Commit graph

11352 commits

Author SHA1 Message Date
Brian Shumate a55c0908ff Help text: update token create help about id value (#7792)
- Token id is no longer a 36 character UUID
2019-11-05 15:50:20 -08:00
Jim Kalafut 873e80445c
changelog++ 2019-11-05 15:47:58 -08:00
Jeff Mitchell 678b6eefc3 changelog++ 2019-11-05 16:15:09 -05:00
Jeff Mitchell 950dff9ad5
Update API to use lease_id in body of sys/leases/revoke call (#7777)
We didn't make this change earlier because not everyone would have had
an updated version of Vault with this API change but it's definitely
time.

Fixes https://github.com/hashicorp/vault-ssh-helper/issues/40
2019-11-05 16:14:28 -05:00
Jeff Mitchell a5e554ca65 changelog++ 2019-11-05 16:13:12 -05:00
Jeff Mitchell 44e899afd1
Don't allow registering a non-root zero TTL token lease (#7524)
* Don't allow registering a non-root zero TTL token lease

This is defense-in-depth in that such a token was not allowed to be
used; however it's also a bug fix in that this would then cause no lease
to be generated but the token entry to be written, meaning the token
entry would stick around until it was attempted to be used or tidied (in
both cases the internal lookup would see that this was invalid and do a
revoke on the spot).

* Fix tests

* tidy
2019-11-05 16:11:13 -05:00
Jeff Mitchell 6a95e8465b
Update go-metrics (#7794) 2019-11-05 15:28:51 -05:00
Jeff Mitchell b998849b73
Update go-metrics in sdk (#7795) 2019-11-05 15:27:07 -05:00
Christian Frichot b8ada6b8d9 doc: remove comma from list.html.md (#7766) 2019-11-05 12:10:58 -08:00
Jim Kalafut a8a50df7fc
Update azure secrets plugin (#7788) 2019-11-05 10:43:28 -08:00
JoeStack 704f522d34 Update helm.html.md (#7310)
fixed HA cluster setting
2019-11-05 13:33:06 -05:00
Jeff Mitchell 519d1b3cb8
Fix some vet issues in api package (#7789)
* Dropped cancel func
* Bad struct tag
2019-11-05 12:07:06 -05:00
Lars Lehtonen bda6a6da78 core/policy & core/token: Remove Dead Test Code (#7774)
* vault: remove dead test helper function testMakeBatchTokenViaCore()

* vault: remove dead test helper function testMakeBatchTokenViaBackend()

* vault: remove dead test helper function mockPolicyStoreNoCache()

* vault: remove dead test helper function mockPolicyStore()

* vault: remove unused test imports
2019-11-04 10:36:07 +01:00
Jim Kalafut 1dfdc35a14
Update README.md 2019-11-01 10:28:17 -07:00
Calvin Leung Huang 8c31e45860
hostutil: query stats with context, update gopsutil, refactor tests (#7769)
* hostutil: query stats with context, update gopsutil, refactor tests

* go mod vendor

* minor comment wording
2019-11-01 10:12:22 -07:00
Noelle Daley 0a251d4f06
test ie11 on windows 8.1 instead of windows 10 (#7775) 2019-11-01 10:10:05 -07:00
Lukasz Jagiello 05fdb2287e Correct version of vault-plugin-auth-jwt (#7773)
Based on Vault changelog JWT-71 and JWT-77 should be included in Vault
1.3.0. Unfortunetly there was a wrong version of vault-plugin-auth-jwt
included.

This fix #7771
2019-10-31 12:17:37 -07:00
Pascal Enz 33c1b7150f Rabbitmq topic permissions (#7751)
* Upgraded rabbit hole library to 2.0

* Added RabbitMQ topic permission support.

* Updated docs to cover RabbitMQ topic permissions.

* Improved comments and docs as suggested.
2019-10-30 14:19:49 -07:00
Noelle Daley 983286c4be
changelog++ 2019-10-30 13:13:05 -07:00
Michel Vocks f672281066
changelog++ 2019-10-30 19:58:38 +01:00
Noelle Daley 3bf3130268
Only link to nav items that user has access to (#7590)
* only show entities sidenav item if user has list capability on entities

