Commit graph

115 commits

Author SHA1 Message Date
Chris Hoffman 743da2cd5d
Only run cassandra test with VAULT_ACC set 2018-10-19 11:35:21 -04:00
Jeff Mitchell a64fc7d7cb
Batch tokens (#755) 2018-10-15 12:56:24 -04:00
Didi Kohen d2021e9336 Allow usage of non-superusers for cassandra connection (#5493) 2018-10-15 11:06:03 -04:00
Konstantinos Tsanaktsidis fb90854233 Fix a panic in MongoDB backend with concurrent create/revoke (#5463)
When Vault is concurrently creating and revoking leases for MongoDB
users as part of the database secrets engine, and then loses connection
to MongoDB, it can panic. This occurrs because the RevokeUser path does
_not_ lock the mutex, but the CreateUser path does. Both threads of
execution can concurently decide to call c.session.Close() in
mongodb/connection_producer.go:119, and then mgo panics when the second
close attempt occurs.
2018-10-04 09:51:08 -04:00
Martin ea509fd2f2 only run cassandra RotateRootCred test when in Travis (#5420) 2018-09-27 10:43:33 -05:00
Calvin Leung Huang b5c8b3d4c5 Clean up container on connection failure, switch to ory/dockertest on package postgresql (#5050) 2018-08-07 09:56:33 -07:00
Jeff Mitchell d144f2935e Two-pronged fix for renew policy checking (#4960)
1) In backends, ensure they are now using TokenPolicies
2) Don't reassign auth.Policies until after expmgr registration as we
don't need them at that point

Fixes #4829
2018-07-24 12:03:11 -07:00
Jeff Mitchell 4b354e1110
Re-add dockertest and fix up imports and update script (#4909) 2018-07-11 17:49:13 -04:00
Chris Hoffman 8b8a62b675
Fix MSSQL Root Rotation Statement (#4748)
* fixing default rotate statement for MSSQL

* only run with ACC
2018-06-12 12:11:48 -04:00
Jeff Mitchell 7f886b5675 Update go-retryablehttp vendor 2018-05-09 17:44:53 -04:00
Calvin Leung Huang 7d214d2a3a
Purge opened connections on retries during tests (#4452) 2018-04-26 11:28:58 -04:00
Calvin Leung Huang 31633654ee Explicitly use 5.7 and below to test mysql backends (#4429) 2018-04-23 13:03:02 -04:00
Becca Petrin b3b7fba67e
Release database resources on each iteration of a loop (#4305) 2018-04-17 16:31:09 -07:00
Jeff Mitchell 8f1f1ea6a7 Fix some tests 2018-04-10 00:22:23 -04:00
Jeff Mitchell 6c73d509cf Fix tests from version update 2018-04-09 16:14:44 -04:00
Chris Hoffman 71c0b749b5
Fix deadlock in root credential rotation (#4309)
* fix deadlock in root credential rotation

* add more logging of errors

* adding cassandra test
2018-04-08 13:34:59 -04:00
Chris Hoffman e4832fdbcf
Database Root Credential Rotation (#3976)
* redoing connection handling

* a little more cleanup

* empty implementation of rotation

* updating rotate signature

* signature update

* updating interfaces again :(

* changing back to interface

* adding templated url support and rotation for postgres

* adding correct username

* return updates

* updating statements to be a list

* adding error sanitizing middleware

* fixing log sanitizier

* adding postgres rotate test

* removing conf from rotate

* adding rotate command

* adding mysql rotate

* finishing up the endpoint in the db backend for rotate

* no more structs, just store raw config

* fixing tests

* adding db instance lock

* adding support for statement list in cassandra

* wip redoing interface to support BC

* adding falllback for Initialize implementation

* adding backwards compat for statements

* fix tests

* fix more tests

* fixing up tests, switching to new fields in statements

* fixing more tests

* adding mssql and mysql

* wrapping all the things in middleware, implementing templating for mongodb

* wrapping all db servers with error santizer

* fixing test

* store the name with the db instance

* adding rotate to cassandra

* adding compatibility translation to both server and plugin

* reordering a few things

* store the name with the db instance

* reordering

* adding a few more tests

* switch secret values from slice to map

* addressing some feedback

* reinstate execute plugin after resetting connection

* set database connection to closed

* switching secret values func to map[string]interface for potential future uses

* addressing feedback
2018-03-21 15:05:56 -04:00
Josh Soref 73b1fde82f Spelling (#4119) 2018-03-20 14:54:10 -04:00
Calvin Leung Huang 8cd19b481a
CreateUser deadlock fix (#3761)
* Unlock the lock on CreateUser for Close call

* Let getConnection handle session reset, return c.session on Connection
2018-01-08 12:42:05 -05:00
Jeff Mitchell 7e033efa4c Revert grabbing lock in database Connection funcs 2017-12-19 12:53:21 -05:00
Jeff Mitchell 15df4d1f36 Add lock and close check on cassandra as well 2017-12-19 10:26:46 -05:00
Jeff Mitchell 3cf61a5d8f Ping the mongo session when the connection is retrieved.
This was in the deprecated backend where it fixed a similar issue a long
time ago but for some reason didn't make it over. Additionally the
function wasn't being locked properly.

