Commit graph

6242 commits

Author SHA1 Message Date
Gobin Sougrakpam 8e01c994bf tls_client_ca_file option for verifying client (#3034) 2017-08-03 07:33:06 -04:00
Jeff Mitchell d2410e3399 gofmt 2017-08-02 19:38:35 -04:00
Lars Lehtonen 71ffa3429f Handle dropped checkok pattern in mysql package (#3082) 2017-08-02 19:34:58 -04:00
Jeff Mitchell 49e75fbd4d changelog++ 2017-08-02 19:20:16 -04:00
nrhall-deshaw 888e1e3859 Add SRV record functionality for client side host/port discovery of Vault (#3035)
* added SRV record functionality for client side port discovery of Vault

* Add a check on returned address length
2017-08-02 19:19:06 -04:00
Calvin Leung Huang db9d9e6415 Store original request path in WrapInfo (#3100)
* Store original request path in WrapInfo as CreationPath

* Add wrapping_token_creation_path to CLI output

* Add CreationPath to AuditResponseWrapInfo

* Fix tests

* Add and fix tests, update API docs with new sample responses
2017-08-02 18:28:58 -04:00
Jeff Mitchell ec8e05c52c changelog++ 2017-08-02 18:28:41 -04:00
Jeff Mitchell 4102294008 changelog++ 2017-08-02 18:26:16 -04:00
Jeff Mitchell 7e3ff5e56c Add PROXY protocol support (#3098) 2017-08-02 18:24:12 -04:00
Jeff Mitchell 1d0c98257d Add more TypeDurationSecond conversions 2017-08-02 18:12:02 -04:00
Seth Vargo b45b378d49 Remove people from community section (#3099)
* Remove people from community section

This is going to be replaced with dynamic content from our CMS in the
future, but we agreed to remove it in the interim.

* Update deploy process
2017-08-02 17:57:19 -04:00
Tony Cai bd35cd2dfe Update vendored library go-hdb (#3097) 2017-08-02 12:53:45 -04:00
Minkyu Kim 68fd01e3fc Fix outdated documentation about AWS STS credentials (#3093) (#3094) 2017-08-02 11:18:35 -04:00
Chris Hoffman 77336f4ca2 adding warning for conflicting role and request parameters (#3083) 2017-08-02 10:02:40 -04:00
Jeff Mitchell cefa70c8a3 Have sys health api always return even in an error case (#3087)
* Have sys health api always return even in an error case, which HTTP API docs say it should

* Use specific return codes to bypass automatic error handling
2017-08-02 10:01:40 -04:00
Brian Kassouf e0713b307d Add Testing Interface to test helpers (#3091)
* Add testing interface

* Add vendored files
2017-08-01 11:07:08 -07:00
Jeff Mitchell d39d1b4003 Add some useful variable output to three node dev startup 2017-08-01 11:50:41 -04:00
Jeff Mitchell 1f36e2a846 Use 1-based indexing for unseal keys in three node dev cluster 2017-08-01 11:12:45 -04:00
Jay Crumb c775cac148 Fix typo in rekey documentation (#3039) 2017-08-01 10:27:06 -04:00
Jeff Mitchell 4885b3e502 Use RemoteCredProvider instead of EC2RoleProvider (#2983) 2017-07-31 18:27:16 -04:00
Jeff Mitchell d0f329e124 Add leader cluster address to status/leader output. (#3061)
* Add leader cluster address to status/leader output. This helps in
identifying a particular node when all share the same redirect address.

