Commit graph

194 commits

Author SHA1 Message Date
Jeff Mitchell 35906aaa6c
Add ChaCha20-Poly1305 support to transit (#3975) 2018-02-14 11:59:46 -05:00
Jeff Mitchell 936eb82604 Update Okta dep.
Fixes #3963
2018-02-14 09:38:46 -05:00
Jeff Mitchell 6f69a40ada Update triton version 2018-02-12 18:27:18 -05:00
Paul Stack 3c683dba92 Adding Manta Storage Backend (#3720)
This PR adds a new Storage Backend for Triton's Object Storage - Manta

```
make testacc TEST=./physical/manta
==> Checking that code complies with gofmt requirements...
==> Checking that build is using go version >= 1.9.1...
go generate
VAULT_ACC=1 go test -tags='vault' ./physical/manta -v  -timeout 45m
=== RUN   TestMantaBackend
--- PASS: TestMantaBackend (61.18s)
PASS
ok  	github.com/hashicorp/vault/physical/manta	61.210s
```

Manta behaves differently to how S3 works - it has no such concepts of Buckets - it is merely a filesystem style object store

Therefore, we have chosen the approach of when writing a secret `foo` it will actually map (on disk) as foo/.vault_value

The reason for this is because if we write the secret `foo/bar` and then try and Delete a key using the name `foo` then Manta
will complain that the folder is not empty because `foo/bar` exists. Therefore, `foo/bar` is written as `foo/bar/.vault_value`

The value of the key is *always* written to a directory tree of the name and put in a `.vault_value` file.
2018-02-12 18:22:41 -05:00
Jeff Mitchell 958afd4019 Bump deps 2018-02-10 19:29:52 -05:00
Jeff Mitchell 8655a1c135
Various PKI updates (#3953) 2018-02-10 10:07:10 -05:00
Jeff Mitchell 3297d3dc92 Update go-plugin 2018-02-06 13:31:13 -05:00
Jeff Mitchell fe6c19d623 Update zookeeper dep
Fixes #3896
2018-02-05 11:22:21 -05:00
Jeff Mitchell 98b479ab58 Bump deps 2018-01-26 18:51:00 -05:00
Jeff Mitchell 063f5a982b Sync plugins 2018-01-26 09:04:48 -05:00
Jeff Mitchell c6f35c3890 Update plugins 2018-01-24 23:24:16 -05:00
Jeff Mitchell 3cea1a4f37 Update go-plugin dep 2018-01-23 18:18:04 -05:00
Calvin Leung Huang 385140ee6b
Version protocol switch (#3833)
* Use version to determine plugin protocol to use

* Remove field from ServeOpts

* Fix missing assignment, handle errors

* contraint -> constraint

* Inject the version string from the vault side

* Fix the version check

* Add grpc support check to database plugins

* Default to use grpc unless missing env var or fail on contraint check

* Add GRPCSupport test

* Add greater than test case

* Add go-version dep
2018-01-23 17:29:26 -05:00
Jeff Mitchell e5e4307713 Add centrify plugin as builtin 2018-01-19 06:03:33 -05:00
Jeff Mitchell ffe3ae9118 Add gcp and kubernetes back now that they're updated 2018-01-19 05:56:34 -05:00
Brian Kassouf 2f19de0305 Add context to storage backends and wire it through a lot of places (#3817) 2018-01-19 01:44:44 -05:00
Jeff Mitchell 85ceb198b8 bump go-plugin 2018-01-18 16:58:03 -05:00
Brian Kassouf 7050c1ca41
gRPC Backend Plugins (#3808)
* Add grpc plugins

