Commit graph

6440 commits

Author SHA1 Message Date
Jeff Mitchell 7be6905eb0 Add a bit more delay to backend test in case Travis is loaded 2017-09-04 14:45:12 -04:00
Joel Thompson 2a53d852f3 auth/aws: Properly handle malformed ARNs (#3280)
The parseIamArn method was making assumptions about the input arn being
properly formatted and of a certain type. If users tried to pass a
bound_iam_principal_arn that was malformed (or was the ARN of the root
user), it would cause a panic. parseIamArn now explicitly checks the
assumptions it's making and tests are added to ensure it properly errors
out (rather than panic'ing) on malformed input.
2017-09-03 20:37:06 -04:00
Jeff Mitchell 105a7068d1 Bump Go dep 2017-09-03 12:34:07 -04:00
Jeff Mitchell 4b6279a990 Bump hclog dep 2017-09-03 12:33:44 -04:00
Lars Lehtonen f3d6866735 Fix goroutine logging in cert test (#3224) 2017-09-01 16:55:16 -04:00
Calvin Leung Huang 48263622cb Add comment to the reason behind mounting a nil backend for plugin mounts during setup 2017-09-01 12:26:31 -04:00
Calvin Leung Huang b4f950becc changelog++ 2017-09-01 12:12:08 -04:00
Calvin Leung Huang ef055a7b0b changelog++ 2017-09-01 12:05:45 -04:00
Jeff Mitchell 1a85a0e7a0 Bump readme go requirement 2017-09-01 08:36:05 -04:00
Eugene Bekker e85e22b00e Fixing the response sample for reading a plugin (#3278)
The plugin config data properties are returned immediately within the response's `data` object.
2017-09-01 08:34:54 -04:00
Jeff Mitchell 9578361513 Massive update to response-wrapping concept page 2017-09-01 08:32:55 -04:00
Brian Kassouf ed6e818fea Plugin Version Update (#3275)
* Bump plugin version requirement

* Register time.Duration with gob
2017-09-01 00:01:14 -07:00
Calvin Leung Huang a581e96b78 Lazy-load plugin mounts (#3255)
* Lazy load plugins to avoid setup-unwrap cycle

* Remove commented blocks

* Refactor NewTestCluster, use single core cluster on basic plugin tests

* Set c.pluginDirectory in TestAddTestPlugin for setupPluginCatalog to work properly

* Add special path to mock plugin

* Move ensureCoresSealed to vault/testing.go

* Use same method for EnsureCoresSealed and Cleanup

* Bump ensureCoresSealed timeout to 60s

* Correctly handle nil opts on NewTestCluster

* Add metadata flag to APIClientMeta, use meta-enabled plugin when mounting to bootstrap

* Check metadata flag directly on the plugin process

* Plumb isMetadataMode down to PluginRunner

* Add NOOP shims when running in metadata mode

* Remove unused flag from the APIMetadata object

* Remove setupSecretPlugins and setupCredentialPlugins functions

* Move when we setup rollback manager to after the plugins are initialized

* Fix tests

* Fix merge issue

* start rollback manager after the credential setup

* Add guards against running certain client and server functions while in metadata mode

* Call initialize once a plugin is loaded on the fly

* Add more tests, update basic secret/auth plugin tests to trigger lazy loading

* Skip mount if plugin removed from catalog

* Fixup

* Remove commented line on LookupPlugin

* Fail on mount operation if plugin is re-added to catalog and mount is on existing path

* Check type and special paths on startBackend

* Fix merge conflicts

* Refactor PluginRunner run methods to use runCommon, fix TestSystemBackend_Plugin_auth
2017-09-01 01:02:03 -04:00
Jeff Mitchell 590e2de328 changelog++ 2017-08-31 23:09:09 -04:00
Jeff Mitchell ef92e823f2 changelog++ 2017-08-31 23:08:32 -04:00
Jeff Mitchell abb2ab2918 Add pki/root/sign-self-issued. (#3274)
* Add pki/root/sign-self-issued.

This is useful for root CA rolling, and is also suitably dangerous.

Along the way I noticed we weren't setting the authority key IDs
anywhere, so I addressed that.

* Add tests
2017-08-31 23:07:15 -04:00
Jeff Mitchell f38daffbe8 Travis, be happier please 2017-08-31 21:43:31 -04:00
Jeff Mitchell 1623ff7993 changelog++ 2017-08-31 16:58:05 -04:00
Jeff Mitchell 223c4fc325 Change auth helper interface to api.Secret. (#3263)
This allows us to properly handle wrapped responses.

