Commit graph

8468 commits

Author SHA1 Message Date
Yoko b41a1c6134
Updated - Secure Introduction to Vault Clients guide (#4944)
* Incorporated Armon's feedback

* Added a diagram
2018-07-17 15:54:48 -07:00
Jeff Mitchell 50ea7f3825 Fix context shadowing during radius login (#4941)
Fixes #4938
2018-07-17 11:17:07 -07:00
Becca Petrin ba39deb411 fix possible panic (#4942) 2018-07-17 11:15:28 -07:00
Jeff Mitchell 8b0561aad8
Two small items: (#4934)
1) Disable MaxRetries in test cluster clients. We generally want to fail
as fast as possible in tests so adding unpredictable timing in doesn't
help things, especially if we're timing sensitive in the test.

2) EquivalentPolicies is supposed to return true if only one set
contains `default` and the other is empty, but if one set was nil
instead of simply a zero length slice it would always return false. This
means that renewing against, say, `userpass` when not actually
specifying any user policies would always fail.
2018-07-17 01:23:26 -04:00
Yoko 67b349a107
Secure Introduction to Vault Clients Guide (#4871)
* WIP

* WIP - Secure Intro Guide

* WIP secure intro guide

* WIP Secure Intro Guide

* WIP Secure Intro Guide

* WIP Secure Intro Guide
2018-07-16 15:17:52 -07:00
Jeff Mitchell 75547fcac3 Remove defer of atomic add to see if that fixes data race 2018-07-16 11:34:47 -04:00
Jeff Mitchell c420eb01c5 changelog++ 2018-07-16 10:56:19 -04:00
Julien Blache c8fb9ed6a8 FoundationDB physical backend (#4900) 2018-07-16 10:18:09 -04:00
Ram Nadella 493752334a Fix environment mismatch in MySQL cert step (#4835) 2018-07-16 10:13:44 -04:00
Jeff Mitchell a3ebf4840f changelog++ 2018-07-16 10:12:40 -04:00
Michael Russell b6dfe372fd Allow vault ssh to work with single ssh args like -v (#4825) 2018-07-16 10:11:56 -04:00
Richie Yeung 8fb804ecce Fix empty string check for password (#4923) 2018-07-13 12:35:06 -07:00
Brian Kassouf 57d9c335d8
Don't shutdown if we lose leadership during lease restoration (#4924)
* Don't shutdown if we lose leadership during lease restoration

* Update comment
2018-07-13 11:30:08 -07:00
zhogov 5c472429c2 Fixed parsing of environment variables (#4925) 2018-07-13 10:45:35 -07:00
Seth Vargo 1259ee6743 Add plugin CLI for interacting with the plugin catalog (#4911)
* Add 'plugin list' command

* Add 'plugin register' command

* Add 'plugin deregister' command

* Use a shared plugin helper

* Add 'plugin read' command

* Rename to plugin info

* Add base plugin for help text

* Fix arg ordering

* Add docs

* Rearrange to alphabetize

* Fix arg ordering in example

* Don't use "sudo" in command description
2018-07-13 10:35:08 -07:00
Calvin Leung Huang 51d842bd0a changelog++ 2018-07-13 11:39:42 -04:00
Jeff Mitchell c2d909d9bf changelog++ 2018-07-13 11:05:13 -04:00
Seth Vargo cdfa124b04 Don't use activeContext for standby/leader cancelation (#4919)
Move cancelation to after cleanup

Fixes GH-4915
2018-07-13 11:04:23 -04:00
Seth Vargo 76d72a5e86 Use context from stdlib in google physical backends (#4922)
* Use context from stdlib in google physical backends

