Commit Graph

71 Commits

Author SHA1 Message Date
Jim Kalafut 051bc15da3
Bundle OCI Auth method (#7422) 2019-09-04 16:46:00 -07:00
Vu Pham a47b2faf34 Added OCI Object Storage Plugin (#6985) 2019-09-04 11:33:16 -07:00
Becca Petrin 64ecf46fb6
rename pcf to cf maintaining backwards compat (#7346) 2019-08-26 09:55:08 -07:00
Michel Vocks 24e4f7eaaf
Added operator raft and operator raft snapshot descriptions (#7106) 2019-07-16 09:31:00 +02:00
Vishal Nayak 53035ce390
Raft CLI (#6893)
* raft cli

* Reuse the command's client

* Better response handling

* minor touchups
2019-06-20 21:32:00 -04:00
Brian Kassouf ed14061578
Raft Storage Backend (#6888)
* Work on raft backend

* Add logstore locally

* Add encryptor and unsealable interfaces

* Add clustering support to raft

* Remove client and handler

* Bootstrap raft on init

* Cleanup raft logic a bit

* More raft work

* Work on TLS config

* More work on bootstrapping

* Fix build

* More work on bootstrapping

* More bootstrapping work

* fix build

* Remove consul dep

* Fix build

* merged oss/master into raft-storage

* Work on bootstrapping

* Get bootstrapping to work

* Clean up FMS and node-id

* Update local node ID logic

* Cleanup node-id change

* Work on snapshotting

* Raft: Add remove peer API (#906)

* Add remove peer API

* Add some comments

* Fix existing snapshotting (#909)

* Raft get peers API (#912)

* Read raft configuration

* address review feedback

* Use the Leadership Transfer API to step-down the active node (#918)

* Raft join and unseal using Shamir keys (#917)

* Raft join using shamir

* Store AEAD instead of master key

* Split the raft join process to answer the challenge after a successful unseal

* get the follower to standby state

* Make unseal work

* minor changes

* Some input checks

* reuse the shamir seal access instead of new default seal access

* refactor joinRaftSendAnswer function

* Synchronously send answer in auto-unseal case

* Address review feedback

* Raft snapshots (#910)

* Fix existing snapshotting

* implement the noop snapshotting

* Add comments and switch log libraries

* add some snapshot tests

* add snapshot test file

* add TODO

* More work on raft snapshotting

* progress on the ConfigStore strategy

* Don't use two buckets

* Update the snapshot store logic to hide the file logic

* Add more backend tests

* Cleanup code a bit

* [WIP] Raft recovery (#938)

* Add recovery functionality

* remove fmt.Printfs

* Fix a few fsm bugs

* Add max size value for raft backend (#942)

* Add max size value for raft backend

* Include physical.ErrValueTooLarge in the message

* Raft snapshot Take/Restore API  (#926)

* Inital work on raft snapshot APIs

* Always redirect snapshot install/download requests

* More work on the snapshot APIs

* Cleanup code a bit

* On restore handle special cases

* Use the seal to encrypt the sha sum file

* Add sealer mechanism and fix some bugs

* Call restore while state lock is held

* Send restore cb trigger through raft log

* Make error messages nicer

* Add test helpers

* Add snapshot test

* Add shamir unseal test

* Add more raft snapshot API tests

* Fix locking

* Change working to initalize

* Add underlying raw object to test cluster core

* Move leaderUUID to core

* Add raft TLS rotation logic (#950)

* Add TLS rotation logic

* Cleanup logic a bit

* Add/Remove from follower state on add/remove peer

* add comments

* Update more comments

* Update request_forwarding_service.proto

* Make sure we populate all nodes in the followerstate obj

* Update times

* Apply review feedback

* Add more raft config setting (#947)

* Add performance config setting

* Add more config options and fix tests

* Test Raft Recovery (#944)

* Test raft recovery

* Leave out a node during recovery

* remove unused struct

* Update physical/raft/snapshot_test.go

* Update physical/raft/snapshot_test.go

* fix vendoring

* Switch to new raft interface

* Remove unused files

* Switch a gogo -> proto instance

* Remove unneeded vault dep in go.sum

* Update helper/testhelpers/testhelpers.go

Co-Authored-By: Calvin Leung Huang <cleung2010@gmail.com>

* Update vault/cluster/cluster.go

* track active key within the keyring itself (#6915)

* track active key within the keyring itself

* lookup and store using the active key ID

* update docstring

* minor refactor

* Small text fixes (#6912)

