Commit graph

6881 commits

Author SHA1 Message Date
Jeff Mitchell 77a7c52392
Merge branch 'master' into f-nomad 2017-12-18 12:23:39 -05:00
Ernest W. Durbin III 98e04c42d3 Correct documentation for Kubernetes Auth Plugin (#3708) 2017-12-18 12:12:08 -05:00
Calvin Leung Huang 254a5c90db changelog++ 2017-12-18 11:42:03 -05:00
Calvin Leung Huang 69a0457dda changelog++ 2017-12-18 10:32:02 -05:00
Chris Hoffman 7f9815f186 changelog++ 2017-12-18 10:15:29 -05:00
Jeff Mitchell 2225b20ec9 Fix up comment 2017-12-18 10:11:24 -05:00
jaloren 82fd89b3b3 Support Incrementing Lease TTL in Renew api (#3688) 2017-12-18 10:09:59 -05:00
Jeff Mitchell 516cadd863 changelog++ 2017-12-18 10:06:39 -05:00
Jeff Mitchell 9630f93845
Fix audited request header lookup (#3707)
The headers are stored lowercased but the lookup function wasn't
properly lowercasing when indexing in the header map.

Fixes #3701
2017-12-18 10:05:51 -05:00
Jeff Mitchell feaef93fb6 changelog++ 2017-12-18 10:00:04 -05:00
immutability e7faad641c Add Duo MFA to the Github backend (#3696) 2017-12-18 09:59:17 -05:00
Chris Hoffman 0bacec0184
adding recovery info to seal status (#3706) 2017-12-18 09:58:14 -05:00
Jeff Mitchell edab61c204 Pull in new go-cleanhttp to fix data race 2017-12-18 09:40:22 -05:00
James Nugent e320d0580a physical/dynamodb: Clarify ha_enabled type (#3703)
The example in the documentation correctly passes a quoted boolean (i.e.
true or false as a string) instead of a "real" HCL boolean. This commit
corrects the parameter list to document that fact.

While it would be more desirable to change the implementation to accept
an unquoted boolean, it seems that the use of `hcl.DecodeObject` for
parameters which are not common to all storage back ends would make this
a rather more involved change than this necessarily warrants.
2017-12-18 09:30:29 -05:00
James Nugent 618b52d72d docs: Add correct method for mlock on systemd (#3704)
Although the previously described method of running setcap works if
setcap is available, the built-in LimitMEMLOCK directive is better.
2017-12-18 09:29:37 -05:00
Raja Nadar 446b87ee0e added the missing nonce and type fields (#3694) 2017-12-17 16:26:07 -05:00
Chris Hoffman 400d738403 use defaultconfig as base, adding env var test 2017-12-17 10:51:39 -05:00
Chris Hoffman f6bed8b925 fixing up config to allow environment vars supported by api client 2017-12-17 09:10:56 -05:00
Calvin Leung Huang 685b4a27e4 Use cleanhttp.PrintablePathCheckHandler to handle non-printable chara… (#3697) 2017-12-15 20:19:37 -05:00
Chris Hoffman ef56322369 Merge remote-tracking branch 'oss/master' into f-nomad
* oss/master:
  Add support for encrypted TLS key files (#3685)
2017-12-15 19:51:28 -05:00
Chris Hoffman b08606b320 adding existence check for roles 2017-12-15 19:50:20 -05:00
Chris Hoffman b904d28d82 adding access config existence check and delete endpoint 2017-12-15 19:18:32 -05:00
Chris Hoffman 164849f056
Add support for encrypted TLS key files (#3685) 2017-12-15 17:33:55 -05:00
Chris Hoffman c71f596fbd address some feedback 2017-12-15 17:06:56 -05:00
Chris Hoffman db0006ef65 Merge remote-tracking branch 'oss/master' into f-nomad
* oss/master:
  Defer reader.Close that is used to determine sha256
  changelog++
  Avoid unseal failure if plugin backends fail to setup during postUnseal (#3686)
  Add logic for using Auth.Period when handling auth login/renew requests (#3677)
  plugins/database: use context with plugins that use database/sql package (#3691)
  changelog++
  Fix plaintext backup in transit (#3692)
  Database gRPC plugins (#3666)
2017-12-15 17:05:42 -05:00
Calvin Leung Huang 57bc19c169 Defer reader.Close that is used to determine sha256 2017-12-15 14:04:09 -05:00
Jeff Mitchell bc282a2e8d changelog++ 2017-12-15 13:32:30 -05:00
Calvin Leung Huang 7c0b4f1333 Avoid unseal failure if plugin backends fail to setup during postUnseal (#3686) 2017-12-15 13:31:57 -05:00
Calvin Leung Huang 79cb82e133
Add logic for using Auth.Period when handling auth login/renew requests (#3677)
* Add logic for using Auth.Period when handling auth login/renew requests

