Commit graph

1135 commits

Author SHA1 Message Date
John Morrissey 596b1a990c avoid a panic on failed creds polling (#7238) 2019-08-01 16:22:15 -04:00
Brian Kassouf b83aaf7331
storage/raft: Support storage migration to raft storage (#7207)
* Support raft in the migration command

* Add comments
2019-07-29 13:05:43 -07:00
Jeff Mitchell 7373d5de78 Add adjustment factor for number of backends for secrets test 2019-07-25 10:00:51 -04:00
Srikanth Venkatesh b459cfcb3e fixed a typo in an exception message regarding absence of config files while starting up vault (#6816) 2019-07-24 12:58:48 -04:00
Jeff Mitchell f97550833f Make fmt 2019-07-24 12:41:28 -04:00
Jonathan Sokolowski 325c06b2cc Add -dev-no-store-token to vault server command (#7104)
When starting a vault dev server the token helper is invoked to store
the dev root token.
This option gives the user the ability to not store the token.

Storing the token can be undesirable in certain circumstances
(e.g.  running local tests) as the user's existing vault token is
clobbered without warning.

Fixes #1861
2019-07-24 12:41:07 -04:00
Jim Kalafut d3b342a9cc
Fix broken server config test (#7153) 2019-07-22 09:39:13 -07:00
Christian Muehlhaeuser e6febc5839 Fixed a bunch of typos (#7146) 2019-07-18 21:10:15 -04:00
Mike Jarmy 0d4ae949a8
Add 'log-format' CLI flag, along with associated config flag, for 'vault server' command. (#6840)
* Read config before creating logger when booting vault server

* Allow for specifying log output in JSON format in a config file, via a 'log_level' flag

* Create parser for log format flag

* Allow for specifying log format in a config file, via a 'log_format' flag. Also, get rid of 'log_json' flag.

* Add 'log-format' command line flag

* Update documentation to include description of log_format setting

* Tweak comment for VAULT_LOG_FORMAT environment variable

* add test for ParseEnvLogFormat()

* clarify how log format is set

* fix typos in documentation
2019-07-18 15:59:27 -04:00
Calvin Leung Huang e869893df3
logical: add support for passing data to delete (#7139)
* logical: add support for passing data to delete

* add back raft bit

* add back raft bit

* update error message

* fix command delete tests
2019-07-18 10:42:36 -07:00
Michel Vocks 24e4f7eaaf
Added operator raft and operator raft snapshot descriptions (#7106) 2019-07-16 09:31:00 +02:00
Becca Petrin 0663a2665c
add a reader that takes stdin (#7074) 2019-07-05 13:36:44 -07:00
Mike Jarmy 9c0d9f6fc0
fix output-curl-string for 'vault kv patch' (#6848)
* fix output-curl-string for 'vault-kv-patch'

* improve comments
2019-07-03 09:03:35 -04:00
Michel Vocks 524c7517e9
Add namespace config option to agent auto-auth config (#6988)
* Added namespace option to vault agent auto-auth method

* Implemented review feedback
2019-07-03 09:33:20 +02:00
Michael Gaffney 4044cff8f2
Merge branch 'master' into mgaffney/kv-delete-version-after 2019-07-02 17:27:36 -04:00
Michel Vocks 2b5aca4300
Token identity support (#6267)
* Implemented token backend support for identity

* Fixed tests

* Refactored a few checks for the token entity overwrite. Fixed tests.

* Moved entity alias check up so that the entity and entity alias is only created when it has been specified in allowed_entity_aliases list

* go mod vendor

* Added glob pattern

* Optimized allowed entity alias check

* Added test for asterisk only

* Changed to glob pattern anywhere

* Changed response code in case of failure. Changed globbing pattern check. Added docs.

* Added missing token role get parameter. Added more samples

* Fixed failing tests

* Corrected some cosmetical review points

* Changed response code for invalid provided entity alias

* Fixed minor things

* Fixed failing test
2019-07-01 11:39:54 +02:00
Michael Gaffney 9366f95816 Remove delete-version-after from kv put and undelete subcommands
Removes the optional parameter "delete-version-after" from the following
CLI subcommands:

- kv put
- kv undelete
- kv rollback
2019-06-27 14:17:46 -04:00
Michael Gaffney 42324c22ff Add delete-version-after to kv CLI subcommands
Adds a new optional parameter "delete-version-after" to the following
CLI subcommands:

- kv metadata put
- kv put
- kv undelete
- kv rollback
2019-06-27 14:17:46 -04:00
Jeff Mitchell 346a31fddf
Add a deprecated helper to tokenutil and JSON output to path-help (#7006) 2019-06-27 12:56:31 -04:00
Aaron Donovan 09acded420 Allow configuration of nonce for ec2 authentication (#6953)
* Allow configuration of nonce for ec2 authentication