* Add grpc plugins

* Translate wrap info to/from proto

* Add nil checks

* Fix nil marshaling errors

* Provide logging through the go-plugin logger

* handle errors in the messages

* Update the TLS config so bidirectional connections work

* Add connectivity checks

* Restart plugin and add timeouts where context is not availible

* Add the response wrap data into the grpc system implementation

* Add leaseoptions to pb.Auth

* Add an error translator

* Add tests for translating the proto objects

* Fix rename of function

* Add tracing to plugins for easier debugging

* Handle plugin crashes with the go-plugin context

* Add test for grpcStorage

* Add tests for backend and system

* Bump go-plugin for GRPCBroker

* Remove RegisterLicense

* Add casing translations for new proto messages

* Use doneCtx in grpcClient

* Use doneCtx in grpcClient

* s/shutdown/shut down/
2018-01-18 13:49:20 -08:00
Jeff Mitchell 3dc9967460 Sync in latest go-plugin 2018-01-17 11:57:24 -05:00
Brian Kassouf 64da50c27c
Update plugin deps to include context changes (#3765)
* Update plugin deps to include context changes

* Fix tests
2018-01-08 12:26:13 -08:00
Jeff Mitchell a14ed7f48d Sync in plugin updates 2017-12-21 08:31:20 -05:00
Jeff Mitchell 77a7c52392
Merge branch 'master' into f-nomad 2017-12-18 12:23:39 -05:00
Jeff Mitchell edab61c204 Pull in new go-cleanhttp to fix data race 2017-12-18 09:40:22 -05:00
Calvin Leung Huang 685b4a27e4 Use cleanhttp.PrintablePathCheckHandler to handle non-printable chara… (#3697) 2017-12-15 20:19:37 -05:00
Jeff Mitchell b478ba8bac
Merge branch 'master' into f-nomad 2017-12-14 16:44:28 -05:00
Jeff Mitchell d70db5df9b
Update go-ldap with our patch for control packets. (#3670)
Fixes #3656
Fixes #3625
Fixes #3402
2017-12-09 10:45:03 -05:00
Nicolas Corrarello a6d3119e3e
Pull master into f-nomad
Signed-off-by: Nicolas Corrarello <nicolas@corrarello.com>
2017-11-29 15:56:37 +00:00
Jeff Mitchell 07dfc1da27 Bump deps 2017-11-07 11:57:05 -05:00
Jeff Mitchell 85ea7363d4 Update gocql dep 2017-11-03 17:30:34 -04:00
Jeff Mitchell dc9d24c69c Update kube stuff 2017-10-27 16:12:14 -04:00
Jeff Mitchell 343d1714c1 Bump deps 2017-10-27 15:06:04 -04:00
Jeff Mitchell 6c9dd6ed6f Try out a radius fix (#3461) 2017-10-16 16:26:34 -04:00
Vishal Nayak f7ed6732a5 Porting identity store (#3419)
* porting identity to OSS

* changes that glue things together

* add testing bits

* wrapped entity id

* fix mount error

* some more changes to core

* fix storagepacker tests

* fix some more tests

* fix mount tests

* fix http mount tests

* audit changes for identity

* remove upgrade structs on the oss side

* added go-memdb to vendor
2017-10-11 10:21:20 -07:00
Vishal Nayak b46c42179e update deps (#3425)
Update deps for Kubernetes and GCP auth plugins
2017-10-04 22:59:12 -04:00
Chris Hoffman 484401689b fixing dependencies 2017-10-02 13:46:42 -04:00
Nicolas Corrarello 4fbf9253a2 Adding further nomad deps 2017-10-02 16:56:39 +01:00
Nicolas Corrarello 57fc8e11da Added nomad as dependency after include fix 2017-10-02 16:48:23 +01:00
Nicolas Corrarello d7f606d497 Adding vendor dependency 2017-09-29 14:39:24 +01:00
Brian Kassouf 9b0d594d02 Kubernetes auth (#3350)
* Import the kubernetes credential backend

* Add kubernetes docs

* Escape * characters

* Revert "Import the kubernetes credential backend"

This reverts commit f12627a9427bcde7e73cea41dea19d0922f94789.