* Update physical/raft/raft.go

Co-Authored-By: Calvin Leung Huang <cleung2010@gmail.com>

* review feedback

* Move raft logical system into separate file

* Update help text a bit

* Enforce cluster addr is set and use it for raft bootstrapping

* Fix tests

* fix http test panic

* Pull in latest raft-snapshot library

* Add comment
2019-06-20 12:14:58 -07:00
Becca Petrin 66aaa46588 add PCF auth method, agent, and cli handler 2019-06-06 12:26:04 -07:00
Jeff Mitchell 24b92d6e29 Move physical/file to sdk 2019-04-15 14:51:33 -04:00
Jeff Mitchell 9ebc57581d
Switch to go modules (#6585)
* Switch to go modules

* Make fmt
2019-04-13 03:44:06 -04:00
Jeff Mitchell 8bcb533a1b
Create sdk/ and api/ submodules (#6583) 2019-04-12 17:54:35 -04:00
ncabatoff cb3e3e578d Fix windows build by moving references to SIGUSR2 into a file not built (#6422)
on windows.
2019-03-15 10:12:48 -07:00
ncabatoff 1fcfcbd8f2
Receiving a SIGUSR2 makes Vault log the running goroutines' stacks. (#6240)
* Receiving a SIGUSR2 makes Vault log the running goroutines' stacks.
2019-03-15 09:27:53 -04:00
Vishal Nayak a5195949d9
added client_key and client_cert options to the agent config (#6319) 2019-03-01 15:11:16 -05:00
Vishal Nayak ac2b499fc9
Support reading Vault's address from Agent's config file (#6306)
* Support reading Vault's address from Agent's config file

* use consts and switch

* Add tls options to agent config vault block

* Update command/agent/config/config.go

Co-Authored-By: vishalnayak <vishalnayak@users.noreply.github.com>

* remove fmt.Printfs
2019-02-28 17:29:28 -05:00
Jeff Mitchell 6e182c3237 Remove deprecated CLI commands (#6112) 2019-02-14 11:54:47 -08:00
Calvin Leung Huang 77d737c8b2 Merge branch 'master-oss' into 1.1-beta 2019-02-11 14:47:22 -08:00
Jim Kalafut df4139df51
Create alias and command for OIDC (#6206) 2019-02-11 13:37:55 -08:00
Giacomo Tirabassi 820f27fd29 remove panicking and added usage (#6208) 2019-02-11 11:19:08 -08:00
Jeff Mitchell 5f249d4005
Add allowed_response_headers (#6115) 2019-02-05 16:02:15 -05:00
Jeff Mitchell 82ee4176e6
Add the ability to print curl commands from CLI (#6113) 2019-02-01 17:13:51 -05:00
Becca Petrin 7bd22e6779
Run all builtins as plugins (#5536) 2018-11-06 17:21:24 -08:00
Jeff Mitchell fe770ed284 Change deprecation warning to 1.1 2018-10-23 02:44:57 -04:00
Chris Hoffman dec2eb88b6 adding gcpkms secrets engine (#784) 2018-10-22 23:39:25 -07:00
Jeff Mitchell a64fc7d7cb
Batch tokens (#755) 2018-10-15 12:56:24 -04:00
Jim Kalafut 4c80debe63
Add physical backend migrator command (#5143) 2018-09-25 16:18:22 -07:00
Becca Petrin 74d4d0ccc0
add alicloud secrets engine (#5352) 2018-09-19 08:42:28 -07:00
Jeff Mitchell 9cd7c05269
Change deprecation warnings from 0.11 or later to 0.12. (#5176)
Also remove a deprecated parameter that we warned would be removed since
0.8.
2018-08-24 12:16:37 -04:00
Jim Kalafut a8e81ce393 Initial import of Azure Secrets (#5120)
* Initial import of Azure Secrets

* Update vendor folder
2018-08-16 12:18:06 -07:00
Becca Petrin 8e8095163e Add alicloud auth (#5123)
* add alicloud auth commands

* add dependencies
2018-08-16 12:17:49 -07:00
Nándor István Krácser b9fab6375b Alibaba Object Storage support (#4783) 2018-08-13 17:03:24 -04:00
Jeff Mitchell 9d1a427949 Port over some ns stuff 2018-08-10 12:17:17 -04:00
Jeff Mitchell e72890e83f
VSI (#4985) 2018-07-24 22:02:27 -04:00
Julien Blache c8fb9ed6a8 FoundationDB physical backend (#4900) 2018-07-16 10:18:09 -04:00
Seth Vargo 1259ee6743 Add plugin CLI for interacting with the plugin catalog (#4911)
* Add 'plugin list' command

