Commit graph

7419 commits

Author SHA1 Message Date
Joel Thompson 2cd8051607 auth/aws: Fix error with empty bound_iam_principal_arn (#3843)
* auth/aws: Fix error with empty bound_iam_principal_arn

In cases where there doesn't need to be a bound_iam_principal_arn, i.e.,
either auth_type is ec2 or there are other bindings with the iam
auth_type, but it is specified explicitly anyway, Vault tried to parse
it to resolve to internal unique IDs. This now checks to ensure that
bound_iam_principal_arn is non-empty before attempting to resolve it.

Fixes #3837

* Fix extraneous newline
2018-01-24 23:08:05 -05:00
Yoko Hyakuna 3e043170a0 Fixed the sample admin policies 2018-01-24 18:10:56 -08:00
Jeff Mitchell ad9da2e0b8
Fix intermittent panic by storing a reference to the grpc server (#3842)
* Fix intermittent panic by storing a reference to the grpc server and
using that to ensure it will never be nil.

* Just get rid of c.rpcServer
2018-01-24 20:23:08 -05:00
Jeff Mitchell bab8db3328
Don't allow non-printable characters in the API client's token (#3841) 2018-01-24 19:57:49 -05:00
Yoko Hyakuna 3fc84bff3a Added policy requirements & scenario diagrams 2018-01-24 16:01:44 -08:00
Yoko e8152efd25
Merge pull request #3840 from hashicorp/pm-feedback
Policy Feedback from PM
2018-01-24 13:40:11 -08:00
Andy Manoske 909f0d34fc
Policy Feedback from PM 2018-01-24 11:47:31 -08:00
Calvin Leung Huang 6060ae70c2 changelog++ 2018-01-24 11:32:17 -05:00
Yoko Hyakuna d45a247bec Cleaned up the diagram 2018-01-23 16:22:17 -08:00
Yoko Hyakuna 9df839e446 More detailed descriptions were added 2018-01-23 15:43:07 -08:00
Jeff Mitchell 3cea1a4f37 Update go-plugin dep 2018-01-23 18:18:04 -05:00
Calvin Leung Huang 385140ee6b
Version protocol switch (#3833)
* Use version to determine plugin protocol to use

* Remove field from ServeOpts

* Fix missing assignment, handle errors

* contraint -> constraint

* Inject the version string from the vault side

* Fix the version check

* Add grpc support check to database plugins

* Default to use grpc unless missing env var or fail on contraint check

* Add GRPCSupport test

* Add greater than test case

* Add go-version dep
2018-01-23 17:29:26 -05:00
Vishal Nayak b9a5a35895 docs: Fix the expected type of metadata (#3835) 2018-01-23 16:30:15 -05:00
Jeff Mitchell feed3b9b95
Better duo status message handling (#3834) 2018-01-23 14:18:48 -05:00
Jeff Mitchell 85560b6295 Fix build 2018-01-23 11:33:49 -05:00
Jeff Mitchell 484445a238 changelog++ 2018-01-23 11:30:38 -05:00
Jeff Mitchell bf05b5c482
Fix intermittent panic connecting to Duo (#3832)
Fixes #2030
2018-01-23 11:29:22 -05:00
Matthew Irish 9c98ee57f4
changelog ++ 2018-01-23 09:35:36 -06:00
Jeff Mitchell cf87cc54fc Fix build 2018-01-22 21:45:22 -05:00
Jeff Mitchell 8e8675053b Sync some bits over 2018-01-22 21:44:49 -05:00
Yoko Hyakuna 358f95553c WIP - new guides 2018-01-22 18:14:23 -08:00
Vishal Nayak 7be7bc1754
Redirect server output warnings to stdout (#3831) 2018-01-22 20:58:27 -05:00
Brian Kassouf b597e14f01
Update data values from byte arrays to strings in proto definition (#3829)
* Update data values from byte arrays to strings in proto definition