* Set auth.TTL if not set in handleLoginRequest

* Always set auth.TTL = te.TTL on handleLoginRequest, check TTL and period against sys values on RenewToken

* Get sysView from le.Path, revert tests

* Add back auth.Policies

* Fix TokenStore tests, add resp warning when capping values

* Use switch for ttl/period check on RenewToken

* Move comments around
2017-12-15 13:30:05 -05:00
Brian Kassouf 9358540d50
plugins/database: use context with plugins that use database/sql package (#3691) 2017-12-15 10:26:17 -08:00
Jeff Mitchell 6e318c450f changelog++ 2017-12-15 09:56:06 -05:00
Brian Kassouf ccb7cdc3f5 Fix plaintext backup in transit (#3692) 2017-12-15 09:08:28 -05:00
Brian Kassouf afe53eb862
Database gRPC plugins (#3666)
* Start work on context aware backends

* Start work on moving the database plugins to gRPC in order to pass context

* Add context to builtin database plugins

* use byte slice instead of string

* Context all the things

* Move proto messages to the dbplugin package

* Add a grpc mechanism for running backend plugins

* Serve the GRPC plugin

* Add backwards compatibility to the database plugins

* Remove backend plugin changes

* Remove backend plugin changes

* Cleanup the transport implementations

* If grpc connection is in an unexpected state restart the plugin

* Fix tests

* Fix tests

* Remove context from the request object, replace it with context.TODO

* Add a test to verify netRPC plugins still work

* Remove unused mapstructure call

* Code review fixes

* Code review fixes

* Code review fixes
2017-12-14 14:03:11 -08:00
Jeff Mitchell b478ba8bac
Merge branch 'master' into f-nomad 2017-12-14 16:44:28 -05:00
Jeff Mitchell 829f2c38dc changelog++ 2017-12-14 13:31:58 -05:00
Jeff Mitchell d752da3648
Update Consul to use the role's configured lease on renew. (#3684) 2017-12-14 13:28:19 -05:00
Vishal Nayak 15b3d8738e Transit: backup/restore (#3637) 2017-12-14 12:51:50 -05:00
Brian Kassouf de9b7d779d
Fix leaking connections on cluster port (#3680) 2017-12-12 17:18:04 -08:00
Chris Hoffman 822ce95dc4
adding ability to override temp dir in dev cluster (#3673) 2017-12-11 18:02:35 -05:00
Jeff Mitchell d979eae715 changelog++ 2017-12-11 16:57:40 -05:00
Jeff Mitchell c7b8233216 changelog++ 2017-12-11 16:52:17 -05:00
lemondrank 255212af23 Non-recursive DFS token tree revoke (#2478) 2017-12-11 16:51:37 -05:00
Jeff Mitchell fcc0c24f4a changelog++ 2017-12-11 16:44:17 -05:00
Vishal Nayak 513d12ab7c Fix the casing problem in approle (#3665) 2017-12-11 16:41:17 -05:00
Jeff Mitchell 1060ee6705 changelog++ 2017-12-11 14:06:12 -05:00
Jeff Mitchell 894f2f2401 changelog++ 2017-12-11 13:45:45 -05:00
Florent H. CARRÉ 539d86ab2d Hardening RSA keys for PKI and SSH (#3593) 2017-12-11 13:43:56 -05:00
Brian Shumate d5d265956d Docs: fix typo in libtool ltdl name and link to avoid confusion and note about arch (#3644) 2017-12-11 13:42:19 -05:00
Chris Hoffman 94d119d979 changelog++ 2017-12-11 13:29:12 -05:00
Brian Shumate a8932fbcbd Docs: Update PKI URL config examples to FQDN — addresses #3606 (#3647) 2017-12-11 13:25:59 -05:00