* Add 'plugin register' command

* Add 'plugin deregister' command

* Use a shared plugin helper

* Add 'plugin read' command

* Rename to plugin info

* Add base plugin for help text

* Fix arg ordering

* Add docs

* Rearrange to alphabetize

* Fix arg ordering in example

* Don't use "sudo" in command description
2018-07-13 10:35:08 -07:00
Calvin Leung Huang f801f4b808
Add description flag to secrets and auth tune subcommands (#4894)
* Add description flag to secrets and auth tune subcommands

* Allow empty description to be provided in secret and auth mount tune

* Use flagNameDescription
2018-07-12 11:15:50 -04:00
Jeff Mitchell 1011f61bf2 Add JWT plugin 2018-07-09 16:21:47 -04:00
Chris Hoffman a1c8c8459b
Bump Deps (#4868)
* bump deps

* revert script changes

* adding govendor miss
2018-07-06 12:09:34 -04:00
Jeff Mitchell ebe3f09f82
Add `kv rollback` (#4774)
* Add `kv rollback`

Like `kv patch` this is more of a helper than anything else; it provides
a single command to fetch the current version (for CAS), read the
version you want to roll back to, and set it as the new version (using
CAS for safety).
2018-06-15 15:34:17 -04:00
emily 192c228931 Add GCP auth helper (#4654)
* update auth plugin vendoring

* add GCP auth helper and docs
2018-05-29 20:36:24 -04:00
Becca Petrin 94ae5d2567
Add Active Directory secrets plugin (#4635) 2018-05-25 11:37:41 -07:00
Jeff Mitchell 396457ce03
Don't use environment as a mechanism for floating format around. (#4622)
This turns out to not work very well for the demo server. Also,
it's kinda hacky.
2018-05-23 16:45:17 -04:00
Jeff Mitchell f1c3ddc566
Fix panic on deprecated audit-disable and some cleanup (#4619) 2018-05-23 12:34:48 -04:00
Jeff Mitchell 84eaebb774
Add missing flags to KV commands and simplify boilerplate (#4617) 2018-05-23 09:56:47 -04:00
Brian Kassouf c7f9d185b0
Kv preflight (#4430)
* Update kv command to use a preflight check

* Make the existing ui endpoint return the allowed mounts

* Add kv subcommand tests

* Enable `-field` in `vault kv get/put` (#4426)

* Enable `-field` in `vault kv get/put`

Fixes #4424

* Unify nil value handling

* Use preflight helper

* Update vkv plugin

* Add all the mount info when authenticated

* Add fix the error message on put

* add metadata test

* No need to sort the capabilities

* Remove the kv client header

* kv patch command (#4432)

* Fix test

* Fix tests

* Use permission denied instead of entity disabled
2018-04-23 15:00:02 -07:00
Seth Vargo b48a9878e7 Add HA support to the Google Cloud Storage backend (#4226) 2018-03-30 12:36:37 -04:00
Jeff Mitchell 2bb4e7535a Add gcp secrets 2018-03-21 23:07:16 -04:00
Brian Kassouf 3324d6dd12 Add kv backend (#4181) 2018-03-21 22:56:52 -04:00
Calvin Leung Huang 25792df5a9
Passthrough request headers (#4172)
* Add passthrough request headers for secret/auth mounts

* Update comments

* Fix SyncCache deletion of passthrough_request_headers

* Remove debug line

* Case-insensitive header comparison

* Remove unnecessary allocation

* Short-circuit filteredPassthroughHeaders if there's nothing to filter

* Add whitelistedHeaders list

* Update router logic after merge

* Add whitelist test

* Add lowercase x-vault-kv-client to whitelist

* Add back const

* Refactor whitelist logic
2018-03-21 19:56:47 -04:00
Brian Kassouf 5c84c36915
command/kv: Add a "kv" subcommand for using the key-value store (#4168)
* Add more cli subcommands

* Add metadata commands

* Add more subcommands

* Update cli

* Move archive commands to delete

* Add helpers for making http calls to the kv backend

* rename cli header

* Format the various maps from kv

* Add list command

* Update help text

* Add a command to enable versioning on a backend

* Rename enable-versions command

* Some review feedback

* Fix listing of top level keys

* Fix issue when metadata is nil

* Add test for lising top level keys

* Fix some typos

* Add a note about deleting all versions
2018-03-21 15:02:41 -07:00
Chris Hoffman 695eae6ede
adding azure auth plugin (#4180) 2018-03-21 17:35:31 -04:00