* Addressing pull request comment
2019-06-27 11:06:20 -04:00
Jeff Mitchell a4214a2161
Add the ability to use a dev Consul node for dev storage (#6965) 2019-06-24 13:29:47 -04:00
Vishal Nayak 9296ca1f8c
raft join tls (#6932) 2019-06-21 17:41:07 -04:00
Vishal Nayak 53035ce390
Raft CLI (#6893)
* raft cli

* Reuse the command's client

* Better response handling

* minor touchups
2019-06-20 21:32:00 -04:00
Jeff Mitchell 2f271c3bc0 Fix tests 2019-06-20 21:00:01 -04:00
Jeff Mitchell f70ddb9dee Make base predict test kmip friendly 2019-06-20 20:57:46 -04:00
Jeff Mitchell 07dcdc8b79 Sync 2019-06-20 20:55:10 -04:00
Brian Kassouf ed14061578
Raft Storage Backend (#6888)
* Work on raft backend

* Add logstore locally

* Add encryptor and unsealable interfaces

* Add clustering support to raft

* Remove client and handler

* Bootstrap raft on init

* Cleanup raft logic a bit

* More raft work

* Work on TLS config

* More work on bootstrapping

* Fix build

* More work on bootstrapping

* More bootstrapping work

* fix build

* Remove consul dep

* Fix build

* merged oss/master into raft-storage

* Work on bootstrapping

* Get bootstrapping to work

* Clean up FMS and node-id

* Update local node ID logic

* Cleanup node-id change

* Work on snapshotting

* Raft: Add remove peer API (#906)

* Add remove peer API

* Add some comments

* Fix existing snapshotting (#909)

* Raft get peers API (#912)

* Read raft configuration

* address review feedback

* Use the Leadership Transfer API to step-down the active node (#918)

* Raft join and unseal using Shamir keys (#917)

* Raft join using shamir

* Store AEAD instead of master key

* Split the raft join process to answer the challenge after a successful unseal

* get the follower to standby state

* Make unseal work

* minor changes

* Some input checks

* reuse the shamir seal access instead of new default seal access

* refactor joinRaftSendAnswer function

* Synchronously send answer in auto-unseal case

* Address review feedback

* Raft snapshots (#910)

* Fix existing snapshotting

* implement the noop snapshotting

* Add comments and switch log libraries

* add some snapshot tests

* add snapshot test file

* add TODO

* More work on raft snapshotting

* progress on the ConfigStore strategy

* Don't use two buckets

* Update the snapshot store logic to hide the file logic

* Add more backend tests

* Cleanup code a bit

* [WIP] Raft recovery (#938)

* Add recovery functionality

* remove fmt.Printfs

* Fix a few fsm bugs

* Add max size value for raft backend (#942)

* Add max size value for raft backend

* Include physical.ErrValueTooLarge in the message

* Raft snapshot Take/Restore API  (#926)

* Inital work on raft snapshot APIs

* Always redirect snapshot install/download requests

* More work on the snapshot APIs

* Cleanup code a bit

* On restore handle special cases

* Use the seal to encrypt the sha sum file

* Add sealer mechanism and fix some bugs

* Call restore while state lock is held

* Send restore cb trigger through raft log

* Make error messages nicer

* Add test helpers

* Add snapshot test

* Add shamir unseal test

* Add more raft snapshot API tests

* Fix locking

* Change working to initalize

* Add underlying raw object to test cluster core

* Move leaderUUID to core

* Add raft TLS rotation logic (#950)

* Add TLS rotation logic

* Cleanup logic a bit

* Add/Remove from follower state on add/remove peer

* add comments

* Update more comments

* Update request_forwarding_service.proto

* Make sure we populate all nodes in the followerstate obj

* Update times

* Apply review feedback

* Add more raft config setting (#947)

* Add performance config setting

* Add more config options and fix tests

* Test Raft Recovery (#944)

* Test raft recovery

* Leave out a node during recovery

* remove unused struct

* Update physical/raft/snapshot_test.go

* Update physical/raft/snapshot_test.go

* fix vendoring

* Switch to new raft interface

* Remove unused files

* Switch a gogo -> proto instance

* Remove unneeded vault dep in go.sum

* Update helper/testhelpers/testhelpers.go

Co-Authored-By: Calvin Leung Huang <cleung2010@gmail.com>

* Update vault/cluster/cluster.go

* track active key within the keyring itself (#6915)