* Update the vendored directory
2017-09-19 09:27:26 -05:00
Jeff Mitchell 18b193a519 more dep syncing 2017-09-15 21:47:22 -04:00
Jeff Mitchell 511b32b060 Update to new gcp-auth plugin 2017-09-15 15:35:34 -04:00
Jeff Mitchell edcf1722ba Bump deps 2017-09-15 12:44:57 -04:00
Chris Hoffman a2d2f1a543 Adding support for base_url for Okta api (#3316)
* Adding support for base_url for Okta api

* addressing feedback suggestions, bringing back optional group query

* updating docs

* cleaning up the login method

* clear out production flag if base_url is set

* docs updates

* docs updates
2017-09-15 00:27:45 -04:00
Calvin Leung Huang d5da85d154 Update vendored docker deps 2017-09-07 11:05:33 -04:00
Jeff Mitchell 0665badfdd Bump deps 2017-09-05 18:06:47 -04:00
Jeff Mitchell 3576aa73d9 Bump gcp plugin dep 2017-09-05 10:56:32 -04:00
Jeff Mitchell 4b6279a990 Bump hclog dep 2017-09-03 12:33:44 -04:00
Chris Hoffman 194491759d Updating Okta lib for credential backend (#3245)
* migrating to chrismalek/oktasdk-go Okta library

* updating path docs

* updating bool reference from config
2017-08-30 22:37:21 -04:00
Jeff Mitchell f7ac55efc9 Bump go-plugin dep 2017-08-16 11:41:06 -04:00
Jeff Mitchell c5918ff79b Add gcp auth backend (#3183) 2017-08-16 10:31:34 -04:00
Jeff Mitchell 64f9b9f43b Bump go-plugin version 2017-08-15 16:06:56 -04:00
Jeff Mitchell 353cf880be Sync go-plugin from upstream 2017-08-07 15:27:03 -04:00
Jeff Mitchell 1948c7a6db Update go-plugin to include go-hclog support 2017-08-05 15:34:57 -04:00
Jeff Mitchell 7e3ff5e56c Add PROXY protocol support (#3098) 2017-08-02 18:24:12 -04:00
Tony Cai bd35cd2dfe Update vendored library go-hdb (#3097) 2017-08-02 12:53:45 -04:00
Brian Kassouf e0713b307d Add Testing Interface to test helpers (#3091)
* Add testing interface

* Add vendored files
2017-08-01 11:07:08 -07:00
Jeff Mitchell c7e6410c75 Remove uppercase Sirupsen logrus dep 2017-07-25 15:36:14 -04:00
Chris Hoffman 2aa02fb3f0 CockroachDB Physical Backend (#2713) 2017-07-23 08:54:33 -04:00
Jeff Mitchell e553fe0d99 Bump deps 2017-07-18 10:15:54 -04:00
Tony Cai 07088fe8a0 Added HANA database plugin (#2811)
* Added HANA dynamic secret backend