* Do not prefix logs (Vault will do it)
2018-07-13 11:00:38 -04:00
Jeff Mitchell b85a5da767 Change x/net context package to go stdlib 2018-07-13 10:59:34 -04:00
Jeff Mitchell db9abad3c9 Remove unnecessary log scoping in some physical backends 2018-07-13 10:57:30 -04:00
Jeff Mitchell 5c2237de79 Bind locally to opcount to try to make race detector happy 2018-07-13 10:33:42 -04:00
Jeff Mitchell 8b966f7027 Remove some unnecessary default statements 2018-07-13 09:33:26 -04:00
Jeff Mitchell c1bf656cf6 changelog++ 2018-07-13 09:33:01 -04:00
dmicanzerofox a3d067c00b PKI Tidy Revocation List optionally Tidy Revoked Certs that are Unexpired (#4916) 2018-07-13 09:32:32 -04:00
Matthew Irish 25cafba848
UI - disable JSON toggle when data is not only strings (#4913)
* disable JSON toggle when data is not only strings
* add tests
2018-07-12 21:35:58 -05:00
Jeff Mitchell 197b4f5f40 changelog++ 2018-07-12 18:46:48 -04:00
Jeff Mitchell 9e3acbafb5 changelog++ 2018-07-12 18:40:21 -04:00
Jeff Mitchell a2b88fa239
Turn off retries on CLI (#4918)
For the CLI it just ends up confusing people as to why it's "hanging"
before returning a 500. This can still be overridden with
VAULT_MAX_RETRIES.
2018-07-12 18:38:18 -04:00
Jeff Mitchell 8433bf26e9 Fix printable check key not being valid 2018-07-12 16:59:07 -04:00
Jeff Mitchell 954f6c4ece
Add config flag to disable non-printable character check (#4917) 2018-07-12 16:29:36 -04:00
Calvin Leung Huang f801f4b808
Add description flag to secrets and auth tune subcommands (#4894)
* Add description flag to secrets and auth tune subcommands

* Allow empty description to be provided in secret and auth mount tune

* Use flagNameDescription
2018-07-12 11:15:50 -04:00
Jeff Mitchell cd51a769ca Fix tests 2018-07-12 10:18:50 -04:00
Jeff Mitchell 92ed8fa571 Fix test 2018-07-12 08:29:04 -04:00
Jeff Mitchell 4b354e1110
Re-add dockertest and fix up imports and update script (#4909) 2018-07-11 17:49:13 -04:00
Jeff Mitchell 4d1a6690f5
Use Go's in-built permitted DNS domain logic (#4908)
Fixes #4863
2018-07-11 17:35:46 -04:00
Jeff Mitchell a371bd7e7b Minor dep sync 2018-07-11 16:04:02 -04:00
Seth Vargo a379989da4 Update GCP docs (#4898)
* Consistently use "Google Cloud" where appropriate

* Update GCP docs

This updates the GCP docs to use the new updated fields that will be
present in the next release of the plugin as well as fixes up some
inconsistencies between the GCP docs and other auth method
documentation.
2018-07-11 15:52:22 -04:00
Jeff Mitchell a0c09278ee changelog++ 2018-07-11 15:51:20 -04:00
Jeff Mitchell 5beb7ab1fd
Add in logic for handling a field of 'data' to kv get (#4895)
We do this for normal commands in PrintRawField but it needs some help
for KV v2.
2018-07-11 15:50:26 -04:00
Jeff Mitchell d12186afc7 changelog++ 2018-07-11 15:50:05 -04:00
Jeff Mitchell 98bf463a65 Make single-lease revocation behave like expiration (#4883)
This change makes it so that if a lease is revoked through user action,
we set the expiration time to now and update pending, just as we do with
tokens. This allows the normal retry logic to apply in these cases as
well, instead of just erroring out immediately. The idea being that once
you tell Vault to revoke something it should keep doing its darndest to
actually make that happen.
2018-07-11 15:45:35 -04:00
Jeff Mitchell 2d15cc75e0 changelog++ 2018-07-11 15:18:24 -04:00
Jeff Mitchell 6e0e024d90
Allow lease_duration to be pulled out with -field (#4906)
* Allow lease_duration to be pulled out with -field

This also provides an easy way to verify that when -field is used we
don't string format the value.

This also changes the human string helper to accept more than one type
of incoming int.

* Address review feedback
2018-07-11 15:09:04 -04:00
Jeff Mitchell 2322eabc68
Add jwt auth docs (#4891) 2018-07-11 15:08:49 -04:00
Jeff Mitchell 7904d73ead changelog++ 2018-07-11 12:47:02 -04:00
Jeff Mitchell 8a9957fa4c
Add control group request endpoint to default policy (#4904) 2018-07-11 12:46:30 -04:00
Jeff Mitchell 877d109021 changelog++ 2018-07-11 12:45:33 -04:00
Jeff Mitchell 935c045cfa
Fix permitted dns domain handling (#4905)
It should not require a period to indicate subdomains being allowed

Fixes #4863
2018-07-11 12:44:49 -04:00
Seth Vargo 87b60308f8 Special case handle TTLs from JSON responses (#4893) 2018-07-11 12:07:48 -04:00