* track active key within the keyring itself

* lookup and store using the active key ID

* update docstring

* minor refactor

* Small text fixes (#6912)

* Update physical/raft/raft.go

Co-Authored-By: Calvin Leung Huang <cleung2010@gmail.com>

* review feedback

* Move raft logical system into separate file

* Update help text a bit

* Enforce cluster addr is set and use it for raft bootstrapping

* Fix tests

* fix http test panic

* Pull in latest raft-snapshot library

* Add comment
2019-06-20 12:14:58 -07:00
Becca Petrin 9eaefea18c fix test 2019-06-19 10:59:11 -07:00
Becca Petrin ab156603bd merge master 2019-06-19 10:24:45 -07:00
Becca Petrin 8bbf6e6fc3 update to latest plugin dependencies 2019-06-19 10:04:49 -07:00
Becca Petrin 1034e564f1 fix test 2019-06-18 09:36:25 -07:00
Michel Vocks fcf1b9c54e
Fixed wrong rekey recovery backup client API URL (#6841)
* Fixed wrong rekey recovery backup client API URL

* Fixed wrong rekey recovery backup client API URL delete

* Changed output for recovery backup key delete
2019-06-11 10:05:44 +02:00
Becca Petrin 66aaa46588 add PCF auth method, agent, and cli handler 2019-06-06 12:26:04 -07:00
Jeff Mitchell 068b38faa0
Make flushing the cache race safe (#6828)
* Make flushing the cache race safe

* Remove noop aborts
2019-06-05 02:52:18 -04:00
Jeff Mitchell 38c0a9d7a5 Audit listing with format json returns json, not a string (#6776)
* Audit listing with format json returns json, not a string

Fixes #6775

* list, kv list and namespace list with format json returns json, not a string

* Changed audit list return code to 2 which aligns with other list commands return codes
2019-06-04 10:36:34 -07:00
Calvin Leung Huang 679f7415ea
agent/caching: support proxying request query parameters (#6772)
* agent/caching: support proxying request query parameters

* update comment

* rejig other agent log messages to output method followed by path
2019-05-22 09:21:47 -07:00
Jim Kalafut 8a0d423ed8
Fix gofmt (#6764) 2019-05-20 15:15:05 -07:00
Lexman cef2339959 removes a duplicated test case in server_test (#6740) 2019-05-20 09:54:41 -04:00
Lexman b2850ac624
http timeout values are configurable (#6666)
* http timeout fields are configurable

* move return statement for server config tests outside of range loop

* adds documentation for configurable listener http_* values

* fixed some formatting for the docs markdown
2019-05-10 10:41:42 -07:00
vishalnayak 36581e3a2a Increase the ttl for the tests to pass 2019-05-08 12:10:48 -04:00
Travis Cosgrave 236d7c5e52 Add certificate auto-auth method to vault agent (#6652)
* adding auto auth for cert auth methods

* Adding Docs for Cert Auto-auth method

* fixes errors in docs

* wrong documentation title

* repariting a few typos in the docs and being very clear about where the certificates should be configured

* clarifying the name parameter documentation

* Fixes gofmt issues in command/agent.go

* Fix typo in docs

* Add nil check to Config for cert auto-auth and add test with and without a specified name
2019-05-06 10:39:27 -04:00
Brian Kassouf f8530893ae
Fix a panic caused by a nil response on kv pre-flight (#6675)
* Fix a panic caused by a nil response on kv pre-flight

* Fix imports
2019-05-03 09:10:41 -07:00
Jeff Mitchell 5e22be1824 Re-add stored-shares for init and spit out a warning (#6677) 2019-05-03 09:09:59 -07:00
Brian Kassouf 04d0ddfdae
Add mount UUID to the secret and auth list API responses (#6633) 2019-04-24 12:27:43 -07:00
Jeff Mitchell 24b92d6e29 Move physical/file to sdk 2019-04-15 14:51:33 -04:00
Jeff Mitchell 213b9fd1cf Update to api 1.0.1 and sdk 0.1.8 2019-04-15 14:10:07 -04:00
Jeff Mitchell 9ebc57581d
Switch to go modules (#6585)
* Switch to go modules

* Make fmt
2019-04-13 03:44:06 -04:00
Becca Petrin 6ded269700
Merge pull request #6268 from hashicorp/6234-aws-region
Add region to CLI for generating AWS login data
2019-04-12 16:15:38 -07:00
Jeff Mitchell 371db36ede Move useragent to sdk 2019-04-12 18:17:49 -04:00
Jeff Mitchell a1796b3ece Move password to sdk 2019-04-12 18:12:13 -04:00