* wip - link to correct paths in top navigation

* remove comment

* only link to groups page if user has list capability

* add test for checking multiple capabilities

* test when capabilities are not specified

* format jsdoc comments

* move capabilities check out of helper and into permissions service
2019-10-30 11:39:51 -07:00
Michel Vocks 6eace6ea38
changelog++ 2019-10-30 19:37:47 +01:00
Brian Kassouf 140857e579
changelog++ 2019-10-30 10:40:41 -07:00
Brian Kassouf cbefe0366a
changelog++ 2019-10-30 10:11:34 -07:00
Luke Barton f1595835c9 Fix incorrect env vars example (#7755) 2019-10-30 11:43:38 -04:00
ncabatoff d9205cd3c0
Use port 0 as the listener port so the OS assigns one not in use (#7763) 2019-10-30 10:36:23 -04:00
Mike Jarmy d3bb5d60b2
Fix the token counter test so it doesn't miscount the number of tokens. (#7760) 2019-10-30 08:03:03 -04:00
ncabatoff 5b8a4ba5b8
Add recovery mode docs. (#7667) 2019-10-29 16:42:47 -04:00
Noelle Daley fadd9d742b
fix security alerts (#7757) 2019-10-29 11:46:59 -07:00
Michel Vocks e5a921d277
Harden mount/auth filter evaluation error handling (#7754) 2019-10-29 17:42:13 +01:00
Jeff Mitchell ee66092b7e changelog++ 2019-10-29 09:11:27 -04:00
Dilan Bellinghoven 5f8528381c Add TLS server name to Vault stanza of Agent configuration (#7519) 2019-10-29 09:11:01 -04:00
Jeff Mitchell 64a0037f7d changelog++ 2019-10-29 09:04:45 -04:00
Brian Kassouf f149bbbdb1 go mod vendor 2019-10-28 22:27:00 -07:00
Brian Kassouf 0bc14636b0 Fix build 2019-10-28 17:40:44 -07:00
Jeff Mitchell 5c3649defe Sync up Agent and API's renewers. (#7733)
* Sync up Agent and API's renewers.

This introduces a new type, LifetimeWatcher, which can handle both
renewable and non-renewable secrets, modeled after the version in Agent.
It allows the user to select behavior, with the new style being the
default when calling Start(), and old style if using the legacy Renew()
call.

No tests have been modified (except for reflect issues) and no other
code has been modified to make sure the changes are backwards
compatible.

Once this is accepted I'll pull the Agent version out.

* Move compat flags to NewRenewer

* Port agent to shared lifetime watcher lib
2019-10-28 17:28:59 -07:00
Jeff Mitchell 698b0dd025 If standbyok/perfstandbyok are provided to sys/health, honor the values (#7749)
Don't just use the presence of it to indicate behavior.

Fixes #7323

Also, fixes a bug where if an error was returned along with a status
code, the status code was being ignored.
2019-10-28 16:55:20 -07:00
Lexman 28aff44616 adds documentation for entropy augmentation (#7721)
* adds documentation for entorpy augmentation

* adds a link to pkcs11 seal configuration from a mention of it
2019-10-28 15:04:27 -07:00
Jeff Mitchell a40d79b396 changelog++ 2019-10-28 15:56:12 -04:00
Joe Dollard 7f843c4c9b support setting the API client retry policy (#7331) 2019-10-28 15:54:59 -04:00
ekow b62cebd325 Update lease concept to use correct command (#7730)
Updated command to reflect on the one that executes successfully on Vault v1.2.3 with server running in dev mode.
2019-10-28 15:53:12 -04:00
Matthew Irish d52de63602 Fix replication test (#7747)
* fix replication acceptance test

* remove unused import

* remove mountType
2019-10-28 16:56:11 +00:00
Jeff Mitchell 6c02f7f616 changelog++ 2019-10-28 12:52:37 -04:00
Jeff Mitchell 4e1470f483
Handpick cluster cipher suites when they're not user-set (#7487)
* Handpick cluster cipher suites when they're not user-set

There is an undocumented way for users to choose cluster cipher suites
but for the most part this is to paper over the fact that there are
undesirable suites in TLS 1.2.

If not explicitly set, have the set of cipher suites for the cluster
port come from a hand-picked list; either the allowed TLS 1.3 set (for
forwards compatibility) or the three identical ones for TLS 1.2.

The 1.2 suites have been supported in Go until at least as far back as
Go 1.9 from two years ago. As a result in cases where no specific suites
have been chosen this _ought_ to have no compatibility issues.

Also includes a useful test script.
2019-10-28 12:51:45 -04:00
Daniel Lohse de2d3073d7 Allow Raft storage to be configured via env variables (#7745)
* Fix unordered imports

* Allow Raft node ID to be set via the environment variable `VAULT_RAFT_NODE_ID`

* Allow Raft path to be set via the environment variable `VAULT_RAFT_PATH`

* Prioritize the environment when fetching the Raft configuration values

Values in environment variables should override the config as per the
documentation as well as common sense.
2019-10-28 09:43:12 -07:00
Jeff Mitchell d9ca6e77eb changelog++ 2019-10-28 12:32:37 -04:00
Brian Kassouf d05b401cd8
Update token_store.go 2019-10-28 09:31:58 -07:00
Denis Subbotin e9cdd451d1 Don't allow duplicate SAN names in PKI-issued certs (#7605)
* fix https://github.com/hashicorp/vault/issues/6571

* fix test TestBackend_OID_SANs because now SANs are alphabetic sorted
2019-10-28 12:31:56 -04:00
Jack Kleeman 65c67dd6f3 Add a counter for root token creation (#7172)
It would be useful to be able to page on root token creation. This PR
adds a counter which increments on this event.
2019-10-28 09:30:11 -07:00
Jeff Mitchell 69bb72da53 changelog++ 2019-10-28 12:17:48 -04:00