Commit graph

6750 commits

Author SHA1 Message Date
Jeff Mitchell f7ac55efc9 Bump go-plugin dep 2017-08-16 11:41:06 -04:00
Jeff Mitchell 4dc55474e6 Remove erroneous flag from hmac docs 2017-08-16 11:27:39 -04:00
Jeff Mitchell c34a5b2e93 * Add ability to specify a plugin dir in dev mode (#3184)
* Change (with backwards compatibility) sha_256 to sha256 for plugin
registration
2017-08-16 11:17:50 -04:00
Jeff Mitchell c5918ff79b Add gcp auth backend (#3183) 2017-08-16 10:31:34 -04:00
Calvin Leung Huang f4dbc796f2 changelog++ 2017-08-15 22:21:42 -04:00
Calvin Leung Huang 86ea7e945d Add plugin auto-reload capability (#3171)
* Add automatic plugin reload

* Refactor builtin/backend

* Remove plugin reload at the core level

* Refactor plugin tests

* Add auto-reload test case

* Change backend to use sync.RWMutex, fix dangling test plugin processes

* Add a canary to plugin backends to avoid reloading many times (#3174)

* Call setupPluginCatalog before mount-related operations in postUnseal

* Don't create multiple system backends since core only holds a reference (#3176)

to one.
2017-08-15 22:10:32 -04:00
Jeff Mitchell 102848b30a changelog++ 2017-08-15 22:07:39 -04:00
Jeff Mitchell 87be043a05 changelog++ 2017-08-15 22:05:40 -04:00
emily 31a994e452 Initial GCP auth backend documentation (#3167) 2017-08-15 22:03:04 -04:00
Jeff Mitchell 0c2c078e48 Add PingID MFA docs (#3182) 2017-08-15 22:01:34 -04:00
Jeff Mitchell 7fe115fcf6 changelog++ 2017-08-15 21:48:33 -04:00
Jeff Mitchell fed9d8a2ab changelog++ 2017-08-15 21:28:58 -04:00
Jeff Mitchell 83cd8cd26a Add the ability to use root credentials for AWS IAM authentication. (#3181)
Partial fix for #3179
2017-08-15 21:26:16 -04:00
Seth Vargo f8922bf674 Update help output (spaces instead of tabs) (#3178) 2017-08-15 21:21:30 -04:00
Brian Kassouf 89b81bcb4c Oracle plugin docs (#3131)
* Add oracle database docs

* Add oracle database docs

* Fix commas in json output

* Update oracle.html.md
2017-08-15 17:24:01 -07:00
Seth Vargo c1e6e0bdf2 Use SSHPASS envvar instead of -p for sshpass (#3177)
From the sshpass manpage:

> The -p option should be considered the least secure of all of sshpass's options. All system users can see the password in the command line with a simple "ps" command. Sshpass makes a minimal attempt to hide the password, but such attempts are doomed to create race conditions without actually solving the problem. Users of sshpass are encouraged to use one of the other password passing techniques, which are all more secure.

This PR changes the sshpass behavior to execute a subprocess with the
SSHPASS envvar (which is generally regarded as more secure) than using
the -p option.
2017-08-15 19:43:39 -04:00
Jeff Mitchell 48bf1d6edc Add core sealing to test cluster shutdown 2017-08-15 17:06:38 -04:00
Jeff Mitchell e30b1057df changelog++ 2017-08-15 16:45:02 -04:00
Jeff Mitchell c864c0bad5 Return 500 if existence check fails, not 400 (#3173)
Fixes #3162
2017-08-15 16:44:16 -04:00
Jeff Mitchell aa4e4b90ff changelog++ 2017-08-15 16:17:42 -04:00
Jeff Mitchell 340fe4e609 Add permitted dns domains to pki (#3164) 2017-08-15 16:10:36 -04:00
Jeff Mitchell 64f9b9f43b Bump go-plugin version 2017-08-15 16:06:56 -04:00
Jeff Mitchell f154a244c8 changelog++ 2017-08-15 14:01:42 -04:00
Jeff Mitchell e4eb6e9020 Make PKI root generation idempotent-ish and add delete endpoint. (#3165) 2017-08-15 14:00:40 -04:00
vishalnayak 8902240dfa Added persona to logical auth 2017-08-15 13:55:58 -04:00
Calvin Leung Huang b023d46cb8 Direct plugin logs through vault's logger (#3142)
* Direct plugin logs through vault's logger

