Commit graph

321 commits

Author SHA1 Message Date
Jeff Mitchell bab8db3328
Don't allow non-printable characters in the API client's token (#3841) 2018-01-24 19:57:49 -05:00
Jeff Mitchell 8e8675053b Sync some bits over 2018-01-22 21:44:49 -05:00
Jeff Mitchell ffc15201dd Allow API to return health response when in a custom state 2018-01-17 23:50:37 -05:00
Jeff Mitchell 842e3cb5dd Add replication mode sys health information to Go API 2018-01-17 22:50:37 -05:00
Paweł Słomka b994e83c65 Cleanup of deprecated commands in tests, docs (#3788) 2018-01-15 15:19:28 -05:00
Jeff Mitchell d1803098ae Merge branch 'master-oss' into sethvargo/cli-magic 2018-01-03 14:02:31 -05:00
Jeff Mitchell 2225b20ec9 Fix up comment 2017-12-18 10:11:24 -05:00
jaloren 82fd89b3b3 Support Incrementing Lease TTL in Renew api (#3688) 2017-12-18 10:09:59 -05:00
Chris Hoffman 0bacec0184
adding recovery info to seal status (#3706) 2017-12-18 09:58:14 -05:00
Jeff Mitchell 548629e8ef Port over some changes 2017-11-30 09:43:07 -05:00
Brian Kassouf 58dc99ac95 Update the path for generating DR Operation tokens (#3578) 2017-11-13 20:28:34 -05:00
Chris Hoffman 9e79e9b397
generate token functions to share common names (#3576) 2017-11-13 15:44:26 -05:00
Jeff Mitchell 2b78bc2a9b
Port over bits (#3575) 2017-11-13 15:31:32 -05:00
Jeff Mitchell d55f94f4a3
Plumb more seal wrap stuff through and move to outside layer of mount options (#3572) 2017-11-13 11:22:22 -05:00
Jeff Mitchell e4750fc793 Fix typo in test (and failure) 2017-11-13 10:35:36 -05:00
Jeff Mitchell 57f60c4f9f Fix client test 2017-11-12 12:34:56 -05:00
Jeff Mitchell 8efa6756c3
Make -client-cert and -client-key work when the server doesn't know (#3568)
about the CA used to sign the cert.

Stop swallowing an error in meta.

Fixes #2946
2017-11-10 18:16:50 -05:00
Jeff Mitchell 0798ccdd7c Populate config error in three node test function 2017-11-10 17:44:25 -05:00
Brian Kassouf ab3b625a3b
Add API methods for creating a DR Operation Token and make generate root accept strategy types (#3565)
* Add API and Command code for generating a DR Operation Token

* Update generate root to accept different token strategies
2017-11-10 10:19:42 -08:00
Jeff Mitchell 7e80b4b7ad
Minor client refactoring (#3539) 2017-11-06 12:06:19 -05:00
Jeff Mitchell d229d7d5b0
Redo API locking (#3508)
* Redo the API client quite a bit to make the behavior of NewClient more
predictable and add locking to make it safer to use with Clone() and if
multiple goroutines for some reason decide to change things.

Along the way I discovered that currently, the x/net/http2 package is
broke with the built-in h2 support in released Go. For those using
DefaultConfig (the vast majority of cases) this will be a non-event.
Others can manually call http2.ConfigureTransport as needed. We should
keep an eye on commits on that repo and consider more updates before
release. Alternately we could go back revisions but miss out on bug
fixes; my theory is that this is not a purposeful break and I'll be
following up on this in the Go issue tracker.

In a few tests that don't use NewTestCluster, either for legacy or other
reasons, ensure that http2.ConfigureTransport is called.

* Use tls config cloning

* Don't http2.ConfigureServer anymore as current Go seems to work properly without requiring the http2 package

* Address feedback
2017-11-02 09:30:04 -05:00
Jeff Mitchell e0669746b6
Add seal type to seal-status output. (#3516) 2017-11-01 21:00:41 -05:00
Jeff Mitchell 08d9353c60 Only call ConfigureTransport if "h2" is not already in NextProtos.
Fixes #3435
2017-10-27 14:08:30 -04:00
Jeff Mitchell 713d5d5307
Don't swallow errors on token functions. 2017-10-24 09:39:35 -04:00
Seth Vargo 42f3215589
Remove redundant TokenMeta 2017-10-24 09:39:34 -04:00
Seth Vargo c5665920f6
Standardize on "auth method"
This removes all references I could find to:

- credential provider
- authentication backend
- authentication provider
- auth provider
- auth backend

in favor of the unified:

