Commit graph

10725 commits

Author SHA1 Message Date
Jeff Mitchell 7b8c0b58f1
Call goimports as well as gofmt when doing a make fmt (#7148)
Closes #7147
2019-07-18 21:04:56 -04:00
Noelle Daley 6acaa8a288
Update CHANGELOG.md 2019-07-18 15:17:41 -07:00
Noelle Daley c5b5127fc4
check for the correct path when showing entities sidenav item (#7141)
* check for the correct path when showing entities sidenav item

* update tests to check for correct api path

* remove trailing slash
2019-07-18 14:24:30 -07:00
Mike Jarmy 1d14832cad
Update CHANGELOG.md 2019-07-18 16:53:56 -04:00
Mike Jarmy 37ac2e4911
Update CHANGELOG.md 2019-07-18 16:46:59 -04:00
Mike Jarmy a44356ed6a
change the default for max_open_connections for DB plugins to 4 (#7093) 2019-07-18 16:16:22 -04:00
Mike Jarmy 0d4ae949a8
Add 'log-format' CLI flag, along with associated config flag, for 'vault server' command. (#6840)
* Read config before creating logger when booting vault server

* Allow for specifying log output in JSON format in a config file, via a 'log_level' flag

* Create parser for log format flag

* Allow for specifying log format in a config file, via a 'log_format' flag. Also, get rid of 'log_json' flag.

* Add 'log-format' command line flag

* Update documentation to include description of log_format setting

* Tweak comment for VAULT_LOG_FORMAT environment variable

* add test for ParseEnvLogFormat()

* clarify how log format is set

* fix typos in documentation
2019-07-18 15:59:27 -04:00
Jason O'Donnell be2e98a1f3
doc: Add default SSL note to PG storage (#7125) 2019-07-18 14:37:24 -04:00
Calvin Leung Huang ce829655a1
docs: update kmip scope delete api section (#7140)
* docs: update kmip scope delete api section

* fix wording in force param

* update scope delete example
2019-07-18 11:25:01 -07:00
Calvin Leung Huang f4022101e0
changelog++ 2019-07-18 10:54:33 -07:00
Calvin Leung Huang e869893df3
logical: add support for passing data to delete (#7139)
* logical: add support for passing data to delete

* add back raft bit

* add back raft bit

* update error message

* fix command delete tests
2019-07-18 10:42:36 -07:00
Jeff Mitchell 304c6cabdf
Bump cross Dockerfile to 1.12.7 (#7126)
This version fixes a bug that is bad, but hard to say whether it might
affect us or not -- or more crucially, any of our dependencies. It's
almost certainly worth updating just in case. See
https://github.com/golang/go/issues/32560
2019-07-17 06:32:08 -04:00
Jeff Mitchell f522dd8f35
Add backwards compat support for API env vars (#7135)
Several env vars got renamed in
https://github.com/hashicorp/vault/pull/6306. This re-adds support for
those.

Indirectly addresses
https://github.com/hashicorp/consul-template/pull/1233 although they
should still update to the new values.
2019-07-17 06:29:25 -04:00
Noelle Daley 4ac26156c8
Ui/http request fixes (#7128)
* ensure dropdown updates selected item

* ensure no duplicate ticks

* handle case where counters are Dates instead of strings so bar chart filters in Storybook
2019-07-16 16:26:49 -07:00
Calvin Leung Huang f6d57042a1
docs: update kmip scope delete api section (#7127) 2019-07-16 14:05:48 -07:00
Michel Vocks 24e4f7eaaf
Added operator raft and operator raft snapshot descriptions (#7106) 2019-07-16 09:31:00 +02:00
Lexman 119854a865
adds Cache-Control header to oidc .well-known endpoints (#7108) 2019-07-15 11:04:45 -07:00
Becca Petrin 974c381c7a
Fix "internal/specs/openapi" endpoint (#7097)
* fix panic generating openapi docs

