Commit graph

11534 commits

Author SHA1 Message Date
Clint 80382d52d4
Transit: error when restoring to a name that looks like a path (#7998)
* Add test to verify #7663

* Validate name in transit key restore to not be a path
2019-12-11 09:32:22 -06:00
ncabatoff fde5e55ce9
Handle otherName SANs in CSRs (#6163)
If a CSR contains a SAN of type otherName, encoded in UTF-8, and the signing role specifies use_csr_sans, the otherName SAN will be included in the signed cert's SAN extension.

Allow single star in allowed_other_sans to match any OtherName.  Update documentation to clarify globbing behaviour.
2019-12-11 10:16:44 -05:00
Becca Petrin 535e88a629
Add an sts_region parameter to the AWS auth engine's client config (#7922) 2019-12-10 16:02:04 -08:00
Calvin Leung Huang 875e0f490a
changelog++ 2019-12-10 10:53:41 -08:00
Calvin Leung Huang 7727c8b913
plugin: fix panic on router.MatchingSystemView if backend is nil (#7991)
* plugin: fix panic on router.MatchingSystemView if backend is nil

* correctly determine the plugin binary file in the directory

* docs: simplify plugin file removal
2019-12-10 10:48:30 -08:00
Calvin Leung Huang 60a054a5eb
docs: add section on upgrading plugins (#7984)
* docs: add section on upgrading plugins

* docs: move plugin upgrade to its own guides page

* docs: reword step 4

* docs: add page to sidebar
2019-12-10 10:15:01 -08:00
Clint 899277d216 revert a change introduced 13dbb3aac (#7979) 2019-12-07 18:01:11 -08:00
Jeff Mitchell bd9f19b15c changelog++ 2019-12-06 16:17:22 -05:00
Steve Wills 7181da1ec1 Fix UI build in fresh repo (#7865)
Fixes #7863
2019-12-06 12:58:40 -06:00
Chris Hoffman e41e2c4b41
changelog++ 2019-12-06 12:24:03 -05:00
Chris Hoffman af7d83e164
changelog++ 2019-12-06 12:18:26 -05:00
Mike Jarmy e42bc0ffc0
Introduce optional service_registration stanza (#7887)
* move ServiceDiscovery into methods

* add ServiceDiscoveryFactory

* add serviceDiscovery field to vault.Core

* refactor ConsulServiceDiscovery into separate struct

* cleanup

* revert accidental change to go.mod

* cleanup

* get rid of un-needed struct tags in vault.CoreConfig

* add service_discovery parser

* add ServiceDiscovery to config

* cleanup

* cleanup

* add test for ConfigServiceDiscovery to Core

* unit testing for config service_discovery stanza

* cleanup

* get rid of un-needed redirect_addr stuff in service_discovery stanza

* improve test suite

* cleanup

* clean up test a bit

* create docs for service_discovery

* check if service_discovery is configured, but storage does not support HA

* tinker with test

* tinker with test

* tweak docs

* move ServiceDiscovery into its own package

* tweak a variable name

* fix comment

* rename service_discovery to service_registration

* tweak service_registration config

* Revert "tweak service_registration config"

This reverts commit 5509920a8ab4c5a216468f262fc07c98121dce35.

* simplify naming

* refactor into ./serviceregistration/consul
2019-12-06 09:46:39 -05:00
Jason O'Donnell 854d00c609 Add int64 pointerutil (#7973) 2019-12-05 14:02:36 -08:00
Chris Hoffman ea0974b578
if storing the certificate, always generate/sign the certificate on the primary (#7904) 2019-12-05 13:50:28 -05:00
Jim Kalafut 06b064474b
changelog++ 2019-12-04 06:21:46 -08:00
Jim Kalafut 5d5c1374d2
Fix S3 configurable path handling (#7966)
Also remove some incorrect skipping of the S3 test.