Hopefully fixes #2973
2017-12-19 10:11:04 -05:00
Brian Kassouf 9358540d50
plugins/database: use context with plugins that use database/sql package (#3691) 2017-12-15 10:26:17 -08:00
Brian Kassouf afe53eb862
Database gRPC plugins (#3666)
* Start work on context aware backends

* Start work on moving the database plugins to gRPC in order to pass context

* Add context to builtin database plugins

* use byte slice instead of string

* Context all the things

* Move proto messages to the dbplugin package

* Add a grpc mechanism for running backend plugins

* Serve the GRPC plugin

* Add backwards compatibility to the database plugins

* Remove backend plugin changes

* Remove backend plugin changes

* Cleanup the transport implementations

* If grpc connection is in an unexpected state restart the plugin

* Fix tests

* Fix tests

* Remove context from the request object, replace it with context.TODO

* Add a test to verify netRPC plugins still work

* Remove unused mapstructure call

* Code review fixes

* Code review fixes

* Code review fixes
2017-12-14 14:03:11 -08:00
Calvin Leung Huang 41f03b466a
Support MongoDB session-wide write concern (#3646)
* Initial work on write concern support, set for the lifetime of the session

* Add base64 encoded value support, include docs and tests

* Handle error from json.Unmarshal, fix test and docs

* Remove writeConcern struct, move JSON unmarshal to Initialize

* Return error on empty mapping of write_concern into mgo.Safe struct
2017-12-05 15:31:01 -05:00
Jeff Mitchell 45d4facb29 Add some delay to postgres create user test to verify expiration isn't immediate 2017-11-30 09:35:47 -05:00
Brian Kassouf 24b449e6c6
database/mysql: Allow the creation statement to use commands that are… (#3619)
* database/mysql: Allow the creation statement to use commands that are not yet supported by the prepare statement protocol

* Remove unnecessary else block
2017-11-28 10:19:49 -08:00
navinanandaraj 40affa8b5f Change list users to list all for session validation (#3469) 2017-10-18 14:24:12 -04:00
Calvin Leung Huang c747caac2a Fix cassandra tests, explicitly set cluster port if provided (#3296)
* Fix cassandra tests, explicitly set cluster port if provided

* Update cassandra.yml test-fixture

* Add port as part of the config option, fix tests

* Remove hostport splitting in cassandraConnectionProducer.createSession

* Include port in API docs
2017-09-07 23:04:40 -04:00
Calvin Leung Huang 3136fbb678 Fix flag parsing on database plugins, exit on parse error (#3305)
* Change FlagSet error handling to flag.ExitOnError

* Ignore os.Args[0] (the command itself) when parsing flags

* Revert to using flag.ContinueOnError
2017-09-07 16:30:00 -04:00
Jeff Mitchell d64929b58d Try reconnecting Mongo on EOF (#3269) 2017-08-31 16:50:26 -04:00
Brian Kassouf a023ab5152 Fix MySQL legacy username regression (#3141)
* Fix the mysql legacy username length

* Remove boolean parameter

* Add a MySQL 5.6 container to test the legacy MySQL plugin against

* Add database plugins to the make file

* Fix credsutil test
2017-08-10 18:28:18 -07:00
Calvin Leung Huang 061d241f12 credsutil: Include hyphen as part of reqStr (#3037) 2017-08-03 07:34:53 -04:00
Tony Cai 07088fe8a0 Added HANA database plugin (#2811)
* Added HANA dynamic secret backend