Fixes #3217
2017-08-31 16:57:00 -04:00
Jeff Mitchell 9a159a597f changelog++ 2017-08-31 16:52:06 -04:00
Jeff Mitchell d64929b58d Try reconnecting Mongo on EOF (#3269) 2017-08-31 16:50:26 -04:00
Jeff Mitchell 4ec737b013 Don't append a trailing slash to the request path if it doesn't actually help find something (#3271) 2017-08-31 16:50:03 -04:00
Jeff Mitchell 2c484080de changelog++ 2017-08-31 15:50:14 -04:00
Jeff Mitchell d62937aaf3 Use TypeDurationSecond for TTL values in PKI. (#3270) 2017-08-31 15:46:13 -04:00
Calvin Leung Huang 1934fe21fe changelog++ 2017-08-31 14:53:50 -04:00
Jeff Mitchell 5224c296f0 changelog++ 2017-08-31 12:32:15 -04:00
Jeff Mitchell 7585349e46 Use net.SplitHostPort on Consul address (#3268) 2017-08-31 12:31:34 -04:00
Calvin Leung Huang 6f417d39da Normalize plugin_name option for mount and enable-auth (#3202) 2017-08-31 12:16:59 -04:00
Chris Hoffman 194491759d Updating Okta lib for credential backend (#3245)
* migrating to chrismalek/oktasdk-go Okta library

* updating path docs

* updating bool reference from config
2017-08-30 22:37:21 -04:00
Jeff Mitchell 9d26deb10e Explicitly mention that aws/aws-ec2 were unified under aws. 2017-08-30 22:12:10 -04:00
Jeff Mitchell 8acef196a8 Add 'discard' target to file audit backend (#3262)
Fixes #seth
2017-08-30 19:16:47 -04:00
Jeff Mitchell 8a99649be9 changelog++ 2017-08-30 17:52:40 -04:00
Joel Thompson caf90f58d8 auth/aws: Allow wildcard in bound_iam_principal_id (#3213) 2017-08-30 17:51:48 -04:00
Jeff Mitchell add6396298 changelog++ 2017-08-30 16:29:42 -04:00
Jeff Mitchell 3edb337a00 Add option to set cluster TLS cipher suites. (#3228)
* Add option to set cluster TLS cipher suites.

Fixes #3227
2017-08-30 16:28:23 -04:00
Jeff Mitchell d31ce49771 changelog++ 2017-08-30 15:42:44 -04:00
stephan stachurski e396d87bc5 add support to use application default credentials to gcs storage backend (#3257) 2017-08-30 15:42:02 -04:00
Seth Vargo 9d29380feb Merge pull request #3258 from hashicorp/sethvargo/custom
Remove fake news about custom plugins
2017-08-30 13:50:32 -04:00
Seth Vargo 9f80099fae
Remove fake news about custom plugins
This also adds a redirect from the old page to the new one
2017-08-30 12:57:45 -04:00
Calvin Leung Huang e7b5c3192a Fix travis build on go 1.9 2017-08-29 15:55:34 -04:00
Jeff Mitchell f58ffaf4d1 changelog++ 2017-08-29 14:52:15 -04:00
Christopher Pauley eccbb21ce8 stdout support for file backend via logger (#3235) 2017-08-29 14:51:16 -04:00
Lars Lehtonen 13901b1346 fix swallowed errors in pki package tests (#3215) 2017-08-29 13:15:36 -04:00
djboris9 21a15204bd Fix API/AUTH/AppRole doc issue concerning bound_cidr_list (#3205)
This patch fixes a little documentation issue.
bind_cidr_list doesn't exist as parameter to AppRole creation. It should be "bound_cidr_list".
In "path-help" it is documented correctly.
2017-08-29 12:37:20 -04:00
Jeff Mitchell 96900731f9 changelog++ 2017-08-25 14:49:15 -04:00
Jeff Mitchell 27ae5a269d Compare groups case-insensitively at login time (#3240)
* Compare groups case-insensitively at login time, since Okta groups are
case-insensitive but preserving.

* Make other group operations case-preserving but otherwise
case-insensitive. New groups will be written in lowercase.
2017-08-25 14:48:37 -04:00
Hamza Tümtürk 525c124d69 Add missing code ending to Sample Payload (#3239) 2017-08-25 12:34:12 -04:00
Jeff Mitchell cce9a41eac changelog++ 2017-08-25 10:50:28 -04:00
Jon Benson d88aefc64f Fix typo (#3237) 2017-08-25 09:51:33 -04:00
Brian Kassouf 892701358b Update to go1.9 on travis 2017-08-24 15:55:04 -07:00