Fixes #7362
2019-12-04 06:18:45 -08:00
Steve Gore f991b92dc3 Fix "does not exists" grammar (#7950)
* Fix "does not exists" grammar

* Fix "does not exists" grammar

* Revert vendor and go.mod
2019-12-03 16:25:09 -06:00
Clint 4766ee9d97
Update CHANGELOG.md 2019-12-03 15:50:38 -06:00
Colton J. McCurdy e4c909fa3e physical/posgresql: add ability to prefer VAULT_PG_CONNECTION_URL envar over config file (#7937)
* physical/posgresql: add ability to use CONNECTION_URL environment variable instead of requiring it to be configured in the Vault config file.

Signed-off-by: Colton McCurdy <mccurdyc22@gmail.com>

* storage/postgresql: update configuration documentation for postgresql storage backend to include connection_url configuration via the PG_CONNECTION_URL environment variable

Signed-off-by: Colton McCurdy <mccurdyc22@gmail.com>

* physical/postgresql: add a configuration file and tests for getting the connection_url from the config file or environment

Signed-off-by: Colton McCurdy <mccurdyc22@gmail.com>

* physical/postgresql: update postgresql backend to pull the required connection_url from the PG_CONNECTION_URL environment variable if it exists, otherwise, fallback to using the config file

Signed-off-by: Colton McCurdy <mccurdyc22@gmail.com>

* physical/postgresql: remove configure*.go files and prefer the postgresql*.go files

Signed-off-by: Colton McCurdy <mccurdyc22@gmail.com>

* physical/postgresql: move and simplify connectionURL function

Signed-off-by: Colton McCurdy <mccurdyc22@gmail.com>

* physical/postgresql: update connectionURL test to use an unordered map instead of slice to avoid test flakiness

Signed-off-by: Colton McCurdy <mccurdyc22@gmail.com>

* physical/postgresql: update config env to be prefixed with VAULT_ - VAULT_PG_CONNECTION_URL

Signed-off-by: Colton McCurdy <mccurdyc22@gmail.com>

* docs/web: update postgresql backend docs to use updated, VAULT_ prefixed config env

Signed-off-by: Colton McCurdy <mccurdyc22@gmail.com>
2019-12-03 15:48:38 -06:00
Jim Kalafut ce715ecbb5
changelog++ 2019-12-02 14:48:10 -08:00
Clint 72944892c2
physical/postgresql: Refactor test code to avoid panic if tests ran multiple times (#7939)
* refactor test code to avoid panic if tests ran multiple times

* cleanup: don't actually send just close

* move comment to a better location

* move error check to a more obvious spot

* Revert "move error check to a more obvious spot"

Reverting because methods like this should only be called on the main
goroutine running the test:

- https://golang.org/pkg/testing/#T

This reverts commit db7641948317785bff15b3d9dbe6fb18a2d19c2c.
2019-12-02 15:05:02 -06:00
Jason O'Donnell a988d0367d
doc: update helm doc to include init/unseal (#7955)
* doc: update helm doc to include init/unseal

* Update website/source/docs/platform/k8s/run.html.md

Co-Authored-By: Clint <catsby@users.noreply.github.com>

* Update website/source/docs/platform/k8s/run.html.md

Co-Authored-By: Clint <catsby@users.noreply.github.com>

* Clarify vault helm default note
2019-12-02 15:51:51 -05:00
Brian Shumate 404b064cce Docs: Update Telemetry (#7959)
- Add wal_loadWAL metric
- Create section for Merkle Tree and WAL metrics
- Remove trailing spaces
2019-12-02 10:55:59 -08:00
Clint 54a8b20875 Remove response code info from non-overview API docs (contd) (#7940)
Continues https://github.com/hashicorp/vault/pull/6459 and cleans up
some spots that should have been deleted, but due to markdown
formatting, weren't rendering anyway.