* Added acceptance tests for HANA secret backend

* Add HANA backend as a logical backend to server

* Added documentation to HANA secret backend

* Added vendored libraries

* Go fmt

* Migrate hana credential creation to plugin

* Removed deprecated hana logical backend

* Migrated documentation for HANA database plugin

* Updated HANA DB plugin to use role name in credential generation

* Update HANA plugin tests

* If env vars are not configured, tests will skip rather than succeed

* Fixed some improperly named string variables

* Removed unused import

* Import SAP hdb driver
2017-07-07 13:11:23 -07:00
Brian Kassouf aca4736d7d Move database drivers from test files into the plugin files (#2986) 2017-07-07 10:38:12 -07:00
Graham Davison 0bd78602fa Moved drivers from plugins/helper/database/connutil/sql.go to driver test files (#2980) 2017-07-07 09:09:48 -04:00
Brian Kassouf ef979cc02b Use WeakDecode to decode the initialize values (#2871) 2017-06-14 18:59:27 -07:00
Brian Kassouf 606fe393be Use the role name in the db username (#2812) 2017-06-06 09:49:49 -04:00
Andrew Paulin 776019963b Support custom renewal statements in Postgres (#2788)
* Support custom renewal statements in Postgres

* Refactored out default/custom renew methods
2017-06-01 13:18:16 -07:00
Calvin Leung Huang 9fd39a0681 Mongodb plugin (#2698)
* WIP on mongodb plugin

* Add mongodb plugin

* Add tests

* Update mongodb.CreateUser() comment

* Update docs

* Add missing docs

* Fix mongodb docs

* Minor comment and test updates

* Fix imports

* Fix dockertest import

* Set c.Initialized at the end, check for empty CreationStmts first on CreateUser

* Remove Initialized check on Connection()

* Add back Initialized check

* Update docs

* Move connProducer and credsProducer into pkg for  mongodb and cassandra

* Chage parseMongoURL to be a private func

* Default to admin if no db is provided in creation_statements

* Update comments and docs
2017-05-11 17:38:54 -04:00
Jeff Mitchell 185ba8a1c3 Only run cassandra tests on Travis for right now 2017-05-09 08:36:20 -04:00
Brian Kassouf 015e63164b Fix mysql plugin tests 2017-05-03 13:36:16 -07:00
Brian Kassouf 223598c675 Add the other mysql plugin types with the correct username length settings 2017-05-03 13:33:56 -07:00
Brian Kassouf 37bd3ed76e Use log to output errors instead of fmt 2017-05-03 13:01:05 -07:00
Brian Kassouf 29d9b831d3 Update the api for serving plugins and provide a utility to pass TLS data for commuinicating with the vault process 2017-05-02 14:40:11 -07:00
Brian Kassouf ca7ff89bcb Fix documentation 2017-05-02 02:22:06 -07:00
Brian Kassouf c8bbea9f37 Rename NewPluginServer to just Serve 2017-05-02 02:00:39 -07:00
Brian Kassouf 0e70ba8dbc Add test for custiom mssql revoke statement 2017-05-01 15:43:21 -07:00
Calvin Leung Huang 5076701bea Honor statements for RevokeUser on Cassandra backend, add method comments 2017-05-01 11:27:35 -04:00
Brian Kassouf 43cf619871 Update the username length for postgresql 2017-04-27 23:02:33 -07:00
Brian Kassouf 9a07675d86 Update username length for MSSQL 2017-04-27 22:59:22 -07:00
Brian Kassouf c11f2638b9 If user provides a revocation statement for MSSQL plugin honor it 2017-04-27 22:56:06 -07:00
Calvin Leung Huang 785bce7469 Merge pull request #2632 from hashicorp/cassandra-plugin
Add cassandra plugin
2017-04-27 16:28:33 -04:00
Calvin Leung Huang fadf6c439f Update New() func signature and its references 2017-04-27 11:07:52 -04:00
Brian Kassouf 6252f48dfe Fix MSSQL test 2017-04-26 10:52:10 -07:00
Brian Kassouf 6a1ae9160d Add mssql builtin plugin type 2017-04-26 10:34:45 -07:00
Brian Kassouf 378ae98809 s/DatabaseType/Database/ 2017-04-24 13:59:12 -07:00
Calvin Leung Huang b7e69d0cb6 Remove commented old method signature 2017-04-23 00:04:05 -04:00
Calvin Leung Huang c005f8fc91 Add cassandra plugin 2017-04-23 09:02:57 +08:00
Brian Kassouf 30b06b593c Fix tests 2017-04-21 09:10:26 -07:00
Brian Kassouf 6f9d178370 Calls to builtin plugins now go directly to the implementation instead of go-plugin 2017-04-20 18:46:41 -07:00
Chris Hoffman 09cdea92fd Adding explicit database to sp_msloginmappings call (#2611) 2017-04-18 14:32:08 -07:00
Brian Kassouf 3b4768c5fb Only run mssql acceptance test when running as VAULT_ACC=1 2017-04-13 14:40:59 -07:00
Brian Kassouf 189909931b Move mssql to be an acceptance test 2017-04-13 14:30:15 -07:00
Brian Kassouf 4e9f89430c Move plugins into main vault repo 2017-04-13 13:48:32 -07:00