- auth method
2017-10-24 09:32:15 -04:00
Seth Vargo f66d49b79b
Add more secret helpers for getting secret data 2017-10-24 09:30:47 -04:00
Seth Vargo 8910915c86
Add API functions for token helpers 2017-10-24 09:26:44 -04:00
Jeff Mitchell 8e271dcbdc More syncing 2017-10-23 16:52:56 -04:00
Billie Cleek 3033a7beb6 do not panic when Client.Transport is not *http.Transport (#3440) 2017-10-10 08:46:54 -04:00
Jeff Mitchell 3cf4e3e142 Fix panic when setting a client http client with no transport (#3437)
Fixes #3436
2017-10-09 08:49:20 -04:00
Marcus Söderberg 3d00731fda Add http headers to the api client (#3394) 2017-10-06 14:27:58 -04:00
Chris Hoffman 1029ad3b33 Rename "generic" secret backend to "kv" (#3292) 2017-09-15 09:02:29 -04:00
Calvin Leung Huang 6f417d39da Normalize plugin_name option for mount and enable-auth (#3202) 2017-08-31 12:16:59 -04:00
Seth Vargo ae5996a737
Add SignKey endpoint for SSH API client 2017-08-18 12:59:08 -04:00
Jeff Mitchell d2410e3399 gofmt 2017-08-02 19:38:35 -04:00
nrhall-deshaw 888e1e3859 Add SRV record functionality for client side host/port discovery of Vault (#3035)
* added SRV record functionality for client side port discovery of Vault

* Add a check on returned address length
2017-08-02 19:19:06 -04:00
Calvin Leung Huang db9d9e6415 Store original request path in WrapInfo (#3100)
* Store original request path in WrapInfo as CreationPath

* Add wrapping_token_creation_path to CLI output

* Add CreationPath to AuditResponseWrapInfo

* Fix tests

* Add and fix tests, update API docs with new sample responses
2017-08-02 18:28:58 -04:00
Jeff Mitchell cefa70c8a3 Have sys health api always return even in an error case (#3087)
* Have sys health api always return even in an error case, which HTTP API docs say it should

* Use specific return codes to bypass automatic error handling
2017-08-02 10:01:40 -04:00
Jeff Mitchell d0f329e124 Add leader cluster address to status/leader output. (#3061)
* Add leader cluster address to status/leader output. This helps in
identifying a particular node when all share the same redirect address.

Fixes #3042
2017-07-31 18:25:27 -04:00
Jeff Mitchell 1bfc6d4fe7 Add a -dev-three-node option for devs. (#3081) 2017-07-31 11:28:06 -04:00
Chris Hoffman 5cb87e26ef moving client calls to new endpoint (#2867) 2017-07-25 11:58:33 -04:00
Calvin Leung Huang bb54e9c131 Backend plugin system (#2874)
* Add backend plugin changes

* Fix totp backend plugin tests

* Fix logical/plugin InvalidateKey test

* Fix plugin catalog CRUD test, fix NoopBackend

* Clean up commented code block

* Fix system backend mount test

* Set plugin_name to omitempty, fix handleMountTable config parsing

* Clean up comments, keep shim connections alive until cleanup

* Include pluginClient, disallow LookupPlugin call from within a plugin

* Add wrapper around backendPluginClient for proper cleanup

* Add logger shim tests

* Add logger, storage, and system shim tests

* Use pointer receivers for system view shim

* Use plugin name if no path is provided on mount

* Enable plugins for auth backends

* Add backend type attribute, move builtin/plugin/package

* Fix merge conflict

* Fix missing plugin name in mount config

* Add integration tests on enabling auth backend plugins

* Remove dependency cycle on mock-plugin

* Add passthrough backend plugin, use logical.BackendType to determine lease generation

* Remove vault package dependency on passthrough package

* Add basic impl test for passthrough plugin

* Incorporate feedback; set b.backend after shims creation on backendPluginServer

* Fix totp plugin test

* Add plugin backends docs

* Fix tests

* Fix builtin/plugin tests

* Remove flatten from PluginRunner fields

* Move mock plugin to logical/plugin, remove totp and passthrough plugins

* Move pluginMap into newPluginClient

* Do not create storage RPC connection on HandleRequest and HandleExistenceCheck

* Change shim logger's Fatal to no-op

* Change BackendType to uint32, match UX backend types

* Change framework.Backend Setup signature

* Add Setup func to logical.Backend interface

* Move OptionallyEnableMlock call into plugin.Serve, update docs and comments

* Remove commented var in plugin package

* RegisterLicense on logical.Backend interface (#3017)

* Add RegisterLicense to logical.Backend interface

* Update RegisterLicense to use callback func on framework.Backend

* Refactor framework.Backend.RegisterLicense

* plugin: Prevent plugin.SystemViewClient.ResponseWrapData from getting JWTs

* plugin: Revert BackendType to remove TypePassthrough and related references

* Fix typo in plugin backends docs
2017-07-20 13:28:40 -04:00
Gobin Sougrakpam 2ddbc4a939 Adding option to set custom vault client timeout using env variable VAULT_CLIENT_TIMEOUT (#3022) 2017-07-18 09:48:31 -04:00
Seth Vargo c77986d03e
Do not double-convert to seconds 2017-07-11 16:06:50 -07:00
Seth Vargo cfad705ddc Fix typo 2017-07-10 22:26:42 -07:00
Chris Hoffman 8fee1ec31d updating for TestCluster changes 2017-07-10 20:47:03 -07:00
Seth Vargo 725e0e5b73
Fix doc 2017-07-07 17:15:43 -04:00
Seth Vargo 8da29a5a23
Use the core client 2017-07-07 17:14:49 -04:00
Seth Vargo 994cf1db5c
Fix failing test 2017-07-07 17:14:49 -04:00