Commit graph

11244 commits

Author SHA1 Message Date
Christian Frichot b8ada6b8d9 doc: remove comma from list.html.md (#7766) 2019-11-05 12:10:58 -08:00
Jim Kalafut a8a50df7fc
Update azure secrets plugin (#7788) 2019-11-05 10:43:28 -08:00
JoeStack 704f522d34 Update helm.html.md (#7310)
fixed HA cluster setting
2019-11-05 13:33:06 -05:00
Jeff Mitchell 519d1b3cb8
Fix some vet issues in api package (#7789)
* Dropped cancel func
* Bad struct tag
2019-11-05 12:07:06 -05:00
Lars Lehtonen bda6a6da78 core/policy & core/token: Remove Dead Test Code (#7774)
* vault: remove dead test helper function testMakeBatchTokenViaCore()

* vault: remove dead test helper function testMakeBatchTokenViaBackend()

* vault: remove dead test helper function mockPolicyStoreNoCache()

* vault: remove dead test helper function mockPolicyStore()

* vault: remove unused test imports
2019-11-04 10:36:07 +01:00
Jim Kalafut 1dfdc35a14
Update README.md 2019-11-01 10:28:17 -07:00
Calvin Leung Huang 8c31e45860
hostutil: query stats with context, update gopsutil, refactor tests (#7769)
* hostutil: query stats with context, update gopsutil, refactor tests

* go mod vendor

* minor comment wording
2019-11-01 10:12:22 -07:00
Noelle Daley 0a251d4f06
test ie11 on windows 8.1 instead of windows 10 (#7775) 2019-11-01 10:10:05 -07:00
Lukasz Jagiello 05fdb2287e Correct version of vault-plugin-auth-jwt (#7773)
Based on Vault changelog JWT-71 and JWT-77 should be included in Vault
1.3.0. Unfortunetly there was a wrong version of vault-plugin-auth-jwt
included.

This fix #7771
2019-10-31 12:17:37 -07:00
Pascal Enz 33c1b7150f Rabbitmq topic permissions (#7751)
* Upgraded rabbit hole library to 2.0

* Added RabbitMQ topic permission support.

* Updated docs to cover RabbitMQ topic permissions.

* Improved comments and docs as suggested.
2019-10-30 14:19:49 -07:00
Noelle Daley 983286c4be
changelog++ 2019-10-30 13:13:05 -07:00
Michel Vocks f672281066
changelog++ 2019-10-30 19:58:38 +01:00
Noelle Daley 3bf3130268
Only link to nav items that user has access to (#7590)
* only show entities sidenav item if user has list capability on entities

* wip - link to correct paths in top navigation

* remove comment

* only link to groups page if user has list capability

* add test for checking multiple capabilities

* test when capabilities are not specified

* format jsdoc comments

* move capabilities check out of helper and into permissions service
2019-10-30 11:39:51 -07:00
Michel Vocks 6eace6ea38
changelog++ 2019-10-30 19:37:47 +01:00
Brian Kassouf 140857e579
changelog++ 2019-10-30 10:40:41 -07:00
Brian Kassouf cbefe0366a
changelog++ 2019-10-30 10:11:34 -07:00
Luke Barton f1595835c9 Fix incorrect env vars example (#7755) 2019-10-30 11:43:38 -04:00
ncabatoff d9205cd3c0
Use port 0 as the listener port so the OS assigns one not in use (#7763) 2019-10-30 10:36:23 -04:00
Mike Jarmy d3bb5d60b2
Fix the token counter test so it doesn't miscount the number of tokens. (#7760) 2019-10-30 08:03:03 -04:00
ncabatoff 5b8a4ba5b8
Add recovery mode docs. (#7667) 2019-10-29 16:42:47 -04:00
Noelle Daley fadd9d742b
fix security alerts (#7757) 2019-10-29 11:46:59 -07:00
Michel Vocks e5a921d277
Harden mount/auth filter evaluation error handling (#7754) 2019-10-29 17:42:13 +01:00
Jeff Mitchell ee66092b7e changelog++ 2019-10-29 09:11:27 -04:00
Dilan Bellinghoven 5f8528381c Add TLS server name to Vault stanza of Agent configuration (#7519) 2019-10-29 09:11:01 -04:00
Jeff Mitchell 64a0037f7d changelog++ 2019-10-29 09:04:45 -04:00
Brian Kassouf f149bbbdb1 go mod vendor 2019-10-28 22:27:00 -07:00
Brian Kassouf 0bc14636b0 Fix build 2019-10-28 17:40:44 -07:00
Jeff Mitchell 5c3649defe Sync up Agent and API's renewers. (#7733)
* Sync up Agent and API's renewers.

This introduces a new type, LifetimeWatcher, which can handle both
renewable and non-renewable secrets, modeled after the version in Agent.
It allows the user to select behavior, with the new style being the
default when calling Start(), and old style if using the legacy Renew()
call.

No tests have been modified (except for reflect issues) and no other
code has been modified to make sure the changes are backwards
compatible.

Once this is accepted I'll pull the Agent version out.

* Move compat flags to NewRenewer

* Port agent to shared lifetime watcher lib
2019-10-28 17:28:59 -07:00
Jeff Mitchell 698b0dd025 If standbyok/perfstandbyok are provided to sys/health, honor the values (#7749)
Don't just use the presence of it to indicate behavior.