> Remove response code info from non-overview API docs as it can be
> misinterpreted and is always the same anyways.
2019-12-02 10:07:46 -08:00
Peter Souter 46891998cc Adds new Entropy Augmentation feature (#7935) 2019-12-02 10:04:05 -08:00
Lars Lehtonen 019fbe4b9c vault: fix dropped error in TestTokenStore_HandleRequest_CreateToken_NotAllowedEntityAlias(). (#7934) 2019-12-02 10:03:24 -08:00
Michel Vocks 4221091de8
Docs: Add enable_hostname_label (#7956) 2019-12-02 17:51:02 +01:00
Anoop Vijayan Maniankara 014791c032 Typo fix, getting started guide link (#7954)
The url does not exist, the correct one is updated.
install.html -> index.html
2019-12-02 09:43:15 +01:00
Michel Vocks beeec81df7
Add enable_hostname_label option to telementry stanza (#7902) 2019-12-02 09:26:46 +01:00
catsby 66bb372fca
fix website formatting 2019-11-26 17:02:10 -06:00
Yong Wen Chua e17f82dec1 Add new fields to K8S Auth Documentation (#7509)
- Added in https://github.com/hashicorp/vault-plugin-auth-kubernetes/pull/70
2019-11-26 16:48:30 -06:00
Andrea Scarpino d9ef12e5f0 Fix typo in the documentation (#7938) 2019-11-26 15:57:51 -06:00
Calvin Leung Huang b8daaa8ce0
agent/template: give more time for test to poll on directory before f… (#7872)
* agent/template: give more time for test to poll on directory before failing

* refactor timeout bit
2019-11-25 09:07:38 -08:00
Calvin Leung Huang 7f8b892534
command: fix namespace list help text (#7890) 2019-11-25 08:57:32 -08:00
Brian Shumate f8457d4d55 Docs: Secrets engines: KMIP (#7932)
- Streamline flow of introductory paragraph
- Grammar edits
- Remove trailing space
2019-11-25 11:56:08 -05:00
RJ Spiker 1065672b2f bump global-styles to ^2.0.3 (#7838) 2019-11-22 15:38:25 -06:00
Noelle Daley c72f3e3383
Update CHANGELOG.md 2019-11-22 11:15:34 -08:00
Noelle Daley 3bd7e184a0
store secret key and value as an object to fix copy/show secret bug (#7926) 2019-11-22 11:12:33 -08:00
Clint e363c3809d
link to template docs from Agent docs (#7876)
* link to template docs from Agent docs

* fix docs link

* fix metadata in template index page

* fix formatting that caused template index to render blank
2019-11-22 11:39:11 -06:00
Seth Vargo 4ac5764c4d Output human duration in TTL warnings (#7901) 2019-11-22 09:38:46 -08:00
Jeff Escalante 1c631dd3bb Removed "bundled with" in lockfile (#7921)
...to work around netlify build image bug
2019-11-21 16:22:35 -08:00
Calvin Leung Huang 360bc61163
changelog++ 2019-11-21 14:51:26 -08:00
Calvin Leung Huang ad6aaf9f8f
agent: add -exit-after-auth flag (#7920)
* agent: add -exit-after-auth flag

* use short timeout for tests to prevent long test runs on error

* revert sdk/go.mod
2019-11-21 14:46:15 -08:00
Brian Kassouf dbc0d75ad8
Update raft_test.go 2019-11-21 11:12:28 -08:00
Jim Kalafut 324c8732a3
changelog++ 2019-11-21 08:47:56 -08:00
Sam Salisbury 91078336dd ci: update to latest circleci-multi-file-config
- This loosens the ci-verify diff to ignore whitespace.
- See github.com/samsalisbury/circleci-multi-file-config@9dc5c1498202ea1ee8e395a2ddca66ab7f6a7bdb
2019-11-21 14:46:10 +00:00
Brian Kassouf 5cb6600e83
Remove unnecessary locking during heartbeating (#7877) 2019-11-20 17:24:49 -08:00
Calvin Leung Huang afa9510835 tests: eliminate flakiness on TestRecovery (#7897) 2019-11-20 20:21:34 -05:00
Calvin Leung Huang ba38d6690a
changelog++ 2019-11-20 13:32:13 -08:00
Calvin Leung Huang 6550b9969c
docs: add request_timeout to config docs for secrets/ad and auth/ldap backends (#7917) 2019-11-20 13:30:33 -08:00