf4fe Bump plugin deps 2018-05-29 21:16:48 -04:00
emily 192c228931 Add GCP auth helper (#4654)
* update auth plugin vendoring

* add GCP auth helper and docs
2018-05-29 20:36:24 -04:00
Becca Petrin 13a0eebb67
Update ad plugin (#4652) 2018-05-29 16:16:43 -07:00
Brian Kassouf 893d874291 Update proto files (#4651) 2018-05-29 18:23:51 -04:00
Jeff Mitchell bd0ac25eb9
Merge branch 'master' into rekey-verification 2018-05-29 10:19:57 -04:00
Becca Petrin 94ae5d2567
Add Active Directory secrets plugin (#4635) 2018-05-25 11:37:41 -07:00