* Added acceptance tests for HANA secret backend

* Add HANA backend as a logical backend to server

* Added documentation to HANA secret backend

* Added vendored libraries

* Go fmt

* Migrate hana credential creation to plugin

* Removed deprecated hana logical backend

* Migrated documentation for HANA database plugin

* Updated HANA DB plugin to use role name in credential generation

* Update HANA plugin tests

* If env vars are not configured, tests will skip rather than succeed

* Fixed some improperly named string variables

* Removed unused import

* Import SAP hdb driver
2017-07-07 13:11:23 -07:00
Jeff Mitchell 09d9a2e302 Add missing datadog vendored lib 2017-06-17 01:29:42 -04:00
Jeff Mitchell 33ca94773f Add DogStatsD metrics output. (#2883)
Fixes #2490
2017-06-16 23:51:46 -04:00
Jeff Mitchell f8f95524d0 Update Azure dep (#2881) 2017-06-16 12:06:09 -04:00
Jeff Mitchell b946eefcda Bump deps 2017-06-16 11:14:18 -04:00
Jeff Mitchell 9095e202d7 Update vendoring 2017-06-05 10:51:53 -04:00
Jeff Mitchell ee27dfc37a Finish dep update 2017-05-24 21:16:17 -04:00
Jeff Mitchell 948af0a12b Bump grpc after they fixed their panic 2017-05-24 21:07:45 -04:00
Jeff Mitchell 5c230c796b Add peer cluster address cache 2017-05-24 20:51:53 -04:00
Jeff Mitchell 9d4801b1e8 Revert grpc back a version (they introduced a panic) and clean up a bunch of old request forwarding stuff 2017-05-24 10:38:48 -04:00
Jeff Mitchell af0d347766 Revert azure vendor updates 2017-05-24 10:12:06 -04:00
Jeff Mitchell 01e1754749 Bump deps 2017-05-24 09:40:58 -04:00
Jeff Mitchell 0d4e7fba69 Remove non-gRPC request forwarding 2017-05-24 09:34:59 -04:00
Mitchell Hashimoto c29ee275ce audit: hash time.Time values in map fields (#2689)
This enables audit.Hash to hash time.Time values that may exist as
direct fields in the map. This will error (instead of panic) for any
time.Time values that don't occur within map values. For example, this
does not support a time.Time within a slice. If that needs to be
supported then modifications will need to be made.

This also requires an update to reflectwalk (included in this PR). This
is a minimal change that allows SkipEntry to signal to skip an entire
struct. We do this because we don't want to walk any of time.Time since
we handle it directly.
2017-05-08 14:06:08 -04:00
Brian Kassouf 7dcec6e68f Merge remote-tracking branch 'oss/master' into database-refactor 2017-05-04 12:40:00 -07:00
mymercurialsky 4c0e3c5d2f Implemented TOTP Secret Backend (#2492)
* Initialized basic outline of TOTP backend using Postgresql backend as template

* Updated TOTP backend.go's structure and help string

* Updated TOTP path_roles.go's structure and help strings

* Updated TOTP path_role_create.go's structure and help strings

* Fixed typo in path_roles.go

* Fixed errors in path_role_create.go and path_roles.go

* Added TOTP secret backend information to cli commands

* Fixed build errors in path_roles.go and path_role_create.go

* Changed field values of period and digits from uint to int, added uint conversion of period when generating passwords

* Initialized TOTP test file based on structure of postgresql test file

* Added enforcement of input values

* Added otp library to vendor folder

* Added test steps and cleaned up errors

* Modified read credential test step, not working yet

* Use of vendored package not allowed - Test error

* Removed vendor files for TOTP library

* Revert "Removed vendor files for TOTP library"

This reverts commit fcd030994bc1741dbf490f3995944e091b11da61.

* Hopefully fixed vendor folder issue with TOTP Library

* Added additional tests for TOTP backend

* Cleaned up comments in TOTP backend_test.go

* Added default values of period, algorithm and digits to field schema

* Changed account_name and issuer fields to optional

* Removed MD5 as a hash algorithm option

* Implemented requested pull request changes

* Added ability to validate TOTP codes

* Added ability to have a key generated

* Added skew, qr size and key size parameters

* Reset vendor.json prior to merge

* Readded otp and barcode libraries to vendor.json

* Modified help strings for path_role_create.go

* Fixed test issue in testAccStepReadRole

* Cleaned up error formatting, variable names and path names. Also added some additional documentation

* Moveed barcode and url output to key creation function and did some additional cleanup based on requested changes

* Added ability to pass in TOTP urls

* Added additional tests for TOTP server functions

* Removed unused QRSize, URL and Generate members of keyEntry struct

* Removed unnecessary urlstring variable from pathKeyCreate

* Added website documentation for TOTP secret backend

* Added errors if generate is true and url or key is passed, removed logger from backend, and revised parameter documentation.