* Pass in a logger in testConfig
2017-08-15 10:16:48 -04:00
Andy Manoske bc7d77c83f Update index.html.md
Updated replication docs for DR
2017-08-14 19:02:02 -07:00
Johan Haals d25bc60feb Update libraries (#3160)
* Remove vault-java which has better alternatives.
* Add ansible-vault, a zero dependency
[lookup-plugin](http://docs.ansible.com/ansible/latest/playbooks_lookups.html) for ansible
2017-08-14 20:28:11 -04:00
Jeff Mitchell 96ef7304db changelog++ 2017-08-14 20:16:36 -04:00
Jeff Mitchell a133286609 Switch policies in AppRole to TypeCommaStringSlice (#3163) 2017-08-14 20:15:51 -04:00
Jeff Mitchell 035d37cd36 Fix hanadb link 2017-08-14 13:04:26 -04:00
Jeff Mitchell 3f76dcbb5d changelog++ 2017-08-14 12:44:44 -04:00
Jeff Mitchell cca327feae Only use specified HTTP client for AWS creds if one is passed in. (#3161)
Probably fixes #3159
2017-08-14 12:43:11 -04:00
vishalnayak 09d0a894d7 docs: Fix the default value for 'generate_signing_key' 2017-08-14 12:39:11 -04:00
Tony Cai 07160ed814 Add missing link to sidebar menu (#3153)
* Add missing link to sidebar menu

* Add missing link to sidebar menu
2017-08-14 12:33:47 -04:00
Jeff Mitchell ce73c26b0d Add note about turning off core dumps into production hardening guide 2017-08-14 12:29:54 -04:00
Lucas Vasconcelos Santana ea2d4c7d55 add scheme to the redirect_addr example 2017-08-14 10:59:44 -04:00
Lucas Vasconcelos Santana 914fab79ce add scheme to the redirect_addr example 2017-08-14 10:59:44 -04:00
Seth Vargo 8ee362744b Break SSH types into their own pages (#3157)
@jefferai and I discussed this on Friday. With three fully-documented
SSH backends, the page is lengthy, ungreppable, and intimidating. This
commit separates the SSH backends into their own pages with as little
text changes as possible.
2017-08-14 10:49:41 -04:00
Seth Vargo 0274a0f639 Rename database plugins for SEO (#3156)
When we "nest" like this, it's important to use a common suffix,
"Database Secret Backend" in this case, so that the SEO minions can
properly group search results for end users.
2017-08-14 10:46:39 -04:00
Tony Cai 1b6991c8f3 Removed unused parameter from docs (#3152)
According to #3116, it seems like this parameter isn't used. I couldn't trigger any differences by playing around with transit signing function, and could not find anything in the source code that actually parses this param. Presumably, it is unused?
2017-08-11 20:57:06 -04:00
Jeff Mitchell 75bc43e961 Update github comment 2017-08-11 17:03:18 -04:00
Jeff Mitchell d477b9455e Fix broken url in replication performance docs 2017-08-11 16:03:05 -04:00
Brian Kassouf a023ab5152 Fix MySQL legacy username regression (#3141)
* Fix the mysql legacy username length

* Remove boolean parameter

* Add a MySQL 5.6 container to test the legacy MySQL plugin against

* Add database plugins to the make file

* Fix credsutil test
2017-08-10 18:28:18 -07:00
Seth Vargo d931a2fa85 Remove references to VSI (#3143)
Andy approved
2017-08-10 20:47:59 -04:00
Issac 07dc10cdc8 Add TLS config to skeleton plugin (#3137) 2017-08-09 11:41:17 -07:00
vishalnayak c88db7b185 docs: Add API section for MFA docs 2017-08-09 13:26:29 -04:00
vishalnayak 0a0e697e05 docs: fix broken link 2017-08-09 13:17:56 -04:00
vishalnayak 254c1b6ae0 docs: Added identity concepts 2017-08-09 13:08:05 -04:00
vishalnayak 9844475b64 docs: Add X-Vault-MFA to the list of env vars 2017-08-09 11:31:30 -04:00