* fmt
2019-07-09 15:10:39 -07:00
Calvin Leung Huang 44a69bec01
changelog++ 2019-07-09 13:26:00 -07:00
Brian Kassouf e83d7b82eb
changelog++ 2019-07-09 13:18:54 -07:00
Calvin Leung Huang 3f29bcc43d
changelog++ 2019-07-09 11:24:07 -07:00
Jeff Mitchell 563e346575
Cut version 1.2.0-beta2 2019-07-09 04:16:47 -04:00
Jeff Mitchell ec12124c6b Revert "Migrate build to use go modules"
This reverts commit 3439a34989b082ebc3d711853fdc2372798ff121.

For the moment with bad wifi this is just taking too, too long. We may
be able to figure out an approach that bind mounts the cache in which
should help drastically.
2019-07-09 04:15:03 -04:00
Jeff Mitchell 71ea55751b Bump api/sdk 2019-07-09 04:02:10 -04:00
Jeff Mitchell b12a49f19f Bump api's sdk 2019-07-09 04:01:32 -04:00
Jeff Mitchell 7f1a9d8dd3 Bump version in sdk 2019-07-09 03:54:28 -04:00
Jeff Mitchell 8b93119f39 Update CHANGELOG for release 2019-07-09 03:53:17 -04:00
Jeff Mitchell 49371ff945 Buster is released, so switch off testing for Dockerfile 2019-07-09 03:51:05 -04:00
Jeff Mitchell ff40dd30e0 Add a missing lock to cluster handler 2019-07-09 03:46:08 -04:00
Jeff Mitchell 7144450211 Bump sdk/api 2019-07-08 19:06:16 -04:00
Jeff Mitchell b86c920b6c Bump sdk in api 2019-07-08 19:04:47 -04:00
Jeff Mitchell 9e143be494 changelog++ 2019-07-08 19:04:02 -04:00
Mark Gritter 6ac5ba8945 Escape SQL username and password parameters before substituting them in to a URL. (#7089) 2019-07-09 01:02:54 +02:00
Jeff Mitchell d810758ca2
Rerun proto gen as some got gen'd with old proto version (#7090) 2019-07-09 01:02:20 +02:00
Brian Kassouf 94a263dcdf
Don't run Initialize on plugins on postUnseal (#7087)
* Don't run Initialize on plugins on postUnseal

* Add comments explaining that we do not want to initalize
2019-07-08 14:54:24 -07:00
Martin Lee 6e672d398e Explain the dev server mounts a KV store (#7083)
Resolves #7081
2019-07-08 08:56:39 -07:00
Matthew Irish 96eea4f7f9
update handlebars (#7084) 2019-07-08 08:20:12 -05:00
Jeff Mitchell 2cb16e3a9c
Fix nil pointer panic in wrapping validation (#7077)
Wrapping validation was deferring the function to audit log before
actually checking if we were sealed or standby, and without having the
read lock grabbed.
2019-07-05 22:31:03 -04:00
Brian Kassouf b0cfcc003d Bind entry to initalize locally 2019-07-05 18:37:10 -07:00
Jeff Mitchell 03c6090b95 Mod tidy 2019-07-05 20:26:12 -04:00
Brian Kassouf 556e8da040
Update vendor directory (#7076) 2019-07-05 17:01:41 -07:00
Jeff Mitchell cec8f6a32b Migrate build to use go modules 2019-07-05 19:59:04 -04:00
Mike Jarmy e0ce2195cc AWS upgrade role entries (#7025)
* upgrade aws roles

* test upgrade aws roles

* Initialize aws credential backend at mount time

* add a TODO

* create end-to-end test for builtin/credential/aws

* fix bug in initializer

* improve comments

* add Initialize() to logical.Backend

* use Initialize() in Core.enableCredentialInternal()

* use InitializeRequest to call Initialize()

* improve unit testing for framework.Backend

* call logical.Backend.Initialize() from all of the places that it needs to be called.

