Commit graph

5942 commits

Author SHA1 Message Date
Jeff Mitchell 9095e202d7 Update vendoring 2017-06-05 10:51:53 -04:00
Mevan Samaratunga 731a7f187f fixed bug where the project name was not being read from configuration if it was provided via the "tenant" attribute. this was causing the swift client to crash with an EOF error. (#2803) 2017-06-05 10:48:39 -04:00
Jeff Mitchell 898d3f12fe changelog++ 2017-06-05 10:06:12 -04:00
Jeff Mitchell 8f2ba268a0 Fix instantiation of salt funcs in app-id structs 2017-06-05 10:04:54 -04:00
Jeff Mitchell 357200763e changelog++ 2017-06-03 08:17:02 -04:00
Eugene Bekker b55d972d24 Fixes #2789 (#2790) 2017-06-03 08:15:37 -04:00
Jeff Mitchell dad291c93c Add plugin_directory to configuration page (#2801)
Fixes #2795
2017-06-03 08:11:03 -04:00
Dan Stark 9f6b77598e Fixes typos in error message and comment for AWS auth CLI (#2798) 2017-06-02 17:35:25 -07:00
Brian Kassouf 74931c750f changelog++ 2017-06-01 15:24:27 -07:00
Igor Katson 88118dce0f Add max_parallel parameter to MySQL backend. (#2760)
* Add max_parallel parameter to MySQL backend.

This limits the number of concurrent connections, so that vault does not die
suddenly from "Too many connections".

This can happen when e.g. vault starts up, and tries to load all the
existing leases in parallel. At the time of writing this, the value
ExpirationRestoreWorkerCount in vault/helper/consts/const.go is set to
64, meaning that if there are enough leases in the vault's DB, it will
generate AT LEAST 64 concurrent connections to MySQL when loading the
data during start-up. On certain configurations, e.g. smaller AWS
RDS/Aurora instances, this will cause Vault to fail startup.

* Fix a typo in mysql storage readme
2017-06-01 15:20:32 -07:00
vishalnayak 7550b79ce8 Fix policy tests 2017-06-01 17:22:34 -04:00
Andrew Paulin 776019963b Support custom renewal statements in Postgres (#2788)
* Support custom renewal statements in Postgres

* Refactored out default/custom renew methods
2017-06-01 13:18:16 -07:00
Chris Hoffman 2ba85b49c7 Adding auth/aws-ec2 redirect to new docs location 2017-06-01 11:18:19 -04:00
Jeff Mitchell 9319307398 Add govendor to bootstrap 2017-06-01 10:18:48 -04:00
Matthew Irish 5fb495c8bf changelog ++ 2017-05-31 13:41:34 -05:00
Vishal Nayak 128907172f doc: leases are generated only for dynamic secrets (#2772)
* doc: leases are generated only for dynamic secrets

* Address review feedback
2017-05-31 09:47:17 -04:00
Jeff Mitchell 1a8b760790 Bump Go version in cross Dockerfile 2017-05-30 14:33:56 -04:00
Jeff Mitchell 88c0367fa6 Add grpc keepalives as a fallback option for our heartbeating 2017-05-26 13:32:13 -04:00
Vishal Nayak 3696c9b779 Input checks for policy rules (#2771)
* Input checks for policy rules

* Address review feedback
2017-05-26 10:48:41 -04:00
vishalnayak cac8d34d41 changelog++ 2017-05-26 08:40:22 -04:00
Andrew e33e489eee Improve EC2 describe instances performance (#2766)
Query the EC2 API for the instance ID rather than filter the results of
all instances.
2017-05-26 08:38:01 -04:00
Jeff Mitchell 435f1def27 Have step-down request forward.
Unlike seal, this command has no meaning other than on the active node,
so when issuing it the expected behavior would be for whichever node is
currently active to step down.
2017-05-25 11:57:59 -04:00
vishalnayak 5957d9889d changelog++ 2017-05-25 11:00:20 -04:00
Vishal Nayak 3c968260a8 Cert verification for non-CA certs (#2761)
* Cert verification for non-CA certs

* Added test case to ensure login fails with expired non-CA cert

* Address review feedback
2017-05-25 10:49:09 -04:00
Jeff Mitchell 72a5b5e23b Fix tests 2017-05-25 09:00:49 -04:00
Jeff Mitchell df33f70df4 Heartbeat immediately upon connection 2017-05-24 21:45:51 -04:00
Jeff Mitchell ee27dfc37a Finish dep update 2017-05-24 21:16:17 -04:00
Jeff Mitchell 3d7db4248f Rename peer cluster cache 2017-05-24 21:10:32 -04:00
Jeff Mitchell 948af0a12b Bump grpc after they fixed their panic 2017-05-24 21:07:45 -04:00
Jeff Mitchell 5c230c796b Add peer cluster address cache 2017-05-24 20:51:53 -04:00
Jeff Mitchell bbe27aaedf Add heartbeating and cluster address sharing to request forwarding (#2762) 2017-05-24 15:06:56 -04:00
Jeff Mitchell 9807f77bb8 Fix brokenness from Consul API updates 2017-05-24 11:10:59 -04:00
Jeff Mitchell 9d4801b1e8 Revert grpc back a version (they introduced a panic) and clean up a bunch of old request forwarding stuff 2017-05-24 10:38:48 -04:00
Jeff Mitchell af0d347766 Revert azure vendor updates 2017-05-24 10:12:06 -04:00
Jeff Mitchell 01e1754749 Bump deps 2017-05-24 09:40:58 -04:00
Jeff Mitchell 0d4e7fba69 Remove non-gRPC request forwarding 2017-05-24 09:34:59 -04:00
Jeff Mitchell 44c2ef9601 Bump version to 0.7.3-dev 2017-05-23 20:42:13 -04:00
Jeff Mitchell ca2bfe25c6 changelog++ 2017-05-23 20:41:40 -04:00
Jeff Mitchell 9f681ea4cf Use auth-saved cert name during renewals to avoid a panic. (#2755) 2017-05-23 20:41:01 -04:00
Jeff Mitchell 7cc72a9066 Delay salt initialization for audit backends 2017-05-23 20:36:20 -04:00
Jeff Mitchell 4693881fe9 Update some path-help in datakey 2017-05-23 10:04:32 -04:00
Vishal Nayak 58b68dc35e doc: PKI API table of contents (#2756)
* Add a table of contents for api/secret/pki

* Fix the read certificate link
2017-05-23 09:19:47 -04:00
Ryon 7d4fb9c8e4 Update news section with March 22 webinar video (#2663) 2017-05-22 20:19:52 -04:00
Michael Ansel 03dbe3f175 Ignore go-zookeeper lock children (#2724) 2017-05-22 13:23:28 -04:00
Jeff Mitchell 6a39ccc8d6 Remove comment about a non-existent validation section
Fixes #2524
2017-05-22 12:37:51 -04:00
vishalnayak 1a20ded897 changelog++ 2017-05-21 20:17:29 -04:00
Vishal Nayak 2557693aa3 Added host key call back for ssh config (#2752) 2017-05-21 20:16:13 -04:00
vishalnayak 9bbeff3f44 doc: Fix the sample input value for cache_size 2017-05-19 12:32:44 -04:00
emily aa40d2cff6 add gofmt checks to Vault and format existing code (#2745) 2017-05-19 08:34:17 -04:00
sprohaska 90be96989a logical/aws: Fix typo in warning message (#2747)
Signed-off-by: Steffen Prohaska <prohaska@zib.de>
2017-05-19 06:20:54 -04:00