Fixes #3042
2017-07-31 18:25:27 -04:00
Jeff Mitchell 82a1a93c25 Add link to our security page to the issue template 2017-07-31 18:23:18 -04:00
Calvin Leung Huang 2ec7dcbb64 Add GitHub template (#3032) 2017-07-31 18:21:28 -04:00
Jeff Mitchell 2b05ab962c Use certIPs in all test certs, not just CA 2017-07-31 17:35:51 -04:00
Brian Rodgers d8e47e6f79 docs: Added text to clarify that root does not refer to AWS root creds (#2950) 2017-07-31 17:31:44 -04:00
Calvin Leung Huang 54dd6967d8 Default mock-plugin type to logical.TypeLogical on Factory func 2017-07-31 16:20:52 -04:00
Jeff Mitchell fbf6fb423c changelog++ 2017-07-31 16:18:20 -04:00
Jeff Mitchell a9b1d699d0 Make sys/wrapping/lookup unauthenticated. (#3084)
We still perform validation on the token, so if the call makes it
through to this endpoint it's got a valid token (either explicitly
specified in data or as the request token). But this allows
introspection for sanity/safety checking without revoking the token in
the process.
2017-07-31 16:16:16 -04:00
Jeff Mitchell 5074ccb9f3 Fix up tests 2017-07-31 15:31:44 -04:00
Jeff Mitchell 474f008b2d Clean up plugin tests with CA info 2017-07-31 15:09:19 -04:00
Jeff Mitchell 1b603b8e22 Validate opts is not nil in NewTestCluster 2017-07-31 12:13:29 -04:00
Jeff Mitchell 1bfc6d4fe7 Add a -dev-three-node option for devs. (#3081) 2017-07-31 11:28:06 -04:00
Calvin Leung Huang 3e8aecc7d5 Add BackendType to existing backends (#3078) 2017-07-28 14:04:46 -04:00
Jeff Mitchell 45fd7dad60 Add note about ed25519 hashing to docs and path help.
Fixes #3074
Closes #3076
2017-07-28 09:30:27 -04:00
Chris Hoffman e67d165185 changelog++ 2017-07-28 07:25:12 -04:00
Chris Hoffman ef8add724b changelog++ 2017-07-28 07:23:57 -04:00
Chris Hoffman d375f231d5 initialize the metadata map to fix panic (#3075) 2017-07-28 07:18:26 -04:00
Chris Hoffman 94ed9bf7e7 Merge pull request #3072 from hashicorp/req-forwarding-recover
Recover from panics during request forwarding
2017-07-27 21:55:41 -04:00
Chris Hoffman d404dfc494 fixing recovery from x/golang/crypto panics 2017-07-27 21:00:31 -04:00
Jeff Mitchell 1770191e1b Try to fix travis timing out errors 2017-07-27 12:35:45 -04:00
Vishal Nayak f6b03e8b1b Adding logical/identity.go to OSS (#3054) 2017-07-27 11:56:32 -04:00
Jeff Mitchell 935b6d7b5c Fix error message formatting and response body 2017-07-27 11:44:56 -04:00
Jeff Mitchell 0a2ac3160d Recover during a request forward.
gRPC doesn't have a handler for recovering from a panic like a normal
HTTP request so a panic will actually kill Vault's listener. This
basically copies the net/http logic for managing this.

The SSH-specific logic is removed here as the underlying issue is caused
by the request forwarding mechanism.
2017-07-27 11:44:56 -04:00
Chris Hoffman a3b5e18da0 adding filtered mount docs (#3059) 2017-07-27 09:28:52 -04:00
Jeff Mitchell 8519b3e8ed Make logical.InmemStorage standalone (#3066) 2017-07-26 17:59:14 -04:00
Xiang Li d61a47a01c physical: format fixes (#3062) 2017-07-26 17:51:58 -04:00
Brian Kassouf 1a3b6facf0 Add docs for DR Replication (#3067)
* Add docs for DR Replication

* Fix up docs
2017-07-26 13:47:41 -07:00
Jonathan Duncan 8e9f54fc70 Updated policy format to use capabilities keyword (#3063)
The `policy` key name is deprecated and has been replaced with `capabilities`.
2017-07-26 14:05:11 -04:00
Calvin Leung Huang 40c1c93937 Fix gob register issue when using tls certs on plugins (#3060) 2017-07-26 13:44:07 -04:00
Jeff Mitchell ba9bd5a2c7 Bump timeout in testrace to match that of test to stop Travis errorring. 2017-07-26 13:03:04 -04:00