* implement backend.proto changes for logical.Backend.Initialize()

* persist current role storage version when upgrading aws roles

* format comments correctly

* improve comments

* use postUnseal funcs to initialize backends

* simplify test suite

* improve test suite

* simplify logic in aws role upgrade

* simplify aws credential initialization logic

* simplify logic in aws role upgrade

* use the core's activeContext for initialization

* refactor builtin/plugin/Backend

* use a goroutine to upgrade the aws roles

* misc improvements and cleanup

* do not run AWS role upgrade on DR Secondary

* always call logical.Backend.Initialize() when loading a plugin.

* improve comments

* on standbys and DR secondaries we do not want to run any kind of upgrade logic

* fix awsVersion struct

* clarify aws version upgrade

* make the upgrade logic for aws auth more explicit

* aws upgrade is now called from a switch

* fix fallthrough bug

* simplify logic

* simplify logic

* rename things

* introduce currentAwsVersion const to track aws version

* improve comments

* rearrange things once more

* conglomerate things into one function

* stub out aws auth initialize e2e test

* improve aws auth initialize e2e test

* finish aws auth initialize e2e test

* tinker with aws auth initialize e2e test

* tinker with aws auth initialize e2e test

* tinker with aws auth initialize e2e test

* fix typo in test suite

* simplify logic a tad

* rearrange assignment

* Fix a few lifecycle related issues in #7025 (#7075)

* Fix panic when plugin fails to load
2019-07-05 16:55:40 -07:00
Tim Arenz 54aaf8a87d Update tokens.html.md (#6697)
Fixing miner typo by adding dot.
2019-07-05 15:39:16 -07:00
Brian Shumate 39676b0b74 Update API docs for Create Token — resolves #7053 (#7056)
- Update sample `payload.json`
- Update sample response
2019-07-05 15:38:37 -07:00
Justin Weissig a5e762d36a docs: spelling (#6838)
Fixed minor spelling error: sychronized/synchronized.
2019-07-05 15:36:58 -07:00
Brian Shumate c041e7134c Update Cert Auth Login API docs — resolves #7039 (#7058)
- Add `--cert` and `--key` options to `curl` example so that it is
  clearer that the certificate and key must also be passed in
2019-07-05 15:36:20 -07:00
Daniel Mangum 3a6d8dbdd1 plugin docs: update example code snippet with correct imports and link to developing plugin backends tutorial (#6843)
Signed-off-by: hasheddan <georgedanielmangum@gmail.com>
2019-07-05 15:35:36 -07:00
Jeff Mitchell ffce5ca702 Fix various read only storage errors
* Fix various read only storage errors

A mistake we've seen multiple times in our own plugins and that we've
seen in the GCP plugin now is that control flow (how the code is
structured, helper functions, etc.) can obfuscate whether an error came
from storage or some other Vault-core location (in which case likely it
needs to be a 5XX message) or because of user input (thus 4XX). Error
handling for functions therefore often ends up always treating errors as
either user related or internal.

When the error is logical.ErrReadOnly this means that treating errors as
user errors skips the check that triggers forwarding, instead returning
a read only view error to the user.

While it's obviously more correct to fix that code, it's not always
immediately apparent to reviewers or fixers what the issue is and fixing
it when it's found both requires someone to hit the problem and report
it (thus exposing bugs to users) and selective targeted refactoring that
only helps that one specific case.

If instead we check whether the logical.Response is an error and, if so,
whether it contains the error value, we work around this in all of these
cases automatically. It feels hacky since it's a coding mistake, but
it's one we've made too multiple times, and avoiding bugs altogether is
better for our users.
2019-07-05 18:13:49 -04:00
Brian Kassouf 19910f6c77
core: Don't shutdown if key upgrades fail due to canceled context (#7070)
* core: Don't shutdown if key upgrades fail due to canceled context

* Continue if we are not shutting down
2019-07-05 14:19:15 -07:00