* Update comments
2018-01-22 17:56:34 -08:00
Jeff Mitchell 524ec14f9d
Update Dockerfile 2018-01-22 19:47:44 -05:00
Brian Shumate dec64ecfd7 Update API endpoint references for revoke-prefix (#3828) 2018-01-22 18:04:43 -05:00
Brian Kassouf aa387bb4c2
Add compile tests to verify physical stores satisfy the correct interfaces (#3820) 2018-01-19 17:44:24 -08:00
Jeff Mitchell eb968c3617 Log sys/health errors 2018-01-19 19:59:58 -05:00
Chris Hoffman b22b065206 adding back -dr-token flag to generate-root command (#3818) 2018-01-19 19:25:45 -05:00
Jeff Mitchell 7d6fed2e86
Use a separate var for active node replication state (#3819) 2018-01-19 19:24:04 -05:00
Jeff Mitchell 395befc062 Update cache to satisfy Purge interface after context plumbing 2018-01-19 17:00:13 -05:00
Jeff Mitchell 43617619ad Embed derived contexts into replication clients 2018-01-19 07:22:31 -05:00
Jeff Mitchell e5e4307713 Add centrify plugin as builtin 2018-01-19 06:03:33 -05:00
Jeff Mitchell ffe3ae9118 Add gcp and kubernetes back now that they're updated 2018-01-19 05:56:34 -05:00
Jeff Mitchell 123e22cd7e Fix compile 2018-01-19 05:31:55 -05:00
Jeff Mitchell b4be030d07
Add context to barrier encryptor interface 2018-01-19 05:28:47 -05:00
Jeff Mitchell 31a7eb1168
Add context to barrier encryptor access 2018-01-19 05:24:40 -05:00
Jeff Mitchell 69aead14f0 A bit more context plumbing 2018-01-19 04:11:59 -05:00
Jeff Mitchell 33b68ebf3d Remove context from a few extraneous places 2018-01-19 03:44:06 -05:00
Jeff Mitchell 6be5b8e8a1 Don't use context in barrier type/recovery type 2018-01-19 03:17:36 -05:00
Brian Kassouf f8b03795f9
changelog++ 2018-01-18 23:49:51 -08:00
Jeff Mitchell 0f7e3bb79b Add context to performPolicyChecks 2018-01-19 02:43:39 -05:00
Brian Kassouf 13fddcb193
changelog++ 2018-01-18 23:40:36 -08:00
Jeff Mitchell c97e73ce70
Don't check recovery seal in Initialized()
It doesn't actually matter and can give false positives.
2018-01-19 01:55:33 -05:00
Brian Kassouf 2f19de0305 Add context to storage backends and wire it through a lot of places (#3817) 2018-01-19 01:44:44 -05:00
Yoko Hyakuna df16089491 WIP - Added personas 2018-01-18 17:40:35 -08:00
Jeff Mitchell 85ceb198b8 bump go-plugin 2018-01-18 16:58:03 -05:00
Brian Kassouf 7050c1ca41
gRPC Backend Plugins (#3808)
* Add grpc plugins

* Add grpc plugins

* Translate wrap info to/from proto

* Add nil checks

* Fix nil marshaling errors

* Provide logging through the go-plugin logger

* handle errors in the messages

* Update the TLS config so bidirectional connections work

* Add connectivity checks

* Restart plugin and add timeouts where context is not availible

* Add the response wrap data into the grpc system implementation

* Add leaseoptions to pb.Auth

* Add an error translator

* Add tests for translating the proto objects

* Fix rename of function

* Add tracing to plugins for easier debugging

* Handle plugin crashes with the go-plugin context

* Add test for grpcStorage

* Add tests for backend and system

* Bump go-plugin for GRPCBroker

* Remove RegisterLicense

* Add casing translations for new proto messages

* Use doneCtx in grpcClient

* Use doneCtx in grpcClient

* s/shutdown/shut down/
2018-01-18 13:49:20 -08:00
Matthew Irish b701c418bf
changelog++ 2018-01-18 14:37:48 -06:00
Jeff Mitchell 842a3a4a05 Remove RegisterLicense from logical.Backend
It's almost certainly the wrong signature and nothing uses it currently
anyways.
2018-01-18 13:44:29 -05:00
Calvin Leung Huang 5cf07f9e63 changelog++ 2018-01-18 12:28:09 -05:00