Fixes #7323

Also, fixes a bug where if an error was returned along with a status
code, the status code was being ignored.
2019-10-28 16:55:20 -07:00
Lexman 28aff44616 adds documentation for entropy augmentation (#7721)
* adds documentation for entorpy augmentation

* adds a link to pkcs11 seal configuration from a mention of it
2019-10-28 15:04:27 -07:00
Jeff Mitchell a40d79b396 changelog++ 2019-10-28 15:56:12 -04:00
Joe Dollard 7f843c4c9b support setting the API client retry policy (#7331) 2019-10-28 15:54:59 -04:00
ekow b62cebd325 Update lease concept to use correct command (#7730)
Updated command to reflect on the one that executes successfully on Vault v1.2.3 with server running in dev mode.
2019-10-28 15:53:12 -04:00
Matthew Irish d52de63602 Fix replication test (#7747)
* fix replication acceptance test

* remove unused import

* remove mountType
2019-10-28 16:56:11 +00:00
Jeff Mitchell 6c02f7f616 changelog++ 2019-10-28 12:52:37 -04:00
Jeff Mitchell 4e1470f483
Handpick cluster cipher suites when they're not user-set (#7487)
* Handpick cluster cipher suites when they're not user-set

There is an undocumented way for users to choose cluster cipher suites
but for the most part this is to paper over the fact that there are
undesirable suites in TLS 1.2.

If not explicitly set, have the set of cipher suites for the cluster
port come from a hand-picked list; either the allowed TLS 1.3 set (for
forwards compatibility) or the three identical ones for TLS 1.2.

The 1.2 suites have been supported in Go until at least as far back as
Go 1.9 from two years ago. As a result in cases where no specific suites
have been chosen this _ought_ to have no compatibility issues.

Also includes a useful test script.
2019-10-28 12:51:45 -04:00
Daniel Lohse de2d3073d7 Allow Raft storage to be configured via env variables (#7745)
* Fix unordered imports

* Allow Raft node ID to be set via the environment variable `VAULT_RAFT_NODE_ID`

* Allow Raft path to be set via the environment variable `VAULT_RAFT_PATH`

* Prioritize the environment when fetching the Raft configuration values

Values in environment variables should override the config as per the
documentation as well as common sense.
2019-10-28 09:43:12 -07:00
Jeff Mitchell d9ca6e77eb changelog++ 2019-10-28 12:32:37 -04:00
Brian Kassouf d05b401cd8
Update token_store.go 2019-10-28 09:31:58 -07:00
Denis Subbotin e9cdd451d1 Don't allow duplicate SAN names in PKI-issued certs (#7605)
* fix https://github.com/hashicorp/vault/issues/6571

* fix test TestBackend_OID_SANs because now SANs are alphabetic sorted
2019-10-28 12:31:56 -04:00
Jack Kleeman 65c67dd6f3 Add a counter for root token creation (#7172)
It would be useful to be able to page on root token creation. This PR
adds a counter which increments on this event.
2019-10-28 09:30:11 -07:00
Jeff Mitchell 69bb72da53 changelog++ 2019-10-28 12:17:48 -04:00
Jeff Mitchell 0c88218dd4 Port some changes that got out of sync 2019-10-28 11:38:14 -04:00
Jeff Mitchell df43802f14 Vendor 2019-10-28 11:34:28 -04:00
ncabatoff 4d82540683
Restore changelog entries lost in 319fe8ea37ec9b89eb3c529d4bdb236f3eb7fdb1 (#7746) 2019-10-28 10:09:52 -04:00
Brian Kassouf caad02412a
changelog++ 2019-10-27 23:07:55 -07:00
Brian Kassouf ba6b8528b5
changelog++ 2019-10-27 23:06:55 -07:00
Brian Kassouf a20e73c2da
Port filtered paths changes back to OSS (#7741)
* Port filtered paths changes back to OSS

* Fix build
2019-10-27 13:30:38 -07:00
Matthew Irish f982899f1e
embed yarn (#7740)
* embed yarn binary using yarn policies set-version and loosen the restriction on yarn in the dockerfile and the package.json

* don't lint the embedded yarn package
2019-10-25 16:00:45 -05:00
Matthew Irish eae5e114ba
UI - replication path filtering (#7620)
* rename mount-filter-config models, components, serializer, adapters to path-filter-config

* move search-select component to core addon

* add js class for search-select-placeholder and sort out power-select deps for moving to the core component

* expose oninput from powerselect through search-select

* don't fetch mounts in the replication routes

* remove toggle from add template

* start cross-namespace fetching

* group options and set up for namespace fetch via power-select search prop

* add and style up radio-card CSS component

* add xlm size for icons between l and xl

* copy defaults so they're not getting mutated

* finalize cross-namespace fetching and getting that to work with power-select

* when passing options but no models, format the options in search select so that they render properly in the list

* tint the background of a selected radio card

* default to null mode and uniq options in search-select

* finish styling radio-card

* format inputValues when first rendering the component if options are being passed from outside

* treat mode:null as deleting existing config which simplifies save logic

* correctly prune the auto complete list since path-filter-config-list handles all of that and finish styling

* remove old component

* add search debounce and fix linting

* update search-select docs

* updating tests

* support grouped options for when to show the create prompt

* update and add tests for path-filter-config-list

* fix tests for search-select and path-filter-config-list

* the new api uses allow/deny instead of whitelist/blacklist
2019-10-25 13:16:45 -05:00