* Updated website documentation and added QR example

* Added exported variable and ability to disable QR generation, cleaned up error reporting, changed default skew value, updated documentation and added additional tests

* Updated API documentation to inlude to exported variable and qr size option

* Cleaned up return statements in path_code, added error handling while validating codes and clarified documentation for generate parameters in path_keys
2017-05-04 10:49:42 -07:00
Brian Kassouf 5ee0d696d4 Merge remote-tracking branch 'oss/master' into database-refactor 2017-05-04 10:45:18 -07:00
Michael Ansel 30b71cbbac Add constraints on the Common Name for certificate-based authentication (#2595)
* Refactor to consolidate constraints on the matching chain

* Add CN prefix/suffix constraint

* Maintain backwards compatibility (pick a random cert if multiple match)

* Vendor go-glob

* Replace cn_prefix/suffix with required_name/globbing

Move all the new tests to acceptance-capable tests instead of embedding in the CRL test

* Allow authenticating against a single cert

* Add new params to documentation

* Add CLI support for new param

* Refactor for style

* Support multiple (ORed) name patterns

* Rename required_names to allowed_names

* Update docs for parameter rename

* Use the new TypeCommaStringSlice
2017-04-30 11:37:10 -04:00
Jeff Mitchell 9a72b3162f Flip back to sstarcher go-okta post-merge 2017-04-28 17:21:49 -04:00
Jeff Mitchell 0f214cc502 Switch to jefferai/go-okta for now to work around Fatal lines in upstream (#2658)
Switch to jefferai/go-okta for now to work around Fatal lines in upstream
2017-04-28 08:39:51 -04:00
Brian Kassouf af9ff63e9a Merge remote-tracking branch 'oss/master' into database-refactor 2017-04-19 15:16:00 -07:00
Jeff Mitchell e1e78b1409 Update to new Azure code after dep update (#2603) 2017-04-17 12:15:12 -04:00
Jeff Mitchell 563f80d39f Bump deps 2017-04-17 11:17:06 -04:00
Brian Kassouf 5fac259ae6 vendor go-plugin 2017-04-12 14:23:15 -07:00
Jeff Mitchell 4d7a0ab772 Bump deps 2017-03-30 20:03:13 -04:00
Jeff Mitchell 0060535eed Bump http2 dep to fix Go 1.8 breakage 2017-03-02 00:46:17 -05:00
Jeff Mitchell 362c6a9d6b Add dockertest.v3 to vendor 2017-02-26 16:53:19 -05:00
Jeff Mitchell 8836da35a6 Update deps 2017-02-24 14:36:54 -05:00
Jeff Mitchell 776e120740 Update deps, particularly to ensure https://aws.amazon.com/blogs/developer/aws-sdk-for-go-update-needed-for-go-1-8/ is covered 2017-02-16 23:42:07 -05:00
Jeff Mitchell 864156773a Update go-cleanhttp 2017-02-10 19:34:41 -05:00
Jeff Mitchell 96eef720d6 Bump deps 2017-02-08 02:13:15 -05:00
Jeff Mitchell 339a502fa1 Update deps 2017-02-02 16:19:55 -05:00
Jeff Mitchell bb229ac94e Update deps 2017-01-26 20:16:19 -05:00
Shane Starcher 6033ea884c Okta implementation (#1966) 2017-01-26 19:08:52 -05:00
Xiang Li 220930f539 etcdbackend: support version auto discovery (#2299) 2017-01-26 17:19:13 -05:00
Jeff Mitchell 595ee9f24a Bump deps 2017-01-13 09:06:34 -05:00
Jeff Mitchell 80dc5819d3 Use dockertest.v2 (#2247)
New dockertest has a totally different API and will require some serious
refactoring. This will tide over until then by pinning the API version.
2017-01-09 13:46:54 -05:00
Jeff Mitchell 6ebf1cf713 Bump deps 2017-01-04 16:47:38 -05:00
Jeff Mitchell 3129187dc2 JWT wrapping tokens (#2172) 2017-01-04 16:44:03 -05:00
Xiang Li 02070e0fc6 physical: add etcd3 backend (#2168) 2017-01-03 14:43:46 -05:00
Conor Mongey 18d2280e4b Update go-syslog package (#2219) 2016-12-31 10:22:25 -06:00